Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Taxonomy Problem? (Score 1) 730

When introduced to the language, I suspect (I wasn't there) that it was intended to describe disciplines such as mechanical or perhaps electrical engineering.

Today, however, we apply this word to many other disciplines, including software development. You say you're a programmer. I say I'm a Software Engineer. Does this mean that if we both did the same role on the same team working for the same company and were based on Oregon, that I would have to pay registration and license fees and you did not? If so, then whilst the law may not be technically wrong, the passage of time has rendered it un-enforceable.

It's a bit like the old music hall joke: "Is there a Doctor in the house?" ... Oh, you mean a *medical* doctor! My PhD is in astrophysics, so no, I can't help deliver your wife's baby... ...

It was Cardinal Richelieu who wrote, "Give me six lines written by the hand of the most honest man, I would find something in them to hang him." Oregon are trying to bully people in to silence. Let's hope they don't succeed, for all our sakes.

Comment Contact (Score 1) 1222

Based on the Carl Sagan novel, with a top-notch cast, this is a very thoughtful and well-told story. As science function goes, it's also a reasonably likely way that early contact between civilisations is likely to happen - i.e. exchange of radio signals.

I often wondered if it was loosely based on "Macroscope", by Piers Anthony...

Comment Different Tack (Score 1) 315

There's a wealth of excellent suggestion here already, but I'd like to take a different approach to answering your question. Put simply, start with you customer[s]. Your post does not mention but strongly suggests that this software is for in-house use. On that basis, identify your stakeholders and understand their appetite for risk and their desire to move forward quickly.

As the old adage [of project management] goes: "Do you want this quickly? do you want this with quality> do you want this at low cost? Pick any two..."

Once you have a clear picture of the risk appetite and operational demands of your client, you are going to be able to make some strategic recommendations about the way you go about developing software. However, one observation I would make is that whatever answer you finally come up with, one of the most important things to realise is that you can't "create" good software quality, it has to be controlled. What this means is that to drive up software quality, you have to apply the right controls to the right steps in the delivery sequence.

If we were to go just from the text of your post, then we might recommend that you deploy some form of software configuration management (SCM) solution, such as Rational Clearcase or one of the many closed or open source competitors. This will give you "hands off" deployment of code to your Production systems, which means that you can then remove Developer [update] access to Production systems. Of all the things you do, this might be the single most powerful, because now you have created a control that requires all software to go through a formal change process.

Once this is in place, you might then be able to layer additional requirements on to your process, such as "All changes to Production systems must be approved by the Business Owner of the application being changed". Or perhaps, "All change requests must be accompanied by a User Acceptance Testing Lead sign-off that the code has been tested and accepted." Or maybe, "All changes must be accompanied by a backout plan that has been tested in the UAT or QA environment". Sorry, this kinda assumes you have segregated environments. If you don't, well, good luck, I guess...

These are, of course, just scattergun suggestions as to things you might like to take a look at. Without conducting an end-to-end risk assessment of your SDLC practices, it's actually difficult to know where to start. However, if you have access to any Industry Standards, then you might find lots of useful "best practice" advice. Among publications I would recommend, you might like to look at:-

NIST Cyber Security Framework (CSF) Release 1.1 [Free]
NIST Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP800-53r4) [Free]
COBIT 5 [Licensed]
ISO27002 [Licensed]
ITIL Service Management Framework [See Wikipedia reference Page, Axelos, etc][Licensed]


In short, there is no shortage of best practice guidance out there. Your challenge will be to look at the size and capability of your organisation, at the risk appetite and budgetary tolerances of your sponsors, then go from there.

Comment Look To The Telcos... (Score 4, Interesting) 85

Up until March or April last year, I was taking 3-5 scam calls per week, to an un-listed UK land line number.

Most of the time I just did my best to keep the caller busy for as long as possible, purely to stop them spending time on the next victim. However, one day, as part of my challenging the caller to "prove their identity", the person I was speaking to actually managed to disclose my personal account number that I have with my UK telco/ISP. This number is printed on invoices but otherwise not used; it has no relation to my phone number, email address, or anything else.

The only way the caller could have known that detail - and correctly identified me from it - was if they were either an employee of my telco, or had stolen data from them.

I did some more digging, let the caller go, then got in touch with the anti-fraud team for my telco. Obviously telephone fraud is a big deal, with lots of un-paid bills and some large sums of money involved. So: this is a serious team with skilled people, people who can take scams seriously. I eventually got put through to an investigator and managed to convince them that they had either a leak from, or crooks operating out of, one of their India call centres.

I have not had a fraudulent call since then.

Let's just repeat the salient bit of that: an average of 4 fraudulent calls per week; one call to my telco anti-fraud team; no more calls for almost exactly one year.

I could not in truth write that my telco had a criminal gang operating out of one of their India call centres; but the evidence from my side suggests that is a likely explanation. The use of fraudulent email domains is only part of the problem, however, because without the calls we would not be prompted to visit them. [ OK, spam notwithstanding].

You would think that ISPs would be a bit more vigilant when it comes to signing up new customers; you would also expect that telcos with India-based call centres were more careful in watching their employees... Sadly, both of these activities would eat into profits. The truth is that the big telcos don't care if we are impacted by fraud, as long as they are not directly losing out in the process.

Until that changes, the calls will continue.

Comment BBC Micro, in about 1981 or 1982... (Score 2) 857

... Started out with Audio Cassette player to load and save software.

Then came floppy drive solutions, ending up with a pair of 400/800kb 40/80-track, double-sided, switchable drives in a bridge case that sat over the back of the BBC.

Then a 6502 Second Processor was added, which made programming in BASIC much more reasonable [more space for code, in any screen mode] and brought me "Second Processor Elite". Wow...

That gave way to an Acorn Archimedes A440, which had an *actual hard drive* [MFM configuration - even pre-IDE drives]. of 40Mb capacity... That and 4Mb of RAM, in the days when an IBM PC could not handle more than 640kb thanks to design limits... as well as a 4 MIPS 8MHz risc processor [the precursor to the chips that power 90+% of smartphones sold today...]

Happy days.

Comment Re:The real problem... (Score 5, Insightful) 286

And the only reason Microsoft are doing this is [likely to be] because the EU were basically telling them that their latest privacy-slurping OS was going to run foul of EU legislation if they didn't come clean. Having Windows 10 banned in the EU because of privacy concerns was likely a suitable incentive. What a shame it has come to the point where companies need this sort of inducement to come clean.

Comment Goes Back To Kennedy (Score 1) 166

When President Kennedy famously said, "We choose to go to the moon...", a significant part of the decision stemmed from what was known as trickle-down economics. The idea was that buy investing a huge amount of money into NASA, but then require the agency to outsource much of their work to sub-contractors scattered around the country, the act of pouring billions in at the "top" (NASA) would see that money help lift a huge part of the national economy.

Unfortunately, all the big suppliers found they liked the idea very much. Then someone (no doubt in industry), came up with the idea of cost-plus contracts (in which the government pays a contractor the cost of developing something, plus a guaranteed profit margin. Which is, of course, the perfect inducement to allow companies to inflate their baseline costs through kickbacks that end up being paid by the taxpayer.

This doesn't necessarily mean that outsourcing to the private sector is inherently bad, just that, like anything, it needs close supervision and complete transparency. Corruption dislikes transparency...

Comment Flying the Antitrust Buffet (Score 2) 114

Microsoft have plenty of experience at being subject to judicial oversight and investigation, so the chances of any smoking gun being found in this specific case seems completely unlikely.

However, if anyone actually captured reliable evidence that a change in the User Agent string could generate such remarkably different outcomes, then there is a question to answer here. Adjusting the performance of one product [their Cloud offering] to favour another Product [the combination of Windows and Edge] would appear to fall pretty close to the definition of "tying", something that Microsoft have direct experience of - they were fined, for example, for tying Windows Media Player to Windows - so it would be interesting to see what could have happened had the outage been more widespread or prolonged.

I think this sort of activity is becoming more widespread with time, not less. Despite the protections apparently afforded us by the law, we see far more bending of the laws than ever before. It's as though we've entered the "Scooby Doo Era" - "Yes, and I would've gotten away with it, too, if it wasn't for you pesky kids!!!"

To which I'd add, "Nice work, kids..."

Comment Driven By Corporate Greed (Score 3, Insightful) 87

I use a different UK telco/ISP as my service provider but I have seen exactly the same problem as those reported in the OP and in the linked article. The thing is, the issue isn't Teamviewer per se, or even that the ISP chose to unilaterally [and without consultation or warning] block the technology on their portion of the network]. These are symptoms and consequences of the real problem.

The fundamental issue here is that the ISP in question chose to outsource a portion of its Customer Service function to a deprived area of India - an area where they could hire trained staff to work for a fraction of UK wages [about 20-25%] and thereby increase their profits by a corresponding amount. There are zero benefits to the customer from having a call centre in India - the only ones who get to benefit are the Directors, Senior Management and shareholders of the company in question.

Up until March 2016 I received 2-3 such scam calls per week. Then one day one of the callers made a mistake and quoted a company-internal reference number from my telephone [landline] service provider. The quoted data was unique to me, only printed on my paper statement and unrelated to any other details about me. Armed with this [and a couple of related facts I managed to tease out of the caller] I got in touch with my telco's Fraud Prevention department and had a long discussion with one of their investigators. I asked that the person concerned cross-check their call database records from their call centre to see how many times my UK number was called, and on what occasions, and from which of their operators. I had enough information to persuade them that the attempted fraud calls were originating on their equipment - and suggested to the person that my telco's own call centre infrastructure was being used by a criminal group to perpetrate fraud against UK customers.

At first I received bluster and pushback, at which point I suggested that in the event my telco did not take the matter seriously, I would complain to my Member of Parliament, the UK telecoms Regulator and the press.

March 2016. Have not received a SINGLE fraudulent call since.

The issue isn't TeamViewer. The issue is that TalkTalk have put their profits before safe business practices. Clearly they don't protect their client data, they don't screen their employees effectively and - if they are anything like my Telco - they don't even know when their own call centres are being used to perpetrate boiler-room fraud.

I just wish that I could find someone in UK law enforcement willing to take this sort of thing seriously and start to see the large corporations prosecuted when their negligence endangers the safety of their clients. Unfortunately, until there are some serious fines handed down, or preferably until a couple of directors are jailed for breach of duty, negligence or malfeasance, this isn't going to change.

Comment Re:A Certain Inevitability (Score 1) 353

I for one, would be ***totally*** happy with that arrangement.

Bear in mind that when I purchased my copies of Windows 10 Pro 64-Bit from Microsoft, they cost me £220 each (including VaT). Yet even when they charge me, Microsoft are still harvesting all my activity data which they are then selling - and making a significant profit on.

But to your point - if Microsoft were willing to sell a £200 copy of Windows 10 with no harvesting, or give me a free copy *with* harvesting [or, say, for the cost of the media], then I'd take the paid version every time. The thing is, they will refuse to do that. If we could ask them why, I suspect they would come out with some complete nonsense story, like "it's not possible to split the code between the two versions", which [let's be honest] is just another version of "Internet Explorer is part of the Operating System now, we can't split it out".

The really [hilarious/scary/offensive/insulting] thing is: they actually have a privacy policy on their web site. It's here

https://privacy.microsoft.com/...

if you are interested... Not worth reading, however, since it just says [I summarise for you], "We harvest data about you, and reserve the right to do whatever we want with it. Oh - except that we don't use your personal data to target ads to you."

That last bit might sound very magnanimous of them, until you realise that whilst Microsoft might promise not to use your personal data to target ads to you, there is nothing stopping them selling your personal data to third parties so that *they* can target ads at you! The problem with widespread data collection is simple: leaks happen. You cannot leak what you don't collect. No matter how sincere, no matter how honourable they may be, Microsoft are not infallible. If they build up profiles on their users for marketing purposes [and: that's exactly what they are doing] and those profiles got into the hands of criminals, then as users we would be all out of luck...

Comment A Certain Inevitability (Score 4, Interesting) 353

As someone forced to purchase new Windows 10 Licenses for 3 new-build PCs recently, I am extremely annoyed with Microsoft's strategy of using the Operating System to spy on and make money from their users. However, I don't see this situation changing - and here's why:-

When Microsoft licensed copies of earlier editions of Windows to large PC manufacturers [the likes of Dell, HP, Acer, Asus, Lenovo, and so on] they would charge something in the region of $15 per copy of Windows. That amount covered the cost of generating holograms and tracking the number of licenses issues, as well as adding [given the volumes involved] quite a bit to Microsoft's bottom line. However, this was quickly offset the moment you moved away from these volume channels to smaller vendors, local "Mom+Pop" PC support shops - because even though this channels were charged an awful lot more per license, there was also much greater piracy involved.

With Windows 10, Microsoft are charging $1.49 per month, or $9.99 per year to disable advertising just in their free desktop applications [i.e. Solitaire]. However, that payment does not stop your copy of Windows 10 from slurping vast amounts of usage data from your PC and sending it to Microsoft. Obviously, they then use that data to build detailed profiles which they sell to advertisers. Expect much more of this to happen in the future. The remarkable thing is, estimates suggest that Microsoft could be earning as much as $15 per year per user from this "sale" of their user base to advertisers and other consumers of bulk data.

So if you were Microsoft, and faced with generating an average one-off fee of $15 per paid copy of your OS, or earning $15 a year from "giving it away", which would you choose?

Much as I hate to say it, I think this is with us for good now. And, bad as it is, this isn't my greatest fear. No, what is worse is that my favourite GNU/Linux distributions could take a look at the Microsoft model and think, "Hey, we could do that" - and before we know where we are, everything has gone the Canonical/Ubunut route and all our favourite FOSS platforms are also shipping with spyware by default... Let's hope that doesn't come to pass...

Comment Never Let The Facts Get In The Way Of A Good Story (Score 1) 73

Don't want to sound completely negative, but this piece by Vinay Gupta is living in denial of reality.

For example, as an illustration of how blockchain could "revolutionize" people's lives, he suggests that in the future it would enable an AirBnB renter could select a property with one transaction, but then furnish it with short-term-let furniture sourced via a second transaction...

Gupta concentrates solely on the idea that somehow Blockchain is going to solve the thorny problems of micro-transactions and ultra-short-term insurance and that equally mysteriously, these solutions will make this fictional future a reality. He fails to consider

1. Where the original home-owner's furniture will be stored during the short-term let [oh, wait, is that another micro-transaction enabled by Blockchain?]

2. How the cost of shipping furniture to a home - for a few days, a few weeks at the most - might somehow be absorbed by the furniture renter at a profit, or by the purchaser of the service. This is not an inconsiderable cost, certainly to the extent that it would take the viability out of the proposal.

In my view it is a shame that the article chose to focus on the areas that it did; I do believe that blockchain has the potential to simplify a range of activities, just that the pitch expressed here may not be the best examples. In fact, I will go further:

To bring actual, useful benefit to our broader societies, blockchain must not only streamline existing activities that we rely upon on a daily basis, but it must be able to do so in a way that is sufficiently disruptive to break away from the incumbent holders/owners of the process - in such a way that the benefit reaches the end user/consumer.

For example, we could easily imagine a scenario for currency conversion in which a federated sharing model would enable private citizens to "swap currencies" with peers in other nations, whilst cutting out the excessive fees charged by banks and credit card companies. However, there is an elephant-sized problem, which is how you would go about executing the trade in the real world. Do you want me to physically meet my peer and actually exchange paper currency? If you want me to accept the currency electronically, how am I going to store it? Via some trusted digital exchange medium, like, say, a credit or debit card? If so, I am going to need a bank to act in an escrow capacity to underpin the transaction.

I think the author fails to see what enabling technology would be required, or how hard it would be to displace incumbent providers. What is *much* more likely is that major players in sectors that can leverage blockchain - like big banks - will be able to use it in a way that further enhances their profits, without allowing any of the benefits to flow through to consumers. Or perhaps the author does see that, and the article is just part of a misinformation process?

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)

Working...