Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Programming

Ask Slashdot: Have You Experienced Fear Driven Development? 232

Posted by Soulskill from the sunk-cost-fallacy-is-a-thing dept.
nerdyalien writes: A few years back, I worked for a large-scale web development project in southeast Asia. Despite formally adopting Agile/Scrum, development was driven based on fear imposed by managers. Scott Hanselman defines Fear-Driven-Development as having three parts. 1) Organizational fear has "worried about making mistakes, breaking the build, or causing bugs that the organization increases focus on making paper, creating excessive process, and effectively standing in the way of writing code." 2) There's also fear of changing code, which comes from a complex, poorly-understood, or unmaintainable codebase. 3) The most common one is fear of losing your job, which can lead to developers checking in barely-functioning code and managers committing to a death march rather than admit failure. My project ran four times its initial estimation, and included horrendous 18-hour/day, 6 day/week crunches with pizza dinners. Is FDD here to stay?

Submission + - SNMP DDoS Scans Spoof Google DNS Server (threatpost.com)

Submitted by msm1267
msm1267 writes: The SANS Internet Storm Center is seeing SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic.

“The traffic is spoofed, and claims to come from Google’s DNS server. The attack is however not an attack against Google. It is likely an attack against misconfigured gateways,” said Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center.

Ullrich said the ISC is still investigating the scale of the possible attacks, but said the few packets that have been submitted target default passwords used by SNMP. In an update posted last night, Ullrich said the scans are sequential, indicating someone is conducting an Internet-wide scan looking for vulnerable routers and devices that accept certain SNMP commands.

Submission + - AT&T's Proposes Net Neutrality Compromise (washingtonpost.com)

Submitted by Anonymous Coward
An anonymous reader writes: The net neutrality debate has been pretty binary of late. ISPs want the ability to create so-called "fast lanes," and consumers want all traffic to be treated equally. Now, AT&T is proposing another alternative: fast lanes under consumer control. Their idea would "allow individual consumers to ask that some applications, such as Netflix, receive priority treatment over other services, such as e-mail or online video games. That's different from the FCC's current proposal, which tacitly allows Internet providers to charge content companies for priority access to consumers but doesn't give the consumers a choice in the matter." AT&T sayd, "Such an approach would preserve the ability of Internet service providers to engage in individualized negotiations with [content companies] for a host of services, while prohibiting the precise practice that has raised 'fast lane' concerns." It's not perfect, but it's probably the first earnest attempt at a compromise we've seen from either side, and it suggests the discussion can move forward without completely rejecting one group's wishes.

Comment Chip and PIN cards affected too (Score 2) 111

by Walking The Walk (#47861295) Attached to: Home Depot Confirms Breach of Its Payment Systems

I'm in Canada, and we've been using chip cards for a few years now. I just called my bank 45 minutes ago after noticing a fraudulent charge on my credit card from August 30th. Since I bought a bunch of stuff at Home Depot in May/June, I'm assuming they managed to clone my card from the stolen data. The charge was only $4.56, at a gas station halfway across the country, so I would guess that someone was testing the clone to see if it was a valid card number (maybe testing one number from a batch of 100s or 1000s, to see if the numbers were legit.)

Just so we're clear, I'm not saying the fraudulent purchase itself was made using the chip. I only ever use chip + pin when making purchases, but I suppose a cloned card could use NFC (eg: PayWay) for a purchase that small, or even just the magstripe, neither of which requires them to have compromised my pin. My point is that I thought I was being safe using chip + pin, but still got hit regardless. Fortunately, banks seem to be good about this sort of thing, and my new card is on its way.

Comment Re:just a little bigger... (Score 2) 147

by Walking The Walk (#47851107) Attached to: Restoring Salmon To Their Original Habitat -- With a Cannon
Goddamn it - Funny and Overrated shouldn't be next to each other in the moderation drop-down. Now I have to post here just to undo my mistake. Is there a way I could suggest to Slashdot devs that Overrated be moved up to be with all the other downmods at the top of the drop-down list, rather than tucked in between Funny and Underrated, so I don't hit it by mistake?
Earth

Restoring Salmon To Their Original Habitat -- With a Cannon 147

Posted by timothy from the going-up? dept.
StartsWithABang writes Hydroelectric dams are one of the best and oldest sources of green, renewable energy, but — as the Three Gorges Dam in China exemplifies — they often cause a host of environmental and ecological problems and challenges. One of the more interesting ones is how to coax fish upstream in the face of these herculean walls that can often span more than 500 feet in height. While fish ladders might be a solution for some of the smaller dams, they're limited in application and success. Could Whooshh Innovations' Salmon Cannon, a pneumatic tube capable of launching fish up-and-over these dams, finally restore the Columbia River salmon to their original habitats?
Transportation

After Weeks of Delay, SpaceX Falcon Launches Communications Satellite Payload 32

Posted by timothy from the people-one-day dept.
After several weeks of delay, SpaceX has successfully launched from Cape Canaveral AsiaSat's communications satellite, AsiaSat 6. This launch was originally intended to occur on August 27. However, due to a failure of an experimental SpaceX rocket during a test flight, the launch was delayed. The experimental rocket apparently malfunctioned because of a sensor error. The company stated that the same error wasn’t likely to occur in its regular Falcon 9 rocket, but wanted to "triple-check" its systems to be certain. SpaceFlightInsider has a play-by-play on the launch process and more details on the communications satellites aboard. They note: [This] marked the fifth flight of the Falcon 9 in 2014. Since the company began using the booster, it had only been able to carry out about two launches annually of the rocket – until now. With the United States Air Force considering the rocket for use under the lucrative Evolved Expendable Launch Vehicle (EELV) program and NASA already utilizing it to deliver cargo (and potentially crew) to the International Space Station, the rocket has become a popular player in terms of launch services. The next mission that SpaceX should use the propulsive descent landing system on, is the launch of one of the firm’s Dragon spacecraft carrying out NASA’s Commercial Resupply Services 4 (SpX-4) mission – currently scheduled to take place on Sept. 19.

Why Phone Stores Should Stockpile Replacements 253

Posted by Soulskill from the easier-than-having-mcdonalds-stock-replacements dept.
Bennett Haselton writes: I would be in favor of a regulation requiring cell phone stores to have replacement phones on hand, for any phone model covered by a customer's insurance policy. Then customers who have insurance protection on their phones could get the damaged phones replaced instantly, and the replacement phones that are normally mailed out by overnight mail to customers under their protection plan, could instead be mailed to the stores to replace the one they just gave out to the customer. Read on for the rest of Bennett's thoughts
Earth

Cause of Global Warming 'Hiatus' Found Deep In the Atlantic 465

Posted by samzenpus from the biggest-heatsink dept.
vinces99 writes with news about a study that may account for a slowdown in air temperature rises. Following rapid warming in the late 20th century, this century has so far seen surprisingly little increase in the average temperature at the Earth's surface. More than a dozen theories have now been proposed for the so-called global warming hiatus, ranging from air pollution to volcanoes to sunspots. New research from the University of Washington shows the heat absent from the surface is plunging deep in the north and south Atlantic Ocean, and is part of a naturally occurring cycle. The study is published in Science. Subsurface ocean warming explains why global average air temperatures have flatlined since 1999, despite greenhouse gases trapping more solar heat at the Earth's surface. "Every week there's a new explanation of the hiatus," said corresponding author Ka-Kit Tung, a UW professor of applied mathematics and adjunct faculty member in atmospheric sciences. "Many of the earlier papers had necessarily focused on symptoms at the surface of the Earth, where we see many different and related phenomena. We looked at observations in the ocean to try to find the underlying cause." What they found is that a slow-moving current in the Atlantic, which carries heat between the two poles, sped up earlier this century to draw heat down almost a mile (1,500 meters). Most previous studies focused on shorter-term variability or particles that could block incoming sunlight, but they could not explain the massive amount of heat missing for more than a decade.
Security

51% of Computer Users Share Passwords 117

Posted by Unknown Lamer from the rm-rf-/-of-shame dept.
An anonymous reader writes Consumers are inadvertently leaving back doors open to attackers as they share login details and sign up for automatic log on to mobile apps and services, according to new research by Intercede. While 52% of respondents stated that security was a top priority when choosing a mobile device, 51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues. The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.
Security

Watch a Cat Video, Get Hacked: the Death of Clear-Text 166

Posted by Soulskill from the internet-doomed dept.
New submitter onproton writes: Citizen Lab released new research today on a targeted exploitation technique used by state actors involving "network injection appliances" installed at ISPs. These devices can target and intercept unencrypted YouTube traffic and replace it with malicious code that gives the operator control over the system or installs a surveillance backdoor. One of the researchers writes, "many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true." This technique is largely designed for targeted attacks, so it's likely most of us will be safe for now — but just one more reminder to use https.
Transportation

Idiot Leaves Driver's Seat In Self-Driving Infiniti, On the Highway 406

Posted by samzenpus from the bad-idea dept.
cartechboy writes Self-driving cars are coming, that's nothing new. People are somewhat nervous about this technology, and that's also not news. But it appears self-driving cars are already here, and one idiot was dumb enough to climb out of the driver's seat while his car cruised down the highway. The car in question is a new Infiniti Q50, which has Active Lane Control and adaptive cruise control. Both of which essentially turn the Q50 into an autonomous vehicle while at highway speeds. While impressive, taking yourself out of a position where you can quickly and safely regain control of the car if needed is simply dumb. After watching the video, it's abundantly clear why people should be nervous about autonomous vehicles. It's not the cars and tech we need to worry about, it's idiots like this guy.
United States

When Spies and Crime-Fighters Squabble Over How They Spy On You 120

Posted by timothy from the we-may-or-may-not-have-done-that dept.
The Washington Post reports in a short article on the sometimes strange, sometimes strained relationship between spy agencies like the NSA and CIA and law enforcement (as well as judges and prosecutors) when it comes to evidence gathered using technology or techniques that the spy agencies would rather not disclose at all, never mind explain in detail. They may both be arms of the U.S. government, but the spy agencies and the law enforcers covet different outcomes. From the article: [S]sometimes it's not just the tool that is classified, but the existence itself of the capability — the idea that a certain type of communication can be wiretapped — that is secret. One former senior federal prosecutor said he knew of at least two instances where surveillance tools that the FBI criminal investigators wanted to use "got formally classified in a big hurry" to forestall the risk that the technique would be revealed in a criminal trial. "People on the national security side got incredibly wound up about it," said the former official, who like others interviewed on the issue spoke on condition of anonymity because of the topic’s sensitivity. "The bottom line is: Toys get taken away and put on a very, very high shelf. Only people in the intelligence community can use them." ... The DEA in particular was concerned that if it came up with a capability, the National Security Agency or CIA would rush to classify it, said a former Justice Department official.

Comment Low probability of getting hit by CME (Score 4, Informative) 212

I don't see what the fuss is about. The odds of being hit by a CME have to be quite low. Let's work it out together:
  1. To make the math simple, let's first assume CMEs can be fired in any direction.
  2. For a CME to hit the Earth, it has to occupy the same space as us at the same time.
  3. The Earth is approx 1 AU from the sun at any given time; so to hit the Earth, the CME has to hit a particular spot on a sphere of space 1 AU in radius.
  4. So the probability of a given CME hitting Earth is approximately equivalent to the ratio of half the Earth's surface area (since only half faces the Sun at a time) to the surface area of a sphere with a radius of 1 AU.

Google says:

  1. 1 AU = 149,597,871 km
  2. Surface area of a sphere is 4*pi*r^2, so our orbital sphere has an area of approx 2.8 x 10^17 km^2.
  3. Surface area of the Earth = 510,072,000 km^2, or 5.1 x 10^8 km^2

Therefore the probability of being hit by a given CME is (2.8 x 10^17) / (5.1 x 10^8) = 5.5 x 10^-8, or a 0.0000055% chance.

Now the number of CMEs per year is actually higher than I expected, which I suppose explains why we do in fact get hit between 0 - 70 times per year. However the number of annual large CMEs is quite low, with none of the sites I visited actually agreeing on the number (most seemed to agree it's less than 5 per year in a solar maximum.) Let's say there are 5 per year. That only brings the chance of being hit by one of them up to 0.000028% per year. So if I live to be 100, the chances I'll see one in my lifetime are only 0.0028%.

caveat: These calculations ignore CME cross-section (essentially width and height) and duration (essentially length), since I couldn't find any accurate information on those. If you find those, you can factor them into these calculations by multiplying by the cross-section, multiplying by the % duration that the CME's strength is high, and multipyling by the Earth's average orbital velocity. That will modify the probility to take into account the volume of space the Earth occupies while the CME is traversing the edge of our 1 AU sphere, and how much of the surface of the sphere is touched by the CME.

Slashdot Top Deals

Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly.

Close