Natural Order Development

Big company, large IT department, huge wiki server used by all. Do they have a recent backup? If you count 6 months old as recent then sure. Of course for a project started since the last back up that put 100% of the documentation into the corporate wiki when the server breaks and they have to go back to the back-ups this sucks.

Now of course being a tech-head I have ultra paranoid cleanup settings on my cache, browse history and other things. But, managers and office types often don't care nearly as much.

Enter the very cool Firefox feature about:cache now that is a handy little magic URL. And thankfully some people just don't bother with making sure their cache is cleaned out on exit.

Wow, cannot believe so much time has passed. So what happened? Why a child of course. My son hit a coming to awareness level where he wasn't just a feed -> sleep -> poop machine but started talking, playing and of course the running.

This of course is the point where most parents disappear from everyone's lives for a year or two.

Now my desk is buried in piles of papers, my books have a nice layer of dust, and the house needs a year's worth of maintenance. Oh and I am trying to remember where I left off with this place. I see nothing has changed.

This is a compilation of a 4-part series of articles on the status of digital rights management from the Digital Rights Management Watch site (which has transitioned into a new format now and can be found at http://copyrightandtechnology.com/. I think it’s a very good overview on some recent technical, commercial and legal shifts in the digital content domain, so worth a read.

What a funny story. (warning spoiler ahead) I mucked it up but good.

Ever totally destroy your boot record on an XP box? How about blowing up both your MBR and GRUB on a dual boot system. Where here I sit. Although I have a current and complete backup of all my data, it has been some time since I took an image of the disk with the software installed just as I like it. Lets face it, the box was turned to happiness, everything was installed and cleaned up and it was a perfect time to take a backup image of the laptop that could. In fact I was thinking about doing that over the holiday break.

Instead I looked at the box and got to wondering why I only had 1GB of disk space left on the laptop I explicitly bought cause it had a much larger disk then the other version of the same that had a docking station potential. That is when I discovered that I had started a dual boot experiment with the thing just before i left my previous job (which was in process of moving to an all SUSE desktop and server style).

So what happened? Well it went like this: Hmm... haven't booted to suse in over 2 years. still boots, hmm... what was the passwords... hmm.... hey nothing here at all... don't need this 2 year old SUSE partition at all ... boot back to Windows XP, open up the disk manager, delete the SUSE partition, reallocate it as a windows partition, format it, fix the driver letter assignments. Cool! Now I have a nice 80GB of "data" space / backup storage. Lets organize a bit. Move this over here, move that over there, rearrange this stuff. Wow this is nice. Whoops its 1 AM time for bed. Shutdown. ... next day ... boot ... What do you mean you don't have a bootable device? Crap ... grub was on the second partition? OK fine no problem C: was bootable before I went dual boot. So where did I stuff that XP install DVD? Ah yes Windows XP Install Disk, boot to CD, wait for it, repair console, login to C:, run fixmbr on C:, done. Solid! That should fix it. ... reboot ... What do you mean you don't have a bootable device? Crap ... Lets see, XP Install Disk, boot to CD, repair console, login to C:, run fixboot on C:, done. Solid! That should fix it. ... reboot ... what do you mean you don't have a bootable device? Crap!! Hmm... I have Partition Magic somewhere and I think it can do something about this ... ah heck, where did I put it? ... More to come.

Just had a reason to open up my code archives. Not a big deal, just checkout the older stuff from the Subversion archives and add some new Eclipse projects.

Lions, tigers and bears oh my. What the heck are all those warnings!?

LOL one of the things I started doing a few years back was to start worrying about TDD and code complexity. Somewhere in the last couple of years I added the metrics plugin for Eclipse (http://eclipse-metrics.sourceforge.net/). Which is very nice since it supports complexity checking using a number of different metrics:

• McCabe's Cyclomatic Complexity
  
• Efferent Couplings
  
• Lack of Cohesion in Methods
  
• Lines Of Code in Method
  
• Number Of Fields
  
• Number Of Levels
  
• Number Of Locals In Scope
  
• Number Of Parameters
  
• Number Of Statements
  
• Weighted Methods Per Class

Sometimes you really should let the past remain the past. I had such fond memories of all these cool and wonderful applications and utilities I wrote years ago at the beginnings of Java. Yet here I was looking at them using the latest Eclipse with all the TDD and metrics warning thumbscrews in place (to keep me honestly doing what I preach) having to view my own legacy code.

This will make far me less critical of other legacy code I have to clean up from now on. Yes, my legacy applications still compiled, they still worked. But code coverage is zero, cyclomatic complexity is up in the 50s for most of my methods (in the hundreds for the control points) and oh my do I really have methods over 200 lines long! This is a very humbling experience.

If you'll excuse me I need to sweep the dirt off the floor, dust the corners and polish the brass in my own legacy code.

This might be a public service announcement. After all it is a heated U.S. presidential election and you really should participate. With elections coming up it is a good idea to double check your voter registration.

But, funny thing happened on the way to the Washington State Voter Registration page. I discovered all I need to see if anyone I know is registered to vote AND what elections they have actually voted in is their first name, last name and birth date. Check, check and oh oh a few of my friends haven't bothered to vote in a long time. Funny how hard they argued over the last election. Even funnier is one was so adamant about getting out and voting.

Yes, yes, I know that voter registrations are public records. I also know anyone can request a complete list of registered voters from each state. Some states even have monthly subscriptions that you can get on CDs.

As one of my coworkers so aptly put it "it would be even more disturbing if you could also see who they voted for in each of those elections."

If you are legally able to vote. Please register to vote, pay attention, read those voter pamphlets, ask lots of questions, write your congress critters about anything that you find hopeful or disturbing and VOTE.

It was not long lived but will be missed I cannot believe Google is discontinuing this product. I loved it. I used it daily. It always did all it was supposed to and never failed.

There is NOTHING even close to a replacement. I don't even know if I'll be happy with browsing from all my systems again.

References:

• http://www.google.com/tools/firefox/browsersync/
  
• http://www.grantmidwinter.com/2008/04/02/google-browser-sync-for-firefox-3/
  
• http://groups.google.com/group/Google-Firefox-Extensions/browse_thread/thread/1c597fa1b6c8a420
  
• http://lifehacker.com/396112/google-browser-sync-discontinued-no-firefox-3-support
  
• http://googlesystem.blogspot.com/2008/06/google-browser-sync-to-be-discontinued.html

Honestly I am getting real tired of dealing with developers who seem to feel the need to rebel against any change in their thinking process. I have no problem taking classes, seeing something I haven't tried before and if I feel it might be helpful being willing to give it a solid try for a few cycles. And I fully admit it that I am an unabashed process freak.

And yet I am left with my jaw hanging open by people in my teams that state evangelizing against any suggestion to try something new. Every time I suggest we try something new I get the tired old "we don't need to fix what isn't broken" or worse "that smells like waterfall." Every time someone suggests something like modeling a problem, doing a domain analysis or heaven forbid any kind of diagram on paper (white boards are OK) people put their hands over their ears and start chanting "no waterfall, no waterfall." This gets annoying after a while.

You can call me lazy (I prefer "efficient".) I deplore doing boring and mundane things over and over again because someone is too lazy to see that it could and should be handled by a process. To me, even a simple process like the following is worth its weight in gold for the time it saves:

1. See bug
2. write test -- or fix test
3. run test, see test fail
4. fix code
5. run test, see test pass

I see developers (and am regularly pushed to do this myself) who will go in and find point solutions to a bug, not stepping back a notch or "up a level" to see if it is more "structural" first. I often say "you can master the details by doing a little modeling." I really have a problem with point solutions when the cause is almost always because the original design was not well thought out. Hours and days of my life (and other team mates) can be saved (or even better redirected to more interesting issues) if the higher level solutions to bugs are found and addressed. Isn't that what engineering is supposed to be about?

I'm not sure a process that doesn't involve someone in the loop who is able to spot that these "better ways" exists. You just can't escape the value of smart folks on the team that have been paying attention.

Sometimes a little curiosity is scary. For example I was Googling on term "anonymous surfing" and found some articles:

• http://en.wikipedia.org/wiki/Anonymous_web_browsing
  
• http://www.tech-faq.com/anonymous-surfing.shtml
  
• http://www.auditmypc.com/anonymous-surfing.asp -- This one is interesting because it will tell you how much information it gathered on you

Which led me to some other articles:

• http://www.wired.com/science/discoveries/news/2006/01/70051?currentPage=all
  
• http://www.htmlforums.com/e-commerce/t-how-do-websites-collect-user-info-24795.html

Which boiled down to basically although I thought I was doing a decent job of being anonymous as I walked around the great internet, I was leaving a few more bread crumbs behind then I thought. Lots of pertinent tidbits of data about me was still being left behind. In fact enough data to assemble a pretty reasonable picture of who I was, what I was doing and more interestingly where I was at that time.

Which then begs the question "should I be using one of those anonymizer proxies?" Which I still think are a bad idea because frankly I would be handing those proxy servers even MORE data on myself at one location run by someone or someones I do not know nor trust.

So what more could I do to leave less data behind? Glad you asked!

First lets start with the basics. Exactly what data is being collected? At each stop on the information superhighway there are always traces left behind. Web browsers send some data for you automatically to allow the server to know how best to format its output for you as well as to enhance your browsing experience, allow you access to restricted data and/or to allow some interesting statistics so the provider of the web site can see what their visitors are doing. All of this is perfectly legit and yet tells volumes of stories for example a single web page hit may include:

• IP (Internet protocol) address of the visiting computer - Each computer on the Internet is assigned a unique IP address. Your computer may have a static IP address or a dynamic IP address.
  
• Domain name - The Internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of a URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use.
  
• Software details - It may be possible for the web site to determine both the browser and browser version that you are using. The web site may also be able to determine what operating system your computer is running.
  
• Page visits - Information about which pages you visited, how long you left the page open, and whether you accessed the site from a search engine is often available to the organization operating the web site.
  
• Personal information revealed by cookies - If a web site uses cookies, it may be able to collect even more information, such as your browsing patterns, which include other sites you've visited.

What are the risks involved?

If the web site you are visiting is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk.

How can your personal information be used?

Generally, organizations use the information that is gathered automatically for legitimate purposes.

However, some sites may collect your information for malicious purposes. If attackers are able to access files, passwords, or personal information on your computer, they may be able to use this data to their advantage. The attackers may be able to steal your identity, using and abusing your personal information for financial gain.

Are you exposing any other personal information?

While using cookies may be one method for gathering information, the easiest way for attackers to gain access to personal information is to ask for it. By representing a malicious web site as a legitimate one, attackers may be able to convince you to give them your address, credit card information, social security number, or other personal data.

How can you limit the amount of information collected about you?

Honestly this is going to seem so simple. Common sense sometimes isn't so common.

• Be careful supplying personal information - Unless you trust a site, don't give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information. Although some sites require you to supply your social security or ID number, be especially wary of providing this information online.
  
• Limit cookies - If an attacker can access your computer, he or she may be able to find personal data stored in cookies. You may not realize the extent of the information stored on your computer until it is too late. However, you can limit the use of cookies using your browser’s definitions.
  
• Browse safely - Be careful which web sites you visit; if it seems suspicious, leave the site. Also make sure to take precautions by increasing your security settings, keeping your virus definitions up to date, and scanning your computer for spyware (see http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm).

If you really want to be anonymous do read the article on Best Free Anonymous Surfing Services (http://www.techsupportalert.com/)

Been dealing a lot of SCRUM items and it seems to me that a lot of teams keep missing the mark because of not clear "done criteria". For the record I think a minimum done criteria is:

• Code is checked-in into a central version control system
  
• A detailed code review (including comparison to any company and/or team coding standards) has been complete, any suggested changes implemented and final code has been checked-in
  
• Unit tests with demonstratable cover coverage of more 80% for non-integration / "out of container"
  
• Automated Integration Coverage (AIC) or Fit / FitNess integration tests are written with code coverage more than 80% (aka "in container")
  
• Exploratory manual testing by someone other then the developer has been complete with no open defects
  
• Some kind of profiling (a la JProfiler) has been complete on the developer's system and results are documented in release notes
  
• Release notes and/or usage documentation has been written (and in the appropriate place)

The team needs to keep these items in mind when estimating any backlog, unless these items are complete, the backlog item should not be called done. Of course there are more done criteria specifying the story or behavior requirements which are the responsibility of the product owner to provide (and the team to question heavily on.)