Skip to content

Feed aggregator

Heartbleed raises more open source security challenges for federal government

Kloctalk - Klocwork - 16 hours 49 min ago

The discovery of the Heartbleed OpenSSL security vulnerability in April seems like old news at this point, but its impact continues to reverberate. Countless firms have been affected by this revelation, and few have fully put the open source flaw behind them.

One organization that has been particularly strongly affected by Heartbleed is the U.S. government. As NextGov contributor Jason Thompson recently discussed, OpenSSL is an incredibly important resource for the federal government, but Heartbleed raises questions about the viability of this and other open source solutions. To continue to utilize these offerings, a renewed focus on open source security may be necessary.

Government IT issues
While the expansive degree to which OpenSSL is used by organizations around the world has been widely discussed, few have noted how important this solution is for the U.S. government in particular. Thompson pointed out that OpenSSL, created in 1981, was essential for the development of Internet-based government services.

OpenSSL remains critical for providing encryption for U.S. government IT to this day, making Heartbleed a serious security risk. Thompson reported that four hackers recently accepted a challenge from website security company Cloudflare and successfully managed to steal private Secure Shell security keys by exploiting Heartbleed. Considering the fact that Secure Shell protocol operates in the background of most government networks, encrypting connections, these hackers' actions raise serious concerns.

Federal agencies regularly use identity and access management solutions to control authorization for cloud infrastructure use, along with access to applications, servers and data. And as Thompson pointed out, the IAM tools within Secure Shell implementations are at risk when hackers exploit Heartbleed. This is particularly problematic when it comes to machine-to-machine data transfers and other non-human identity management, he explained.

Open source implications
However, despite all of these issues, Thompson maintained that open source solutions can still remain an invaluable resource for government agencies. The discovery of the Heartbleed vulnerability should not dissuade agencies from leveraging this technology, but rather cause departments to reconsider their approach to open source tools.

These issues should encourage "technology leaders to take another look at the critical but oft-forgotten infrastructure their agencies are riding on, especially when it is something as ubiquitous and critical as encryption technologies like SSL or Secure Shell," Thompson explained.

In particular, the writer emphasized the need for agency decision-makers to consider who creates keys within the agency, who monitors open source technology and who delivers support for open source tools, along with a variety of related IT issues.

Open source tools
This may also be the ideal time for agency leaders to consider whether their current open source tools are sufficient for an evolving IT realm. As Thompson explained, no software is safe from the threat of external attackers – sooner or later, someone is bound to discover a vulnerability. The best that organizations, including the federal government, can do to protect themselves is to invest in the best tools and strategies to defend against these risks.

For example, agencies should make sure that they have high-quality scanning solutions in place. These tools should be specifically designed to work with open source software code, identifying where this code is in use. Without such resources in hand, IT personnel cannot effectively identify where open source is in operation within the department, and therefore cannot ensure that open source best practices are being followed. 

Additionally, agencies should implement governance and provisioning solutions to guarantee compliance and protect open source usage against security and functional risks. Only with such tools in place can the U.S. government continue to leverage open source resources for maximum utility. 

Categories: Companies

To preload or not to preload...

Rico Mariani's Performance Tidbits - Fri, 08/29/2014 - 21:25


My application starts slowly, I want to preload it to avoid that problem.   Should I be worried?


Well, in short, there are lots of concerns.  Preloading things you may or may not need is a great way to waste a ton of memory and generally make the system less usable overall.

I’m often told that that the answer to a performance problem is to simply preload the slow stuff… unfortunately that doesn’t work as a general solution if everyone does it.  It’s classic “improve the benchmark” thinking.

When developing for Windows you have to think about all kinds of scenarios, such as the case where there are several hundred users trying to share a server each with their own user session.  Your application might also need to run in a very memory constrained environments like a small tablet or some such – you do not want to be loading extra stuff in those situations. 
The way to make a system responsive is to KEEP IT SIMPLE.  If you don’t do that, then it won’t matter that you’ve preloaded it -- when the user actually gets around to starting the thing in a real world situation, you will find that it has already been swapped out to try to reclaim some of the memory that was consumed by preloading it.  So you will pay for all the page faults to bring it back, which is probably as slow as starting the thing in the first place.  In short, you will have accomplished nothing other than using a bunch of memory you didn’t really need.

Preloading in a general purpose environment is, pretty much a terrible practice.  Instead, pay for what you need when you need it and keep your needs modest.  You only have to look at the tray at bottom right on your screen full of software that was so sure it was vitally important to you that it insisted on loading at boot time to see how badly early loading scales up.

Adding fuel to this already bonfire-sized problem is this simple truth: any application preloading itself competes with the system trying to do the very same thing.  Windows has long included powerful features to detect the things you actually use and get them into the disk cache before you actually use them, whether they are code or data.  Forcing your code and data to be loaded is just as likely to create more work evicting the unnecessary bits from memory to make room for something immediately necessary, whereas doing nothing would have resulted in ready-to-go bits if the application is commonly used with no effort on your part.


Bottom line, preloading is often a cop out.  Better to un-bloat.

Categories: Blogs

On adopting high end perf tools to study micro-architectural phenomena

Rico Mariani's Performance Tidbits - Fri, 08/29/2014 - 20:05

Huge words of caution: you can bury yourself in this kind of stuff forever and for my money it is rarely the way to go.  It’s helpful to know where you stand on CPI for instance but it’s much more typical to get results by observing that you (e.g.) have a ton of cache misses and therefore should use less memory.  Using less memory is always a good thing.

You could do meaningful analysis for a very long time without resorting to micro-architectural phenomena simply by studying where your CPU goes.

It is not only the case that (e.g.) ARM does things differently than (e.g.) x86 products, it is also the case that every x86 processor family you have ever heard of does it differently than every other one you have ever heard of.  But that turns out to be not that important for the most part.  Because the chief observations like “we branch too much” are true universally.  Just as “we use too much memory” is basically universally true.

The stock observations that you should:

1. Use less memory
2. Use fewer pointers and denser data structures
3. Not jump around so much

Are essentially universally true.  The question really comes down to what can you get away with on any given processor because its systems will save the day for you.  But even that is a bit of a lie, because the next question is “what else could you be doing an your program would still run well?” because the fact is there is always other stuff going on and if you minimize your use of CPU resources generally you will be a better citizen overall.

In short, the top level metrics, CPU, Disk, Memory, Network, will get your very far indeed without resorting to mispredicts and the like.  If you want to use the tools effectively, with broad results, I strongly recommend that you target the most important metrics, like L2 cache misses, and reduce them.  That’s always good.  Pay much less attention to the specific wall-clock consequence in lab scenarios and instead focus on reducing your overall consumption.

And naturally this advice must be tempered with focus on your customers actual problems and forgive me for being only approximately correct in 400 words or less.


Categories: Blogs

How Apple Aims To Improve App Store Discovery With iOS 8

uTest - Fri, 08/29/2014 - 18:51

This story was originally published on the Applause App Quality Blog by Dan Rowinski.


Sometimes you can’t find the app you are looking for.

A single app in Apple’s App Store is just the perfect one that you are seeking. With 1.2 million apps, it has to be in there somewhere, right? It may be a new calendar app to that syncs your iCal, Google Calendar and Outlook meetings. Or it is a messaging app that focuses on standard and proper English, eschewing the craze of emoji and emoticons endemic today’s popular communication methods. You know somebody at some point must have built this app, but it is impossible to find.

App Store discovery has been a massive problem for developers, users and Apple for the last several years. App Store search is inadequate for most people’s needs and the top lists that Apple relies upon have created a top-heavy capitalistic market that breeds poor quality apps.

Apple is not ignorant to this problem. In 2012 it spent a reported $50 million to improve the App Store and acquired app search engine Chomp to enhance discoverability. The improvements proved minimal and Apple eventually shuttered Chomp and rolled its intellectual property into iOS 6. Judging by the current discourse among the iOS developer community, Apple still has a lot of work to do to help app makers sell their wares.

Apple has some more improvements for the App Store coming with iOS 8 that it hopes will arrest the issue.

 App Store Improvements In iOS 8


In the keynote for its World Wide Developer Conference in June, Apple CEO Tim Cook called the coming improvements to the App Store the biggest the product has seen since it was launched in 2008.

  • App bundles so users can download a group of apps from the same publisher.
  • App preview videos that will augment the standard screenshots in the App Store.
  • A new “explore” tab in that will help users browse categories and subcategories of apps.
  • Trending search to identify popular app search terms.
  • An expanded “Editor’s Choice” section with a new logo that may or may not satisfy the call for human curators of the App Store.
  • TestFlight integration for developers to find beta users.
  • Vertical,endless scrolling in search.

Let’s take a look at some of the highlights.

Bundles Perfect For Unbundled Apps


Several of these items are essential to improving app store discovery. The forthcoming app bundles will solve an issue that big app publishers have in rolling out groups of apps intended to be bought and downloaded as a package. For instance, Microsoft rolled out its Office suite of apps earlier this year, only for users have to download each individually from the App Store. Companies like Facebook or Google could package their apps together (download Facebook and Messenger at the same time, for instance) or smaller publishers can group apps together to gain more traction and marketing opportunities from the get go, as opposed to struggling for each and every download.

App bundles is right App Store feature at the right time, especially considering the 2014 trend of “app unbundling” where app creators build multiple apps with different functions as opposed to cramming them all into one central app.

Finally, Video Previews For Apps

One of the greatest advantages that Google has had over Apple in their respective app repositories is that Google could roll out YouTube videos straight into Google Play. Anybody that has ever written a “top apps of the month” article will tell you that Android’s YouTube preview videos are so much more effective in telling the user what an app is actually about then just descriptions and screen shots. The fact that YouTube videos are embeddable helps to increase the media and viral quotient of spreading app awareness across the Web.

Video is coming to the App Store as well, but not in the form of YouTube. This will be a welcome cosmetic change for developers and app marketers. Apple has not said if App Store video previews will be embeddable.

Editor’s Choice = Human Curation?

In recent weeks, developers have called for the end of the algorithmic top lists in the App Store in favor of human curators. To be fair, Apple has long had an “editor’s choice” section in the App Store, but it has been buried at the bottom of the feed and really was not all that helpful.

Apple did not really get into specifics of the new Editor’s Choice section coming in iOS 8, but it did say that it will get a revamp and a new logo. Developers will also get a small editor’s choice icon next to their apps in App Store search results if their apps have been met with Apple editors’ seal of approval.

Categories: Companies

HPC critical for energy exploration

Kloctalk - Klocwork - Fri, 08/29/2014 - 15:33

The process of finding and producing oil and gas has become exponentially more difficult over the past few decades. Even in resource-rich areas, the most accessible oil and gas has by now largely been extracted and refined. Energy companies need to look deeper and become more precise in order to remain operational.

To succeed in this regard, these organizations now rely heavily on high performance computing solutions, as BizTech Magazine recently highlighted.

Hunting for energy
Halliburton estimates that more than 70 percent of current oil and gas production relies on mature fields, the majority of which have entered the second or third phase of production, the news source reported. In these areas, advanced raw survey data reanalysis and in-depth scenario analysis are essential, as companies must gain a clear view of the underlying structures and dynamics of these fields in order to remain operational and safe.

HPC is critical in this capacity. By leveraging HPC in conjunction with complex, proprietary algorithms and code, energy companies can produce high-quality imaging of subsurfaces. This allows the firms to identify and then extract resources from otherwise inaccessible areas.

A growing challenge
The news source that the need for ever-improving data analysis and imaging is driving energy companies to embrace the most advanced HPC tools available. If these organizations cannot process data quickly enough, they cannot gain the edge they need to remain productive in maturing oil and gas fields.

As BizTech Magazine explained, oil and gas companies are more reliant on gathering and processing large amounts of data than most other sectors. A single company can possess hundreds of petabytes of data in its portfolio, and a single large exploration project may produce numerous petabytes of information. The better a company can excel in its ability to collect and utilize data, the more likely it will find oil on any given drilling effort.

This has naturally spurred on companies, leading them to implement and develop advanced strategies and tools relating to the HPC field. For example, companies now deploy large numbers of advanced sensors designed for use in underground geology.

Similarly, oil and gas companies now allocate a greater portion of their total HPC budgets for data analysis and storage. The source noted that according to a recent IDC survey, these organizations now dedicate 12 percent of their HPC spending to big data analytics efforts.

An advancing market
Of course, it is not just energy companies that now rely heavily on HPC tools. The HPC market as a whole is growing as more organizations turn to these resources to improve their operations in a wide variety of areas.

Highlighting this trend, a recent MarketsandMarkets report found that the global market for HPC tools will reach $33.4 billion by 2018, up from just $24.3 billion last year – a 6.6 percent compound annual growth rate for this period. The study found that this growth is largely attributable to the simple fact that HPC tools are becoming more sophisticated and, as a result, more useful for countless firms.

"HPC has resolved the grand scientific challenges and enabled the enterprise to make sound business decisions. This has resulted in emergence of a new breed of dedicated HPC vendors, providing robust and scalable HPC clusters which can store, analyze and process data at the shortest possible time," MarketsandMarkets noted.

Critically, these benefits are being enjoyed by organizations of all sizes, rather than being limited solely to large-scale enterprises.

Categories: Companies

Multichannel Merchant – QA Testing Technology is Key for Seamless Integration

Did you know that an eBay study cited on The Future of Commerce found that 77 percent of shoppers expect a seamless, integrated experience regardless of whether they’re in store, online or using a mobile device? Original Software CEO Colin Armitage recently wrote an article for Multichannel Merchant, a print and online publication serving organizations […]
Categories: Companies

Welcome to the Testlio Team, Michelle Surya!

Testlio - Community of testers - Fri, 08/29/2014 - 11:07

Everyone here at Testlio is thrilled to welcome Michelle Surya to our team! Michelle joins us from Appurify (acquired by Google) where she was the Director of Sales. She will be leading our sales in US so that we can help more companies release their apps with confidence.

From the first conversation I had with Michelle I was blown away by her passion and energy for startups, testing industry and life in general. After spending some time with her in Estonia I was even more convinced that I want to work with her.

Here are Michelle’s thoughts:

“I’m so thrilled to share that I’m joining the Testlio team as their Head of Sales. I’ll be leading sales and new business efforts from San Francisco, growing the customer base, scaling the business and kicking some butt. I come from the mobile development world so this is a perfect next move for me to leverage both my experience and my network.

I can tell you though, that what really attracted me to this company is the team. That’s truly what excites me most about this opportunity. They are young, eager, hardworking professionals that love what they do and do it well… really, really well. I believe that Team is number one – if you are lucky enough to find people that you trust and that value you, its nothing to ignore, in fact it should be celebrated. And I’m definitely going to celebrate this!

Most recently I was leading sales activities for Appurify, a San Francisco based startup backed by Google Ventures. On June 24, during the Keynote at Google I/O 2014, they announced the acquisition of Appurify’s mobile testing platform. I feel extremely fortunate to have been a part of it. Prior to Appurify, I was running enterprise accounts in North American and European territories at Crittercism, also based in San Francisco. Their investors include Google Ventures, Kleiner Perkins, Shasta Ventures, VMWare, and a number of others.

I grew up in the Bay Area and have always been surrounded by the largest and most innovative technology companies but, it wasn’t until I was in college that I became more and more aware of how impactful the startup community is. I stumbled into my first job while I was still in school, consulting for early stage tech companies as mobile was just evolving into what it is today. I learned so much about how to craft and shape a message, how to articulate a company’s core competency in the most effective way, and how a team should focus their energy to reach maximum success. I never missed an opportunity to talk to a founder about their idea and the lengthy stories that led them to it. This was addicting to me, and I’ve been hooked ever since.

Sitting down with startup founders to hear their story is exactly how the Testlio relationship came about. I asked Kristel and Marko to tell me from the beginning, before the beginning, how they came up with the idea to build Testlio. It is a very good story, a story that resonates and that makes sense. It is so compelling that I want to tell it to others. That’s when I knew, that the Testlio story was something I wanted to be a part of.”

Categories: Companies

The Value of Checklists

For many years, I have included checklists on my Top 10 list of test tools (I also include "your brain"). Some people think this is ridiculous and inappropriate, but I have my reasons. I'm also not the only one who values checklists.

Atul Gawande makes a compelling case for checklists, especially in critical life-or-death situations in his book "The Checklist Manifesto." In reviewing the book on, Malcom Gladwell writes, "Gawande begins by making a distinction between errors of ignorance (mistakes we make because we don't know enough), and errors of ineptitude (mistakes we made because we don’t make proper use of what we know). Failure in the modern world, he writes, is really about the second of these errors, and he walks us through a series of examples from medicine showing how the routine tasks of surgeons have now become so incredibly complicated that mistakes of one kind or another are virtually inevitable: it's just too easy for an otherwise competent doctor to miss a step, or forget to ask a key question or, in the stress and pressure of the moment, to fail to plan properly for every eventuality."

Gladwell also makes another good point, "Experts need checklists--literally--written guides that walk them through the key steps in any complex procedure. In the last section of the book, Gawande shows how his research team has taken this idea, developed a safe surgery checklist, and applied it around the world, with staggering success."

In testing, we face similar challenges in testing all types of applications - from basic web sites to safety-critical systems. It is very easy to miss a critical detail in many of the things we do - from setting up a test environment to performing and evaluating a test.

I have a tried and true set of checklists that also help me to think of good tests to document and perform. It is important to note that a checklist leads to tests, but are not the same as test cases or the tests they represent.

I have been in some organizations where just a simple set of checklists would transform their test effectiveness from zero to over 80%! I even offer them my checklists, but there has to be the motivation (and humility) to use them correctly.

Humility? Yes, that's right. We miss things because we get too sure of ourselves and think we don't need something as lowly, simple and repetitive as a checklist.

Checklists cost little to produce, but have high-yield in value. By preventing just one production software defect, you save thousands of dollars in rework.

And...your checklists can grow as you learn new things to include. (This is especially true for my travel checklist!) So they are a great vehicle for process improvement.

Checklists can be great drivers for reviews as well. However, many people also skip the reviews. This is also unfortunate because reviews have been proven to be more effective than dynamic testing. Even lightweight peer reviews are very effective as pointed out in the e-book from Smartbear, Best Kept Secrets of Peer Code Reviews.

Now, there is a downside to checklists. That is, the tendency just to "check the box" without actually performing the action. So, from the QA perspective, I always spot check to get some sense of whether or not this is happening.

Just as my way of saying "thanks" for reading this, here is a link to one of my most popular checklists for common error conditions in software.

I would love to hear your comments about your experiences with checklists.
Categories: Blogs

Toxic Repo

The Build Doctor - Fri, 08/29/2014 - 02:51
If you can’t dispose of toxic waste (say, by burning it or launching it into space using surplus ICBM’s), then you probably need to contain it: stop innocents from stumbling across it, or stop the...

Visit The Build Doctor for the full article.
Categories: Blogs

JUC SF 2014 is Here!

JUC SF on October 23, 2014 is shaping up to be bigger and better this year.

Here’s what we have in store for you!

Three Tracks

We’ve received a record high of 40 stellar proposals this year. To accommodate the many community proposals, we’ve decide to add a third track to the agenda. JUC SF sessions are now available for you to view. We have speakers from Google, Target, Gap, Cloudera, Ebay, Chicago Drilling Company, and much more. Register now for early bird price. The early bird price is only good until September 21, 2014.

Live Stream

If you can’t attend the conference in person, Track 1 sessions will be available via live stream, it’s all free. Brought to you by CloudBees. Registration for JUC SF live stream is here.

Get Drunk on Code

Have a beer while learning how to write Jenkins plugin. Steve Christou, Jenkins support engineer will lead this lecture from 3:30pm to 6:00pm. He will teach everything from how to get started, to techniques like writing a new CLI Command, to writing your own builder.

Ask the Experts

Meet the Jenkins creator, committers, support engineers, and developers. We have dedicated time slot(s) for our attendees to get 1 on 1 access to our experts. Exact time is TBD. Ask them anything from plugins, configuration, technical support, to bug fixes.

Our current list of experts are:

  • Andrew Bayer
  • Gareth Bowles
  • Steve Christou
  • Jesse Glick
  • Kohsuke Kawaguchi
  • Dean Yu

Want to join our panel of experts? Contact Alyssa Tong

Exhibit Mixer

Sixteen technology sponsors will be showcasing their newest technologies during the exhibition hour from 2:25 – 3:30pm. Grab a beer, visit with sponsors and see how they are using Jenkins.

This is just a taste of what you’ll see at JUC SF. We look forward to seeing you there!!

Categories: Open Source

Workflow plugin code walk-through

Jesse and I will walk through the source code of the workflow plugin, highlights key abstractions and extension points, and discuss how they are put together.

If you are interested in developing or retrofitting plugins to work with workflows, I think you'll find this session interesting.

The event will be on Google Hangout tomorrow. The time of the day is the same as usual office hours.

Categories: Open Source

VectorCAST Test Tool Supports Wind River VxWorks Platform

Software Testing Magazine - Thu, 08/28/2014 - 18:07
Vector Software has announced that VectorCAST tools now offer a seamless integration with the Wind River VxWorks 7 Real-Time Operating System (RTOS). This combination allows software tests to be built and run in the same environment that the final application will be deployed. The VectorCAST integration supports physical targets, as well as the VxWorks simulator. This enables organizations to build high quality applications faster and more efficiently than with any other test approach. Test execution and results capture the new VxWorks Target Communication Framework (TCF). The VectorCAST solution abstracts the complexity ...
Categories: Communities

How to Get Started on uTest Projects

uTest - Thu, 08/28/2014 - 17:51

The best part about working in the uTest Community is seeing the number of new testers who join our ranks everyday. We see testers new uTest-logoto the testing world, as well as veteran testers who have years of experience. No matter your experience level, we have resources to help guide you toward your first paid project with uTest.

The first step is to sign up with uTest and make sure you have an Expanded profile. Not sure? Check out this simple set of instructions. 

The first stop in our journey after registration is a course in uTest University called “Getting Started with uTest Paid Projects.” This course contains answers to many of the questions that new uTesters typically have, like how to update your Expanded profile and how to get invited to the Sandbox program.

Keep in mind that, in order for uTest to match you with incoming projects, you will need to keep your testing profile complete and up-to-date. For example, if a project requires testers in Canada with BlackBerry devices and your profile matches these requirements, we will then be able to notify you of an upcoming test cycle. Be sure to update your profile as you pick up new gadgets (mobile devices, laptops, etc.) and update your software. Many customers are especially interested in testers with the latest devices for testing purposes. Removing outdated items you no longer own is also very important.

The next stop takes a step back from uTest and examines the greater software testing realm. In short, without a solid foundation in testing fundamentals, it will no doubt be tough to develop as a tester at uTest. “Building Your Software Testing Skills” is a great primer for new testers and vets alike, and contains many testing resources, those recommended by a 15-year software testing veteran, that are intended to help you grow as a software tester.

Coming back into the uTest world, the next stop is the “5 Steps to Succeeding in Your First uTest Project” course. Once you’ve been invited to a uTest project, there are helpful steps outlined in the course that will assist you, such as how to accept your first invitation, review the scope and chat, submit your bug reports, submit your test case, and check in on your bug reports in the event a Project Manager or Test Team Lead has a question.

Another course that contains invaluable advice for testers is uTest Test Team Lead Aaron Weintrob’s “When is a Bug Not a Bug?” One of the hardest things for new testers to know is where the line between a valid bug stops and good feedback begins, and Aaron’s course points out key tips for testers to remember when deciding whether to file a bug or not in testers’ first test cycles.

As you plan ahead for your testing future, also take a look at the Skill Tree for Paid Projects. This outlines the various ways that you can further your career with uTest. For example, some of our testers have day jobs as QA testers and supplement their income with paid projects at uTest, while others become some of our top testers and earn thousands of dollars a month by testing with us full-time.

Last but not least, be sure to browse through the careers in QA blog posts on the uTest Blog, and stop by the uTest Forums to hear from uTest veterans whom have a lot to share about their experiences and tips for success as a uTester (it’s also just a great place to network off the clock with fellow testing peers!).

While becoming a successful uTester will require a lot of hard work, learning core testing concepts, learning from peers and self-paced studying, we hope that these resources will ease you into your first cycles and the rewarding journey ahead as a uTester.

Categories: Companies

How to Combine Backend & Front End Testing [WEBINAR]

Sauce Labs - Thu, 08/28/2014 - 17:30

sauce_labs_blazemeterEveryone knows that front end testing is crucial to make sure your web and mobile apps are meeting the needs of your users and customers. But how do you know what will happen to your front end when your web or mobile app is under heavy load?

Sauce Labs and BlazeMeter are teaming up for an awesome webinar, in which we’ll be giving you step-by-step instructions on how to get real-world results from your front end while applying load to the backend.

We will:

  • Reveal the 3 critical things you need to know about performance testing
  • Run a real-world test in real time using JMeter and Selenium
  • Cover the fundamentals of how to approach performance vs. front end testing

Our experts will stay online for a live Q&A session. Plus, at the end of the webinar, we’ll be giving away an exclusive coupon from BlazeMeter & Sauce Labs for a great discount on our solutions.

Sign up today for our event on Tuesday, September 9th, 2014, at  11:00 am Pacific Time.

Categories: Companies

Webinar Q&A: Role-Based Access Control for the Enterprise with Jenkins

Thank you to everyone who joined us on our webinar, the recording is now available.

Below are several of the questions we received during the webinar Q&A:

Q: How do you admin the groups? Manually or is this there LDAP involved?
A: You can decide if you want to create internal Jenkins users/groups or import users and groups from your LDAP server. In this case you can use the LDAP Jenkins plugin to import them but you still need to manage them manually using Jenkins. Each external group has to match an internal Jenkins group so that you can assign a role to it. Roles are defined in Jenkins regardless the origin of users and groups (internal or external).

Q: Is there any setting for views, instead folders? Are the RBAC settings available for views?A: In short, yes. The RBAC plugin supports setting group definitions over the following objects:
  • Jenkins itself
  • Jobs
  • Maven modules
  • Slaves
  • Views
  • Folders

Q: Are folders the only way to associate multiple Jenkins jobs with the same group?
A: The standard way in which you should associate multiple Jenkins jobs with the same group is through folders. However, remember that you can also create groups at job level.
Q: If we convert from the open source 'role-based strategy' plugin to this role-based plugin, will it translate the roles automatically to the new plugin?
A: Roles are not converted automatically, so you will need to set-up your new rules with the RBAC plugin.
Q: Who do we contact for more questions?
A: You can contact us in the public mail
Q: How do you create those folders in Jenkins? Is this part of RBAC plugin, too?A: Folders are created using the Folder plugin. The Folder plugin allows users to create new “jobs” of the type “folder.” The Role-Based Access Control plugin then integrates with this plugin by allowing administrators to set folder-level security roles and let child folders inherit parent folders’ roles.
Q: Is there a permission that allows a user see the test console steps (the bash cmds that are executed)?A: You can define a role to only have read permission for a job configuration. In this way, users with that role will only be able to read the bash commands used in the job.
Q: Do you provide any sort of API to work with these security settings programmatically?A: At this time, there is not any API to work with these security settings.
Q: Are there any security issues that one needs to take into consideration?A: When configuring permissions for roles, be aware of the implications of allowing users of different teams or projects to have access to all of the jobs in a Jenkins instance. This open setup can occur when a role is granted overall read/execute/configure permissions.
While an administrative role would obviously require such overall access, consider limiting further assignment of those permissions to only trusted groups, like team/division leads.
Such an open setup would allow users with overall permissions to see information that you might rather restrict from them - like access to any secret projects, workspaces, credentials or scripts. 

Overall configure permissions would also allow users to modify any setting on the Jenkins master.


Valentina Armenise
Solutions Architect

Follow Valentina on Twitter.

Félix Belzunce
Solutions Architect

Félix Belzunce is a solutions architect for CloudBees based in Europe. He focuses on continuous delivery. Read more about him on his Meet the Bees blog post and follow him on Twitter.

Tracy Kennedy
Solutions Architect

As a solutions architect, Tracy's main focus is reaching out to CloudBees customers on the continuous delivery cloud platform and showing them how to use the platform to its fullest potential. Read her Meet the Bees blog post and follow her on Twitter.
Categories: Companies

CustomerCentrix Releases LoadStorm LITE

Software Testing Magazine - Thu, 08/28/2014 - 17:24
CustomerCentrix has released LoadStorm LITE, a new cloud-based load testing tool that provides users with a cost-effective solution to load testing. The LoadStorm tool allows users to simulate traffic hitting their website or web application while measuring how the application handles the heavy load. As a cloud-based load testing solution, LoadStorm allows users to set up tests in the web application and run them from the cloud with no hardware to purchase and no software to install. By utilizing the power of cloud servers, web developers can run loads tests of ...
Categories: Communities

What if it is the Network? Dive Deep and Back in Time to Find the Root Cause

Modern Application Performance Management (APM) solutions can be tremendously helpful in delivering end-to-end visibility into the application delivery chain: across all tiers and network sections, all the way to the end user. In previous blog posts we showed how to narrow down to various root causes of the problems that the end-users might experience. Those issues ranged […]

The post What if it is the Network? Dive Deep and Back in Time to Find the Root Cause appeared first on Compuware APM Blog.

Categories: Companies

TestTrack Web Challenge Part 1: Reviewing Documents

The Seapine View - Thu, 08/28/2014 - 15:00

Question: Can I do my job without using the TestTrack native client?
We have a new TestTrack web client that allows users to accomplish most tasks an average user would attempt. How does use of the TestTrack web client work in actual practice, you might ask? That’s why I decided to take part in the TestTrack Web Challenge (TT Web Challenge).

What is the TT Web Challenge?
Goal: Accomplish all of the tasks I’ve been assigned using only the TestTrack web client (TT web).

  1. I cannot use the native client for any reason
  2. I am allowed only one web session at a given time


 TT Web Challenge Part 1: ‘The Reviewer’

The Reviewer

The Reviewer

Recently, I’ve been tasked with reviewing a large feature’s functional design. Reviewing a document with several requirements can be done quite quickly on the web and native TestTrack clients. However, reviewing a document with 354 requirements gives me good reason to pause and consider the best method of review. Given that I cannot use the native client as part of my challenge, I considered a few options:

- Printing the report would mean killing a whole forest of trees and then some*


So many trees felled

- I could just read the document using TT web—Hey that’s part of my challenge isn’t it?

- What if I read the document using TT web AND did it on an iPad? Tell me a better option why don’t you!

As you can very well guess, I reviewed the document using an iPad**. Reviewing the document using TT web on a tablet is similar to reading a book. Staring at a screen, while digesting the vast amounts of design, was made easier by the ability to change location and sit on a couch. While I stuck to my challenge’s rules by only using TT web, I had to change the machine I was using to accomplish this.


Good Old Fashioned Reviewing!

iPad usage aside, you may ask ‘What are the benefits of reviewing a document in the TT web client?’ My first response would have to be ‘Have you ever used our product?’ My second response would be ‘The TT web client is DESIGNED for reviewing documents!’. With TT web, the Specification Document does not have two modes that you have to toggle like you do in the native client. The web client places the requirements and review notes all in one convenient location for reviewing. This made my document review day something I enjoy and not something I attempt to avoid, like writing test cases on the web.

Please stay tuned for the much anticipated TT Web Challenge Part 2: Test Case Writing!




*My estimates may be a little off

**Please note the iPad is not currently a supported device for the TestTrack web client. While it does work for reviewing documents there is functionality that does not function because it’s not supported.

Share on Technorati . . Digg . Reddit . Slashdot . Facebook . StumbleUpon

Categories: Companies

Through the Lens of a .NET Developer

NCover - Code Coverage for .NET Developers - Thu, 08/28/2014 - 13:41

Our .NET community has an eclectic set of hobbies. We love learning what you do when you are not building quality code. We have featured mountain climbers, band members and now photography.

Scenic Landscape PhotographOne of our .NET community members, Kris Culin, just won a Blue Ribbon for a waterfall photo in the Water & Landscape category at the 2014 Terryville Lions Country Fair. His interest in photography was piqued about two years ago while taking in the natural beauty his home state of Montana has to offer.

Kris has been an active professional developer (initially with VB6) for 16 years. He started with VB.Net initially in 2000/2001 and then moved to C# in 2003/2004 and has been doing a 90/10 ratio of C# to VB.Net development ever since.  He was taught early in his career about unit testing and then discovered NCover and has been using it ever since to make sure his code is covered. He is primarily in charge of making sure no one on the team changes their Framework without appropriate review.  Kris is the “go to” guy on any question on the Framework (including those from the original architect).

Congratulations Kris! We look forward to what will continue to develop.

P.S. Yeah, we love a good pun :-)

The post Through the Lens of a .NET Developer appeared first on NCover.

Categories: Companies

Are you offering a career in testing or just a job?

The Social Tester - Thu, 08/28/2014 - 13:26
Many companies are offering a job in testing. Many companies are offering a career in testing. A career is a series of experiences. These experiences may come from many  jobs at many companies. Or they may come from a single place of work with a varied set of experiences. A job is what some companies […]
Categories: Blogs

Knowledge Sharing

Telerik Test Studio is all-in-one testing solution that makes software testing easy. SpiraTest is the most powerful and affordable test management solution on the market today