Sunday, 15 January 2017

Developer : How Big Is Your Floppy?

What are they teaching kids today?  I've just had the pleasure of talking to a gentleman whom has received a degree in computing from Stanford in the United States, I'm sure he paid a fortune for this education... He didn't know how many bytes were in 1.44 megabytes.

He literally said "about 1.44 million".  This was related to an old format of file being taken and converted for transmission over Wifi, the size of the data was relatively immaterial, but the source; historically speaking; was a 1.44 megabyte HD floppy disk, and though the floppy was long gone, the format of the file with it's limitation was not.

It got me thinking though, he was sat there, I'm sure earning more than myself, and he only had a jogging mental map of memory sizes, so I took a look at the Standard website, particularly the CS101 course... sure enough:
  • "Byte" - unit of information storage
  • A document, an image, a movie .. how many bytes?
  • 1 byte is enough to hold 1 typed letter, e.g. 'b' or 'X'
  • Later we'll look at storage in: RAM, hard drives, flash drives
  • All measured in bytes, despite being very different hardware
  • Kilobyte, KB, about 1 thousand bytes
  • Megabyte, MB, about 1 million bytes
  • Gigabyte, GB, about 1 billion bytes
  • Terabyte, TB, about 1 trillion bytes (rare)

Yeah, a terabyte is rare?... NOPE!... A kilobyte is not "about" anything it is exactly 1024 bytes, and a megabyte is not about 1 million bytes, it's exactly 1024 kilobytes, therefore exactly 1048576.  By using this "about" prefix they had made a megabyte sound 4.8576% smaller than it actually is, that's not insignificant!

And so forth.

This looks very much like an out of date page, but it is the first search result from google too!

Even wikipedia gets the right values before this page did!
Posted by at No comments:
Labels: , , , , , , , , , , ,

Friday, 13 January 2017

Development : No Tests before a Prototype

I am NOT a fan of test driven development, does this mean there isn't a place for tests whilst you work?  No, it does not, I believe there is a place for tests whilst you are working, however that place is beyond the initial hard development and broad strokes of laying out the project.

When you first begin a new project there are so many things to consider, settings, scopes, layers, inherited domains just so much you need to physically take from the design pages through your teams brains and down to the keyboard.

I could even define this as a "pre-sprint" within Scrum to push out a product that the owner can then give you that first feedback on; especially if they are none technical and from this point on, from this first step you can cycle through Scrums into Sprints and with that change you can seed your development into more expansion and maintenance of code, when you do that, when you have something to test against then you need to add those tests and start to use them as a tool.

They should not drive your development, they should drive your keeping the developed work in order.  N-Crunch, N-Unit, G-Test... All these frameworks on certain languages (like C# and Java) work very well as you can reflect out the language, but before you can reflect out something with languages like C++ or C you are stuck over-engineering your tests before that first evolution of the project.

There is a name for this first evolution, it's called a Prototype.

Not many teams value a prototype, indeed Scrum itself never mentioned them, you are meant to jump from idea to stories to backlog to releasable code, and in my opinion this is not easy, it's not really communicative of what you are doing either, especially when the product owner is the only person within the development stack whom can redirect the team, but without that first tangible something many product owners can be literally lost.

Earlier this month I talked about the idea that a product owner needed to use the software life-cycle, an old idea, but a good one... Today I'm saying before you can really start to use inline tests within your IDE and before you can start to run scrums you need a prototype, arguably an even older development paradigm.

So what is my point?  Why do I keep bringing this kind of topic to the fore?  Well, simply put I believe there are far too many teams with far too many people in them not willing to push the envelop, whom are not willing to ask questions of the process they are following, not willing to bend or twist or shape the working environment to their way of working whilst simultaneously keeping up the bests practices those processes are there to enforce.

I suppose a Scrum Master should help with this process, but I find far few do, because the division of my problems with these Agile development mantra lie in the disjoint between idea and actually hitting the keys.  At times I see teams which are literally headless, they are a dozen monkeys typing a dozen keyboards, and they're being cheered on by the Scrum master, beyond those walls however they've no idea how it applies to the company, they have no interest or feedback on the return on investment that the Product Owner is all about.

A prototype, beyond a discussion, beyond the initial design, it can form the best kind of spring board and drive the best kind of Product Owner feedback down that chain, but it has to be created unfettered, unburdened by the micro-management of a scrum or sprint, it has to be created in a linear no-none-sense holistic head-space and used as a tool.

This is not being done very often in the teams I see around me.  Perhaps because it is thought of as old school, as a "has-been", however, if you look the hyper success of some products; say Minecraft; it maybe managed however Microsoft want now, it maybe teams running sprints, however Notch started it all with a Prototype.
Posted by at No comments:
Labels: , , , , , , , , , , , , , , ,

People : Who is Robert Yates?

I'd love to know who Robert Yates is... I noticed a small bump in my viewing figures, someone had been viewing my site over and over with a source redirection of "protopage.com".

I've never heard of protopage, so took a look and found my humble blog here being a feed on the page of a one "Robert Yates".

Robert, thank you for adding me as a feed on your page, to reside alongside such illuminating voices as Dilbert is great to see, my only question is why?  What brought you to my humble abode?
Posted by at No comments:
Labels: , , ,

Wednesday, 11 January 2017

Development : Scrum needs a Software Life Cycle

I'm trying to avoid sounding like a dinosaur today, but I have an issue with Scrum... I've been a team member and a scrum master, but I've never really been a product owner, until now... I'm currently in the middle of a large background turn around for my employer where a project which was largely parked and ignored for nearing three years has been awakened like some mammoth from the permafrost.

For the project in question though it had been frozen for a long time, the whole team who worked on it had been let go, I am the soul development survivor.  I therefore find myself the team member, scrum manager and product owner...

And so I'm being pragmatic as I swap roles and perform different tasks, I do have a tester with me, so I have to hold a scrum for him, and I've passed on several stories and he in turn has helped, from the requirements, produce stories for us to tackle head on.

The large part of the work however is from a document, handed to me, and I've been left to generate some movement.

The first thing which has struck me, and something which you never really see mentioned when you look at the Scrum training materials or concepts, is that the product owner needs themselves to have a Software Life Cycle.

They need to Analyse their requirements, to Design what the product should be then hand it over to the team to Implement, before seeing it gets Tested and meets their requirements.... Very much as I was taught the general software life-cycle in the 90's and used it thereafter... Long before Scrum was in vogue.



I asked a peer to review my thoughts on this, that we were driving the development for the requirements at hand with a software development lifecycle, which struck both he and I has "old hat" delving down the chain to the team (still myself, but that will change soon) as a Scrum & Sprint pattern.

Our conclusion is that, indeed a "Product Owner" when they come to think about "AS A <ROLE>, I WANT <FEATURE>, SO THAT I CAN <DO SOMETHING>" stories they are really unguided, that Scrum talks about the team understanding the requirements, but the methodology assumes those above have a good grasp on the requirements.

We went to far as to say that modern development of small light parts, or pages, within an app or web-page might never meet this dichotomy, that you need to guide the whole system and thought about the whole thing long before you come to write your stories, only a large system implementation; such as I am undertaking; might fall into this crevasse.

I can see how easily it might be for myself in this temporary triple role to lead myself off course, I can see how hard it might be for the Product Owner to express what they want, and I look at the Software Development Life Cycle and I think... "If only they'd mention that Product Owners should be along that road before they run into Scrum", some projects might run more smoothly, the tasks of Scrum Masters might be easier.
Posted by at No comments:

Monday, 9 January 2017

Developer : Being the Outsider

As someone controlling projects it's sometimes hard to get into the action with others around me, the best way is to talk to those people, to be involved to offer anything you can; perhaps not opinion, but fact to start off with.  Over time working with people this way I've always found you are invited into the more intimate meetings, the nuptials of the project, if you will.

This is a natural, human, process.  Great, or grand, projects such as Nasa's probes to the outer planets in the 1970's had much press attention, indeed some projects such as Nasa'a Magellen probe of the 1990's had press not only present, but directly interacting with the engineers and scientists (and then writing excellent books - "The Morning Star" by the late Henry S F Cooper anyone).

However, the mundane and private enterprise contains projects of a lot less public interest, indeed they are private interactions.  And if as a member of a company you've not yet had time to foster those friendly interrelations to gain constructive access to the meetings about a project you do find yourself as the Outsider.

You can hop and jump and try to peer through the murky world of hints and conjecture, but without getting up and digging into the project this can be hard work.  You may just want to help, but those inside the project might perceive you as stepping on toes, or going beyond your bounds of responsibility.

This is where the management have to see something, if you're already in a position to approach the project as a higher grade or manager role and offer yourself into the loop, that's easy and relates back to building bridges.  But if you're not, management have to recognise and apply you to the project.

Beyond team membership, stepped aside from the scrum master, and not overarching the product owner; to use the right buzz words, that is you have to literally be a fly on the wall and then slide yourself into position to help, rather than hinder.

How you do this is dependent on the people, you can offer code review, document review, hints or tips on hardware or architecture.  You can assist the team members or scrum master, even getting a round of coffee in can be that little bit which helps keep the folks on track.

But without yourself oiling the cogs of development with presence, approachable and an obvious willingness then you will likely remain the Outsider, you won't be on the ground floor for development meetings, you won't be in the loop with e-mail about project, you won't even know what is going on around you.  If you end up in this situation, you need to address is up the chain, to push for somewhere to help yourself fit.

You always need a good manager above you to help with this, and in return you need to help them in order to help yourself.
Posted by at No comments:
Labels: , , , , , , , , , ,

Friday, 6 January 2017

Administrator : Fired Employee Stole Software Serials!

Today I've had to deal with a security issue for a friend, a certain department manager had a machine with a set of serial numbers for each of his developers tool stack, quite expensive stuff, these were stored in a text file on his desktop in a folder called "serials".

The problem?  Before Christmas an individual was asked to leave the company, his parting gift?... He stole all the software.

They knew this because he got a little drunk with a common friend of the manager over New Years and boasted he'd be starting his own company with the same software stack... We're talking about £4000 worth of software.

The machine the chap was working on (windows 7) was pretty locked down, he could not  install, nor run a cloner, nor could he add a drive or boot from CD/USB or even get into the BIOS settings to take the software directly off as it was installed.

My friend, investigating, suspected that the chap had simply taken the serial numbers, the manager frankly denied this.  His machine was checked, no-one had been accessing it other than him, there was no file sharing set up and it too could not be booted into anything other than the Windows 7 installation on the machine....

There was no-way, in the managements eyes, that the software could go missing... My friend suspected different... And so co-opted me to help, getting a copy of the disk I was not able to log-on, but I could see a whole bunch of scripts run at start up, whenever ANY user logged onto the system, they ran a series of scripts, one of which was a batch file (slaps forehead).

This batch file was stored as a regular file in a folder "C:\devscripts" and could be written too... I had a hunch this was where something could go wrong, but couldn't initially see how, the file looked unchanged... But then I noticed a hidden folder... a git repo metadata folder... in the same directory.... It seems the source of both this folder and the file was a git repo, so updates to the devscripts would be stored and commited to the git repo... and pulled to each machine every-reboot.

But the git-repo was open for ANYONE to commit to!

The developer had simply, within the massive cloud of commits, committed a new batch file to the repo.  This new script started the python interpreter with the command line "-m http.server 8080 C:\Users\<manager>".

The development machines used port 8080 for the remote debugger, and let this connection start without warning the user that a new firewall rule was required.

The developer then simply used "wget --spider" to pull all the files from the managers desktop, this included a bunch of documents about staff performance and of course the serials folder in it's entirety.

Once he had all these files, just before the festive break and his departure he committed the original script again which removed the starting of python.  He did this in the midst of the sprints to the break no-one noticed that their commit numbering had slipped by a place!

If he had reverted the repo he'd have needed the managers approval, but as it was the script just went from green to a yellow to a green against their sign off system, so no-one paid it any attention that the revisions had slipped in date & time.  And that the sign-off system didn't treat the signature of the commit as being different was a bug in the system.

So the lessons to learn...
  • Don't let batch files start as the root user on a machine, EVER!
  • Don't update said files from a public or even open internal source
  • Don't just ignore any subtle changes (like the commit number order changing) when you observe them!
And when you fire a developer, fire them!  Don't let them sit there with anything connected to your network, you just fired them!  They'll want revenge!
Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday, 2 January 2017

Administrator : Show Network Abuse...

As a network boffin it's always very difficult to express to every possible audience quite how busy & complex a job you have, not least in today's environment where you have wired and wireless connectivity from every imaginable device, uPnP, SSDP, ARP, netbios, Active Directory, DHCP, DNS, UDP, TCP... It's a plethora of fields you have to take collectively as knocking on the proverbial door to your network adapter.

Recently we've employed the excellent Solarwinds tools as a method of network node and inter-connectivity debugging, and as much as I enjoy presenting the truly informative flow-charts and information they don't show quite how huge the amount of data and number of packets flying around is.... I therefore set about visualising and displaying just such a situation to an audience...

A Ubuntu VM, with the I3 desktop and a little time later.....

cd~
git clone https://github.com/the-tcpdump-group/libpcap.git
cd libpcap
./configure
make -j4
sudo make install

Then...

cd ~
git clone https://github.com/the-tcpdump-group/tcpdump.git
cd tcpdump
./configure
make -j4
sudo make install

And now, I could... "tcpdump"... to just spew everything into a terminal window...

Open another terminal window and I could "tcpdump | grep 'facebook'" and see how much time people were flying off to facebook, the beauty and simplicity of the i3 desktop along with the raw output of tcpdump soon conveyed far more stark a message from a monitor on my desk than any e-mail could or diagram could communicate.

Just the TCP packet headers were enough, without prying into what was being sent over a company network, in company time to facebook... and ebay... and whatever else... 

Using egrep I could dig even further into the headers and get very specific, laying out the desktop with i3 just further emphasising the flow and pattern of usage... Anonymize it and I'd have a decent techy screen-saver too!

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Comments (Atom)