Dreamforce 2017

What is Dreamforce?

Dreamforce is an annual user conference hosted by Salesforce.com in downtown San Francisco, bringing together thought leaders, industry pioneers and thousands of IT professionals. This is Salesforce’s big annual event, in 2016 over 170,000 people descended on San Francisco for the event.

I have spoken at Dreamforce for the past 5 years.

India Dreamin

Very excited to say that I will be heading over to India to present at India Dreamin 2017! Looking forward to seeing all the people who I’ve worked with who live in India!!


The Power of One: The best reporting trick of all time!

I had the honour of speaking at the Salesforce World Tour this year with the amazing Stefanie Bialas. She showed us the power of “The Power of One”, this is her blog on really how powerful it is!

Superpower Salesforce with the Power of One

Yeaahh, you’ve managed to build some excellent reports monitoring the pipeline of your company or also enabling marketing to contact all your prospects in the DB. And suddenly someone comes along and asks “How many opportunities do we actually have in the pipeline? The record count seems way to high” or “That’s awesome, now I can contact all our prospects. How many companies do we actually contacts?”. So how to address this in order to answer those questions?

You’ve probably noticed by then that the record count for reports like Opportunities with Products or Contacts and Accounts count the total number of child records associated with the parent record. So for opportunities, this is, for example, the sum of each product line item. Or a number of contacts associated with each account. How can you do this now to have a record count of the parent record, counting every record only ones? The answer is, use the Power of One!

Simply described the Power of One is a custom formula which you best create on each object and holds simply the value 1. When you sum it up in a report, 1 will be the result for each line item.
Here now a step by step guide helping you to setup the Power of One. I am taking the account and contact example to demonstrate this here but this works in the same way for all the other objects.
Go to your setup menu and select the object you’d like to count each record separately of. Create a new field:


For Step 2, fill in a name for your newly created field in “Field Label”. With tab, a field name will be created automatically. Number is what you should select as formula return type with zero decimals.

With next you will go to step 3. Now you get to write your formula which will be used to calculate the value you’d like to have displayed in your newly created field. Think again of what the purpose of this field is, we simply want to count the parent record only ones within our reports. And therefore all you need to insert into the formula canvas is 1 as a number:

That was easy, wasn’t it? Now save your newly created field and test it out. For the test go to your report tab and select for our example here “Contacts and Accounts” as a report type.  As usual first select the records you want to look at, then group the account field. Now your report will look like this:

As you can see the record count next to each account name counts the number of contacts associated with each account. That’s great to tell how many contacts we will have and can contact, but we won’t be able to answer the question of our Marketing Director how many companies we are contacting this way. Now your newly created superpower formula comes into place. Add it from the side panel with the quick find and drop it onto your report builder. Hoover over your field to open up the menu for the field and select “Summarize This Field”. You will get a window as shown below:

Check the checkbox “Sum” and click on apply. Now save and run your report to see the magic. When you scroll to the very bottom of your page you will now see two numbers. One being the classic record count as we know it, in this case counting each contact held in the report. And a second one which is the SUM of the Power of One for each individual account record. This number is logically lower (or the same) than the total count of the child records and gives you the total of accounts in your report. Yeeaahh!

Now share this with your manager and make yourself a well-deserved coffee.

Stefanie Bialas | ステファニ ビアラス

Marketing Operations Europe | NTT Europe




Slides from the World Tour London:

How to supercharge Pardot with Text Messages

Join me and the rest of the Pardot geeks at Guinness World Records where I demo how to supercharge your Pardot and get near 100% read-rates on your marketing using SMSs!


London’s Salesforce World Tour

The ‘Salesforce World Tour London’ is Salesforce’s largest Sales event in London. This yearly event has sponsors, talks and workshops throughout the day. Last year I was invited to do a couple of talks at the event its always a great event with simply loads of people there. They had a trailhead zone which is a great place to pick the brains of Salesforce gurus and get free advice!


Sign up now FREE
General, Videos

Time for a tech implant?

A couple of weeks ago I was at CeBIT one of “the largest computer expo’s in the world”. At its height during the dot-com boom around 800,000 people would descend to Hanover in Germany to see the latest tech. Since then things have changed and people generally get their dose of tech via the internet rather than going to big tech events so now CeBIT has reduced to around 300,000 people.

Anyone for an Alexa implant?

Salesforce was there in full force running their German Salesforce World Tour, BUT in one of the adjoining rooms, there was a stand where you could get a RFID chip injected … yes injected! into your hand, so you could unlock your phone with a wave of your hand, or even unlock your front door? (check out the video above!)

Yes, this isn’t new but what was interesting to me was that there was a steady stream of people wanting this done to them. It’s interesting to see how attitudes to tech have changed over the years and how something in the 80s was a thing of horror is now becoming more acceptable…

General, Videos

The Future of Salesforce Lightning

So Monday night was a big night! We had none other than Mike Rosenbaum (@mike945778) who is in charge of the Salesforce platform including Sales, Service and Lightning. We asked him a load of questions that the community had come up with and here are some of his answers. I’ll be putting the full video up shortly:

  • Performance; We had a lot of questions around Lightning performance, Mike said that for the forthcoming release all Lightning developers at Salesforce have been working on performance and you will see big improvements!
  • Components Roadmap; Mike has committed to releasing the component roadmap so developers are not developing components that Salesforce is as well! (makes sense!)
  • Next release feature (Safe Harbor): Declarative component visibility; I’ve been waiting for this! and Mike announced it’s coming out in the next release! This puts page layouts in the dark! Think of being able to declaratively change which components appear on the layout based on the data on the record you are viewing! This is one of my “Lightning Game changer” features that I spoke about at the Sydney user group.
  • New Report builder; The next release will see a new Lightning Report Builder! which is much much better and more usable. But also with a focus on general users being able to create reports rather than being siloed in a particular team etc.
  • More Wizards / Setup Flows; At the moment there are around 20 of these wizards but Mike is expecting there to be a load more to make it easier to setup things like single sign on, cloud console etc
  • Classic is not going way; There is no secret date when the classic UI is going to be switched off. Although he did say that he maybe switching it on for all Salesforce employees in their own Salesforce org 🙂

Mike would love your feedback! Just tweet him at @mike945778 (he even said why his twitter has the crazy number)



It was Salesforce Developer evangelist John Stevenson’s birthday as well but he didn’t say a word until the very end of the evening!! Now that’s dedication to the job.


S-Controls are coming back to Salesforce!

Salesforce has announced that S-Controls are coming back to Salesforce classic. For those who don’t know what S-Controls are, they were the technology before VisualForce and allowed you to create webpages and use the Salesforce JavaScript APIs to communicate with Salesforce (hence the S in S-Controls). Around 10 years ago Salesforce stopped Salesforce customers from creating new S-Controls as VisualForce had replaced the need for S-Controls, but I still find S-Controls in customers orgs. You can still edit and make changes too… well that was until this announcement!

Why are Salesforce re-enabling S-Controls?

It’s all due to Lighting! Lightning is a JavaScript framework and by bringing back S-Controls, Salesforce will allow developers to develop JavaScript based Lightning apps directly in Salesforce classic without the need of VisualForce. S-Controls are much lighter than VisualForce so you can illuminate the need for an Apex controller or even VisualForce markup! It also means new developers coming to the platform with a client who is still using the Classic UI can skip learning VisualForce/Apex and jump straight into the JavaScript world that is Lightning & S-Controls.

New ‘Add Lightning Component’ Button

New ‘Add Lightning Component’ Button

So Salesforce as expanded the S-Control functionality to allow you to easily add Lightning Components into your S-Control using the ‘Add Lightning Component’ Button (see pic).

Adoption, Adoption, Adoption

I think also another reason for re-enabling S-Controls is to allow developers & businesses a softer introduction into Lightning components & development. Lightning components/apps can be created directly in the Classic UI using S-Controls or just using regular old JavaScript. It also means that those orgs still using S-Controls can refactor the controls into Lightning components/apps more quickly without the need for VisualForce.

Click here for some AWESOME examples!!


Yes, well I couldn’t resist! 🙂 S-Controls have been consigned to history and now with Lightning replacing VisualForce there is NO CHANCE S-Controls will see the light of day again.

So in conclusion, I think it makes a lot of sense it. Let’s make S-Controls great again! 😉

Best Practice, News

The CloudFlare Security incident that affects Salesforce Security

I have contacted Salesforce Security for comment, but at the moment I’m waiting on a reply.

29 March Update – Salesforce Security replied saying they were looking into it but then never replied again, which was disappointing. I did speak to Salesforce Security at CeBIT last week, we worked through the risk and there would be a chance that the OAuth tokens may be cached. But, as OAuth tokens time out the risk is now negligible.

Google Engineers earlier in the week identified an issue with CloudFlare were it was possible to see other website session data from other websites using the CloudFlare service. Cloudflare is a website security and caching service used by a huge amount of websites, we actually use the CloudFlare service for the LondonsCalling.net website to help secure it and also manage peak demand for the site in the weeks leading up to the event (although this issue doesn’t affect anyone who has purchased tickets as this is provided by Eventbrite).

So what happened?

Uber exposed data

Because CloudFlare is a multi-tenant service (multiple sites all using the same service), an issue could expose data that it shouldn’t. In this case, it was due to a buffer overrun; this is when a piece of code accidently moves into some memory in that it shouldn’t, and accesses information in memory which should only be accessed by another process (in this case a different website).

Google contacted Cloudflare via Twitter, not a usual way of communicating with a company about a security incident but as it was late on Friday and the issue needed to be resolved quickly. Cloudflare seemed to respond very quickly and activated their global kill feature at CloudFlare which disabled the affected features on their platform while they started working on a fix.

Ormandy the Google researcher that found the issue wrote.

“We keep finding more sensitive data that we need to cleanup. I didn’t realize how much of the internet was sitting behind a Cloudflare CDN until this incident, I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.”

How does this effect Salesforce?

Exposed data from Fitbit

So I would be highly surprised if Salesforce is using CloudFlare. In fact, I ran a couple of random checks on core Salesforce services as well as non-core services like www.salesforceusergroups.com and didn’t find that it was being used. BUT if you are connecting to Salesforce from a website that is using CloudFlare then in theory OAuth tokens, session keys, cookies, plain text, etc. may have been compromised.

OAuth is used by websites needing to authenticate with Salesforce, this then allows the website/service to access/modify your Salesforce data or just to simply authenticate and nothing more. For example, workbench.developerforce.com is essentially a separate service from the core Salesforce platform running on Amazon Web Services. When you login into it Workbench it authenticates with Salesforce and workbench receives an OAuth token from Salesforce which it uses to access your Salesforce data, so the service doesn’t have access to your username and password.

If the workbench service was using CloudFlare and someone exploited the issue, it could be theoretically possible for someone to come across the OAuth token and re-use it to access Salesforce data.

What can I do to mitigate this?

MaxMind’s response

At the moment its a bit of a race against time. The issue has been around since at least September 2016 and the issue may have been fixed at CloudFlare but there are search engines and websites that cache website data that may still have compromised data in them. This cached data could have confidential session keys/OAuth Tokens etc. from other websites. Google has been manually purging its cache, and other search engines are following suit. There are rumours that Google has also expired Google Account sessions which have resulted in people being asked to re-authenticate into Google (this has happened to me on one of my Google accounts) but Google has denied the two issues are linked.

We’re still waiting to hear from Salesforce Security on their advice, but as a precautionary measure, I’m advising my customers to re-authenticate any service that has integrations into Salesforce that stores Salesforce credentials/tokens. Re-Authenticating should then refresh the authentication tokens and invalidate the old tokens so if they are cached anywhere they can’t be used.

The importance of bounds testing (it’s more common than you think!)

The route course in the CloudFlare service came down to just one character in a piece of code, >= rather than == which resulted in the buffer overrun. Over the years I’ve seen quite a few bounds issues like the CloudFlare issue, but the following customer issue has stuck in my mind, as it had one of the greatest impacts:

I was working with a client rationalising their global marketing data and campaigns, they sold a lot of consumer products globally but the marketing was very siloed, and they wanted a single view of the customer to see what products they interacted with and spot trends.

They had a business rule on their email marketing campaigns that they would only send emails to customers after they had been on their marketing lists for more than three months. Unfortunately, we spotted a mistake in their rule which meant they were only sending emails to people who had been on their marketing lists for less than three months, essentially automatically unsubscribing their customers from their marketing lists after three months, not ideal. They had their greater & less than symbols the wrong way around, a tiny mistake on the face of it but it had far reaching effects.

I try to drill into developers the importance of bounds testing in code as well as declarative functionality. If you are using a >, <, == or any operator then write unit tests or user acceptance tests around the bounds of the expression. Eg if you were checking that a value was greater than 100 you could test the values 99, 100 & 101. You have then tested the bounds of the expression.


It does look like CloudFlare we’re quick to resolve the issue and sites that cache websites are working on clearing out the websites affected by this security hole. CloudFlare has said that the leakage affected 0.00003% of requests coming into CloudFlare which doesn’t sound that much, but Cloudflare has a massive customer base including dating websites and password managers which host particularly sensitive data. That’s a lot of data which is potentially cached and now searchable…

better to be safe than sorry!