Skip to content

Feed aggregator

Community Update 2014-04-01 – April Fool’s special, getting ready for #durandaljs and some #elasticsearch

Decaying Code - Maxime Rouiller - Wed, 04/02/2014 - 04:30
April Fools Entry

Clippy for ReSharper | JetBrains .NET Tools Blog (blog.jetbrains.com)

security - Permanently uninstalling the user - Super User (superuser.com)

Web Development

Preparing for Durandal NextGen (eisenbergeffect.bluespire.com)

BUILD 2014 – Must watch

Deep Dive: Improving Performance in Your ASP.NET App (channel9.msdn.com) – Available April 4th-5th.

.NET

Visual Studio Online Update – Mar 18th (blogs.msdn.com)

At BUILD 2014? Join Miguel de Icaza for his C#+F# Mobile Session on Android and iOS (blogs.msdn.com)

ASP.NET

Get the Twitter Profile Image using ASP.NET Identity (blog.beabigrockstar.com)

Updated ASP.NET Database Resource Provider - Rick Strahl's Web Log (weblog.west-wind.com)

Web API: Mixing Traditional & Verb-Based Routing | Applied Information Sciences Blog (blog.appliedis.com)

Simple OAuth Server: Implementing a Simple OAuth Server with Katana OAuth Authorization Server Components (Part 1) - Tugberk Ugurlu's Blog (www.tugberkugurlu.com)

Tom DuPont .NET: TypeScript Definition Files on NuGet: Always have the latest and greatest IntelliSense! (www.tomdupont.net)

CypressNorth/.NET-WebApi-HttpStringDecodeFilter · GitHub (github.com)

Architecture and Methodology

Estimate This! (or not) | xProgramming.com (xprogramming.com)

The True Corruption of Agile | 8th Light (blog.8thlight.com)

Search Engines (Solr, ElasticSearch)

Nest - Quick Start (nest.azurewebsites.net) – .NET Connector for ElasticSearch

Log Analysis is Fun Again | CDS Global (www.cds-global.com)

Categories: Blogs

Your Java Web Start slaves will be always clean



If you have slaves that connect through Java Web Start (such as slaves installed as Windows services), we have a good news for you.

In case of a connection loss, this type of slaves has been designed to automatically attempt to reconnect to the master. This makes sense because you want these slaves to remain online all the time, even if your janitor trips over the ethernet cable. Unfortunately, it also means that over the time, these slaves accumulate gunk, such as mutated static states, any left-over threads or memory leaks, or native libraries that are loaded into JVM.

To prevent that, a better approach is to restart the slave JVM (JENKINS-19055) and have the new JVM reconnect, instead of having the same JVM reconnect. That would ensure that the slave always stays clean. I've planned to make this change for a while now, and I'm happy to report that this change is finally landing to the upcoming 1.559.

Restarting JVM is easy on Unix, where I could just exec(3) to itself. We've been doing this for ages on masters, for example when you update a plugin and tell Jenkins to restart.

The hard part is to do this for Windows, where the most of the time was spent. I had to improve windows service wrapper to support self-restarting services, which turned out to be trickier because Windows service control manager doesn't provide "restart" as an atomic operation. It also kills not just the service process itself but all the processes in the group. So I had to double-fork the service wrapper into a separate process group just to restart a service from within itself.

In any case, the end result is that if you have installed a service through GUI, be it on Windows, Unix, or OS X, slaves will restart themselves every time it gets disconnected from the master.

I've also taken the opportunity to make jenkins-slave.exe on the slave self-updating. Every time it connects to the master, it gets the latest version from the master.

If you have installed Web Start slaves as services, make sure to update the local copy of slave.jar on these slaves to 2.37 or later. This "restart on reconnect" feature only kicks in when you are running this very recent version of slave.jar. And yes, we realize it'd be nice for slave.jar to update itself, which is tracked as JENKINS-22454. But that's a work for another day.

Categories: Open Source

Slide into Selenium! “How To Use Selenium, Successfully” by Dave Haeffner

Sauce Labs - Tue, 04/01/2014 - 23:15

Thanks to all of you who attended our last webinar, Selenium Bootcamp, with expert Dave Haeffner! Click here to listen to the recording, and check out the slide deck below from his presentation if you haven’t already done so.

How to Use Selenium, Successfully from Sauce Labs

Want to share your thoughts or expertise with our community? We want to hear it! Submit your blog post or webinar topic here.
Categories: Companies

Snapchat flaw enables DoS attacks on iOS and Android phones

Kloctalk - Klocwork - Tue, 04/01/2014 - 19:45

A design flaw in popular photo messaging application Snapchat could allow a malicious user to send thousands of messages to an account simultaneously, effectively performing a denial-of-service attack, according to security researcher Jaime Sanchez. The flaw is the latest in a series of software security tussles that have arisen around the company in recent months.

Sanchez, a consultant for Spanish telecom company Telefonica, discovered the flaw along with another researcher on his own time, the Los Angeles Times reported. He found that Snapchat uses security tokens for authentication whenever a request is made to the service's servers. In other words, a request token is created any time users add a friend, update their contact list or send a message. The problem is that these tokens aren't set to expire, which means an attacker can reuse an old token to send new messages.

"The original idea of using request tokens is to force users to create one, and then discard it for next time," Sanchez wrote in a blog post. "So, if you're an authenticated user, you'll be able to create another time and then make another request. The problem is that tokens doesn't [sic] expire."

With a simple script run on a computer, an attacker could easily use the same token to spam thousands of accounts or send thousands of messages to a single account. Sanchez demonstrated the latter scenario to an LA Times reporter, flooding the reporter's iPhone with 1,000 messages in five seconds. This caused the phone to freeze and restart itself. According to Sanchez, this is likely because the attack also overloads iOS's Push Notification service. While a denial-of-service attack on an Android device would not cause the phone to crash, it would begin to run extremely slowly, and the app becomes unusable for the duration of the attack.

Snapchat's challenges
Sanchez told the LA Times that he did not report the issue to Snapchat because of the lack of respect the company has shown toward the software security community in other recent incidents. For instance, at the end of last year, researchers at Gibson Security published an exploit that would allow mass theft of Snapchat user info after reportedly receiving no response from the company. Hackers quickly used the exploit to pull account data for 4.6 million users.

Snapchat, which also has recently turned down acquisition offers worth billions, could suffer in the public eye if such software security incidents continue to occur. According to Sanchez, the company has still not addressed his flaw, although it did disable the accounts he used to generate his proof of concept attack.

As other companies look to emulate Snapchat's success in attracting industry attention and investment, using tools like source code analysis software during the development process can be a cheap, effective way to catch simple but potentially damaging flaws such as security tokens that are not set to expire. With a rigorous security mindset during development, companies can minimize their risk.

Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.

Categories: Companies

New Ways to Secure Your LoadRunner Environment in 12.00

HP LoadRunner and Performance Center Blog - Tue, 04/01/2014 - 19:00

HP LoadRunner consists of a number of different components, including the Controller, Load Generators, MI Listeners, etc.  Previous releases of LoadRunner have provided enough security to ensure that the data being transferred between components is secure, but were not able to prevent unauthorized computers from accessing the components.  LoadRunner 12.00 introduces a new set of SSL-based security features that can protect your LoadRunner components from being used by an unauthorized computer.

 

Continue reading to learn how you can secure your LoadRunner 12.00 environment with the new SSL features.

 

(This post was written by Yan-Jun Yu (Tedy), from the LoadRunner R&D Team)

Categories: Companies

The generalizing cook

Markus Gaertner (shino.de) - Tue, 04/01/2014 - 18:07

The agile community is full of stuff on generalists. Ideally, you should be able to juggle coffees for your developers while riding a one-wheeler, and playing the guitar to “Master of Puppets” from Metallica at the same time. Oh, and you really should have found that bug while doing all that.

That’s a task close to impossible. Let’s take a step back, and take a look into another field of work: cooking. How do you react to generalists there? Let’s see.

Caution: Before reading on, make sure, you had enough to eat. (Or didn’t, depending on how fast you can get weak.) This blog post includes references to lots of yummy meals, and contains itself 2000 kcal.

Cooking specialists?

Before we can define generalization successfully in the cooking field, we need to be able to identify possible directions of specialism. Generalizing is a relationship that cannot exist without specialization. In order to generalize, you have to define the opposite specialities first. Generalization then becomes the movement away from one particular speciality towards at first two, then maybe three, and on the other extreme all the specialities that you can identify in the according field of work.

For cooking, there are several ways you can think about specialization. You may specialize in green, or veggie foods. You may specialize as meat-only cook, or even become a beef master. You can specialize in cooking just with the oven, or focus on grilling activities (may favorite). Consider a cook that is proficient with the barbecue grill to properly prepare a cake with it besides serving you the steak first. Awesome! A meaty cake. I would love that one.

But let’s consider some alternatives. There are cooks in the high pricing segment, like five-star cooks. There are fast food chains that provide you meals with fewer turn-over costs (and other different qualities).

But there’s more. There are cooks that focus on local specialities. There are cooks for the German kitchen, serving bratwurst, haxen, and sauerkraut. Then there are Italian cooks that can serve pizza, pasta, and other specialities from the South-European country. Oh, and don’t forget about the Japanese food. If you’ve ever been to a Japanese steakhouse, you know what I mean. (I should certainly find one in Germany.)

Oh, and then there are cooks that specialize on a particular piece of the whole course. For example there are specialists at creating dessert, like an ice-cake (yummy!). And there are specialists for soup, for salad, and main dishes.

As you can see, there is a whole bunch of stuff that you may focus on. Now, let’s take the counter-position, and see where generalization would lead us to.

Generalizing cooks

How could a cook generalize? When considering the five-star cook, she is probably already generalizing. She knows a couple of dish well enough to receive the five-star certification. For the certifier it does not matter where these dish come from. They only need to be yummy, well prepared, well served.

Or should a cook generalize in the sense of dish he serves? A cook that’s only good at meat probably won’t win many prices in the long run. To prepare a proper meal, he also needs to serve the openers, and he also should have a clue about the composition of the whole course, like which wine to serve with the deer, and what kind of dessert fits better: ice cream or fruits?

Then what about the fast food cook versus the noble restaurant cook? The fast food cook knows a bunch of recipes, and he has streamlined his whole business according to his margins – and what people are willing to pay for it. In a noble restaurant people eat because they want to taste something special. Only the best ingredients get into each individual meal, and that also has an end result on the price. And of course, the overall experience in a five-star restaurant is totally different than the one in the next local Wendy’s.

Oh, and if you can’t get a dessert at the local shop, then you are probably going to the next ice-cream shop, and spend your money there. That might be ok in certain regions of the city. But if the next ice-cream bar is 20 miles away, your customers are more likely to complain about it.

And, finally, you may generalize across country specialities. Besides burgers you may serve sushi, paella, and Irish Stew. You are so proficient in your cooking skills that you can serve all meals from all over the world. 120 meals in your whole menu.

One cook to rule them all

The other day, when I stood in a fast food shop in our home town, waiting for our lunch, I started wondering. That shop sold Döner, Pizza, and a couple of German and Austrian dishes. That shop appeared to be a generalizing shop.

As a customer, did I like it? I started to wonder whether they followed the demand from the market, or tried to fill a particular niche in the local market by offering everything. I certainly wasn’t convinced that many of the offered dish were good while waiting in that shop.

Now, after writing about this experience, I think there is a tremendous difference between a five-star generalist cook, and a generalizing fast food cook. I trust the five-star cook on another level than I trust the tiny small “Fetthalle” around that corner that serves lots of different international foods. I prefer to be more like a five-star software developer rather than a generalizing “fast code” hacker.

That made me wonder what the outside impression from us software generalists would be? Should we be more like generalizing fast food cooks or like five-star cooks in the end? Well, in the end, software development has only to do with stuff you can’t see – if you won’t take a look. Food is different.

Nom-nom.

PrintDiggStumbleUpondel.icio.usFacebookTwitterLinkedInGoogle Bookmarks

Categories: Blogs

Very Short Blog Posts (15): “Manual” and “Automated” Testers

DevelopSense Blog - Tue, 04/01/2014 - 16:22
“Help Wanted. Established scientific research lab seeks Intermediate Level Manual Scientist. Role is intended to complement our team of Automated and Semi-Automated Scientists. The successful candidate will perform research and scientific experiments without any use of tools (including computer hardware or software). Requires good communication skills and knowledge of the Hypothesis Development Life Cycle. Bachelor’s […]
Categories: Blogs

Capture Pokémon, Work for Google

uTest - Tue, 04/01/2014 - 15:45

pokemonFor most companies, April 1st is a less-than-ideal date in which to launch an app or a major update, as consumers, media and other interested parties might take it to be a prank. Google is not most companies.

The tech giant just released a mini-game in the update of its “Maps” application. Unlike most updates, this one incorporates a healthy dose of Pokémon. For those unfamiliar, Pokémon is a Nintendo-owned media franchise involving card games, video games, cartoons and movies that feature trainers capturing wild “Pokémon” creatures with special abilities. Once captured, they are trained to fight and pitted in battles against one another. At least that’s what I’m told.

Of course, Google is known for being quite a prankster, with a long list of similar April Fool’s Day pranks (seriously, a LONG list), however they have also peppered in a number of real releases on April 1, including Gmail. In fact, Gmail was thought to be a hoax, because at the time a free email service with a gigabyte of storage was an entirely new concept. Safe to say that one worked out pretty well.

So is this recent Pokémon update to Google’s Map application a hoax or the real deal? It seems a bit of both – at least we hope! The video promo they put together shows Poke-enthusiasts travelling the world, and “finding” Pokémon using an incredible looking augmented reality app within Google maps to capture their very own Pokémon. The video also promises any person that can capture all 150 Pokémon will have a chance to work at Google, with the title of “Pokémon Master”. Unfortunately, it’s a pretty good bet that these aspects are the hoax portion of their prank.

If you’re willing to take that chance in order to become a Pokémon Master, here’s how to get started:

To start becoming a Pokémon Master, go to your updated Google Maps app, tap the Search Bar, and then tap the Pokeball icon that says Start. You’ll be transported to Isla Santa Cruz, which is a remote cluster of islands, that are apparently teeming with Pokémon wildlife. You can then catch Pokémon by tapping them. There is a Pokedex you can fill with 150 different types of Pokémon, though I’m unsure what happens when you succeed.

Regardless of whether the feature will get pulled after April Fools (it’s hard to imagine running into Pokémon while searching for a hotel on vacation) it’s given users a new reason to check out Google Maps and all of its new features. For Google, I would suspect that it has led to a sizeable increase in usage over the last 24 hours. Everyone wins!

There is a lot of speculation as to whether or not Google is up to something bigger with this prank. Some have suggested a geo-caching project in the works, while others have mentioned some sort of augmented reality app. I guess we’ll have to wait and see.

Either way, it seems that Google has once again reminded the world that they remain the king of April Fool’s Day pranks.

Categories: Companies

2014 Open Source Development Survey: Making Results Matter

Sonatype Blog - Tue, 04/01/2014 - 15:33

Want to win a programmable LEGO robot?  Share your voice in this year’s survey.

LEGO Mindstorm

Let me share three statistics with you from the 2013 open source development survey:

  • 76% of organizations lack meaningful controls over the use of open source software in development
  • 86% of developers believe their typical applications include over 80% open source components
  • 71% of applications have more than one critical or severe open source component vulnerability

These stats might surprise you or may not. Surprise is not their intent. The real intent of these survey results is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important.

Today we kicked off the fourth annual open source development and application security survey. You can take the 5 minute survey here — it takes less that 5 minutes, we promise.

Looking at last year’s findings, I see so many great discussion topics for your next team meeting, a lunch-and-learn at your office, or at a community MeetUp event. Topics like:

  • How do our practices compare? Are we ahead or behind?
  • What policies do we have in place, do we need new ones, or does anyone follow our policy?
  • Are our development, security, and compliance practices sufficiently aligned compared to other companies our size?

We’ll send everyone the final survey results to share, compare, and discuss with your team. You can also enter into a DAILY drawing for a $100 Amazon.com giftcard and a WEEKLY drawing for a super cool LEGO Mindstorms EV3 programmable robot. The survey is only open until April 30th. And the sooner you take the survey the more chances you have to win.

Categories: Companies

Don‘t Trust Your Log Files: How and Why to Monitor ALL Exceptions

I would say that only one out of a million exceptions thrown in an application actually makes it to a log file – unless you run your application in verbose logging mode  – Do you agree? No? Here is why I think that is: Because most exceptions are handled by your code or by the […]
Categories: Companies

A Developer In Test

Testing TV - Tue, 04/01/2014 - 12:22
A Developer In Test (DIT) writes code to test code. I will show from a Behaviour Driven Development (BDD) perspective how a Developer In Test can help out at all stages of a software development lifecycle. Working with stakeholders and business analysts to define the purpose and desired behaviour of a product, running ten-minute test […]
Categories: Blogs

Remaining Relevant – Be an affiliate

The Social Tester - Tue, 04/01/2014 - 11:00
I’m very happy with the sales of my book Remaining Relevant. I’d like to say a BIG thank you to all who have bought it and promoted it to others – it’s very welcome...
Categories: Blogs

Cistern Thinking

Hiccupps - James Thomas - Tue, 04/01/2014 - 10:28
The toilet seat heuristic: the conspicuous risk may not be the only or the highest risk. The glaringly obvious and the mundane should both be considered and risks evaluated across them.
The Guardian: "In truth, many shared bathrooms are cleaner than, say, the telephone on your office desk, your computer keyboard, the dishcloth by your kitchen sink ... [but] it is perfectly natural, perfectly logical, that we expect [faecal bacteria] to be congregating in greatest numbers somewhere around the toilet bowl"Image: https://flic.kr/p/iE7jP
Categories: Blogs

Reminder for May Online Training

Ranorex - Tue, 04/01/2014 - 10:00
Get firsthand training with Ranorex professionals and learn how to get the most out of Ranorex Studio and the Ranorex Test Automation Tools at this two day workshops.

This workshop starts with theoretical issues such as the benefits and the return of investment in automated testing. The main focus will be the use of Ranorex in practice.

May 20-21

10:30AM - 05:30PM EST

Ranorex Test Automation Workshop

Online


Look at the schedules for additional workshops in the next few months.

Worldmap-Training

We look forward to seeing you there!
Categories: Companies

Community Update 2014-03-31 – #Build2014, #dotnet, #css, #responsive tables, #aspnet, #owin, new #octokit .NET version

Decaying Code - Maxime Rouiller - Tue, 04/01/2014 - 05:30

So like every Monday, as always, we have an avalanche of links.

The one I would really not miss is the Build 2014 session list. The Build will start April 2nd and go up to April 4th. I will list my recommended session once we reach those date since I’m still picking what I, and maybe you, should watch.

With this, good reading!

Enjoy!

Must Read

Analysis Paralysis: Over-thinking and Knowing Too Much to Just CODE - Scott Hanselman (www.hanselman.com)

Build 2014

Build 2014 (channel9.msdn.com) – The event will be from April 2nd to April 4th.

Web Development

CSS Diner - Where we feast on CSS Selectors! (flukeout.github.io) – Excellent learning tool to learn CSS selectors

Responsive tables (gergeo.se)

.NET

StructureMap 3.0 is Live | The Shade Tree Developer on WordPress.com (jeremydmiller.com)

How I made EF work more like an object database | brockallen on WordPress.com (brockallen.com)

12 reasons to use the Jolt award winning Visual Studio Premium 2013 (blogs.msdn.com)

ASP.NET

Validation of hidden fields at the client in ASP.NET MVC (www.campusmvp.net)

OWIN security components for ASP.NET: OpenID Connect preview and Cloud Cover video! | CloudIdentity (www.cloudidentity.com)

Optimize your WebApp like a PRO – ASP.NET MVC Boilerplate | Emit Knowledge (www.emitknowledge.com)

Exploring ASP.NET FriendlyURLs | TechNet Blogs (blogs.technet.com)

CQRS / Event Sourcing

Event sourcing in practice (ookami86.github.io) – Slides in HTML. Use the arrows/space on your keyboard to page through.

Windows Azure

Using SLAB's Azure Table Sink With a WebApi Service Hosted In Azure Beyond the Duck (beyondtheduck.com)

Source Control (Git, SVN, TFS, etc.)

octokit.net/ReleaseNotes.md at master · octokit/octokit.net · GitHub (github.com) – New version of the .NET GitHub API.

Search Engines (ElasticSearch, Solr, etc.)

elasticsearch – how many shards? « Trifork Blog / Trifork: Enterprise Java, Open Source, software solutions (blog.trifork.com)

Elasticsearch Monitoring and Management Plugins | codecentric Blogcodecentric Blog (blog.codecentric.de)

Categories: Blogs

Very Short Blog Posts (14): “It works!”

DevelopSense Blog - Mon, 03/31/2014 - 21:47
“It works” is one of Jerry Weinberg‘s nominees for the most ambiguous sentence in the English language. To me, when people say “it works”, they really mean Some aspect of some feature or some function appeared to meet some requirement to some degree based on some theory and based on some observation that some agent […]
Categories: Blogs

Jenkins - The Man Behind The Curtain

While most of the cloud world was obsessed with price reductions coming from Google and Amazon last week, some of the more astute observers picked up on what is ultimately an even more important theme.


Right. Google seems to have understood very deeply that the key to upping the competitive game with Amazon and Microsoft in the public cloud is through developers. More than live migration and race-to-the-bottom pricing, they know that they can use their savvy as developers to differentiate the platform for developers. They use the phrase “meeting developers where they are,” and have committed big time to using Jenkins - as Google's Chris Smith put it - as the “man behind the curtain” to orchestrate continuous delivery from code to production.
1411 People Stared in Awe at the Mighty Power of the Jenkins Update Center During Google Cloud Platform Live
That phrase “meeting developers where they are” is kind of interesting, too, almost un-Google like. They’re not inventing a new Google-icious CI or build tool. They’re giving developers what they’re used to and are productive with - IntelliJ (aka Android Studio), Git, Jenkins, Maven and Gradle. They’re glueing those powerful tools together in a simple flow that fits seamlessly across their properties and Google Cloud Services, all leading toward deployment on Google Compute Engine and App Engine and Android devices.
That’s a pretty expansive vision, a fundamental change to the way developers build, test and deliver applications in the cloud world. A real platform play. It’s something we at CloudBees have been delivering on for a while now and that our customers have been depending on 24x7 to run their businesses. Here are a few of the important things we've learned in our journey to delivering the most advanced developer-centric Platform as a Service in the market:
  • Hybrid is reality, and will be for a long time. We love the cloud and run our business on it, but most businesses have existing investments (technical, capital and procedural) that are reality for them. Those businesses and the developers in them want to use the cloud, too. So, you need to live in both worlds and connect those worlds. For continuous delivery to be meaningful to the developers living in this hybrid world, you need to bridge them securely and painlessly, and that’s particularly true for people in the enterprise. That's why we've invested in things like RBAC, on-prem executors, VPN connectivity, and SAML support. Meeting developers where they are sometimes means you need to meet them in their own data center.
  • Continuous integration - and continuous delivery even more so - requires connections to all kinds of surrounding systems. This is one of the reasons Jenkins is so incredibly popular, because if you can’t do that using one of the 900 or so plugins in Jenkins today, you can build one yourself. Heck, that’s why Google is using it, too! Part of the “trick” of providing Jenkins as a hosted service is to do it in a way that exposes the flexibility and community-powered plugin set. The Update Center is the window into those plugins, so it's nice to see it being visible in Google's demo. Ultimately, all this relates to "running at scale" - supporting teams and the larger scale business processes that developers live within. Those developers will demand direct access and tweaks to the plugins and the ecosystems they unlock. Developing and deploying a web or mobile app is often just a part of a bigger chain of automation, which often spans reusable common libraries into post-deployment testing. Giving teams of developers the tools to collaborate and thrive within this kind of larger flow, continuously - that’s running at scale.
  • Community is key. The great thing about the Jenkins project is that Jenkins itself is built to encourage community, and it is operated to build community. Like any community, it has leaders and highly engaged participants. But, it also welcomes people who jump in and dabble, who do a quick project to solve a specific problem, or who extend the work of others. People participate because their investment pays back and often makes them feel good at the same time. So Google, my advice to you is to jump in. Don’t just keep the butler downstairs waiting for you to ring the bell for CI service. Come on down and have a beer with the rest of us. I guarantee you’ll be welcomed!


    This last week was a big one for cloud. The message should be crystal clear for competitors to the Google Cloud Platform. If you want to leapfrog Amazon (or Amazon: if you want to avoid being leapfrogged), you need to connect with developers. Those developers have long ago gotten used to instant access to on-demand infrastructure. Yawn... has the price dropped again? They want to consume a service, not build it if it’s not core to the problem they’re solving for the business. What’s more interesting to these developers and the people who employ them - and whose businesses depend on them - is how to create, update and deliver better software faster, continuously. The man behind the curtain to make that happen, to put the power of community and connectivity to work, turns out to be Jenkins.

    -- Steven G. Harriswww.cloudbees.com



    Steven Harris is senior vice president of products at CloudBees. Follow Steve on Twitter.
    Categories: Companies

    A Few Things Every Mobile App Developer Needs to Know

    uTest - Mon, 03/31/2014 - 18:07

    Sea-of-appsIt’s no secret that the app stores are exploding. With every new app that launches, the competition gets tougher and tougher for new players trying to enter the market.

    So what can new app developers do to stand out?

    Gil Dudkiewicz, of The Next Web, recently pulled together a list of 5 things app developers need to know. Here’s a look:

    “1. Imitation is not always the sincerest form of flattery

    If your product is good, people will copy you. The better it is, the likelihood of being ripped off increases exponentially. This is a multi-industry reality and it’s the first thing you should keep in mind as you develop your mobile app.If you know you have an excellent product in the works, a strong launch is critical. The initial loyal user base you attract as a result of high visibility will help you stay on top when the imitators eventually end up publishing similar products.

    The more active users you have, the better your app holds its ground in the store. Additionally, those are the users who convert to paying customers.

    #2. It is far too easy to get lost in the crowd

    One of the biggest challenges mobile app developers face is discoverability. With more than a million mobile apps in each of the app stores (Apple and Android), it is becoming harder and harder to generate organic users.

    To overcome this, you should plan on putting time and effort into app store optimization techniques. The app name, icon, description and screenshots – all of these need high attention and professional care to reach the best results.
    Invest time and money to produce a unique presentation of your app before it is downloaded to grab the attention and pique the interest of users.

    #3. You don’t have to play by the rules to go viral

    When it comes to distribution, developers often think the only path to topping the charts is through organic results. This is usually not the case! Going viral is rare, so developers should not be shy about opening their pockets and buying some downloads.

    Set a budget and contact a solid network, target your audience, and get those users. This is particularly crucial for your launch to ensure a strong start.
    Another area in which to exercise a bit of creativity is monetization. Do not be fearful of trying new monetization solutions. Far too many mobile app developers “settle” for the generic solution of placing a flat, boring banner in their ad because they feel it’s the only solution. Wrong! Get your creative juices flowing to come up with an innovative solution.

    For example, users are far more tolerant of in-app advertising than you may think, particularly if your app is well-made and solves a problem for them, or even provides a few moments of fun.

    A well-integrated, well-timed full-page ad, app wall, or video can generate revenue in a way that compliments the app experience rather than damaging or distracting from the experience.

    # 4. There is a best time to launch your mobile app

    You’ve probably heard the expression, “Good things come to those who wait.” This is especially true when it comes to choosing the right moment to launch your mobile app.

    If you are accustomed to publishing on the Web, toss everything you know out the window, because the best times to publish mobile apps are during the summer and the December holidays. People are on the road and glued to their devices. Use this to your advantage and plan to boost your app just before the holidays for a massive wave of fresh users.

    #5. The new kids on the block are the most popular

    Before you release your app, ask yourself the question, “What problem does this app solve?” Why will users be attracted to it? There are plenty of strange viral app sensations out there. They end up topping the charts but do not frequently last. The apps with staying power are the ones addressing a need in the lives of their users.

    When people say, “I wish there was an app for that” and a search reveals your app, this generates excitement. Further, everyone loves being “the first” to know about a cool new product so they can tell their friends and colleagues about it. This can only help your user base grow.”

    What do you think is the best way to make your app stand out in an app store sea of applications? Share your thoughts in the comments section.

    Categories: Companies

    Testing Database Migration: Black Box or White Box?

    Software Testing Magazine - Mon, 03/31/2014 - 16:13
    Creating an effective data migration testing strategy is critical to reducing risk and delivering a successful migration. This article offers thoughts and recommendations on how to create a more consistent data migration testing methodology using either a black box or a white box approach. Author: Alexei Porodzinsky, A1QA, http://www.a1qa.com/ Data migration is a process that involves the migration of data from an existing database to a new one. Whenever an organization decides to upgrade or change its database, it will need to transport the existing data to the new database. The scope of ...
    Categories: Communities

    Mobile app usage is on the rise in businesses, creating demand for better software security

    Kloctalk - Klocwork - Mon, 03/31/2014 - 16:00

    People have been talking about mobile technology's rise in the enterprise for years, but phenomena like bring-your-own-device programs are finally moving beyond the realm of trends into widespread, rapid adoption. A recent study from Good Technology found that the number of people globally who use their own smartphones in the workplace is expected to grow by nearly a third in the year ahead, from 132 million people currently to 174 million by the end of the year. With that rise, the number of business app installations is skyrocketing as well. But mobile apps still face substantial software security hurdles, creating an opening for developers who are willing to take the extra steps to build secure apps.

    According to the Good Technology study, the number of workers bringing their own smartphones to their jobs will reach 328 million by 2017. More telling for developers, though, is that growth rate for enterprise app activations is accelerating. Activations were up 54 percent in the final quarter of 2013, an increase from the 42 percent growth rate in the previous quarter. Document editing accounts for the most popular business function for enterprise apps, but cloud storage and business intelligence programs are also seeing an increase. Another trend is that companies are investing in internal app development.

    "What we get most excited about are the kinds of applications enterprises are building themselves," Good Technology CEO Christy Wyatt told Re/code. "We saw even more aggressive growth in Q4."

    Securing the enterprise app
    With application adoption growing and companies investing more in internal development, some questions still remain, however. Notably, mobile software security is becoming an increasingly prominent concern. A 2013 Sophos report found that Android has surpassed Windows as hackers' most targeted platform, a recent eWEEK feature noted.

    "If the hackers are moving to mobile, both Android and iOS users should be scared – very scared," eWEEK contributor Don Reisinger wrote.

    More business users in the mobile space could accelerate that trend even more, but the targets are already out there in many cases. A recent survey from security firm MetaIntell found that 92 percent of the top 500 Android apps contain either a security or privacy risk, eWEEK noted. And iOS users aren't immune either.

    At the same time, developers have tools at their disposal to improve software security for mobile apps. Using static analysis software and peer code review as part of a secure development lifecycle, programmers can build more secure features into their apps. With open source scanning, organizations can identify software being brought in that may contain potential risks. With enterprise mobile adoption increasing at such a rapid rate, there is clearly a growing market for solutions that corporate IT departments can feel safe whitelisting. If the accelerating growth in workplace app installation is any indication, app security will be a topic raised in a widening array of businesses. App developers would be wise to deploy the tools that can help them ensure they're on the right side of the security conversation.

    Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.

    Categories: Companies

    Knowledge Sharing

    Telerik Test Studio is all-in-one testing solution that makes software testing easy. SpiraTest is the most powerful and affordable test management solution on the market today