Dave Farley's book is really good, and I'd highly recommend it. However, I do have an issue with his focus on applying science in the definition, even though it doesn't come across in his final conclusions. In the…
Having a bottleneck with AI-generated code is probably a good thing. Consider before AI. In cases where code was written by a trusted human, you had confidence that they were doing the right stuff - the people…
In practice, the frameworks don't work out of the box. Take Scrum, for example. The framework described today has had all the original technical practices used by the first Scrum Teams stripped out, with no new…
A better title would be "Dark Agile is a scourge on the planet". There are plenty of people who've written about this, but Ron Jeffries' posts "Dark Scrum" (https://ronjeffries.com/articles/016-09ff/defense/) and "We…
I graduated from a software engineering program accredited by ABET as engineering, rather than as a computing program, which would include CS, data science, information systems, and IT. Even with that, I didn't have…
The AGPLv3 doesn't protect against cleanroom engineering. The full passage from Clause 13 is: "...if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a…
> You absolutely can; the model is quite capable of reproducing works it was trained on, if not perfectly then at least close enough to infringe copyright. The only thing stopping it from doing so is filters put in…
Point 2 misses the distinction between AI models and their outputs. Let's assume for a moment that training AI (or, in other words, creating an AI model) is not fair use. That means that all of the license restrictions…
The premise of this whole post is incorrect. If an organization is building an AI product or offering an AI service, then a SOC 2 report, or at least a SOC 2 Type 2 report, should answer these questions. "What happens…
I'm looking through what I have access to quickly. I started with the CSA's Cloud Controls Matrix, just because they trace to a bunch of other standards. They have a control - IAM-07 - that is to "de-provision or…
If the copyrighted code was uploaded to GitHub by the owner, there's no problem with this. When you upload code to GitHub, one of the rights that you grant to GitHub is the right to use your content for "improving the…
Most of the comments on that app as well as here are probably wrong. I'd suspect that everyone who had the app "installed without their permission" opted into the Android COVID-19 Exposure Notification program. This was…
I think this is why the PDF is actually the "Guide to the Software Engineering Body of Knowledge". It's not a representation of the complete body of knowledge itself, but extracting key concepts and terms and provides…
I wonder if the people involved in approving and conducting this research are aware of the ACM's Code of Ethics. I can see pretty clear links to at least two or three of the code's ethical principles. This seems to be a…
Yeah. That's a better way of putting it. The author didn't opt to change the license. He corrected a licensing error. I do agree that making the downstream users aware is important, I just don't agree that immediately…
Vendoring is a good first step, too. As long as you have a local copy of all the dependencies, you're better off than needing to go pull them from the Internet every time you want them and risk having them gone.…
This just bit me. The first thing that I noticed was that some people are not understanding the GPL. It's far more impactful to Rails than the vast majority of web applications built using Rails. The use of GPL'd files…
Dave Farley's book is really good, and I'd highly recommend it. However, I do have an issue with his focus on applying science in the definition, even though it doesn't come across in his final conclusions. In the…
Having a bottleneck with AI-generated code is probably a good thing. Consider before AI. In cases where code was written by a trusted human, you had confidence that they were doing the right stuff - the people…
In practice, the frameworks don't work out of the box. Take Scrum, for example. The framework described today has had all the original technical practices used by the first Scrum Teams stripped out, with no new…
A better title would be "Dark Agile is a scourge on the planet". There are plenty of people who've written about this, but Ron Jeffries' posts "Dark Scrum" (https://ronjeffries.com/articles/016-09ff/defense/) and "We…
I graduated from a software engineering program accredited by ABET as engineering, rather than as a computing program, which would include CS, data science, information systems, and IT. Even with that, I didn't have…
The AGPLv3 doesn't protect against cleanroom engineering. The full passage from Clause 13 is: "...if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a…
> You absolutely can; the model is quite capable of reproducing works it was trained on, if not perfectly then at least close enough to infringe copyright. The only thing stopping it from doing so is filters put in…
Point 2 misses the distinction between AI models and their outputs. Let's assume for a moment that training AI (or, in other words, creating an AI model) is not fair use. That means that all of the license restrictions…
The premise of this whole post is incorrect. If an organization is building an AI product or offering an AI service, then a SOC 2 report, or at least a SOC 2 Type 2 report, should answer these questions. "What happens…
I'm looking through what I have access to quickly. I started with the CSA's Cloud Controls Matrix, just because they trace to a bunch of other standards. They have a control - IAM-07 - that is to "de-provision or…
If the copyrighted code was uploaded to GitHub by the owner, there's no problem with this. When you upload code to GitHub, one of the rights that you grant to GitHub is the right to use your content for "improving the…
Most of the comments on that app as well as here are probably wrong. I'd suspect that everyone who had the app "installed without their permission" opted into the Android COVID-19 Exposure Notification program. This was…
I think this is why the PDF is actually the "Guide to the Software Engineering Body of Knowledge". It's not a representation of the complete body of knowledge itself, but extracting key concepts and terms and provides…
I wonder if the people involved in approving and conducting this research are aware of the ACM's Code of Ethics. I can see pretty clear links to at least two or three of the code's ethical principles. This seems to be a…
Yeah. That's a better way of putting it. The author didn't opt to change the license. He corrected a licensing error. I do agree that making the downstream users aware is important, I just don't agree that immediately…
Vendoring is a good first step, too. As long as you have a local copy of all the dependencies, you're better off than needing to go pull them from the Internet every time you want them and risk having them gone.…
This just bit me. The first thing that I noticed was that some people are not understanding the GPL. It's far more impactful to Rails than the vast majority of web applications built using Rails. The use of GPL'd files…