tag:dreamwidth.org,2010-05-25:518129 Testing, hacking, and Open Source Rick Scott 2012-09-06T18:53:37Z tag:dreamwidth.org,2010-05-25:518129:8370 2012-09-06T18:52:17Z 2012-09-06T18:53:37Z public 0 <ul> <li> <a href="http://www.stickyminds.com/s.asp?F=S17548_ART_2">Who Our Users Actually Are</a> (2 Aug 2012): We often have an unrealistic mental image of our users, even though we are technology users ourselves. Society's norms of what a "technology user" looks like are flat-out wrong, and we need to get past them. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17553_ART_2">Hero Culture or Crisis Culture?</a> (6 Aug 2012): We often talk about avoiding a "hero culture", but I think this is a misnomer. The real problem is a culture that encourages a steady stream of crises, each of which requires heroic intervention to solve. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17560_ART_2">Upgrade Your Wetware for Better Testing</a> (9 Aug 2012): Testing is a thinking activity. I'm fascinated by how we can try to make our minds "think better" in order to become better testers. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17567_ART_2">Learning by Osmosis</a> (13 Aug 2012): Few of us get as many formal learning opportunities as we might like -- conferences, seminars, and so forth. If we pay attention to how we spend our time, we can try to take in a little learning and some new ideas every day. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17606_ART_2">When Unencrypted USB Keys Go Missing</a> (28 Aug 2012): Elections Ontario recently lost two unencrypted USB keys containing personal information on as many as <em>four million</em> electors. Good security policies alone won't prevent losses like this -- you also have to ensure they're actually followed. </li> </ul><br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=rickscott&ditemid=8370" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments tag:dreamwidth.org,2010-05-25:518129:8073 2012-08-27T13:33:07Z 2012-08-27T13:37:00Z public 0 <p> In the last couple of months I've started a new writing gig with <a href="http://www.sqe.com/">SQE</a> -- the folks who publish <em>Better Software</em> magazine, run <a href="http://stickyminds.com">StickyMinds.com</a> and <a href="http://techwell.com">TechWell</a>, and have published <a href="http://rickscott.dreamwidth.org/tag/stickyminds">several of my articles</a> before. </p> <p> They're calling it a <em>curation</em> gig. We'll be serving up frequent short pieces linking to other interesting opinions or resources from anywhere on the web. So far, I'm really liking this format -- not only do we get to highlight some of the most helpful and insightful things that are out there, it also gives us the chance to expand on them, put them in context, or compare different approaches to tackling a difficult problem. </p> <p> At any rate, I hope you find these pieces useful and worthwhile! Here's a recap of mine for July 2012. </p> <ul> <li> <a href="http://www.stickyminds.com/s.asp?F=S17500_ART_2">Leaked Passwords and Better Security Practices</a> (2 July 2012): Password security was in the news a great deal in June, with LinkedIn, eHarmony, and Last.fm all having their insecurely-stored password databases leaked onto the public internet. Here's a quick review of the very basics of secure password storage. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17525_ART_2">The Independent Double-check</a> (19 July 2012): Nobody is perfect. In my former job as an artillery soldier, the way we dealt with this was making sure every crucial thing was independently checked by at least two people. As testers, we need to do the same thing, even when someone with more authority than us insists the code is correct. </li> <li> <a href="http://www.stickyminds.com/s.asp?F=S17542_ART_2">Bug Chaining</a> (31 July 2012): Bug chaining is an idea from the security world that hasn't gotten much traction in the wider QA/testing community yet. Assuming that all bugs are orthogonal to each other is a mistake -- sometimes two minors make a showstopper. </li> </ul><br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=rickscott&ditemid=8073" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments tag:dreamwidth.org,2010-05-25:518129:1512 2010-05-25T17:02:43Z 2010-05-25T17:02:43Z public 0 <p>I admit, I'm not super-knowledgeable about security. I know some of the fundamentals, but not a great deal beyond that.</p> <p>Still, in my early days on the 'net I got the distinct impression that <strong>allowing random people to execute arbitrary code on your computer is bad</strong>. I mean, that's somebody else using your computer to do stuff without your knowledge or consent, right? That's why attacks like this really, really make me shake my head (NSFW, offensive, <em>turn off javascript before following</em>):</p> <pre>hxxp://encyclopediadramatica.com/Firefox_XPS_IRC_Attack </pre> <p>Despite all this, somehow today's ordinary browsing experience consists of downloading pages full of arbitrary javascript written by any random person who controls a website, then blithely running them on your machine.</p> <p>I don't get it. Where did we go wrong?</p> <p>(PS. Firefox users: <a href="http://noscript.net/">NoScript</a> is your friend. =)</p><br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=rickscott&ditemid=1512" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments