Software Development Process

All of us engineers / nerds 😉 have learned and studied a lot about Software Development Processes in our schools and colleges. Fresh out of the college, we are confident enough to believe that the processes detailed out in the books will make our life easy and allow us to develop better functional and non-buggy software. But guess what, practical cases are far away from such an outcome. Reason being people and at times tools. But mostly its people. I had seen a nice picture of how a customer narates the requirements and how it gets implemented. All because of simple miscommunication. And believe me, miscommunication happens a lot in the global world mainly because of ill-conceptualized ideas as well as thoughts on how a particular thing should work. In one of my projects, I had a very deep and emotional discussions with my project manager for the module designs. I wanted to implement asynchronous callback mechanisms making the UI independent & not waiting for the core to do the job/recover whereas my manager thought that should not be a problem since execution in core should take only a little time. He totally forgot that the core makes calls to system which might take time because of resource accesses. Anyways, he was stubborn enough to not listen to me. And in the final product we had UI freeze problems and we had to implement workarounds to get around those problems.

The basic problem as I said above is people and their concepts. For some people that I have met, Waterfall model is all they know of and all they think is working! And belive me, it is happening in one of the biggest company ever. For some people, iterative and incremental development is good but still in their mindset they follow the waterfall model by expecting deliveries at the end of the project or starting testing after beta deliveries. But any kind of approach is not without its problems. A manager has to balance the pros & cons and use a methodical approach towards software development. And this just doesn’t stop at manager level, it runs all the way down on the developer desk. I for example believe that it is a developer’s job to keep the source code in his branch/workspace updated by synchronizing his branch with the latest in the main branch. Now I know a lot of developers who do not do this because they fear that their code will break and they will end up fixing bugs in others code. Of course these fears are valid. But a stricter check-in policy can ensure that such occurrences are rare if any. Again enforcement of such a policy rests on all the people in the team.

I had quite an altercation with one of the project managers recently because of these issues. We now follow SCRUMM methodology in one of our projects and I am the product owner for that project. Based on the customer updates, I decided to give priority to functional features and performance enhancements and lower the documentation scope and rebase (synchronization with the parent branch of the networking stack). The reason for doing that was that my customer wanted to make sure that our product really works on the specification model that we have promised and there were no big enhancements in the networking stack so it was not a show stopper. So he would get deliveries but not as a big chunk but in smaller pieces instead. But the project manager had a schedule with alpha-beta deliveries where he wanted certain documents just because they were a part of the traditional delivery system. And that dude never understood why he cannot expect a big bunch of stuff at the end and instead settle for regular deliveries.

Do give me your views and experiences when such collisions on thought and implementation practices occur. I still believe that the process has to be implemented by the right people on the management ladder and allowed to flow down to individuals in a very systematic manner. I will write more about what I believe in the coming articles.

External hard drives not working in Vista!

I had an ASUS 6000VM laptop and had partitioned and installed XP on the 80 GB Fujitsu 2.5″ hard drive. I had created a root partition (C:\) of 20 GB and 60 GB worth of data partition (D:\). My computer charging circuit burned because of a problem with my charger and I am now trying to get a replacement board for that computer. In the meantime, I bought a 2.5″ external hard drive casing which exposes a USB interface. Internally it features a PCB which hosts a IDE/ATA-100 interface for my hard drive and converts to a USB 2.0 interface outside. Everything worked out fine and my fingers were twingling to connect it to my office laptop and recover some of my important data.

And to my surprise, Vista actually recognized the external hard drive as a USB mass storage device. It also installed the related drivers. I then opened Windows Explorer and started to look for 2 drives added by the mass storage device. And was not able to see any. I thought it might be a driver issue so used the driver CD that was supplied with the external hard drive cabinet. It still did not show me the drives. I then opened Disk Management and saw a Disk1 but surprise surprise. It showed the drive as uninitialized! I searched the web and saw a lot of people with similar problems. Most of them had to switch back to XP to get the computer to recognize the disk.

Since I am not allowed to change the OS on my office PC (ofcourse they have that rule in my company ;)), I was one of the unlucky ones who cannot test and see if that solution works. I tried using Virtualized XP and Linux (Ubuntu) but they pipe to the actual Vista drivers and do not directly communicate with the USB device. Hence it was not successful. I am now waiting for my new rig (AMD Phenom X4, 4 GB DDR2, 1 TB HDD, 1GB nVidia graphics) to be delivered to me before I can do anything. I will definitely keep posting the updates here.

But to end this post, I am very disappointed with Microsoft. Infact my disappointment with them started right after Windows 2000. Though Windows XP is a fine OS, I see a lot of compatibility issues as well as hardware requirements which made it incapable of running on my old rig (AMD 600MHz 3D Now, 1 GB DDR, 160 GB HDD). This was the PC I was using since 2001 and feel pretty sad that it has to stick to Win98 SE  and/or Win2K Workstation/Server on the Microsoft front. It definitely runs the latest Linux releases pretty good. Vista is a total failure for Microsoft. And Windows 7 preview and RC1 looks pretty good but I am not so sure about the virtualized XP mode and the promises it makes. I do not see how it would help Windows users except for slowing their nice rigs down and eating a lot of bit space. Anyways, I am using Linux for most of my stuff. Only thing Windows is good at is playing games. Otherwise Linux is the way to go. If Linux can somehow bring the plethora of games to operate natively sometime, then that would spell the death bell for Microsoft OS. I hope it does that for good. I am not a born Microsoft hater. I have just been turned into one by the recursive stupidities the company pushes on the masses.

I will also talk about some of Microsoft’s stupidities on the Windows Mobile front in some other article. But if it wants to survive in this competitive and technology oriented market, then it needs to stop putting shit on the market and start doing some real deliveries. Do give me suggestions if you have any ideas other then replace OS and intialize hard drive. Peace and Timeout.

What is social engineering?

Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.

Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Some online criminals find it easier to exploit human nature than to exploit holes in your software.

Types of social engineering
There are several types of social engineering you should be aware of:

• Phishing
• Spear phishing
• E-mail hoaxes

Do not reveal any personal information in e-mail or online unless you know who you are dealing with and why. Additionally, make sure you are in a secure environment: that’s the key to help you avoid any type of attack.

Phishing: Fraudulent e-mail messages and Web sites
The most common form of social engineering is the phishing scam. Phishing scams employ fraudulent e-mail messages or Web sites that try to fool you into divulging personal information.

For example, you might receive an e-mail message that appears to come from your bank or other financial institution that asks you to update your account information. The e-mail message provides a link that appears to go to a legitimate site, but really takes you to a spoofed or fake Web site.

If you enter your login, password, or other sensitive information, a criminal could use it to steal your identity.

Phishing e-mail messages often include misspellings, poor use of grammar, threats, and exaggerations.

Spear phishing: Focused attacks that seem to come from people you know
Spear phishing is any highly targeted e-mail scam; but they usually are employed in a business environment.

Spear phishers send e-mail messages that appears genuine to all the employees or members within a certain company, government agency, organization, or group.

The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. It might include requests for user names or passwords or might contain malicious software, like a trojan or a virus.

Spear phishing is a more sophisticated type of social engineering than phishing, but the techniques you can use to avoid being fooled are the same.

E-mail hoaxes: Look out for easy money promises
E-mail hoaxes come in many different forms, ranging from a scam that requests your help getting money out of a foreign country (often Nigeria) to a promise that you’ve won a lottery.

The common element is that you’re usually promised a large sum of money for little or no effort on your part.

The scammer tries to get you to send money or reveal financial information that they can use to steal your money or your identity, or both.

The Google Chrome OS is coming…

http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html Google announces the Google chrome OS which is pretty much a web-based OS. I guess would be much like Palm Pre in that sense. I was wondering when Android will start fragmentation. Looks like 2nd half 2010 or 1st half 2011 as of now 😉

But exciting as it is, lets see how Google jumps into the already competitive desktop OS market. It would definitely be a blow to MS Windows but would it be able to nudge *nix based distros? Lets see if it just remains another of the 300+ distribution or comes above/below ubuntu. (http://www.distrowatch.com/) Wait & Watch and see how it turns up and if Google will canibalize Android for Chrome or vice-versa. Interesting times to come…