Most Recent Stories & Articles for August 2006
-
My Personality Type
- Posted On: 8/30/2006
Most of my co-workers have posted the results of their personality test on the outside of their cubes. So, being a team-player, I took the test too (results below). After reading much of the content describing the ENTP personality type, I have to say that I do not greatly disagree with my identification as an ENTP. Most of the items apply to me and often pinpoint my daily approach.
Your personality type is ENTP.
Extraverted (E) 57% Introverted (I) 43% Intuitive (N) 82% Sensing (S) 18% Thinking (T) 60% Feeling (F) 40% Perceiving (P) 59% Judging (J) 41% -
Nordic - Object Relational Database Design
- Posted On: 8/29/2006
I recently finished an article that introduced "Nordic", a SQL Server implementation of an object/relational database design in The Architecture Journal written by Paul Nielsen. I have only begun to review the implementation schema and Paul's Nordic presentation. Although his approach is exciting, I have some important questions, concerns, etc. while I attempt to apply what I've learned.
-
Securing Your .NET and Other Applications
- Posted On: 8/16/2006
I recently discussed the need to effectively authenticate an application's execution context with several members of the development community, including the Open Web Application Security Project and AZGroups.com. Here are some important points to consider when securing your application's execution context (i.e. verifying that your application is executing from trusted installation sites):
*The following points are made from the perspective of a .NET implementation, so please modify them as necessary for other languages, including any examples or references in your comments.- Secure the code itself
- "Strong name" your assemblies
- Use internal declarations and "InternalsVisibleTo" attributes to expose objects to trusted assemblies (make informed decisions about keywords that expose your code)
- Obfuscate your code
- Authenticate the Execution Environment
- Upon installation (even "copy-paste"), generate a unique, encrypted install key for the assembly in the trusted execution environment
- Could be in the registry (can be found and possibly cracked if a weak encryption algorithm was used)
- Could check IP (can be spoofed)
- Could check domain-name (can be spoofed)
- Could reside in memory (requires constant execution)
- Validate the key on execution
*A simple example for an ASP.NET application would be to have the application log itself on start-up (an application signature like a GUID, IP, domain name, etc.) and monitor the log.
-
Microsoft: The car salesman of software.
- Posted On: 8/14/2006
I think it's funny that Microsoft is preparing to sell Anti-Virus software. The idea of a company protecting their own software with a separate software product? I mean, who better to write such software, right? What a business concept; sell people software that works, but needs a separate product to work securely!
-
BLAH
- Posted On: 8/14/2006
Blah, blah, blah... that's what I feel like.
-
Ideas: Thinking Outside the Box
- Posted On: 8/11/2006
Three Challenges to Traditional Software Development
- Software Pay-for-Performance Incentives
Why don't we motivate software engineers based on true pay-for-performance? Pay them based on the success of the product by giving them shares in ownership. I have only considered the application on retail software. For example a company, as an incentive, might offer 10% of every sale of a particular software product back to their development team. They would use an internal equation to decide the amount of product ownership each contributing individual has (eligibility would apply). If a company decided I contributed 10% to the development of such a product, then I might receive $1 for every sale (10% of 10% of $100). This would be a hiring incentive for companies with popular products and leverage that delivers real ROI. The key = engineers must believe in the product they are developing. - Peer-to-Peer File Versioning
Why aren't software products that manage file versioning more integrated with peer-to-peer (file sharing) technologies? When I save a development file on my local machine, why do I have to manually send the file somewhere? I understand the human element involved in explaining edits/changes to the versioning software. But, all I want to do is open a file, make my edits, and then tell the software how to deal with it. I don't want to "Check Out" and "Check In" and "tag" "branches", etc. Just open, edit, save, and explain, with a subscription and notification process for communicating changes with other file editors. Oh, and I want a chat program plug-in for authors/editors/reviewers to communicate. - Refreshing Approaches to Outsourcing
Finally... and this is the BIG one... What were/are all of these companies thinking when they hire internal software development teams to create both internal and external products/services? The problems far outweigh the benefits of a more logical approach: hire a software development company that knows software and everything that goes with it to give you one or more in-house developers (probably consultants too) to securely expose (create an interface to) your company's business using standard development practices (and possibly ready-to-implement frameworks) and then hire the same company or any other company you choose to actually transform those interfaces into tangible products and services. The result of the first few stages in development gives your company a fundamental architecture for almost total implementation independence! Once your data is securely available (internally and possibly externally), any competent individual/team can now turn it into products/services that fulfills your business needs. The real-world example would be "I want to give my customers account management on our website." So, hire an ultra-slim software development team internally to expose your business (data/models/processes/etc) securely in a standard format (a physical file, a result from a database, a web service's output, etc). Then, hire whomever you want to transform the output into an account management website. You benefit from all of the advantages of outsourcing the entire development process and continuing doing what your company does best. (Note: you also don't have senior developers wasting their time on novice tasks.) I know... I'm shooting myself in the foot.
-
Database: Surrogate Keys
- Posted On: 8/9/2006
I've discussed surrogate keys with peers for years now and I am happy to have a single, thorough resource that investigates the various methods of surrogate primary key generation.
-
11:00 PM and still going...
- Posted On: 8/8/2006
Here I am at 11 PM trying to finish my reading and a case study paper for my 2 classes. Gotta have my paper done by Wednesday and I have to familiarize myself with the Western International University "style guidelines" (a modified APA format). I knew it would be challenging, but didn't expect grueling.
-
The Music Man
- Posted On: 8/2/2006
The Starlight Community Theater's production of the Music Man premiered with 3 performances this last weekend from Thursday through Saturday. The play is going very well, despite 2 major interruptions/distractions. On Friday night, I was leading the quartet in a song (I play Jacey the high tenor) across the stage for a Lida Rose reprise when the fire alarms in the high school went off. I would like to thank our stage crew for experimenting with the fog machine for the next scene for the 1st time during that quiet interlude! What did I do mid-stage when the alarm went off? Considered walking everyone off and then decided that the show would go on (at least until we slowly sauntered off singing, seeing the scene through to the bitter end). Both the audience and the cast members had to exit the building, so the quartet decided to entertain the audience until we were allowed back in. On Saturday night, the air conditioning went out in the building a couple of times, requiring maintenance. They were able to fix it, but our audience suffered the heat to enjoy our performance. FYI: Anyone in the Phoenix North Valley of Arizona can look forward to ProMusica auditions over the next few weekends, so sign-up! -
Classes
- Posted On: 8/2/2006
Tomorrow I start Organizational Behavior and Theory and on Thursdays I will be taking Cultural Diversity. I'm excited about the management class and am attempting to keep positive about the cultural class... sounds dry, but that will depend on the instructor and my perspective.
