Ben & Ryan Show Episode 24

In this episode, your hosts Ben Nadel and Ryan Brown go guest-free and take the opportunity to dive into ColdFusion bugs, guinea pig maintenance, and their latest experiments in app building and AI usage.They kick things off with some light banter, guinea pig parenting tips, and custom shoes, before transitioning into deep debugging talk, asynchronous programming quirks in ColdFusion 2025, and the evolving relationship developers have with AI tooling.Key Points• Ryan surprises Ben with custom ColdFusion-themed shoes for the upcoming CF Summit.• Ben shares two deep ColdFusion 2025 bugs related to asynchronous iteration and CFQuery behavior.• Big Sexy Poems—a side project by Ben—is being built using HTMX and AlpineJS with a ColdFusion backend.• Debugging ColdFusion edge cases requires intense reduction and isolation of code to find root causes.• Ryan and Ben discuss AI voice mode frustrations and using AI for sales and dev support—highlighting both promise and pitfalls.Ben introduces his new ColdFusion 2025 app, “Big Sexy Poems,” and why he built it.• The app helps poets count syllables, find rhymes, and synonyms using the Datamuse API.• Ben is rebuilding it to learn HTMX and AlpineJS in a real-world context.• ColdFusion 2025 forces him to rethink and modernize old code written for CF2021.• Features include caching, shareable links, and saving user poems.Ben outlines two complex ColdFusion bugs that derailed development.• Bug #1: CFQuery inside asynchronous iteration dumps SQL statements to the page.• Bug #2: A three-level deep array iteration causes closure variables to vanish.• Both bugs are confirmed to go back as far as ColdFusion 2021.• Fixes required rewriting code to remove async parallelism and use manual loops.They explore how to isolate and debug ColdFusion bugs in large codebases.• Ben shares his method: reduce files down to minimal reproducible cases.• Progressively merge and remove components until only the bug trigger remains.• Use CF’s ability to simulate services to isolate logic layers during debugging.• Debugging complex async issues often takes hours but can result in 20-line reproductions.Conversation pivots to AI tools, frustrations, and how Ryan uses AI for sales support.• Ben tried ChatGPT voice mode again and found it frustratingly sycophantic.• Ryan uses persona-driven GPTs to simulate sales coaches and customer role-play.• Operator and GPT Agents have shown promise in configuring servers from specs.• Even advanced tools sometimes fail mid-task or require lots of oversight.• The team plans a live Ben and Ryan Show at CF Summit to talk AI and dev tools in person.

Ben & Ryan Show Episode 23

In this episode, your hosts Ben Nadel and Ryan Brown are joined by Mark Takata, Senior Technical Evangelist for Adobe ColdFusion, to dive deep into the evolving world of "vibe coding" and how AI is transforming development workflows. The trio explore the tools, mental friction, and cultural shifts developers face when working alongside AI, offering a mix of real-world use cases, developer gripes, and future-gazing insights into how AI might shape team structure and job roles.

Key Points

• Vibe coding is reshaping how developers approach prototyping, testing, and feature iteration using tools like Claude, ChatGPT, and Cursor

• Developers are grappling with trust issues, debugging quirks, and the loss of "good friction" in the coding process

• Cursor, a VS Code-based AI IDE, is emerging as a powerful tool for AI-assisted development and code generation at scale

• AI could reshape team roles, potentially phasing out junior positions and introducing roles like AI coaches or prompt engineers

• The group previews their upcoming live session at the Adobe ColdFusion Summit, where these AI coding dynamics will take center stage

Vibe coding is introduced as a developer trend where AI tools generate code based on high-level input

• Ben shares that his team's lead has spent months learning how to "steer" Claude and manage scope, memory, and output reliability

• Ryan recounts building a Bingo app with ChatGPT, running into scope creep and frustrating regressions with each iteration

• The team discusses the challenge of context loss and how to handle patching or manually adjusting code when working with AI

Mark breaks down his real-world usage of Cursor and how it differs from using ChatGPT

• Developers can open existing projects, give directions, and have Cursor fill in the gaps based on previous patterns

• He highlights how he uses it to rapidly prototype ColdFusion demos, noting an increase in productivity and output

• Cursor allows mixing Claude, GPT, and Check55 models for different task types

• Pro-level versions of Cursor offer metrics, visibility into prompt volume, and sophisticated model orchestration

Ben reflects on his preference for copy-paste workflows over AI generation

• He points out the "non-deterministic" nature of AI and the potential for it to introduce unseen changes across entire files

• The team debates whether AI is removing helpful friction that leads to better abstractions and more thoughtful code

• The trio agrees that AI needs better guardrails and consistency for it to be fully trusted in production codebases

The group explores how AI tools could evolve to meet professional coding standards

• Cursor could serve as a CFQuery-like abstraction for AI tooling, handling the translation between models

• AI-generated code may need standardization through community-driven templates or frameworks like PromptOS

• The role of code review could shift, with AI models doing first-pass reviews and flagging issues for humans

• Review at scale is a concern as AI-generated code grows in complexity and volume

Ryan and Ben explore the idea of AI as a team member

• Mark tells a story of a developer with a briefcase of AIs acting as a full software team

• They discuss how AI may appeal more to managers than ICs due to the loss of individual agency

• Ben shares concerns about how PR (pull request) reviews become unmanageable when AI floods teams with code

• Mark mentions teams are already using multiple AIs to cross-review code before surfacing issues to humans

The conversation shifts to how companies should approach AI adoption

• There's concern about erasing junior roles and losing the traditional developer learning pipeline

• Ryan suggests managers be transparent about whether the goal is augmentation or headcount reduction

• Mark emphasizes the need for AI coaches—specialists who manage prompt libraries, usage patterns, and workflows

In this episode, your hosts, Ben Nadel and Ryan Brown, sit down with Steve Leve from ShareASale to dive into the challenges and lessons learned from navigating an acquisition, managing technical debt, and executing large-scale migrations. They explore the impact of legacy systems, the balance between maintaining old infrastructure and innovating new solutions, and the role of AI in modern software development.

Key Points:

• Steve shares his journey from a small-town coder to a principal architect at ShareASale.

• The team discusses the challenges of merging companies post-acquisition, including business model differences and technical debt.

• Lessons from large-scale infrastructure migrations, including moving from ColdFusion monoliths to modern architectures.

• The importance of balancing innovation with maintaining existing systems and the trade-offs of cloud computing.

• How AI is reshaping development practices, from documentation to automated testing.

Migrating an entire business platform brings its share of surprises and roadblocks.

• Steve shares his experience of being acquired by AWIN and the growing pains that followed.

• The team discusses the complexities of merging different operational and technological approaches.

• They reflect on the unexpected technical challenges, including a looming data center shutdown and hardcoded infrastructure dependencies.

• The importance of knowledge sharing within a team to prevent reliance on a single expert.

Navigating technical debt is all about prioritization and timing.

• The group explores the idea that not all technical debt needs to be fixed—only what blocks innovation or scaling.

• Steve emphasizes "tidy first" as an approach to incrementally improving code rather than massive rewrites.

• Real-world examples of how debt manifests in migrations and why some old code surprisingly holds up.

• The discussion touches on key strategies for managing technical debt within an evolving business landscape.

Migrating to AWS and cloud adoption brings new efficiencies but also new constraints.

• Steve and Ben share stories of migrating to AWS, the surprises along the way, and the need for expert help.

• Lessons on the hidden costs of cloud adoption and why simply lifting and shifting to the cloud isn't always the best strategy.

• The team debates the trade-offs between autoscaling, managed services, and maintaining on-premise solutions.

• Real-world examples of cost-efficient cloud migration strategies.

Strangler patterns, AI-driven documentation, and the future of software development.

• The team discusses the strangler pattern as a way to incrementally transition from legacy systems to modern platforms.

• Steve shares insights on how AI is being used for documentation, testing, and even code analysis.

• The group speculates on how AI-driven tools can improve developer efficiency and streamline migrations.

• They reflect on the importance of keeping up with evolving tech while maintaining a pragmatic approach to change.

This episode is packed with practical insights, real-world experiences, and candid discussions about the messy, challenging, and ultimately rewarding process of managing technical debt, cloud migration, and acquisitions. Whether you're a developer, architect, or IT leader, there's something valuable here for you!

In this episode, your hosts, Ben Nadel and Ryan Brown, sit down with Andrew Pendleton, Senior Director of Design Systems at Verizon, to discuss the role of design systems in driving consistency, accessibility, and innovation. They explore how Verizon’s approach to accessibility goes beyond compliance, how design systems empower both designers and engineers, and the challenges of maintaining a unified system in a vast enterprise.

Key Points:

• Verizon’s Design System centralizes design and engineering decisions to create scalable frameworks for digital experiences.

• Accessibility at Verizon is treated as a driver of innovation, not just compliance, influencing best practices and component design.

• The impact of constraints in design systems, allowing teams to move faster and focus on complex problems.

• The importance of cross-team communication and standardized language in improving adoption and efficiency.

• Strategies for starting a design system and integrating accessibility in an organization.

Andrew shares how his background in digital art, development, and management uniquely positioned him to lead Verizon’s Design System team.

• He discusses the importance of bridging the gap between designers, engineers, and product teams through shared terminology and best practices.

• The conversation covers how accessibility has led to innovations like responsive web design, captioning, and high-contrast modes.

• Verizon’s approach to user testing includes an accessibility lab where customers with disabilities provide direct feedback on digital and physical product experiences.

The team dives into how Verizon builds and maintains accessible components for its design system, including an advanced video player with baked-in accessibility features.

• Andrew explains how they studied platforms like YouTube, Adobe, and native HTML elements to build an optimized solution.

• The importance of leveraging the platform but extending it where necessary to maintain accessibility.

• The balance between stability and flexibility in design systems to allow innovation while maintaining consistency.

The discussion shifts to the challenges of adoption within a large enterprise and strategies to encourage engineers and designers to embrace the design system.

• Architectural misalignment and legacy technologies present obstacles to adoption, requiring phased transitions.

• Design tokens help standardize visual elements even in non-React environments.

• The role of accountability in ensuring accessibility and quality standards are maintained, even when teams customize components.

Andrew and the hosts close the episode by discussing how individuals and organizations can begin implementing accessibility in their work.

• Recommended resources for learning about accessibility, including books and online tools.

• The importance of having an accessibility champion within a company to drive awareness and adoption.

• Practical steps developers and designers can take to improve their accessibility practices, even in organizations without formal accessibility initiatives.

This episode is packed with insights on design systems, accessibility, and the intersection of technology and user experience. Whether you’re a developer, designer, or product leader, there’s something here for you!

Ben and Ryan Show Episode 12

In this episode, your hosts Ben Nadel and Ryan Brown sit down with security expert Brian Riley, author of the HoyaHaxa blog, to discuss ColdFusion security vulnerabilities and best practices for mitigating risks. The conversation dives into recent ColdFusion exploits, how security patches impact developers, and the broader implications of securing applications beyond just ColdFusion itself.

Key Points:

• ColdFusion has been targeted by multiple 0-day vulnerabilities, highlighting its continued presence in critical systems.

• Adobe's recent security updates introduce breaking changes, forcing developers to make necessary adjustments.

• Security is a multi-layered approach—application security is just one part of a larger ecosystem that includes OS, networking, and cloud infrastructure.

• The trade-off between convenience and security often leads to vulnerabilities, especially with features like remote CFC access.

• Managed hosting providers and security tools like HackMyCF can help developers stay ahead of emerging threats.

Discussion Highlights:

ColdFusion Security Landscape

• ColdFusion is still actively targeted by attackers, despite debates over its relevance.

• Government and financial institutions heavily rely on ColdFusion, making it a high-value target.

Adobe's Recent Security Updates

• Adobe is pushing security patches that enforce stricter security measures, sometimes breaking legacy applications.

• The variable scoping issue is a major focus—forcing developers to fix long-standing bad practices.

• Deprecated encryption methods are being phased out for stronger security.

Common Security Best Practices

• Regularly update ColdFusion and all associated components like Java and Tomcat.

• Restrict access to CFIDE and ColdFusion Administrator to prevent common exploits.

• Use a multi-layered defense strategy, including web application firewalls (WAFs), OS-level security, and network protections.

Challenges of Security in Hosting and DevOps

• Managed hosting providers must balance security with not breaking customer applications.

• Attackers often leverage vulnerabilities beyond just the ColdFusion layer, including database, OS, and network weaknesses.

• Cloudflare and similar services help block DDoS attacks but aren't always sufficient in real-time scenarios.

The Convenience vs. Security Tradeoff

• Many vulnerabilities exist because developers prioritize ease of use over security.

• Features like remote CFC access, while convenient, often introduce security risks.

• Security teams and developers must collaborate to strike the right balance between usability and protection.

Final Thoughts and Resources

• Brian Riley's blog HoyaHaxa provides deep dives into ColdFusion security issues.

• OWASP’s Top Ten is a great resource for understanding common security vulnerabilities.

• Developers should engage in proactive security practices rather than waiting for the next 0-day exploit.

Recent ColdFusion Related HoyaHaxa Blogs

• https://www.hoyahaxa.com/2024/12/an-initial-analysis-of-cve-2024-53961.html

• https://www.hoyahaxa.com/2024/08/bsideslv-2024-slides-modern-coldfusion.html

• https://www.hoyahaxa.com/2024/07/on-coldfusion-administrator-access.html

Ben and Ryan Show Episode 11

In this episode, hosts Ben Nadel and Ryan Brown interview Grant Powell, founder of Curios. Grant shares his journey in the Web3 and NFT space, detailing how Curios started as a licensable NFT platform and successfully pivoted after the NFT bubble burst. The discussion dives deep into digital ownership, blockchain challenges, and how Curios is revolutionizing digital content distribution for creators.

Key Points:

• Curios' Evolution – Originally an NFT licensing platform, Curios pivoted to focus on digital content ownership after the market downturn.

• Blockchain & ColdFusion – The role of ColdFusion in building Curios' rapid development and API-driven platform.

• NFTs Beyond Art – Real-world applications for NFTs in digital ownership, including music, books, and event ticketing.

• Decentralization – The benefits and challenges of decentralized platforms compared to centralized ones like Ticketmaster.

• AI in Collectibles – Grant’s work with collectibles.com and AI-driven identification and valuation of collectibles.

Episode Breakdown:

Curios' Origin and Pivot

• Curios started as a platform to help businesses create and manage NFTs.

• The NFT craze led to unrealistic expectations, and as the hype collapsed, Curios pivoted to a broader digital ownership platform.

• ColdFusion played a key role in the flexibility and speed of their platform’s development.

Real Use Cases for NFTs

• NFTs are more than just overpriced JPEGs—they serve as proof of ownership for digital content like eBooks, music, and videos.

• Grant highlights how digital ownership differs from physical ownership and why secondary markets for digital goods are still developing.

• Ticketing is a strong use case, especially for VIP passes and exclusive access to events.

Challenges of Web3 and Blockchain Scalability

• Many blockchains create “walled gardens” that limit interoperability.

• Curios was among the first platforms to support multiple blockchains.

• Scalability issues in blockchain transactions require additional abstraction layers to ensure speed and efficiency.

Digital Rights and Ownership Protection

• Blockchain technology ensures proof of ownership, but enforcement remains an issue.

• The right to access content is separate from hosting the content itself, allowing removal when necessary.

AI and the Future of Collectibles

• Grant discusses collectibles.com and how AI is transforming the world of collecting.

• AI can help identify, grade, and value physical collectibles like coins, comics, and trading cards.

• The future of AI-driven marketplaces and its impact on the secondary market for rare items.

The Balance Between Work, Entrepreneurship, and Life

• Grant and Ben share insights on time management and balancing multiple projects.

• The importance of structuring schedules to maintain productivity without burnout.

• Investors’ perspectives on serial entrepreneurship and the fine line between focus and diversification.

Ben and Ryan Show Episode 10

In this episode of the Ben and Ryan Show, hosts Ben Nadel and Ryan Brown are joined by Dan Short, the Director of Engineering at Virtuous Software, to explore the dynamics of career paths in software engineering, particularly the transition from individual contributor to management. The conversation dives deep into personal experiences, practical advice, and insightful reflections on leadership, motivation, and the evolving role of technology in the workplace.

Key Points:

• The transition from individual contributor to management and the challenges of developing management skills

• Understanding personal "why" and aligning career choices with motivation and joy.

• Can you do both - balancing technical expertise with managerial responsibilities (or not).

• Addressing the role of AI as a supportive tool rather than a replacement for engineering roles.

• Strategies for fostering team motivation and achieving organizational goals effectively.

Dan’s Introduction and Career Path

Dan shares his journey from the Army to becoming the Director of Engineering at Virtuous Software, highlighting his transition from administrative tasks to technical and managerial roles.

• Early career in automating processes using Microsoft tools.

• Progression from IT management to web development during the early 2000s.

• Moving into management out of necessity and adapting through trial and error.

• Building and leading teams at companies like CoStar and Virtuous Software.

The Reluctant Manager Transition

Dan discusses the challenges of moving from an individual contributor to management, focusing on the struggle to find new ways to measure success and the initial reluctance to take on leadership responsibilities.

• Discovering satisfaction in mentoring and enabling team success.

• Differences between technical wins and people-oriented victories.

• Importance of defining clear roles and responsibilities.

• Lessons learned from managing through uncertainty and resistance.

Navigating Career Path Options

The team debates whether to grow into management within an existing company or seek leadership roles elsewhere, emphasizing the importance of mentorship and personal alignment.

• Balancing technical and managerial responsibilities effectively.

• Challenges of transitioning into management in familiar versus new environments.

• The value of mentorship and support systems in career growth.

• Recognizing when management might not align with personal goals.

The Role of AI and Technology in Engineering

Exploring the evolving role of AI in software development, Dan highlights its potential as a tool for enhancing productivity rather than replacing engineers.

• Practical applications of AI, like automating repetitive tasks and generating ideas.

• Addressing concerns about AI replacing human creativity and problem-solving.

• The importance of maintaining a people-centric approach in technology roles.

• Using AI for brainstorming and augmenting decision-making processes.

Advice for Aspiring Managers

Dan offers advice for those curious about management, stressing the importance of aligning career choices with personal joy and motivations.

• Trying out mentorship and team lead roles before committing to management.

• Leveraging books, podcasts, and thought leaders for continuous learning.

• Staying curious and focusing on people-centric problem-solving.

• Cultivating a supportive workplace that values both management and IC career paths.

Ben and Ryan Show Episode 9 In this episode your hosts, Ben Nadel and Ryan Brown, talk with Shawn Gorrell and explore diverse topics ranging from AI applications to organizational psychology and ethics, emphasizing practical tools and thoughtful strategies for teams and individuals.

Key points:

• AI as a spectrum: Some embrace it as life-changing, while others fear its implications.

• Early AI exploration focused on ethics and societal impacts.

• Ethical frameworks often lag behind technological advancements.

AI's practical applications, such as automating tedious tasks, were highlighted, with Shawn discussing potential benefits for developers:

• Automating unit testing could save time and increase efficiency.

• AI's role as an assistant or "intern" to augment but not replace human expertise.

• Validation remains critical to ensure output reliability.

Shawn emphasized the importance of prompts and domain knowledge for effective AI use.

They explored organizational and individual growth, discussing how to create meaningful work environments:

• Helping others achieve goals can foster personal growth.

• Transparency in team dynamics, such as working agreements, improves collaboration.

• Intentionality in interactions, especially in remote or hybrid work setups, enhances effectiveness.

The ethics of AI, especially in decision-making, was examined:

• Past AI missteps, like biased hiring algorithms, underscore the need for accountability.

• Predictive policing and crime data illustrate potential for reinforcing systemic biases.

• Informing consent and transparency in algorithms are vital to building trust.

Shawn shared insights on soft skills and people management:

• People skills are a key differentiator for success in technology roles.

• The balance between technical expertise and empathy fosters better teams and outcomes.

• Team exercises, like identifying unnecessary tasks, can drive efficiency and morale.

The episode closes with reflections on creativity, evolving frameworks, and career motivations.

• Technology should alleviate mundane tasks, enabling more focus on innovation and enjoyment.

• Tools like AI can aid creativity but should complement, not replace, human ingenuity.

• Keeping foundational skills while adapting to tools like GPT ensures long-term success.

Ben and Ryan Show Episode 8 In this episode, your hosts Ben Nadel and Ryan Brown talk about learning throughout your life.

Key topics included:

• Plug in your laptop if you are recording a podcast • Dogs can keep you up more than kids • Ben and Ryan are ChatGPT celebrities • What are the limits of what AI can do for you • Code editing in ChatGPT • Ben gets wowed with live iterative ChatGPT-ing • Difference between single page and multi page applications • Compare MySQL, PostgreSQL, and MS SQL • When can you use the 5 second rule • Ben and Ryan Show Live is Born

Ben and Ryan Show Episode 7 In this episode, your hosts Ben Nadel and Ryan Brown are joined by Adobe Product Manager, Charvi Dhoot, and Semify CTO, Brian Sappey. The group discusses the upcoming ColdFusion 2025 release and how Adobe determines which features to include in the release. And as always, the guys go on their many tangents.

Key topics included:

• Feature Development: Charvi explained that ColdFusion development prioritizes user needs, stability, security, and performance, often influenced by customer feedback and industry trends. • Integration Enhancements: Brian highlighted a feature enabling seamless integration with Microsoft's Azure user store, enhancing security and scalability for enterprise applications. This feature originated from his team's work and broader community needs. • Plugins and Community Contributions: The idea of a plugin marketplace was discussed as a way to allow developers to share and monetize their ColdFusion plugins. While technically feasible, its implementation depends on community interest and resources. • Tags vs. Script Debate: A recurring challenge in ColdFusion development involves balancing support for legacy tag-based code with newer script-based implementations, ensuring compatibility while encouraging modern practices. • ColdFusion 2025 Features: The episode touched on the CSV parsing feature, conceptual compression benefits, and enhancements like streamlined Java object integration. Charvi emphasized the significant effort to address long-pending issues and modernize the platform.

Ben and Ryan Show Episode 6 In this episode, your hosts Ben Nadel and Ryan Brown discuss what they are thankful for from 2024 and what they are expecting from 2025. And as always, the guys go on their many tangents.

Ben and Ryan Show Episode 5

In this episode, your hosts Ben Nadel and Ryan Brown are joined by xByte Cloud Chief Technology Officer, Dakota Clum, to double click into cloud hosting.

What are people doing to deploy dev code into cloud hosted servers

• RDP and make file changes directly on server

• FTP and apply updates to files one at time

• Azure DevOps - CI/CD (being adopted more)

• Agent can be deployed and have code deployed to traditional VPS

Load balancing on clusters

• Cloud based NAS shared storage between cloud servers

• Master - child replication

• SQL can load balance synchronization

• SQL can do active/passive for geo-failover

• Load balacing web servers needed before SQL needed most of the time

Deployment strategies

• Tradeoffs between efficiency and risk appetite

• You can evolve your processes over time

• No right or wrong answer

Scaling

• Depends on your needs

• Possible to run into issues where nodes not available on AWS

• Need to do reserved instances to get performance needs

• If you can predict when you need more load, you can do short term scaled servers

• Determine what needs scaled instead of entire application - or offload these to a separate service

Risk Appetite

• DR options - is it ok to be down for 15 minutes

• Cost of going from 4 9's of availability versus 5 9's

• For smaller deployments, do you need a separate dev server - non 0% chance that dev takes down production

Shared Hosting

• You get a website

• Share all RAM, CPU, Disk with everyone

• Noisy neighbor can take you down

• Generally shared hosting don't allow support for all ColdFusion hotfixes

• If just HTML files, it may not be an issue compared to also needing SQL

• Risk appetite of noisy neighbors

Most Common Security Issues We Have Seen In Other Environments

• Supporting file types not needed by your app allowing PHP executions

• Too many ports open exposing attack vectors

• SQL Injection when form input not sanitized

• File upload to default directories (don't use /upload)

• Allowing file executions in upload directories

Ben & Ryan Show Episode 22

In this episode, your hosts Ben Nadel and Ryan Brown sit down with Luis Majano and Daniel Garcia from Ortus Solutions to dive deep into BoxLang, the dynamic new language for the JVM. From modular design to multi-runtime capabilities and modern tooling, this conversation explores past, present, and future of BoxLang.

BoxLang is introduced as a dynamic JVM language designed to bring modularity, productivity, and compatibility to CFML and Java developers

• Supports multiple parsers, including ColdFusion and Lucee

• Designed for serverless, desktop, web, and embedded device runtimes

• Built from scratch rather than forking existing JVM languages like Groovy

• AST-driven transpilation makes it future-friendly and language-agnostic

• Modular runtime allows lean deployments without unnecessary overhead

The discussion explores the difference between static and dynamic languages and how BoxLang blends both paradigms for flexibility and control

• Dynamic types allow runtime decisions and simpler syntax

• Static typing can still be used where guardrails are helpful

• Designed for developers who want modern language flexibility with compiler-like structure

• Enables smoother transitions for CFML developers familiar with dynamic paradigms

• Brings in innovations absent in the JVM space for over a decade

Luis and Daniel outline how BoxLang was purposefully built to address long-standing developer frustrations and legacy CFML limitations

• Entire language and ecosystem are modular and extensible

• Supports CFML compatibility as a module—not a bolt-on

• Developers can build and run only what they need (eg, no web stack for CLI apps)

• Designed to work on everything from Lambda functions to ARM devices

• Emphasizes maintainability and performance

The team shares the adoption journey of BoxLang and how Java developers are responding to its flexibility and productivity tooling

• Java developers can use BoxLang as a library or full language

• Serverless and single-file conventions are major adoption drivers

• In-person events like Into the Box helped validate its appeal

• Clear demand for better tooling helped shape roadmap

• Initial pushback has faded as understanding and usage grow

Ortus highlights how AI has become integral to the BoxLang development process and future vision

• Used AI tools (Claude, ChatGPT, Gemini) for documentation, peer reviews, and prototyping

• Built a localized AI assistant for VSCode pre-trained on BoxLang docs

• Introduced BXAI module to offer LLM integration with fluent APIs

• Planning future MCP support to make apps LLM-ready by default

• AI accelerates everything from code generation to user education

The team discusses real-world adoption examples, Java interoperability, and long-awaited features like extending Java classes from CFML-like syntax

• Solves long-standing CFML-to-Java interop issues

• Allows implementing and extending Java classes natively

• Libraries like Jedis or RabbitMQ now integrate easily

• Demonstrated real-world migrations from legacy CFML (eg, RAILO) to BoxLang

• Charting and frontend decisions still debated to avoid tech bloat

Looking to the future, BoxLang's roadmap includes desktop runtimes, WebAssembly support, more IDE integrations, and merging CommandBox into BoxLang

• Desktop runtime with Electron and JavaFX support

• Azure and Android runtimes are next on the horizon

• Migration of all Ortus projects to BoxLang underway

• Goal is to empower developers to build anything—from scripting tools to full-stack apps

https://try.boxlang.io/

https://www.boxlang.io/

Ben and Ryan Show Episode 4 In this episode, your hosts Ben Nadel and Ryan Brown are joined by Senior Adobe ColdFusion Evangelist, Mark Takata, to talk about the upcoming Adobe ColdFusion 2025 release. This episode is packed with surprise announcements.

Adobe ColdFusion 2025 • A lot of performance improvements • Big upgrade to charting – amazing themes are coming out of the box • Spreadsheet improvements

Adobe ColdFusion 2025 Beta • Beta coming soon • Beta will have deep dive webinars about all features given by engineers who built them • Surprise bug bounty announced • Beta will be supported on xByte servers and we are already experienced supporting it • It will be in 2 parts – first part early December – second part early January ColdFusion Subscriptions • Coming in 2025 • Last Adobe product to move to subscription • ETLA is already a “subscription” and most popular way to get ColdFusion • Allows Adobe to launch more features more frequently Favorite new 2025 Feature from Mark and Ben • CSV Read/Write Processing • Streaming of CSV processing When to upgrade code • Your old code is not as good as your more recent code • Risk of updating code • Takes longer to code outside of CF • Regrets of code changes away from CF • Opportunity cost of rewriting code Extras from Adobe ColdFusion • $250,000 in licensed libraries • Support • VIP experience – customer-specific hotfixes Ways to test ColfFusion • TryCF • CF Fiddle Surprise Announcement • Hackathon coming to Adobe CF • Possible hackathon at Summit? • Grassroots evangelism – do hackathons and show off ColdFusion Links mentioned in the video • Previous Mark Podcast - https://youtu.be/_C-EVrwEcY8

• Carahsoft 2025 Preview Link - https://www.carahsoft.com/learn/event/62630-adobe-coldfusion-unveiling-2025-features-and-future-roadmap-insights

• TryCF - https://trycf.com/

• CF Fiddle - https://cffiddle.org/

Ben and Ryan Show Episode 3

In this episode, your hosts Ben Nadel and Ryan Brown just riff about whatever comes to their minds. Topics and tangents include disaster recovery beyond IT, scaling cloud servers, and strategies around email and video marketing.

Disaster Recovery - just for IT teams • Staff in different locations • Keeping local staff online • Contingency plan for who to take over functions • iPhone satellite calling works

Options for Disaster Recovery in the cloud • 2 systems always on - expensive • Backups located offsite with acceptable RPO and RTO • Make sure you test your plan so it is not just hoping it works

Managed Hosting • How do we upgrade our infrastructure for customers • xByte Cloud started with very high-end infrastructure - NVMe SSDs • Can upgrade as you go and have a hybrid cluster - downside is sometimes you are faster based on where your app resides • Can have a second more performant cluster - downside is people have to migrate to use it

Deploying dev code in the cloud • How do we handle it • What did Ben do in the past

Scaling in the cloud • Autoscaling - best for AWS/Azure • Adding new cloud servers - anyone can do because each is just a VM

Marketing • Emails - in B2B more about staying in front of people than content • Give away something memorable - lesson from Nolan Erk • Can you reuse content • What is our content strategy - long form, shorter form, and shorts/reels • How do we generate shorts

In this episode, Ryan gets to interview Eric Kratz and Witt Schenck from VSR Systems. They talk about their boutique Enterprise Resource Planning (ERP) and Warehouse Management System (WMS).

Guests

Ryan Brown - xByte Cloud CMO

Eric Kratz - President VSR Systems

Witt Schenck - Product Manager VSR Systems

Overview for VSR ERP As a premier ERP solutions provider, VSR Systems requires a dependable and scalable hosting partner to support its diverse client needs. When it comes to choosing a cloud provider that can handle both individual client instances and SaaS model solutions, xByte Cloud has proven to be an invaluable partner for VSR Systems.

The Challenge for VSR ERP Eric Kratz, President from VSR Systems, shared that their clients have varying requirements: larger organizations need dedicated instances, while smaller clients operate within VSR's shared SaaS model. The key challenge was finding a hosting provider that could offer customizable infrastructure for both client needs while delivering fast deployment and continuous reliability.

Overview for VSR WMS VSR Systems, a premier warehouse management provider, relies on xByte Cloud to support their fully cloud-based operations. With their warehouse management system running entirely on servers in the xByte Cloud, VSR depends on the team from xByte Cloud to maintain seamless functionality and uptime—a critical factor for their success.

About VSR Systems ERP VSR Systems is a specialized ERP provider dedicated to delivering tailored solutions for businesses requiring highly adaptable, SKU-based ERP and WMS integrations. Initially serving the ready-to-wear industry, VSR has since expanded to a variety of sectors, including accessories, kitchen hardware, and beyond, leveraging the simplicity of single-dimension product requirements for fast and efficient ERP adaptation.

VSR Systems sets itself apart with its fully proprietary ERP solution, designed and maintained in-house to ensure cohesive performance across all modules. Unlike other ERPs that patch together third-party components, VSR’s integrated design allows for seamless updates and modifications, reducing the risk of unexpected complications in other parts of the system.

Challenge for VSR WMS Running a cloud-based warehouse management system, VSR requires a dependable infrastructure and access to specialized expertise to resolve any issues swiftly. “We live and die by uptime," said Witt Schenck, Product Manager at VSR Systems. "If our system goes down, even for a few minutes, my phone instantly starts ringing. We need a team we can trust to keep everything online.”

In addition to uptime, VSR needed expert support for technical troubleshooting. As a company of developers, they wanted to focus on building their software without getting bogged down in system administration or server management. Additionally, they needed reliable VPN connections to support printing from xByte servers directly into various warehouse networks, a setup that can be tricky when warehouses lack dedicated tech teams.

About VSR Systems WMS VSR Systems’ Warehouse Management System (WMS) was created out of a clear need for a better warehouse software solution, particularly for any SKU based product. The client base of the WMS encompasses everything from socks to shower doors. Built by Witt Schenck and a team of seasoned developers, the WMS emerged as a fully integrated, flexible, and task-driven system designed specifically to handle the complexities of warehouse management.

To learn more about VSR Systems ERP or WMS, visit https://www.vsrsystems.com/ To learn more about having the infrastructure for your application fully managed, visit https://www.xbytecloud.com

Ben and Ryan Show Episode 2 - Cryptography with Justin Scott

In this episode, your hosts Ben Nadel and Ryan Brown are joined by long time Adobe ColdFusion developer and security expert, Justin Scott, to discuss his recent presentation at the Adobe ColdFusion Summit.

Justin’s Summit Presentation - https://www.darktech.org/advanced-cryptography.pdfNotes from Podcast • Password4J Library – Ability to get access to Argon2id in ColdFusion - https://password4j.com/

Topics Covered

• Iterations for hashing
• SCrypt / BCrypt
• Session Management
• Should you roll your own auth?
• Should you roll your own credit card processing
• Changes to Adobe ColdFusion around encryption
• Passkeys
• How do you migrate to new password hashing algorithm
• Do companies hire people to test breaking out of a prison

Links to Justin • https://www.darktech.org • https://www.linkedin.com/in/justinscott

This is episode 1 of the Ben and Ryan Show! Watch and listen along while Ben and Ryan talk tech, Adobe ColdFusion, and life in general. In this episode, the guys reminisce about their time at the Adobe CF Summit 2024 that just concluded. See the conference through eyes of an introvert and extrovert. Ben gives secrets to how he (the introvert) overcomes his nerves and starts conversations. Ryan (the extrovert) admits that he too gets nervous starting conversations. Sessions about being a CF evangelist and cryptography are discussed. They tie in lessons learned at the Summit to current releases. While discussing Mark Takata's CF evangelist session, Ben talks about his story of trying to "burn the house down" and completely move off CF (it didn't go well). Tips are given to help others thinking about switching any technology stack. Final thoughts around Ben's wish list for a cloud provider to train him to manage his own server. Ryan mentions the https://learn.xbytecloud.com site having a lot of that content, but is candid and explains that no one really wants to manage it themselves. They do managed hosting so someone else can do that.

Cloud Experts Unleashed – Episode 20

In this episode, Dakota and Ryan talk about what services they offer for public cloud customers and then discuss the specific needs of 4 companies hosting in the public cloud (Azure/AWS) and currently being managed by xByte Cloud.

Guests

Dakota Clum – xByte Cloud CTO

Ryan Brown – xByte Cloud CMO

Topics Discussed

• What types of services does xByte Cloud offer for AWS/Azure
• Convert to microservices
• Update cloud servers
• Cost controls
• Fintech Company – Azure
• Technical guidance
• Platform available 24/7, Kubernetes, scale on demand
• Core competence not infrastructure
• Microservices, PowerBI, Azure AD, Azure specific tooling
• SaaS Company – ColdFusion in AWS
• Redundancy/uptime
• RDS – MySQL, SQL Server
• SQL scaling groups – replicate on demand
• SaaS CRM – ColdFusion in AWS
• RDS – special SQL (100x)
• Large Retail – ColdFusion in AWS
• Moving from OnPrem to AWS
• Scalability – Geo-Redundancy

To learn more about having your public cloud fully managed visit https://www.xbytecloud.com

Cloud Experts Unleashed – Episode 19

In this episode, we are joined by Charlie and Adam from WRIS web services to talk about how to successfully move to the cloud and who shouldn’t even try.

Guests

• Dakota Clum – xByte Cloud CTO
• Ryan Brown – xByte Cloud CMO
• Charlie Meyers – WRIS Web Services CEO
• Adam Euans – WRIS Web Services CTO

Topics Discussed:

• Why make the switch
• Who should stay OnPrem (or require more planning)
• When does it make sense to move to the cloud
• How do you move to the cloud
• Move everything or start small
• Differences with cloud to cloud
• Similarities with cloud to cloud
• Real experiences
• What goes wrong
• What have you broken?
• Wallet Shock
• Good and Bad surprises

Useful Links

• Meet us all at the Adobe ColdFusion Summit
• WRIS Web Services

To learn more about moving from OnPrem to the Cloud, visit https://www.xbytecloud.com

Cloud Experts Unleashed - Episode 18

In this episode, we are joined by Charlie Arehart to discuss our real world experiences helping customers apply the recent updates that required code changes around unscoped variables and encryption algorithms.

Guests

Charlie Arehart - Independent Consultant

Dakota Clum - xByte Cloud CTO

Ryan Brown - xByte Cloud CMO

Topics Discussed:

• How to correctly pronounce Charlie's last name
• What is 2021 update 13 / 2023 update 7 - "March Update"
• What scopes don't have to be updated
• How to temporarily delay making scoping changes and should you do it
• Where to set variables application.CFC
• Tools to find scoping issues and fix them
• Logging issues and possible performance hits at scale
• Scanning your code
• Cleaning up your technical debt
• What is 2021 update 14 / 2023 update 8 - "June Update"
• What makes algorithms better
• Misconception about what is required - Adobe picks new default
• Code and database changes required
• Possible exposure to not updating
• Can you have ColdFusion use the old algorithm in your code
• Are people upgrading yet

Useful Links ColdFusion 2023 Update 7-8

https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-7.html

https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-8.html

ColdFusion 2021 Update 13-14

https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-13.html

https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-14.html

Charlie's Relevant Blogs

https://carehart.org/blog/2024/3/12/cf_updates_march_2024_possible_breaking_change

https://carehart.org/blog/2024/6/11/cf_updates_june_2024_possible_breaking_change

https://carehart.org/blog/2024/7/18/dont_miss_helpful_feature_identify_implicit_scopes

https://carehart.org/blog/2024/7/22/on_handling_jun_2024_cf_update_change_of_default_encryption_algorithm

Tools to find issues and fix them

https://www.petefreitag.com/blog/fixinator-unscoped-variable/

https://helpx.adobe.com/coldfusion/developing-applications/developing-cfml-applications/debugging-and-troubleshooting-applications/using-the-code-analyzer.html

To learn more about ColdFusion at xByte Cloud, visit https://www.xbytecloud.com/hosting/windows-coldfusion-managed-server

Cloud Experts Unleashed - Episode 17 In this episode, we reminisce about Adobe ColdFusion Summit East 2024 thinking about all the people we met, the amazing content, and the product updates.

Guests Adobe ColdFusion Senior Technical Evangelist, Mark Takata xByte Cloud CTO, Dakota Clum xByte Cloud CMO, Ryan Brown

Topics Discussed:

• How did this compare to previous Summit East conferences • How was the mix of government versus non-government • Standout sessions from Summit East • How did this year's certification compare • When will the next version of ColdFusion launch • Which bugs will be fixed in ColdFusion Next • When is alpha for ColdFusion Next launching • How to join pre-release program (email Mark.Takata@adobe.com) • Why attend Vegas ColdFusion Summit 2024 Useful Links

ColdFusion Summit 2024

ColdFusion Cloud Servers

Cloud Experts Unleashed - Episode 16 In this episode, xByte Cloud CTO, Dakota Clum, and xByte Cloud CMO, Ryan Brown, discuss the latest ColdFusion 2023 Update 7 and ColdFusion 2021 Update 13.

Topics Discussed: • What is in the update • New scope settings • Current exploit of the vulnerabilities (or lack of) • What can break • Temporary workarounds - when will flags be deprecated • Application level flag (searchimplicitscopes = true ) • JVM flag (-Dcoldfusion.searchimplicitscopes=true) • Beyond scope, what other fixes are included with this update

Useful Links ColdFusion 2021 Update 13

ColdFusion 2023 Update 7

ColdFusion Cloud Servers at xByte Cloud

In this episode, your hosts Ben Nadel and Ryan Brown are joined by guests Ray Camden and Wade Bachelder to break down their experiences at the recent Adobe ColdFusion 2025 Hackathon. Together, they dive into the projects, challenges, bugs, and lessons learned while exploring new CFML features like CSV handling, charting, and Java integration.

Key Points

• Wade, Ray, and Ben each created unique apps that showcased new CF2025 features like CSV processing, charts, and cfCatch improvements

• Participants found critical bugs in the charting and CSV implementations, sparking valuable discussion

• They explored integration possibilities with Java, BoxLang, and Maven, discussing tradeoffs and developer ergonomics

• The hosts offered thoughtful feedback to Adobe on how to improve future hackathons, including ideas for in-person events and broader outreach

Wade describes his security-focused project that visualized CVEs using ColdFusion's updated charting and CSV features

• He used CVE data to build pie and line charts comparing vulnerabilities across ColdFusion and Adobe

• Found that new charting features were brittle and theming often broke rendering

• Deployed "classic" CFML mixing old tag-based code with modern features

Ray walks through his one-file bug tracker project designed for quick logging without a database

• Wrote bug data to a CSV file for Excel or Jira import

• Used minimal dependencies, all loaded via CDN

• Added simple HTML charts despite his long-standing dislike for CF's client-side tools

Ben explains his Sitter Snacks app, a lighthearted tool for logging snack preferences using CF's CSV features

• Highlighted issues with chart set and general fragility in newly released features

• Also used ColdFusion's new property file support for config handling

• Touched on differences between CF and Lucee, especially around Java integration

The hosts and guests debate how ColdFusion stacks up to other languages for rapid development

• Wade emphasizes CF's productivity for solo projects and fast MVPs

• Ray argues CF's accessibility has competition now from Python and modern JS stacks

• Ben adds that developer ergonomics—like seamless HTML rendering—still set CF apart

• Discussion dives into nuance around familiarity bias vs actual productivity gains

They discuss AI's role (or lack thereof) in their projects and explore future hackathon improvements

• Most participants didn't rely on AI but acknowledged its brainstorming value

• Ben and Wade tested APIs and used AI sparingly for code snippets

• Suggestions included more flexible timelines, better marketing, and possibly in-person events

• The group emphasized the importance of community and showcasing CF's real-world power

• Ray proposed frequent “Friday Challenges” to boost engagement with bite-sized coding tasks

The episode wraps with closing thoughts and advice for Adobe to better reach and engage the next generation of developers

• Wade calls for better social media presence and outreach to younger devs

• Ray underscores the need for clearer timelines and inclusive event formats

• Ben reflects on ColdFusion's enduring strengths and its alignment with his mental models

• The team encourages more devs to join next year and grow the CFML ecosystem together

Ray's Blog: https://www.raymondcamden.com

Wade's Blog: http://wadebach.com

Ben's Blog: https://www.bennadel.com

ColdFusion Hosting: https://www.xbytecloud.com/hosting/coldfusion-cloud-hosting

Cloud Experts Unleashed - Episode 15 In this episode, xByte Cloud CTO, Dakota Clum, and xByte Cloud CMO, Ryan Brown, discuss why various server clusters.

Topics Discussed: • Why do you need more than a single server • When to expand beyond a single web or database server • Typical cluster configurations • Load balancer options • Benefits of Cloudflare beyond load balancing • How does Cloudflare load balancing differs from having your own servers in multiple locations • Geo-Failover benefits and configuration • Microsoft SQL Server versus MySQL load balancing • What drives the need for expanded clusters

Useful Links Windows Cloud Servers

ColdFusion Cloud Servers

Linux Cloud Servers

To learn more about server clusters at xByte Cloud, visit https://www.xbytecloud.com

Cloud Experts Unleashed - Episode 14 In this episode, Austin Shelton, xByte Cloud Senior Dev Ops Engineer, and Ryan Brown, xByte Cloud CMO, discuss a recent customer issue where session management was causing their ColdFusion to crash.

Troubleshooting Steps • Collect ColdFusion thread dump and heap dump • Use eclipse memory analyzer to see regions of heap space being consumed • Found ColdFusion runtime memory session scope was consuming majority of java heap space • Block known bots • ColdFusion Session Management - check for cookies - doesn't accept cookies then we assume it is a bot

Useful Links What to collect when ColdFusion crashes ColdFusion Session Management To learn more about ColdFusion at xByte Cloud, visit https://www.xbytecloud.com/hosting/windows-coldfusion-managed-server

Cloud Experts Unleashed - Episode 13 In this episode, xByte Cloud CTO, Dakota Clum, and xByte Cloud CMO, Ryan Brown, discuss adobe coldfusion troubleshooting quick tips. This is the last in the series derived from Dakota's presentation at the 2023 Adobe ColdFusion Summit in Las Vegas.

Topics Discussed: • Errors in jvm.config • CFStart.bat Utility • Special arguments in jvm.config • Tomcat service is unavailable

To learn more about ColdFusion in the xByte Cloud, visit https://www.xbytecloud.com/hosting/windows-coldfusion-managed-server

Cloud Experts Unleashed - Episode 12 In this episode, Senior ColdFusion Technical Evangelist, Mark Takata, and xByte Cloud CMO, Ryan Brown, discuss the upcoming ColdFusion Summits (ColdFusion Online Summit and ColdFusion Summit East). After talking about the Summits, Ryan and Mark dig into current tech trends around AI.

Topics Discussed: • When are the summits? How do you register? How much are they to attend? • Who should attend? Just government? • How is Summit East different from the Vegas Summit? How is it the same? • If you went to the Vegas Summit, will you still get something out of this one? • Will there be a 5K fun run?

Links Discussed in the Video: ColdFusion Online Summit 2024 ColdFusion Summit East 2024

Cloud Experts Unleashed - Episode 11 In this episode, I am joined by xByte Cloud CTO, Dakota Clum, and we discuss how to analyze the data you saved before restarting your server after a ColdFusion crash.

How to analyze a Thread Dump (jcmd $PID Thread.print ＞ThreadPrint.tdump) * Search for .cfm * Look for multiple references * What is happening when it crashed * Any patterns with tags, files How to analyze a Heap Dump ( jcmd $PID GC.heap_dump HeapDump.hprof) * Use memory analyzer tool from eclipse (https://projects.eclipse.org/projects/tools.mat) * Look for anything taking up most of the heap * Leak Suspect Report * Review code in suspect files

How to analyze native ColdFusion Logs * Search for "out of memory" * Search for other errors you are having

To learn more about ColdFusion at xByte Cloud, visit https://www.xbytecloud.com/hosting/windows-coldfusion-managed-server

Cloud Experts Unleashed - Episode 10 In this episode, I am joined by xByte Cloud CTO, Dakota Clum, and we discuss what to collect when ColdFusion crashes before you restart your server.

In this video, we discuss: * Why not restart your server right away * Reviewing ColdFusion Log Files * How to collect Thread Dumps (jcmd $PID Thread.print ＞ThreadPrint.tdump) * How to collect Heap Dumps ( jcmd $PID GC.heap_dump HeapDump.hprof) To learn more about ColdFusion at xByte Cloud, visit https://www.xbytecloud.com/hosting/windows-coldfusion-managed-server

Cloud Experts Unleashed - Episode 8 In this episode, I am joined by xByte Cloud CTO, Dakota Clum and we discuss his gold standard for getting your ColdFusion updated and tuned. This is the first in a series of videos inspired by Dakota's presentation at the Adobe ColdFusion Summit 2023.

Link to blog with all of the information outlined in the video and more: https://blog.xbytecloud.com/coldfusion-pre-production-gold-standard/ Other Helpful Links Adobe ColdFusion Updates Java Updates Locations of config files mentioned C:\ColdFusion($Version)\cfusion\runtime\bin\wsconfig.exe C:\ColdFusion$version\cfusion\bin\jvm.config To learn more about xByte Cloud helping you with your ColdFusion needs, visit us at https://www.xbytecloud.com/.

Cloud Experts Unleashed - Episode 5 In this episode, I go into one of the most asked questions we get.... "When deploying a new VPS environment, should I separate my web and sql server?".

Except for very fringe cases, you should also separate them. Here are the high level reasons why. - Tailored Resource Allocation - SQL Licensing - Independent Scalability - Reduced Resource Competition - Minimized Security Risks - Avoiding Single Point of Failure

To learn more about adding a VPS from xByte Cloud, visit us at https://www.xbytecloud.com.

Cloud Experts Unleashed - Episode 4 In this episode, I get interviewed by ChatGPT. We worked on a special prompt to have ChatGPT ask a question, wait for a response, and then ask a follow up question based on the response. They did this for 5 questions. We also experimented with multiple plugins to find one that made the conversation more realistic. You get to hear the voices just like a real conversation.

Here is the prompt we use: Pretend you are a reporter and you are interviewing me, Ryan Brown Chief Marketing Officer for xByte Hosting (www.xbytehosting.com). I want you to ask me a total of 5 main questions, but don’t show me all the questions at the same time. Show them to me one at a time and I will give you the answers. You should not generate the answers. You can comment on my answers if you want. Follow the pattern below. If you hear me mention a sister company, their name is xByte Technologies. Ask the first question, then wait for me to answer. After I answer, ask a follow-up question based on my answer. Wait for me to answer the follow up question. Ask the second question, then wait for me to answer. After I answer, ask a follow-up question based on my answer. Wait for me to answer the follow up question. Ask the third question, then wait for me to answer. After I answer, ask a follow-up question based on my answer. Wait for me to answer the follow up question. Ask the fourth question, then wait for me to answer. After I answer, ask a follow-up question based on my answer. Wait for me to answer the follow up question. Ask the fifth question, then wait for me to answer. After I answer, ask a follow-up question based on my answer. Wait for me to answer the follow up question. To learn more about the plugin we used, visit https://chrome.google.com/webstore/detail/voice-control-for-chatgpt/eollffkcakegifhacjnlnegohfdlidhn To learn more about the cloud services from xByte Solutions, visit us at https://www.xbytecloud.com/managed-services/managed-public-cloud.

Cloud Experts Unleashed - Episode 3 In this episode, I interview xByte Hosting COO Jeremy Ennis and we walk through how to configure and react to a CPU alert. To learn more about the cloud services from xByte Cloud, visit us at https://www.xbytecloud.com.

In this episode, your hosts Ben Nadel and Ryan Brown are joined by Peter Amiri, the current maintainer of the Wheels framework (formerly CF Wheels), to discuss its evolution and future. They dive into the history of the ColdFusion-based framework, its comparison with other MVC options, and how it's being modernized for AI-assisted development.

Key Points

• Wheels is a CFML MVC framework inspired by Ruby on Rails, focused on convention over configuration.

• Peter Amiri discusses taking over as maintainer and revitalizing the project with better tooling, testing, and documentation.

• The team explains the pros and cons of adopting Wheels over other frameworks like ColdBox and Framework One.

• Extensive discussion on integrating Wheels into legacy apps and migrating code incrementally.

• Exploration of AI’s potential role in software development and how Wheels is being shaped to support AI-driven tooling.

When Ben and Ryan introduce Peter Amiri, they quickly establish his role as the maintainer of the Wheels framework and dive into what the framework is and its CFML roots.

• Wheels uses the MVC pattern and draws inspiration from Ruby on Rails.

• It emphasizes convention over configuration, simplifying developer onboarding.

• Originated as ColdFusion on Wheels and recently dropped “CF” to become more inclusive.

Peter discusses his motivation to maintain Wheels and shares his experience of revitalizing the project as the former maintainers stepped away.

• Took over after the previous team burned out, motivated by personal reliance on the framework.

• Focused on reducing friction for contributors and users.

• Implemented GitHub Discussions, a sponsorship model, and improved the CLI.

They explore the role of testing and CI/CD within Wheels, highlighting its robust GitHub Actions pipeline for various CFML engines and databases.

• Automated testing runs on multiple versions of Lucee and Adobe ColdFusion.

• Test matrix includes various databases like MySQL, PostgreSQL, and now Oracle.

• Emphasizes the ease of contributing thanks to a well-structured test pipeline.

Discussion shifts to why one would use a framework in CFML, with arguments around organization, maintainability, and community standards.

• Frameworks reduce decision fatigue by offering structured conventions.

• Onboarding becomes easier for new developers.

• Wheels allows some customization while still being opinionated.

Peter and Ben compare Wheels with ColdBox and Framework One, detailing where Wheels fits in the CFML framework ecosystem.

• Wheels sits between lightweight Framework One and feature-heavy ColdBox.

• Each framework has its own philosophy and target use cases.

• Wheels balances inclusivity and opinionation, supporting plug-ins and modular growth.

They explain how a legacy CFML app can be gradually migrated into Wheels using a strategy like the “strangler pattern.”

• Use the “miscellaneous” folder to encapsulate legacy code.

• Gradually migrate logic into Wheels views, then controllers, and finally models.

• Existing templates can often be reused with minor routing updates.

Discussion turns toward how AI is already helping with Wheels development and where Peter sees it heading.

• AI tools like Claude and ChatGPT are surprisingly capable with CFML.

• Peter is exploring how to optimize Wheels documentation and tooling for AI understanding.

• Talks about Model Context Protocol (MCP) as a way to feed runtime data to AI agents.

The episode wraps up with practical recommendations for showing how to onboard legacy codebases into Wheels and the importance of a smooth developer experience.

• Possible screencast idea for walking through a real-world legacy migration.

• Encouragement to adopt modern MVC for maintainability and scalability.

• Wheels’ goal is to offer a polished developer experience rivaling modern frameworks like Rails or Laravel.

Cloud Experts Unleashed - Episode 2 In this episode, we walk through the latest ColdFusion vulnerability and how to update your system to prevent it.

Useful Links https://blog.xbytecloud.com/critical-adobe-coldfusion-updates-released-for-2021-update-6-2018-update-16/

https://help.xbytecloud.com/t/how-to-apply-coldfusion-updates-hotfixes/28

https://community.adobe.com/t5/coldfusion-discussions/released-coldfusion-2021-and-2018-march-2023-security-updates/td-p/13649873

Cloud Experts Unleashed - Episode 1 In this episode, I interview xByte Hosting CTO Dakota Clum and we discuss the tips you need to best manage your own cloud infrastructure.

To learn more about the cloud services from xByte Cloud, visit us at https://www.xbytecloud.com.

Ben & Ryan Show Episode 19

In this episode, your hosts Ben Nadel and Ryan Brown catch up after a short hiatus with a wide-ranging, unscripted conversation covering everything from the latest ColdFusion trends to personal experiments with AI and vibe coding. With no guest this time, it's a freestyle episode filled with developer insights, community stories, tech musings, and even a few nostalgic tangents about their careers and upcoming conferences.

Key Points

• Ryan shares insights from attending Into the Box

• Ben discusses his limited but productive use of AI, leveraging pseudocode to retain creative ownership of his code.

• The hosts dive into technical and philosophical challenges around AI-assisted development, including context limits, prompt strategies, and tooling.

• Fun anecdotes cover experiments with vibe coding, from building a bingo app to letting kids iterate on games in Replit.

• They preview plans for ColdFusion Summit, hinting at retro themes and marketing tactics like well-chosen swag.

The hosts kick off their catch-up with banter about attending Into the Box

• Into the Box was professionally run with in-depth sessions and tons of fun like mariachi karaoke.

• Ryan explores the idea of xByte Cloud sponsoring future ColdFusion events.

• Discussion of possible future guests from the "Box" ecosystem

• Ben shares his troubles getting BoxLang running in CommandBox due to Java version conflicts.

They reflect on how AI is influencing development workflows, particularly through testing and safe deployments.

• Testing is increasingly seen as essential, especially with frequent Adobe ColdFusion patches.

• Ryan mentions synthetic testing tools like Datadog as helpful for customer QA.

• Ben confesses he’s historically done manual testing, though AI might shift that.

• They explore release practices and breaking changes in Adobe CF updates.

• xByte Cloud supports parallel environments to ease upgrade testing.

The conversation shifts to vibe coding, with examples from both hosts of small projects and the value of playful iteration.

• Ben and Ryan explore Replit and building simple games or utilities with ChatGPT.

• Ryan’s son built a Flappy Bird-style game, iteratively adding features via prompts.

• Ryan vibe-coded a virtual bingo game when the usual service went down.

• They appreciate the immediacy of coding with AI assistance and rapid prototyping.

AI’s limitations and best uses become a recurring thread, as Ben and Ryan wrestle with how to use AI tools without sacrificing learning or control.

• Ben prefers using AI to generate pseudocode but insists on doing the final implementation himself.

• Prompt engineering emerges as a key skill—Ryan tests role-based agent workflows.

• They debate the fear of losing mastery versus gaining productivity.

• Ryan tries auto-correcting code through multiple AI agent passes.

• Both agree curiosity and experimentation are crucial to productive AI use.

Security and maintenance surface toward the end as they react to the latest data breach news and dream of AI-powered password management.

• A recent leak of 16 billion passwords prompts questions about best practices.

• Ben considers how 1Password’s Watchtower could integrate AI to rotate credentials.

• They riff on AI agents auto-managing security tasks like 2FA and password changes.

• The conversation ties back to larger questions about trust, safety, and AI autonomy.

Wrapping up, they share a few final thoughts on CF Summit, marketing swag wins, and what listeners might want from future episodes.

• CF Summit 2025 will celebrate ColdFusion’s 30th anniversary.

• They’re expecting retro-themed parties and looking to bring value as vendors.

• Ben’s wife loves the travel mug from xbyte Cloud—a marketing win.

• The episode ends with a call for listener feedback and a promise to keep the show going.

Ben & Ryan Show Episode 18

In this episode, your hosts, Ben Nadel and Ryan Brown, are joined by longtime ColdFusion developer James Moberg, CTO of Sunstar Media, for a deep-dive into the wild world of user-defined functions (UDFs) and decades of real-world development hacks. From building custom tools that bridge gaps in ColdFusion and Lucee, to mastering performance and security through clever abstraction, the crew shares a treasure trove of lessons learned from the trenches.

Key Points

• James shares his approach to building reusable ColdFusion UDFs that work across Adobe CF and Lucee.

• The crew explores performance wins using command-line tools versus built-in CF tags like CFZip and CFImage.

• Strategies are shared for data sanitization, accessibility, and obfuscation using tools like Jsoup and hashing functions.

• They discuss how caching, output buffering, and shadow DOM techniques can power dynamic web experiences and secure flows.

• Real talk on AI’s limits when it comes to ColdFusion code generation—and why real-world testing still matters.

Different kinds of UDFs and how naming collisions and platform differences have influenced his work.

• Three main categories of UDFs: logic abstraction, proxying functionality, and UI simplification.

• Discusses how CF versions and Lucee differ in function availability and behavior.

• Talks about CF Backport as a strategy for extending older ColdFusion versions.

A spirited discussion on real-world cross-platform quirks, unscoped variables, and strategies for HTML standardization.

• Importance of using scoped variables to prevent unexpected collisions in code.

• How ColdFusion's HTML output can be sanitized using Jsoup and AI-assisted validation.

• Real-world examples of legacy platform quirks that led to better testing and abstraction strategies.

They unpack the use of executables and CFExecute for performance-heavy tasks like PDF generation, image processing, and zipping files.

• CFZip and CFImage are shown to be slower than OS-level executables like 7-Zip or GhostScript.

• Explains how using external tools avoids Java heap memory issues.

• Highlights the benefits of file-based tools for consistency and speed across deployments.

James walks through some of his favorite UDFs

• hashID: CFML user-defined functions (UDFs) provide a simple mechanism for generating and validating hash-based identifiers.

• createShadowHtml: CFML user-defined function (UDF) generates HTML and inline JavaScript to create a dynamic, client-side preview of a given HTML document within a shadow DOM

• streamFindNoCase: user-defined function (UDF) searches the currently accumulated output buffer for the presence of a given string, performing a case-insensitive comparison.

• generateEmailHashCode: user-defined function (UDF) processes an email address by extracting the domain, sanitizing the username by removing periods (dots) and any part after the first "+", converting both parts to lowercase, and then returning a Java-generated integer hash code of the resulting string.

• enableWKHTMLTOPDFForms: user-defined function (UDF) modifies the binary of a non-Adobe-generated PDF file to enable the editing of form fields in Adobe Acrobat.

• tempCache: user-defined function (UDF) allows you to temporarily store data in the ColdFusion cache and retrieve it using a generated UUID.

• jreEscape: user-defined function (UDF) ensures strings can be safely used in regex patterns by preventing special characters from being interpreted as regex metacharacters.

• maskCC: user-defined function (UDF) takes a text string as input, searches for patterns that resemble credit card numbers, attempts to validate these potential numbers using ColdFusion's built-in credit card validation, and then masks the validated numbers by replacing all but the last four digits with asterisks.

Helpful Links

http://www.mycfml.com/ - James's website showing these functions and more.

Ben and Ryan Show Episode 17

In this episode, your hosts Ben Nadel and Ryan Brown are joined by Peter Amiri to share the gripping, real-world story of what it's like to experience—and recover from—a devastating ransomware attack. They dive deep into the technical and emotional toll of cyber extortion, walking through how it happened, what went wrong, and the long road to restoring operations while learning critical lessons along the way.

Key Points

• Peter recounts a ransomware attack that began with a zero-day exploit in their firewall and resulted in full encryption of their Windows-based infrastructure.

• Despite following industry best practices like 3-2-1 backups, cyber insurance, and EDR tools, the breach occurred due to overlooked alerts and underestimated risks.

• The team responded by cutting internet access, engaging incident response vendors, and rebuilding their environment from scratch in parallel with negotiating a ransom.

• Lessons include the critical need for MDR services, verified air-gapped backups, centralized SSO/MFA security, and proactive disaster recovery planning.

• Ultimately, the company recovered within 8 days, avoiding catastrophic data loss by leveraging unencrypted legacy copies and strategic capacity planning.

Peter discusses the company's security posture before the attack

• Cyber insurance renewals demanded increased security: MFA, then EDR, leading to major financial investment.

• EDR picked up early malicious activity, but alerts were missed due to noise and lack of security specialization.

• Overconfidence in lesser-used virtualization tools contributed to a false sense of security.

• Alarm fatigue contributed to overlooking early breach signals.

The breach was triggered by a zero-day exploit in their firewall

• The attackers deleted VM snapshots rapidly, prompting the team to disconnect internet access immediately.

• Analysis revealed the attackers were inside for 3-4 months.

• Compromised admin accounts were used to delete offsite backups.

• A seven-day-old backup and a three-month-old ERP copy survived due to architectural luck.

Peter explains how they recovered

• A three-tier recovery strategy began: rebuilding from scratch, retaining encrypted originals, and decrypting clone copies.

• FBI approval was needed for ransom payment, which was surprisingly low and flagged as a possible re-engagement tactic.

• A decryption test with non-critical files validated the attackers had access.

• The decryption key ultimately worked, restoring full operations just before their parallel recovery would have been completed.

Post-breach, Peter outlines the enhancements made to secure their environment and improve detection and response.

• A secondary DR site was implemented with air-gapped nightly snapshots.

• All systems moved to enterprise SSO with MFA and session timeouts.

• A managed MDR provider was retained to monitor and escalate potential threats in real time.

• Simulation phishing campaigns and employee security training were introduced to combat social engineering.

The conversation shifts to the importance of recovery readiness over prevention

• Emphasis is placed on headroom in infrastructure for recovery, especially in on-prem environments.

• Decision-making between "verify first" vs. "block first" policies is discussed based on system criticality and false positive rates.

• Real examples of phishing, supplier impersonation, and invoice fraud highlight human vulnerabilities in security.

Helpful Links

Arete (company that helped Peter and provides Managed Detection and Response services)

https://areteir.com/

SentinelOne (Incident Response Platform)

https://www.sentinelone.com/

Ben and Ryan Show Episode 16

In this episode of the Ben and Ryan Show, hosts Ben Nadel and Ryan Brown are joined by guest John Nessim to explore the evolving world of content management systems (CMS). With his deep development background and years of practical experience, John dives into everything from traditional platforms like WordPress to advanced headless CMS solutions, offering valuable insights into when and why to choose different tools for your website.

Key Points:

• CMS platforms have evolved to balance user-friendliness with developer control, from WYSIWYG editors to headless solutions.

• WordPress dominates the market but can be bloated and vulnerable if not managed properly.

• Headless CMS options like Strapi and Sanity allow for greater flexibility, scalability, and multi-platform content distribution.

• Accessibility enhancements not only improve user experience but also deliver measurable SEO benefits.

• Choosing the right CMS depends on business maturity, scalability needs, and how content is consumed and maintained.

Definition and purpose of a CMS

• The key function of CMS is to give control over content to non-developers.

• Static site generators may not qualify as CMS unless they include content creation tools.

• CMS evolved from managing unstructured text to structuring rich data like events and services.

• Headless CMS is described as content blocks managed separately from the front-end template.

Headless CMS

• Headless CMS organizes content in blocks delivered via APIs (usually JSON/XML).

• WordPress now supports headless modes using technologies like React or Next.js.

• Hosting implications include managing the CMS separately from front-end deployment.

• Businesses are leaning toward this model to support multiple front-ends like web, mobile, and embedded apps.

Traditional CMSs

• Website builders are constrained but easy-to-use tools for non-technical users.

• WordPress is a middle ground—flexible, extensible, but prone to bloat and plugin issues.

• Mura and its fork MASA are powerful ColdFusion-based CMSs used for multi-language and multi-site setups.

• Custom or niche CMSs still hold value in developer-friendly ecosystems.

Accessibility

• Structured content (headings, alt tags) improves screen reader compatibility and SEO.

• Color contrast and readability considerations enhance inclusivity and usability.

• SEO and accessibility goals often align, especially with structured markup.

• Tools and plugins can measure and enforce accessibility standards effectively.

WordPress

• WordPress’s popularity makes it a target for bots and DDoS attacks.

• CMS platforms can become resource-intensive without proper caching and security measures.

• Best practices include Cloudflare protection, selective plugin usage, and admin page hardening.

• WordPress was never intended for large-scale, mission-critical systems.

Picking a CMS

• Simpler businesses should stick with GoDaddy or WordPress for cost-effectiveness.

• Growing companies may outgrow WordPress and require more robust headless CMSs.

• Business use cases should dictate the CMS—static presence, lead generation, e-commerce, etc.

• Costs, flexibility, and developer availability all factor into CMS choice.

Final Thoughts

• AI-driven tools like Wix’s website generator disappoint in quality without developer oversight.

• Advanced AI tools can accelerate site creation when paired with knowledgeable devs.

• CMSs need to consider future-proofing against evolving SEO rules and AI-driven content indexing.

• John offers real-world examples of using simple tools effectively based on client needs.

Useful Links

https://nessimworks.com/

https://strapi.io/

https://www.sanity.io/

https://www.masacms.com/

https://www.murasoftware.com/

In this episode, your hosts Ben Nadel and Ryan Brown take a break from their usual guest interviews to reflect on their personal and professional journeys in the first months of 2025. They discuss major career transitions, the challenges of job hunting in today's market, and the evolving landscape of software development, all while sharing personal stories and insights on adapting to change.

Key Points:

• Ben shares his transition from co-founding Envision to joining a new company in a completely different industry, facing a steep learning curve.

• Ryan talks about how networking and content creation play a key role in career opportunities, and why developers should build a public presence.

• They discuss the struggles of job searching, from dealing with stress and rejection to navigating a shifting industry.

• The importance of continuous learning, including Ben’s deep dive into CF Wheels and Ryan’s exploration of AI tools for productivity.

• A surprising story about purchasing fake AirPods from a major retailer and the unexpected resolution.

Ben reflects on his career shift after Envision’s closure, now working with Peter Amiri in a company focused on truck parts manufacturing.

• He describes the shift from self-directed work to structured teamwork and ticket-based workflows.

• Adjusting to new processes, communication methods, and working with a small but growing development team.

• Learning CF Wheels as part of the new job and the challenges of adapting to a new framework.

• The difficulty of balancing personal projects with work and feeling mentally exhausted from constant adaptation.

Ryan discusses his experience with job hunting and how networking made all the difference.

• Instead of relying on traditional applications, he leveraged his contacts to land new opportunities.

• He highlights how producing content and engaging with the community helps people stay visible in their industry.

• They reflect on how technical interviews often fail to identify the best candidates.

• The importance of having a portfolio to showcase real-world skills rather than relying on resume claims.

The hosts talk about their growing podcast and their experiences connecting with industry leaders.

• The unexpected success of the show and the ease of booking high-profile guests.

• How structuring the podcast recording schedule helped them maintain consistency.

• The challenge of engaging with technical communities outside of developer circles, like sysadmins and DevOps professionals.

Ben shares his journey into learning CF Wheels and the challenges of adapting to a new development ecosystem.

• How CF Wheels compares to Ruby on Rails and its "convention over configuration" approach.

• The struggle of learning a new problem domain while adjusting to a new job environment.

• Dealing with imposter syndrome and the pressure to adapt quickly.

Ryan recounts his bizarre experience buying fake AirPods from Walmart.

• The troubleshooting process, multiple failed attempts to connect them, and Apple's confirmation that they were counterfeit.

• How Walmart ultimately resolved the issue after several attempts at customer service.

• A lesson in checking serial numbers when purchasing electronics from big retailers.

The hosts wrap up with a look ahead at upcoming episodes, including more Adobe-focused discussions and AI developments.