February 2013 Entries

Link Roundup–16th of Feb 2013

Securing Web Application Technologies – “The SWAT Checklist provides and easy to reference set of best practices that raise awareness and help development teams create more secure applications. It's a first step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.'” (or grab the poster here in PDF format) 6 Reflections After 3 Years of Business – in the style of Patrick McKenzie. Summaries like this are useful – this post inspired me to do a quick (private) one...

When third party dependencies attack

When thinking about software architecture, one of the things I’m always keeping an eye on is third party dependencies, and here’s a reason why: The Facebook glitch that took out your favorite site proves the web is more vulnerable than ever. The issue was fixed pretty quickly, but it’s still a great example of why you should think carefully before introducing an addition dependency into your system, especially to something important such as “login”. As a side note, I was involved in adding Facebook login to some large eCommerce sites last year, and in doing that we...

Are fixed price contracts for suckers?

NZ readers will probably have heard of Novopay, and the issues it’s had that have made the media. For non-NZ readers, it’s basically a new payment system that went bad and messed up a load of people’s salary and wages payments. This story, Ministers knew of 147 defects with Novopay, highlights the fact that the software team involved had entered into the project as a fixed price deal, and the article makes it sound like things went sour pretty quickly. I don’t have any insight or knowledge into how the Novopay project was run, but after reading the story...