August 1st, 2007
On Role-Based Security and Segregation of Duties
Jim Fleischmann is a security consultant who audits companies for Sarbanes-Oxley compliance [defined]. He and I recently compared notes. As a software developer who has often worked on role-based security systems, it was wonderful for me to get his perspective on where the rubber meets the road. As you might imagine, his feedback was quite different from the usual feedback I’d get through channels (QA bug reports, customer service support tickets, etc.) The following is my recollection of what we covered. I’ll start with Jim’s observations, and then follow up with my own.
Continue Reading »
Read more: Architecture and Design | Comments Off
February 16th, 2007
[This review originally appeared in my personal blog on Sept 8, 2005. I’m reposting it by request.]
I’m helping out with a study group for “Head First Design Patterns,” which just finished chapter 6. On the whole, it’s a pretty good introduction to software design patterns — way more accessible than the seminal work by the Gang of Four; however, the examples sometimes make my head hurt. I can’t imagine what they’re doing to the heads of the beginners in the group. Coming up with decent examples is the hardest thing to do in expository writing, and I certainly give the authors an E for effort in creativity, but I wish they had been a little less concerned with making their examples “hip” and a little more concerned with making them appropriate.
Continue Reading »
Read more: Architecture and Design | Comments (0)
February 10th, 2007
Mid last year, Kurt Williams wrote “Beware of Simplicity” in development frameworks. According to him, new and fresh frameworks can only claim to be simple because they are immature. All frameworks are doomed to growing more complex as they grow in features. I can’t argue with that. It seems to me, therefore, that the best frameworks are the ones that do the best job of hiding that complexity — either because of the innate architecture of the framework, or by virtue of the tools and practices that deal with the complexity for you. A framework can have all of the under-the-hood complexity it needs. It’s the day-to-day, in-your-face complexity that I care about.
In the field of cognitive psychology there’s this so-called “Magic Number 7.” Basically, the idea is that humans can only keep 7 disjointed “things”, plus or minus two, in short-term memory at once. To see what I mean, study the following list of words for a minute. Then, turn away and write down as many as you can from memory:
Continue Reading »
Read more: Architecture and Design | Comments (0)
