One of my recent articles got published in TheSmartTechie Magazine. Here's the unedited article for your reading pleasure-
The Ethical Hacker Snapshot
What is the first thing that comes to your mind when you think of the word ‘hacker’? Let me attempt to draw a snap here; a kid in his late teens or early 20’s displaying modern demeanors — wearing a turned around cap, having ruffled hair, wearing a spectacle, and dressed up casually in jeans and t-shirt. Someone who looks a bit immature in his mannerisms but at the same time sounds like a deep thinking individual, possibly knowing everything about computers and with a malicious intention to break into computer systems and networks and cause harm to individuals and organizations. If you are like many others who are baffled by the mystery surrounding the hackers, your image of a hacker may not be too different from the one described above. In short, there is always a notorious vagueness surrounding the word ‘hacker’. So, who is a hacker anyways, and what’s so ‘ethical’ about a hacker?
The Ethical Hacker Defined:
The Oxford dictionary’s definition of the word ‘hacker’ is ‘someone who uses a high degree of computer skill to carry out unauthorized acts within a network.’ And the definition of the word ‘ethical’ is ’being morally correct’. So in plain terms, an ‘ethical hacker’ is someone who uses a computer to gain unauthorized access to data in a computer or network and at the same time is morally correct and does not have a malicious intent. In industry jargon, an ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking to detect vulnerabilities that a malicious cracker could exploit. Some experts even argue that hackers, by definition, are supposed to have ethical intent and so there is no need for the phrase ‘ethical hacker’. In this article, I have used the term ‘ethical’ in an attempt to counter the negative impression that exists around hackers. On the contrary, a cracker is someone who is also a computer and network expert and attacks a computer system or network and has a malicious intent, unlike a hacker. An ethical hacker is also sometimes called a ‘white hat’; a term that comes from old Western movies where the ‘good guy’ always wore a white hat and the ‘bad guy’ wore a black hat. So, a hacker does not have a criminal intent but a cracker does.
A Few Cracker Stories
In 2007, nearly 3,000 customer records were accessed by crackers who hacked into the system of a small bank in central U.S. Though there is no official record of how this happened reports say that this was possibly done by using SQL Injection attacks. Whoever thinks that online banking is convenient may get a perspective of the considerable risk at which this convenience comes. In February 2007, more than 10,000 online game servers that were hosting games such as Return to Castle Wolfenstein, Halo, Counter-Strike, and many others were attacked by ‘RUS’ hacker group. The Distributed DoS attack was made from more than a thousand computer units located across the former republics of the erstwhile Soviet Union. A lot of research is carried out on the Wi-Fi networks by means of Wardriving. In Wardriving, the researcher looks for Wi-Fi networks using a PDA or portable computer while in a moving vehicle. The prime idea behind Wardriving is to find out the vulnerable Wi-Fi networks, and if the Wardriver has a malicious intent he can use this information to break into vulnerable wireless networks using the computer or network resources. In the recent terrorist attack incidents, vulnerable wireless networks were used to send emails to media houses, which certainly left ignorant Wi-Fi users in much of a trouble. The Internet is full of news stories related to organizations’ and even home users’ computer security being compromised by crackers. Hackers are the people who help prepare the organizations against such attacks of even more drastic consequences.
Exploring the Mind of an Ethical Hacker
As Ankit Fadia, one of India’s renowned computer security experts put it an ethical hacker, or simply a hacker, is someone who
* Likes to think out of the box.
* Likes to try out and experiment with the things not mentioned in a computer book. * Has unlimited curiosity.
* Is highly creative and innovative.
* Believes in testing and stretching the limits of his own technological abilities. * Has an ability to think and stand on his own feet and achieve things that are beyond the capacity of a normal person.
* Is trustworthy and honest. Hackers in reality are actually good, pleasant, and extremely intelligent people who, by virtue of their knowledge, help organizations in a constructive manner to secure documents of strategic importance.
Similarity Between Ethical Hacking and Software Testing
The prime purpose of software testing is to detect the bugs in a software application before the customer does it. On similar lines, the purpose of hacking is to find the vulnerabilities before a cracker with malicious intention does it. A hacker needs a kind of brazen mindset for breaking things in order to carry out hacking. The same kind of mindset is found among persons performing security testing on software applications. Like a typical software security tester a hacker also needs to have loads of perseverance, as the success ratio of finding a vulnerability is not always quite high and it usually requires trying out different things persistently and creatively to find out something wrong with a particular computer system or a network. One of the important things that a hacker usually relies on to carry out a simulated attack is called ‘penetration testing’. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. There are lots of freely available tools as well as commercial ones that can help one perform Penetration tests on websites, computer networks, and so on.
Epilogue
To catch a thief, you must think like a thief. That’s the basis of ethical hacking. One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called Red Teams to hack its own computer systems. One of the key roles of Red Team activity was that it challenged preconceived notions by demonstration and served to elucidate the true problem state that the attackers might be attempting to exploit. In a similar way organizations and government agencies hire ethical hacking services to gain insights into the vulnerability assessment of their own computer systems and networks to know how sensitive information is externalized and can be exploited by the crackers. Gaining information about the loopholes in a system, the ethical hacking services work to plug the holes and make the systems more secure and less exploitable. Are you aware of the ‘cyber thieves’ stalking your organization’s computers and networks? If not, ethical hacking will sure give you an answer.
Tuesday, April 7, 2009
Tuesday, March 31, 2009
The best way to make mistakes- "Fail faster"
I think one of the questions that you will always get an answer in Affirmative, when asked is- "Have you ever made a mistake ?". I believe till the time human race exists the answer to this question will always be "Yes". On the contrary, one of the more significant questions is- "What do you do when a mistake is made ?" or "How do you react to mistakes ?" or "What are the thoughts that run through your mind after you make a mistake ?". Answers to this questions largely depend upon myriad of factors such as one's social orientation, the education system which always teaches or rather prompt us to be "correct" or "perfect" always or sometimes the value system-which sees you in bad light on making mistakes.
The rule in learning something new is quite simple- You cannot learn to walk without falling down. You cannot learn to swim without accidentally slipping your head inside water. You cannot learn to ride a bicycle without falling down and hurting self.
Our present life is largely as a result of choices we make. So, after making a mistake one can either choose to criticize self and become overly cautious and defensive for rest of the life or one can safely ignore the mistake and live in the world of illusion as if nothing happened or one can move on and take the positives out of mistakes and learn from them.
I have been reading through a some stuff over the past few months and have observed some striking similarities in the thinking of successful people in how they dealt with their failures. Here are few instances-
Source# 1- http://www.rediff.com/getahead/2009/mar/12starting-a-business-on-your-own.htm
This article is about Anand Chhatpar who is the CEO of BrainReactions, which is in the business of identifying new opportunities for entrepreneurs and companies by generating creative new ideas. Anand says-"Let me assure you that everyone makes mistakes when starting a new business. What is needed to succeed is the will to recognise your mistakes and to fix them quickly. As I learned from my mentors during my internship, 'Fail fast to succeed sooner!'
Source# 2- Book: The little book of coaching (Authors: Ken Blanchard and Don Shula)
Don Shula , one of the most successful football coaches wrote in the book-"I had a Twenty-four rule. I allowed myself, my coaches, and our players a maximum of twenty four hours after a football game to celebrate victory or bemoan a defeat.
During that time, everyone was encouraged to experience the thrill of victory or the agony of defeat as deeply as possible, while learning as much as we could from that same experience. Once the twenty four hour deadline had passed, we put it behind us and focused our energies on preparing for next opponent."
Source# 3- Book: Micheal Phelps- The untold Story of a Champion (Author: Bob Schaller)
After his amazing feats in 2004 and 2008 Olympics, Michael Phelps
needs no introduction. This book primarily talks about his journey from childhood and exclusively covers his run in 2008 Olympics. There's a mention of one of his fellow champion swimmer in the book as follows-"Not making the Olympic team at 2004 Olympic trials really gave Garett Weber Gale a focus he needed in 2008 to avoid mistakes he made 4 years earlier."I have this quote from [UT Assistant] Kris Kubik,' Weber Gale said. "I was just totally broken up at the time, bawling. Kris came up and said, "The way to get through this is to take a minute, remember how this feels, and don't ever let it happen again." I promised myself that day, I wouldn't feel that again- that much disappointment. Its important, to me, to keep promises to myself- its a big deal."
Source# 4- Book: The Greatness Guide2 (Author: Robin Sharma)
"The CEO of Coca-Cola at the annual meeting informed shareholders that the company was now going on an innovation tear and that his organization's reinvention plan was contained in a documented entitled "The Manifesto for Growth." He noted that spending on marketing and innovation would increase by US$400 million and then- and here's the big line- observed, "You will see some failures. As we take more risks,
this is something we must accept as a part of the regeneration process." Which brings me to the imperative of Failing Fast. There can be no success without failure. Its just part of the success...You need to fail to win.
I think one thing that is quite clear from these instances is that the smart people know how to "Fail fast". To me Failing faster constitutes of several factors-
- First is to accept that failures are a part of day-to-day life. No matter how perfect may one claim to be, mistakes are inevitable.
- Do not kill yourself with negative thoughts whenever the mistakes happen.
- Let your failures have a limited shelf life. Remember, Don Shula's (Source# 2) Twenty-hour rule. Don't let your mistakes ruin your thinking after the shelf life expires. But do take learnings beyond twenty four hours.
- As with the case of swimmer Garett Weber Gale (Source# 3), always do remember how bad it feels whenever the mistake is made and use that feeling to enhance your resolve to not do it again.
- Don't just give up something that you believe in just because you have failed in a particular step.
- Learn not only from your mistakes but from others too and all the above rules apply appropriately.
The rule in learning something new is quite simple- You cannot learn to walk without falling down. You cannot learn to swim without accidentally slipping your head inside water. You cannot learn to ride a bicycle without falling down and hurting self.
Our present life is largely as a result of choices we make. So, after making a mistake one can either choose to criticize self and become overly cautious and defensive for rest of the life or one can safely ignore the mistake and live in the world of illusion as if nothing happened or one can move on and take the positives out of mistakes and learn from them.
I have been reading through a some stuff over the past few months and have observed some striking similarities in the thinking of successful people in how they dealt with their failures. Here are few instances-
Source# 1- http://www.rediff.com/getahead/2009/mar/12starting-a-business-on-your-own.htm
This article is about Anand Chhatpar who is the CEO of BrainReactions, which is in the business of identifying new opportunities for entrepreneurs and companies by generating creative new ideas. Anand says-"Let me assure you that everyone makes mistakes when starting a new business. What is needed to succeed is the will to recognise your mistakes and to fix them quickly. As I learned from my mentors during my internship, 'Fail fast to succeed sooner!'
Source# 2- Book: The little book of coaching (Authors: Ken Blanchard and Don Shula)
Don Shula , one of the most successful football coaches wrote in the book-"I had a Twenty-four rule. I allowed myself, my coaches, and our players a maximum of twenty four hours after a football game to celebrate victory or bemoan a defeat.
During that time, everyone was encouraged to experience the thrill of victory or the agony of defeat as deeply as possible, while learning as much as we could from that same experience. Once the twenty four hour deadline had passed, we put it behind us and focused our energies on preparing for next opponent."
Source# 3- Book: Micheal Phelps- The untold Story of a Champion (Author: Bob Schaller)
After his amazing feats in 2004 and 2008 Olympics, Michael Phelps
needs no introduction. This book primarily talks about his journey from childhood and exclusively covers his run in 2008 Olympics. There's a mention of one of his fellow champion swimmer in the book as follows-"Not making the Olympic team at 2004 Olympic trials really gave Garett Weber Gale a focus he needed in 2008 to avoid mistakes he made 4 years earlier."I have this quote from [UT Assistant] Kris Kubik,' Weber Gale said. "I was just totally broken up at the time, bawling. Kris came up and said, "The way to get through this is to take a minute, remember how this feels, and don't ever let it happen again." I promised myself that day, I wouldn't feel that again- that much disappointment. Its important, to me, to keep promises to myself- its a big deal."
Source# 4- Book: The Greatness Guide2 (Author: Robin Sharma)
"The CEO of Coca-Cola at the annual meeting informed shareholders that the company was now going on an innovation tear and that his organization's reinvention plan was contained in a documented entitled "The Manifesto for Growth." He noted that spending on marketing and innovation would increase by US$400 million and then- and here's the big line- observed, "You will see some failures. As we take more risks,
this is something we must accept as a part of the regeneration process." Which brings me to the imperative of Failing Fast. There can be no success without failure. Its just part of the success...You need to fail to win.
I think one thing that is quite clear from these instances is that the smart people know how to "Fail fast". To me Failing faster constitutes of several factors-
- First is to accept that failures are a part of day-to-day life. No matter how perfect may one claim to be, mistakes are inevitable.
- Do not kill yourself with negative thoughts whenever the mistakes happen.
- Let your failures have a limited shelf life. Remember, Don Shula's (Source# 2) Twenty-hour rule. Don't let your mistakes ruin your thinking after the shelf life expires. But do take learnings beyond twenty four hours.
- As with the case of swimmer Garett Weber Gale (Source# 3), always do remember how bad it feels whenever the mistake is made and use that feeling to enhance your resolve to not do it again.
- Don't just give up something that you believe in just because you have failed in a particular step.
- Learn not only from your mistakes but from others too and all the above rules apply appropriately.
Thursday, December 4, 2008
Are you being heard the way you want to be heard ?
Here's a real life story-
The Clallenger Spacecraft was launched on 28th-Jan-1986, but unfortunately exploded 73 seconds post liftoff. There has been a lot of research that has gone into finding the actual reasons for this crash. Much of the research of what went wrong with Challenger launch focuses on the lack of communication between NASA and Morton Thiokil, Inc (MTI). MTI was the contractor responsible for the component that failed during the launch. Almost 2 years before the fatal launch, MTI became aware that there could be a problem with O-ring, a sealing component that prevent hot gases from escaping the solid rocket booster and burning a hole in the fuel tank which was the physical cause of to this disaster. The engineers at MTI documented this problem and insisted that the further testing needed to be done to determine the reliability of O-ring. Upon further testing they confirmed that the O-ring was not reliable, particularly when temperatures dropped below 53 degrees. The question is-
Why then was the Challenger given the go to launch on that fateful day, when the temperature at launch time was 36 degrees, well below safety margin ?
One strong possibility, the researchers say- the people around the table were afraid to express their doubts or even to ask questions that they had determined before entering the room that morning that they would ask.
Source for above excerpt: The book- "Leading with questions" Author: Michael Marquardt
The above story caught my imagination because it was a very strong co-relation with Software Testing real life situations. The very fact that Engineers at MIT had documented the problem in advance was not enough to avert this disaster.
- How many times have you as a tester been in a situation or unknowingly gets into a situation wherein you feel your responsibility ends as soon as you log a defect ?
- Arent testers the owners of the defect- right from the time its logged till the time it is reported as fixed and later verified ?
Another point of view regarding the above excerpt-
- This story again shows that there is a vast difference between passive communication and an active, impact communication. What was required in above situation was the courage by the person who knew about the problem to raise his voice "loud enough" to be heard. And probably the person who tested was contented with the fact that he has already documented the problem and his job is done.
Conveying the bad news is an art that every tester has to master. And this is not as easy as it may seem. It does require a rare courage and will to stand by what is right and communicate with tact to all the stakeholders.
You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.
- Samuel Levenson
Are Software testers listening, and learning ?
Keep testing passionately!
The Clallenger Spacecraft was launched on 28th-Jan-1986, but unfortunately exploded 73 seconds post liftoff. There has been a lot of research that has gone into finding the actual reasons for this crash. Much of the research of what went wrong with Challenger launch focuses on the lack of communication between NASA and Morton Thiokil, Inc (MTI). MTI was the contractor responsible for the component that failed during the launch. Almost 2 years before the fatal launch, MTI became aware that there could be a problem with O-ring, a sealing component that prevent hot gases from escaping the solid rocket booster and burning a hole in the fuel tank which was the physical cause of to this disaster. The engineers at MTI documented this problem and insisted that the further testing needed to be done to determine the reliability of O-ring. Upon further testing they confirmed that the O-ring was not reliable, particularly when temperatures dropped below 53 degrees. The question is-
Why then was the Challenger given the go to launch on that fateful day, when the temperature at launch time was 36 degrees, well below safety margin ?
One strong possibility, the researchers say- the people around the table were afraid to express their doubts or even to ask questions that they had determined before entering the room that morning that they would ask.
Source for above excerpt: The book- "Leading with questions" Author: Michael Marquardt
The above story caught my imagination because it was a very strong co-relation with Software Testing real life situations. The very fact that Engineers at MIT had documented the problem in advance was not enough to avert this disaster.
- How many times have you as a tester been in a situation or unknowingly gets into a situation wherein you feel your responsibility ends as soon as you log a defect ?
- Arent testers the owners of the defect- right from the time its logged till the time it is reported as fixed and later verified ?
Another point of view regarding the above excerpt-
- This story again shows that there is a vast difference between passive communication and an active, impact communication. What was required in above situation was the courage by the person who knew about the problem to raise his voice "loud enough" to be heard. And probably the person who tested was contented with the fact that he has already documented the problem and his job is done.
Conveying the bad news is an art that every tester has to master. And this is not as easy as it may seem. It does require a rare courage and will to stand by what is right and communicate with tact to all the stakeholders.
You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.
- Samuel Levenson
Are Software testers listening, and learning ?
Keep testing passionately!
Saturday, November 29, 2008
Building communication bridges through better Vocabulary
For a while now, i have been thinking to start a Testing Thoughts series in my blog. Basically the thoughts that are an outcome of the day-to-day observations of seeing Software testing at in action. The inspiration of this is primarily to share the learnings arising from the myriad of testing activities and challenges from day-to-day life. True to the precept- "Begin with the end in mind", the end goal that i foresee with this series is to capture the imagination of anyone who reads this and initiate a thought process that may be unique or may be dormant in your minds or may be in sync with your thoughts. I am trying to keep the format - Simple and crisp.
Here's to a new beginning-
When was the last time you put an conscious effort to learn a new word in your business language ? Vocabulary enhancement is something we do as a kids quite actively but as the time passes the knack to learn new words somehow reduces as we get into our cozy comfort zones. According to a research- "The average student learns about 3,000 words per year in the early school years -- that's 8 words per day (Baumann & Kameenui, 1991; Beck & McKeown, 1991; Graves, 1986)". Do you think we match this or even half or one fourth of this in our day-to-day lives as business people or employees ?
Why am i bringing the point of Vocabulary building in my blog ? One prime reason is that Communication (be it verbal or written), plays a vital role in your success in Software Testing Profession. Be it your conversation with developer, fellow testers, offshore teams, clients, customers etc. , one thing that sets most of the testers apart from others is effective communication. And sound Vocabulary acts as a building block to effective communication. How often have you felt at loss of words to explain your thoughts in business language and preferred to stay quiet or wished that you could explain the matter in your native language ?
Isn’t it the time one starts rating communication skills also (in addition to other factors such as clarity, fluidity etc.) on number of new words learnt and implemented in day-to-day communication ?
Do you agree with me or differ with me ? Do share your thoughts...
Keep testing creatively!
Here's to a new beginning-
When was the last time you put an conscious effort to learn a new word in your business language ? Vocabulary enhancement is something we do as a kids quite actively but as the time passes the knack to learn new words somehow reduces as we get into our cozy comfort zones. According to a research- "The average student learns about 3,000 words per year in the early school years -- that's 8 words per day (Baumann & Kameenui, 1991; Beck & McKeown, 1991; Graves, 1986)". Do you think we match this or even half or one fourth of this in our day-to-day lives as business people or employees ?
Why am i bringing the point of Vocabulary building in my blog ? One prime reason is that Communication (be it verbal or written), plays a vital role in your success in Software Testing Profession. Be it your conversation with developer, fellow testers, offshore teams, clients, customers etc. , one thing that sets most of the testers apart from others is effective communication. And sound Vocabulary acts as a building block to effective communication. How often have you felt at loss of words to explain your thoughts in business language and preferred to stay quiet or wished that you could explain the matter in your native language ?
Isn’t it the time one starts rating communication skills also (in addition to other factors such as clarity, fluidity etc.) on number of new words learnt and implemented in day-to-day communication ?
Do you agree with me or differ with me ? Do share your thoughts...
Keep testing creatively!
Sunday, August 31, 2008
Wake up, Shake up and then test...
You can't master testing unless you reinvent it
This is how one of the lessons of the book "Lessons learned in Software Testing" goes. And this statement is so very true. Just adding to the above statement based on my experience-
You can't master testing unless you reinvent it and you can't reinvent testing unless you reinvent your thinking
Software Testing is a job that requires extensive thinking. And unlike many people's beliefs - thinking is a skill, something that can be acquired and sharpened always. In order to test an application efficiently, we do need to sharpen our thinking skills and mental routine and apply the renewed thinking to test an application. There are many credible ways by which thinking can be enhanced or sharpened. Some ways include mastering Edward de bono's better thinking principles, studying epistemology, understanding cognitive psychology etc. These are the techniques and studies which can be learnt and applied to enhance one's thinking skills and in turn the efficiency of a tester.
Recently, while reading a book- "Instant Analysis" by David J. Lieberman- i came across a different thought line on how our physical routines can affect our thinking and even our thinking outputs. Life does get monotonous, mechanical and predictable as we move on. For example, as the day passes notice certain day-to-day behaviors-
- Once you get into office, look around your desk- you would probably find that picture on the same place as it has been for months or years, same place for a to-do list, same place where you keep your laptop and work.
- Look at the pattern in which you decide your password. Its probably following the same sequence for as long as you can remember.
- Are you in a habit of keeping your desk or your PC desktop unorganized and cluttered ?
There can be a numerous such examples (based on one’s life style) that you can relate to just by looking around your physical world. Probably the list of things that you have been doing the same way for a long time just because they have been part of your habit, something your subconscious mind drives you to do without you realizing it. As Dr. David puts it-
"You see something and you instantly go into a conditioned state associated with your environment."
The idea here is to be aware of such sub-conscious habits and behavior patterns and take a step forward to break the pattern by shaking up your daily routine. By doing so, it helps to jolt your usual thought patterns and open up new avenues of thinking. And it does work! I have tried this in my daily life and this kind of pattern interrupting exercises actually help to open new pathways in your brain eventually affecting the thinking outputs. Here is what needs to be done -
- Based on your life style, make a note of different aspects of your daily routine.
- Slight change any of the ordinary behaviors (e.g. organize your desk, move the stuff and rearrange, slightly change the order of things you do when you reach office etc.)
- Do things that you usually dont do and vice versa (by slightly adjusting the behavior)
Have more awareness of self and age-old pattern and eventually breaking them introduces you to a new thought process. A thought process that has the potential to bring in new ideas to your work, help you in coming up with new ways of testing.
As Software Testing is a job that requires immense thinking abilities, these slight adjustments to the physical routine has a potential to go a long way to bring in necessary change and freshness in a way you have been approaching testing.
I am quite keen to experiment more with this thought while testing and managing the testing in the time to come.
This is how one of the lessons of the book "Lessons learned in Software Testing" goes. And this statement is so very true. Just adding to the above statement based on my experience-
You can't master testing unless you reinvent it and you can't reinvent testing unless you reinvent your thinking
Software Testing is a job that requires extensive thinking. And unlike many people's beliefs - thinking is a skill, something that can be acquired and sharpened always. In order to test an application efficiently, we do need to sharpen our thinking skills and mental routine and apply the renewed thinking to test an application. There are many credible ways by which thinking can be enhanced or sharpened. Some ways include mastering Edward de bono's better thinking principles, studying epistemology, understanding cognitive psychology etc. These are the techniques and studies which can be learnt and applied to enhance one's thinking skills and in turn the efficiency of a tester.
Recently, while reading a book- "Instant Analysis" by David J. Lieberman- i came across a different thought line on how our physical routines can affect our thinking and even our thinking outputs. Life does get monotonous, mechanical and predictable as we move on. For example, as the day passes notice certain day-to-day behaviors-
- Once you get into office, look around your desk- you would probably find that picture on the same place as it has been for months or years, same place for a to-do list, same place where you keep your laptop and work.
- Look at the pattern in which you decide your password. Its probably following the same sequence for as long as you can remember.
- Are you in a habit of keeping your desk or your PC desktop unorganized and cluttered ?
There can be a numerous such examples (based on one’s life style) that you can relate to just by looking around your physical world. Probably the list of things that you have been doing the same way for a long time just because they have been part of your habit, something your subconscious mind drives you to do without you realizing it. As Dr. David puts it-
"You see something and you instantly go into a conditioned state associated with your environment."
The idea here is to be aware of such sub-conscious habits and behavior patterns and take a step forward to break the pattern by shaking up your daily routine. By doing so, it helps to jolt your usual thought patterns and open up new avenues of thinking. And it does work! I have tried this in my daily life and this kind of pattern interrupting exercises actually help to open new pathways in your brain eventually affecting the thinking outputs. Here is what needs to be done -
- Based on your life style, make a note of different aspects of your daily routine.
- Slight change any of the ordinary behaviors (e.g. organize your desk, move the stuff and rearrange, slightly change the order of things you do when you reach office etc.)
- Do things that you usually dont do and vice versa (by slightly adjusting the behavior)
Have more awareness of self and age-old pattern and eventually breaking them introduces you to a new thought process. A thought process that has the potential to bring in new ideas to your work, help you in coming up with new ways of testing.
As Software Testing is a job that requires immense thinking abilities, these slight adjustments to the physical routine has a potential to go a long way to bring in necessary change and freshness in a way you have been approaching testing.
I am quite keen to experiment more with this thought while testing and managing the testing in the time to come.
Saturday, August 23, 2008
Uncovering Myths about Globalization Testing- 4
Myth 11: Localization - means Localized product on a localized Operating System, Internationalization- means Localized product on English Operating System
One of the readers of my previous Globalization testing related post had commented the following-
I have always heard the below definitions for L10n and I18n:
Localization - means Localized product on a localized Operating System.
Internationalization- means Localized product on English Operating System.
Could you please clarify. As a person who has not done any such testing, I am always in doubt regarding this.
It made me realize that one of the most misunderstood aspects in the world of Software Globalization is comprehension of terms “Internationalization” and “Localization”. I too used to be having a wrong notion about these terms before I started working in this field. I think the major reason for the incorrect understanding about these terms is the lack of awareness and exposure in the field (particularly in India). Moreover, the available definitions and literature also makes it a bit hard for a person with no background in Software Globalization to fathom the basic differences in Software Internationalization and Localization. So, without delving any deeper into text book definitions of Internationalization and Localization, let me attempt to explain these terms as I have experienced while working in the Industry.
Software Globalization:
At the most basic level, Software Globalization= Software Internationalization + Software Localization.
Simply explained, the term “Globalization” relates to all the activities that are required to conceptualize, design, develop, test, maintain and probably sell and market the product in supported International geographies. Globalization is a superset term which constitutes Software Internationalization and Software Localization. Whenever someone uses the term “Globalization testing”, it primarily includes testing of all the changes that needs to be included into the Software to make it fit to be developed in different languages or technically put- Internationalize it. We will look deeper into the phrase “testing of all the changes” (used in previous sentence) in the following points.
What is Software Internationalization ?:
As we now know, one of the activities that come under Software Globalization umbrella is “Internationalization”. Lets forget about Internationalization testing for a moment and focus our thoughts on “What is Internationalization ?”. The primary thing to keep in mind when we talk about Internationalization is that- Internationalization is a Software Design and Development activity.
One question that comes to mind at this point is- If Internationalization is a Software Design and Development activity then how is it different from Design and Development of base Software product (By base Software product I mean that English language Software assuming the Software gets developed in English language first and then into other languages). Base Software development includes development of all the features and functionalities of the application e.g. Taking an example of Windows Notepad application, Base product development includes- writing code for functionality of File/New, Open, Save, Save-as menu, Edit menu and so on. So base product development ensure that the basic features that a product offers are in place.
So, where does Internationalization come into Picture here ?
When we talk of selling the Software in International market, broadly 2 types of requirements are taken in to consideration
a) The features and functionalities that the base language product offers should be available in International version of the Software (there can of course be some exception e.g. say German market does not need a feature that may be a in demand in US market)
b) International requirements i.e. requirements pertaining to the locale in which the Software is being sold. Consider the following examples-
• For a software being developed for Arabic market, it should provide a provision to write in a Left to Right fashion (as against English- Right to left).
• Traditional Chinese is written from Top to bottom so the Software product being sold in that market should have UI supporting text from Top to bottom.
• For a software being sold in International market, one of the primary requirements is that it should support the character sets for that particular language e.g. German, Japanese text etc. If the product does not support the local character sets, it cannot be sold in those markets as the consumers will invariably reject the Software whose UI is translated but it does not support data entry in translated language.
• If a product supports multiple languages then one of the possible Internationalization feature is ability to changing the language at a run time.
• One of the important Internationalization requirements is that the core binaries of product (having code for product’s core features) should not change when Software is internationalized in different languages i.e. same code base should be used for a Software in English, German, Japanese languages etc. One of the aims of Internationalization is achieve the same code base across all the languages. If the code base differs as we move from one language to another, then the overall cost of product development and testing becomes multifold.
• And there can be many more such requirements.
And relooking at above 2 broad classifications of requirements, the requirement b) comes under scope of Internationalization i.e. these requirements are covered as a part of Internationalization design and development. So an international Software leverages the features developed in base language (requirement a) above) and in addition includes varios International requirements.
I hope the above examples provides some insights into what Design and Development activities comes under the scope of Internationalization, why is Internationalization important and how is Internationalization different from base product development.
What is Software Localization ?
So, where does Software Localization comes into picture in Software Globalization ? As mentioned earlier- Software Localization is one of the activities of Software Globalization. In simple terms, Localization deals with presentation aspects of International Software. So if I ask what is the basic difference one observes after having a look at German language User Interface as against an English Language user Interface ? The obvious answer is “Language”. So, one of the prime tasks of Software Localization is translation of various User Interface elements in target language. Remember- we are not talking about Localization testing here, its just an plain explanation of term “Software Localization”.
Who does what ?
Software Internationalization is carried out by either the base product developers who are well versed with Internationalization concepts or it is done by the Software Internationalization experts. Internationalization is indeed an experts’ job.
Translation activity in Software Localization is carried out by the language experts preferably by the people who are the native speakers of the language (usually not the people who have learnt the target language as a second language).
Where does Software Internationalization and Software Localization meet ?
In an ideal scenario, Software Internationalization is done when the base product development is being done i.e. Internationalization requirements are built into the Software when the base product is being developed. An important point here is that Internationalization is built into the Software much before it is actually translated. This is an important concept to understand.
The translation work starts only after the base product User Interface is finalized i.e. no more changes are planned to the User Interface. After the User Interface Freeze, the language experts get the English text, they work to translate the same and after the entire translation is done , the translated resources files are included in the product.
Keep watching this space, there’s still a lot more to come on Software Globalization!
One of the readers of my previous Globalization testing related post had commented the following-
I have always heard the below definitions for L10n and I18n:
Localization - means Localized product on a localized Operating System.
Internationalization- means Localized product on English Operating System.
Could you please clarify. As a person who has not done any such testing, I am always in doubt regarding this.
It made me realize that one of the most misunderstood aspects in the world of Software Globalization is comprehension of terms “Internationalization” and “Localization”. I too used to be having a wrong notion about these terms before I started working in this field. I think the major reason for the incorrect understanding about these terms is the lack of awareness and exposure in the field (particularly in India). Moreover, the available definitions and literature also makes it a bit hard for a person with no background in Software Globalization to fathom the basic differences in Software Internationalization and Localization. So, without delving any deeper into text book definitions of Internationalization and Localization, let me attempt to explain these terms as I have experienced while working in the Industry.
Software Globalization:
At the most basic level, Software Globalization= Software Internationalization + Software Localization.
Simply explained, the term “Globalization” relates to all the activities that are required to conceptualize, design, develop, test, maintain and probably sell and market the product in supported International geographies. Globalization is a superset term which constitutes Software Internationalization and Software Localization. Whenever someone uses the term “Globalization testing”, it primarily includes testing of all the changes that needs to be included into the Software to make it fit to be developed in different languages or technically put- Internationalize it. We will look deeper into the phrase “testing of all the changes” (used in previous sentence) in the following points.
What is Software Internationalization ?:
As we now know, one of the activities that come under Software Globalization umbrella is “Internationalization”. Lets forget about Internationalization testing for a moment and focus our thoughts on “What is Internationalization ?”. The primary thing to keep in mind when we talk about Internationalization is that- Internationalization is a Software Design and Development activity.
One question that comes to mind at this point is- If Internationalization is a Software Design and Development activity then how is it different from Design and Development of base Software product (By base Software product I mean that English language Software assuming the Software gets developed in English language first and then into other languages). Base Software development includes development of all the features and functionalities of the application e.g. Taking an example of Windows Notepad application, Base product development includes- writing code for functionality of File/New, Open, Save, Save-as menu, Edit menu and so on. So base product development ensure that the basic features that a product offers are in place.
So, where does Internationalization come into Picture here ?
When we talk of selling the Software in International market, broadly 2 types of requirements are taken in to consideration
a) The features and functionalities that the base language product offers should be available in International version of the Software (there can of course be some exception e.g. say German market does not need a feature that may be a in demand in US market)
b) International requirements i.e. requirements pertaining to the locale in which the Software is being sold. Consider the following examples-
• For a software being developed for Arabic market, it should provide a provision to write in a Left to Right fashion (as against English- Right to left).
• Traditional Chinese is written from Top to bottom so the Software product being sold in that market should have UI supporting text from Top to bottom.
• For a software being sold in International market, one of the primary requirements is that it should support the character sets for that particular language e.g. German, Japanese text etc. If the product does not support the local character sets, it cannot be sold in those markets as the consumers will invariably reject the Software whose UI is translated but it does not support data entry in translated language.
• If a product supports multiple languages then one of the possible Internationalization feature is ability to changing the language at a run time.
• One of the important Internationalization requirements is that the core binaries of product (having code for product’s core features) should not change when Software is internationalized in different languages i.e. same code base should be used for a Software in English, German, Japanese languages etc. One of the aims of Internationalization is achieve the same code base across all the languages. If the code base differs as we move from one language to another, then the overall cost of product development and testing becomes multifold.
• And there can be many more such requirements.
And relooking at above 2 broad classifications of requirements, the requirement b) comes under scope of Internationalization i.e. these requirements are covered as a part of Internationalization design and development. So an international Software leverages the features developed in base language (requirement a) above) and in addition includes varios International requirements.
I hope the above examples provides some insights into what Design and Development activities comes under the scope of Internationalization, why is Internationalization important and how is Internationalization different from base product development.
What is Software Localization ?
So, where does Software Localization comes into picture in Software Globalization ? As mentioned earlier- Software Localization is one of the activities of Software Globalization. In simple terms, Localization deals with presentation aspects of International Software. So if I ask what is the basic difference one observes after having a look at German language User Interface as against an English Language user Interface ? The obvious answer is “Language”. So, one of the prime tasks of Software Localization is translation of various User Interface elements in target language. Remember- we are not talking about Localization testing here, its just an plain explanation of term “Software Localization”.
Who does what ?
Software Internationalization is carried out by either the base product developers who are well versed with Internationalization concepts or it is done by the Software Internationalization experts. Internationalization is indeed an experts’ job.
Translation activity in Software Localization is carried out by the language experts preferably by the people who are the native speakers of the language (usually not the people who have learnt the target language as a second language).
Where does Software Internationalization and Software Localization meet ?
In an ideal scenario, Software Internationalization is done when the base product development is being done i.e. Internationalization requirements are built into the Software when the base product is being developed. An important point here is that Internationalization is built into the Software much before it is actually translated. This is an important concept to understand.
The translation work starts only after the base product User Interface is finalized i.e. no more changes are planned to the User Interface. After the User Interface Freeze, the language experts get the English text, they work to translate the same and after the entire translation is done , the translated resources files are included in the product.
Keep watching this space, there’s still a lot more to come on Software Globalization!
Tuesday, August 19, 2008
Uncovering Myths about Globalization testing-3
Continuing from my previous post , here are a few more myths about Globalization testing uncovered.
Myth 8: If a test case works fine in French language, it will work fine in German language as well
This one is little tricky to explain but it is definitely a myth. Some thoughts around this-
1. Lets consider a case of application being Internationalized for the first time. And assume that the application is going to support multiple languages. There are several factors that need to be kept in mind before defining the testing scope-
a. Check with the developer if there are any changes in application binaries between the languages. If the developer confirms the binaries are the same across all the languages, then get the information about what changes have been done to the product from the Internationalization perspective across all the languages. Also, consider the changes that have been done to the product while building the product or creating the executables. If the product is using the same binaries across all the languages AND there are no changes to the product from the Internationalization perspective AND there are no changes done to build the product AND there are no other changes in the application between languages, then one may confidently say that "If a test case works fine in one language, it will work fine in other language as well. "
In practical scenario, the answer to different if’s in previous sentence are usually not known or is not known to an extent to help you make a right decision. In such a case, to assume that a test case will behave the same way across all the languages may turn out to me quite risky.
b. Continuing with the previous point, another important point is the skill of a developer performing the Internationalization changes to the product. Designing and developing a product from I18N perspective is a specialized skill. More often you will see that the developer who does core application development may not be fully well versed with I18N concepts. If this is the case, as a tester one should better take special care when deciding to omit any test case.
c. If the application is Internationalized for the first time, then the testing should be as thorough as possible as chances for mistakes are high.
2. On the other hand, for the applications that have been through multiple Internationalization releases i.e. already support multiple languages are generally going to be more stable and the variations of test results across the languages would majorly depend upon the changes that has gone into the Software between previous releases and the current one.
3. In order to perform the Risk based testing across the different languages that are supported, one thought-line that is usually applied is that all the Single byte languages such as French, Spanish, German usually tend to behave the same way and the testing can be equally distributed across all these languages.
A special care must be taken to handle the testing of multi-byte languages such as Japanese, Simplified Chinese, Traditional Chinese etc. majorly because of the different character-sets that these languages deal with.
Myth 9: If the Foreign text input in application text fields work fine by using the Soft keys, then it means the data input through respective Foreign language key board would also work fine.
Soft keys are the "Soft" key boards layout in different languages that are provided by Windows Operating System. It can be accessed from the following locations-
- Start Menu/Programs/Accessories/Accessibility/On Screen Keyboards
- Start Menu/Programs/Accessories/System tools/Character Maps
Soft keys basically helps one enter the Foreign text without the need of an external keyboard. For majority of the testing with Foreign text, the use of Soft keys should suffice but there are a few situations that i can think of which requires one to use actual hardware-
- For some languages there are a multiple types of Keyboards (with different makes and models) available in the market. The customers of respective locales can use any of those keyboards. In such a scenarios, it is worthwhile checking at the earlier phases on what models of Keyboards are supported by the application under test and use the same for testing purposes.
- In my testing experience with Internationalized applications, i have not come across a situation where i would have found a bug in which a test scenario worked fine on Soft keyboard but not on physical keyboard but reading about other's experience here's what i found after reading the book- "Galileo Computing- Software Testing and Internationalization"
As the book states- I have seen a program in the past where foreign data was able to be entered correctly using an English keyboard on Portuguese system, so the product was shipped. However, when the program was installed by people in Brazil, who were using a Portuguese keyboard, they were not able to enter the C Celidda character(ҁ).
Though i dont know the exact reason for the above experience mentioned in the book, but this experience is a good enough indicator to not treat the tests related to entering foreign text lightly and to use the physical keyboard for different languages for testing International versions of the Software.
Always, remember- do not take chances with features related to handling the foreign text within the program. Always test it thoroughly.
Myth 10: Globalization testing doesn't require the same test setup as is required to do the Base language testing. Globalization testing can be done with a minimum test setup.
This myth came up as a result of one of the discussions i was having with Development manager of one group. This is a myth because Globalization testing too can be as setup intensive as the base language testing can be.
Remember- one of the basic purposes of Globalization testing is to ensure that the International version of the application on the respective language test setup works the same as English language version would work on English test setup. By test setup here, i mean the Operating System, Third party products, any specific hardware etc.
One cannot possibly carry out all the necessary tests if the test setup of Internationalized applications is not same as the base language test setup.
Myth 8: If a test case works fine in French language, it will work fine in German language as well
This one is little tricky to explain but it is definitely a myth. Some thoughts around this-
1. Lets consider a case of application being Internationalized for the first time. And assume that the application is going to support multiple languages. There are several factors that need to be kept in mind before defining the testing scope-
a. Check with the developer if there are any changes in application binaries between the languages. If the developer confirms the binaries are the same across all the languages, then get the information about what changes have been done to the product from the Internationalization perspective across all the languages. Also, consider the changes that have been done to the product while building the product or creating the executables. If the product is using the same binaries across all the languages AND there are no changes to the product from the Internationalization perspective AND there are no changes done to build the product AND there are no other changes in the application between languages, then one may confidently say that "If a test case works fine in one language, it will work fine in other language as well. "
In practical scenario, the answer to different if’s in previous sentence are usually not known or is not known to an extent to help you make a right decision. In such a case, to assume that a test case will behave the same way across all the languages may turn out to me quite risky.
b. Continuing with the previous point, another important point is the skill of a developer performing the Internationalization changes to the product. Designing and developing a product from I18N perspective is a specialized skill. More often you will see that the developer who does core application development may not be fully well versed with I18N concepts. If this is the case, as a tester one should better take special care when deciding to omit any test case.
c. If the application is Internationalized for the first time, then the testing should be as thorough as possible as chances for mistakes are high.
2. On the other hand, for the applications that have been through multiple Internationalization releases i.e. already support multiple languages are generally going to be more stable and the variations of test results across the languages would majorly depend upon the changes that has gone into the Software between previous releases and the current one.
3. In order to perform the Risk based testing across the different languages that are supported, one thought-line that is usually applied is that all the Single byte languages such as French, Spanish, German usually tend to behave the same way and the testing can be equally distributed across all these languages.
A special care must be taken to handle the testing of multi-byte languages such as Japanese, Simplified Chinese, Traditional Chinese etc. majorly because of the different character-sets that these languages deal with.
Myth 9: If the Foreign text input in application text fields work fine by using the Soft keys, then it means the data input through respective Foreign language key board would also work fine.
Soft keys are the "Soft" key boards layout in different languages that are provided by Windows Operating System. It can be accessed from the following locations-
- Start Menu/Programs/Accessories/Accessibility/On Screen Keyboards
- Start Menu/Programs/Accessories/System tools/Character Maps
Soft keys basically helps one enter the Foreign text without the need of an external keyboard. For majority of the testing with Foreign text, the use of Soft keys should suffice but there are a few situations that i can think of which requires one to use actual hardware-
- For some languages there are a multiple types of Keyboards (with different makes and models) available in the market. The customers of respective locales can use any of those keyboards. In such a scenarios, it is worthwhile checking at the earlier phases on what models of Keyboards are supported by the application under test and use the same for testing purposes.
- In my testing experience with Internationalized applications, i have not come across a situation where i would have found a bug in which a test scenario worked fine on Soft keyboard but not on physical keyboard but reading about other's experience here's what i found after reading the book- "Galileo Computing- Software Testing and Internationalization"
As the book states- I have seen a program in the past where foreign data was able to be entered correctly using an English keyboard on Portuguese system, so the product was shipped. However, when the program was installed by people in Brazil, who were using a Portuguese keyboard, they were not able to enter the C Celidda character(ҁ).
Though i dont know the exact reason for the above experience mentioned in the book, but this experience is a good enough indicator to not treat the tests related to entering foreign text lightly and to use the physical keyboard for different languages for testing International versions of the Software.
Always, remember- do not take chances with features related to handling the foreign text within the program. Always test it thoroughly.
Myth 10: Globalization testing doesn't require the same test setup as is required to do the Base language testing. Globalization testing can be done with a minimum test setup.
This myth came up as a result of one of the discussions i was having with Development manager of one group. This is a myth because Globalization testing too can be as setup intensive as the base language testing can be.
Remember- one of the basic purposes of Globalization testing is to ensure that the International version of the application on the respective language test setup works the same as English language version would work on English test setup. By test setup here, i mean the Operating System, Third party products, any specific hardware etc.
One cannot possibly carry out all the necessary tests if the test setup of Internationalized applications is not same as the base language test setup.
Subscribe to:
Posts (Atom)
