November 3, 2015 Comments Off on Data-Driven API testing Webinar recording now available
October 16, 2015 Comments Off on Helpful, easy-to-follow instructions to assess and correct your browser’s SSL vulnerability
SSL has long been the primary method for encrypting the communications between your browser and the websites you visit. However, for years there have been reports about potential ways for unauthorized parties to exploit SSL weaknesses and thus gain access to your ostensibly secure interactions.
The latest news is that the Diffie-Hellman key exchange algorithm (using 1024-bit primes) has been compromised. This has serious implications for the privacy of your sensitive communications, including banking, shopping, and email, to name just a few.
Fortunately, there’s a very helpful online tool that will evaluate your risk. You can find it at https://www.howsmyssl.com/
You should run this tool for each browser that you use, and take action based on what it tells you. More about that later in this post.
Here’s what I learned when I ran it on my system:
Opera (I haven’t updated this for a while, so it’s no surprise that it’s vulnerable):
Safari (Based on these results, Safari is now a no-go until I get it corrected)
Firefox (I applied the fix from the article that I’ll describe below. The results are good)
Finally, here’s Chrome. Once again, I configured this browser using the information from the article below.
So what should you do if you get a ‘Bad’ message from the How’s My SSL tool? The Electronic Frontier Foundation (EFF) has published an excellent, easy-to-understand article with step-by-step instructions about how to tighten your browser security.
You’ll find it here.
October 15, 2015 Comments Off on Presenting a Data-driven API Testing Webinar with SmartBear on October 28
As long as computers are incapable of interacting telepathically, APIs will continue to serve as the predominant approach for cross-system communication over the Internet.
Alas, comprehensive API testing continues to occupy a distressingly low position on the software development To Do list. This is a shame, because there are some fantastic technologies and associated best practices that make it possible to quickly, easily, and thoroughly evaluate APIs for reliability, accuracy, and performance.
Since data-driven probes are some of the most effective techniques to determine if an API is ready for production, Paul Bruce from SmartBear and I will be presenting a technically-focused Webinar on how to employ winning data-oriented strategies in your testing.
To register for the Webinar, click here.
October 11, 2015 Comments Off on Excellent infographic showcasing major crowd funding platforms
I recently had the pleasure of hosting an angel investing training event for existing, new, and prospective members of Astia Angels as part of our portfolio gathering. We had a fantastic collection of panelists and speakers, including Trish Costello from Portfolia. Trish has very impressive experience in all aspects of angel investing and venture capital, and is now leading Portfolia.
Portfolia is a collaborative investing platform designed for affluent women. It features thematic micro-investing funds enabling women to invest on their terms in companies they believe in. Portfolia’s Rising Tide Fund is a ‘learn-by-investing’ fund that lets women invest $10,000 into between six and nine companies over one year while learning the process of entrepreneurial investing.
Portfolia aims to prepare and focus one million affluent US women investors in five years. When women green light the companies, teams and products they want to see succeed, we’ll see positive disruption in the marketplace.
As part of her talk to our group, Trish presented a tremendously useful graphic that helped clarify the major players in the highly complex and dynamic world of crowd funding. These platforms are disrupting banking, venture capital, and angel investing, so it’s important to understand the entire landscape. Trish has graciously permitted me to display it here. Click on the thumbnail to view the full image.
September 30, 2015 Comments Off on Overcoming a Technical Sales Ambush Best Practice #1: Include the Sales Representative
As I recently depicted, a technical sales ambush is a scenario where a prospect convenes a technically focused “review” meeting with the hidden purpose of introducing impossible or unreasonable requirements that end up monkey wrenching the entire sale.
While ambushes can’t be totally avoided, their outcomes can be ameliorated through proper preparation. For example, sales representatives – at least those that are making or exceeding quota – are masters of interpersonal relationships and reading between the lines. I’ve found that the best reps can instantly sniff out an ambush or other situation where the prospect’s technical experts are not acting in their employer’s best interest, and are advancing their own private agendas instead.
A proactive sales representative will quickly take steps to stop an ambush in its tracks. This can include entirely rejecting the meeting without adequate representation from the business, or demanding a quid-pro-quo about what happens after the meeting (like setting up a proof-of-concept).
One of the most important things a rep can do is simply make sure that they’re part of the meeting: a sales engineer (SE) should never face this type of audience alone, especially when it appears that an ambush might be in the cards. Having the sales rep present frees up the SE to focus on making a good faith effort to address all technical questions, while strengthening the case that the vendor is making to the prospect.
September 19, 2015 Comments Off on Das Auto, der Algorithmus, und der Smog
Looks like Volkswagen is going to have some ‘splainin’ to do: the company has been ordered to recall 482,000 diesel-powered vehicles (including Jetta, Golf, Passat, Beetle, and Audi A3) by the US Environmental Protection Agency, US Department of Justice, and California Air Resources Board.
VW is being accused of implementing an algorithm that detects when the car is being smog-tested and then applying full emission controls so that the vehicle will pass. At other times (like during normal road operations), the emission controls were programmatically relaxed and the car belched out much higher levels of pollutants such as nitrogen oxide.
You can read the violation notice here. Wow.
And as algorithms become more prevalent in everyday devices (i.e. “the Internet of Things”), there should be all sorts of entertaining stories to come. Some will involve felonious behavior, while others will just be the natural outcome of poor design or shoddy quality control.
August 27, 2015 Comments Off on Not scared of algorithms? Perhaps you should be.
A while back, I wrote about a run-in I had with a rental car company, or to put it more accurately: a rental car company’s algorithm. It’s quite frightening to think about the implications of “lights-out” algorithms making important decisions that can affect all aspects of your life. And as someone who witnesses – first hand – the often abysmal job that enterprises do when testing their APIs (which frequently have algorithms running beneath the covers), I’m particularly concerned about what this will spell for the future.
If you’d like to learn more about these possible repercussions, check out the extremely well written article by Frank Pasquale on aeon.co.
Cyberspace is no longer an escape from the ‘real world’. It is now a force governing it via algorithms: recipe-like sets of instructions to solve problems. From Google search to OkCupid matchmaking, software orders and weights hundreds of variables into clean, simple interfaces, taking us from query to solution. Complex mathematics govern such answers, but it is hidden from plain view, thanks either to secrecy imposed by law, or to complexity outsiders cannot unravel.
If you’d like to read more of my posts about Big Data, click here.