Sick of maintaining test infrastructure? Can’t keep up with supporting the latest Firefox or Chrome? Let Sauce help! We’re on a mission to make testing mobile and web applications fast, easy and affordable for developers.
This is going to be a quick rant post, hopefully. Today I saw another Kanban board which had a “Read for test” column on it, here’s the screenshot:
I Think “Ready For” Columns Are Baaaaad
With most Kanban boards you mark a card as done when it’s ready to be pulled into another column. If that means it has to be deployed before a card is ready for test then so be it. The last thing we want is cards just sitting around waiting – this is baaaaaad. “Ready for Test” usually means it’s either deployed (and yet to be tested) or waiting to be deployed. Either way, not much is happening to the work sitting in this column. Basically it’s waste (or “muda” as the Lean Kanban aficionados might call it), and remember, waste is baaaaad.
Seriously, I Think They’re Baaaaad
A result of using these “Ready For x” columns is that they tend to slightly move us away from the “stop the line” practice that good Lean/Kanban systems employ. Basically whenever there’s a problem, or a bottleneck is appearing, we want to stop the production line and address the issue. So, if we keep all these “Ready for QA” cards in our In Dev or Code Review Column (basically whatever column comes before your Ready for QA column) then we’ll very quickly reach our WIP (Work In Progress) limit and the line will be stopped. That’s a good thing! We want to catch that bottleneck as soon as we can, we don’t want to hide it by pushing our cards into another “buffer” column.
Did I Mention That I Think “Ready For” Columns in Kanban Are Baaaaaad?
Yet another problem with “Ready for x” columns is that they quite often tend to be push rather than pull columns. You can’t really pull into a Ready for QA column as it isn’t an actual “workflow” state, it’s a “wasteflow” state (see what I did there?). I mean, who’s going to pull stuff into that column anyway? I’ve yet to meet a “ready for test” team who just sit around pulling cards into their column before marking them as “ready” (presumably once they’ve verified that they are indeed ready for test). Ok, you might have a deployment team who are responsible for deploying stuff to your test environments and so forth. In this case, your workflow state still isn’t “Ready for test” it’s “In Deployment”.
“Ready for x” columns make baby Jesus cry.
With the recent file search improvements, it is now easier to find the files you are looking for when you need them. With every file upload, we now index all the following elements: file name, tags, mime-type (media type), and author.
- File Name: We now apply a word delimiter filter that splits words into subwords based on intra-word delimiters such as case transitions ("PowerShot" → "Power", "Shot"), letter to number transitions ("SD500" → "SD", "500"), and characters ("Wi-Fi" → "Wi", "Fi").
- Tags: If you add the optional tags to a file, you can easily include a tag in the search parameters to locate the file.
- Mime Type (Media Type): When a file is uploaded, it will be indexed with a media type such as hello.png will include “image/png” so it can be found with a search for “hello” or “image” or “png” or any combination like “hello image.” Almost all files have a mime type such as word, excel, zip, pdf, etc., and we now index them so you can locate your files easier.
- Author: The author field consists of the user’s first name and last name as displayed in their profile as well as username. Usernames are also use the same word delimiter to split usernames into subwords. So if John Smith with username JohnRocks uploads a file, you can search for that file with “john” or “smith” or “johnrocks” or even just “rocks.”
Most importantly, the default logical search operation has changed to search for words using AND instead of OR when using a combination of words. For example, when you search “john image” it will return back anything that is an image AND that was uploaded by John.
We hope these improvements make file searching more efficient. If you have any other suggested improvements, please let us know on our feedback site.
Check out some other Assembla tips and tricks!
During the 2-day training workshops participants learn about the fundamentals of test automation and get to practice how to use Ranorex tools hands-on.
09:00AM - 04:30PM GMT
09:30AM - 05:00PM CET
Please have a look at the upcoming training events schedule for the complete schedule.
We look forward to seeing you there!
Kendo UI Core (www.telerik.com) – Kendo is now open source!.NET
Last week we talked about the flaw in OpenSSL known as “Heartbleed” and it’s massive impact on websites and users around the world. We also mentioned how open-source scanning and support tools, such as OpenLogic, report this flaw. Today, we look at how Klocwork handles the issue.
Out of the box
The root cause of the Heartbleed issue is that a request to retrieve server memory for OpenSSL’s heartbeat function isn’t validated, resulting in an array access through memcpy() potentially accessing data beyond the length of the array (and into memory that could contain sensitive information). Due to the use of a macro in the OpenSSL code that performs this function, this “tainted data” breach requires a few simple overrides that are fairly common practice when ensuring the analysis understands your project’s unique code.
Here is the relevant OpenSSL code with some interesting lines highlighted (click to enlarge):
The main culprit is the memcpy() on line 1487 where payload bytes is copied from pl to bp. Since payload isn’t validated anywhere, it’s possible that more bytes than pl contains are copied into bp, resulting in unknown memory copied into bp. This memory is eventually transmitted to the outside world (see lines 1492 and 1495).
Looking at line 1464, you’ll see why some analysis overrides are needed. The difficulty here is the n2s() macro used to extract payload from p, where p is defined on line 1457 as &s->s3->rrec.data. This macro effectively “hides” the propagation of data through the function and, of course, the analysis needs to know about it to be effective.
Using an override file and a custom knowledge base record, it’s pretty simple to tune Klocwork’s analysis to find this flaw. You don’t need any special version or upgrade to do this and, in fact, this is fairly common practice. First, create an override file that contains this macro override (the file must have a .h extension, so you can call it n2s.h):
#kw_override n2s(p, num) n2s_func((p), &(num))
This tells the Klocwork compiler to expand all instances of the n2s() function in the source code to the analysis-specific definition specified here, n2s_func(). Then, create your own knowledge base record to help Klocwork understand this particular macro (you can name the file n2s.kb):
n2s_func - TaintedIntData *$2
This record says that the function here returns potentially tainted integer data if the second argument points to a buffer that may contain tainted data (you can learn more about this syntax here). Once this tuning is done and an analysis performed, Klocwork reports the flaw as SV.TAINTED.CALL.INDEX_ACCESS or, an unvalidated integer is being used to access an array (click to enlarge):
This tuning of Klocwork’s analysis isn’t specific to the Heartbleed problem but it does provide a real (and unfortunately, popular) example of how static code analysis can prevent some fairly serious issues.
And, in case you’re wondering, here’s how a comprehensive open source scanning and support tool like OpenLogic flags the issue (click to enlarge):
Dave joined us and led our recent webinar, “Selenium Bootcamp“, wherein he discussed how to build out a well factored, maintainable, resilient, and parallelized suite of tests that will run locally, on a Continuous Integration system, and in the cloud.
He’s also agreed to respond to 8 of the many follow-up questions we received post-webinar. Below you’ll find the second Q&A. Stay tuned next Wednesday for the next question.2. Can you please show some examples of a Selenium test report?
Here are two examples:
-Dave Haeffner, April 9, 2014
Have an idea for a blog post, webinar, or more? We want to hear from you! Submit topic ideas (or questions!) here.
One of the few plugins that I still personally maintain is Active Directory plugin. In the past few months, I've been making steady improvements in this plugin, thanks to various inputs and bug reports given to me from the ClodBees customers.
One of the recent fixes was to get the "remember me" feature finally working for Active Directory. This requires a relatively new Jenkins 1.556, but it eliminates the need to having to constantly type the password in.
Then I've rebumped the version of COM4J, which was causing a thread leak when Jenkins runs on Windows. If you are running a Windows deployment with lots of active users, this probably would have contributed to the instability of Jenkins.
And then lastly, a small but crucial improvement was made to the way we search group membership, so that we can avoid recursively searching AD. This should result in a significant speed improvement when you are logging into Jenkins through AD.
The latest version of the plugin as of writing is 1.37. I hope you'll have a chance to update the plugin soon.
The world is becoming more digital, and the health care landscape is no exception. While the proliferation of mobile devices in hospitals and other caregiving facilities can improve the productivity of workers and make it easier for physicians to access critical information on patients, the unfiltered presence of those platforms and the applications they utilize can introduce substantial cybersecurity concerns.
InformationWeek recently highlighted a new SANS Institute survey that looked into millions of endpoints throughout the health care environment, revealing numerous patching problems and fundamental vulnerabilities in the mobile device realm that could compromise personal and financial data integrity, as well as the reputations of the organizations in question. Specifically, experts told InformationWeek that approximately 375 health care networks were compromised by attackers during the 13-month research period.
"We were shocked at [the number of] devices that were wide open to the Internet that would provide adversaries with considerable power and access not only for a breach, but – for those who are skilled – even to conduct malicious acts," cybersecurity expert Sam Glines told InformationWeek.
While there seem to be a number of factors contributing to the growing risk facing the health care IT security environment, poorly configured and generally unsafe devices are largely to blame.
The problem with careless devices
While the term "device" is widely associated with smartphones and tablets, the concept also includes routers and other technologies used to connect to the Internet. Routers in particular are a common link in the poor cybersecurity chain. Citing experts from security firm Tripwire, InformationWeek noted that many platforms are unsafe straight out of the box, which suggests that if organizations do not take any proactive measures to mitigate risk, they may encounter severe vulnerabilities down the line.
"All of these compromised devices, not only are they available to be used for a breach of data, but they're also used as attack points against other adversaries," Glines told InformationWeek.
In other words, unsafe devices provide cybercriminals with more launch pads for attacks on confidential networks and IT environments that house highly confidential information. One of the best ways to combat these challenges and other vulnerabilities being introduced to the health care industry is to ensure the embedded software within those devices is secure and robust enough to mitigate risk on multiple levels.
Developers who are charged with the responsibility of creating and launching applications in the health care realm must be sure the end products they create are not vulnerable in any way. This means utilizing code review platforms that provide developers, quality assurance and other professionals insight from multiple perspectives throughout the development process. When these technologies are used correctly, applications are generally produced with fewer weaknesses than if developers streamlined the process without any input from others.
As the Internet of Things grows more pervasive, health care executives must be prepared to combat an increasingly sophisticated digital threat landscape. Taking a robust and comprehensive approach to cybersecurity will be among the only ways to mitigate risk.
Is your team currently conducting root cause analysis (RCA) investigations? If not, they’re a great way to identify deep-rooted issues that have the potential to create multiple and/or recurring defects in a product line. Of course, you can do RCA sessions with documents or spreadsheets. But using TestTrack makes the analysis process less time-consuming and, therefore, more likely to actually be done.
This short video provides a high-level overview of how to conduct an RCA investigation with TestTrack.Share on Technorati . del.icio.us . Digg . Reddit . Slashdot . Facebook . StumbleUpon
Particular/GitHubReleaseNotes · GitHub (github.com) – Helps you generate release notes from GitHub commits.Search Engine (ElasticSearch, Solr, Lucene, etc.)