Friday, July 17, 2009
Sofware Engineering and Metrics
Tom DeMarco (Yes, THAT Tom DeMarco) wrote an interesting piece on his current view of Software Engineering. Definitely worth the read.
Wednesday, July 15, 2009
Clouds can be Dangerous
Agree or not with TechCrunch's decision to publish some data from some Twitter documents they received, I think the most important thing to note is what they say about using gmail and other cloud services
"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers. We’ve spoken with Twitter. And we’ve heard what our readers have to say. All of that factors in to our decision on what to post or not to post."
I have been wondering how many people will need to get burned and to what degree before they start taking this sort of thing seriously. Given that Google's entire business model is selling targeted advertising, they have an incentive to collect as much data about you as possible. You would think for this reason alone people would be wary of dumping too much stuff into Google's hands. The annoyance factor would get to be outrageous, I would think. That's not even considering that Google has to be a HUGE target for any sort of cracker that wants to track down any kind of information. I'm sure they do their very best to keep everything as locked down as possible, but it's really hard to compromise the information if it isn't there to be compromised in the first place.
"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers. We’ve spoken with Twitter. And we’ve heard what our readers have to say. All of that factors in to our decision on what to post or not to post."
I have been wondering how many people will need to get burned and to what degree before they start taking this sort of thing seriously. Given that Google's entire business model is selling targeted advertising, they have an incentive to collect as much data about you as possible. You would think for this reason alone people would be wary of dumping too much stuff into Google's hands. The annoyance factor would get to be outrageous, I would think. That's not even considering that Google has to be a HUGE target for any sort of cracker that wants to track down any kind of information. I'm sure they do their very best to keep everything as locked down as possible, but it's really hard to compromise the information if it isn't there to be compromised in the first place.
Friday, July 10, 2009
The current and future state of programming
An interesting read from Philip Greenspun. Apparently some students were able to find their admission status by modifying a URL. This, apparently, qualifies as "hacking". Ugh.
I am particularly fond of the sentence "As progressively dumber programmers build progressively more complex systems we will see more of this kind of attempt to paper over coding mistakes with lawyers, sanctions, policies, and laws." I know people that have been lamenting this sort of thing for years. To hear it put so clearly is refreshing. Not that anybody will really care. Until their credit cards and bank accounts get hacked, that is. But by then it will be too late. And they'll care for about 20 minutes and then get back on with their lives. *sigh*
I am particularly fond of the sentence "As progressively dumber programmers build progressively more complex systems we will see more of this kind of attempt to paper over coding mistakes with lawyers, sanctions, policies, and laws." I know people that have been lamenting this sort of thing for years. To hear it put so clearly is refreshing. Not that anybody will really care. Until their credit cards and bank accounts get hacked, that is. But by then it will be too late. And they'll care for about 20 minutes and then get back on with their lives. *sigh*
Thursday, July 9, 2009
NIH Syndrome
Most people in software are at least aware of Not Invented Here syndrome. We're in the middle of fighting with it right now, on the other side where we have some dependencies that are causing issues because we rely on some libraries for a very important piece of our software and the library has upgraded and if we use the upgrade we are, for all practical purposes, going to have to do a rewrite. So I was going to write this big long article in defense of NIH and why it makes sense to roll your own sometimes, but then I remembered that Joel on Software had tackled this already.
I reread the piece and it is basically saying the exact same thing I was going to say, so here it is. I can't say that I would go to Joel's extreme of "If it's a core business function -- do it yourself, no matter what.", but you need to seriously think about the cost of upgrading dependencies if the dependency is a core piece of what you are doing. It's not a matter of IF it will bite you in the ass, but WHEN and how hard.
I reread the piece and it is basically saying the exact same thing I was going to say, so here it is. I can't say that I would go to Joel's extreme of "If it's a core business function -- do it yourself, no matter what.", but you need to seriously think about the cost of upgrading dependencies if the dependency is a core piece of what you are doing. It's not a matter of IF it will bite you in the ass, but WHEN and how hard.
Subscribe to:
Posts (Atom)