Slashdot Mirror
What Developers Can Learn From Anonymous
snydeq writes "Regardless of where you stand on Anonymous' tactics, politics, or whatever, I think the group has something to teach developers and development organizations,' writes Andrew Oliver. 'As leader of an open source project, I can revoke committer access for anyone who misbehaves, but membership in Anonymous is a free-for-all. Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake, but Anonymous has no trademark protection under the law; the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success — in part due to the lack of central control. Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements."
What the group has to teach is simple: If all you want is to disturb the normal process, and highlight certain aspects, then you don't need much organization.
Wake me up when anonymous actually produced something non-trivial.
developer wants autonomy, thinks management overreaches, film at 11
Exactly, in most corporate environments you have to go through so many bosses (most of which shouldn't be making technical decisions) before you can ever get anything done.
I was reading "The mythical man-month" only this weekend, which starts with the observation that "everyone knows" that two kids in a garage can do more than a corporate development team, and then points out that, if this was actually true without caveats, corporations would hire two kids in a garage every time. There's a difference between producing a standalone program and developing/maintaining a product system.
Virtually serving coffee
This has to be the most far-fetched argument ever made in the history of mankind.
Also, using the sentence "success" and "Anonymous" in the same sentence makes you seem insane.
Remember USENET? With its clear distinction between abuse ON the net and abuse OF the net, and admins who only care about the latter?
As leader of an open source project
Apache POI, funded by MS.
the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success — in part due to the lack of central control. Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements
This is standard common sense, and the negative effects of over/micro-managing and red tape are recognized (and felt) not just in software but in all endeavours (even within families.) We know what to do about that in all forms of organizations and projects.
That people and project still fall far from the well-known solutions, that has more to do with human behavior, team dynamics and the economics of the incentives/rewards, disinsentives/penalties, (whether tangible or psychological, subjective or objective) than anything else.
Anonymous, with its faceless nature (that precludes the realities of disinsentives and penalties), and incoherent goals, has nothing to teach us or anyone engaged in a real-life project or mission subject to incentives and disinsentives, and the realities of identifiable human relations.
The article might be good to drive traffic (ZOMG, Anonymous in teh titl3!), I'll give the author that </journalistic-attention-whoring>
And in the new version of Anonymous they need to agree on a process or methodology for deciding which ops to take and not to take, on deciding which principles to adopt and which not. Basic concepts like decision theory, a weighing of pros and cons, or benefit and risk, a set of principles from which to base everything around in language which is more concise, specific.
Anonymous is a good idea but unless it's continuously updated it's going to become outdated real fast if it isn't already. The same could be said of any software in development, it has to be properly designed from the start (Anonymous wasn't well designed at the foundation), and it has to be continuously updated.
Here is my idea, how about starting a project for an Anonymous Cyber Constitution? Some rules could be put into place to avoid collateral damage for instance so that stuff LulzSec was doing exposing innocent gamers private information could never be done in the name of Anonymous because it could be specifically outlawed in the Cyber Constitution.
This sounds a lot like the Valve model: Hire awesome people and let them set their own goals, with little to no management.
the established powers that be in finance & govt need a nemesis to keep them in check, because the checks & balances meant to minimize corruption in the banking & investment and govt has failed miserably.
Kudos to Anonymous!
Politics is Treachery, Religion is Brainwashing
I remember a /. comment from a week or two back that mentioned a colleague/peer who was told he had to submit reports on the number of new lines of code produced every week. Through editing and refining the software, he ended up with a net loss of 20,000 lines of code (and submitted -20,000 in his report). Ultimately, he ended up submitting weekly reports that didn't really "mean" anything-- but was never questioned because his work was good and profitable.
Just this week my supervisor was gone on vacation. Our department ran more smoothly than it has for months because my peers and I took care of all our necessary duties and paperwork without having to deal with the stress of a boss fretting about reports getting submitted and said boss being fired for insufficient job performance.
However, while the principle holds true, I think there are guidelines required for it to be the most practical principle by which to run a company/department. For example, employees need to have firm directional guidance for their work-- just no heavy-handed iron-fistedness.
The problem with his argument is that he assumes it is possible to do any of those things. All developers aren't great developers, and the great ones aren't likely to want to go anywhere but Google. Instead, you have mediocre developers to deal with.
Neither are you able to set goals for sections of the projects, as customer's requirements often change. Developing something for consumers is easy, the hard projects are the ones being contracted.
Finally, the biggest difference that makes this advice near worthless to companies is that unlike his OSS project, companies need to turn a profit. Guaranteeing this and making sure devs aren't spinning their wheels for stupid reasons is why they need managing.
Better advice is that managers need to be those serving the developers and making sure they have what they need to do their job, rather than developers being forced to do management's whims.
while(1) attack(People.Sandy);
The only lesson here is that creating chaos doesn't require any kind of organizational structure (which is almost tautological). Producing something orderly is a whole different question, and unless you happen to have an infinite number of monkeys at your disposal, the chance of that happening in a finite period of time is pretty damn improbable.
http://alternatives.rzero.com/
And it has enjoyed a great deal of success - in part due to the lack of central control.
But Anonymous hasn't really done anything that requires the true contributive efforts of more than a few people at a time. LOIC doesn't count, because "here, run this" isn't in the same ballpark as actually contributing code to a project. The person/people who wrote LOIC still exercised control over the actual software and made decisions about what features went in and what didn't.
Except of course that for an attack only one attempt ever need work properly to get the information desired. For a development project the whole thing better work and somebody should even be able to maintain it after whoever slapped the thing together has moved on to ruining something else.
Any method will work, as long as you don't piss them off enough to leave for greener pastures.
Agile, waterfall, they will make anything work.
Unfortunately there's a limit to the number of awesome people you can find.
When someone presents a new development method that does not include the phrase "if you hire awesome people", please wake me up.
I apologize for the lack of a signature.
This sounds very much like WikiPedia but then for software.
Everyone can contribute to the project, and change or delete existing parts. Now how this would ever really work for code I don't know - making sure it still compiles after any changes is just the first issue that I can think of - but it'd be interesting if someone can figure out a way to set up a site where such a project could take shape.
Though having a central repository for code is in itself already a form of central control... just like WikiPedia which used to be a free-for-all, and now also has more and more restrictions on what users can do, down to complete locks on certain pages.
the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success — in part due to the lack of central control. Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements
This is standard common sense, and the negative effects of over/micro-managing and red tape are recognized (and felt) not just in software but in all endeavours (even within families.) We know what to do about that in all forms of organizations and projects.
That people and project still fall far from the well-known solutions, that has more to do with human behavior, team dynamics and the economics of the incentives/rewards, disinsentives/penalties, (whether tangible or psychological, subjective or objective) than anything else.
Anonymous, with its faceless nature (that precludes the realities of disinsentives and penalties), and incoherent goals, has nothing to teach us or anyone engaged in a real-life project or mission subject to incentives and disinsentives, and the realities of identifiable human relations.
The article might be good to drive traffic (ZOMG, Anonymous in teh titl3!), I'll give the author that </journalistic-attention-whoring>
Micro-management shouldn't be the object. The object should be to develop a system to distribute best practices. This could apply to Anonymous or to software development where more experienced workers can share their best practices with less experienced workers. The other is to focus on the process of making critical decisions. The problem of decision making can only be solved by developing a methodology of decision making along with some basic rules to follow when making certain types of decisions.
If this is Anonymous then it's what is a legitimate vs illegitimate op. Emphasis should be on the process of decision making so that there is a standard process or guideline for choosing an op. If it's software development then developers need to know when to use certain designs and when not to use them or when certain tools work best and not others.
It's not a matter of control or not, it's a matter of separation of duties. The people who design the software don't necessarily have to be the people coding it. The design team could simply just design. The same could be said about Anon-ops, the people who develop the philosophical/ethical theory do not have to be the people who do the ops. The problem in my opinion with Anonymous is you have a lot of people involved who are doers but not very deep thinkers. As a result the ops are often successful but completely miss the point.
Separate the philosophical debate, decision making process, and theory from the coding, ops, and direct action. Same with development, separate the theoretical design from the development and programming. Let the best designers design whether they are the best developers or not as those are two different jobs and not all skilled developers are skilled at software design.
Often telling people what to do is worse than having a well defined vision and inspiring a self-organising team to work towards it.
But there are no silver bullets in software development. The hard stuff is still what it is, hard.
.: Max Romantschuk
Development of major software projects require discipline and expertise from all it's contributors. There needs to be a clear goal, both overall as well as what each individual contributor does. Each contributor also needs to feel that they have ownership of their piece.
If a company fosters an environment where the above is not true, then yeah the project is going to run into problems.
Yes, gratuitous control (what used to be called 'micromanagement') can be a great way to hurt a projects long term success, but to say that Anonymous has things to teach the general development community is absurd. Anonymous is essentially an anarchy. Sure, what they do requires some coordination between individuals, but there's a huge difference between a handful of hackers spending a day or three hacking into a company under the cover of a DDOS attack and a group of individuals that work together every day for months to put together a product to solve specific problems for their customers.
There are so many things wrong and out of touch with this article that I can't decide where to begin. It sounds like the author was nothing more than a really lousy manager. What he needs is management training, not random perceived lessons from a random nebulous collective.
the established powers that be in finance & govt need a nemesis to keep them in check, because the checks & balances meant to minimize corruption in the banking & investment and govt has failed miserably.
Kudos to Anonymous!
The problem with Anonymous's design and I'll say it again, they need to thoroughly separate the think tank philosophical ethical debate theoretical portion from the practical operative coding hacking portion. Meaning if an Anonymous Cyber Constitution were to be developed then everyone should be able to Facebook like it to approve of it and it should be on a wiki so it can be continuously updated and debated as new information comes in. There should be constant debate about certain subjects regarding philosophical principles. Also they need to develop standardization of processes, best practices, that sorta stuff because right now Anonymous has very little discipline on the practical operative hacker end of the spectrum even though that is the end of the spectrum making most of the noise in the media.
Right now they are hit and miss. Sometimes they do something which seems to hit the nail on the head and other times they do really stupid ops which make people question why Anonymous should even exist.
Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake
When one of your developers goes rogue, using fear and intimidation isn't an option available to most open source projects. The idea that you can apply anything about Anonymous to development is a pretty far stretch.
For all we know the developers could already be anonymous since we don't have an exact list of who anonymous is and the public arrests may have been just sacrificial lambs so to speak.
~~ Behold the flying cow with a rail gun! ~~
Not a goddamned thing, lol
this is one of the few articles i've read where it sounds like someone actually understands a little bit about anonymous. Every time flocks news, or msnbc reported about some activity attributed to anonymous, they would talk about law enforcement going after anon's command and control, or leadership...not understanding that there is no leadership. When a lot of strangers get together and are motivated to complete a goal, it can get done, and I believe that is the main point and I believe it was made.
Chief Thinker www.devotedskeptic.com
The problem isn't anonymous, nor red tape, nor excessive anything.
Infoworld needs to fill their magazine - and when there is nothing to report, they make it up.
The only shame here, is that it somehow made it to slashdot.
Success in the same way the Mafia can be considered a success.
My company has faced fines of 100s of thousands and even millions of dollars in fines and even a threat of a 5 year ban on internet presence in a country. We've also had a $50K project cost 20x as much because of a "minor" bad decision by a developer.
And in the new version of Anonymous they need to agree on a process or methodology for deciding which ops to take and not to take, on deciding which principles to adopt and which not. Basic concepts like decision theory, a weighing of pros and cons, or benefit and risk, a set of principles from which to base everything around in language which is more concise, specific.
Anonymous is a good idea but unless it's continuously updated it's going to become outdated real fast if it isn't already.
I put it to you that their loose system is ever changing and evolving already, and that your assessment was invalid before even contemplated writing it down.
I see that despite everyone's brains being a loose collection of self organizing neurons, you're still shackled by the antiquated concept of top down structural design. Are you a Moron, or merely a Fool?
Sorry, but numerous, disjointed visions of what passes for good user-interface design, along with different standards for reliability doesn't sound like something I'm interested in at all. Especially if every user-interface panel requires me to push the "I'M A CHARGIN' MA LAZER" button before pressing "OK".
I'm getting sick of people generating web-hits by relating anything and everything to Anonymous.
http://www.wired.com/threatlevel/2012/03/lulzsec-snitch/
If you can find a group to 'join' the Feds have joined long long ago.
"has been working undercover for the feds since the FBI arrested him without fanfare last June"
Like a protester in East Germany you will be surrounded by informants, deep undercover LEO and the added fun of vigilantes (alone/private/gov funded)
The problem is your looking at 28 years and usually have an hour with your lawyer to take the ~90% conviction court option or make a long list of your friends and become an informant....
From a developer perspective its like your boss was in talks with a big brand and sold out months ago.
Your ideas where sold long ago.
Domestic spying is now "Benign Information Gathering"
The 1 good thing "hacker/cracker" types online do is spot holes that need "shoring up"... but, that's about it!
Is it always necessary? For example, if the attacks to the Sony PSN network were left undone, where would we be now? We can't tell for sure, but possibly the network would be humming along just fine, no one would have their credit card numbers stolen, and Sony would have avoided the cleanup of all the mess. So would the world actually be collectively in a better state?
Even if the cracking is be done in an ethical manner, that is by not destroying anything or leaking username/password lists, maybe just leaving a "haha you got cracked" message...even then the service provider can't for sure know if the integrity of the system has somehow been threatened, and it just causes unnecessary worry.
"What Developers Can Learn From Anonymous" is the wrong title. What you want to say is "What Managers Can Learn From Anonymous", because what's the use if developers in a company with tight controls have a good idea that's never implemented.
Saying you're part Anonymous is like saying you're punk rock. Anyone can say they are, but there are songs that are clearly punk rock and things that claim to be but are clearly not in the spirit of it.
Every time in my career that I've been asked to "provide metrics", I've asked (friendly like) "What decisions will be taken based on them? What will we do differently? What can we do differently?"
I've never, ever, received any answer other than "Can't change anything, but Bossman wants them".
So you can take your metrics and shove them right up your ISO 14001. They're very likely to be a waste of time demanded by a waste of oxygen.
If you were blocking sigs, you wouldn't have to read this.
Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake,
Most things "done by Anonymous" were followed by massive Internet flame outbursts directed toward the people who performed them -- supposed "newfags" who are "not really Anonymous". I think, the only action that did not provoke such reaction was the original Habbo Hotel invasion (of "Pool is closed due to AIDS" fame).
Contrary to the popular belief, there indeed is no God.
I think the Linux kernel development is better example of colaborative development. The bazar (vs. cathedral) way works great for production, the agile methodologies has appropiated this anarchic success.
They prove you to don't need a fixed goal or purpose to do something. We can do things just for the hell of it. Don't assume that we need a reason to do something. It could be that we exist just because... no end game needed. That's my fantasy, and I'm sticking to it!
“He’s not deformed, he’s just drunk!”
Nothing else has worked. Maybe Anonymous can do it?
Or just an illusion of one.
Sony shut down PSN when they discovered that a bunch of hacked PS3s were accessing and downloading DLC via the developer network. For free.
Investigations into the system then revealed that hackers have been going in and out and retrieving "securely stored data". It was found post-hack, not released pre-emptively. Sony found out people were downloading stuff for free, shut down their network to prevent it from happening, Then in an attempt to fix it, discovered they've been breached.
Or, the breach happened, and Sony failed to detect it. Even then there were vulnerabilities - until Sony started changing how PSN logins were handled, people could login to PSN from hacked consoles and cheat online.
If it weren't for the greedy people downloading free DLC, everything would be humming along fine, and people would be wondering why their credit cards and such were being charged, or extra bills appearing the mail, etc.
Or the other hacks and such - like credit card processors being breached. We know about them because it's reported, but it oculd've been covered up, giving a false impression that things are fine.
So - would you rather not know if your information has been compromised but things appear fine, or know that it was?
Comment removed based on user account deletion
Sure. Sounds very sensible.
Comment removed based on user account deletion
Comment removed based on user account deletion
Memorable quotes for
Looker (1981)
http://www.imdb.com/title/tt0082677/quotes
"John Reston: Television can control public opinion more effectively than armies of secret police, because television is entirely voluntary. The American government forces our children to attend school, but nobody forces them to watch T.V. Americans of all ages *submit* to television. Television is the American ideal. Persuasion without coercion. Nobody makes us watch. Who could have predicted that a *free* people would voluntarily spend one fifth of their lives sitting in front of a *box* with pictures? Fifteen years sitting in prison is punishment. But 15 years sitting in front of a television set is entertainment. And the average American now spends more than one and a half years of his life just watching television commercials. Fifty minutes, every day of his life, watching commercials. Now, that's power."
##
"The United States has it's own propaganda, but it's very effective because people don't realize that it's propaganda. And it's subtle, but it's actually a much stronger propaganda machine than the Nazis had but it's funded in a different way. With the Nazis it was funded by the government, but in the United States, it's funded by corporations and corporations they only want things to happen that will make people want to buy stuff. So whatever that is, then that is considered okay and good, but that doesn't necessarily mean it really serves people's thinking - it can stupify and make not very good things happen."
- Crispin Glover: http://www.imdb.com/name/nm0000417/bio
##
"It's only logical to assume that conspiracies are everywhere, because that's what people do. They conspire. If you can't get the message, get the man." â" Mel Gibson (from an interview)
##
"We'll know our disinformation program is complete when everything the American public believes is false." â" William Casey, CIA Director
##
George Carlin:
"The real owners are the big wealthy business interests that control things and make all the important decisions. Forget the politicians, they're an irrelevancy. The politicians are put there to give you the idea that you have freedom of choice. You don't. You have no choice. You have owners. They own you. They own everything. They own all the important land. They own and control the corporations. They've long since bought and paid for the Senate, the Congress, the statehouses, the city halls. They've got the judges in their back pockets. And they own all the big media companies, so that they control just about all of the news and information you hear. They've got you by the balls. They spend billions of dollars every year lobbying lobbying to get what they want. Well, we know what they want; they want more for themselves and less for everybody else.
But I'll tell you what they don't want. They don't want a population of citizens capable of critical thinking. They don't want well-informed, well-educated people capable of critical thinking. They're not interested in that. That doesn't help them. That's against their interests. They don't want people who are smart enough to sit around the kitchen table and figure out how badly they're getting fucked by a system that threw them overboard 30 fucking years ago.
You know what they want? Obedient workers people who are just smart enough to run the machines and do the paperwork but just dumb enough to passively accept all these increasingly shittier jobs with the lower pay, the longer hours, reduced benefits, the end of overtime and the vanishing pension that disappears the minute you go to collect it. And, now, they're coming for your Social Security. They want your fucking retirement money. They want it back, so they can give it to their criminal friends on Wall Street. And you know something? They'll get it. They'll get it all, sooner or later, because they own this fucking place. It
You know,this Beats By Dre UK friendship is that money can not buy,it is time not lead back to the share of the sincere friendship Heart exchange are Dr Dre Headphones the wealth of your life.When you pay,you do not have to always look forward to a friend to say thank you.A thousand times,thanks a thousand times and may not be able to compete with an understanding eyes!I have at least Dr Dre Beats five Needless to say thank friends,so I am grateful to God,will cherish the hard-won mutual affection!
Investing in one of THESE is a big help:
http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22DDos+Appliance%22&btnG=Search&gbv=1&sei=KYw7UI-4FsXs6wH3uIDoDw
Because DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note)"
Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0?65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100?65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80?65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0?255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0?65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmen