One of my project teams was having a sprint planning meeting earlier this week. They were having a consulting expert working with them this sprint to develop a web service for their use.

“Have you worked with user stories before?” the project manager asked. “We’ll need you to give us a story point estimate for the work you’re going to do for us.”

I chimed in at this point. “Remember, story points are relative estimates of complexity. If our colleagues here are only doing one story for the project, then their story point estimate can’t really be relative to anything else they’re doing for us: they’re not doing anything else.”

This points out one of the things that I think is so tricky about agile projects. If you forget why you’re doing something, or worse yet if you don’t understand why you’re doing something, then you’re likely to do it at the wrong time.  In this case, the project manager did know why we estimated story points for stories, but he’d forgotten the why, and was operating a bit on auto-pilot: the team needed to provide story point estimates for their work, and he’d momentarily lost track of why.

Agile’s lots of common sense things like this, but if you forget what your goal is, and fall back on patterns of behavior, you can do the wrong thing.



In a recent post I talked about ATM skimming devices. It seems from a recent article in Wired that theives have taken ATM fraud to a new high. In Europe machines have been found that have been compromised with modified software, which eliminates the need for card skimmers or cameras.  It requires someone with insider access to install the software on the machine, but it definitely ups the ante quite a bit.

The malware captures account numbers and PINs from the machine’s transaction application and then delivers it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief can also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

Where before you stood a chance of spotting a card skimming device on your neighborhood ATM, with this scheme you really have no idea whether the machine has been compromised, since it’s all in software.

The good news is it seems like more recent ATM machines have newer security measures that make the attack ineffective.  On the other hand, how long has your bank had their current ATMs?

[ Original story at Wired ]



RIP, Bookpool

June 2, 2009 | 1 Comment

I picked up a project at work that’s working on an iPhone application, which I’d asked to coach since it sounded fun. I was going to Bookpool.com tonight to look for books on iPhone programming, and the domain is parked!

This came as quite a blow. Bookpool always had good service, and their prices couldn’t be beat. A quick Google came up with a number of threads where others are also grieving the loss of Bookpool.

Here’s hoping they come back, I’d certainly buy from them again! If not, rest in peace friend.



The New Logo

May 10, 2009 | 1 Comment

Over the weekend, Kelly and I finished up the new logo. It’s her inspiration, with my fine tuning that got us to it, and without further ado, here it is:


There’s another version which I’m also planning on using, but doesn’t work so well when printed out:


So, what do you think? I like them, personally…



Well, it was nice while it lasted. After McColo was taken off line last year, we saw an amazing 75% decrease in spam, that wonderful unsolicited commercial email.  It was only a matter of time however, before the spammers adapted.

Word out today from Microsoft says that now, 39 out of every 40 email messages is spam.  It’s absolutely dumbfounding.

[via Geeks are Sexy]



The Register has an article on the Payment Card Industry decertifying Heartland Payment Systems and RBS World Pay from their Data Security Standard.  As of now, those two entites that suffered the most recent, and dare one say huge, security breaches, are no longer able to do business with PCI merchants.

I wrote before (The New Computer Hacking Game) that it was a amazing to me that a company could be PCI-DSS certified and have an ongoing breaches as Heartland, and apparently RBS, did.  It seems I’m not alone in being incredulous, as the Reg observes:

The ability of attackers to penetrate both companies while they were in good standing with the PCI guidelines has prompted some to criticize them as little more than a rubber stamp designed to make the public feel more comfortable using credit cards.

It would be nice to have something positive come out of this, other than getting new credit cards where the shinyness hasn’t worn off the numbers yet…

via [The Register]



I found this link to a data center that the Swedes have built in an old nuclear fallout shelter.  Really, it looks like something out of Jurassic park.

Replete with waterfalls, greenhouses, German submarine backup engines, and simulated daylight this facility has the added benefit of being able to withstand an almost direct hit by a hydrogen bomb.



I want to work here…

[ via HotHardware.com ]



This is cool; from an article published in the November issue of Neuron:

[i]n the latest development in the field of neuroimaging, researchers have watched the brain of someone watching an image, and were actually able to perform reasonable reconstructions of the image.

The article goes on to say that researchers are interested to use this technology to watch peoples’ dreams.  I wonder how long it will be until they can put the images in to the brain rather than read them…

[ Neruon via Ars Technica ]



Okay, okay, I’m a Mythbusters junkie, heck my wife even got me a signed picture when they visited Milwaukee (she got to go on stage with them!) but this is over the top anyway. The boys built an 1,100 barrel paintgun to paint the Mona Lisa in under a second, which they demonstrated at nVIDIA’s NVISION show this week.  Make sure to wait for the slo-mo replay at the end!

Via [Gizmodo]



Recently, the Kraken botnet has come into focus as the worlds largest, with an estimated number of zombie computers between 165,000 and 600,000. Each of these computers is probably sending you spam right now, and many have probably probed your computer to see if it can be compromised as well. Who knows, maybe your computer is already one of them.

Researchers at TippingPoint started out to determine the size of the network, which they did by building a server of their own, and waiting for zombies to connect to them for instructions. They eventually managed to attract a 25,000 in a week’s worth of time. Here’s where things get interesting.

Most botnets include a feature that lets the controller upgrade the zombie computer with a new version, so the researchers could use their new-found power for good, directing these machines to remove the infection, or render it benign. Due to liability concerns, TippingPoint, the good guys, decided they could not remove the infection.

In a comment attached to Amini’s initial blog post, Endler put it plainly. “Cleansing the systems would probably help 99% of the infected user base,” he said. “It’s just the 1% of corner cases that scares me from a corporate liability standpoint.”

I sympathize with TippingPoint, but it’s a sad commentary on the world when the good guys are afraid of doing something that’s clearly right out of liability concerns. While accessing a computer without the owner’s consent is illegal in the US, shouldn’t a Good Samaritan law apply in cases like this?

[ via CompuWorld ]

« go back


WP Themes