Businesses

In Defense of Project Management For Software Teams (techbeacon.com) 101

mikeatTB writes: Many Slashdotters weighed in on Steven A. Lowe's post, "Is Project Management Killing Good Products, Teams and Software?", where he slammed project management and called for product-centrism. Many commenters pushed back, but one PM, Yvette Schmitter, has fired back with a scathing response post, noting: "As a project manager, I'm saddened to see that project management and project managers are getting a bad rap from both ends of the spectrum. Business tends not to see the value in them, and developers tend to believe their own 'creativity' is being stymied by them. Let's set the record straight: Project management is a prized methodology for delivering on leadership's expectations.

"The success of the methodology depends on the quality of the specific project manager..." she continues. "If the project is being managed correctly by the project manager/scrum master, that euphoric state that developers want to get to can be achieved, along with the project objectives -- all within the prescribed budget and timeline. Denouncing an entire practice based on what appears to be a limited, misaligned application of the correct methodology does not make all of project management and all project managers bad."

How do Slashdot readers feel about project management for software teams?
Security

'Lazy' Hackers Exploit Microsoft RDP To Install Ransomware (sophos.com) 47

An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware.
They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'."

Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."
IBM

Tech Companies Try Apprenticeships To Fill The Tech Skills Gap (thehill.com) 118

Slashdot reader jonyen writes: For generations, apprenticeships have been the way of working life; master craftsmen taking apprentices under their wing, teaching them the tools of the trade. This declined during the Industrial Revolution as the advent of the assembly line enabled mass employment for unskilled laborers. The master-apprentice model went further out of focus as higher education and formal training became increasingly more valuable.

Fast forward to the 21st century, where employers are turning back the page to apprenticeships in an effort to fill a growing skills gap in the labor force in the digital age. Code.org estimates there will be a million unfulfilled tech jobs by 2020.

jonyen shared this article by IBM's Vice President of Talent:IBM is committed to addressing this shortage and recently launched an apprenticeship program registered with the US Department of Labor, with a plan to have 100 apprentices in 2018. ... Other firms have taken up the apprenticeship challenge as well. Salesforce CEO Marc Benioff, for example, has called for creating 5 million American apprentices in the next five years.

An apprenticeship offers the chance for Americans to get the formal education they need, whether through a traditional university, a community college or a trade school, while getting something else: On-the-job experience and an income... Right now, there are more than 6 million jobs in the U.S. that are going unfilled because employers can't find candidates with the right skills, according to the Labor Department.

IBM says their apprentices "are on their way to becoming software developers in our Cloud business and mainframe administrators for technologies like Blockchain, and we will add new apprenticeships in data analytics and cybersecurity as we replicate the program across the U.S."

"Ninety-one percent of apprentices in the U.S. find employment after completing their program, and their average starting wage is above $60,000."
Facebook

Facebook Open Sources Its Network Routing Platform Open/R (techcrunch.com) 23

Facebook will open source its modular network routing software Open/R, currently used in its backbone and data center networks, which "provides a platform to disseminate state across the network and allows new applications to be built on top of it." An anonymous reader quotes TechCrunch: Facebook obviously has unique scale needs when it comes to running a network. It has billions of users doing real-time messaging and streaming content at a constant clip. As with so many things, Facebook found that running the network traffic using traditional protocols had its limits and it needed a new way to route traffic that didn't rely on the protocols of the past, Omar Baldonado, Engineering Director at Facebook explained... While it was originally developed for Facebook's Terragraph wireless backhaul network, the company soon recognized it could work on other networks too including the Facebook network backbone, and even in the middle of Facebook network, he said. Given the company's extreme traffic requirements where the conditions were changing so rapidly and was at such scale, they needed a new way to route traffic on the network. "We wanted to find per application, the best path, taking into account dynamic traffic conditions throughout the network," Baldonado said.

But Facebook also recognized that it could only take this so far internally, and if they could work with partners and other network operators and hardware manufacturers, they could extend the capabilities of this tool. They are in fact working with other companies in this endeavor including Juniper and Arista networks, but by open sourcing the software, it allows developers to do things with it that Facebook might not have considered, and their engineering team finds that prospect both exciting and valuable.

"Most protocols were initially designed based on constrained hardware and software environment assumptions from decades ago," Facebook said in its announcement. "To continue delivering rich, real-time, and highly engaging user experiences over networks, it's important to accelerate innovation in the routing domain."
The Courts

FOSS Community Criticizes SFLC over SFC Trademark War (lunduke.com) 62

Earlier this month Bruce Perens notified us that "the Software Freedom Law Center, a Linux-Foundation supported organization, has asked USPTO to cancel the trademark of the name of the Software Freedom Conservancy, an organization that assists and represents Free Software/Open Source developers." Now Slashdot reader curcuru -- director of the Apache Software Foundation -- writes: No matter how you look at it, this kind of lawsuit is a loss for software freedom and open source in general, since this kind of USPTO trademark petition (like a lawsuit) will tie up both organizations, leaving less time and funds to help FOSS projects. There's clearly more to the issue than the trademark issue; the many community members' blog posts make that clear.

GNOME executive director Neil McGovern
Apache Software Foundation director Shane Curcuru
Google security developer Matthew Garrett
Linux industry journalist Bryan Lunduke


The key point in this USPTO lawsuit is that the legal aspects aren't actually important. What's most important is the community reaction: since SFLC and Conservancy are both non-profits who help serve free software communities, it's the community perception of what organizations to look to for help that matters. SFLC's attempt to take away the Conservancy's very name doesn't look good for them.

Bryan Lunduke's video covers the whole case, including his investigation into the two organizations and their funding.

Robotics

'Robots Are Not Taking Over,' Says Head of UN Body of Autonomous Weapons (theguardian.com) 73

An anonymous reader writes: Robots are not taking over the world," the diplomat leading the first official talks on autonomous weapons assured on Friday, seeking to head off criticism over slow progress towards restricting the use of so-called "killer robots." The United Nations was wrapping up an initial five days of discussions on weapons systems that can identify and destroy targets without human control, which experts say will soon be battle ready. "Ladies and gentlemen, I have news for you: the robots are not taking over the world. Humans are still in charge," said India's disarmament ambassador, Amandeep Gill, who chaired the CCW meeting. "I think we have to be careful in not emotionalizing or dramatizing this issue," he told reporters in response to criticism about the speed of the conference's work. Twenty-two countries, mostly those with smaller military budgets and lesser technical knowhow, have called for an outright ban, arguing that automated weapons are by definition illegal as every individual decision to launch a strike must be made by a human. Gill underscored that banning killer robots, or even agreement on rules, remained a distant prospect.
Microsoft

Microsoft and GitHub Team Up To Take Git Virtual File System To MacOS, Linux (arstechnica.com) 135

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Android

Even New Phones Are No Longer Guaranteed To Have the Latest Version of Android (theverge.com) 153

Vlad Savov, writing for The Verge: The OnePlus 5T and Razer Phone are two fundamentally different devices, which are nonetheless united by one unfortunate downside: both of them are going on sale this month without the latest version of Android on board. OnePlus will tell you that this issue is down to its extremely stringent testing process, while Razer offers a similar boilerplate about working as fast as possible to deliver Android Oreo. But we're now three months removed from Google's grand Oreo launch, timed to coincide with this summer's total eclipse, and all of these excuses are starting to ring hollow. Why do Android companies think they can ship new devices without the latest and best version of the operating system on board? The notorious fragmentation problem with Android has always been that not every device gets the latest update at the same time, and many devices get stuck on older software without ever seeing an update at all. What's changed now is that the "one version behind the newest and best" phenomenon is starting to infect brand new phones as well. The 5T and Razer Phone are just two examples; there's also Xiaomi, which just launched its Mi Mix 2 in Spain with 2016's Android Nougat as the operating system.
Security

Windows 8 and Later Fail To Properly Apply ASLR (bleepingcomputer.com) 61

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode.

The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Open Source

Proprietary Software is the Driver of Unprecedented Surveillance: Richard Stallman (factor-tech.com) 193

From a wide-ranging interview of Richard Stallman, president of the Free Software Foundation, programming legend and recipient of at least 15 honorary doctorates and professorships: "The reason that we are subject now to more surveillance than there was in the Soviet Union is that digital technology made it possible," he says. "And the first disaster of digital technology was proprietary software that people would install and run on their own computers, and they wouldn't know what it was doing. They can't tell what it's doing. And that is the first injustice that I began fighting in 1983: proprietary software, software that is not free, that the users don't control." Here, Stallman is keen to stress, he doesn't mean free in the sense of not costing money -- plenty of free software is paid for -- but free in the sense of freedom to control. Software, after all, instructs your computer to perform actions, and when another company has written and locked down that software, you can't know exactly what it is doing. "You might think your computer is obeying you, when really its obeying the real master first, and it only obeys you when the real master says it's ok. With every program there are two possibilities: either the user controls the program or the program controls the users," he says. "It's free software if users control it. And that's why it respects their freedom. Otherwise it's a non-free, proprietary, user subjugating program."
IOS

iOS 11 'Is Still Just Buggy as Hell' (gizmodo.com) 233

It is becoming increasingly apparent that iOS 11, the current generation of Apple's mobile operating system, is riddled with more issues than any previous iOS version in the recent years. Two months ago, in a review, titled, "iOS 11 Sucks", a reporter at the publication wrote: I'm using iOS 11 right now, and it makes me want to stab my eyes with a steel wire brush until I get face jam. Gizmodo today reviews iOS 11 after living with the current software version for two months: It's been two full months since Apple released iOS 11 to millions and millions of devices worldwide, and the software is still just buggy as hell. Some of the glitches are ugly or just unexpected from a company that has built a reputation for flawless software. Shame on me for always expecting perfection from an imperfect company, I guess. But there are some really bad bugs, so bad that I can't use the most basic features on my phone. They popped up, when I upgraded on release day. They're still around after two months and multiple updates to iOS. Shame on Apple for ignoring this shit. Now, let me show you my bugs. The worst one also happens to be one I encounter most frequently. Sometimes, when I get a text, I'll go to reply in the Messages app but won't be able to see the latest message because the keyboard is covering it up. I also can't scroll up to see it, because the thread is anchored to the bottom of the page. The wackiest thing is that sometimes I get the little reply box, and sometimes I don't. The only way I'm able to text like normal is to tap the back arrow to take me to all my messages and then go back into the message through the front door. [...] Other native iOS 11 apps have bugs, too. Until a recent update, my iPhone screen would become unresponsive which is a problem because touching the screen is almost the only way to use the device.
AI

Stanford Trains AI To Diagnose Pneumonia Better Than a Radiologist In Just Two Months (qz.com) 75

A new paper from Stanford University reveals how artificial intelligence algorithms can be quickly trained to diagnose pneumonia better than a radiologist. "Using 100,000 x-ray images released by the National Institutes of Health on Sept. 27, the research published Nov. 14 (without peer review) on the website ArXiv claims its AI can detect pneumonia from x-rays with similar accuracy to four trained radiologists," reports Quartz. From the report: That's not all -- the AI was trained to analyze x-rays for 14 diseases NIH included in the dataset, including fibrosis, hernias, and cell masses. The AI's results for each of the 14 diseases had fewer false positives and false negatives than the benchmark research from the NIH team that was released with the data. The paper includes Google Brain founder Andrew Ng as a co-author, who also served as chief scientist at Baidu and recently founded Deeplearning.ai. He's often been publicly bullish on AI's use in healthcare. These algorithms will undoubtedly get better -- accuracy on the ImageNet challenge rose from 75% to 95% in just five years -- but this research shows the speed at which these systems are built is increasing as well.
Transportation

Tesla Unveils 500-Mile Range Semi Truck, 620-Mile Range Roadster 2.0 365

Rei writes: During a live reveal on Thursday, Tesla unveiled its new electric Class 8 Heavy Duty vehicle. As most people familiar with Tesla products would expect, the day cab truck features staggeringly fast acceleration for a vehicle of its size. It can accelerate 0-60 in 5 seconds without a trailer and 20 seconds with a 40-ton gross weight while being able to pull its maximum payload up a 5-degree grade at 65mph (versus a typical maximum of 45mph). The 500-mile range is for the vehicle at full load and highway speeds (80% of U.S. freight routes are 250 miles or less). Tesla also boasts a million mile no-breakdown guarantee; even losing two of its four motors it can out-accelerate a typical diesel truck. The total cost per mile is pegged at 83% of operating a diesel, but when convoying is utilized -- where multiple trucks mirror the action of a lead truck -- the costs drop to 57%, a price cheaper than rail. Tesla went a step further and stole the show from their own event by having the first prototype of the new Tesla Roadster drive out of the back of the truck. With the base model alone boasting a 620 mile range on a 200kWh battery pack with 10kN torque, providing a 1.9 second 0-60, 4.2 second 0-100, and 8.9 second quarter mile, the 2+2-seating convertible will easily be the fastest-accelerating production car in the world. Top speed is not disclosed, but said to be "at least 250mph." The vehicle's release date, however, is not scheduled until 2020.
Security

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com) 106

Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.
Security

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com) 137

A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
Businesses

The Brutal Fight To Mine Your Data and Sell It To Your Boss (bloomberg.com) 75

An anonymous reader shares a report from Bloomberg, explaining how Silicon Valley makes billions of dollars peddling personal information, supported by an ecosystem of bit players. Editor Drake Bennett highlights the battle between an upstart called HiQ and LinkedIn, who are fighting for your lucrative professional identity. Here's an excerpt from the report: A small number of the world's most valuable companies collect, control, parse, and sell billions of dollars' worth of personal information voluntarily surrendered by their users. Google, Facebook, Amazon, and Microsoft -- which bought LinkedIn for $26.2 billion in 2016 -- have in turn spawned dependent economies consisting of advertising and marketing companies, designers, consultants, and app developers. Some operate on the tech giants' platforms; some customize special digital tools; some help people attract more friends and likes and followers. Some, including HiQ, feed off the torrents of information that social networks produce, using software bots to scrape data from profiles. The services of the smaller companies can augment the offerings of the bigger ones, but the power dynamic is deeply asymmetrical, reminiscent of pilot fish picking food from between the teeth of sharks. The terms of that relationship are set by technology, economics, and the vagaries of consumer choice, but also by the law. LinkedIn's May 23 letter to HiQ wasn't the first time the company had taken legal action to prevent the perceived hijacking of its data, and Facebook and Craigslist, among others, have brought similar actions. But even more than its predecessors, this case, because of who's involved and how it's unfolded, has spoken to the thorniest issues surrounding speech and competition on the internet.
Privacy

Consumers Are Holding Off On Buying Smart-Home Gadgets Due To Security, Privacy Fears (businessinsider.com) 143

According to a new survey from consulting firm Deloitte, consumers are uneasy about being watched, listened to, or tracked by devices they place in their homes. The firm found that consumer interest in connected home technology lags behind their interest in other types of IoT devices. Business Insider reports: "Consumers are more open to, and interested in, the connected world," the firm said in its report. Noting the concerns about smart home devices, it added: "But not all IoT is created equal." Nearly 40% of those who participated in the survey said they were concerned about connected-home devices tracking their usage. More than 40% said they were worried that such gadgets would expose too much about their daily lives. Meanwhile, the vast majority of consumers think gadget makers weren't doing a good job of telling them about security risks. Fewer than 20% of survey respondents said they were very well informed about such risks and almost 40% said they weren't informed at all.
Chrome

Slashdot Asks: Have You Switched To Firefox 57? 561

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
The Military

Russia Posts Video Game Screenshot As 'Irrefutable Proof' of US Helping IS (bbc.com) 132

Plus1Entropy shares a report from BBC, adding: "But when I asked Putin, he said they didn't do it": Russia's Ministry of Defense has posted what it called "irrefutable proof" of the U.S. aiding so-called Islamic State -- but one of the images was actually taken from a video game. The ministry claimed the image showed an IS convoy leaving a Syrian town last week aided by U.S. forces. Instead, it came from the smartphone game AC-130 Gunship Simulator: Special Ops Squadron. The ministry said an employee had mistakenly attached the photo. The Conflict Intelligence Team fact-checking group said the other four provided were also errors, taken from a June 2016 video which showed the Iraqi Air Force attacking IS in Iraq. The video game image seems to be taken from a promotional video on the game's website and YouTube channel, closely cropped to omit the game controls and on-screen information. In the corner of the image, however, a few letters of the developer's disclaimer can still be seen: "Development footage. This is a work in progress. All content subject to change."
China

All 500 of the World's Top 500 Supercomputers Are Running Linux (zdnet.com) 287

Freshly Exhumed shares a report from ZDnet: Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list. Today, it finally happened: All 500 of the world's fastest supercomputers are running Linux. The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the November 2017 TOP500 Supercomputer list. When the first TOP500 supercomputer list was compiled in June 1993, Linux was barely more than a toy. It hadn't even adopted Tux as its mascot yet. It didn't take long for Linux to start its march on supercomputing.

From when it first appeared on the TOP500 in 1998, Linux was on its way to the top. Before Linux took the lead, Unix was supercomputing's top operating system. Since 2003, the TOP500 was on its way to Linux domination. By 2004, Linux had taken the lead for good. This happened for two reasons: First, since most of the world's top supercomputers are research machines built for specialized tasks, each machine is a standalone project with unique characteristics and optimization requirements. To save costs, no one wants to develop a custom operating system for each of these systems. With Linux, however, research teams can easily modify and optimize Linux's open-source code to their one-off designs.
The semiannual TOP500 Supercomputer List was released yesterday. It also shows that China now claims 202 systems within the TOP500, while the United States claims 143 systems.

Slashdot Top Deals