Category Archives: Security

Security

Bad Agile

Leave a comment

It has been a whirlwind week for me. Products launching to hundreds of millions of users have required quite a bit of focused attention. It feels good to have them going smoothly and I look forward to the reaction from people at CES. So, in my own neck of the woods I have several posts ready to go for the prior days, but have not had enough time to edit them for release. I might be able to squeeze them out today, but it begs the question if I should back-date them to when the bulk of them were written, or date them for today’s launch to the public?

I noticed a related story about code-complete and deadline launch dilemmas written-up on Stevey’s Blog Rants. He attempts to discuss the nature of human behavior and how it can impact quality as well as timing.

Up until maybe a year ago, I had a pretty one-dimensional view of so-called “Agile” programming, namely that it’s an idiotic fad-diet of a marketing scam making the rounds as yet another technological virus implanting itself in naive programmers who’ve never read “No Silver Bullet”, the kinds of programmers who buy extended warranties and self-help books and believe their bosses genuinely care about them as people, the kinds of programmers who attend conferences to make friends and who don’t know how to avoid eye contact with leaflet-waving fanatics in airports and who believe writing shit on index cards will suddenly make software development easier.

You know. Chumps. That’s the word I’m looking for. My bad-cholesterol view was that Agile Methodologies are for chumps.

The fatal flaw in this blogger’s rant is the horribly weak analysis that follows from the above (e.g. if you shower developers with simple incentives it will invariably result in higher quality, as if incentives were easy to understand let alone justly distribute). In other words, he acknowledges that human behavior is a risk, but then fails to understand human behavior and instead faults the system they are using as if Agile is to blame for failing to correct all engineering practices. Nonetheless, after I managed to read through its entirety I had to laugh at the fact that he says he can find no way to tell good cholesterol from bad before he burns through several hundred rambling lines in an attempt to explain *simply* that it shoud be obvious to even the casual programmer how to know good from bad Agile.

The bottom line for Stevey appears to be that he likes to eat, and if you feed him good food (since he admits at the start he can’t figure out the risks for himself) then he will perform well. This is a fine model for the great Stevey, but hardly the stuff a project or risk manager can apply more universally. He might as well say something like wearing brown shoes and a blue shirt works best in his experience therefore others should try it too. Systems are prone to failure; there are many risks. But that does not mean that a system can never be successful, or at least average out with more wins than losses. And with that said, I plan on back-dating my posts to give myself credit for having written them, even if the editing was not complete until today.

Poetry, Security

craigslist haiku

Leave a comment

I noticed recently that Craig has added some new art and poetry to his site. I really like the new error haiku:

Not Found

There is nothing here

No web page for this address

404 Error


 ____________
(  return to  ) 
(  craigslist )
(  homepage?  )
 ------------- 
       O 
        O   ^__^
         o  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
Poetry, Security

Hidden meanings and domain abuse

Leave a comment

Phishing domain names are terribly annoying. Aside from the obvious problems with people playing with the vulnerability of fonts (e.g. “O” and “0”) or taking advantage of common misspellings, there is also the issue of Unicode translations, etc.. A simple domain name can sometimes require a great deal of thought to make sure it is less susceptible to hijacking or abuse. However, the risks are not always from the outside. With that in mind, see if you can find the hidden meanings in these real domain names:

Who Represents is where you can find the name of the agent that represents any celebrity. Their web site is:
https://www.whorepresents.com

Experts Exchange is a knowledge base where programmers can exchange advice and views at:
https://www.expertsexchange.com

Looking for a pen? Look no further than Pen Island at:
https://www.penisland.net

Need a therapist? Try Therapist Finder at:
https://www.therapistfinder.com

There’s the Italian Power Generator company:
https://www.powergenitalia.com

And don’t forget the Mole Station Native Nursery in New South Wales:
https://www.molestationnursery.com

If you’re looking for IP computer software, there’s always:
https://www.ipanywhere.com

The First Cumming Methodist Church web site is:
https://www.cummingfirst.com

And the designers at Speed of Art await you at their wacky web site:
https://www.speedofart.com

Yes, they really are real. Snopes even confirms the marketing site for an Italian company, although the site is now “under construction”:

The powergenitalia.com domain apparently hosts the web site of a real Italian company (Powergen Italia) which sells specialized battery products.

Guerrilla marketing, accident, or intentional joke? You be the judge.

And this just had to be filed under poetry, because my guess is that if the domain owners had read/written more poetry they would have been far more immune to this kind of risk…

Energy, Security

Algeria establishes oil windfall tax

Leave a comment

While California debates Proposition 87, and whether oil companies should be taxed at all, Algeria has decided to place a tax on excessive profits:

From early 2007, profits accrued by firms when prices are above $30 a barrel will be taxed at between 5% and 50% depending on total output.

The tax will apply to existing production agreements between the state oil firm and private operators as well as those signed in the future.

In addition, it will be mandatory for Sonatrach to be involved in all future energy development projects and it will be entitled to a 51% stake in production and refining contracts with foreign firms.

“This will have a positive effect on future generation,” Chakib Khelil, Algeria’s energy minister, said of the measures.

“It is a gain for the public good as that will reinforce the state’s role in monitoring the sector.”

The article does not say whether any of the money from the taxes will be used to counter-act the harmful effects of petroleum waste and pollution.