Definitely feeling better today. Maybe the 10hrs sleeping did the trick. Anyway, after a fun time this morning getting a taxi to the event (shared one with other TechEdians), I kicked off the day with the following session:
Deep Dive into the Team Foundation Server Agile Planning Tools
Yes, I know we all ‘hate’ MS and new open source technology is just so ‘cool’ but I figured it’s always good to see what’s being done. Lets not forget that MS keeps a very close eye on technology out there and adapts, buys, copies, acquires, innovates or invents as it sees fit.
The main points are that it has a Kanban board built in, along with team communication. You have support for 5 levels ranging from tasks, stories, features, initiatives and goals, with each level taking on a higher view of the levels below. These groupings can be named how you like.
Some of the things I liked about the product were that:
You can set a work in progress limit for a particular list, something that I miss from Trello.
Each team can operate with their own board with their own list names. MS has been very clever in this as they have applied a state engine to the cards on the board, so even though each team have their own list setup, the cards move through an underlying state that’s common to the project. This gives you the ability to identify work progress across all teams using the common ‘state’ language.
It definitely needs work, but the team know this. For example, you cannot create a card on the board directly or re-order cards, but this will come soon.
Given that TFS now works with Git and Azure, I think it’s time to do a bit more research internally to determine how it sits with us in Kainos. Anyone want to get involved?
The Inside Man: Surviving the Ultimate Cyber Threat
My next session was by the always entertaining Andy Malone, who’s an MVP for enterprise security. This is the first of 2 sessions on security I attended today. Here’s a link to the documents Andy shared – some great stuff here. Some key points:
84% of attacks come from the inside
Social engineering techniques are continually evolving
China has 330’000 operatives in Computer Security
It’s seldom a sudden impulse to steal. It builds over time
Reasons can be: revenge, excitement, temptation (sex, money, etc), coercion, gullibility.
People involved aren’t crazy, but are usually anti-social / narcissistic
‘We Work for money – if you want my loyalty, buy a dog’
Proven ‘30’ day window after an event when data / systems abuse occurs.
Mitigate the risk; watch out for disgruntled employees through reviews and feedback. Catch the problem before it develops.
Andy then went on to show show scary tools and devices, such as using Google to do a deep search for ‘Membership List.xls’ and getting back names, emails, job titles and phone numbers. This was then followed up by using sites such as Pipl, WayBackMachine, Infomine, Cirt (for all default passwords! and data mining tools such as FOCA and Paterva (very scary tools that can tell you a lot about OS’s, Printers, Users, Software etc).
One thing that I think however that should become the norm with users in general is to purge metadata from documents before uploading them to the net. It makes sense to close down any potential avenue for social engineering attacks.
1984: 21st Century Surveillance vs.. the Erosion of Freedom
This was a lunchtime session in the same hall so I just hung about for it. It’s another session by Andy Malone and focused on recent developments on things like PRISM. Andy, being the MVP for Enterprise Security has been involved with the military and government (UK and US), so it was definitely interesting to listen to. I think a picture paints a thousand words with this one, so have a look at the pictures below:
This thing is real.
Andy talked a lot about access. Basically Governments have it, no matter what they say. The infrastructure is there, and the likes of GCHQ have a direct connection to the cables. Data is apparently held for 30 days, but there are plans to apparently up this to 12 months.
With regard to PRISM, it’s essentially a massive data mining tool created by SISense, an Israeli company. Here’s what it looks like (Nice UI! Bet the NSA doesn’t have the ‘share on FB & Twitter links though). The example below is for disaster relief, and it uses standard ‘click to drill down’ interface. You can just imagine how this would work with keywords, watch words, phone call meta data etc.
One of the other things Andy showed us was details on the TOR network. I’ve heard of TOR but never ventured onto it. I doubt I will – there’s some seriously dodgy things on there like purchasing guns, selling bank and credit card details, buying drugs and even arranging a hit. The advice given was to stay off it. One thing that was kind of cool though was the hidden wiki. If you browse to it online, just just get details on what it is, not what it contains. You have to access it via TOR to see the content. Note that security and police services access these sites and set up honey traps, so be aware.
How Many Coffee’s can you drink while your PC Starts
So I decided to go with my gut and walk into this session as it was in one of the bigger halls. Really glad I did, as it’s basically about how to improve the boot speed for Windows 7 & 8 and the presenter, Pieter Wigleven was very funny. Maybe not something I would do everyday, but knowing what to look for will be very useful to me, and no doubt to you too.
Peter ran through some scenarios whereby customers have machines that take > 1hr to boot. They actually had a rota for someone to come into work earlier and turn on all the machines before everyone else arrived!
First things first, you need the Windows 8 ADK. Once you get that, you just select the Windows Performance toolkit. This toolkit gives you a great UI to see what’s talking so long during booting. Some key points, that probably apply to systems members more than anyone else:
- Use Group Policy to enforce settings. Get rid of old cmd scripts / VBS scripts.
- Review the list of starting apps frequently.
- Schedule start-up tasks to run when the system is idle, using schedule task manager
- Disk means everything, MS tested 30’000 internal machines. Looking at the cost involved for the wait (something like boot delay * boots per day * working days per year * #machines * employee rate) justified the business case for every single MS machine to use SSD’s. When you think about it like that, it makes total sense.
Developing Core Business Applications with Domain Driven Design
By this stage in the day (+remnants of food poisoning) I was flagging. Stayed to the end though but found this talk quite dry. The main points coming out from it are as follows:
- DDD is now viewed as trendy, though it’s been about for 10+ years
- Complexity can either be accidental or essential. Essential is complexity determined by the domain, accidental is determine by the use of frameworks and tools.
- Productivity drops as complexity rises.
- Size of code drives cost, bugs and delays. What typically happens with delays? Add more people. More people = more code. See the point above!
- DDD is especially for complex software. Focus on the domain. Always.
- 4 parts that feed into the model
- UML as a sketch, typically on a whiteboard
- Ubiquitous language – use common terms between domain and technical teams
- Use tools like specflow to ease into Behaviour Driven Development
For more info on the subject, have a look at the actual recording of this session. MS were quick. I assume they have the rest of them up as well, so be sure to check out Channel 9