Thursday, February 26, 2009

Bye Bye PDA!

After working through four generations of Palm OS PDAs, it's clear I won't be upgrading to a new one. It's not because I don't want to, it's because Palm's become a phone company. The shift occurred quickly, once the Treo succeeded in integrating phone and PDA functionality.

Now, I'm in a rut. I still like the pocket fit and five-function management of the PDA. Of course, I can upgrade to a smartphone. But I really don't want the on-going cost of the pricey service plan.

The other options are:
  • HP iPAQ: A nice device, but it looks pretty lonely out there. Doesn't give me good feelings for its longevity.
  • Netbook: Yeah, it'll do what I want. But it won't fit in my pocket, so it's a luggable as far as I'm concerned.
  • iPod Touch: Probably my best option, assuming Apple sticks with it. It'll do the basic five functions (calendar, mail, contacts, to do, and notes), sync with a PC, and more.

Hey, I think Apple's found another market opportunity :-)

Posted by at 4 comments:
Labels: , , , ,

Friday, February 20, 2009

Jeremiah Grossman

Another "must see" speaker. I've heard him speak twice at local OWASP meetings and both times it was a jaw dropping experience. Jeremiah shows how easy it is for an intermediate or injected proxy to take control of a browser or even the entire Windows desktop. You'll never feel quite as confident spending that next paycheck on-line, but hey, you'll be educated about what to look out for, too. Jeremiah makes it clear why security matters, and why it should be a design/implementation consideration from the beginning for any application on the network.

See his Blog at http://www.jeremiahgrossman.blogspot.com/

Oh, and check out the WASC website, too.
Posted by at No comments:
Labels: , ,

Secure inter networking?

Something I often wonder about: What will be involved to provide fundamentally secure inter networking?

It's generally accepted that TCP/IP was not designed with security in the forefront. However, considering the increasing amounts of commerce occuring on the Internet, it's ostrich-like to assume current secure networking methods will scale well or eventually become ubiquitous.

I suppose IPsec will help. But without pre-registering end-to-end security, is there a way that a client or server can expect it?

The typical vulnerabilities seem to reside in a few key areas:
  • Proxy-based (man in the middle)
  • Denial of Service (distributed or otherwise)
  • Phishing (impersonation)
  • Injection leading to loss of control (trojans, worms, poison packets and pages, botnets, etc.)
Will TCP/IP ultimately have to be re-designed or replaced to address these vulnerabilities? That seems unlikely at best.

Thoughts?
Posted by at No comments:
Labels: , ,

How to tick off your customers

OK, I'm not a Microsoft basher in general. I use Windows daily, and it's generally made my day to day computing life easier and more productive (gasp, a true confession!) However, there have been recent practices that have gotten my goat, so bear with me as I vent.

NB: These are good examples of how to tick off your customers (perhaps others can avoid them!)
  1. Start charging for features that were previously free. I'm specifically thinking about the Encrypted File System (EFS), which was included in Windows XP Pro, but now costs $ in Vista.
  2. Add injury to insult: Put EFS only in the Windows Ultimate Edition.
  3. Require all OEMs to ship only Windows Vista (but not specifically the Ultimate Edition).
  4. Inflict a complete Windows recast on the customer, followed by a robust, reliable version a year later (e.g., Vista -> Windows 7) Therefore, after already spending more $ to upgrade to Vista Ultimate, I have nothing better to do than spend $ to upgrade to Windows 7, too, right?

My point: Customer satisfaction is a many-faceted gem. It not only includes product features, reliability, and a timely delivery - but subtle factors as well - such as perceived value, clear messaging, and keeping migration and upgrades simple.

Posted by at 1 comment:
Labels: , ,

Windows 7

The buzz is "They finally got it right" and "Windows 7 is what Vista should have been".

After taking a look I agree :-)

Windows 7 features a "Back to basics, lean and mean" approach. It gets Windows out of the way, and puts the spotlight back on the applications software.

I installed it on a Lenovo ThinkCentre P-IV box with 4GB RAM. A straightfoward desktop, not cutting edge.

Observations:
  • It installs faster than previous Windows versions
  • It starts up and shuts down faster than Vista
  • Just the basic features are evident on the UI and desktop (as mentioned: lean and mean)
  • UAC finally works without being so annoying :-)
  • It will install and run under the free VMware server. However, the usual vmnet virtual network adapter didn't work for me, so the VM had no networking capability.
Now, will MS sell just a few editions of the OS, instead of the confusing array offered with Vista? Last I heard, the plan is to offer half a dozen different editions, so unfortunately that confusing Vista legacy will remain.
Posted by at No comments:
Labels: , , ,

Ease of Use

Ever wonder "Wouldn't it be handy if Linux had a command to set permissions along the entire pathname?"

Or "Why can't I click on a process in Windows Task Manager and select Go to File?"

These are examples of why software will never be finished. There will frequently be ease of use improvements that can be made.

I believe such optimizations add compelling value. They should be given serious weight, not just designated to some enhancement request black hole.

Good news: In Windows Vista, you can now do the "Go to File" trick. That's a nice value add :-)
Posted by at No comments:
Labels: ,

Thursday, February 19, 2009

David Chappell

If you ever get a chance to hear David Chappell speak, Go!

David has the uncanny ability to dissect complex technologies to their core capabilities, compare and contrast them effectively, and inject humor and effective conclusions along the way.

He's strongest with Windows based technologies, however he's sufficiently curious to turn his eyes and analysis upon all comers.

One of the most informing, entertaining, and knowledgeable technology analysts I've come across.
Posted by at No comments:
Labels: , , ,

The Importance of UI Design

After testing complex applications and their associated configuration/management UIs for some time now, I've come to appreciate the importance and payoff of good UI design.

A good UI must feature simple and intuitive presentation, ultimately meeting the user's skill level on demand. Since most users will deal with the UI on a routine basis, its appeal makes up a big portion of what the customer will find compelling about a product.

This means a little investment up-front will go a long way!

Some design effort should be attempted before any code is written. This yields the following benefits:
  • QA gains an opportunity to familiarize with the intended approach, can identify test tool candidates, prototype test cases, and provide early-on usability feedback.
  • Developers will communicate effectively among themselves, determining the necessary classes and how functionality can be included ahead.
  • Use Cases can be evaluated using the UI design. It's really useful to have use case tutorials made available to the product team up front, so all agree the necessary features are present and will work as intended.
'nuf said!
Posted by at No comments:
Labels:

Shenick diversifEye - Testing with Stateful Network Flows

During my last job, I worked with a Shenick diversifEye unit. The Shenick is a neat tool for providing stateful flows, in contrast to stateless packet blasting equipment such as the Ixia and Spirent Smartbits (Note: See Comment #1 for information about Spirent's stateful testing capabilities).

The Shenick excels at providing a realistic test environment for triple-play (Data, VoIP, Video) service evaluations. It provides a virtual client/server network, which can be hooked up to the DUT for realistic protocol and application behavior testing. This really beats setting up a complex test bench of real or VM guest nodes to achieve the same environment.

For P2P testing, the Shenick includes two emulation modes:
  • Simple file transfer mode, where a pre-registered file is transferred between virtual peers
  • A more sophisticated capture/replay mode, where a previously recorded live P2P conversation is played back between virtual peers.

Note: The Shenick shouldn't be confused as a performance testing and scaling tool. While packet blasters such as the Ixia and Smartbits can be used to evaluate DUT performance under increasing traffic loads, the Shenick has no "gas pedal". That is, the traffic generated is a function of the number of virtual client/server conversations. Therefore, the Shenick functions best for evaluating DUT behavior in the midst of realistic protocol exchanges, rather than simply scaling the traffic load up and down.

Posted by at 5 comments:
Labels: , , ,

Tuesday, February 17, 2009

Ruby fever

I've caught Ruby fever. This malady besets the jaded Perl programmer, who has grown comfortable with Perl scripting, but dislikes the forced indentation of Python, and wants something more general purpose than Javascript.

Ruby is really cool! It makes a fresh start with "Everything's an object", so there's no "Bolt on" or "Oh, yeah, we can do objects!" feel that's common with Perl or Python.

It makes programming easy and fun again, keeping desirable tasks simple and intuitive. For example, the notions of iterators, blocks, and collections make the language easy to embrace and compelling to code in immediately.

I also like the interactive Ruby shell (irb), the presence of a decent debugger, and the surprisingly extensive collection of class libraries.

Onward & Ruby-ho!
Posted by at 1 comment:
Subscribe to: Posts (Atom)