A discredited and SYStematically CONniving magazine publisher has fired yet another salvo at Adobe today in their usual manner. This involves taking a blog post, re-branding it as coming from their "news desk" and altering the title to fit their vendetta. The post in question was BlueDragon Open Source - Launch Date Announced by Alan Williamson about how the New Atlanta team is working hard to get a public release ready for display at cf.Objective() 2008. Informative and straight forward. The re-branded version had the same title with a single alteration, a prefix of "ColdFusion Killer".

At no time did Alan say anything about the open source BlueDragon being a ColdFusion killer. It's not something that's been said by anyone...other than the publisher in question.

Really guys, this is getting old and stale. Just because Adobe stopped advertising with you doesn't mean you have to commit fraud to get back at them. Lame.

Lying is easy. Lying is fun. Lying is profitable. Lying is the way of life for those who want to hide the truth. The question is, how do you lie effectively? Let's look at an example of the best techniques in action. The company using these techniques at the moment does not have to be named.

The first thing you do when lying is to tell the truth -- not the whole truth, but just enough to make the lie itself seem true - a half or quarter truth. Truth: "I hate the auto-movie ads on the site as they blow my ears off or disturb everyone around me. The intrusive pop-ups are also a problem" Lie: "Michael Dinowitz doesn't want any ads on the site"

The second thing is to quote a person. Using some abstract entity in a lie is too impersonal. You need to give the lie a human face, make it feel like it's "one of us". Adobe is a massive company and is just too big and abstract for anyone to take personally. On the other hand, Michael Dinowitz and Sean Corfield are both people who can be identified with.

This brings us to the third point of a lie: Use named, recognizable people. You can use anyone you want in a lie to help make the lie more believable but if you use people whose names are well known in a community, then your lie becomes more personal and therefore, more believable. If you combine this with a half-truth (see point one) that might be heard from these people, then all the better. You don't even have to have the half-truth come from both as long as you group the people together. This makes the lie seem even more real as "they are both saying it," even though neither did.

Finally, take a disparaging quote against the named people from someone else and don't allow the quote to be challenged. This is the most powerful technique, especially if you can make the person quoted seem like an expert. He doesn't have to be, as most people don't bother to investigate who said what.

Oh, I almost forgot an important technique. Make your lie fit into a lie told by someone else. This falls under the theory that if something is said often enough, it is seen as true, whether it is or not. "ColdFusion is dying" is a lie told often enough to have gained a life of its own despite every fact that refutes the lie.

So there you have it. The techniques used to smear people and deflect blame. The techniques that should never be used against people who LOVE to expose lies for what they are. The techniques that fail when used against a thriving, intelligent community such as ours.

When will the company in question learn that simple fact?

Do you know the definition of Chutzpah? It's taking a magazine, destroying its content and quality, canceling it without warning and then saying that it's someone else's fault. Sys-Con is like an alcoholic who just can't admit they have a problem. Their latest insult to our intelligence is to try and salve our wounds by offering us a free subscription to one of their front-end technology magazines in place of their now canceled back-end technology magazine. All 17,600 subscribers to ColdFusion Developers Journal (probably 7,600 paid subscribers and 10,000 free ones) are going to get a year's subscription to either Flex Developer's Journal or Silverlight Developer's Journal.

But wait, this is not a year's subscription to a print magazine. No, that would be something akin to admitting that they've done wrong. What they're offering is a year's digital subscription to their magazine. That's right, you get the front-end technology magazine of your choice in digital format in place of the back-end technology magazine that you expected. And because Flex, Silverlight and ColdFusion are all so similar in Sys-Con's minds, they can repeat the canard that ColdFusion is dying. Of course, this is not true despite their best efforts.

Do they have any clue what these technologies are? Let me try to explain it to them in simple terms:

1. Ug want to make computer do work
2. Ug write back-end program to do work
3. Ug need to make program look nice for big boss who give Ug pretty stones
4. Ug uses pretty front-end technology to talk to back-end technology
5. Front-end technology look nice to boss
6. Boss not know what Ug do on back end. Boss see pretty pictures
7. Ug know difference between front-end and back-end
8. Ug laughs his caveman ass off for knowing what big publishing company not know
9. Big publishing company send Ug magazines Ug not want
10. Ug have supply of toilet paper

I really hope that helps Sys-Con understand the difference. Oh, and thank you for giving us all the new subscribers. We really appreciate it.

SYS-CON to Offer Free (digital) Subscriptions to ColdFusion Developer's Journal Readers

Fusion Authority Quarterly Update - The only ColdFusion journal in print

I thought that MySpace had the silliest security issues with their new "profile is securely protected", but I was wrong. I was just shown a so-called security announcement about Adobe Macromedia ColdFusion Information Disclosure and Cross Site Scripting Issues and I just had to chuckle.

The first item says that there is an input validation error when processing a malformed request which can result in installation path information being shown. The example they gave was an error thrown when the malformed request contained a file extension which is not handled by the server. This example makes no sense at all. If the extension is not handled by the ColdFusion server then the file/request will never get to the ColdFusion server from the webserver. Bottom line is that the description of this 'security hole' makes no sense and the information retrieved is not a moderate threat but a very low level one.

The second item is also one that makes no sense to me. It says that accessing the "CFIDE/administrator/login.cfm" template directly without supplying a host name could (not will, just could) cause an application to disclose the internal IP address of the server. They say that this can be done using a "get" request. Now can someone please show me how to do this? How do you call a template without using a hostname? Every test I see for calling this template uses an IP or hostname.

Now the third item may actually be an issue but I've never seen cross site scripting as that big an issue. I can't even say if this has already been fixed in the latest patch released last week. I'll have to check.

I'm rather surprised that such a poorly written 'security' advisory was put up. I really expect better from anyplace that advertises themselves as a "Security Incident Response Team". It feels very much like a vaporware scare put up just to get more Google hits and subscriptions. Harsh words, but that's my feeling.