Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
Let's say I want to add some basic encryption capabilities to my application (without making it the application's primary purpose) - for example, using public-key cryptography to encrypt/sign private messages in a video game. Should I be worried about export restrictions (mainly in the US)? Is there a limit to how "strong" the encryption can be?
According to this article:
On June 25, 2010, the Department of Commerce’s Bureau of Industry and Security (BIS) published a notice in the Federal Register implementing substantial and far-reaching amendments to controls of encryption software and hardware under the U.S. Export Administration Regulations (EAR). These changes were originally announced in early May, and mark the first step in the Obama Administration’s efforts toward reform of U.S. export controls intended to expand access for U.S. exporters to foreign markets.
...
Decontrolling Ancillary Cryptography Products
This amendment to the regulations incorporates changes adopted in December at meetings of the Wassenaar Arrangement. Previously, exporters were permitted to self-classify most ancillary cryptography items (i.e., items, such as video games, that use encryption but where the encryption is ancillary to the item’s main purpose) as ECCN 5D002. Such items could then be exported immediately using License Exception ENC. Certain other ancillary cryptography items were classified under ECCN 5D992, and were eligible for export to most destinations other than Cuba, Iran, North Korea, Sudan, and Syria.
The new regulations effectively decontrol ancillary cryptography products. Specifically, the regulations add a note to Category 5 of the Commerce Control List stating that such items will no longer be controlled on the basis of their cryptographic functionality. Rather, ancillary cryptography items will be controlled under whatever other ECCN is applicable to the item. In many cases, such items will likely be classified as EAR99.
(emphasis added)
So, it looks like video games are off the hook as far as US is concerned.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm working on a project that requires certain statistics from another website, and I've created an HTML scraper that gets this data every 15 minutes, automatically. However, I stopped the bot now, as in their terms of use, they mention they do not allow it.
I really want to respect this, and especially if there's a law prohibiting me from taking this data, but I've been contacting them through email several times without a single answer, so now I've come to the conclusion that I'll simply grab the data, if it is legal.
On certain forums I've read that it IS legal, but I would much rather get a more "precise" answer here on StackOverflow.
And let's say that this is in fact not illegal, would they have any software to spot my bot making several connections every 15 minutes?
Also, when talking about taking their data, we're talking about a single number for each "team", and this number I will transfer in to our own number.
I'll quote Pablo Hoffman's (Scrapinghub co-founder) answer to "What is the legality of web scraping?", I found on other site:
First things first: I am not a lawyer and these comments are solely
based on my experience working at Scrapinghub, please seek legal
assistance accordingly.
Here are a few things to consider when scraping public data from websites (note that the following addresses only US law):
As long as they don't crawl at a disruptive rate, scrapers do not breach any contract (in the form of terms of use) or commit a crime
(as defined in the Computer Fraud and Abuse Act).
Website's user agreement is not enforceable as a browsewrap agreement because companies do not provide sufficient notice of the
terms to site visitors.
Scrapers accesses website data as a visitor,
and by following paths similar to a search engine. This can be done
without registering as a user (and explicitly accepting any terms).
In Nguyen v. Barnes & Noble, Inc. the courts ruled that simply placing a
link to a terms of use at the bottom of webpage is not sufficient to
"give rise to constructive notice." In other words, there is nothing
on a public page that would imply that merely accessing the
information is subject to any contractual terms. Scrapers gives
neither explicit nor implicit assent to any agreement, therefore
breaches no contract.
Social networks, for example, assign the value of becoming a user (based on call-to-action on public page), as the ability to: i) Gain access to full profiles, ii) Identify common friends/connections, iii) Get introduced to others, and iv) Contact members directly. As long as scrapers makes no attempt to perform any of these actions they do not gain "unauthorized access" to their services and thus does not violate CFAA
A thorough evaluation of the legal issues involved can be seen here: http://www.bna.com/legal-issues-raised-by-the-use-of-web-crawling-and-scraping-tools-for-analytics-purposes
There must be robots.txt file in root folder of that site.
There are specified paths, that are forbidden to harass with scrappers, and those, which is allowed (with acceptable timeouts specified).
If that file doesn't exists - anything is allowed, and you take no responsibility for website owners fail to provide that info.
Also, here you can find some explanation about robots exclusion standard.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
How can I deal with sprint backlog items that somehow becomes obsolete or unnecessary mid-sprint? Do I mark them as solved?
What about tasks that are dependent on external factors outside the control of the team?
The Scrum Guide covers this eventuality:
During the Sprint:
Scope may be clarified and re-negotiated between the Product Owner and Development Team as more is learned.
So, if you end up removing Sprint Backlog Items, your first action would be to return them to the Product Backlog. You don't mark them as "Done" because they're not, and to do so would reflect incorrectly on the Velocity.
Having removed Sprint Backlog Items, the Development Team may feel that they have capacity to bring other Product Backlog Items in to the Sprint. That's their call.
Later, perhaps during Product Backlog Refinement, you may decide that the removed Product Backlog Items are no longer useful. You could then remove them from the Product Backlog, updating any Product Roadmaps or Release Burndowns that had included those items.
I assume that by sprint backlog items, you mean what is also called tasks, or the breakdown of the product backlog items, as done by the team during the planning session. Just throw the card into the nearest recycling bin, or mark it as removed from a computerized system. You may mark them as solved if that makes sense to you (if by solved you mean no remaining work to be done).
If this happens often, then your team may wish to bring this up in a retrospective. It is an indication of the team not having a clear idea of what needs to be done - either due to insufficient planning, an impaired idea of what the product backlog item is, or possibly changing requirements. You may wish to bring it up with the PO if it is the latter.
With regard to tasks dependent on external factors - you should plan your work accordingly. Separate the high risk components from the low risk ones. have your existing (and low risk) modules interact with the high risk components through interfaces, and design the APIs to have as little of a risky surface as possible.
When building the low risk module, you should stub (mock) the high-risk modules, and you will be well served using dependency injection so that you can then easily swap the stubs for the real thing when the external factors become available. If the external modules do not fit your interface, write an adapter to transform your calls into the external module's APIs.
Even if the external factors are available before you build your software, you should consider doing the above, though developing a stub is not as crucial as it would be if it wasn't ready. Doing this will safeguard your system from future breaking changes to the external components.
Either way, your plans should account for this, and you should communicate the problem to the PO. He will not be able to release any PBI that is missing a crucial part.
Is it mandatory in some countries to make all websites accessible?
If so, what would happen if someone in country with this mandate does not make a website accessible?
Can the government remove or block the IP if the site is not accessible?
How could the government know if any website is not accessible? Do they check every single website?
Does only the people/company who make the inaccessible site get any notice from the government?
Why are there so many accessibility guidelines -- WACG 1, WCAG 2.0, DDA, Section 508, etc.? If the whole world follows W3C for XHTML and CSS, then why have some countries made their own guidelines?
Is it mandatory in some countries to make all websites accessible?
Yes, particularly the United Kingdom, Ireland and Australia.
This is in order to comply with legislation that prevents discrimination against disabled people. While this is, or can be, seen as a burden I find it helps to think of it as widening your audience, consumer or user-base.
If so, what would happen if someone in country with this mandate does not make a website accessible?
Being a legal requirement means that a court is/will be able to impose sanctions, depending on their interpretation of the local laws, that might involve enforced compliance with the laws, a financial penalty (fines, etc) or some other punishment until compliance is established.
Can the government remove or block the IP if the site is not accessible?
That depends on which government and the specifics written into the laws. It seems unlikely that they would block the website because of non-compliance with accessibility legislation. It seems far more likely, though I am biased because of where I live (the United Kingdom), that reparations would be sought through the judicial system.
How could the government know if any website is not accessible? Do they check every single website?
In the United Kingdom it seems that complaints would be brought by disabled users that are prevented from successfully using/accessing the site or service. These complaints would likely be taken to the court system, see above.
It is even more likely that the user would inform the owner of the website directly, before bringing a complaint to court, in order to give you/the owners a chance to apologise (never underestimate the power of a sincere apology) and enhance the site.
[Do] only the people/company who make the inaccessible site get any notice from the government?
I would imagine, and this is why this isn't necessarily a great place to ask the question, that the owners would be notified. It is, however, quite likely that, as the site developer, you would quickly receive complaints from the owner of the site since you made it/designed it. But the legal burden of responsibility is likely to depend upon the contract under which you were employed/contracted.
If you feel that accessibility would add an undue burden upon yourself, it's always worth specifying to the client the costs of adding compliance with accessibility requirements, and telling them of the specific laws under which they are requirements.
But, for this, you need to speak to a lawyer.
Why are there so many accessibility guidelines -- WACG 1, WCAG 2.0, DDA, Section 508, etc.? If the whole world follows W3C for XHTML and CSS, then why have some countries made their own guidelines?
Because all laws are set locally, or, in some cases, internationally via treaties. The W3C can make suggestions and guidelines, but it is not, thankfully for IE, illegal not to comply with CSS2.1. It is, however, illegal not to comply with the DDA (Disability Discrimination Act) in the United Kingdom.
All the above is not the advice of a qualified legal representative, or counsel. For specific advice consult a lawyer who practices the law in the country/region in which your client is based, or in which your website/product will accessible.
This would imply a lawyer from the United Kingdom for a British local government website, for a German authority website it would, of course, imply the services of a lawyer from Germany.
Is it only mandatory to make site accessible for Govt. own website and for stock exchange listed corporate sites. or for all type of sites?
I can't speak as to the exact requirements, since I'm not a lawyer. However a quick Google turns up the following web-page that seems to address this question: http://www.webcredible.co.uk/user-friendly-resources/web-accessibility/uk-website-legal-requirements.shtml
To paraphrase the linked page:
The DDA makes it unlawful for a service provider to discriminate against a disabled person by refusing to provide any service that it provides to members of the general public.
I read this to mean that all websites that provide a service to the public are required to be accessible under the terms of the DDA. This would include Government websites, but also home-shopping websites (from, for example, Sainsbury's, Asda, Tesco's, etc) and the Royal Mail or cinema ticket-reservation sites.
From 01/10/1999 service providers must take reasonable steps to change any practice that makes it unreasonably difficult for disabled people to make use of its services
The key term here, I think, is 'reasonable steps.' I presume, from this, that if the website/service generates an income of £10000 per annum, and the cost of compliance with accessibility would be in excess of £10000 then you could argue that it exceeded any reasonable effort/cost to become compliant.
However, this is the reason that progressive enhancement is popular in Javascript and CSS. If the service, at its most basic, is accessible then Javascript and CSS can be used to make it prettier and shinier (whatever that means to you), but it should degrade back to a functional UI when JS or CSS are disabled. In this situation the site is compliant, but a disabled person might not have the same shiny, moving buttons.
Accessibility means that they must be able to access the service/site without unreasonable difficulty. It does not mean that the site has to look/behave exactly the same.
A direct quote from the linked page:
2.13 - 2.17 (p11-13): “What services are affected by the Disability Discrimination Act? An airline company provides a flight reservation and booking service to the public on its website. This is a provision of a service and is subject to the act.”
In addition to above answers:
The W3C has a page listing relevant laws in different countries, including links to the relevant laws (often in the language of that country though):
http://www.w3.org/WAI/Policy/
As I said, it's very hard to answer in general. I guess you will be getting a list of answers specific to countries - maybe a good idea to make it Community Wiki.
For Germany, according to Wikipedia and other sources:
Newly built web sites of federal administrative bodies in Germany have to be accessible by law since 2006. The accessibility guidelines are defined in a directive named BITV (german text here). BITV follows the WCAG 1.0 Guidelines very closely.
Similar laws exist for the country's sixteen states ("Länder").
The creation of accessible web sites is encouraged by a number of government and EU initiatives and private initiatives like the BIENE Award (German only).
To my knowledge, no plans to enforce accessibility in non-government websites exist at this time.
As to why countries implement their own guidelines, among other things, language certainly is an issue: To put guidelines into a law, you need the guidelines in your native language, double-checked by lawyers.
There is an ISO standard, ISO 23026 for reccomended practices for website engineering and website lifecycle management and this does not vary for country specific guidelines. This std includes clauses for website accessibility as well. This standard touches upon guidelines for website accessibility, usability and security, etc.
Why are there so many accessibility guidelines -- WACG 1, WCAG 2.0, DDA, Section 508, etc.?
Just on this point (and assuming “DDA” refers to the UK’s Disability Discrimination Act), the Act doesn’t contain any guidelines on web accessibility in particular.
It makes a legal requirement for companies to provide equivalent service to disabled and non-disabled customers, and that requirement applies to websites just like any other service.
But the Act doesn’t count as another set of guidelines in itself.
I believe Section 508 was based on, and is almost identical to, WCAG 1.
That just leaves WCAG 1 and 2, both of which are from the W3C, and version 2 now supersedes version 1. So there’s actually just one set of guidelines, unless you’ve got any more examples.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
What are the reporting lines when using SCRUM methodology as compared to a "tranditional" matrix organisation where developers report to development managers, project managers and any other stakeholder at the time?
The point of Agile is to eliminate all the "reporting lines" and pare things down to the essential relationships and nothing more.
Scrum teams are intended to be self-organizing, not have organization imposed on them.
I don’t believe it is the intention of Scrum to define any reporting lines whatsoever, at least not in the formal context. It’s a software development methodology, not an organisational structure approach. Although I often play the role of a Scrum Master and my direct reports do the development, we could conceivably operate with one of the other guys playing the lead role and myself being a developer without it being contrary to the formal construct. Of course this could be interesting in the event of a dispute but for the most part I think Scrum and reporting lines are two independent concepts.
The reporting lines within a Scrum project are dependent on the situation. At a high level the reporting lines for the project might look like this . . .
Team member => Team => Product Owner => Customers/Sponsors.
The team members are accountable to each other, and as such at the very least use the daily standup to bring their team mates up to speed with any issues and problems. Between them they will decide on course corrections, or a plan of action to fix the issue. The ScrumMaster is part of the team, and may decide to take on tasks to facilitate the removal of any impediments that the team runs into, but that does not mean that the team reports to the ScrumMaster.
The team also makes a commitment to the Product Owner (PO) when they agree on the goal and deliverable for the sprints. As such they will allow the PO to provide leadership for the project and let them (the PO) resolve any issues with respect to the clarification, scope of features.
The PO was the original champion for the project and managed to get funding and buy-in from customers and sponsors. As such the PO needs to keep those stakeholders appraised of the projects progress against the plan for delivery and success. The PO needs to ensure that the stakeholders remain satisfied and in the case that something unforseen occurs, confirm that the new plan still meets with the stakeholders buy-in.
My final note is that managers and project managers are still involved, though more indirectly to help the team remove and solve their impediments that are inhibitors to their success.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
We've been using Scrum on a few projects now with varying success and I now have a query relating to documentation.
In Scrum, you obviously have the product backlog ("The application begins by bringing up the last document the user was working with.") and the sprint task backlog ("Implement forgot password screen"). However, in all the examples I have seen, these two items are fairly high level in terms of detail (being designed on fit on a post-it note).
So, where does the detail sit? Let's say the client has some very specific requirements for a stock management screen, or has a complex API that needs to be integrated with on the back end, where is this documented, how and who captures this information? Is it seperate to the backlog but populated on a just-in-time basis or some other way?
Sprint backlog
The sprint backlog is a greatly
detailed document containing
information about how the team is
going to implement the requirements
for the upcoming sprint. Tasks are
broken down into hours with no task
being more than 16 hours. If a task is
greater than 16 hours, it should be
broken down further. Tasks on the
sprint backlog are never assigned,
rather tasks are signed-up for by the
team members as they like.
Detail can sit in a wiki available to the whole team and editable by the whole team.
Not sure if this is as simple as it sounds. We've seen challenges with the detail part as well. Lets say if we're developing on a story that requires capturing simple contact information for lets say a CRM system. I now have the stories from the PO and we went through the sprint planning meeting and understood the first 5 stories that meets our velocity. However its always a struggle on capturing all the details of the conversation, for example how the screen needs to be laid out, what are the 20+ fields you need to have on the screen, can some of these fields lookup information from other tables/views etc.
Who captures those details, should it be the PO or developer and whats the best practice for storing these details. We're right now trying to use wiki's for this, however it becomes an overhead in trying to maintain the action items on who needs to update which details and by when.
My understanding is that specific requirements such as this are handled by the product owner. They will liase with the client during Sprint Planning 2 and update the tasks with specfic requirements as needed - hence why the Product Owner is a optional attendee of the Sprint Planning 2 meeting. This gives you a hybrid of Just-in-Time and Sprint Planning 2 population of the specifics. Anything that isn't satisfied by the time you come to work on the task will be an impediment and should be dealt with a the daily scrum, by the product owner.
As the development is Agile when using Scrum you shouldn't find too much of an issues getting requirements just in time.