Over the weekend there was a very public iCloud breach that led to personal materials from several celebrity women being leaked and then published onto public sites. The bug appears to have been weakness in Apple’s Find My Phone feature. The security problem allowed access to a persons private iCloud with a brute force attack using a library called iBrute. Apple may have fixed this issue; if that is true the leak should be done.
A few months ago I was talking to an executive from a consulting company I respect. We were talking about doing business together. The executive pointed out that his company was known for across-the-board development, from concept to production, but they also wants to start more specialized practices, like security, big data, cloud operations, and project rescue.
Later in the summer, I read the same ideas as part of IBM’s new strategy in Cringley’s book, The Decline and Fall of IBM. It made me wonder – why does everyone want to get out of writing code?
It could be that IBM is taking a page from its own play book, exiting markets that are no longer profitable, just like it did with mainframes, PC’s, and laptops.
What does that mean for the rest of us?
ISO 29119 is a 5 part standard for software testing process and practice that was published in 2013. Standards are commonly used in other professions such as law and medicine to protect the consumers of these services. Medicine and law have existed for quite a while now and have had time to mature to the point where they have mostly accepted bodies of knowledge. Software is a very young profession, and software testing younger still and very much in flux.
Ben Simo, former president of the Association for Software Testing did a keynote this past week at CAST2014 on his experiences with Healthcare.gov. The keynote was about an hour of Ben describing very real problems he experienced while trying to seek an insurance plan for his grand daughter. To be honest, what he experienced was horrifying. The problems Ben experienced ranged from not being able to create an account to significant security issues. You can find descriptions that experience here and here on Bens personal blog.
It is important to note that Ben was not ‘hacking’ the site in any regard. He had an authentic healthcare need, and actively sought to communicate the issues he found to the proper people. He was able to isolate and describe these problems because of the years he spent developing developing skills as a software tester.
Here is an interview with Ben about some of his work.
One interesting question came up during the talk:
Was the massive initial struggle with healthcare.gov caused by bad software testing?
I’m not so sure.
A lot of the pressing issues with the website have been resolved now and people have been successfully using it to sign up for insurance. There are some clear lessons we can take away from this that are representative of how most software projects work.
Anyone can write a “hatchet job” article attacking a tech company — for awhile there, the daily Yahoo bad news was a running joke. Robert X. Cringely’s newest ebook, “The Decline and Fall of IBM” is something entirely different.
Cringely didn’t do it for the money; “Decline and Fall” is an ebook priced at $3.99. At the time he published it, he had a different, hardcover book contract with a publisher requiring their work be the next book Cringley would publish. With a heavy heart, Cringely returned the advance, worth hundreds of thousands of dollars, and put the IBM book into the world.
This book is a labor of love.
“Decline and Fall” is the work of a real journalist, investigating what had happened to a company he had once admired. A story of a love lost, the plot is all too familiar, full of outsourcing, layoffs, and incompetence. Sadly, it is familiar for a reason. The root of problem is a poison that is all too common in American business, and may be infecting your company as well. Continued »
A typical job advertisement in the tech space looks something like this:
Sure, this example is pretty campy, but it isn’t too far off from what you will see on the more ‘techy’ job boards.
But the most powerful new idea I had might just have been a five minute lightning talk on the SCARE Method. Continued »
It was a long week in Orlando, Florida. I attended sesssions on self-organzing teams, on no-estimates, on Acceptance Test Driven Development, had the privilege to sit in on a planning session on value stream mapping, and watched a wonderful keynote by Diana Larsen called Best Job Ever.
But the greatest things I learned from Agile2014 – the things that mattered – did not shout out their name as the title of a conference. Instead, it was reflecting on a brief moment, something that during my own sessions, that I learned about emotional reactions along with the difference between “agile” and “value.”
Let’s talk about it. Continued »
In software, and the IT world in general, most of the folks producing the sellable product are in a area of the company often referred to as a cost center. A cost center is any part of the business that, at least at a superficial level, has a negative impact on company profit. Cost centers for software companies are groups like development, testing or quality assurance, customer support, and product management. Pretty much anything that isn’t sales. In most non-software companies, the IT department is considered a cost center. They have high costs but don’t actually create revenue.
Let’s review a few interesting facts about Kevin Mitnick:
1) Kevin stole computer programs, including the source code to VAX/VMS and an early portable phone system – for his own personal use. He did not offer the source code of VMS to Microsoft; he didn’t cut and paste multi-threading code to be used in a different OS. He didn’t create his own operating system, or even use his extended knowledge of VMS to offer his support services for the OS.
2) Mitnick did not destroy any software or systems; he didn’t inject any viruses or trojan horses into existing systems, there was no denial of service involve.
3) Mitnick did not financially benefit from any of his computer hacking. He did not steal any bank account numbers. To pay for room and board, he had traditional jobs, even when he was on the run. The only financial crimes I could find involved stealing phone calls from mechanical (not computerized) telephone switches, and, in his youth, stealing bus fare from a paper-punch card system.
So he didn’t damage anyone else, he didn’t steal money from anyone, and he didn’t use the code he stole from to generate revenue that belonged to someone else.
What did Kevin Mitnick do, exactly?