Conarc Staff Blog

iChannel in the iTunes App Store

September 15, 2010 – 7:47 am

To support the needs of our mobile users, Conarc has released its iChannel connector to Apple’s iTunes store.

Our connector app is available for the iPhone and iPad. It leverages a highly secure gateway through the Amazon EC2 cloud and your own Active Directory domain authentication to provide double security. Users have fast and highly-available access to ALL the clients, contacts, and documents stored on their iChannel server right on their favorite Apple device.

Once you have iChannel running at your company, go to the iTunes store and simply search for “iChannel” or click here to navigate directly.

We’ll provide more detailed documentation to get your devices connected, authenticated, and online.

We are excited to offer this capability and happy to make iChannel that much more useful to our customers.

Contact support@conarc.com for more information.

By mchu | Posted in the Blog | Tagged Software | Comments Off

Simplicity Wins

June 17, 2010 – 3:01 pm

This is a short testimonial from one of our clients. We really appreciate feedback (good and bad…errr constructive) so we can keep the product running in the right direction.
______________

I wanted to thank you all for the part you played in getting our system upgraded. We still have a few issues to work out, but changes since our last update in October are very positive and a few of them are ones I’ve been wishing for.

I performed 2 training classes yesterday spending 30 minutes going over the upgrade changes and an hour doing a refresher on file area filtering, document tags, contacts/subscribers, email attachment linking, the portal, and getting documents from iChannel into Engagement. It is hard to tell when accountants are excited about something but I can honestly say that most left those training classes talking about their favorite feature. It is funny because sometimes a favorite feature is something as simple as seeing the client ID beside the name on the tab in the file area or in the results list when using iChannelDesk quick search. One of my favorite features is a subscriber assigned to related entities also becoming a linked contact on those entities – what a big time saver – if only this was in place a few months ago when I had to setup 88 of them

At any rate, I wasn’t sure how often your customers relay positive comments so I wanted to pass this along. I hope you have a great day and I’ll be talking with most of you very soon.

Sincerely,

Kelly
Information Systems Director
______________

Thanks Kelly.

By mchu | Posted in the Blog | Tagged Sales, Support | Comments (65)

Programmatically Getting Effective Directory/File Permissions

March 25, 2010 – 12:43 pm

While working on integrating Active Directory into our product I had a need to determine a domain user’s effective permissions on a directory. Surprisingly, I could not find that many current C# examples so I figured that I would post the code that I came up with…

The first step was to get a list of Security Identifiers. I tried a couple different approaches to get the SIDs. In my first attempt, I figured that I would need to impersonate the user. I found a class to handle the impersonation. This class was easy to use… all I need to do was pass the user name, domain, and password into the constructor. This approached worked fine in my test application, but when I tried to incorporate it in my production application, I realized that I didn’t have the user’s domain password available. I considered a little refactoring to make the password available but decided that doing so just was not a good idea.

My next idea was to query Active Directory. Using AD worked well for getting the user SID, but didn’t work out so well for the groups – it was missing the local machine groups. I decided to use WindowsIdentity to retrieve the groups.

GetSecurityIdentifierArray:

private static string[] GetSecurityIdentifierArray(string userName) {
    // connect to the domain
    PrincipalContext pc = new PrincipalContext(ContextType.Domain);
    
    // search for the domain user
    UserPrincipal user = new UserPrincipal(pc) { SamAccountName = userName };
    PrincipalSearcher searcher = new PrincipalSearcher { QueryFilter = user };
    user = searcher.FindOne() as UserPrincipal;
 
    if (user == null) {
        throw new ApplicationException(string.Format("Invalid User Name:  {0}", userName));
    }
 
    // use WindowsIdentity to get the user's groups
    WindowsIdentity windowsIdentity = new WindowsIdentity(user.UserPrincipalName);
    string[] sids = new string[windowsIdentity.Groups.Count + 1];
 
    sids[0] = windowsIdentity.User.Value;
 
    for (int index = 1, total = windowsIdentity.Groups.Count; index < total; index++) {
        sids[index] = windowsIdentity.Groups[index].Value;
    }
 
    return sids;
}

The next step was to get a list of Access Rules for the path filtered by the SIDs. This was pretty easy… just needed to call GetAccessRules and then filter the list using the SIDs. However, I must say that I did get tripped up by one oddity. In my first attempt I used the DirectoryInfo class for directory paths and FileInfo class for file paths. What I had noticed is that using DirectoryInfo would not return the correct rights. Additionally, I noticed that it was returning an integer value that was outside the range of the FileSystemRights enum. I suspect that this has something to do with using the same integer for more than one enum item.

I found that the FileInfo class could be used for the directory path.

GetAccessRulesArray:

private static FileSystemAccessRule[] GetAccessRulesArray(string userName, string path) {
    // get all access rules for the path - this works for a directory path as well as a file path
    AuthorizationRuleCollection authorizationRules = (new FileInfo(path)).GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
 
    // get the user's sids
    string[] sids = GetSecurityIdentifierArray(userName);
 
    // get the access rules filtered by the user's sids
    return (from rule in authorizationRules.Cast<FileSystemAccessRule>()
            where sids.Contains(rule.IdentityReference.Value)
            select rule).ToArray();
}

The final step in creating the Effective Rights was to merge all the Access Rules. To do this, I first needed to combine all the Deny Access Rules and the Allow Access Rules separately. Then remove all the denied rights from the allowed rights.

GetEffectiveRights:

private static FileSystemRights GetEffectiveRights(string userName, string path) {
    FileSystemAccessRule[] accessRules = GetAccessRulesArray(userName, path);
    FileSystemRights denyRights = 0;
    FileSystemRights allowRights = 0;
 
    for (int index = 0, total = accessRules.Length; index < total; index++) {
        FileSystemAccessRule rule = accessRules[index];
 
        if (rule.AccessControlType == AccessControlType.Deny) {
            denyRights |= rule.FileSystemRights;
        }
        else {
            allowRights |= rule.FileSystemRights;
        }
    }
 
    return (allowRights | denyRights) ^ denyRights;
}

Complete code:

public static class FileSystemEffectiveRights {
    public static FileSystemRights GetRights(string userName, string path) {
        if (string.IsNullOrEmpty(userName)) {
            throw new ArgumentException("userName");
        }
 
        if (!Directory.Exists(path) && !File.Exists(path)) {
            throw new ArgumentException(string.Format("path:  {0}", path));
        }
 
        return GetEffectiveRights(userName, path);
    }
 
    private static FileSystemRights GetEffectiveRights(string userName, string path) {
        FileSystemAccessRule[] accessRules = GetAccessRulesArray(userName, path);
        FileSystemRights denyRights = 0;
        FileSystemRights allowRights = 0;
 
        for (int index = 0, total = accessRules.Length; index < total; index++) {
            FileSystemAccessRule rule = accessRules[index];
 
            if (rule.AccessControlType == AccessControlType.Deny) {
                denyRights |= rule.FileSystemRights;
            }
            else {
                allowRights |= rule.FileSystemRights;
            }
        }
 
        return (allowRights | denyRights) ^ denyRights;
    }
 
    private static FileSystemAccessRule[] GetAccessRulesArray(string userName, string path) {
        // get all access rules for the path - this works for a directory path as well as a file path
        AuthorizationRuleCollection authorizationRules = (new FileInfo(path)).GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
 
        // get the user's sids
        string[] sids = GetSecurityIdentifierArray(userName);
 
        // get the access rules filtered by the user's sids
        return (from rule in authorizationRules.Cast<FileSystemAccessRule>()
                where sids.Contains(rule.IdentityReference.Value)
                select rule).ToArray();
    }
 
    private static string[] GetSecurityIdentifierArray(string userName) {
        // connect to the domain
        PrincipalContext pc = new PrincipalContext(ContextType.Domain);
        
        // search for the domain user
        UserPrincipal user = new UserPrincipal(pc) { SamAccountName = userName };
        PrincipalSearcher searcher = new PrincipalSearcher { QueryFilter = user };
        user = searcher.FindOne() as UserPrincipal;
 
        if (user == null) {
            throw new ApplicationException(string.Format("Invalid User Name:  {0}", userName));
        }
 
        // use WindowsIdentity to get the user's groups
        WindowsIdentity windowsIdentity = new WindowsIdentity(user.UserPrincipalName);
        string[] sids = new string[windowsIdentity.Groups.Count + 1];
 
        sids[0] = windowsIdentity.User.Value;
 
        for (int index = 1, total = windowsIdentity.Groups.Count; index < total; index++) {
            sids[index] = windowsIdentity.Groups[index].Value;
        }
 
        return sids;
    }
}

Example of use:

static class Program {
    [STAThread]
    static void Main() {
        string userName = "me";
        string path = @"c:\";
 
        FileSystemRights rights = FileSystemEffectiveRights.GetRights(userName, path);
        bool canWriteData = rights.HasRights(FileSystemRights.WriteData);
    }
}
 
public static class FileSystemRightsEx {
    public static bool HasRights(this FileSystemRights rights, FileSystemRights testRights) {
        return (rights & testRights) == testRights;
    }
}

By tbrothers | Posted in Uncategorized | Comments (0)

Rewriting and Venture Capitalization

March 19, 2010 – 1:19 pm

All software has it: evolutionary programming in code blocks that are eventually deprecated, features and processes that the market no longer wants, and those few complexities that even a hydraulically-adjustable pavement roller cannot iron out. This is an inevitable part of having a product that walks the software life cycle and molds itself to customer/market trends.

There is a point at which software outgrows its initial investment (be it technology, business vision, vertical tailoring, etc) and begs for a rewrite. That’s the question here: What is the financial and managerial methodology to take all the business logic and institutional utility of an existing software system and leap out of legacy and into a new, freshly-designed, and zippier approach?

This isn’t a question about will-power or nuts-and-bolts, technical know-how. It’s about how to gather capital and outside experience to convert a fast-moving diesel train to maglev while staying on schedule.

I’ve consumed a few books on Angel and Venture Capital funding (No, not the For Dummies book) and yet the process by which a company gains access to the network of great guidance and product-changing resources is still not clear. A rough, napkin-based cost analysis points to a far lower risk on an established company with existing product than a start-up. Yet, the process and likelihood of getting VC attention seems far lower.

The only logical point I see is that most investors in VC form enjoy the fast ride and opportunity to give back to the community of entrepreneurs that comes with start-ups. I’m just a wholehearted believer that incorporating some lower-risk, diversity into the portfolio is just smart.

Yeah…maybe this is more of a request for Comments than something informational as previous posts, but I would love to wrap my head further around recent capitalization and mentoring trends.

got *pointers? (yeah that’s a geek joke)

By mchu | Posted in the Blog | Comments (102)

Support Policy Change

March 5, 2010 – 1:06 am

A letter from our Support Manager
__________

Dear Sir or Madam,

In a effort to better serve your support needs, we are making the following change to our support policy:

As of March 8, 2010, we will assign higher priority to tickets submitted through the our support website at http://support.conarc.com/ .

The ticket submission form on the site has been changed in order to gather more up-front information. This will allow us to respond to your tickets quicker, more accurately, and with less back-and-forth.

You will still be able to send in tickets via e-mail and track them through our the site; however, we hope that by submitting your incident at http://support.conarc.com, you will find faster resolutions.

Thank you,

Conarc Support Team

By mchu | Posted in the Blog | Tagged Support | Comments (172)

IQToolkit in Production: Why IQToolkit?

March 2, 2010 – 10:56 am

IQToolkit started out as a blog series with the purpose of showing how to create an IQueryable provider. As the series grew, the sample code became a toolkit that could be used to simplify the creation of an IQueryable provider. Additionally, the toolkit included a few implementations of the framework such as ORMs for Access, MySql, SQL Server, SQL Server Compact, and SQLite. Out of this list, I could use the SQL Server provider but finding a replacement for LINQ to SQL wasn’t the goal that lead me to the IQToolkit blog series. The goal was to find an ORM for Visual FoxPro data or find out how to write a provider. I was unable to find a VFP ORM so I wrote my own (LINQ to VFP) and put it up on codeplex as an open source project.

So to answer the question… Why IQToolkit? Using this toolkit with the SQL Server provider and the VFP provider allows us to be consistent with our data access code. In the not so distant past, we were using LINQ to SQL for SQL Server data access which included its nice strongly typed entity classes. But with VFP data we used DataTables. Using two different approaches just didn’t feel right.

By tbrothers | Posted in Uncategorized | Tagged IQToolkit, LINQ to VFP | Comments (101)

Subversion is Rocket Science Without Requiring A Rocket Science Degree

February 28, 2010 – 11:13 am

After using Microsoft’s Visual SourceSafe for the greater part of 10 years Conarc has had code to track, we converted to Subversion. We made the switch almost a year ago and have been happy ever since. I too had used VSS for the majority of professional career and just accepted the flaws, code destruction, and administration hard-ships.

Problems We Had with VSS

More times than not we had to rebuild or repair the database.
It’s slow…No. It’s grow-old-with-pressure-sores slow…when working off the LAN. We tried using it over a VPN connection and through the WebService plug-in to Visual Studio with IIS on the server. Forget it
The user administration is half-baked and not well (if at all) integrated with Active Directory
Merging was a pain if not completely confusing. We decided to stay with Exclusive checkouts and just yell over the cubes to each other when someone had to use a file
It’s rumored that Microsoft isn’t/wasn’t using it in-house for their development

While the above points aren’t numerous, they’re all galatically important to the viability of a source & version control system. We used these dissatisfactions to find a replacement.

The Replacements

It only took a small amount of research. Microsoft Team System or Subversion. Both had a good price: TFS is part of our Microsoft Partner MSDN Subscription and Subversion is open source. Both were better peforming than Visual SourceSafe (easy enough to jump that hurdle). We chose Subversion though for the following reasons:

Stability of datastore: The database back-end is file-based and well formed. Also, backup is a cinch. Zip up the directories and push them to a Drobo or other such NAS. Test recovery is just as easy reversing this process.
Speed: Updates and commits are almost as fast as standard file transfers since it is file-based.
Setting user access: We administer the repositories by simply setting directory security where the repo resides.
Good UI: We wanted an easy UI for use inside and outside Visual Studio. There are numerous plug-ins (AnkhSVN), Explorer shell additions (TortoiseSVN) and full Windows apps available that provide great interfaces to interact with the SVN repos.
Merging code: The merge tools that are included with the above UI apps are usually awesome out of the box, but often you can even plug in your own. I have my devenv set to use WinMerge.
Just good source control: TFS has project management and other cool solutions in it, but we have all those processes in place in other systems/business workflows because VSS didn’t have them. We sought to keep the migration a simple one-for-one replacment
Rumors Aside: I’m not sure what MS uses but dogfooding is so important to any software shop

Our conversion at Conarc worked out so well that I put Subversion to work for my personal projects/sites using RabbitVCS on my Linux systems.

Give Subversion a try on a project or two if you’re hoping to leave Visual SourceSafe behind.

By mchu | Posted in the Blog | Tagged Lessons Learned, Software | Comments (54)

FlexiCapture and the Art of MotorCycle Maintenance

February 26, 2010 – 10:39 am

In my experience with using FlexiCapture 9.0 along with FlexiLayout 9.0, there have been several problems or “gotchas” when it comes to defining an accurate, unstructured document:

- FlexiLayout is very robust in terms of its abilities to find almost any printed or written text on a page. However, you definitely need to sit down and PLAN how the document flows. Specifically, find out the static text elements that are always on the page, and then determine how their position relates to the data elements that you want to capture.

- When defining a data field in FlexiCapture Document Designer, be sure to take advantage of the customized dictionaries available. This narrows down what FlexiCapture looks for when scanning a document, and it increases the accuracy of the data extraction. This is especially true for address fields (street number, street name, city, state and zip)

- Make VERY sure that you know what resolution your production documents are going to be scanned in, and that the FlexiCapture document design matches that resolution. Failure to do this will cause you ENDLESS headaches when it comes to document recognition and accurate data extraction.

While the learning curve for designing unstructured documents in FlexiCapture and FlexiLayout can be daunting (especially when you have no classroom training), I have found that simple trial and error is the best way of learning both products. When you ram your head into a wall enough times, eventually the drywall will give way and produce a nice, big hole! <g>

Also, FlexiCapture’s ability to extract data from and route scanned documents makes it a perfect complement to iChannel. Both products can be used to form a seamless document management solution. After all, when you’re done extracting the data from a document, it begs the question: What are you going to do with those documents after that? Send them to entity specific and searchable file areas, of course.

By bholton | Posted in the Blog | Tagged Programming, Software | Comments (65)

Get Your Head In the Cloud

February 9, 2010 – 9:33 pm

I’m a geek. I admit it without a single shred of embarrassment. I have 14 computing devices at home ranging from a hand-me-down PCs to the latest iPhone and virtualized servers. They run on operating systems from Windows XP to flavors of Linux and Apple’s OS. The best part of this is that I don’t care where I sit down to work or play. All my computing is in the cloud and completely device and OS-independent. I don’t even care where I am in the world.

If you’re not headed towards Cloud Computing already, you’re behind. That’s it.

I use Google Docs for office file editing, Netflix and Hulu for entertainment, Mint and QuickbooksOnline for finance, Google Appengine for development projects and websites; even Passpack to keep my passwords secure.

My professional side is no different. Critical company files, emails, calendar activities, and CRM data are in iChannel, our Content Management System.

Keeping everything in the cloud has the advantages of being secured against unauthorized access and disaster, provides immediate availability and total mobility. Even though hardware has become less expensive, mobility has become the technology front-runner and has already altered the traditional office landscape.

Plan to soar through the Cloud and you’ll be moving faster and more flexibly than ever before.

Heads up: After Cloud Computing will be location-based and just-in-time/predictive services.

- Mike Chu

By mchu | Posted in the Blog | Tagged Definitions, Software | Comments (139)

Reaching for the Brass Ring: GSA Schedule 70

January 27, 2010 – 9:44 am

Well…..it seems like it’s about time we get on a GSA Contract. I have had enough conversations with services that aid in the process, that lead me to believe that because we are who we are at Conarc (minority owned, small business), and develop a custom application that no one else has (in iChannel), we stand a very good chance at producing sizable revenues, without putting myself through RFP hell. Because we will go down as a “service provider”, we will avoid the painstaking entry into governmental purchasing bliss.

We will run under Schedule 70…. GSA IT contracts (computer hardware contracts, computer software contracts, IT professional service contracts, computer peripheral contracts, and all other IT related contracts).�

The contract will take roughly 500 man hours to complete. Then, it needs to be accepted by the GSA, before we can begin the process of responding to the needs of the any Federal Agency on contract. Hmmm…you think there is a need for document structure, organization by topic/entity, and security around file sharing of information in the government? Yeah…I didn’t think so….lets scrap it! Only kidding, and I am actually very excited to get going on this.

Working GSA contracts can only add to the positive outlook I’ve got for 2010. There are a lot of companies that will assist in this process. Because we are small, and I’m running with full time sales as well, this type of service comes as a great help to me. The contract is good for five years, and comes with a guarantee by the federal government that if you aren’t chosen (by a date that I am yet to get an answer on…..so far….my answer was…”it’s up to the Govt”), they will kick in $2,500 as reimbursement, as does the company that’s assisting us in getting on contract.

We will still need to market to the agencies just as we would in any other business oriented market, build our relationships, manage sales cycles, etc.

I do not anticipate the orders to fall into my lap. However, I do look forward to working into new and exciting areas where iChannel has yet to make a name for itself.

I am certain that it will!

Jim Keenan
Vice President Sales
Conarc, Inc.
678-687-2607

By jkeenan | Posted in the Blog | Tagged Sales | Comments (1)