November 3, 2015 Comments Off on Data-Driven API testing Webinar recording now available
October 16, 2015 Comments Off on Helpful, easy-to-follow instructions to assess and correct your browser’s SSL vulnerability
SSL has long been the primary method for encrypting the communications between your browser and the websites you visit. However, for years there have been reports about potential ways for unauthorized parties to exploit SSL weaknesses and thus gain access to your ostensibly secure interactions.
The latest news is that the Diffie-Hellman key exchange algorithm (using 1024-bit primes) has been compromised. This has serious implications for the privacy of your sensitive communications, including banking, shopping, and email, to name just a few.
Fortunately, there’s a very helpful online tool that will evaluate your risk. You can find it at https://www.howsmyssl.com/
You should run this tool for each browser that you use, and take action based on what it tells you. More about that later in this post.
Here’s what I learned when I ran it on my system:
Opera (I haven’t updated this for a while, so it’s no surprise that it’s vulnerable):
Safari (Based on these results, Safari is now a no-go until I get it corrected)
Firefox (I applied the fix from the article that I’ll describe below. The results are good)
Finally, here’s Chrome. Once again, I configured this browser using the information from the article below.
So what should you do if you get a ‘Bad’ message from the How’s My SSL tool? The Electronic Frontier Foundation (EFF) has published an excellent, easy-to-understand article with step-by-step instructions about how to tighten your browser security.
You’ll find it here.
October 15, 2015 Comments Off on Presenting a Data-driven API Testing Webinar with SmartBear on October 28
As long as computers are incapable of interacting telepathically, APIs will continue to serve as the predominant approach for cross-system communication over the Internet.
Alas, comprehensive API testing continues to occupy a distressingly low position on the software development To Do list. This is a shame, because there are some fantastic technologies and associated best practices that make it possible to quickly, easily, and thoroughly evaluate APIs for reliability, accuracy, and performance.
Since data-driven probes are some of the most effective techniques to determine if an API is ready for production, Paul Bruce from SmartBear and I will be presenting a technically-focused Webinar on how to employ winning data-oriented strategies in your testing.
To register for the Webinar, click here.
August 27, 2015 Comments Off on Not scared of algorithms? Perhaps you should be.
A while back, I wrote about a run-in I had with a rental car company, or to put it more accurately: a rental car company’s algorithm. It’s quite frightening to think about the implications of “lights-out” algorithms making important decisions that can affect all aspects of your life. And as someone who witnesses – first hand – the often abysmal job that enterprises do when testing their APIs (which frequently have algorithms running beneath the covers), I’m particularly concerned about what this will spell for the future.
If you’d like to learn more about these possible repercussions, check out the extremely well written article by Frank Pasquale on aeon.co.
Cyberspace is no longer an escape from the ‘real world’. It is now a force governing it via algorithms: recipe-like sets of instructions to solve problems. From Google search to OkCupid matchmaking, software orders and weights hundreds of variables into clean, simple interfaces, taking us from query to solution. Complex mathematics govern such answers, but it is hidden from plain view, thanks either to secrecy imposed by law, or to complexity outsiders cannot unravel.
If you’d like to read more of my posts about Big Data, click here.
July 11, 2015 Comments Off on Poshly – one of Fast Company’s 10 Most Innovative Big Data Companies – is growing
I’ve long been a fan of practical usages of Big Data: applications that aggregate raw information – and lots of it – to address real-world business challenges. I’ve already written about Poshly (disclosure: I’m an investor), and I continue to be impressed with their progress.
Poshly is expanding their team by hiring a lead front-end engineer and deployment specialist, so if you – or someone you know – is interested in joining a winning team in a hot space, I encourage you to check out these opportunities.
May 30, 2015 Comments Off on Increased reliance on APIs demands more effective testers
It seems everywhere you look these days, someone is extolling the virtues of APIs. For example, here’s an article from Fortune that highlights how APIs are serving as competitive differentiators.
However, those enterprises that are placing such emphasis on their APIs must appreciate that they also need to invest in their testing staff with proper tooling and training. I recently wrote about this on the SmartBear blog, which you can read here.
April 28, 2015 Comments Off on Excellent article on laptop encryption
Did you know that you have very few privacy rights when you cross a border (into the US or anywhere else in the world, for that matter)? I blogged about the dangers of bringing a laptop through customs a while back. Naturally, it’s a good idea to remove any sensitive information from your laptop, especially when you’re traveling. For those situations that require you to keep important data on a computer that’s at risk of being inspected (or stolen), full-disk encryption can be a lifesaver.
Operating system vendors have been doing a great job at strengthening their products, so there’s really no excuse not to take advantage of encryption. Here’s a link to an excellent article from Micah Lee on The Intercept that explains how to do this on Windows, Mac, and Linux computers.
With step-by-step instructions, it’s one of the best written tutorials I’ve seen about this topic. It’s well worth your time to make the effort, but remember: don’t lose your password!