Software Testing Blog

Before I get into the story of this fascinating bug, I wanted to take a moment to introduce you to T.W.I.T. We liked the “bug-iversary” concept so much here at uTest that we decided to make it a recurring column, called T.W.I.T. or This Week In Testing (also noting the happy coincidence that the word “twit” is synonymous with “fool” and “dope,” words that characterize many of these bug follies ).

But I digress! So, this week in testing brings us an interesting heart device bug discovered March 12, 2008.

A team of computer security researchers were able to gain wireless access to a combination heart defibrillator and pacemaker. According to the New York Times,

[The researchers] were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal. The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio embedded in the implant as a way to let doctors monitor and adjust it without surgery.

Read the full report here.

The researchers also made it clear that there’s no imminent need to be afraid of heart hackers for the following reasons: the experiment was worth $30,000 of lab equipment; it included specialists from the University of Washington & the University of Mass; the heart device was placed two inches from the test gear; and no security breach (in millions of implants worldwide) has ever been reported.

While risks are currently low, is too little attention being paid to security in the growing number of medical implants with wireless capabilities? Have you heard about any updates regarding this debate?

For most who read a software testing blog, web access is a given — it’s always on, always up, usually fast, and even available on-the-go (as long as you remember to bring your Nexus One, Curve, iPhone, etc).

But not too long ago, the web was still in early adopter mode.  It was available (maybe) after you fired up that block you called a desktop computer; and after you endured the sound of your dial-up connection; and only if you exhibited zen-like patience with pop-ups and page load times.

Why am I taking this trip down memory lane?  Well, it could be because I saw the extended trailer for Hot Tub Time Machine (destined to be a classic, but NSFW).  More likely, however, is the fact that yesterday I read a couple of interesting pieces from Mashable & the BBC — about the global adoption of the Internet in the past decade, and the provocative question of whether or not web access is an inalienable human right in this day and age.  Both are worth checking out, if for no other reason than to make us appreciate what we have.

And since we have a global community of software testers, I’m extremely interested to hear what the software-savvy readers from every corner of the globe have to say about this very cool interactive map from the BBC.  Does this fit with your experience in your home countries?  What do you think this chart looks like in 2012?  2020?  Share your thoughts in the comments.

Now if you’ll excuse me, I have to go complain to the barista that the wi-fi in this Starbucks is taking way too long to download songs from iTunes and ripped files from BitTorrent, while I watch 30 Rock on Hulu.

Well, today he’s sticking close to home in Boston. Tomorrow he’ll land in London… and before the week is out, he’ll hit Tel Aviv.

Doron starts Wednesday morning off (after his usual 10-mile run, of course!) in London with some tea and networking with friend and colleague, James Whittaker and UK partner, TCL.

Then he’s off to QCon London, an excellent conference for the enterprise software community. On Friday, 3/12 @ 2pm, he’ll be presenting at QCon re: The Mobile App Quality Challenge & How Crowdsourcing Can Help.

Doron is one of five software testing leaders chosen to present in the “How Do You Test That?” track. This track explores unique solutions created to address situations in which automated testing does not suffice.

And on the last leg of his marathon journey, Doron will present at Garage Geeks in Israel on Monday, 3/15 @ 8pm. There, Doron will be taking a deep dive into the topic of Crowdsourcing, and how smart recruiting, training and incentives can turn an unstructured, loosely assembled mob into a unified, professional community.

So, where in the world is Doron this week?  Catch him if you can!

Developers have long awaited the death of Internet Explorer 6; web heavyweight like Google, Facebook, Reddit, Justin.tv and Digg have all announced the expiration date for their support of IE6; Microsoft has been steering users away from IE6 for more than a year.  And last week, a funeral was held for the outdated browser which was two parts wake and one part wish.  Even Microsoft joined in the fun, sending a card to the festivities services.

So what will it take to kill the undead browser once and for all?  Well, it’s worth noting — and shocking — that IE6 still drives nearly 20 percent of all web access from beyond the grave.

How is this possible?  What outdated luddite segment of web users is still stuck in 2001?  Well, the prime culprit is large enterprises like Intel who bemoan the cost and complexity of upgrading thousands of employees and legacy apps that were built specifically for IE6.  So while the web citizenry has moved on and is ready to pull the plug, developers (and testers), IE6 will continue to be part of the web app testing matrix for much longer than any of us would like to believe.

Just to further illustrate the insanity of IE6’s continued survival, here are a few other things that were going on in 2001:

Read more…

When it comes to software development and programming, few people have been read, linked to, tweeted, quoted or plagiarized more than Joel Spolsky (@spolsky). But despite his adoring fans, the widely known blogger and entrepreneur has decided to give up the former (his wildly popular blog) to focus on the latter (his growing business).

Joel’s final farewell – Let’s Take This Offline – appeared on Inc.com a few days ago, where he discussed the fallacy of blogging as business strategy, time commitment and the common mistakes of most company blogs. Of course, he also addressed his reasons for “retiring”:

So, having become an Internet celebrity in the narrow, niche world of programming, I’ve decided that it’s time to retire from blogging. March 17, the 10th anniversary of Joel on Software, will mark my last major post. This also will be my last column for Inc. For the most part, I will also quit podcasting and public speaking. Twitter? “Awful, evil, must die, CB radio, sorry with only 140 chars I can’t tell you why.”

Read more…

Self improvement is a lousy business model. Mobile app developers understand this better than most. For every app to help you lose weight or improve your IQ, there are basically 10x as many to help you drink more, find your nearest trans-fat vendor or change the channel without standing up to get the remote. What a world we live in!

But if sloth and gluttony aren’t your thing, you can rest easy knowing that your vices have also been covered. And so to illustrate, I’ve posted an app for each of the seven sins.

Gluttony: “Happy Hours, is a free application for the  iPhone,  Android, and the mobile web. With it, you get access to some 15,000 happy hours in 30 different cities around the country. You simply load the app up, tell it where you are (which it can know automatically on the iPhone and Android phones), and let it show you happy hours close by.” (from the washingtonpost.com)

Lust: Girl Zoomer – “This application turns your iPhone camera into a pair of binoculars with 4x zoom, so you can see “the details that other people can only furtively glance at.” (from reuters.com)

Read more…

We usually like to keep things pretty light around here.  But this post is a public service announcement of the most urgent nature.  I don’t want to alarm anyone, and I’m not prone to exaggeration, but clearly software apps are rising up for the coming war against the humans.

First it was our cars (and then more cars); then it was unmanned aircraft.  But now, it’s gotten serious – because now the software uprising of 2010 is messing with our games.

Nick Saint (@ncsaint) over at Business Insider describes just how bad things have gotten in this latest battle between man and machine:

Owners of older models of Sony’s PS3 have been afflicted by a bug in the system’s internal clock. Unless you have a PS3 Slim, leave your machine off until word comes down that the bug has been fixed, or risk permanently losing data.

What’s next — our Foreman grills?  Our laser pointers?  Our lava lamps?  So consider this a call-to-arms for all who develop and test software.  The war is on.  And lately, the software (and its well-hidden bugs) are winning.  Izzy Mandelbaum was right:  It’s go time here, people!

These days, it’s hard not to know about Lady Gaga (and if you don’t know her, here’s her latest music video to get you started).  She’s become one of the hottest pop acts in the world, all by combining music, fashion, and a little bit of “Andy” (either Warhol or Kaufman – take your pick).  So what does this have to do with software?  Well get this: an astonishing 89% of the people who create an account on LadyGaga.com choose to do so using third party authentication from Facebook, Twitter, or Myspace.

Just think about that for a second.  That means that nearly 9 out of 10 people creating special purpose web accounts are doing so using their social networking platforms (skipping all those annoying new account questions like password, age, location, and favorite pet in the process).

This is huge, and it represents a big shift in the way people are going to interact with your website in the future.  If 89% of users are doing this on a mass market website like LadyGaga.com, then I guarantee they’re going to be doing it on other sites as well.  So what does this mean?

Read more…

SCMagazine reported this week that researchers in Malta have discovered a decade-old vulnerability, present in all versions of Windows since 2000.  This bug can cause PCs to crash instantaneously and without warning, as well as reeling the compromised machine into a distributed denial-of-service (DDoS) attack.  This exploit is only dangerous if the user is duped into running an app with the malicious code (according to Paul Gafa, CTO of 2X Software).

The bug was discovered while Gafa was writing a software testing app:

“You can be the least privileged user on the system and still crash it,” Gafa said. “I believe it is very easy for Microsoft to sort it out. They just need to validate arguments passed to Windows APIs.” (source: SC Magazine)

Microsoft is currently aware of the defect and responded with this insight:

“Our initial assessment of the report is that malicious code would have to already be running or a user would have to be able to run a specially crafted application to cause the system to crash. In either case, the system has already been compromised or the user has rights to logon to the system.”

I’m curious to hear if anyone has other stories of old bugs causing new problems or vulnerabilities?

Retired NASA Astronaut Mike Mullane* (pictured left) said it best when he asked: “Why is there never time to do it right, but always time to do it over?” He could have easily been talking about the recent problems Toyota has been dealing with, but he wasn’t. He was talking about today’s software companies.

Conversely, this recent article from The Economist could just as well be about today’s software companies, but it isn’t. It is about Toyota’s recent problems.

Like everyone else, the author wants to know how the auto giant could so quickly lose its reputation for safety and quality (things that can happen to ANY company if they are not careful). The culprit? You guessed it: software bugs.

Instead (of trying to keep pace with competitors), two recent trends, both software related, hint at the reason behind Toyota’s unexpected decline. One is the shortening of product-development cycles generally in the car industry. These are down from a typical four or five years to little more than 15 months, thanks to computer-aided design and manufacturing, and the virtual simulation of the resulting products. To save money and time, Toyota has even dispensed on occasion with building test “mules” and other engineering prototypes.

Read more…