Mindless Link Propagation

Novell recently cranked up their marketing machine for AppArmour, claiming its technical design provides for greater ease of administration, development & customization than found with SELinux. While AppArmour FAQ admits that SELinux's model of file security labels is superior to their own path based control, it makes the dubious assertion that a labelled security model is harder to administer. While it is true that the tools for SELinux did not previously provide an easy way to change the specs for file labels, as I previously discussed the introduction of the semanage tool in Fedora Core 5 has changed all that. It is now trival to update file security label definitions. So at this time any problem with SELinux is not one of design or implementation, but rather documentation & awareness of the progress made in SELinux development over the past 2 years or so. To that end here are a selection of useful documentation resources

• SELinux News
• SELinux SourceForge project
• Fedora SELinux FAQs
• NSA SELinux site
• SELinux reference policy site
• Dan Walsh's blog introducing SELinux concepts

So, the election over and done with, the government has got back to the business in hand, which in this particular case is ID cards. Now as a general idea the concept of ID cards doesn't particularly bother me, but the the proposal in this bill, and the way its portrayed most certainly does. It seems rather unlikely it'll do anything significant to combat terrorism or organized crime, since they'll either just not bother with using ID cards at all, or more likely just counterfeit cards from Joe Public. Of course since this is intended to be the 'authoratative' ID source, Joe Public will have that much harder a time with this identity theft. Oh, ordinary citizens will not be compelled to use ID cards anyway

Q. What if I simply refused to use the card?
A. From Mr Blunket... You will not be required to use a card unless you wish to work, use the banking or health system, travel or receive benefits.

Hmm, so basically it may not be compulsory, but unless you are in fact a terrorist, there's no way you'll be able to live practically without one. Government-0, Terrorists-1, Civil Liberties-0. Read the FAQ for all the details, and just be thankful for the government track record (incompetance) at succesfully implementing these kind of large scale IT projects.

• First off, an interview with Professor Sidney Dijkstra discussing the importance of assigning the right people to the right job on a software development exercise. On GUI development for example,

  I’d estimate that of every 100 programmers asked to turn their talents to GUI design, 20 "get it" right away, 40 can be made to "get it" with suitable prodding and 40 never "get it" even if the prods pack several kilovolts.

• Next, an entertaining comparison of the evolution of a software development to that of an apprentice bear hunter. Anyone who's ever had to find work suitable to give an apprentice developer, and then despite the developer's best efforts, had to rewrite the whole thing from scratch will relate to this only too well.

  Stage 3: Apprentice. A Stage 3 has attended a 5-day seminar on bear hunting. During this seminar, the participants form into teams of three or four and practice hunting very small bears under the ever-watchful eye of the instructor. After a few interim setbacks, by Friday afternoon all the teams have successfully hunted their bears. They fill out evaluation forms attesting that “bear hunting is very useful and relevant to my job.” However, they are barely prepared for the world of real bears.

  ...compare to...

  If a Stage 3 absorbs everything from a seminar, then he is minimally equipped to tackle a true, full-sized project in the corporate jungle. Usually, however, a Stage 3 does not grasp everything or has difficulty scaling the techniques up from a case study to a real project. You could say that most Stage 3s know just enough to be dangerous!

  My favourite quote though has to be "It’s typical that some Stage 4s get some bears; but it’s also typical that some bears get some Stage 4s.". Amen to that, I've seen plenty of apprentice software engineers 'got' by bears. Still, applying Darwin, this can only be a good thing, since those which get the bears are that much sharper.

• Finally a look at the folly of applying buzzwords such as "2-phase commit" in situations where a far simpler architecture would be more that sufficient. The most important take away from this short article is the way, if one accepts the possiblities of errors, their resolution can actually be less trouble, than preventing the errors in the first place. ie, if using a DB server along with MQ messaging, one instinctively jumps for 'XA' (distributed transactions), however, if one has reliable detection of duplicate messages, XA is completely redundant. It may be feasible to merely commit the database first, then the worst that can happen is the MQ rolls back, in which case a message will get processed a 2nd time - but the duplicate detected & discarded.

A collection of books relating to the task of managing development teams and projects.

• Peopleware - an exploration of what makes software teams and projects work or fail. If your a developer, buy a copy for your boss, if you a manager, buy a copy for everyone on your team.
• Software Project Survival Guide - a good introduction to the task of managing software projects
• Mythical Man Month - all time classic collection of essays on software development processes
• The Cathedral and the Bazaar - enlightening book on the operation of open source development model
• Open Sources: Voices from the Open Source Revolution - a collection of essays from leaders of the open source community providing further insight into what makes open source a successful methodology

Following on from my post about The Coporation, here's a collection of links for sites providing views on corporations, the future for them, and activism for change

• Amnesty: Protect human rights
• POCLAD: Limit corporate control in government
• Reclaim Democracy: Restore citizen authority over corporations
• Natural Capitalism: Create the next industrial revolution
• CERU: Get corporations out of schools
• TV News Lies: Uncovering news disinformation
• Independant Media Center: Use independent media

I can't really take credit for assembling these, they were scrolled along the bottom of screen during the closing credits for the film. For the complete list visit their site