Skip to content

Feed aggregator

Best practices and proven methodologies for Mobile Performance Testing

HP LoadRunner and Performance Center Blog - Wed, 04/02/2014 - 21:00

Vivit logo.jpgMobile performance testing is playing an increasingly important role in the automated tech landscape. This is why we are addressing this issue head- on. You can join us on April 9 at our webinar with Vivit where we will discuss the latest best practices and methodologies for creating an exceptional Mobile Performance Testing strategy.

 

Keep reading to find out how you can join us.

Categories: Companies

New in Febuary and March

IBM UrbanCode - Release And Deploy - Wed, 04/02/2014 - 19:07

Both IBM UrbanCode Deploy and Release have had some nice improvements over the past couple months that I want to highlight. 

Deploy

Fixpack versions 6.0.1.3 and 6.0.1.4 dropped in February and March respectively. Both have a few bug fixes, and an emphasis on performance improvements.

There are a number of new and improved integrations as well. New integrations include deployments to Android, working with Microsoft TFS Work Items, and passing information to UrbanCode Release. Partners also delivered integrations to Appurify, Datical and Shunra. Updated integrations include Websphere (both application deployment and configuration),  JBoss, Jenkins, and Worklight. You can get more details on the updates in February and the updates in March

To stay posted on those updates, you can watch the general “What’s New” page for UCD. 

Release

The IBM UrbanCode Release delivered three updates in the last two months. Release 6.0.1.1, 6.0.1.2 and 6.0.1.3

These updates are fixpacks and so are focused on bug fixes and performance improvements. However there are a handful of very useful small improvements, as well as new “Experimental Features”. Experimental features are ones which are disabled by default, but interested teams can turn them on to provide us feedback before we fully include the capability as part of the tool. I’ll blog more about experimental features later. 

6.0.1.1 is definitely the biggest of the three and added the ability to copy a release, request deployments based on quality gates, and hide tasks that aren’t relevant for this deployment. Experimental features include new views for federated deployments; mile stone patterns in lifecycles where milestones are automatically attached to a released a set number of days prior to the target release date; and the ability to reserve an environment for a release. 

To stay posted on those updates, you can watch the general “What’s New” page for UCR. 

 

Categories: Companies

The *Real* Test Driven Development

Google Testing Blog - Wed, 04/02/2014 - 17:49

Update: As noticed in the comments, the date of the post was not a mere coincidence :)

by Kaue Silveira

Here at Google, we invest heavily in development productivity research. In fact, our TDD research group now occupies nearly an entire building of the Googleplex. The group has been working hard to minimize the development cycle time, and we’d like to share some of the amazing progress they’ve made.

The Concept

In the ways of old, it used to be that people wrote tests for their existing code. This was changed by TDD (Test-driven Development), where one would write the test first and then write the code to satisfy it. The TDD research group didn’t think this was enough and wanted to elevate the humble test to the next level. We are pleased to announce the Real TDD, our latest innovation in the Program Synthesis field, where you write only the tests and have the computer write the code for you!

The following graph shows how the number of tests created by a small feature team grew since they started using this tool towards the end of 2013. Over the last 2 quarters, more than 89% of this team’s production code was written by the tool!

See it in action:

Test written by a Software Engineer:

class LinkGeneratorTest(googletest.TestCase):

def setUp(self):
self.generator = link_generator.LinkGenerator()

def testGetLinkFromIDs(self):
expected = ('https://frontend.google.com/advancedSearchResults?'
's.op=ALL&s.r0.field=ID&s.r0.val=1288585+1310696+1346270+')
actual = self.generator.GetLinkFromIDs(set((1346270, 1310696, 1288585)))
self.assertEqual(expected, actual)

Code created by our tool:

import urllib

class LinkGenerator(object):

_URL = (
'https://frontend.google.com/advancedSearchResults?'
's.op=ALL&s.r0.field=ID&s.r0.val=')

def GetLinkFromIDs(self, ids):
result = []
for id in sorted(ids):
result.append('%s ' % id)
return self._URL + urllib.quote_plus(''.join(result))

Note that the tool is smart enough to not generate the obvious implementation of returning a constant string, but instead it correctly abstracts and generalizes the relation between inputs and outputs. It becomes smarter at every use and it’s behaving more and more like a human programmer every day. We once saw a comment in the generated code that said "I need some coffee".

How does it work?

We’ve trained the Google Brain with billions of lines of open-source software to learn about coding patterns and how product code correlates with test code. Its accuracy is further improved by using Type Inference to infer types from code and the Girard-Reynolds Isomorphism to infer code from types.

The tool runs every time your unit test is saved, and it uses the learned model to guide a backtracking search for a code snippet that satisfies all assertions in the test. It provides sub-second responses for 99.5% of the cases (as shown in the following graph), thanks to millions of pre-computed assertion-snippet pairs stored in Spanner for global low-latency access.



How can I use it?

We will offer a free (rate-limited) service that everyone can use, once we have sorted out the legal issues regarding the possibility of mixing code snippets originating from open-source projects with different licenses (e.g., GPL-licensed tests will simply refuse to pass BSD-licensed code snippets). If you would like to try our alpha release before the public launch, leave us a comment!

Categories: Blogs

I’ve Had It With Defects

DevelopSense Blog - Wed, 04/02/2014 - 16:00
The longer I stay in the testing business and reflect on the matter, the more I believe the concept of “defects” to be unclear and unhelpful. A program may have a coding error that is clearly inconsistent with the program’s specification, whereupon I might claim that I’ve found a defect. The other day, an automatic […]
Categories: Blogs

As retail cybercrime grows, new security needs arise in POS and payment processing tools

Kloctalk - Klocwork - Wed, 04/02/2014 - 15:15

Recent months have seen a major spate of cybercrime, with high-profile credit card data breaches at retailers like Target and Neiman Marcus, as well as many other incidents at smaller stores. The sudden wave of credit card data theft is prompting more scrutiny from the federal government and industry watchdogs, and software security experts have noted that many of the standards and technologies in place for protecting retailers are simply inadequate given the advanced nature of today's threats. With cybercrime on the rise, businesses may need more secure out-of-the-box tools for making sales and processing payments.

A recent Washington Post article highlighted the current high-threat environment, noting that nearly two dozen companies have experienced data breaches similar to the one at Target that compromised as many as 40 million customers' credit card information. While not all the retailers targeted have been publicized and the number of customers affected is still in question, the general upward trend of cybercrime is clear, and the FBI has warned retailers that many more will likely fall prey to hackers in the coming months. A recent Ponemon Institute study found that cybercrime cost U.S. companies an average of $11.5 million in 2012, a 26 percent increase from the year before.

"You're going to see more and more people trying this," Nicolas Christin, a security researcher at Carnegie Mellon University, told the Post. "If you just saw your neighbor win the lottery, even if you weren't interested in the lottery before, you may go out and buy a ticket."

The shortcomings of PCI
Currently, retailers look to protect themselves by meeting the Payment Card Industry Data Security Standard. But PCI compliance is tricky, and few companies meet all the requirements. According to a recent Verizon Enterprise Solutions report, just 11 percent of companies were fully up to industry standards. In North America, 56 percent met 80 percent of the requirements.

Part of the problem is that the list of PCI compliance requirements is long and often impractical to enforce, payment security expert Slava Gomzin wrote in a recent column for VentureBeat. He noted that the latest version of the standard includes 399 testing procedures, and he questioned how small retailers could possibly hope to meet all the requirements when even the largest companies with the best security resources are being breached. For instance, one of the requirements of PCI is that all employees be subject to an IT security policy – hardly something that a family restaurant or small business can be expected to ask of service staff. The more fundamental problem may be that current payment technology is not built for security.

"Our decades-old payment system was not designed with cybersecurity in mind," Christopher Soghoian, principal technologist at the American Civil Liberties Union, told the Washington Post. "Times have changed. Data breaches now occur on a weekly basis, the result of which is that consumers become victims of fraud and identity theft."

One of the topics that's gained the most traction in the wake of the Target breach is the adoption of chip-based EMV cards like the ones that are used in Europe and Canada. Advocates are pushing for implementation by as soon as October 2015, but skeptics say that even an implementation process that began now would take years, Gomzin noted. And regulators have been cautious about forcing requirements on the banking industry without proof that the chips will actually help, the Washington Post reported.

Building a better system
The more compelling approach for ensuring consumer protection might to build more secure POS systems, Gomzin suggested. One of the major shortcomings of PCI is that it only requires encryption for data at rest, allowing applications to process data in clear text in the RAM of POS terminals and opening the door for attacks like the memory parsing approach that hackers used in the Target breach and many other recent incidents. Similarly, data can be transmitted unencrypted. And payment applications are allowed to store binary and configuration files without protection, enabling tampering. More securely designed POS and payment processing software could eliminate these flaws and could also help strengthen security in a context where expertise is far from a given.

"Most people in the retail industry don't know much about information security, and they shouldn't have to, because security features should be provided by the payment system out of the box," Gomzin wrote.

Using tools like source code analysis, vendors can eliminate the software security gaps in POS tools and payment processing applications to provide exactly that. As cybercrime increases, businesses will increasingly be looking for secure solutions that can be implemented with minimal end user IT expertise. Developers would be wise to pay attention.

Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.

Categories: Companies

Community Update 2014-04-01 – April Fool’s special, getting ready for #durandaljs and some #elasticsearch

Decaying Code - Maxime Rouiller - Wed, 04/02/2014 - 04:30
April Fools Entry

Clippy for ReSharper | JetBrains .NET Tools Blog (blog.jetbrains.com)

security - Permanently uninstalling the user - Super User (superuser.com)

Web Development

Preparing for Durandal NextGen (eisenbergeffect.bluespire.com)

BUILD 2014 – Must watch

Deep Dive: Improving Performance in Your ASP.NET App (channel9.msdn.com) – Available April 4th-5th.

.NET

Visual Studio Online Update – Mar 18th (blogs.msdn.com)

At BUILD 2014? Join Miguel de Icaza for his C#+F# Mobile Session on Android and iOS (blogs.msdn.com)

ASP.NET

Get the Twitter Profile Image using ASP.NET Identity (blog.beabigrockstar.com)

Updated ASP.NET Database Resource Provider - Rick Strahl's Web Log (weblog.west-wind.com)

Web API: Mixing Traditional & Verb-Based Routing | Applied Information Sciences Blog (blog.appliedis.com)

Simple OAuth Server: Implementing a Simple OAuth Server with Katana OAuth Authorization Server Components (Part 1) - Tugberk Ugurlu's Blog (www.tugberkugurlu.com)

Tom DuPont .NET: TypeScript Definition Files on NuGet: Always have the latest and greatest IntelliSense! (www.tomdupont.net)

CypressNorth/.NET-WebApi-HttpStringDecodeFilter · GitHub (github.com)

Architecture and Methodology

Estimate This! (or not) | xProgramming.com (xprogramming.com)

The True Corruption of Agile | 8th Light (blog.8thlight.com)

Search Engines (Solr, ElasticSearch)

Nest - Quick Start (nest.azurewebsites.net) – .NET Connector for ElasticSearch

Log Analysis is Fun Again | CDS Global (www.cds-global.com)

Categories: Blogs

Your Java Web Start slaves will be always clean



If you have slaves that connect through Java Web Start (such as slaves installed as Windows services), we have a good news for you.

In case of a connection loss, this type of slaves has been designed to automatically attempt to reconnect to the master. This makes sense because you want these slaves to remain online all the time, even if your janitor trips over the ethernet cable. Unfortunately, it also means that over the time, these slaves accumulate gunk, such as mutated static states, any left-over threads or memory leaks, or native libraries that are loaded into JVM.

To prevent that, a better approach is to restart the slave JVM (JENKINS-19055) and have the new JVM reconnect, instead of having the same JVM reconnect. That would ensure that the slave always stays clean. I've planned to make this change for a while now, and I'm happy to report that this change is finally landing to the upcoming 1.559.

Restarting JVM is easy on Unix, where I could just exec(3) to itself. We've been doing this for ages on masters, for example when you update a plugin and tell Jenkins to restart.

The hard part is to do this for Windows, where the most of the time was spent. I had to improve windows service wrapper to support self-restarting services, which turned out to be trickier because Windows service control manager doesn't provide "restart" as an atomic operation. It also kills not just the service process itself but all the processes in the group. So I had to double-fork the service wrapper into a separate process group just to restart a service from within itself.

In any case, the end result is that if you have installed a service through GUI, be it on Windows, Unix, or OS X, slaves will restart themselves every time it gets disconnected from the master.

I've also taken the opportunity to make jenkins-slave.exe on the slave self-updating. Every time it connects to the master, it gets the latest version from the master.

If you have installed Web Start slaves as services, make sure to update the local copy of slave.jar on these slaves to 2.37 or later. This "restart on reconnect" feature only kicks in when you are running this very recent version of slave.jar. And yes, we realize it'd be nice for slave.jar to update itself, which is tracked as JENKINS-22454. But that's a work for another day.

Categories: Open Source

Slide into Selenium! “How To Use Selenium, Successfully” by Dave Haeffner

Sauce Labs - Tue, 04/01/2014 - 23:15

Thanks to all of you who attended our last webinar, Selenium Bootcamp, with expert Dave Haeffner! Click here to listen to the recording, and check out the slide deck below from his presentation if you haven’t already done so.

How to Use Selenium, Successfully from Sauce Labs

Want to share your thoughts or expertise with our community? We want to hear it! Submit your blog post or webinar topic here.
Categories: Companies

Snapchat flaw enables DoS attacks on iOS and Android phones

Kloctalk - Klocwork - Tue, 04/01/2014 - 19:45

A design flaw in popular photo messaging application Snapchat could allow a malicious user to send thousands of messages to an account simultaneously, effectively performing a denial-of-service attack, according to security researcher Jaime Sanchez. The flaw is the latest in a series of software security tussles that have arisen around the company in recent months.

Sanchez, a consultant for Spanish telecom company Telefonica, discovered the flaw along with another researcher on his own time, the Los Angeles Times reported. He found that Snapchat uses security tokens for authentication whenever a request is made to the service's servers. In other words, a request token is created any time users add a friend, update their contact list or send a message. The problem is that these tokens aren't set to expire, which means an attacker can reuse an old token to send new messages.

"The original idea of using request tokens is to force users to create one, and then discard it for next time," Sanchez wrote in a blog post. "So, if you're an authenticated user, you'll be able to create another time and then make another request. The problem is that tokens doesn't [sic] expire."

With a simple script run on a computer, an attacker could easily use the same token to spam thousands of accounts or send thousands of messages to a single account. Sanchez demonstrated the latter scenario to an LA Times reporter, flooding the reporter's iPhone with 1,000 messages in five seconds. This caused the phone to freeze and restart itself. According to Sanchez, this is likely because the attack also overloads iOS's Push Notification service. While a denial-of-service attack on an Android device would not cause the phone to crash, it would begin to run extremely slowly, and the app becomes unusable for the duration of the attack.

Snapchat's challenges
Sanchez told the LA Times that he did not report the issue to Snapchat because of the lack of respect the company has shown toward the software security community in other recent incidents. For instance, at the end of last year, researchers at Gibson Security published an exploit that would allow mass theft of Snapchat user info after reportedly receiving no response from the company. Hackers quickly used the exploit to pull account data for 4.6 million users.

Snapchat, which also has recently turned down acquisition offers worth billions, could suffer in the public eye if such software security incidents continue to occur. According to Sanchez, the company has still not addressed his flaw, although it did disable the accounts he used to generate his proof of concept attack.

As other companies look to emulate Snapchat's success in attracting industry attention and investment, using tools like source code analysis software during the development process can be a cheap, effective way to catch simple but potentially damaging flaws such as security tokens that are not set to expire. With a rigorous security mindset during development, companies can minimize their risk.

Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.

Categories: Companies

New Ways to Secure Your LoadRunner Environment in 12.00

HP LoadRunner and Performance Center Blog - Tue, 04/01/2014 - 19:00

HP LoadRunner consists of a number of different components, including the Controller, Load Generators, MI Listeners, etc.  Previous releases of LoadRunner have provided enough security to ensure that the data being transferred between components is secure, but were not able to prevent unauthorized computers from accessing the components.  LoadRunner 12.00 introduces a new set of SSL-based security features that can protect your LoadRunner components from being used by an unauthorized computer.

 

Continue reading to learn how you can secure your LoadRunner 12.00 environment with the new SSL features.

 

(This post was written by Yan-Jun Yu (Tedy), from the LoadRunner R&D Team)

Categories: Companies

The generalizing cook

Markus Gaertner (shino.de) - Tue, 04/01/2014 - 18:07

The agile community is full of stuff on generalists. Ideally, you should be able to juggle coffees for your developers while riding a one-wheeler, and playing the guitar to “Master of Puppets” from Metallica at the same time. Oh, and you really should have found that bug while doing all that.

That’s a task close to impossible. Let’s take a step back, and take a look into another field of work: cooking. How do you react to generalists there? Let’s see.

Caution: Before reading on, make sure, you had enough to eat. (Or didn’t, depending on how fast you can get weak.) This blog post includes references to lots of yummy meals, and contains itself 2000 kcal.

Cooking specialists?

Before we can define generalization successfully in the cooking field, we need to be able to identify possible directions of specialism. Generalizing is a relationship that cannot exist without specialization. In order to generalize, you have to define the opposite specialities first. Generalization then becomes the movement away from one particular speciality towards at first two, then maybe three, and on the other extreme all the specialities that you can identify in the according field of work.

For cooking, there are several ways you can think about specialization. You may specialize in green, or veggie foods. You may specialize as meat-only cook, or even become a beef master. You can specialize in cooking just with the oven, or focus on grilling activities (may favorite). Consider a cook that is proficient with the barbecue grill to properly prepare a cake with it besides serving you the steak first. Awesome! A meaty cake. I would love that one.

But let’s consider some alternatives. There are cooks in the high pricing segment, like five-star cooks. There are fast food chains that provide you meals with fewer turn-over costs (and other different qualities).

But there’s more. There are cooks that focus on local specialities. There are cooks for the German kitchen, serving bratwurst, haxen, and sauerkraut. Then there are Italian cooks that can serve pizza, pasta, and other specialities from the South-European country. Oh, and don’t forget about the Japanese food. If you’ve ever been to a Japanese steakhouse, you know what I mean. (I should certainly find one in Germany.)

Oh, and then there are cooks that specialize on a particular piece of the whole course. For example there are specialists at creating dessert, like an ice-cake (yummy!). And there are specialists for soup, for salad, and main dishes.

As you can see, there is a whole bunch of stuff that you may focus on. Now, let’s take the counter-position, and see where generalization would lead us to.

Generalizing cooks

How could a cook generalize? When considering the five-star cook, she is probably already generalizing. She knows a couple of dish well enough to receive the five-star certification. For the certifier it does not matter where these dish come from. They only need to be yummy, well prepared, well served.

Or should a cook generalize in the sense of dish he serves? A cook that’s only good at meat probably won’t win many prices in the long run. To prepare a proper meal, he also needs to serve the openers, and he also should have a clue about the composition of the whole course, like which wine to serve with the deer, and what kind of dessert fits better: ice cream or fruits?

Then what about the fast food cook versus the noble restaurant cook? The fast food cook knows a bunch of recipes, and he has streamlined his whole business according to his margins – and what people are willing to pay for it. In a noble restaurant people eat because they want to taste something special. Only the best ingredients get into each individual meal, and that also has an end result on the price. And of course, the overall experience in a five-star restaurant is totally different than the one in the next local Wendy’s.

Oh, and if you can’t get a dessert at the local shop, then you are probably going to the next ice-cream shop, and spend your money there. That might be ok in certain regions of the city. But if the next ice-cream bar is 20 miles away, your customers are more likely to complain about it.

And, finally, you may generalize across country specialities. Besides burgers you may serve sushi, paella, and Irish Stew. You are so proficient in your cooking skills that you can serve all meals from all over the world. 120 meals in your whole menu.

One cook to rule them all

The other day, when I stood in a fast food shop in our home town, waiting for our lunch, I started wondering. That shop sold Döner, Pizza, and a couple of German and Austrian dishes. That shop appeared to be a generalizing shop.

As a customer, did I like it? I started to wonder whether they followed the demand from the market, or tried to fill a particular niche in the local market by offering everything. I certainly wasn’t convinced that many of the offered dish were good while waiting in that shop.

Now, after writing about this experience, I think there is a tremendous difference between a five-star generalist cook, and a generalizing fast food cook. I trust the five-star cook on another level than I trust the tiny small “Fetthalle” around that corner that serves lots of different international foods. I prefer to be more like a five-star software developer rather than a generalizing “fast code” hacker.

That made me wonder what the outside impression from us software generalists would be? Should we be more like generalizing fast food cooks or like five-star cooks in the end? Well, in the end, software development has only to do with stuff you can’t see – if you won’t take a look. Food is different.

Nom-nom.

PrintDiggStumbleUpondel.icio.usFacebookTwitterLinkedInGoogle Bookmarks

Categories: Blogs

Very Short Blog Posts (15): “Manual” and “Automated” Testers

DevelopSense Blog - Tue, 04/01/2014 - 16:22
“Help Wanted. Established scientific research lab seeks Intermediate Level Manual Scientist. Role is intended to complement our team of Automated and Semi-Automated Scientists. The successful candidate will perform research and scientific experiments without any use of tools (including computer hardware or software). Requires good communication skills and knowledge of the Hypothesis Development Life Cycle. Bachelor’s […]
Categories: Blogs

Capture Pokémon, Work for Google

uTest - Tue, 04/01/2014 - 15:45

pokemonFor most companies, April 1st is a less-than-ideal date in which to launch an app or a major update, as consumers, media and other interested parties might take it to be a prank. Google is not most companies.

The tech giant just released a mini-game in the update of its “Maps” application. Unlike most updates, this one incorporates a healthy dose of Pokémon. For those unfamiliar, Pokémon is a Nintendo-owned media franchise involving card games, video games, cartoons and movies that feature trainers capturing wild “Pokémon” creatures with special abilities. Once captured, they are trained to fight and pitted in battles against one another. At least that’s what I’m told.

Of course, Google is known for being quite a prankster, with a long list of similar April Fool’s Day pranks (seriously, a LONG list), however they have also peppered in a number of real releases on April 1, including Gmail. In fact, Gmail was thought to be a hoax, because at the time a free email service with a gigabyte of storage was an entirely new concept. Safe to say that one worked out pretty well.

So is this recent Pokémon update to Google’s Map application a hoax or the real deal? It seems a bit of both – at least we hope! The video promo they put together shows Poke-enthusiasts travelling the world, and “finding” Pokémon using an incredible looking augmented reality app within Google maps to capture their very own Pokémon. The video also promises any person that can capture all 150 Pokémon will have a chance to work at Google, with the title of “Pokémon Master”. Unfortunately, it’s a pretty good bet that these aspects are the hoax portion of their prank.

If you’re willing to take that chance in order to become a Pokémon Master, here’s how to get started:

To start becoming a Pokémon Master, go to your updated Google Maps app, tap the Search Bar, and then tap the Pokeball icon that says Start. You’ll be transported to Isla Santa Cruz, which is a remote cluster of islands, that are apparently teeming with Pokémon wildlife. You can then catch Pokémon by tapping them. There is a Pokedex you can fill with 150 different types of Pokémon, though I’m unsure what happens when you succeed.

Regardless of whether the feature will get pulled after April Fools (it’s hard to imagine running into Pokémon while searching for a hotel on vacation) it’s given users a new reason to check out Google Maps and all of its new features. For Google, I would suspect that it has led to a sizeable increase in usage over the last 24 hours. Everyone wins!

There is a lot of speculation as to whether or not Google is up to something bigger with this prank. Some have suggested a geo-caching project in the works, while others have mentioned some sort of augmented reality app. I guess we’ll have to wait and see.

Either way, it seems that Google has once again reminded the world that they remain the king of April Fool’s Day pranks.

Categories: Companies

2014 Open Source Development Survey: Making Results Matter

Sonatype Blog - Tue, 04/01/2014 - 15:33

Want to win a programmable LEGO robot?  Share your voice in this year’s survey.

LEGO Mindstorm

Let me share three statistics with you from the 2013 open source development survey:

  • 76% of organizations lack meaningful controls over the use of open source software in development
  • 86% of developers believe their typical applications include over 80% open source components
  • 71% of applications have more than one critical or severe open source component vulnerability

These stats might surprise you or may not. Surprise is not their intent. The real intent of these survey results is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important.

Today we kicked off the fourth annual open source development and application security survey. You can take the 5 minute survey here — it takes less that 5 minutes, we promise.

Looking at last year’s findings, I see so many great discussion topics for your next team meeting, a lunch-and-learn at your office, or at a community MeetUp event. Topics like:

  • How do our practices compare? Are we ahead or behind?
  • What policies do we have in place, do we need new ones, or does anyone follow our policy?
  • Are our development, security, and compliance practices sufficiently aligned compared to other companies our size?

We’ll send everyone the final survey results to share, compare, and discuss with your team. You can also enter into a DAILY drawing for a $100 Amazon.com giftcard and a WEEKLY drawing for a super cool LEGO Mindstorms EV3 programmable robot. The survey is only open until April 30th. And the sooner you take the survey the more chances you have to win.

Categories: Companies

Don‘t Trust Your Log Files: How and Why to Monitor ALL Exceptions

I would say that only one out of a million exceptions thrown in an application actually makes it to a log file – unless you run your application in verbose logging mode  – Do you agree? No? Here is why I think that is: Because most exceptions are handled by your code or by the […]
Categories: Companies

A Developer In Test

Testing TV - Tue, 04/01/2014 - 12:22
A Developer In Test (DIT) writes code to test code. I will show from a Behaviour Driven Development (BDD) perspective how a Developer In Test can help out at all stages of a software development lifecycle. Working with stakeholders and business analysts to define the purpose and desired behaviour of a product, running ten-minute test […]
Categories: Blogs

Remaining Relevant – Be an affiliate

The Social Tester - Tue, 04/01/2014 - 11:00
I’m very happy with the sales of my book Remaining Relevant. I’d like to say a BIG thank you to all who have bought it and promoted it to others – it’s very welcome...
Categories: Blogs

Cistern Thinking

Hiccupps - James Thomas - Tue, 04/01/2014 - 10:28
The toilet seat heuristic: the conspicuous risk may not be the only or the highest risk. The glaringly obvious and the mundane should both be considered and risks evaluated across them.
The Guardian: "In truth, many shared bathrooms are cleaner than, say, the telephone on your office desk, your computer keyboard, the dishcloth by your kitchen sink ... [but] it is perfectly natural, perfectly logical, that we expect [faecal bacteria] to be congregating in greatest numbers somewhere around the toilet bowl"Image: https://flic.kr/p/iE7jP
Categories: Blogs

Reminder for May Online Training

Ranorex - Tue, 04/01/2014 - 10:00
Get firsthand training with Ranorex professionals and learn how to get the most out of Ranorex Studio and the Ranorex Test Automation Tools at this two day workshops.

This workshop starts with theoretical issues such as the benefits and the return of investment in automated testing. The main focus will be the use of Ranorex in practice.

May 20-21

10:30AM - 05:30PM EST

Ranorex Test Automation Workshop

Online


Look at the schedules for additional workshops in the next few months.

Worldmap-Training

We look forward to seeing you there!
Categories: Companies

Community Update 2014-03-31 – #Build2014, #dotnet, #css, #responsive tables, #aspnet, #owin, new #octokit .NET version

Decaying Code - Maxime Rouiller - Tue, 04/01/2014 - 05:30

So like every Monday, as always, we have an avalanche of links.

The one I would really not miss is the Build 2014 session list. The Build will start April 2nd and go up to April 4th. I will list my recommended session once we reach those date since I’m still picking what I, and maybe you, should watch.

With this, good reading!

Enjoy!

Must Read

Analysis Paralysis: Over-thinking and Knowing Too Much to Just CODE - Scott Hanselman (www.hanselman.com)

Build 2014

Build 2014 (channel9.msdn.com) – The event will be from April 2nd to April 4th.

Web Development

CSS Diner - Where we feast on CSS Selectors! (flukeout.github.io) – Excellent learning tool to learn CSS selectors

Responsive tables (gergeo.se)

.NET

StructureMap 3.0 is Live | The Shade Tree Developer on WordPress.com (jeremydmiller.com)

How I made EF work more like an object database | brockallen on WordPress.com (brockallen.com)

12 reasons to use the Jolt award winning Visual Studio Premium 2013 (blogs.msdn.com)

ASP.NET

Validation of hidden fields at the client in ASP.NET MVC (www.campusmvp.net)

OWIN security components for ASP.NET: OpenID Connect preview and Cloud Cover video! | CloudIdentity (www.cloudidentity.com)

Optimize your WebApp like a PRO – ASP.NET MVC Boilerplate | Emit Knowledge (www.emitknowledge.com)

Exploring ASP.NET FriendlyURLs | TechNet Blogs (blogs.technet.com)

CQRS / Event Sourcing

Event sourcing in practice (ookami86.github.io) – Slides in HTML. Use the arrows/space on your keyboard to page through.

Windows Azure

Using SLAB's Azure Table Sink With a WebApi Service Hosted In Azure Beyond the Duck (beyondtheduck.com)

Source Control (Git, SVN, TFS, etc.)

octokit.net/ReleaseNotes.md at master · octokit/octokit.net · GitHub (github.com) – New version of the .NET GitHub API.

Search Engines (ElasticSearch, Solr, etc.)

elasticsearch – how many shards? « Trifork Blog / Trifork: Enterprise Java, Open Source, software solutions (blog.trifork.com)

Elasticsearch Monitoring and Management Plugins | codecentric Blogcodecentric Blog (blog.codecentric.de)

Categories: Blogs

Knowledge Sharing

Telerik Test Studio is all-in-one testing solution that makes software testing easy. SpiraTest is the most powerful and affordable test management solution on the market today