Saturday, 6 February 2010
Demise of waterfall, concept or reality?
Agile development approach has been the most adopted methodology for 21st century development, and software project management. "Some have said that 2007 was the year that Agile arrived, with agile development best practices such as automated builds, test automation, and continuous integration finally beginning to reach critical mass among Java developers. While this is true in theory, the fact is that most Java enterprise projects are still based on more traditional development methods, such as the Waterfall model".
Take Scrum for instance, we know a strongly modelled scrum is a projects that are "divided into succinct work cadences, known as sprints, which are typically one week, two weeks, or three weeks in duration. At the end of each sprint, stakeholders and team members meet to assess the progress of a project and plan its next steps".
Isn’t this what developers and stakeholders has conceptually been practicing since the prime times of waterfall, which many believe is at its demise. At each stage of the waterfall model is a well iterative concept (such as Scrum) adopted to make sure before we proceed to the next stage of the development process, deliverables would have been well designed, coded and well tested.
Waterfall methodology is still utilised in today’s software development, practically because – each stage of the development process is an adopted agile process interactively and iteratively utilised to derive a quality working product. One might argue, but waterfall never iterates the actual project, simply because water flows downwards and ends there.
When a project exit the deadline, it has exited the deadline - any subsequent call for modification triggers a call for design changes, code modification, testing and walkthrough and modification of documentations and re-implementation. This put together is water pouring from one glass to another.
Friday, 5 February 2010
Trusting the untrusted.
Most internet users are reluctant to change their password, trusting they are not victims of exploits. Well I suppose we all do it thinking what possibly could our credential worth. Password change is very vital when operating from home networks. These are more susceptible to exploit attack as witness from Twitter and not long ago Hotmail. "An intruder doesn't have to be inside your home or office building to manipulate a wireless signal. For example, they could be sitting outside in their car sniffing out your data all while enjoying a sandwich. Before they have a chance to complete the meal, the intruder can learn just who you work for, how to access the company network or even transfer money out of your bank account if the right security is not implemented."
Not only that, changing your web password from work area networks can be prone to exploits due to exploit sniffing tools utilised by trusted network and security engineers and other internal staffs, to filter, sniff and intrude in our private mails and explore your private life around social networks. I think everyone is purely aware of the capabilities of the expert, consequently an oversight and perhaps a little trust is what is keeping our virtual instance alive.
A few days ago "Officials at Twitter linked the resetting of passwords to a malicious Torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts today." Darknet blogged.
"According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push out a password reset to the accounts, he said. After launching an investigation, Twitter officials linked part of the problem to malicious torrent sites." Darknet blogged.
"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," Harvey blogged. "However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up."
Subscribe to:
Posts (Atom)