Pages

June 29, 2014

Some Random Facts About Passwords

In this post I've collected some facts and interesting resources about passwords.

1. https://howsecureismypassword.net - site that shows how long it would take a desktop PC to crack your password.

2. Can You Trust Your Browser With Your Passwords? - good article where author analyses how most popular browsers work with saved passwords. The most secure is FireFox, then Internet Explorer and the least secure is Chrome.

3. Password use by user type:

Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users

4. How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others. - in this post Shubham Shah describes how he managed to bypass it.
As for me, I tried to use 2FA system, but it was too inconvenient for me: if cookies are disabled or are deleted after closing the browser then you can't save the safe device, so every time you should get secret codes to mobile phone. I decided that this complexity is not worth it.

5. Is Pavlovian Password Management The Answer? - Lance James suggests a very simple and genius idea about protecting the passwords: the expiration of password should depend on its complexity. For example, if user creates a password that can be cracked in 3 days, the password should expire in 2 days. So if user doesn't want to change it too often he have to chose a complex one. And the whole beauty of this system is that it doesn't limit users, but trains them.

6. Google Glass Snoopers Can Steal Your Passcode With a Glance - how passwords (especially PIN codes) can be stolen offline using video cameras. The most shocking fact for me was that "a $700 Panasonic camcorder’s optical zoom was able to catch a PIN typed on a glare-obscured screen from 44 meters away".

7. Mikko Hyppönen and Sean Sullivan (from F-Secure) are talking about strong passwords:


8. Good TED talk about how users choose their passwords and what web site owners can do with it:

June 18, 2014

FF Add-On FoxReplace

Very nice add-on for FireFox - FoxReplace, which replaces text in web pages.

You can define a substitution list and apply it automatically or at your own discretion, or make individual substitutions. You can use this as a filter, or just for fun :)

My blog without add-on:

With add-on:

I work in international project and we have different applications in different languages. And I need to provide a support in this applications. I use this add-on to translate some basic texts (like menu items) before resources are translated by developers or in applications where I can not change the language. It speeds up my support and ability to find the right component in application with unknown language. You can also possibly use it in demo's: with this add-on your application doesn't need to support different languages, you can add translations just for demonstration.

And the whole beauty of this add-on is flexibility - you can configure different patterns for different domains, disable\enable some patterns and even export\import settings (which makes very easy to share them with colleges).

So, if you have an international application - it's good to know about existence of this add-on. Maybe it can help to speed up some of your tasks.

June 13, 2014

Secrets of a Buccaneer-Schoolar by James Marcus Bach


The complete title of the book is Secrets of a Buccaneer-Schoolar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success. The book is not about the testing or even software, but about self-education. However there are a lot of examples from testing area.


Shortly - I really-really liked it. First of all, as we all know, the author dropped high school - me too. So the philosophy about schools and universities is very familiar to me. I want to give this book to all people who make surprised face about that fact in my biography. In my case, I was very successful in middle school (graduated with honors) and people just don't understand why I don't want to get a paper about high education. Answer is actually very simple - because there isn't such profession as tester or even software engineer, there is only IT (which is much wider). So I want to go deeper, not wider. And this book proofs that this is a normal decision (sometimes I wasn't sure about how smart this decision was).


"Perhaps the secret to happiness is finding the games we love to play, instead of learning how to win a games we hate."

The book is full of very bright and simple statements, that I understand intuitively, but was never able to put them in words. So it sorts some thoughts and puts them in right places.


"Intelligence is just a tool. Love is the point."

Great metaphor: you should encourage your mind to wander - like keeping dog on a long leash:

The text itself is very simple, but it's full of weird words - I was looking for definitions in dictionary all the time. And this is actually quite fun, because all these strange words are understandable through context, so the meaning of text is not lost, but English is improved.

In this case I wanted to look up a word in dictionary from explanation itself (unfortunately you can't do that in Kindle)

Sometimes even dictionary didn't know the word. For example, unjammed:

So, I strongly recommend read this book to all testers (actually all people). It makes your mind wider and more open.

One more magic idea that I really liked - "the most wonderful thing I do in my entire life may happen in the next ten seconds."

June 7, 2014

Nordic Testing Days 2014 Day 3: Conference

The final 3rd day of Nordic Testing Days is over, so here is a post about it.

Software errors as the founding pillar of the modern society by Anto Veldre

Not bad for the keynote. Maybe presentation itself was not good enough, but there were some interesting ideas.
Phrase of the presentation - if you have geekness and know that there is a bug, then you find it... even if there isn't one.

Good Testers Are Often Lucky - Using Serendipity in Software Testing by Rikard Edgren


On the slides is testing potato
I liked it very-very much. I was thinking about this topic awhile by myself and was really interesting to hear other thoughts about it. Amazing how speaker found so specific and technical words for so abstract and theoretical stuff. And he has even suggested steps to increase serendipity.

How testing saves lives by Tarvo Raudvere

It was good overview of testing software that is connected with hardware (elevators). Not general and very specific.

Beautiful code - a good tester should explore the repository! by Valdo Purde and Terry London


In the slide tester is on the left
At the beginning speakers told some tips about good code (generally uncle Bob's philosophy about clean code), bu actually it was workshop where we were writing unit tests for java code. I know unit testing on this stage, so it was not useful for me.

Stepping Up to Leadership: Test Leadership Lessons from Harry Potter by Pete Walen

Very good talk - best of the day. Very inspiring and motivating. I wish it was at the beginning of the conference, not at the end.

The undeniable value in curiosity, collaboration and contribution by Iris Classon

Good talk for keynote, wish to hear more. Liked the idea, that opportunities of two people A and B makes A U B.

Nordic Testing Days team



See posts about other days:
Nordic Testing Days 2014 Day 1: Test Strategy - Next Level by Rikard Edgren
Nordic Testing Days 2014 Day 2: Conference

June 6, 2014

Nordic Testing Days 2014 Day 2: Conference

It is the end of second day of the Nordic Testing Days, so it's time to write a review about it.

First keynote was Testing in The Automation Age by Jevgeni Kabanov. I liked it - it was perfect talk for keynote genre and he sticks to the topic, what is rarity in conferences.
I liked thought that the only way to make other people worry about quality is to show them their failures and being sure that they are aware of them.

Founder of ZeroTurnaround talks about XRebel

New Adventures in Security Testing by Dan Billing
I liked very much. I'd say that this is the most useful track of this first day of conference. It gives very practical and concrete tips about how to getting your toes wet in the ocean of security testing.
It was surprise that speaker use Microsoft build in solutions as antivirus.

How we test a hundred projects every month by Raul Mäesalu
I didn't like it. It was too general and didn't give any interesting details.

Drawing To Learn by Ruud Cox
The first part about Picaso sketches and chair design was really good, but the whole talk was confusing: generally it's not bad, but it didn't fit the conference genre.
I liked phrase that Jame Hayon wanted to create a chair that is visually comfortable.

Testing Your Emotions - and how you can apply some personal leadership to keep them under control by Stephen Janaway
Like! Very charming speaker, uncommon topic, new perspectives - very descent talk.

The life of a pragmatic tester - the best of two worlds by Gitte Ottosen
Didn't like - too general, again.

And the final keynote - On Complete Testing by Matt Heusser & Pete Walen
Rather liked than not liked. It was sad that they didn't manage to plan the time, so they didn't properly covered and summarized the topic. But all things that they said were interesting.
Interesting idea: it's always possible that there are hidden boundaries in the source code that you are not aware about.


But unofficial part of the conference is what I liked the most.
For example, during the coffee breaks it was possible to see your name from other perspective:

These glasses are turning image from upside down
It is really hard to write your name in a way to see it properly in these glasses. At some point your brain just stuck and doesn't understand where you should move your hand - quite interesting experience. So this is my name IRINA written in these glasses:

I liked the cocktail made specially for Nordic Testing Days - critical fix, which is red and which you should drink as fast as possible. And barman did some crazy barman-stuff with bottles and glasses. Brilliant idea.

And of course the most important part of these events are people - in this part this conference is probably the best of all where I have been attended before.



See posts about other days:
Nordic Testing Days 2014 Day 1: Test Strategy - Next Level by Rikard Edgren
Nordic Testing Days 2014 Day 3: Conference

June 5, 2014

Nordic Testing Days 2014 Day 1: Test Strategy - Next Level by Rikard Edgren

Today was the first day of Nordic Testing Days conference - the day of tutorials. I participated in Test Strategy - Next Level by Rikard Edgren.


Talking about the conference itself - it's better than I expected: I like pen with stylus, I really like notebook with track and workshop descriptions in it, I like printed slides of tutorial.

Talking about Test Strategy tutorial - well, it's too general and I expected the higher level (I can't say that it is really next level).

I can't say that I learned something new, but at least it's useful (and nice) to formulate some knowledge that in some way I have already knew but didn't know how to put them in words. Rikard Edgren talks beautifully about complex stuff. And of course such kind of talks are very inspiring and give a lot of motivation for developing.

Some resources that need to be investigated:

Some interesting key words:
  • barnum statement - statement that is too general, that you can apply it to anybody (for example horoscope)
  • your strategy (or plan) should be detailed, which allows you to have a reasonable discussion before testing, not after
  • if you know a lot it is easy to decide how to test
  • thinking - is one good goal for itself
  • we can add small words to simulate our thinking (for example so)
  • problems that were difficult 4 years ago are probably still difficult
  • if tester's information isn't used - it's useless
  • if we can't get some information (we can't talk to some stakeholder), then our testing isn't good and we can't trust our decisions
  • if you have a web store - you should be afraid of Christmas
  • your arm can hurt if you use software all day and it doesn't have hot keys
  • if you can't thing 3 ways that could get wrong - you didn't thought about the problem very well
  • test strategy is probably the most difficult area in all testing process
  • you shouldn't chose automation vs manual before testing - the need comes up by itself
  • testers are not the only people who are doing testing, so communicate to avoid double work
  • if someone doesn't read your test report, then problem is probably in test strategy: people doesn't know what and why did you do, so they aren't interesting in results

Idea that I'll try to implement in my project:
  • Checklist of things that you could thing about while testing. I thought about it awhile, but this tutorial gave me a motivation to actually create it.


One more interesting detail: Rikard Edgren was taking about test strategy biases and one of the biases was focusing illusion - when some problem gets more important when you thing about it. And while he was talking about this bias he creates this focusing illusion because at that moment I thought that it is the most important bias of all 6. Bias about bias.


See posts about other days:
Nordic Testing Days 2014 Day 2: Conference
Nordic Testing Days 2014 Day 3: Conference