My web wanderings

Synthis Corporation - Process Excellence Suite
The Process Excellence SuiteTM empowers you to document and manage your business processes and systems to maximize efficiency and deliver strategic change.

Enabling The Transparent Enterprise TM
Whether providing the transparency demanded by your customers, complying with industry standards and government regulations, or working to improve your existing operational effectiveness, the foundation for all of these initiatives is to have clear visibility into how your business operates.

Meet the experts: Bobby Woolf on J2EE architecture and design

Excellent article on J2EE.

Source Control HOWTO

Eric Sink has started writing a series of articles explaining how to do source control and the best practices thereof.

Making the Jump to Subversion


11 Aug 2004: “If you haven’t checked out Subversion, you should. It’s a free, open source, powerful revision control system that was built to be a better CVS. It was created with clear design goals and built on top of robust, time-tested technologies. If you’ve been waiting for a better CVS and are ready to roll up your sleeves, skip directly to the Installing Subversion section of this article. However, instead, you may be saying, “But c’mon, I’m a busy programmer, this sounds like extra work to me.

In the June issue of the Information Security Bulletin there is an article examining specific ways that the security and development teams can collaborate while software is being designed and developed as opposed to only patching software once it has been deployed. The article explores how software is extremely malleble in the design and development phase, once the architectural layers, tiers and distribution models are set and the application is deployed, then the cost and complexity of making changes rises dramatically.

My favorite part of the article is the clarity it gives in a table of the Software Development Activities and Artifacts. It clearly relates development processes and security-specific artifacts. Basically it looks something like this:

Phase Activity	Standard Software Development Process Artifact	Security-specific artifact
Analysis	Use Case	Misuse Case
	Functional and non-functional requirements
	Glossary
Design	Object modeling	Threat Modeling
	Design Patterns	Data Classification
		Security Integration Design
Coding	Unit Tests	Unit Hacks
	Code Development	Countermeasure and detection development
Deployment	Build and configuration	Security Baseline
	Operational processes	Response processes
		Integration to Overall Security Architecture
Table 1- Software Development Activities and Artifacts

Anyways, this was part one of a series on the topic. Will be interesting to read the next installment. If you are into secure programming, this article might be an interesting read to pass along to your dev team partners.

[Via Dana Epp’s ramblings at the Sanctuary ]

1.   Learn the basics of all Microsoft products’ keyboard shortcuts.
2.   Become expert in Visual Studio .NET keyboard shortcuts.
3.   Serve some speed with SQL Server shortcuts.
4.   Mozilla browsers go here, IE browsers go here and select your IE version.
5.   Do you use Google? Of course you do. Check out Google Labs’ experimental Keyboard Shortcuts searching.

Ever wanted a really small font to save on screen space?

This is an excellent toolbar that Mike@Larkware pointed out. it has some great features and it is open source

If you have ever been an administrator of an IIS/ASP webserver this is something you dread

Here is a good visual monitoring app for *nix and windows

I soooo want a Athlon FX system like this one

And since I love WAP and Love RSS maybe I can build something like this on my own with help from this walkthrough

I consider myself a power internet user. I typically have at least four browser windows open and the nature of my job dictates that I be able to diagnose issues with web servers as fast as possible. So in that persuit I have tried just about every web browser on the MS and Linux platform. And while there are some outstanding browsers out there I have come to love Mozilla Firebird. It is by far one of the best availible on either platform. With so many powerful addons it can really help in diagnoses and hacking around websites. Below are a the Extensions I use on all my PC’s

Here is the list I currently have installed.

I saw SQLspy on Mike Gunderloy’s blog today. It looks like a good quick and dirty tool to monitor MSSQL. HybridX has some other intresting tools on his site including Addon’s to SQLspy and SQLinsider.

Which brings me to another point, why must some web developers feel the need to restrict the ability to right click just to “prevent” someone stealing their images. Anyone with half a brain will realize the image is in their browser cache or can use an alternative browser such as Opera or my favorite MozillaFirebird. Are you still stuck in IE with no tabs and advanced features. You might as well be using AOL then.

Sorry for the rant.

Cerberus Helpdesk - We use cerburus at work and have been pretty happy with it.

RT: Request Tracker - I am still looking into RT since I have found some intresting features for it.

John Lam has launched Practical Eye for the .NET Guy (subscription link in the sidebar), a newsletter dedicated to practical advice for working .NET developers. The first issue has some thoughts on build processes and an excellent NAnt tutorial. Good stuff.

Understanding WSDL - Aaron Skonnard walks through the basics in a nice clear article.

The one and the only RRDtool

• Cacti is one of the prettier network monitoring and graphing tools - plus it runs on MS
• Oh here is a gallery of RRDTool uses.  This is an intresting one that tracks tickets in RequestTracker.
• Here is an advanced implementation at Library consortium
• I know Jason hopes that one day we will monitor our servers this well
• Last but not least here are some frontends for RRDtool