Seeking ColdFusion WebMaster / System Administrator

B-Line Express is hiring!

Job Summary: Seeking an experienced Web Systems Administrator with 2 plus years of working knowledge System and Network Administration and some web development experience. The ideal candidate will be proficient in administering ColdFusion MX, IIS, Sun One, MS SQL 2000, Oracle 9i, Windows 2000 and 2003 servers with the ability to create firewall rules, review security policies, and implement back ups all systems. Development skills and experience in ColdFusion MX, HTML, and/or JavaScript would preferred.

Excellent communication skills, ability to work on multiple projects at a given time, and the willingness to travel within the DC area are a must.

So if anyone’s counting, that’s 3 positions we’re hiring for right now: A CF Admin, a VB.NET WinForms developer, and a Project Manager. These are new positions in the company–we’re expanding! Wouldn’t you like to be a part of dynamic expanding company that does development in many technologies with ample opportunity to learn new things and immediately apply that knowledge? Apply now. Send resumes to

Where’s responsible security reporting?

While I totally agree that once a company fails to respond to a security problem reported privately the problem should be reported publically, it’s horrible when that report greatly compounds the problem. That hapenned recently with ThinkTank‘s disclosure of PayMaxx‘s major security problem.

PayMaxx developers unfortunately did a stupid thing–they didn’t check that a person viewing a W-2 or other payroll related record is accessing the record they are allowed to; they only check if the user is logged in. That certainly is a major problem and unfortunately is too common (I’ve found this problem myself in e-commerce sites I used and reported it to the site owners–who both fixed the problem within 24 hours in the instances where I found it).

The ThinkTank report went much further than disclosing the nature of the problem and reported specific login information for a test account which allowed anyone to log-in and exploit the problem. Before this, only customers could exploit the problem. After ThinkTank’s disclosure, anyone can exploit the problem. They made the problem significantly worse.

Shame on you ThinkTank. If you agree, tell them.

If at first you don’t succeed, apply and apply again… :(

We’re hiring for a few positions (cfmx admin, desktop, and a pm). I’m quite frankly amazed at the applications we’re getting. Here’s a brief synopsis…

If at first you don’t succeed…
We’re getting a lot of repeat resumes. Some are right after another like we get one at 9:08 and then we get another one at 9:23. On several occasions we’ve gotten repeat applications for the same job coming from different sources (Monster and Craig’s List) but more often the case they’re multiple Monster applications. I’m not sure whether or not to throw someone out just for applying twice. It’s been a while since I looked for a job, but I always remember keeping careful track of where I applied. Maybe that’s not the case any more.
E-mail does not make a resume
This is my biggest pet peave, but I can’t really bring myself to fault the applicants. Monster apparently has a feature where people store their resume and do a single-click apply and they send the resume as plain text in an e-mail. The result is a jumbled mess of skills, experience, and education all mixed in and almost completely illegible. I wish Monster didn’t have this feature or at least that we could set up our Monster account to disallow these types of applications. What ever happened to customizing resumes and sending personal cover letters?
Novel as a resume
What’s with the long page resumes? When I went to resume workshops in college (which admittedly was a few years ago, but not that long ago) we were told to keep resumes to 2 pages and maybe 3 if absolutely necessary. How long does everyone else take to read a resume? Do you really read a 5, 7, or 10 page resume? I tend to scan the objective, skills, and last two jobs, and if relevant skills don’t pop-out at me, I move on. I’ve been told that’s pretty typical but I’d love to hear other employer’s opinions.
Desktop vs. Web
This is just an interesting twist. A few years ago it was hard to find people with a lot of web experience. Now it appears the opposite is true. There’s a lot of applicants with web experience but very few have recent desktop experience (we’re hiring for a .NET WinForms position).
So, you can find job here at website.

So enough with the rants… if anyone still wants to apply (and no, I wouldn’t be your boss so you don’t have to listen to me complain all the time) feel free to e-mail me. And no special prizes for the 20 page jumbled plain text mess sent a dozen times.

Watch for confidential information in code samples

We’re currently hiring for a few .NET programming positions and always ask applicants to provide a code sample. Some applicants can’t provide one since everything they have is confidential information, and we don’t penalize people for this. Some others have to check with their employer or previous employer first, and we always consider this a good sign. And others just go ahead and send us samples, which is usually ok but it can also be bad.

On occasion we get samples that have obviously confidential or proprietary information in them. This is always a red flag. Even if the code is very good, the fact that a person was willing to send his current or previous employer’s confidential information to a prospective employer as an example of work is bad.

In one particularly agregious case we received an application that had the company’s database domain name, username, and password all within the config file. That’s a major security problem. Not the type of security problem we’d like to hire into our company.

So if you’re applying for a job and providing a code sample, think not just about the quality of the sample but what information it contains and what it conveys about you, your honesty, and your consideration of others confidence and privacy.

Posted in Uncategorized | 1 Reply

CustomTag: HiddenDiv toggles content visibility

Recently I had to display a lot of text in a page but didn’t want it all initially displayed–I wanted to toggle some of it based on user interaction. I wrapped the functionality in a custom tag for easy reuse.

This is toggled text content.

tag and provides a

tag with a link to display the content. The link
can act as either a display once or a toggle. When the hidden
div is diplayed once the link text is hidden. When the hidden
div is a toggle, the link text is toggled between two alternate

-> showText Text to display initially and when the content
is hidden. Default "(show)".

-> hideText Text to display when the content is displayed
and toggle is set to yes. Default "(hide)".

-> toggle True if the link toggles the content display
and false if it displays once and stays on.

All other attributes are passed along to the content div. The
text div has a class of "hiddenDivText" which can be used
for styling.

Only tested in IE6 and Firefox based browsers. Should work
in other standards compliant browsers. If it doesn't work
in your target browser, modify the getElement function.

var hiddenDivShowText = new Array();
var hiddenDivHideText = new Array();

function toggleHiddenDiv(index) {

var textDiv = getElement('hiddenDivLabelDiv_' + index);
var contentDiv = getElement('hiddenDivContent_' + index);
var textSpan = getElement('hiddenDivLabelSpan_' + index);

var display = ( != 'block');

textSpan.firstChild.nodeValue = (display ?
hiddenDivHideText :
)[index]; = 'none'; = display ? 'block' : 'none';

return false;

function getElement(id) {
return document.getElementById(id);