Friday, 16 December 2011

Security should be everyone’s responsibility

There are two main enemies to security: convenience, and inconvenience. Better public education of the risks would make things safer.

"But I only wanted to check my Facebook."
(Photo: 48states, Wikipedia)

Security testing is a very specialised branch of software testing. Unlike most branches of software testing, where you’re simply trying to iron out things that go wrong by mistake, in security testing you’re fighting people trying to make things go wrong on purpose. It requires a lot of responsibility on the part of the testers and a lot of trust on the part of the clients – indeed, there are suspicions this gets abused – and consequently, many software testers won’t put themselves forward for security testing. Nevertheless, most testers will highlight security concerns as and when they notice them, and therefore take an interest in whichever high-profile security breach is in the news this week. Which brings me nicely on to of Hackgate.

Now, in case you lost track of the plot somewhere around episode 4,605 of the Leveson Inquiry, one of the latest developments is a claim that hacking extended to e-mails. At the moment, unlike phone hacking, this has not yet been proven or admitted to. But, quite frankly, it would come as no surprise if this turns out to be true. Like voicemails, the security surrounding personal e-mails has been notoriously lax, and practically an open invitation for hackers to pry into private matters.

Wednesday, 16 November 2011

How to win attention and annoy people

Search Engine Optimisation is big business in IT. It’s just a pity it’s become so intrusive.

It used to be this simple
(Photo from

Can I have your attention please? I apologise in advance, but I am about to abuse my position as a software tester. No, I’m not going to sell confidential client information to Russian spies or anything like that, but I am nonetheless going to misuse this blog to further my personal interests outside of my job. All right. Are you ready? Let’s do a countdown and get this over with. 5 … 4 … 3 … 2 … 1 …

Actually, you needn’t click there if you don’t want to. I’m not too fussed either way. For those who didn’t bother clicking, that was a link to my web site on play writing, which is what I do in my alternate life. I don’t care too much whether you view it – seriously, there can’t be that many people with interests in both software testing and theatre in the vicinity of Durham – but that’s not the purpose of the link. The purpose of the link is for Google and other search engines to know it’s there. Because the more links Google finds to your page, the higher it gets up the page rankings.

Thursday, 10 November 2011

The Ghost of Vistas Past

Damage to consumer confidence can haunt you for a very long time. Windows Vista is the classic case.

In case you’ve been locked up in a wardrobe for the last two months, Windows 8 is on the way. At the launch a few weeks ago, they demonstrated how the next version of their operating system is designed to work in tablets. The fact that Microsoft is focusing on tablets is interesting, because it shows how high the stakes are. For over a decade, bar a few niche markets (Macs for high-end users and graphic designers, Linux for the tech-savvy), Microsoft has been the undisputed king of Desktop PCs, and none of Microsoft’s competitors are anywhere near taking their crown.

The problem is: they don’t have to. The computing market is moving on. Many things that used to be done on a Windows XP machine can now be done on a smartphone or a tablet, and consequently, many Desktop PC users are switching to these devices. And so far, both tablet and smartphones are dominated by Apple and Android. The nightmare scenario is that Android makes the leap from tablet PCs to the desktop and undercuts Microsoft’s safest market. Little wonder Microsoft wants Windows 8 established on touchscreen computers so badly.

Friday, 14 October 2011

All hail the Ocelot

Linux and open source software isn’t for everyone. But it’s a good way to learn how software is developed and tested.

As well as preying on rodents and resting in trees, ocelots are surprisingly skilled in optimising recently-overhauled desktop environments.
(Photo: Danleo, Wikimedia Commons)

Yesterday (October 13th) was an exciting day for many reasons. It marked the first anniversary of the completion of the rescues of the 33 Chilean miners. Classic 80s movies fans saw the return of Ghostbusters to the big screen. It was also the day to celebrate 65 years since the adoption of the constitution of the French Fourth Republic. All of these fascinating events, however, paled into insignificance against the most eagerly anticipated event of all, which is the release of Ubuntu 11.10, codenamed Oneiric Ocelot.

For those of you who don’t know what's so Oneiric about an Ocelot, I should explain what all the excitement is about. Ubuntu is a Linux-based operating system, which works as an alternative to Windows, and this is their latest six-monthly upgrade. (If you want to know why you’d choose to name an operating system after a South American wildcat, this page should explain.) Like most Linux distributions, it’s free – and not just free to use (like Adobe Flash Player or Microsoft Word Viewer is). It’s free for anyone to copy, modify and redistribute, as long as any derivative you produce is also free to modify. Only a small number of Linux users actually modify software this way, but the fact this is possible has a huge influence on how Linux is developed. Windows fans argue Linux is just a mish-mash of cobbled-together software written in backrooms, whilst Linux fans argue that the open collaborative way Linux is developed is actually better than Microsoft’s work behind closed doors. Anyway, the arguments could go on for years, but this is a blog about software testing – anyone who wants to continue on this subject can read why Windows is better than Linux or why Linux is better than Windows.

Thursday, 6 October 2011

Rest in peace, Steve Jobs

The first thing discussed at work today was, of course, the death of Steve Jobs, aged only 56. The news was not entirely unexpected - his retirement from apple earlier this year made many people suspect this day was coming - but few people expected this to happen so soon.

When you're a advocate of Microsoft/Apple/Linux, it's tempting to do nothing but pick faults with the two competitors. I have had a go at Apple for their patent lawsuits against Android smartphones. But that should not distract us from what Apple has achieved under his leadership. Technology is not just about creating something new - anyone, for instance, could have created a miniaturised computer capable of playing MP3 files - it's also about recognising what people want. There is no shortage of inventions out there that failed to take off simply because people saw no point in switching from what they were using before. But Steve Jobs had an extraordinary talent for identifying what will grab people's interest, how to sell these ideas to the public.

Friday, 23 September 2011

To automate or not to automate, that is the question

Test tools can be a valuable resource in software testing – but they are not a substitute for testers

The key fits beautifully and turns like a dream. But did you check if it locks the door?
(Photo: Alan Cleaver, Flickr)

There is a lot of talk and excitement over the use of test tools in software testing. A whole chapter of the ISEB foundation syllabus is devoted to it. Test tools range from small-scale open source applications to comprehensive commercial packages. A favourite selling point is how test tools eliminate human error. Some vendors promise you savings beyond your wildest dreams (one company even promises benefits within an hour of use). But a good tester needs an eye for what can go wrong in software, and software they’re using for testing is no exception. So: are these tools any good?

Obviously there are cases when you’d have to use a test tool (such testing a website to see if 10,000 people can log on at once, unless you happen to have 10,000 people at your disposal), and cases where you’d never use one (such as tester user-friendliness for IT novices). But there is a vast range of test tools out there covering every kind of activity you can imagine, so it would be impossible to cover them all in one blog entry. Instead, I’ll concentrate on Selenium IDE, which I’ve been using over the last few weeks. It’s an open-source extension to Firefox which allows you to automatically test websites; you can either automatically record yourself clicking through all the links and entering data into forms for replay later, or manually program the test yourself.

Monday, 12 September 2011

The great patent fight

Software patents are a menace to IT development. Instead of protecting innovation, they are being used to stifle it.

Names: Joseph-Michael and Jacques-Etienne Montgolfier
Invention: First manned hot air balloon
Patent infringed: Taking a wig to an altitude over 2,000 ft

Okay, I have relented: in spite of my disdain for updating your Facebook status every five minutes, I’m going to get a smartphone. I’ve therefore been looking for a suitable handset and my current preference is for a Samsung. I don’t have any strong preferences between brands – to me, a handset is a handset – but I do want to show my support for Samsung in their patent battle with Apple.

Since most of you won’t know what I’m talking about, it works as follows: Samsung has been banned from selling its Android tablet in Germany following legal action from Apple over patents it holds. Similar action in Holland has stopped the sales of three Samsung Android phones. However, in turn Apple is being sued by HTC for infringing patents that the latter company brought from Google. Meanwhile, Microsoft claims that Android phone violate its patents and consequently HTC pays royalties to Microsoft, whilst non-compliant Motorola is being sued in the US courts. But Microsoft have been successfully sued by Canadian firm i4i who claimed Word violates their patents. I could go on, but you get the idea.

Friday, 2 September 2011

How to spot a black swan

New research suggests one in six IT projects run three times over budget. Keeping expectations realistic might avoid this.

"Well, maybe it collided with a tin of paint"
(Photo: Jon Smith photography, Flickr)

A study that came out last week was about IT projects breaking their budgets (see this and this). According to the research, in a sample of 1,471 large-scale IT projects, they ran on average 27% over budget, but the headline-grabber was then observation that one in six projects go three times over budget. The researchers have named these projects “black swans”, and blames managers for failing to account for low-probability high-cost risks in big IT projects. To the more cynical IT professionals, this is nothing unexpected. It’s not hard for a software tester to witness at least one project like this – failing that, you don’t have to look far for the latest story about the notorious NHS IT system.

What was interesting, however, was the reference to the Black Swan theory. This phrase was originally coined by Lebanese-American essayist Nassim Nicholas Taleb. There’s a whole book about this, but the basic idea was that there was a time when it was believed all swans were white. No-one had ever seen a swan in any other colour, so no-one gave serious thought to this possibility. Then Dutch explorer William de Vlamingh went to Australia and discovered that some swans are black, fundamentally changing how people saw swans. And in hindsight, it was nonsensical to assume swans could never be that colour just because you hadn’t seen one before. Taleb used this analogy for all sorts of events: he suggested, amongst other things, the attack on the World Trade Center and the Credit Crunch could be considered “black swan events” – both unexpected at the time, both easy to rationalise now.