Thursday, 12 June 2008

Software Engineering with VSTS


 

 

 


I'm reading this book called 'Software Engineering with Visual Studio Team System' by Sam Guckenheimer. To say the least, It's not letting me sleep. This book looks tiny though but is humongous in it's content and specifically the application lifecycle management automation through VSTS. VSTS is the best thing to happen to MS technology developers for a long time.. The best part is how the book guides you with Agile methodologies and CMMI practises using VSTS.

Some Links..


The interesting thing which caught my attention was security testing through VSTS. Sam talks about using a fault model base on vulnerabilites observed on other systems, and a series of attacks to exploit the vulnerabilites. He also gives references to published attack patterns which are helpful in identifying the vast majority of vulnerabilites. His reference includes James A. Whittaker and Herbert H. Thompson's book, 'How to break software security: Effective Techniques for Security Testing (Boston: Addison-Wesley,2004). (which has around 19 attack patterns that are standard approaches to hacking systems).
Now, There's a lot of stuff for security from microsoft, for instance the trustworthy computing initiative, SD3 and SDL , Security best practises etc..
I'm wondering if there was an SDL approach inside Visual Studio Team System.. (may be as a part of ALM), What an invaluable feature it would have been..!!

RuleML The Standard for Rule Representation

RuleML The Rule Markup Initiative..

The Mission Statement of RuleML

"The goal of the Rule Markup Initiative is to develop RuleML as the canonical Web language for rules using XML markup, formal semantics, and efficient implementations.

RuleML covers the entire rule spectrum, from derivation rules to transformation rules to reaction rules. RuleML can thus specify queries and inferences in Web ontologies, mappings between Web ontologies, and dynamic Web behaviors of workflows, services, and agents."

RuleML Mission Approach

"Rather than focusing on academic research prototypes, RuleML is about rule interoperation between industry standards (such as JSR 94, SQL'99, OCL, BPMI, WSFL, XLang, XQuery, RQL, OWL, DAML-S, and ISO Prolog) as well as established systems (CLIPS, Jess, ILOG JRules, Blaze Advisor, Versata, MQWorkFlow, BizTalk, Savvion, etc.)."

I feel that a standardization for representing knowledge through rules is very essential for the semantic web for applications ranging from distributed e-commerce to Engineering like AI agents etc. Simply because of the need for a widely acceptable industry standard rule engine..(JSR94 vs BizTalk). This will increase interoperability between systems and makes life much much simpler... This can be achieved with RULEML, the mark up initiative for Rules.. (way forward..) If you are an academician or a company interested in the idea of  standardization for Rules through Rule Markup, Join the RuleML initiative today.!!     :-)

Tuesday, 10 June 2008

Discovering Patterns in .Net BCL and ASP.Net

Patterns behind the scenes in .Net and ASP.Net

I just found this great article on MSDN which enlightens the .Net programmer about the patterns used in .Net BCL and ASP.Net. The link to this great article can be found here.

The Decorator Pattern Part I

The Need for the Decorator Pattern:

Decorators can be used to decorate classes at runtime using a form of object composition.This is a good pattern which helps to minimize overuse of inheritance for adding special behaviours to classes. Decorators are primarily used to add flexibility to design. They are used to add more behaviours to existing classes by adding a wrapper around them,without changing the existing code. One needs to be careful in writing a decorator. Too much decoration can make the code lousy,difficult to read,modify and maintain. For instance, consider Java's I/O libraries. They are notoriously difficult for people to understand at first. But if they just saw the classes as a set of wrappers around the abstract class InputStream, life would be simpler..

Learning by example..

1. Recognising the decorators from the Java.IO classes

Decorator1

The InputStream is the abstract component. The FilterInputStream, ByteArrayInputStream, StringBufferInputStream and the FileInputStream are abstract decorators.

Now, PushbackInputStream, BufferedInputStream, DataInputStream and LineNumberInputStream are all concrete decorators.

Now, think about the decorators and the flexibility it adds to the design of Java.IO in the following sentences..(Classes are open for extension but closed for modification)

InputStream in = new BufferedInputStream(new FileInputStream("aFile.txt"));

BufferedInputStream bis =  new BufferedInputStream ( new DataInputStream ( new FileInputStream ( "aFile.txt" )  )  ) ;

 

2. An example of decorating our beverage component by using an abstract decorator 'CondimentDecorator' and a single concrete decorator 'Mocha'. The concrete components add specialized classes (HouseBlend, Espreso). We will see this in more detail in Part II. Consider the following class diagram.

 

image

The Beverage is the component which we are interested in decorating here. The CondimentDecorator is the abstract decorator. The Classes Expresso and HouseBlend are concrete components. The Mocha class is a concrete decorator.

Now, look at the following code to understand the power of concrete decorators and the Decorator Pattern itself.

Beverage b1 = new Espresso();      // A type of Beverage, Concrete component

Beverage b2 = new HouseBlend(); //A type of Beverage, Concrete component

b2 = new Mocha(b2); //wrap the beverage with Mocha

 

Decorators Rule!, More reasons and justifications in Part II..

Monday, 9 June 2008

Generating RSA Key Pair Programmatically using OpenSSL

#include "stdafx.h"
#include <conio.h>
#include <openssl/rsa.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <stdlib.h>
#include <stdio.h>


int _tmain(int argc, _TCHAR* argv[])
{
RSA *myrsa;
unsigned long e = RSA_3;
BIO* out = NULL
FILE* fp;
myrsa = RSA_generate_key(2048,e,NULL,NULL);

out=BIO_new(BIO_s_file());


if(myrsa==NULL){
printf("error in generating keypair..");
printf("press any key to exit..");
_getch();
}

fp=fopen("rsakeypair.txt","wb");
out = BIO_new_fp(fp,BIO_CLOSE);
BIO_printf(out,"\n");
RSA_print(out,myrsa,0);
fclose(fp); _getch(); return(0);
}




The above example program generates a 2048 bit RSA Key pair. It also generates the p,q,n,e and d sections into the text file. In order to build this sample using Visual C++, you will need to build OpenSSL first. After you build OpenSSL, you can then include the generated headers to your VC/Include folder. You will also need to include the the lib files generated by OpenSSL onto VC/Lib. The above example program is written in VS05. OpenSSL simply rocks!



Code + Demo + ReadmeFile : Here