Archive

Archive for the ‘1’ Category

Thycotic brings Password Management to SuperComputing 2009

November 16, 2009 Leave a comment

November 163th 2009 | Jonathan Cogley and Dan Parker

Thycotic brings Password Management to SuperComputing 2009

Thycotic will be in Portland Oregon this week, exhibiting at SuperComputing from November 14th to the 20th . Stop by our booth (#354) to catch a peek of the iPhone version of Secret Server enterprise password management.

Are you responsible for end-user passwords? As to see a demo of our new self-service password reset application, Password Reset Server.

Come visit us to talk about password management or information security.

See you there!

Jonathan Cogley is the CEO of Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product. On Twitter? Follow Jonathan

These aren’t your father’s regular expressions

November 9, 2009 1 comment

September 17th 2009 | Morgan Kleene

These aren’t your father’s regular expressions

Regular expressions, as they’re traditionally defined, make it impossible to match balanced patterns like “ab”,” aabb”,”aaabbb”, “aaaabbbb”, etc. The Microsoft.NET implementation has augmented traditional regular expressions with new features that allow us to match arbitrary balanced constructs.

I’ll demonstrate a few patterns and build up to a Regular expression that matches a small xml-like language.

There are a few Regexp language ingredients that allow us to match balanced patterns. The first is the named ‘capture group’, and its interesting implementation in .NET. Given the Regex “^a(?abc)(?123)b$” consider what happens when we execute it on the string “aabc123b”: Both “abc” and “123” are captured by the group “g”. The following code demonstrates this by printing out “abc” and then “123”:

Regex r = new Regex(@"^a(?<g>abc)(?<g>123)b$");
      foreach (var s in r.Match("aabc123b").Groups["g"].Captures)
      {
          Console.WriteLine(s);
      }

NOTE: the ‘^’ at the beginning of the Regex means to only match at the beginning of line and the ‘$’ means to match only at the end of the line.

Imagine a stack associated with each group, in our case g, onto which the captured elements are pushed. Most stacks can be popped as well as pushed, right? These stacks can as well. By labeling the second group –g instead of g, matching the text in the parentheses pops off the top element of the g stack. So the following code prints absolutely nothing. Matching the “123” pops “abc” off of the g stack.

Regex r = new Regex(@"^a(?<g>abc)(?<-g>123)b$");
      foreach (var s in r.Match("aabc123b").Groups["g"].Captures)
      {
          Console.WriteLine(s);
      }

An important aspect of the -g construct is that if the g stack is empty then the elements enclosed cannot be matched. The expression “^(<g>a)(<-g>a)(<-g>a)$” will never be matched.

Now I’ll demonstrate how to match two different kinds of balanced expressions. The first will be strings of the form “()” “(())” “((()))” “(((())))”. When we match this kind of of regular expression there are essentially two phases: pushing elements onto the stack as we match the opening parentheses, and popping them off the stack as we match the closing parentheses. The Regexp that matches this expression is:

@"^(?<p>\()*(?<-p>\))*(?(p)(?!))$"

The only new part is the (?(p)(?!)) construct at the end of the line. This construct means that if the p group is nonempty then we should match the pattern “?!”. The pattern “?!” is a negative lookahead, in this case with no argument. This means that the entire pattern matches only in the case that it is not followed by the space between words, which is impossible. What this pattern does is force failure when the p group is not empty to prevent matching things like “((()”, where all the opening parentheses are not consumed by the closing parentheses.

The previous regex does not deal with things like “()((()))(())” because we have restricted all opening parentheses to precede all closing parentheses. It is a simple matter to change this, and allow the parentheses to occur in any order. The following regex will match all strings of balanced parentheses:

@“^(?:
(?<p>\()
|
(?<-p>\))
    )*
(?(p)(?!))$”

NOTE: this is compiled using the RegexOptions.IgnorePatternWhitespace option, to allow spacing for clarity.

We can think of this expression as “Match an opening parenthesis and push it on the p stack. Match a closing parenthesis and pop the p stack only if the p stack contains an opening parenthesis. If we reach the end of the expression assert that the p stack is empty.”

Think about what happens in these examples: Consider the string “(((”. This fails because the group “p” contains “(((“ when we reach the end of the string. Consider the string “)(“. This fails because the only time we match a closing parenthesis is when there is an opening parenthesis on the “p” stack; the first character is never matched.

We must make sure that we only match things that we’ve seen before. In .NET that’s a breeze. The “\k<g>” construct gives us access to the top of the stack associated with the g group.

Regex r = new Regex(@"^(?<g>abc)(?<-g>\k<g>)$");
      foreach (var s in r.Match("abcabc").Groups["g"].Captures)
      {
          Console.WriteLine(s);
      }

In the above code, nothing is printed. We match “abc”, push “abc” on the top of the g stack and then pop everything off the g stack when we reach the -g group and the “\k<g>” construct matches what’s on top of the g stack.

Finally we’re ready to see the expression that matches an arbitrary html-like language. The regular expression matches a language with balanced opening and closing tags. There are no attributes or any inner content, but extending such an expression to deal with things like that shouldn’t be too much of a problem.

@"^(?:
                            (?:<(?<tagName>[^>]+)>)
                                    |
                              (?<-tagName></\k<tagName>>)
                            )*
                           (?(tagName)(?!))$"

We first match the opening tag and capture the name of the tag to the

“tagName” group. When we encounter something that looks like a closing tag we only match (and pop the opening tag off of the “tagName” stack) if the same opening tag is already on the “tagName” stack. When we get to the end of the string we make sure that all opening tags have been matched by asserting that the “tagName” stack is empty.

.NET Regular expressions are a bit more powerful than the Regexes most of us are used to due to the addition of a stack that can push and pop arbitrary elements. If you have a simple, balanced pattern to match they can be extremely helpful.

References

[1] Friedl, J. 2006 Mastering Regular Expressions. O’Reilly Media, Inc.

Morgan Kleene is a Senior .NET consultant at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product.

Developer Tip Get column names for a SQL query

August 10, 2009 1 comment

Quickly look up table information in SQL Server Management Studio

July 30th 2009 | Jonathan Cogley

Developer Tip – Get column names for a SQL query

This tip combines an earlier tip to show an easy way to grab the columns of a table and use Regular Expressions to format your SQL.

Jonathan Cogley is the CEO of Thycotic Software, an agile software consulting and product development company based in Washington DC. Secret Server is our flagship enterprise password management product.Are you on Twitter? Follow Jonathan

Categories: 1

A View From Above

Jonathan Cogley: Registration forms: Breaking down the barriers between your Web visitor and your product

June 5th 2009 | Bryant Smith

A View From Above

“The significant problems we face can never be solved at the level of thinking that created them.”
-Albert Einstein

Last week, I celebrated my fourth anniversary with Thycotic. I wasn’t aware of it until I received an encouraging IM from Jonathan Cogley (my boss) congratulating me on four years with the company. I just buried myself back into my work…

There is nothing wrong with getting deep involved in the details of work, especially if you are having fun doing it, which I generally am. Sometimes it’s a blast. Other times it’s a chore. It’s all a matter of perspective—a precious commodity that is slippery (read David Allen’s ‘Making It All Work’) but essential. Perspective is what turns my work into a blast or a chore. It can either motivate or demotivate you.

Is everything perfect at Thycotic?

No, we’ve got problems; but they’re good problems. Besides, perfect is boring and not very challenging. That’s another perspective that is slippery for me: looking at problems as something fun to solve. The question is, do you have the tools that give you some control and perspective? A coworker’s presentation on Kent Beck’s XP book compared our practices with the book. The presentation was frustrating yet exciting at the same time. Frustrating because I feel a need to apply our Agile practices more purely. Frustrating because I want to become a craftsman at what I do, but sometimes reality gets in the way (our customers, our practices, my own limitations and mistakes, etc.) On the other hand, I feel excited because we have a great team and I have many of the Agile practices down pat.

So what’s the takeaway here?

It’s how do I manage a perspective that’ so difficult to maintain? Today this perspective of excitement, gratitude, and passion for my job is bolstered and supported by the fact that I needed to write this blog in the first place. If I wasn’t writing this right now, I would have probably missed the opportunity to look at my circumstances from a higher ground. Don’t get me wrong, I am frequently grateful for my job and my circumstances. Maybe it’s just the way I am, maybe it’s my faith in God and the Bible. Whatever it is, it is easily attainable by all if we have the right tools.

What are those tools? A short list might include:

  • ‘Making it All Work’, by David Allen, author of ‘Getting Things Done’
  • Ask yourself challenging questions.
  • Read inspiring stories or watch uplifting movies.
  • Get involved in the community.
  • Be a mentor. Teach.
  • Review old dreams.

The problem can rarely be solved at the level that the problem is found. You may have to move your focus to a higher level for clarity, or down to the level of action steps. Most of us have a tendency to get into a groove where we do one more than the other. For me, as of late, I have been having health issues. My tendency was to keep my head down and weather the storm. It’s a nice view from up here, I think I’ll stay a while…

Bryant Smith is a Senior .NET developer at Thycotic Software, an agile software consulting and product development company based in Washington DC. Secret Server is our flagship enterprise password management product.

Applying for a job? Make a connection

May 29, 2009 1 comment

Jonathan Cogley: Registration forms: Breaking down the barriers between your Web visitor and your product

May 6th 2009 | Jonathan Cogley

Applying for a job? Make a connection.

I have posted about this before but we are in the run-up to our Summer Internship and the topic amazes me once again. If you clicked the link and read the posting, then congratulations – you probably got further than most applicants. Most applicants simply send a generic resume and maybe a generic cover letter.

Clearly they didn’t read the posting which requires applicants to send in their code solution and a cover letter which should explain why they want to join our company. These applicants are really easy to handle, we simply delete their emails.

This makes the process a lot easier since we only deal with candidates who make the effort to read the posting and send in their code (write some code for a coding position – what a novel idea!). But it still fascinates me . the logic behind the masses . once again, I haven’t kept score but it feels like one in three actually submits code. This means a huge number of applications get deleted.

Don’t get your application dismissed or deleted

What is behind this all too common strategy? It seems like it’s all down to quantity and numbers is their game but how does that work for something as time intensive as interviewing? Five interviews with the wrong companies could chew up two or three weeks of their time (scheduling, travel, etc).

Decide on the most important criteria for you. Money is probably assumed anywhere so focus on the intangibles and prioritize them – e.g. types of work, opportunities for growth, team environment, company philosophy.

It would be worth every second to:

  • Read the job posting thoroughly
  • Ensure that all their requirements are met
  • Do some research on the company
  • How was it started?
    • What makes it unique?
    • What is the work atmosphere like?
    • What is the leadership like?
    • Who works there, what do they do? (blogs, speaking, books, etc)
  • Decide if they line up with your criteria
  • Write a few sentences about why you want to work there – incorporate your research and tie it into your criteria, explain your logic and make it yours

If you do that, you might just connect, not be deleted, get an interview and even get hired at a job you might even enjoy. In this marketplace, heck! In any marketplace, you can’t afford to not stand out. Do your homework and put your best foot forward.

Jonathan Cogley is the CEO of Thycotic Software, an agile software consulting and product development company based in Washington DC. Secret Server is our flagship enterprise password management product.Are you on Twitter? Follow Jonathan

Thycotic Brings Professional Password Management to TechEd North America

For the third year in a row, Thycotic will exhibiting at TechEd North America from May 11th to May 14th.  Stop by booth #437 to catch a sneak peek of the iPhone version of Secret Server enterprise password management.

Are you responsible for end-user passwords?  Sign up for the Beta program of our new self-service password reset application, Password Reset Server.

Come visit us to talk about password management or information security.

See you there!

Categories: 1 Tags:

Secret Server 3.1 has shipped.

August 1, 2007 2 comments

You can download it here. The release notes are here.

It was an aggressive schedule to turn these features from proposals after TechEd in June to shipped by the end of July. This was all achievedwith a team of four developers (five if you count my occasional 10 lines of code on this project!), Test Driven Development, Pair Programming and almost Continuous Integration (we are still having some problems with CruiseControl.NET on this project due to all the external dependencies in Secret Server).

This was also the most prepared we have ever been for a Secret Server release and it went off withoutany hassle (and some team applause) around 5pm today – usually releasing on a day means before midnight! 🙂 I attribute this lack of hassle to Test Driven Development and the smart developer team who worked hard to stamp out issues early on … we also started QA one week before release which is early for us.

Now we just have to wait until morning when customers will start upgrading …

Jonathan Cogley is the CEO and founder of Thycotic Software, a .NET consulting company and ISV in Washington DC. Our product, Secret Server is a enterprise password manager system for teams to secure their passwords. Is your team stillstoring passwords in Excel?

Categories: 1