Tech Blog

Jay's Technical blog

Review: Constable Authorization Engine (CAZE)

31 March 2005
Jay Kimble

[WARNING! This is an archived post and as such there may be things broken/missing here.. you have been warned.]

After about a month and a half, I finally feel that I have had enough time with the Constable Authorization Engine (CAZE, hereafter) that I understand it enough to write about it.  This is a big product.  I'm actually a little intimidated by it (it's that big).  It almost feels like one the Enterprise Library components (it's that big and appears to be that deep)

CAZE is all about application security policy (the rules for security).  Dan Appleman describes windows security policy this way (and it applies here): all security policy decisions come down to this one question, "Can this account/role do this action with this object."  CAZE does a good job of letting you apply this to your apps.  It has a very sophisticated system for defining roles (and attaching the roles to Windows users/roles if you want), defining the secured objects, defining the actions that can take place on an object, and finally defining which actions each role can do on (this last piece are the rules of security policy).  Overall, it gets a thumbs up.

I have been really impressed with their documentation.  Their install also was really friendly and (if mmory serves me right) gave me the option to not install certain samples (this is a security feature in my mind).  In general this product will help you get up and running, and you should be able to get up and running a lot faster than me (starting to examine a product for review when you are 1 week from when your wife is about to give birth is probably not the best timing).  thumbs up.

Breadth of product
Like I said this product is big.  You can programmatically create the complete policy as well as use an XML file (as an embedded resource) to define policy.  You can associate roles with actual Windows roles or create you own.  It will automatically grab the Windows principal (current user), but you can override this.  Basically, you have a lot of flexibility, and the policy you can define/enforce can be very simplistic or very sophisticated.  Palo has been using this library in his own consulting business, so it's well tested. 

In my day job, I have a fairly sophisticated security system (rules involve users, areas of the app, objects, and actions), and I could implement my system with this package (and ultimately it would make my life easier). Thumbs up (I haven't seen anything else like this). 

Thumbs up.  Not much else to say.  If you need something like this, it's a very nice package.  I have yet to see anything like it.  It's definitely an Enterprise level product.  I'm not 100% clear on the licensing, but it appears that a single developer install will set you back $295 (usd) [it'll cost you less if you have even more developers]... I'm not sure whether you can distribute royalty free (I'm sure Palo will comment on this post and correct me). 
You can buy it here at the official store.

SharpTools 2.0...

28 March 2005
Jay Kimble

[WARNING! This is an archived post and as such there may be things broken/missing here.. you have been warned.]Last Friday, I saw that Morrison Schwartz had released SharpTools 2.0. I love this tool, btw. It makes writing an addin to VS.Net a whole lot less complicated, and better yet, it's free!
They are having a contest for the best plugin built with their tool. The winner will get a 1GB USB thumb drive.

Oh yeah, and speaking of freebies... someone cashed in on the whole VB6 scenario. Real Software (the makers of RealBasic) is offering a free copy of their RealBasic 5.5 standard to disgruntled VB6 programmers. Note: they are about to release a new version... I know this because I have a Mac project that uses their programming language.

I'm all for cheap (read free) code...

28 March 2005
Jay Kimble

[WARNING! This is an archived post and as such there may be things broken/missing here.. you have been warned.][I have managed to pull 2 posts from Brendan (Ok, their more like comments, but expanded comments)].
Brendan, blogged about the fact that he is quickly becoming an Open Source Hippie.  For the second time today, I have to say that I agree with him.

I have mentioned in the past that I'm a big fan of SharpZip. I also use a couple of other open source libraries (including PostgreSQL). I'm still not a fan of the GPL, and am not planning on installing a Linux or any other open source OS under anything other than an emulator (like Bochs or QEMU) or a virtualization (??) layer like VMWare or VirtualPC.

What my friend Dave said to me a few months ago seems to ring true stable open source libraries = free code = the easy life for me

[note to self... quit using Firefox to edit posts... the CS editor leaves a lot to be desired... I had to re-enter this post... sorry]

Ken Brubaker: Security Bullets

24 March 2005
Jay Kimble

[WARNING! This is an archived post and as such there may be things broken/missing here.. you have been warned.]I'm sure everyone thinks I quit reading Ken's blog a while ago despite the truce.  We definitely have a different opinion about a couple subjects (that I'm not going to bring up).  We both evidently have a passion for security.  (BTW, I definitely still read his blog despite some of our past disagreement).

Ken has recently read Keith Brown's security book -- The .NET Developer's Guide to Windows Security.  Ken has taken the time to distill the into Security Guidelines bulletpoints for his team.  He also provides it for us... good post!  Thanks Ken!

Coding Slave: A Message from another Dev Theologian

24 March 2005
Jay Kimble

[WARNING! This is an archived post and as such there may be things broken/missing here.. you have been warned.]

So I finished reading Coding Slave last weekend.  It's taken me awhile to fully process it.  Bob Reselman has written a book that truly describes the programming condition.  I would highly recommend this book for this reason alone.  I know that we all know the issues, but I really like the way that Bob puts it into perspective.  Some of us (American Coders) think that the problem is outsourcing jobs to other countries; the real problem (my opinion) is the fact that we have let greedy people rule us all, so it's not that there are programmers working for lower wages; it's that we are all in bondage to the employers. 

Bob talks about the idea of creating a Programming Trade Guild.  This seems somewhat like a good idea, bu I'm not sure it will solve our problems.  I think the real problem is that during the Internet bubble we cranked out tons of code (very little of which was very good); then when the bubble burst the companies we worked for (or hired on to) were looking for ways to decrease costs which meant that we had to continue working at the pace we did before, but now our pay was lower (or a least stayed the same)... they took away QA so they could lay more people off; they took away our project managers because they were expendable, so now we work harder and harder with less and less.  Ok, maybe I'm painting an overly really bad picture (and it's probably not that bad), but it seems like we are working harder and harder.  I'm not sure that starting some kind of union wll resolve the issue (and I think that if Bob really thought that was the answer, he would have given away Coding Slave from the start and started the union). 

Bob also discusses the fact that we are slaves to the machines, and not the other way around... we have got to get the machines to serve us.  We need to work less.  The 50+ hour work weeks have got to stop. 

I'm not entirely satisfied with Bob's answers (I let you read the book and see if you can discover them).  I personally have 2 answers of my own. 

1) Go back to a normal pace and make sure you spend time with your family!  Relationships matter!  Otherwise, we are not all that different than the machines that we program...  we're simply logic circuits.
2) My other answer is a spiritual one.. As I think about the book the words of song by Larry Norman -- The Great American Novel -- ring in my ears "Don't ask me for the answers I've only got one; A man leaves his darkness when he follows the Son."  (You may have your own religion the attempts to resolve the question of evil in the world... if you do then substitute that answer here instead... Life doesn't always make sense).