Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Wow! (Score 2) 347

Engineers think project managers and deadlines are a waste of time and a pain in the ass, while project managers think they are essential. Now that's what I call news! Whodathunkit!

This is business. Management wants to quantify everything to manage resources, manage spend, control cost, maximize profit, etc. It makes perfect sense at the same time that it doesn't really jive with how engineering works a lot of time. One thing for developers to keep in mind, though, is that *doing* something is never as important as *telling people* about how you did it. Metrics mean way more to the people who sign your paycheck than the code you write does and you should design your metrics accordingly.

The other component is PMs themselves. How many really good PMs have you worked with in your life? Grand total of 1 for me. Most PMs are people who don't really understand technology and have created a whole system of super-important metadata to "add value" to the process. When it's done properly a PM can help a lot, but mostly its just blustering and wasting everyone's time. These people want to protect their jobs, and their jobs are defined by timelines and metrics.

Comment "Folders" (Score 1) 516

Can we get past the yellow, "folder" icon yet? It doesn't go with the rest of the interface at all, and its based on a wildly outdated concept. Even when I still use folders, they're never yellow. It's time to move on.

Maybe there's even a new way of visualizing "folders" altogether. Let's get creative.

Comment Re:But where/when does one explicitly learn securi (Score 1) 809

Your company should provide secure coding practices training. It's something that is becoming more and more common, but hasn't quite hit full adoption yet. It's being driven by regs and customers. Pretty soon it's unlikely you'll be coding anything before you take the training. It's the way the industry is moving.

However, there is another piece here. I am about to give you the keys to becoming a superstar developer. No BS, this is going to sound obvious but if you follow these steps you'll become the go to guy in no time and your career will advance...

1.) Make sure there is a business requirements document *before the project begins*
2.) Circulate that document to stakeholders, *including the information security group*

That's it. That's the whole secret. It's the key to every development and infrastructure project. It will seem like security is a pain in the ass and is raising the cost of the project but in the medium to long term they are *greatly* reducing the cost. You will also be loved by the infosec group, which means that you will be loved by the customers and the business as well. They just won't know it until you go to actually sell the product but once you do...you will be the savior.

I'm not kidding about this. Do this and you will be successful.

Comment I'll let you in on a secret... (Score 5, Insightful) 809

Almost everybody is extremely bad at their jobs. Especially in IT, but in general too. I would say a solid 85% of people working in IT today should not be in the field.

I work in Security and so my job is basically to know, at a high level, how other people should do their jobs. Of course there are compromises that have to be made for functionality and cost, but in reality most IT systems are developed and architected in a way that no one should architect anything for any reason. The amount of money that's wasted because of poor infrastructure is astonishing. Companies could have an architecture that's twice as secure and probably half the cost to maintain if they were willing to make a one time investment in doing it properly.

Developers are a weird animal too. I know I'm playing with fire saying this on Slashdot. :) In my experience developers have a deep understanding of how systems work and are designed (obviously), but their understanding is *extremely* narrow. This is by no means true of all developers, but it's true of a lot. They can write brilliant code, but they can't tell you how to go about FTP-ing a file, how to encrypt an email, or how a domain works. It's a specialized skill set.

At a previous company I had to call support because my computer didn't grok with the domain and wasn't getting group policy. The tech, with her domain admin access, comes over and is obviously floundering trying to fix the problem. I suggest running a DOS command I know...she googles it and pulls it up...she gets to the command prompt and starts typing, "command\optionfoobar-x7", etc. How can you possibly be in that field and not know the *most basic structure* of a DOS command? I don't care if you know the command and options, everyone googles that crap, but you don't know how to type it in properly? A backslash and no spaces? Really? Even when you're looking at a webpage which has it verbatim?

Its no wonder things are in the state they're in.

Comment Not that crazy (Score 1) 391

That's not out of line with other high end portables, especially with 128gb internally. Lots of other players in that space and price range.

It does need to be GOOD...VERY good....though. The guys on Head-Fi are pretty picky!

I need a large capacity high end player, but I'm not willing to spend quite that much. Geekwave looks promising.

Comment Re:What a nightmare (Score 1) 332

I wasn't talking about the technology at all. I mean, generally, its so far off TOS it just doesn't even make sense at all. I would give them leeway to make it look cool and facilitate some story elements, but they're just off in lala land. Its a completely different universe.

What I was talking about is more the character development, the message, etc.

Comment Re:What a nightmare (Score 1) 332

There's too much in the canon and too many people who love it to just burn it. It's just stupid, you might as well just start a new canon if you want freedom.

The thing is, even if you're OK with them burning the canon so they can do whatever they want, what they did with that freedom is make shitty action movies with horrible dialogue and no plot. Someone else mentioned that none of the movies really lived up to the TV show, and that's probably true, but the new stuff is just shit. How they've handled Spock's character is just pathetic....his scenes are basically unwatchable.

The technology is all way off too. It doesn't jive with the original in any possible way. I realize this is a geeky thing to say but its fucking *Star Trek* if we can't be geeky about that, we can't be geeky about anything.

Comment What a nightmare (Score 3, Interesting) 332

First Abrams' complete disregard for the history and the message of every previous Star Trek in favor of everything superficial and minor that has ever been in the series, and now they bring in this guy, of all people? They should just have Vin Diesel play Kirk and put the series out of its misery.

I actually wouldn't have minded the 2 newest Star Trek movies as mediocre sci-fi films, *if* they weren't labelled "Star Trek". The lens flare bullshit and the incompetent/inconsistent portrayal of Spock are things I could get past, but not as a Star Trek movie.

Comment Re:Security = Liability (Score 1) 227

"if we don't do X, we going to get pwned" into "if we don't spend X$ and Y man-hours, we are exposing our business to $Z,000,000 -sized liability".

Um.

This sounds a lot like risk management.

Risk management is for COMMUNISTS.

Never do a risk assessment when you start a new project, it will just bring up uncomfortable information and make everyone feel sad. :(

Comment Re:Of course not. (Score 1) 227

In the case of security, it falls into this classification of 'technical things nobody even wants to understand' and also into the classification of 'preventative measures that people will not recognize the importance of, until after it bites them in the ass.' You tell people that it's a bad idea to use "password" as your password, and they'll blow you off. The more you stress the point, the more annoyed the'll become-- all the way up until someone malicious gains access to their accounts. Once they've been hacked, they'll come back angry, demanding, "Why didn't anyone tell me it was a bad idea."

Until there's an actual security breach, people think you're chicken little. They'll tell you, "I've been using 'password' for my password for 10 years and I've never had a problem."

Face that kind of attitude for a several years, and you get awfully tired of warning people.

Exactly right.

Security professionals have had to be budget-minded for a while now. We're not telling you this because we want to bankrupt the business, we're telling you this because it is a reasonable precaution to take, in line with standards and industry norms, and will save your ass and pay for itself 100x over if there is a breach. People view their own internal security department as the enemy, rather than someone who is on the same side trying to get people to do things properly. We get that there's a margin and a budget, but if you always decide in favor of, "get it done now, as cheaply as possible, we don't have time to do it right" eventually it will catch up with you.

Slashdot Top Deals

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...