Mock Testing

Image taken from http://zeroturnaround.com/rebellabs/how-to-mock-up-your-unit-test-environment-to-create-alternate-realities/

Mock Testing explained:

Concise Example of the EasyMock testing framework:

Reflection in Java

Six years of programming with Java and I’ve never had to use reflection. I don’t know if that a good or a bad thing but below is the best, most concise explanation of Java Reflection which I have found. The commentator confuses himself at times but the core message and logic comes across well. Only 11 or so minutes long.

Reflections on The Dublin Web Summit 2014

dublin-web-summit-2014

Dublin Web Summit 2014

Web Summit Overview:

-Purpose: Investment, networking

-Stage names: Main, Marketing, Enterprise, Machine, Builders, Sports, Food,

-Talks – Talks would be individual speakers, or a panel of experts being interviewed. Speakers did not get paid and for the most part they only mentioned their product / service in passing as opposed to using the 15 / 20 minute slot as a promotion.

-My week – I spent it attending different talks. I didn’t spend any time talking to startups.

-This Presentation: I will give a brief synopsis of 3 talks which I found interesting. I will talk about two subjects that came up over and over again and I will briefly speak about different statements and information which I came across throughout the week.

Disclaimer: There were stats thrown around without stating the source or reliability. I can only relay these stats, I cannot defend them

Big Data – What is it? – Where does it come from? – Internet of   Things –  Why is it useful?

IOT – is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. Basically, it is a reference to how almost everything is connected to the internet. For example, one talk detailed how his company assign an ip address to each pane of glass in a building and can control the opacity of the window depending on how much light is desired in the room. This removes the need for a powerful A/C system as well as the hassle of blinds. The owner of the Galway Hooker brewery can controll his whole brewing process from his phone. Anyway, I digress, basically, so many devices are connected and interconnected and this is the IOT.

All of these devices, generate extremely large data sets, even when apparently idle. The amount of data being generated is known as Big Data. Big data, when analyzed can reveal patterns, trends and associations which can help with strategic decisions for business. A simplified example, take a PlayStation game, typically a shop would buy x amount of units based on how popular they felt the game would be, on how much demand they thought would exist. When the game sold out, they would order more units. While waiting to get re-stocked, customers are buying the game elsewhere.

With Big Data on their side, our game shop can now analyze web browsing patterns, social media trends, the amount of adverts appearing online, seasonal trends, local demographic information and shopping and more to make a better estimate on how many units they should buy and in what stores.

Data Scientists, at one talk I was at, a demonstration was given on how 5 differing and opposing conclusions were drawn from analyzing the same data set. So for our example, this would mean that by looking at the data in different ways, our game store would say that they were most likely to sell the biggest number of games in Leitrim, when lthey looked at the data a different way, they would conclude that they were more likely to sell more units in Cork City. Its one thing having the data but its another thing entirely to get value from it. This is were Data Scientists come in.

Data Scientists are people usually with statistical and mathematical talent whose task it is to perform large scale statistical research, analysis and modeling of almost everything. These are the people who add value to your big data. In time, software will probably be used to perform such modeling, but until then, Data Scientists are in high demand.

Data Scientists – Get the right people as opposed to may people. The most powerful data is when human gut instinct is removed.

Big Data – http://www.ibmbigdatahub.com/presentation/big-data-retail-examples-action

Featured Talk – How to be a Hacker – Pablo Holman – Main Stage

“Hackers have he genius minds that will try & do everything but follow directions”

Pablo once hacked into the FBI systems. He said that Hackers have a different way of thinking, that they don’t read the instructions before using a device. They do their best to break the device.

Pablo began by telling stories of famous hackers, one such one was Barnaby Jack who bought a couple of ATM’s on eBay, studied them and then during a presentation at a Black Hat conference in 2010,  had the machines dispense cash without effecting the account balance.

Pablo explained how these days, every new product is being shipped with a chip in order to future proof it. Basically in his opinion, everything is turning into a hackable PC.

Pablo explained that if you live in America, no matter how bad you have things, you are still in the top 14% of the world for quality of living. Pablo explained how 250,000 children die from malaria each year. Pablo said that while everyone is designing apps to solve “problems” like how to split a bar tab with your friends, Pablo is working for Intellectual Ventures Laboratory which has partnered with Bill Gates to form Global Good.

This partnership has developed products such as the vaccination cooler for malaria vaccinations. 6 months in the sun as opposed to half of the vaccinations in the Styrofoam cooler going bad within 4 hours.

His talk then ended and the point seemed to be how great he is as opposed to how to be a hacker.

I just thought this talk was interesting due to the top 14% stat and the way he belittled everyone there with a stall by saying they are not solving “real problems”.

Featured Talk – Startup Tech Talk – Paul Muller (Adjust)

Talk Main Focus – Avoid the Cloud

Reason – Cost $5.6 million dollar savings over 3 years. Paul mentioned that from his experience talking with CTO’s, Cloud Services are typically the largest cost to the CTO’s company. For Adjust (Paul’s company), their hardware is 5% of their operating cost.

Reason – Avoid optimizing your system so you don’t pay cloud services as much, instead optimize it so that it is better for end users / customers.

Reason – Once people go to the cloud, they tend not to come off it as they see the migration as too big an ordeal.

Reason – If something happens and your site / service goes down, you will have your own team of devops working on it rather than logging calls or tickets to a cloud service provider. With savings like $5.6 million over three years, you can well afford your own devops team.

Reason – You can also have this devops build customized safeguards for your service that can bolster your security. Paul told a story about ‘Code Spaces’ who had their Amazon Web Services management console hacked. When the hacker didn’t get his ransom, he had all the controls at his finger tips to wipe the system and all images and backups. all of its svn repositories—backups and snapshots—were deleted. All EBS volumes containing database files were also deleted. Code Spaces folded as it would not have been viable for them to build up from scratch again.  Paul’s team have the ability to disable such functionality.

Scott Johnston (Google Drive) – When questioned at his presentation about security concerns, Scott used the analagy that having your own services and hardware is like storing all your cash under your bed instead of using a bank. He said your hard drives can fry and that could finish you. He said how Google have 450 staff dedicated to security and there is no way any one could have as string a defence as they provide.

As an observation on the point of never getting off the cloud, Google granted every startup at the summit a $10,000 voucher for their cloud services. Amazon did the same but to the value of $1,000.

Featured Talk – The Death of the Password – Eric Schalit (Dashlane)

“There is no doubt that over time, people are going to rely less and less on passwords. “ – Bill Gates 2004

So why has Bill Gates prediction not come true yet?

Emmanuel started talking about how things become a de facto standard. For example, we all know that the QWERTY keyboard layout was devised so that keys commonly used together wouldn’t jam. However, the layout was subsequently modified by Typewriter manufactures Remington, so that their sales staff could type the word ‘Typewriter’ all from the top line of the keyboard. The rest of us stuck with this as its just become a norm.

The same has happened with passwords and this is proving hard to kill. Passwords meet 3 vital criteria, and thus, any replacement would also need to meet these criteria. The 3 things are:

1.Free / Cheap – nobody owns the password system or idea.

2.Shareable – Passwords started out so that Romans could restrict access to certain areas. If you wanted to get in, you would need to tell the sentry the password. You would have attained the password after somebody shared it with you.

3.Preserve anonymity – For example, retina scanning or fingerprint scanning does not allow you to stay anonymous.

To replace the de facto standard, a new standard would need all the existing benefits as well as some new ones. It would also need to be easy to switch to. Significant time would also need to pass to allow mass adoption.

As stated, hardware solutions don’t meet the above 3 criteria. There have been attempts to solve the issue with software, for example, Facebook connect. But not everyone thinks this is a good idea, for example, Google. Google have their own alternative, as do Twitter.

The issue with passwords is human. Humans want security and convenience. Enter tDashlane, a one stop app that you create an account for and it then has access to all your online logins. It makes it very easy to generate passwords and have them automatically change every so often. You don’t need to worry about what they are as you will be signed into Dashlane on your machine / mobile device and it looks after signing in to we sites for you.

So I tried out Dashlane and I was uncomfortable with one site having access to all my online accounts. I wouldn’t mind if it managed passwords for sites I don’t care about – eg Oracle where I need to login to every so often to get an old JVM. But I don’t like how it also stores my Gmail password where I have personal information. I am not sure I can trust one company with all of my security for all websites.

Therefore my conclusion is that passwords are very much alive and I will go on the record as saying Bill Gates is wrong.

9 GIFs That Explain Responsive Design Brilliantly

http://www.fastcodesign.com/3038367/9-gifs-that-explain-responsive-design-brilliantly?partner=rss

Des Traynor – Product Strategy in a Growing Company – Dublin Web Summit

Attached is a pdf from Des Traynor of Intercom who gave a very interesting talk at the Dublin Web Summit 2014. Th etalk addressed the concerns of adding new features and functionality whilst developing a new software product.

DesTraynor-WebSummit-Final

Security Basic Best Practices

1. Always validate user input. The user could stick html or javascript into text box. Malicious users can embed links in your page and change href of your links. You can run regex against input to remove suspicious, non alpha numeric characters that may be part of a script.

2.When taking info from a request., eg request.getParameter, you must validate it. Similar to point 1 above.

3. Add a timeout to a users sessions using a MAC code.

4. HTTP ‘posts’ are for updating,  HTTP ‘gets’ are for reading.

5. Set the default char set at top of page to reduce the types of escapes and canonicalization tricks available to bowld pups. eg content type =text/html charset=iso-8859-1

6. The less information sent back to the client in a failed request/operation,  the better.just say operation failed, dont say why. If you give a clue as to why, a hacker might take advantage of this. A simple example is how web systems used to say ‘Invalid password’ or ‘no user with that username exists’. This lets a hacker know he has at least got an existing username and can then run password cracking software against that username.

7. A note on passwords:

  • Tunnel the request thru ssl/tls
  • Only give a simple failure message for failed login attempts . don’t specify the reason the login failed.
  • Log failed attempts but not the password which was attempted
  • Use a strong salt based cryptographic one way function based on hash for password storage.suggest PBKDF2
  • Provide secure mechanism to change password
  • Password reset should never send the old password out. Send a temporary password.
  • Passwords should be strong and clear instructions should be on screen to facilitate this

8. Session id should use a good random number generator. Use the system CRNG or java.security.SecureRandom
Byte test [20];

SecureRandom crng = new SecureRandom ();
crng.nextBytes (test)

george-graham-master-of-security

George Graham, a master of security

SSL Certificates

Its recommended to use of a certificate from a public Certificate Authority (CA) included in the JDK/JRE list of recognized CAs. However, a self-signed certificate can also be used. Self-signed certificates require the signing CA’s key be installed on any machine that uses the application in question for certificate validation. If the CA key for the self-signed certificate is not installed on a machine where someone is attempting to use the application in question, communication will not be allowed.
Follow

Get every new post delivered to your Inbox.