Posted on June 28, 2007 in Podcasts, Quality by adamNo Comments »

In a mailing list (not sure which) this week someone mentioned that they use ‘distraction’ as a test method sometimes. The theory is that when IT folks are installing their product they are not sitting alone in a corner doing it, but are instead being distracted by the rest of their other work. Seems like a pretty good theory. I accidently applying it to this week’s Technometria with Robert Glushko runs the Center for Document Engineering at UCB as the guest. Here are the choice bits that floated to the top.

  • Document engineering these days is about designing the payload of web services
  • Interoperability in the context of documents is understand a document the way I intended it to be understood
  • Different classes of web service (p2p, p2b, b2b, b2p) require different types of documents
  • Need to undertand and communicate design patterns for documents

Not a lot, but I had not given much thought in how I build (engineer) the documents I create. They tend instead to be organic and grow limbs as I need them to. If you work somewhere where you (individually, or as an organization) are creating new document structures, there is apparently a wealth of information available on this topic. Starting of course with Robert’s book

You can listen to it yourself over here

Posted on June 22, 2007 in Podcasts, Quality by adamNo Comments »

Andrew Keen is making the rounds promoting his new book The Cult of the Amateur whose main treatise appears to be ‘Traditional Media Good, Web 2.0 Bad.’ Regardless of how you react to that statement, he does make a couple noteworthy statements.

  • Web 1.0 was an attempt by established media companies to use the internet as a distribution method. Web 2.0 is an attempt to make new companies based around user generated content
  • The biggest problem with Web 2.0 is the associated culture of anonymity; in the anyone can claim to be anything, in the issue death threats with impunity as that is a police matter
  • Believes there is rampant media illiteracy; that is we as consumers of user generated content do not know how to see through the agenda and conflicts of interest of the various authors and that a lot of what is put on the internet is taken as gospel. Is wikipedia gospel? I know my daughter thinks so, so perhaps there is something to this argument but I don’t think it is as bad as he makes it sound — but then again, having a wishy-washy stance on something is not going to make an interesting book.
  • Why Traditional Media is better than new media
    • They reveal their sources (sometimes begrudgingly)
    • They have a rich history from which to gain understanding of their biases and positions. For example, I won’t touch Now or Eye because I know their political leanings and I think it ruins the paper
  • There used to be a clear distinction between content and advertising, but that is not so clear anymore. His position is that bloggers can’t survive on blogging along so they need to take external money to pay for things like their mortgage. And who has the money? The advertisers of course. Also, the top YouTube videos are often commercially created, not user created.
  • It appears that Kevin Kelly is his intellectual nemesis (he mentions this interview)

You can listen to the podcast here.

Posted on June 21, 2007 in Podcasts, Quality by adamNo Comments »

Sara Ulius-Sabel is Metrics Manager for Whirlpool spoke at Managing Expectations Week about their use of metrics in driving user design that is Useful, Usable and Desirable. Unfortunately when asked about the specific metrics they use she threw out the classic of ‘it’s proprietary, but they are user facing.’ That’s great, but it doesn’t help me at all. Anyhow, here are my notes.

  • Do you compete with yourself? If so, what is the differentiator between brands?
  • Is the mix of Usefulness, Usability and Desirability proportionate? Does it have to me?
  • The way we have been doing things is not necessarily creating the right thing. Do we even know what the user wants? Does the user?
  • More features does not equal better, sometimes the opposite is true
  • When a person/group in the organization wants to add something to the design, ask them why
  • Think holistically about how your product is going to be used
  • Don’t fake knowledge; go to the people who actually have it
  • Good design should be intuitive to the user. Unnoticed in fact until explicitly pointed to it
  • Features and Aesthetics contribute to the desirability
  • Desirability is a moving target and constantly changes. Can you react?
  • You don’t have to be the same thing to all people, but you have to be the right thing for your people
  • Can you tell a story / user history about your customer?
  • Use metrics to answer the question ‘here is where we are now, where do we want to be?’ The answer will drive the decision making process

Listen to it yourself here. Other speakers from the same event have been recorded here.

Posted on May 24, 2007 in Podcasts, Quality by adamNo Comments »

I’ve subscribed to IT Conversations as another source of useful background noise (see all my video posts for the most obvious example). Today they sent Feeding the Game: Online Game Security Issues which is an interview with Deb Radcliff who is Vice President of Publishing at The Security Consortium. I know a bunch of WoW addicts and it mentions Security in the title so I gave it a whirl.

  • Gary McGraw has a Short Cut called Cheating Online Games which could be considered a teaser trailer for his next book, Exploiting Online Games
  • How do I get a job playing WoW all day farming gear for various grey-market organizations? Apparently there are gaming sweat shops in Asia that do just this. Not surprising since you hear of these sorts of things in the context of click-fraud
  • Stealing whole accounts is apparently big business. I suspect the loss here is more emotional and time-spent than real monetary loss for people affected. Here is an example… Back in the day (13 years ago maybe?) I nursed a pretty big MUD habit (think, text-based MMRPG). Anyways, there was a class of characters who were vampires and of course, you know that if you stake a vampire they are dead dead. Well… one night I was feeling particularily dastardly and long story short, staked a very senior player who had spent a TONNE of time building up his character. *POOF* All his gear lost, hundreds of hours of leveling, gone. He was (rightfully) annoyed, but more at the time he had invested than anything else. Going out on a limb, I would say the same is true for today’s generation of gamers.
  • Keystroke loggers appear to be the favorite tool of the bad guys. That and misconfigured webservers such as the one at Guild Portal which has over 1.5 million users. By exploiting the ANI bug they insalled them all over the place. The Super Bowl’s website was also hacked to install key loggers looking specifically for WoW passwords
  • So what does this mean for the enterprise? Well, passwords are reused something like 45% of the time. So if I have your WoW password, do I also have your EQ one, your bank one, your VPN one? Also, a lot of the games these days have monitoring systems you have to install to see if you have any sort of cheat software running. But what if you have a work spreadsheet also open? Is it capturing that too? And sending it to Blizzard?
  • If gear which can be earned in the virtual word can be sold for real cash, how long until this million node bot nets start being employed to play WoW?
  • In the interview, Deb says that you should not use IE, but should instead use FireFox. Generally safe advice, but she said it in the context of the ANI bug. As mentioned in yesterday’s post the ANI bug affected FF as well because they use a common Windows dll for that bit of functionality.
  • Should this be something corporate risk managers be thinking about? Maybe. More than likely actually.
  • At the end they detour a bit and talk about how the kiosks at airports likely have keyloggers. One solution they mention is that they should all be using something like readonly, non-state-saving virtual sessions. Sounds like a decent idea, heck, we had a similar system in place at college 10 years ago to avoid this same thing.
Posted on May 20, 2007 in Podcasts, Quality by adamNo Comments »

I was doing a monthly browse of my laptop’s disk and found a couple podcasts from the IEEE‘s Spectrum Radio. Here are the things that I found interesting from them.

FBI’s Virtual Case File

  • Is the education system somewhat to blame for enterprise software project failures as students are not necessaily prepared for creating large systems which much interact with other large systems
  • Politics is bad for software projects
  • External events will happen. Sometimes you can plan for them, sometimes a major event appears out of nowhere are adds a previously unidentified risk to the list. Think, the World Trade Center attacks
  • Changing a product’s purpose without changing it’s design is asking for trouble
  • Hard problems are hard to solve. For instance, keeping things secret (again, the context is the FBI here) but making them available to other agencies
  • “A program whose behavior has not been specified cannot be buggy, only surprising.” I can’t find the origin of this quote; but didn’t look too hard…
  • There needs to be realism about the state of the project, and do not (intentionally or otherwise) ignore warnings about said state
  • Flip-the-swith deployments are a very bad idea. Run systems in parallel for a while until the hickups are worked out
  • Be reasonable about the experience of your team and don’t try to swallow something too big
  • CMM/CMMi ratings gives clients a warm-and-fuzzy feeling, but do not imply that your project will be implemented correctly
  • Evolutionary design is good, but even that taken to an extreme is bad
  • Processes degrade over time and it itakes effort to maintain them
  • Are you building a system, or a system of systems
  • Why Software Fails — an article by one of the panel
  • CMMi is an organizational view, not a project view
  • Lines of code in a project scales linearly, but complexity scales exponentially
  • The definition of ‘large scale’ is getting larger
  • We know how to do software well, but it is expensive; so we only do it when it really, really matters. Examples: avionics and nuclear plant systems
  • You cannot build security into a project as an afterthought
  • Even the most secure piece of software can be rendered insecure if the operations people deploy it incorrectly
  • We write software that is dependent on systems administrators, and them being good at their jobs. Software should be admin-free
  • The purpose of a requirements document is to force you to figure out what it is that you actually want
  • The use of ‘etc’ in a requirements document should be a big honkin’ red flag that the customer does not know what they want
  • Projects rarely have clearly defined definitions of what ‘success’ and ‘failure’ looks like so they stumble along long after the point of no-chance-of-success
  • Geek Cook

    • Cooking for Engineers
    • The site often gets a high ranking in search engines which makes me wonder whether it is because it is a valuable hit, or if it is because it has a more geek audience than not, and those are the people who are more likely to have a web presence thus influencing the page rank algorithm. I’m always interested in search rankings because I am forever stuck at around 3 or 4 because of an olympic runner with the same name.
    • Recipies include the mass of ingredients — how geek is that?
    • Even if you are making money from your hobby, be careful about making it your sole source of income as you could end up hating your hobby
    • Green Roofs

    • In order to measure something, you have to be able to quantify it first. So how you measure the non-quantifiable things like asthetic appeal?
    • Some places have metered storm water. Okay, this is a stretch for testing, but change ‘storm water’ for ‘web access’
    • As with everything, there is a debate: Cool roof vs. Green roof — Personally I want a south facing roof covered in solar panels…
    • LEED is a set of standards for energy conservation and environmental design. I’m sure there is software to run some of the things that are needed for this.

    Wind Turbines

    • Skystream 3.7
    • Needs the grid to operate so if there is a blackout you are out of power even though you are generating power. Don’t understand that, but I’m guessing this is a safety thing
Posted on May 10, 2006 in Podcasts by adamNo Comments »

One of the the best keynotes I have heard was at a telecom conference when I was in college. The speaker was Captain James A Lovell who commander of the Apollo 13 mission. After retiring from NASA, he ran a phone company which is why he was invited to speak. Of course, he didn’t mention phones except during his introduction. The entire hour was about space, and orbiting the earth etc.. Fantastic talk.

Where is this going? Well, today Guy Kawasaki posted a blog entry with an MP3 of a keynote Jim Whittaker gave at a conference Mr. Kawasaki’s company sponsered. Mr. Wittaker is most known for being the first American to summit Everest, as well as being the first American to summit K2.

While not specifically Process or Quality related, some of the stuff could be applied to Testing. It’s a good listen irregardless. And as usual I took notes.

Posted on May 8, 2006 in Podcasts, Quality by adamNo Comments »

I stumbled across RedMonk Radio – episode 6 (via Sandy Kemsley) last week in which they talk a bit about Testing in the realm of SOA. The inspiration for the topic came from a company called Green Hat Consulting which has a product called GH Tester (Wow! Original name or what) who is not a client, but did brief them.

Posted on March 16, 2006 in Podcasts, Quality by adamNo Comments »

Rather than load up upon first arriving in the office today, I listened to to a podcast with Gary McGraw who appears to be making the rounds to plug his new book.

Here are my take-aways:

  • Most security people come from networking background, not software ones. This gives the bad guys who are attacking your software an unfair advantage as they are software people.
  • Software people, through a lack of education, often think that security is a feature that can be added in, but security does not occur from ‘magic crypto fairy dust’
  • Automated code analysis tools find bugs not flaws. People are the only things that can find those
  • Seven ways to make software more secure (this list I believe makes up the book he is flogging)
    1. Good code reviews; both automated and manual
    2. Perform architectural risk analysis
    3. Do software penetration testing
    4. White-box risk based security testing
    5. Abuse cases. If a developer says “A user won’t ever do it”, do it. Then giggle evilly
    6. Have explicit security requirements for your application
    7. Operational security. This is where the network security people and the software security people put everything together.
« Previous Page