Entries by Damon Gudaitis

What is Context Driven Testing?

The software testing community loves a good fight and nothing illustrates that better than all of the words spilled over context-driven testing. What is context driven testing? Context driven testing advocates contend that “the value of any practice depends on its context.” Stated so simply, it seems impossible to disagree with. Of course the value […]

Data Sovereignty in Canada

Summary Most companies operating in Canada can store data wherever they want as long as they take measures to secure personal data. Service providers working with public bodies in BC and Nova Scotia have stricter data sovereignty requirements including storing data in Canada. Concerns about accessing data through the PATRIOT Act are misplaced because there […]

US and Canadian Privacy Laws for Mobile App Developers

Privacy on mobile platforms is in its infancy. Governments are still getting caught up with Web privacy and mobile is something that they are just beginning to figure out. However, individual regulatory bodies in the US and Canada are quite aware of the subject and have begun publishing a solid set of guidelines for mobile app developers to help them comply with existing laws in Canada and signal the direction of future legislation in the US. Mobile Privacy in the US The FTC is responsible for privacy regulations in the US. The FTC recently held a mobile privacy panel discussion focusing on transparency where they made privacy recommendations for platform and OS providers as well as developers. The report from that panel is available online. Privacy for Platform and OS Providers In their report, they recommend platform or operating system providers supply the following: Just-in-time disclosure before accessing sensitive content like geolocation. Just-in-time disclosure before accessing potentially sensitive content like contacts. Develop a dashboard to review types of content accessed by apps. Develop icons to depict transmission of user data. Promote developer best practices like making privacy disclosures and enforcing these requirements. Offer a Do Not Track mechanism. As nice as all of these recommendations are, platform and OS providers will push back because some of these recommendations will hurt the user experience. In practice, Apple exerts the most rigorous control over apps installed through their walled-garden approach to the App Store. Developers can’t get apps approved that ask for too much data. Of course that means that disclosing the extent to which apps are reviewed shouldn’t be necessary if you disclose that all apps are reviewed. Android, on the other hand, polices apps that are caught embarrassing Google, but until a developer shames Google it is the Wild West. However, there is evidence that even with Apple’s controls, a lot of apps get through. In particular, recent research from BitDefender showed that 18.92 percent of iOS apps read contact lists versus 7.69 percent of Android apps. App Developers Privacy at the app developer end is even more disjointed. Some developers take privacy very seriously, but many are painfully unaware and a few are looking to exploit any lack of maturity in mobile privacy. The FTC recommends that app developers do the following: Include a Privacy Policy that is accessible through the app store. Obtain express consent before collecting and sharing sensitive information. Understand how integrated third-party code uses information to provide better disclosure to users. Participate in programs and associations that can provide guidance on making uniform, short-form privacy disclosures. The problem with most of these recommendations is that most developers just want to develop. Privacy is very rarely anyone’s responsibility and it kind of just gets forgotten. To complicate matters even more, PhoneGap, a popular cross-platform development platform, by default asks for all permissions on Android. The problem isn’t that PhoneGap is secretly using the data, because they can’t, or that PhoneGap developers who don’t change the default settings are doing something malicious, because if they were they would deliberately ask for all permissions not accidentally. The problem is that end users get used to giving out too many permissions. All of these awesome apps from great companies that are built on PhoneGap without a thought to privacy help users grow accustomed to oversharing permissions and that’s not a good thing The other problem with PhoneGap and any other developer that asks for too many permissions is that privacy- and security-conscious users will think twice about installing apps. Unless your business is preying on privacy-naive users, then losing those, probably privacy-sensitive users is going to hurt your business. If you need more proof that privacy costs installs, Pew Research surveyed cell phone owners and discovered that “57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons.” NTIA Recommendations In addition to the FTC’s recommendations, the US Commerce Department’s National Telecommunications and Information Administration (NTIA) has released a privacy code of conduct titled Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices. This document is a recommendation and not law. The authors of the publication even write that “adopting these principles does not guarantee compliance with any specific state, federal, or international laws or best practices.” The NTIA document is primarily concerned with what they call short form notifications offered prior to download or purchase of the app. While the document talks mostly about app developers, the recommendations seem more tailored to the App Store and Google Play as the main portals to downloading apps. If some of the upcoming OSes that support HTML5 as a primary language for native app development like Ubuntu, Tizen and Firefox OS gain some traction, short form notifications may become more of a developer responsibility. The recommended substance of the short form notifications include: The type of data collected. A link to a longer privacy policy. Information on what third parties have access to the data. The identity of the entity providing the app. The main value of the NTIA document is its categories of data and third-parties. Both lists give a framework for thinking about the types of data and third-parties that you might potentially work with. The NTIA divides data in to the following categories: Biometrics Browser history Phone or text log Financial info Health, medical or therapy info Location User files It is so easy to share data in your app that it is also easy to forget who you are sharing with. The NTIA lists the following third-parties Ad networks Carriers Consumer data resellers Data analytics providers Government entities Operating systems and platforms Other apps Social networks Mobile Privacy in Canada Canadian privacy laws apply to mobile applications. The laws are covered by a mix of federal and provincial legislation, however the different provincial and federal bodies have made an effort to reduce […]

The post US and Canadian Privacy Laws for Mobile App Developers appeared first on OptimusMobility.

Guide to Migrating a .NET Site to Azure

Microsoft generally does a good job of integrating its products and that is mostly true for .NET and Azure. Migrating a .NET site to Azure is relatively easy with a few details that need to be looked after. Here is a step by step guide to migrating to Azure. Open the web site project Before you […]

Annotations in Java

Annotation is a feature introduced by J2SE 5 that allows programmers to embed additional information called metadata into a Java source file. Annotations do not alter the execution of a program but the information embedded using annotations can be used by various tools during development and deployment. Types of Annotations Creating an annotation is similar […]

Types of Performance Testing

Performance testing encompasses a number of different types of testing like load testing, stress testing and configuration testing each of which is designed to uncover or solve performance problems with a system. What follows is a basic, decision-maker level overview of each performance testing discipline that focuses on the key outcomes of each type of test.  Load Testing Load testing tests the response of a system under anticipated conditions. Any decent load testing service will simulate real user interactions using real scenarios. Load testing programs monitor the entire system, including databases and load balancers, to see how they respond to the load. There are two basic ways of generating load, you either use an on-premise load generator like JMeter or LoadRunner, or you use cloud load generation tools like SOASTA. Even with free, open source load generators like JMeter, on-premise solutions are generally more expensive because you need hardware to generate the load. Cloud load generation hardware is rented for only as long as you need to test and it has the added advantage that it can more easily simulate traffic from around the world. Key outcomes from a load testing program: Learn how many users your system can handle. Identify bottlenecks in the system. Stress Testing Stress testing tests the response of a system beyond normal limits often to the point of breaking. It is very similar to load testing and uses the same tools to generate load with the same advantages and disadvantages. Stress testing selectively stresses transactions to see how the system responds while system stress testing tests the entire system to determine the weakest link. Key outcomes from a stress testing program: Learn how your system fails. Ensure proper error handling. Soak Testing Soak testing, or endurance testing, tests the response of a system under a heavy load over time. Problems like memory leaks can manifest over time that won’t be caught by a shorter load test. Otherwise, soak testing is very similar to load testing. It uses the same tools and monitors the entire system to isolate problems found during testing. Key outcomes from a soak testing program: Identify problems that aren’t caught by load testing. Spike Testing Spike testing tests the response of a system to a sudden spike in usage. Similar to stress testing, spike testing focuses on testing individual transactions since random spikes in usage are quite normal for websites. Key outcomes from a spike testing program: Know how the system handles spikes in usage. Configuration Testing Configuration testing tests how changes to a system’s configuration affect its performance. It performed by measuring various performance indicators like server response time under a consistent load while making changes to the system to see how each change affects each indicator. Key outcomes from a configuration testing program: Know which system settings give optimal performance. Know whether a system performs to a vendor declared specifications. Isolation Testing Isolation testing involves monitoring a system at an increasingly granular level while repeating tests that result in system failure or problem to isolate the cause of a problem. It typically involves testing just one problem component of a system while emulating other components and adding custom test code to the component to determine the root cause of a problem. Key outcomes from an isolation testing program: Discover the root cause of a problem.

The post Types of Performance Testing appeared first on OptimusQA.

Types of Performance Testing

Performance testing encompasses a number of different types of testing like load testing, stress testing and configuration testing each of which is designed to uncover or solve performance problems with a system. What follows is a basic, decision-maker level overview of each performance testing discipline that focuses on the key outcomes of each type of […]

OptimusBI at UBC

Optimus program manager Rupmeet Singh visited UBC’s Sauder School of Business to give a practical talk about business intelligence in the real world for William Tan’s Information Systems Technology and Development class. UBC offers an excellent BCom Major in Business and Computer Science that combines technical and business knowledge that is necessary to run modern […]