Mysterious Mind

Just read a post from Aleem Bawany about Scott Adams getting back his conversational speech. Really interesting, how a person is able to sing and make professional speeches but lost his ability to conversate casually, the condition is called Spasmodic Dysphonia.

As Bawany explains that it seems that the ryming words seem to take a different neural path for processing than the casual words and if some neurons are damaged in the path of casual words, the person may be still able to sing or make a speech as in case of Scott Adams.

Interesting !

IBM seems serious about Blogging

See the following graphic on the IBM Home Page

IBM seems pretty serious about blogging, see IBM Blog Home. They say “The Business Landscape now includes the Blogosphere” :). Its good to see companies like IBM embracing the blogging phenomena and realizing the business importance of blogging.

Google Acquires SpaceShipOne

Is it really true ?, Michael Arrington posted yestarday that he has heard a rumor that Google may acquire spaceshipone to be placed in thier Building 43,today he actually confirmed that they did get a SpaceShipOne but it is a replica of the original SpaceShipOne. Googlers really are on the move these days, making headlines in the news and the blogosphere is full of stories about thier work enviornment, corporate culture and the dominance of google.

Actually I am ready to leave for the Airport, I have a flight in a couple of hours to Lahore, (going for Eid) but just could’nt keep myself from posting this :). You can find more pictures of SpaceShipOne replica being delievered to Google on the original Michael Arrington Post.

Google Security Issues

The Recent google security issues, can seriously harm the company’s repute regarding the security. Today an internal emplyee wrote a post on official Blogger Blog instead of her own Blog. Earlier this month the anonymous post on official blog, deletion of google official blog, posting on wrong blogs and the gmail hacking issue. All this stuff should not come from a company like google, they should be more concerned about security and integration of products than releasing a stream of products which they have doing the entire last year. More details here

No Silver Bullet: Essence and Accidents of Software Engineering

Just happened to read another gem No Silver Bullets from Frederick P. Brooks. I have already gone through some of the chapters from his classic “The Mythical Man Month: Essays on Software Engineering”.  (trying to complete)

The wonderful analogy of Essence and Accidents of Software Process described by writer fully maps the real issues on Software Design Process, the development of High Level languages and tools only serve to resolve the Accidents of the Software process but there is no sinlge answer for the Essence [conceptual design issues] of Software Process.

[Quoted]

“To see what rate of progress one can expect in software technology, let us examine the difficulties of that technology. Following Aristotle, I divide them into essence, the difficulties inherent in the nature of software, and accidents, those difficulties that today attend its production but are not inherent.

The essence of a software entity is a construct of interlocking concepts: data sets, relationships among data items, algorithms, and invocations of functions. This essence is abstract in that such a conceptual construct is the same under many different representations. It is nonetheless highly precise and richly detailed.

I believe the hard part of building software to be the specification, design, and testing of this conceptual construct, not the labor of representing it and testing the fidelity of the representation. We still make syntax errors, to be sure; but they are fuzz compared with the conceptual errors in most systems.

If this is true, building software will always be hard. There is inherently no silver bullet.”

So, what is the solution for these inherent and complex software issues [Essence] which the modern day tools and languages cannot address or which cannot be guranteed the way the language/tool productivity can be guaranteed. One of the possible solution the writer has presented is “growing” good designers.

[Quoted]

My first proposal is that each software organization must determine and proclaim that great designers are as important to its success as great managers are, and that they can be expected to be similarly nurtured and rewarded. Not only salary, but the perquisites of recognition–office size, furnishings, personal technical equipment, travel funds, staff support–must be fully equivalent.

How to grow great designers? Space does not permit a lengthy discussion, but some steps are obvious:

• Systematically identify top designers as early as possible. The best are often not the most experienced.
• Assign a career mentor to be responsible for the development of the prospect, and carefully keep a career file.
• Devise and maintain a careerdevelopment plan for each prospect, including carefully selected apprenticeships with top designers, episodes of advanced formal education, and short courses, all interspersed with solo-design and technicalleadership assignments.
• Provide opportunities for growing designers to interact with and stimulate each other.

Google BlogSearch Ping Service

Google Launched the Ping Service for Blogs. I don’t think it makes much of difference for Blogger Blogs as they are immediately indexed and are searchable through Google BlogSearch, but for other blogging engines and individual bloggers it is a good service.

Google Buys YouTube

So, the speculation which has been around for many days was true. Google finally bought YouTube for $1.65 billion. The price is really shocking considering YouTube only started in February 2005. YouTube growth is really inspirational, in such a short period the company reached to a worth of $1.65 billion with around 20 million visitors per month. Amazing!

More details here

Statue of Yoda !

Dave Winer posted this picture of Yoda Statue at Lucas Studios. Actually am testing my Flickr account to post on Blogger Beta through mail.

ASP.NET SiteMap Security Trimmings

It is a general requirement in any ASP.NET application to restrict the site navigation for certain roles and allow access for others. Recently I had to restrict the site map of my application based on the roles but as I was not aware of the available site map trimming settings, I made a similar model myself adding extra attributes to my site map nodes and as I am using a TreeView control for binding to the SiteMapDataSource, I used the TreeView DataBound method to access the SiteMapNode attributes and then checking their permission from the Database.

Fortunately the ASP.NET 2.0 provides trimming of the SiteMapNodes based on the available Roles from the underlying RolesProvider. You need to provide the roles attribute in the SiteMapNode and specify the role to which this note is accessible (* can be used for all roles).

<?xml version=”1.0″ encoding=”utf-8″ ?>

<siteMap>

<siteMapNode title=”Support” description=”Support” url=”~/Customers/Support.aspx” roles=”Customers” />

</siteMap>

You also need to enable the security trimming settings in the web.config as they are disabled by default.

<system.web>

<siteMap defaultProvider=”XmlSiteMapProvider” enabled=”true”>

<providers>

<add name=”XmlSiteMapProvider” description=”Default SiteMap provider.” type=”System.Web.XmlSiteMapProvider ” siteMapFile=”Web.sitemap” securityTrimmingEnabled=”true” />

</providers>

</siteMap>

</system.web>

For More information about the sitemap trimming is available in MSDN here.

Logging User Dynamically in ASP.NET

The entire authentication and authorization model in ASP.NET 2.0 is quite improved from the previous version. The addition of the new Login Controls and the whole Membership and Roles Management through provider model has really made the entire security architecture easy to use yet extremely customizable.

Last night I was looking for a way to Log-In user automatically (without his password) thorugh my code, actually the scenario is that the user actually logs in from another site and is redirected to my site with the username in the request. Now I have the username, no password and how do I log this user in (or create an authentication token for him). A post from Scott Guthrie came to the rescue. An authentication token for any user even if you do not have him password can be set with

FormsAuthentication.SetAuthCookie(LoggedInUserName, False)

Where LoggedInUserName is the username for which you want to set the authentication token. Now ok I can authenticate the user and log him in but the authorization of my website is set to deny the anonymous user so the user cannot even access the Default.aspx where I actually write the above code for creating a token.

<system.web>

<authorization>

            <deny users=”?” />

</authorization>

</system.web>

There is a simple workaround to this also as you can specify different authorization for any particular path/location in your website. So the following will allow access to the default page to anonymous users but restrict rest of the site of the logged in user.

<location path=”default.aspx”>

      <system.web>

            <authorization>

                  <allow users =”*” />

            </authorization>

      </system.web>

</location>

Some good resources about ASP.NET 2.0 Authentication and Authorization and Security on the whole are as follows.

Scott Guthrie Post about ASP.NET 2.0 Security Resources

How To: Protect Forms Authentication in ASP.NET

Explained: Forms Authentication in ASP.NET 2.0

Security Guidelines: ASP.NET 2.0