Topics

31

Software Engineering / Popular Chrome extension is secretly mining cryptocurrency

« on: January 05, 2018, 10:02:33 PM »

Have you heard of cryptojacking? It's the practice of secretly using your computer's resources to mine cryptocurrency without the user's permission.

Typically, you'll see the practice on shady websites — popular Bittorrent site The Pirate Bay appears to have experimented with it at one point — but a cryptojacking program has recently been found in a popular Chrome extension.

32

Software Engineering / Instagram, Telegram blocked in Iran due to anti-government protests

« on: January 05, 2018, 10:01:13 PM »

The Iranian government has blocked access to messaging app Telegram and photo app Instagram amid several days of protests in what authorities say is a move "to maintain tranquillity and security of society," according to state-run media.

33

Software Engineering / Happy 9th birthday, Bitcoin!

« on: January 05, 2018, 09:57:41 PM »

Exactly nine years ago, on Jan. 3, 2009, the first block in Bitcoin's blockchain was mined.

34

Software Engineering / Google says the new Google Calendar will officially replace the old version

« on: January 05, 2018, 09:55:02 PM »

Google announced that the new Google Calendar look will now become the permanent interface — whether you like it or not.

35

Software Engineering / Apple on Meltdown and Spectre bugs: 'All Mac systems and iOS devices are affecte

« on: January 05, 2018, 09:53:29 PM »

Apple just confirmed that nearly all of its devices are impacted by the serious vulnerabilities affecting processors made by Intel and other chip makers.

In the company's first public statement on the vulnerabilities, Apple confirmed that all of its Mac and iOS devices are affected by the bugs known as Meltdown and Spectre.

"These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," the company said.

Apple also explained that most exploits rely on apps with malicious code, reiterating that users should only download software from "trusted sources," such as its own App Stores. The company says it has addressed the bugs with its own software updates for MacOS (10.13.2), iOS (11.2), and tvOS (11.2).

For Safari, Apple says users can expect a software update meant "to help defend against Spectre," in the next few days. Google and Microsoft also previously issued patches meant to address the vulnerabilities, which first came to light earlier this week.

36

Software Engineering / CPU vulnerabilities, Meltdown and Spectre

« on: January 05, 2018, 09:51:28 PM »

By now you've probably heard. A large portion of the world's computer processors are vulnerable to at least one of two exploits that render them susceptible to hackers. But what, exactly, is going on — and what can you do to protect yourself?

While the answer to the first question is complicated, thankfully the answer to the second isn't. It turns out that companies like Google and Microsoft have been working behind the scenes to create patches for what the security community has named Meltdown and Spectre.

But we're not out of the woods yet, and, depending on your operating system, you still need to take some proactive measures to make sure your data is safe.

What's in a name: Meltdown and Spectre
One of the reasons this latest threat is so complicated is because it's actually multiple vulnerabilities that were unveiled at the same time. They're similar in some ways, but differ in important others — a fact hinted at by their names.

According to researchers, Meltdown "basically melts security boundaries which are normally enforced by the hardware." Spectre, meanwhile, "breaks the isolation between different applications" allowing "an attacker to trick error-free programs, which follow best practices, into leaking their secrets."

And what does that actually mean? Essentially, either of these vulnerabilities could be theoretically exploited to steal sensitive data, like passwords, off your computer. Spectre is also a threat to your smartphone, so no escape there. 
Furthermore, while Meltdown can be mostly mitigated with software patches, it is thought only certain exploitations of Spectre can be stopped in this manner. In other words, the latter is going to haunt us for some time and either could potentially require new processors for a complete fix (maybe).

So, who has patched?
Companies, if they haven't already, are rushing to release the aforementioned "mitigations" against possible attacks that could exploit Meltdown or Spectre (a helpful patch list can be found on the Computer Emergency Response Team site). Why mitigations? Well, because the patches and updates mitigate the risk — but might not remove it completely.   

Microsoft, on Jan. 3, released an update for devices running Windows 10 that was downloaded and installed automatically.

Google, for its part, issued a lengthy blog post on the same day detailing all the steps it had taken to protect users against both Spectre (Variant 1 and 2) and Meltdown (Variant 3). While a lot of that work happened behind the scenes, there are still some actions you need to take yourself. For example, you should definitely enable site isolation on Chrome.

Android devices with the most recent security updates are also protected from the above mentioned variants.

Apple was a little late to the customer-facing party, but on Jan. 4 made it clear that it is indeed paying attention. Specifically, the company said that — just like with its competitors — its products are at risk. That includes "all Mac systems and iOS devices," to be exact.

But wait, there's good news! Patches to help defend against Meltdown were released in iOS 11.2, macOS 10.13.2, and tvOS 11.2, and Spectre-focused patches for Safari should be hitting "in the coming days."

What do I need to do?
Meltdown and Spectre are the real deal, and rightly have security professionals concerned. However, at this time there are plenty of things you can do to protect yourself that don't involve buying a new computer.

Security researcher Matt Tait writes that, at least when it comes to Meltdown, typical computer users can mostly breathe easy. First and foremost, make sure your system is up to date. Download any all all patches for your operating system and browser of choice.

But, because more updates are coming down the pike, you're not done. Be on the lookout for any and all future security releases and make sure to install them immediately. Don't pull the classic "remind me later" bit.

And what about Spectre? This one is a little trickier.

"Spectre is harder to exploit than Meltdown, but it is also harder to mitigate," explain the researchers behind the discovery. "However, it is possible to prevent specific known exploits based on Spectre through software patches."

In other words, while nothing is perfect, much of the same advice applies as with Meltdown: update, update, update.

Which, well, has always been good advice.

37

ISTQB / The 5 best beta-testing tools for your app

« on: December 26, 2017, 12:31:52 AM »

Beta testing your app is a very important step in the pre-launch stage of your app development since it could highlight any problems with the following:

Quality: You may be sure that you have built a quality app, but only with proper beta testing will you be able to see that all the features function the way they are meant to. Quality is closely linked to the next point,
Usability: From UI through to UX. A usable app is one with an intuitive user-interface, with users easily able to navigate through your app, find what they want, and do what they expect to with your app. You are looking at how they perform certain functions, and seeing if there are any ways of improving the flow.
Bugs: Naturally you would have been thorough in ensuring there are no bugs in your app, but until it is used in a real-world scenario, you can't be sure. From serious bugs that cause the app to crash, to minor bugs that only reveal themselves under certain conditions.
Performance: The device, operating system, and even other apps could all affect the speed and overall performance of your app. Beta testing gives you an opportunity to analyse this more authentically than your own lab tests.
Marketing: From word-of-mouth marketing between your testers and their friends, through to insights into ideal audience as revealed by your testers, beta testing can help shape your marketing strategy pre-launch.
After considering these points, you'd find it difficult to deny that beta testing could help your app, and its launch, tremendously. And setting up beta testing isn't a complicated process, with a multitude of tools available. Some of these tools focus on just one aspect of beta testing, while others try to offer a more comprehensive set of features. Here's a rundown of some of the best ones.

UXCam
Discussions around UI and UX entered the mainstream in the late '90s as the internet became more accessible and more popular. And while the first mobile apps might not have made good use of UI and UX -- after all, it was a brand new field -- most large app developers now have separate departments focused only on UI and UX.

UserTesting
At first glance, UserTesting is very similar to UXCam. It gives you access to videos (and audio) of real-world users interacting with your app. However, unlike UXCam, UserTesting seems more like a beta testing tool in that it can be used at any stage in your development cycle, and you specify which tasks you want to test. So instead of seeing how users interact with your app as a whole, you can more narrowly focus on specific sections of your app, and specific tasks.

99tests
99tests is promoted as a crowdsourced testing platform. What this means is that, like UserTesting, you specify the audience type -- key demographics, device type, location, etc. -- and 99tests find the perfect testers for you.

TestFairy
TestFairy is another beta testing tool that provides a video recording of what users are doing with your app. However, TestFairy does not give you easy access to a pool of testers, and you are expected to source your own testers. This shouldn't be a deal breaker when considering beta testing tools, but it does mean you should have a tester 'recruitment' plan in place before signing up for TestFairy, if you don't already have your own pool of testers. Using family and friends is a good start, but only if they match the demographics of your intended audience. You want a diverse pool of testers who are able to test your app on different devices, and in different real-world situations -- for example, using WiFi versus mobile data.

HockeyApp
The final tool in this roundup of top beta testing tools for your app is one that offers more than just a testing tool. HockeyApp offers the standard features you would expect in a beta testing tool, but they also include user metrics. User metrics in HockeyApp encompass everything from number of active users and engagement, through to information on devices on which your app crashed in the last 30-days. This last metric can be quite valuable in helping you differentiate between bugs that affect all users, and those that affect users on specific devices.

38

ISTQB / The agile transformation and test automation

« on: December 26, 2017, 12:29:01 AM »

As teams learn and adapt to agile, customized implementations in the process will further impact the industry.

API testing
Before agile (the Agile Manifesto was released in 2001) when almost everyone used the waterfall development model, testing exercised the software’s functions in entirety including the user interface, but usually in a distinct test cycle at the end of the development cycle. Today, after each iteration, you have access to a feature or user story to test, but that’s it. Of course, you also have access to all previous iterations’ functions and features developed. Sometimes, you don’t have a user interface, or you have a user interface that is morphing and changing because the client may see something and want to change it. To speed up the development cycle, teams are also using a lot of third-party modules or functions so they don’t have to reinvent the wheel for noncore product functionality.

api testing
That’s where API testing comes in. You can still test functions, but you don’t necessarily want to or have to test the UI. Instead, you want to call the function with various input ranges and check the expected output. You don’t care if it’s aligned on the right bottom corner of the form. You just want to check the returned output. And the same goes for any third-party plug-ins or modules you use. You want to exercise them the same way, providing input and checking the expected output. This way, you are not dependent on the UI to do our testing.

In an agile environment, it’s very likely that API’s, plug-ins, and modules are being broadly used, and they still need to be tested at each iteration because you’ll continue to develop functionality dependent on them. While you could rely on testing from past iterations, there will be calls to the API with different parameters and data depending on the functionality delivered. Because you’ll test the API on a repeated basis and changing the parameters, there are significant benefits realized through test automation. There are many tools to do this. Choosing the right tool as well as determining when to automate and when not to automate requires a certain degree of expertise and understanding, as with any form of test automation.

In addition to automating functionality testing, there are also the issues of performance and security that can be addressed with API testing as well. Like functionality testing where you test the expected outputs given various inputs, you can ramp up these calls to the API just as you would test performance with the user interface and vary the user scenarios. This will put strain on the various program components involved and serve as an independent assessment of the program and data logic apart from the user interface. For security testing, you can embark on the same or similar strategies that you use when executing security tests when the software is done, but at the data or API level. Making erroneous and black-hat calls to the software and determining how it behaves and blocks access.

API testing and test automation
With waterfall development models came a lot of manual testing as the QA team didn’t get the software to test until late in the game, leaving insufficient time to develop much automation. In some cases, automated test scripts were used for the major release and for subsequent releases to make sure no defects creeped into the software when fixes or new features were completed. The challenge was and still is to maintain the test scripts and balance that against their future usefulness. For example, you’d develop some Version 1 test scripts and pray that you could use your scripts for Version 2. Depending on the software design and the vision of product management, you must understand how to parse and structure the scripts carefully to ensure their later usefulness.

Now with agile, you’re testing features and functions as they are developed; in many cases the UI isn’t final. You can’t possibly test everything for every iteration, but you certainly must test enough to ascertain if the current build is good enough to progress to the next stage.

How do you get proper coverage with limited time? Automation! Next, determine what to automate and what not to automate. You’ll have to gauge the maturity of the user interface, the importance of those functions that have been delivered, and the reusability of the test scripts. That’s where automated API testing comes in handy. You can test the basic functionality of the software without the user interface. When the user interface is in final form and mature, you can then write UI based automated scripts.

So, as you can see, with agile, we still need to automate testing. In fact, you won’t be able to survive and keep up without it. Especially as more iterations give you more functions and features to test, you won’t be able to handle the regression manually.  The key issue is to be judicious in the types of automation you use, when, and where.

39

Science and Information / Alibaba Cloud is opening its first data center in India

« on: December 26, 2017, 12:09:10 AM »

Alibaba is bringing its cloud computing business into India as it continues to expand its fast-growing business unit.

Beyond offering standard cloud products — like large scale computing, storage and big data capabilities — India-based customers will get access to elastic computing, database, storage and content delivery, networking, analytics and big data, containers, middleware, and security.

The new center will give Alibaba Cloud 33 availability zones, which covers regions including China, Hong Kong, Singapore, Japan, Australia, the Middle East, Europe, and the U.S..

40

Science and Information / Australian navy submarine AE1 found after being lost since World War I

« on: December 25, 2017, 11:56:55 PM »

One of World War I's biggest mysteries has finally been solved after a 103-year search.

On Sep. 14, 1914, Australia's first submarine, the HMAS AE1, disappeared off the coast of Rabaul, Papua New Guinea.

It followed a successful mission to help capture what was then known as German New Guinea, and was the first loss for what was a young Royal Australian Navy.

35 crew members went missing without a trace.

  Mobile logo 2d675f03bcc8a93a7d09335159bda85a2cfee1e67a8649cd4a0bc639803afedc Share  Tweet
Australian navy submarine AE1 found after being lost since World War I
Share  Tweet 
 The HMAS AE1 has been discovered after more than a dozen expeditions.
The HMAS AE1 has been discovered after more than a dozen expeditions.
IMAGE: DEPARTMENT OF DEFENCE
BY JOHNNY LIEU
4 DAYS AGO
One of World War I's biggest mysteries has finally been solved after a 103-year search.


On Sep. 14, 1914, Australia's first submarine, the HMAS AE1, disappeared off the coast of Rabaul, Papua New Guinea.

SEE ALSO: Discovery of World War II shipwreck ends a 74-year mystery

 
00:0000:00

It followed a successful mission to help capture what was then known as German New Guinea, and was the first loss for what was a young Royal Australian Navy.

35 crew members went missing without a trace.

 The AE1.

The AE1.

IMAGE: DEPARTMENT OF DEFENCE

That's until an expedition this week, the 13th search for the submarine, which located the AE1 on Wednesday off the coast of the Duke of York Island group, in east Papua New Guinea.

The search vessel, Fugro Equator, found an object of interest in waters 300 metres (328 yards) deep, which was later confirmed to be the AE1. The cause of why the AE1 sank is yet to be determined.

41

Faculty Forum / Oxford's word of the year is Youthquake

« on: December 25, 2017, 11:49:58 PM »

Oxford's word of the year is a hopeful tribute to young people driving change--

Youthquake

42

Faculty Forum / People are using Uber instead of ambulances

« on: December 25, 2017, 11:47:31 PM »

When you're in need of a ride to the hospital do you call for ambulance or order an Uber?

It may sound like a silly question, but a recent study revealed that ambulance usage is dropping in the United States, and researchers believe ride sharing services like Uber are to blame.

A research paper released on Wednesday, showed the findings of David Slusky, a Department of Economics professor at University of Kansas, and Dr. Leon Moskatel of Scripps Mercy Hospital's Department of Medicine. The two compared ambulance usage rates in 766 U.S. cities both before and after Uber was introduced (between 2013 to 2015).

43

Faculty Forum / A wheelchair that allows its users to stand

« on: December 25, 2017, 11:42:22 PM »

The Laddroller is a wheelchair that helps its users stand. Designed by Greek architect Dimitrios Petrotos, the Laddroller uses four wheels, and can also navigate rough terrains. After 13 prototypes, it's now awaiting regulatory approval to go to market.

44

Faculty Forum / A revolutionary gene therapy treatment for cancer

« on: December 25, 2017, 11:41:25 PM »

Kymriah is a newly FDA-approved cancer gene therapy treatment from the drug company Novartis. It's part of a new class of therapy called CAR-T, which is made by "harvesting a patient's own disease-fighting T-cells, genetically engineering them to target specific proteins on cancer cells, and replacing them to circulate possibly for years, seeking out and attacking cancer," according to Reuters.

It's not cheap — it costs $475,000 per patient — but the results in patients with aggressive blood cancer are unprecedented. In fact, 83 percent of patients were cancer-free after three months with one dose (they continued to respond after six months, according to new reports).

45

Software Engineering / This game-changing Braille literacy tool for kids

« on: December 25, 2017, 11:37:48 PM »

The Read Read is an innovative learning device that teaches blind people and those with low vision how to read Braille. Each tile has Braille lettering printed on metal to touch, and the device also reads the letter out loud along with how many dots it contains. This helps the user sound out each word they learn.