- Who Our Users Actually Are (2 Aug 2012): We often have an unrealistic mental image of our users, even though we are technology users ourselves. Society's norms of what a "technology user" looks like are flat-out wrong, and we need to get past them.
- Hero Culture or Crisis Culture? (6 Aug 2012): We often talk about avoiding a "hero culture", but I think this is a misnomer. The real problem is a culture that encourages a steady stream of crises, each of which requires heroic intervention to solve.
- Upgrade Your Wetware for Better Testing (9 Aug 2012): Testing is a thinking activity. I'm fascinated by how we can try to make our minds "think better" in order to become better testers.
- Learning by Osmosis (13 Aug 2012): Few of us get as many formal learning opportunities as we might like -- conferences, seminars, and so forth. If we pay attention to how we spend our time, we can try to take in a little learning and some new ideas every day.
- When Unencrypted USB Keys Go Missing (28 Aug 2012): Elections Ontario recently lost two unencrypted USB keys containing personal information on as many as four million electors. Good security policies alone won't prevent losses like this -- you also have to ensure they're actually followed.
In the last couple of months I've started a new writing gig with SQE -- the folks who publish Better Software magazine, run StickyMinds.com and TechWell, and have published several of my articles before.
They're calling it a curation gig. We'll be serving up frequent short pieces linking to other interesting opinions or resources from anywhere on the web. So far, I'm really liking this format -- not only do we get to highlight some of the most helpful and insightful things that are out there, it also gives us the chance to expand on them, put them in context, or compare different approaches to tackling a difficult problem.
At any rate, I hope you find these pieces useful and worthwhile! Here's a recap of mine for July 2012.
- Leaked Passwords and Better Security Practices (2 July 2012): Password security was in the news a great deal in June, with LinkedIn, eHarmony, and Last.fm all having their insecurely-stored password databases leaked onto the public internet. Here's a quick review of the very basics of secure password storage.
- The Independent Double-check (19 July 2012): Nobody is perfect. In my former job as an artillery soldier, the way we dealt with this was making sure every crucial thing was independently checked by at least two people. As testers, we need to do the same thing, even when someone with more authority than us insists the code is correct.
- Bug Chaining (31 July 2012): Bug chaining is an idea from the security world that hasn't gotten much traction in the wider QA/testing community yet. Assuming that all bugs are orthogonal to each other is a mistake -- sometimes two minors make a showstopper.
I admit, I'm not super-knowledgeable about security. I know some of the fundamentals, but not a great deal beyond that.
I don't get it. Where did we go wrong?
(PS. Firefox users: NoScript is your friend. =)