Tuesday, December 13, 2011
So MaxelSoft just got accepted into the Microsoft incubator called BizSpark! I am beside myself with excitement. This is going to save us a fortune and should speed up our development quite a bit. Hopefully as we put the prototype to bed, I will be posting more about what I am doing. Right now, we can't really talk about it. I am so excited but my head is swimming with everything we need to get done.
Saturday, December 10, 2011
A new company is born...
I am excited to announce the birth of a new company, Maxelsoft LLC. Maxelsoft is in the process of developing and designing a game-changing system that will allow small-to-medium business to reach their customers in ways previously only available to large and international businesses. It isn't just another marketplace or portal.
Thursday, November 3, 2011
Product versus Process
So I created this testing tool that can theoretically create over 7000 web transactions per second. I say theoretically because the software it tests right now is only capable of accepting about 30 per second. So now I have this awesome rig that I lovingly call the Nutcracker Suite for all the right reasons and have *no development process* on which to hang it. In the focus to create, we have made a product that serves no process.
We are supposed to be moving to an Agile process where we have some kind of continuous automation testing. The nutcracker suite is supposed to be part of that to ensure and validate data as well as validate load. What is needed is a development process that checks in code more than once every four months and actually has expectations defined.
Tuesday, September 13, 2011
Distributed Web Services Test Harness
I am finally done with my server crushing load test device. It can do a lot more than I started out to do and it does it well. It feels really great to have it code complete. I wrote it with an eye on being extensible so it is service agnostic. I have asked my unnamed employer if I could sail it out into a project like Gallio. They don't have a good service test model. It would be nice to contribute to Open Source.
Tuesday, July 26, 2011
Stress Load and Performance metrics
So now I have this rocket-science kind of software to crush even the scariest scaled environment. So what? I still have no idea what metrics to collect. CPU, Memory, Network and Disk are not enough, yet that is all that is being asked for.
Wednesday, April 20, 2011
Plastic SCM - distributed version control system (DVCS)
Plastic SCM - distributed version control system (DVCS)
Task driven development! I know it sounds waterfall, but it tastes like workflow. Check this out~!
Task driven development! I know it sounds waterfall, but it tastes like workflow. Check this out~!
Thursday, February 17, 2011
Security Models Continued....
In WCF, once you have your identity established you can create a demand for permissions against a roles server. So the permission is necessarily separate from the identity. In a smart client, where this demand is not available, do you cache a nugget for later use? If so, it freezes your abilities to the currently enrolled or demanded security. Considering the weight of most modern UI's, the ability to have the smart client detached and be able to track or validate any security bound method seems overly complex.
So here is my first blush at a hypothesis: an offline security manager can create a cache that is populated asynchronously by the startup of the client while online.
My assumptions are:
There is a coherent map of permissions that are bound to the functionality of the client.
There is at least one level of permissions that are fully enabled.
The smart client must start all permissions activities in a connected state.
Moving this security back to the client has two problems immediately apparent. More on those as I get further.
So here is my first blush at a hypothesis: an offline security manager can create a cache that is populated asynchronously by the startup of the client while online.
My assumptions are:
There is a coherent map of permissions that are bound to the functionality of the client.
There is at least one level of permissions that are fully enabled.
The smart client must start all permissions activities in a connected state.
Moving this security back to the client has two problems immediately apparent. More on those as I get further.
Monday, February 14, 2011
Toughest interview ever; Google intervention needed
Recently had the toughest interview of my life. Two hours, two questions and dredging up Big O notation, binary trees and stuff like that. All without Google. Sad that it took an interview to help me realize how much Google I use through the course of a day. Have I really become so dependent on a search engine that I no longer bother to retain information? Is my brain stuffed full of nothing but keywords for search results?
Time to break the habit and start practicing on some of the more recent knowledge I have acquired. I figure jumping into a class or maybe an open source project would be a good way to wrap this kind of effort into a deadline driven activity.
Time to break the habit and start practicing on some of the more recent knowledge I have acquired. I figure jumping into a class or maybe an open source project would be a good way to wrap this kind of effort into a deadline driven activity.
Thursday, February 3, 2011
IPv4 is dead, long live IPv4!
According to CNN, SlashDot and a bunch of other people, IPv4 has died. The last IP numbers have been allocated. My question, does this matter?
Wednesday, February 2, 2011
The idea of engineering creativity
In spite of what my wife thinks, writing software is a very creative act. It takes cunning, logic, rational thinking as well as advanced problem solving. On top of that, it also takes a great deal of "Voice." If you have ever heard musicians or writers talk about Voice, you understand they mean a style that is as unique as a finger print. I think the thing that separates coders from developers is that Voice. I have seen code that makes me weep because of its elegance and simplicity. Yet this same code can do enormous work. I have seen code that makes my eyes bleed and my soul scream. This code, though countless in lines, does little more than introduce bug after bug.
Tuesday, February 1, 2011
A coherent article on SaaS security issues
In a follow up to the earlier post, I found a great article on the pros and cons of federated identity versus other ID models for a SaaS application.
http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm
In the Windows realm, cached authentication for roaming has limitations due to a lack of connection back to the ActiveDirectory. This doesn't have to be the case in a SaaS app. Federation enables a 4g connection to authenticate and update against the security token. But what is the transaction cost of this model for a smart client?
http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm
In the Windows realm, cached authentication for roaming has limitations due to a lack of connection back to the ActiveDirectory. This doesn't have to be the case in a SaaS app. Federation enables a 4g connection to authenticate and update against the security token. But what is the transaction cost of this model for a smart client?
Security and roles based authority in a smart client
I have started looking for a new way to track permissions in a smart client for a SaaS-based rich client. So far, I have nothing but theory. As I develop code, I will post. The problem I see is this; current application structures rely completely on the server or a cached principal of the server to allow operations. Offline or disconnected modes become limited.
Subscribe to:
Posts (Atom)