Book review – Leadership: Essential Steps Every Manager Needs to Know

April 14, 2008
Add Comment

Leadership: Essential Steps Every Manager Needs to Know, by Elwood N. Chapman and Sharon Lund O’Neil, was surprisingly good. When I first opened it up I must admit that I judged a book by its “cover” and thought that it would not be very good based upon its somewhat cheesy clip art like images. But I looked past the graphics and gave it a chance, which I am glad I did.

4172k6q3y7l_sl500_aa240_.jpg

As with many leadership books, this one breaks the art of leadership down into a number of categories. In particular, this book defines the effectiveness of leadership as being the sum of visionary mission, decisiveness, application of mutual reward theory, effective communication, and power of influence, multiplied by a positive attitude. It goes on to explain in detail what each of these mean, how it can best be applied, and the different aspects of each. I found mutual reward theory to be particularly enlightening as I had yet to hear about this theory.

All in all, it is a good book and a rather quick read. While none of the content will revolutionize your career by itself, the information contained in these pages should help anyone identify where they can change to help bring their leadership to the next level.


Introducing the Web FOB

April 10, 2008
Add Comment

I have been toying around with the concept of a web fob. The concept is the same as a key fob, only it would be entirely web based. The primary benefit of this would be that you wouldn’t have to carry around a hardware security token in order to gain access to secure systems.

Here’s how it would work:

1. The user would navigate to an undisclosed site and log in, at which time a security token would be generated.
The user would know, most likely through site/network administrators, that they must go to another location to gather the security token. They would navigate to this undisclosed web site, enter their authentication information, and would be handed a token. This token could be a series of digits, a phrase, or even a file that the user downloads. The possibilities are really only limited by the imagination. The ways this token could be generated are numerous and are already a well solved problem with key fobs. The technique would likely be the same or very similar, only web based. The key to this would be in maintaining secrecy in how the security tokens are generated, meaning the processing would need to be done server side.

2. A user would attempt to gain access to the secure system and would be prompted for a security token to proceed.
This could be a website, VPN, or any other system. The only basic criteria is that authentication must include something more than a simple user name and password. The user would be greeted with the login page for the site which would display fields asking for username, password, whatever else is important, and the security token. This page would have no indication of where the security token should come from.

webfob.png

3. The token would be input into the site, along with login credentials.
Self explanatory.

4. The application would authenticate the token.
The application would either know how to authenticate the security token itself (4a) or would have a server side service that exposed a validation routine from the servers generating the security token (4b).

5. The user is granted access.
Assuming successful authentication, of course.

I know enough about security to ride the edge of chaos and mostly get away with it but by no means consider myself a guru. The main problem I see with this lies in the maintenance of the security token site and keeping it secure. So to all you security gurus: what do you think of this concept? Is it secure? Is there a benefit? Is it already being done somewhere (I couldn’t find one)?


Grails Bug?

April 9, 2008
2 Comments

I just spent a couple hours trying to figure out why my Grails views wouldn’t match up with my domain.

This started out when I decided that I wanted to simplify my domain model and remove an item, DependencyVersion, from the middle of the hierarchy. This required the removal of the domain object and the update of higher and lower levels to fill in the gap. I am still in the early phases and haven’t started customizing my views much so the easiest thing to do (for me at least since I am a newbie to Grails – there may be a better way – speak up gurus) was to blow away the domain object, the test object, all the controllers, and all the views. I then ran my script, that simply called “grails generate-all X” for each domain object in my project, and generated new views.  I then started my server, only to be greeted by a message trickling up from Hibernate regarding the DependencyVersion class being missing but being used in an association.

My domain no longer had this class. I could even do a text search on the entire project for “DependencyVersion” and get no results. I tried everything I could think of – I won’t list it all here – but finally found out that the actual bug was resulting from grails caching the build and not updating it properly. When you run “grails generate-all X” it builds the domain classes and places them in the Documents and Settings folder. In my case, this resulted in my project being built here: C:\Documents and Settings\jmcdonald\.grails\1.0-RC4\projects.

I blew this folder away, ran my script again, and Voila!, it worked.  So am I missing something or is this a bug in Grails? I am very new to Grails and am thinking there is probably an explanation…