Archives
-
John Morales is blogging!
John Morales joined thycotic back in October and has been impressing us since the start with his knowledge of keyboard shortcuts (how often do you see *your* fellow developers writing their own macros in VS.NET?), Regular Expressions, Resharper, DotLucene and his ability to solve problems. After a little prodding, we now have him blogging with a few gems already on Regular Expressions, a great CruiseControl.NET fix and at least one enjoyable rant. Subscribed.
-
thycotic becomes a Custom Development Microsoft Certified Partner
Our company, thycotic, has become a Microsoft Certified Partner in the new Custom Development competency that was launched in November 2005. This is the result of hardwork on the part of our development team in completing Microsoft Certification exams and many successful project experiences from our clients.
-
Interview with FusionAuthority on TDD to a ColdFusion audience
I was recently interviewed by Judith Dinowitz in this article from FusionAuthority. The interview came about after I blogged about my experiences presenting TDD at our local Maryland Cold Fusion User Group.
-
Keep the numbers meaningful in Security Reviews
I just came across this post (older) by Robert Hurlbut titled "DREAD is dead" and it reminded me of our experiences with these same ratings today. We are in the middle of a Security Review for a client and have been working through our threat model to assess the risk associated with each item. DREAD is a technique for assessing such risk using the factors: Damage potential, Reproducibility, Exploitability, Affected users and Discoverability. As Robert mentions, the idea is to rate the threat on each of these factors using a scale from 1 to 10. Then add up all the numbers for each threat (average it if you wish) and you can list the threats in DREAD priority.
-
Automatic reporting of client-side script exceptions
Error reporting is enormously powerful. Knowing when your customers are seeing errors is the first step to improving the quality of your application.
-
Working around global.asax at runtime
While this doesn't classify as great development practice, sometimes a well tested hotfix to a production site is just the right thing to solve a client's problem quickly. In our case, the problem was too many emails being sent due to ClientScriptExceptions (our own custom Exception that is thrown when a Javascript onerror event fires in the browser ... yes, we do some tricky stuff with an Image in Javascript to get the message back to the server). Anyway, the exception is caught in global.asax.cs in the Application_Error method.
-
Refactoring is not free (so defer it)
Paul Gielens has an interesting post discussing the cost of refactoring and deciding when to do so. I agree with Paul that refactoring is certainly not free and is in fact a very expensive process since it lacks one of the central benefits of Test Driven Development - knowing when you are done! The process of refactoring is very subjective and it is easy for a pair to spend extra time tweaking things with "Introduce Base Class", "Extract method" and "Introduce explaining variable" until it is just right.
-
When should ports go native?
Our product, Secret Server, uses the DotLucene API for searching of items ("secrets") in the application. DotLucene is an impressive API which creates index files on disk based on the data you feed to it. It then allows for some very powerful text searches to find data such as "amazon.com~" which will find all secrets containing various spellings of amazon.com. (More info here).
-
Summer Internship in Software Development with TDD and .NET
This is an opportunity to get incredible work experience with hardcore .NET consultants defining the current state of the art in Agile .NET development. A Thycotic Summer Internship in Software Development will allow you to work on interesting projects (such as Secret Server) and develop your own solutions working with security protocols, open source software and sophisticated encryption. You will work with highly experienced developers and learn to master the necessary skills to excel in today's competitive programming environment.