Friday, May 22, 2020
Pholos - Magos Biologis
Wednesday, May 20, 2020
Learning AWS - Reflections after a Year in the Cloud
In 2018, a new job for me meant a new tech stack: AWS. Regardless of how long you’ve been developing software, new infrastructure can make you feel like you're starting from scratch. Jumping from a company with a cold room full of mainframes to somewhere cloud native was a shock, but I've enjoyed learning this wide world of cloud^h^h^h^h^hsomeone elses computer. If you feel like a cloud n00b, this post collects tips and tricks for learning cloud development from zero.
As with everything, pace yourself when trying to understand AWS and how to use it. If you feel blocked, put down one service and try another. I have found my happy path is a mixture of study, practical labs, poking around company infrastructure, and handling support rotations. Each contribute, in the long-run, to understanding the available services and building effective products upon them.
The Basics - AWS Vocabulary
The Cloud - Someone else’s computer. Keep this in mind when learning about AWS. It’s all just servers in a data center somewhere else. AWS may take care of a large or small portion of managing these computers for us, and they charge a large or small fee for the privilege.
Identity Access Management, IAM - Amazon’s method of controlling access and permissions to AWS resources. Users can have multiple IAM roles. EC2 Instances use IAM roles. Policies rely on IAM roles to allow/deny access so you only make resources available to those that need to access it.
Regions - A set of AWS data centers that are geographically related but operationally separate. Resources, accounts and VPCs can occupy a specific region.
Availability Zones - Each Region has at least three AZs. Each AZ is a data center separated from others within a specific Region. Each have independent power, cooling, and compute resources to enable you to add fault tolerance to your applications. If internet connections or power to one AZ goes down, you should be able to launch resources in the remaining AZs to compensate for the outage.
Fully Managed Service - AWS services that are fully-managed handle scaling, replication, fault-tolerance and latency without you needing to consider it. A big one is managed Elasticsearch clusters. All you need to do is specify a few parameters and AWS configures the rest (for the most part). Though you don't have to do nearly as much management, learning how to tune managed services is still up to you to solve.
EC2, Elastic Compute Cloud - Virtual machines you can launch on a whim, using the OS you desire, configuring them as you please. This is the backbone of AWS's successes. EC2 is the opposite of fully-managed services. AWS gives you the box, and you do the rest.
Learning Resources
AWS has a host of resources available to help you to learn what options are available. If you’ve never worked with a cloud provider before, I suggest taking some of their video training for Cloud Practitioner Essentials. Login with an Amazon (not AWS) account at https://www.aws.training/. Some trainings include labs that walk you through how to start your own instances, marshal AWS resources, and build a thing for yourself in the cloud. Pick something that matches your skill and engagement level, or use their workshop syllabus to self-guide training.
One of the best ways to learn cloud infrastructure is by doing. AWS offers a massive amount of services at a free-tier. Small VMs, hours of lambdas, and lots of S3 space can be used to learn a service without paying a dime to Amazon. YouTube tutorials about services often are built specifically to never breach free-tier levels of usage. Take advantage of this if getting your hands dirty helps you learn the best. Various online learning companies have video training and integrated quizzes/tests. Some have labs that rely on the free-tier of AWS so you can learn at basically no charge. If you're learning for work, talk to your manager about supporting a subscription if you have a specific avenue of study you want to go down:
https://www.youtube.com/ + Search for any AWS Service
If you’re a book person, AWS sponsors official study guides for each certification they offer. These can go out of date fairly quickly, but even an old version will help you get your feet wet when using a prominent service (DNS is DNS, and a Route 53 study guide will be largely applicable next year as last). Check the public library for a guides that will be applicable even if they aren't current. Find a slack channel at work or speak with experienced engineers. Context from experience can break a logjam of misunderstanding faster than reading the AWS docs for the fifth time.
Certifications
The AWS certifications are not required to work with cloud resources, but they can be a big boost to your confidence. If certifications and tests are your preferred method of study, here are a few lines that have been recommended:
AWS Cloud Practitioner Essentials - Good overview of AWS resources, administration, security, and budgeting. Take this if you’ve never used cloud resources before and want to come up to speed fast. Available as a series of videos with a free online test for certification.
AWS Solutions Architect - This is another broad level of study that can be useful after studying Practitioner. It offers a good overview of current offerings at AWS. You might use some, others not so much. Sometimes it feels like a sales pitch for their managed services, but the curriculum is useful for determining what is possible during the initial phases of a project. The multi-tiered certifications offer a learning path that can scale to your experience and career trajectory.
AWS Certified Developer - A deep dive on developing with AWS, the Developer cert study can be helpful in learning how to build on AWS as a developer. The practical labs and study areas cover some of the same problems you might have to solve every day in taking an idea from concept to supportable, sellable, product. This set of certs is also multi-tiered, and it can scale with your own experience if you feel like you need a fresh challenge.
AWS Certified SysOps Administrator - Another deep-dive learning path that can help understand how to configure, secure, and economize cloud resources. Covers management and tooling available to keep a cloud running smoothly and safely without breaking the bank. Also has multiple tiers of certification.
Yarn Pet Mod - Platform for One Pound Cakes
- Found a home depot pine board in my scrap bin that was 5 3/4" wide. Solid wood is preferable to plywood which can get splintery and snag the yarn. Avoid knots if at all possible.
- Cut length to match width.
- Find the center by marking two lines from corner to corner
- From center, use a protractor to mark 22.5 degree increments to the edge.
- Drill a hole in the center mark. To fit the Yarn Pet spindle, I needed a bit with a width 7/32".
- Using a table saw with miter gauge set to 45 degrees or a miter box, cut your square into an octagon
- Test your new platform on the spindle. My square was about a quarter inch too wide at the widest point, but it had plenty of play between a flat side and the curlicue. I knew trimming it again would allow it to spin freely.
- I trimmed my octagon into a hexadecagon by setting my gauge to 22.5 degrees. (Towards the end of the piece, the side touching your miter gauge will be incredibly small. Keep a firm grip, and beware of kickback!)
- Sand the tarnation out of every surface with 150 up to 220 grit. You can see in the picture above that I rounded every edge and corner. I chose not to finish the wood, but I can always go back and do this between knitting projects.
- I thought the thickness of the platform might be an issue, but it turned out to be perfect for giant cakes. The added thickness prevents the platform from wiggling on the spindle. You can plane down your board to match the included platform circles, but then I might be worried about their integrity. As is, the yarn comes off cleanly with the center-line of the cake coming just above the curlicue. So smooth...
- When putting the largest cakes on the pet, use the rubber stoppers for spindle-wound skeins to keep the cake centered on the spindle. This will prevent wobbling due to a loosening center as it is pulled from side to side.
- If you have a circle of the appropriate width and thickness already, all you need to do is find the center and drill it. Couldn't be simpler.
Thursday, April 23, 2020
Taming an AnyCubic Kossell Pulley 3D Printer
- Use DaHai's configuration video for starters.
- Upgrade the firmware to Marlin 1.1.9. I ended up using 1.1.9.1 as of this writing.
- Use DaHai's files and modify them to work with stock Steppers. Use Arduino IDE to load the firware after replacing Configuration.h and Configuration_adv.h (which I did not make changes to). Here are the changes I made to his Configuration.h:
- Line 624-626: Change these from his upgraded TMC2130_STANDALONE to stock A4988
- Line 705: I got crazy loud stuttering when first descending to the bed during a print. Lower this to get rid of that.
- Line 868: I and several people online have measured and gotten good resulting prints with the Type 2 Probe Offset at -15.88
- Line 938 to 940: These need to be true for stock steppers. DaHai's steppers did not need to be inverted.
- Line 1358-1364: Define your temperature presets. I have used PETG to great success with a preheat of 70C for the bed and 230C for the hotend. This rises to print at 80C and 245C respectively during the print.
- When following the leveling instructions, the video shows a "Set Delta Height" option that is absent in the version of the firmware I loaded. This caused me no end of headaches later when the method of subtracting the bed distance from both the Z-Height and Probe Offset produced weird math and never worked properly. Instead, I ran auto-calibration, saved the settings, then:
- Noted my Z after going to Prepare -> Auto Home
- Brought the nozzle to the bed using Prepare -> Move Axis -> Move Z until a business card wouldn't move when squished between the axis and the bed. I then noted the height
- Changed my Z height only by this amount by subtracting the number from the Z height, and a negative Z Height is thus added.
- Saved and Auto Homed
- Set my Probe Offset to 15.88 per recommendations online.
- Checked it again and only touched the Z Height when it was off. Repeat the Z height move if this is still not right.
- With the printer calibrated, it was time to print. I just used Cura because I couldn not get Slic3r or Pronterface to work easily. Cura does not have the Kossel in it by default, but it can be easily added. JDHarris on Thingiverse even shared the configuration file they made which can be picked up by Cura after a restart.
- I printed with PETG which has a high temp but no fumes. I found hairspray for adhesion worked best thanks to several awesome tips by people connected with the PDX hacker community. Thanks all!
Wednesday, January 22, 2020
New Year, New DEF CON
I'm more than a year out from a move that took me far from my hometown of Las Vegas to an adventure into the Pacific Northwest. Budgets, family and time being what they are, I too had to ask myself, "What makes you a hacker? Why should you go to DEF CON, again?" Obviously, moving two states makes it harder to go. Plane tickets are cheap enough in cattle-class, and I'm lucky to have family and friends in town upon which I can rely for lodging. But family illness and obligation are also considerations, and this feeling in the pit of my stomach topped it all off: the idea that I no longer belonged.
Ironically, this security-focused community is affected by deep insecurities. Concerns of legitimacy, competence, and belonging haunt us collectively, as do public examples of snake oil, burnout, and depression. Discussions of Impostor's Syndrome are almost cliche in their frequency. As is the mouth-agape disbelief following one of our rock stars admitting they second-guess themselves. This loose band of social misfits and punks emerged from in our cocoon of BBSes and IRC to be famously dysfunctional. We have had to exorcise #MeToo demons, and our unhealthy relationship with alcohol keeps many away for fear of their own safety. As a late-comer to DEF CON, I have not been personally affected by loss of friends in the community, but there's a reason Amber Baldet gave a talk on Suicide Interventions at DC21. Hackers in my cohort are maturing as well. Some of us are on their third career since the demoscene, and it has veered wildly away from any Information Security role. There has to be something that keeps us coming back to the desert in August. It sure ain't the unmistakable fragrance of Sunday morning talks.
It is a bit of a balancing act to maintain a conference that keeps drawing more and more people. As of this writing, DC28 is scheduled to use almost 400,000 sq. ft. of conference space in a brand new facility. Almost 30 villages with both broad and niche topics have formed, and each is a mini-con in and of itself. Along with this widening scope, there were public and repeated attempts by The Dark Tangent to reestablish DEF CON as a Hacker event and set it apart from the Information Security industry where so many of its attendees find employment. In the past, DT has publicly disinvited the Feds, and the run-up to DC27 saw another public clarification that while individual villages arrange their own sponsorship, DEF CON maintains no corporate sponsors. You can see the push and pull of "What makes you a hacker?" at the highest levels.
And so we approach a new year and a new DEF CON. Since DC19, I've grown with the conference. I started managing Toxic BBQ with the help of friends and this will be our fifth consecutive kick-off barbecue. People just show up to create an inviting space from scratch for anyone that can find it. I won a Black Badge with my son at DC 26 by solving crypto puzzles and have tried to contribute in equal measure since then. And yet there's this nagging feeling...
Ultimately, I've decided the gate-keeping question is not an important one to answer. What I give to and get from DEF CON keeps me going. I'm comes down to a desire to think things I have never thought before. I may not be able to show off like some, but I can gawk with the best of them at the Hacker Carnival. DC28's theme, Discovery!, is right out of my high school years when the internet promised the sum-total of human knowledge at our fingertips and all that we could do once those barriers dropped. Maybe we can celebrate by shedding our insecurities. Just for the weekend.
Sunday, March 24, 2019
Dan Moves North
- Learned how to quilt. 104 patches from my tour-guiding days on a lap quilt.
- Learned how to Black Badge at DEF CON 26. Shout out to my fellow Murder Hobos, PunkAB, and the entire Dungeons@DEFCON team for this kick-ass experience.
- Learned how to move across country through forest fires and with cats
- Learned how to survive a leg infection possibly from a cat scratch (not pictured; it was pretty gnarly)
- Learned how to not buy board games. I finished a 10x10 (play ten games ten times or more) without buying any new games in between. Moving thinned the collection, but it still takes up an entire linen closet.
Tuesday, June 12, 2018
Quotes from Dan Kaminsky's Keynote at DEF CON China
Above is Dan Kaminsky's keynote at the inaugural DEF CON China. It was nominally about Spectre and Meltdown, and I thought it was immediately applicable to testing at all levels. Here are some moments that jumped out at me:
On Context:
On Faulty Assumptions:
On Heuristics
On Bug Advocacy
On Automation
On Testing in the SDLC
Ctd. "Testing shouldn't be split off, but it kinda has to have been because people, when they write code, tend to see that code for what it's supposed to be. And as a tester, you're trying to see it for what it really is. These are two different things." 39:05
"[D]evelopers, who already have a problem psychologically of only seeing what their code is supposed do, are also isolated from all the software that would tell them [otherwise]. Anything that's too testy goes to the test people." 39:30
"[Re: PyAnnotate by @Dropbox] 'This is the thing you don't do. Only the developer is allowed to touch the code.' That is an unnecessary constraint." 43:25
"If I'm using an open source platform, why can't I see the source every time something crashes? ...show me the source code that's crashing...It's lovely." 47:20
"We should not be separating Development and Testing... Computers are capable of magic, and we're just trying to make them our magic..." 59:35
Misc
"Branch Prediction: because we didn't have the words Machine Learning yet. Prediction and learning, of course they're linked. Kind of obvious in retrospect." 27:55"You can have a talent bar for users (N.B.: sliding scale of computer capability) or you can make it really easy to fix stuff." 55:10 #HelpDesk
Tuesday, April 3, 2018
Urns
I was the responsible party for my father's estate as his wife does not speak English very well. As such, it fell to me to arrange the funeral, notify friends, and start to organize his affairs. I kept it together. The arrangements were made, the bills were covered, and all in a few days. I kept it together, that is, until I tried to return to work. I got ready. I even got in my car to go. But I could not. Instead, I went into the shop and executed a simple design for holding a portion of his ashes.
The material is Indian Rosewood (the same that I used for the magnetic bottle openers). The strong grain made mitered corners a natural choice. I even had enough contiguous grain to try to book-end most sides. I didn't have a keyed or splined miter jig (which could have strengthened the corners), but I figured the lid and bottom would provide a good brace against failure.
The second half took a few more months to pull off. Uncertainty about the accuracy of the cuts lead me to put the project on hold. Should I delay and try to true then with a shooting board? My girlfriend gave me the most wonderful advice once: when you find yourself rushing a project, put it down and come back later. The parts to three urns marinated on the bench and in my mind for a few months.
I finished the bottom with plywood. If I had to pick a spot where I'm uncertain about my choices, it's here. Glue is strong, but how will the baltic birch bottom hold up over time? I'm thinking of throwing in some brads there just in case. The bottom served as a canvas whereon I could memorialize my father. I was able to burn the message "Invictus Maneo", the Armstrong Clan (and our ancestral) family motto. Loosely translated, it means, "I remain unconquered."
This entire project was an object lesson in how I'm still learning some of the most basic techniques in woodworking. I need a way to clean up miters that start on the saw. A shooting board or similar has been recommended. Fine adjustments on my existing miter sled might also work. Though it didn't seem too bad once finished, the tearout for certain cuts makes me think I have a dull blade. I'll have to investigate, tune, and try again.
I think I've worked through a phobia of complex geometry. Something my father always talked about is how to hide your mistakes in woodworking. Bookends, miters, and a fitted lid left precious room for that, but I found a few tricks along the way such as meticulous test fitting, blue tape as clamps for difficult pieces, and patience above all. Regardless, I'm looking forward to the next boxes I build. I hope those have a markedly different emotional footprint.
Sunday, September 24, 2017
Dan Learns How To Blog...
On to the next 25,000! Hopefully it won't take me 4 years.
Tuesday, August 11, 2015
Responding to Vulnerabilities and Weaknesses in your Product: A Tester's Perspective
Monday, February 16, 2015
The Uncanny Valley of User Interfaces
To start, allow me present two exhibits: Jillian Michaels for Nordic-track and Trivago Guy for Trivago. Have you watched them? Good. Are ads for them already populating your sidebar? Allow me to apologize. So, did anything bother you?
Now, here is a second exhibit: Fiddler on the Roof. I'm sorry if I ruin this for you, but the fiddler is not actually playing his instrument. In high school, I saw this movie once in class, and again after I spent a year in orchestra. The second time through, I knew as little about playing the violin as one can, and it still bothered me that the fiddler wasn't successfully playing in sync with the music. The distraction caused by bad miming is well documented. Recent Amazon series Mozart in the Jungle has it. Other movies aren't immune either. Even a talented musician can be affected by it without equal attention to production (try not to notice the out-of-sync miming and white truck in the background 52 seconds in). The core problem is that you need to train someone who is good at acting to fake a highly skilled activity convincingly enough to keep the audience's focus. If the audience knows even a little, their belief is unsuspended, and you can lose all credibility.
Normally, this is fine. in a two hour film or season of a television show, the viewer is pulled in by the drama. The story isn't about how well the artist can play the violin; it is about the character's story. Also, most directors can rely on the majority of their audiences not knowing what skilled activities like playing the violin and hacking actually look like. Camera tricks can make some instruments easier to fake than others. Furthermore, some miming has become acceptable and celebrated through parody. We know it's hard to convey on film. Should that mean we don't tell this story?
Unfortunately, there is a class of film that cannot rely on the social contract to ignore non-experts acting out difficult skills. Its short format leaves no time to pull a person back in after having been jarred from their witless stupor. What pitiless medium is this? Commercials. In 30 seconds or less, the disingenuous spokesman is called out. The thankless medium that pays for most of our entertainment is reviled for cheesy effects, leaps of credulity, and now one more heresy: poorly mimed user interfaces.
Let's return to our exhibits, shall we? Nordic-track wants to sell us another piece of exercise equipment that we will only use as long as we are paying for it. To do this, they've strapped on a touchscreen to navigate workouts. What does Jillian Michaels use to navigate? Two fingers, and she watches the screen as she swipes left. Thinking back to your own interactions with iPads, touchscreen kiosks and mobile phones, when have you ever watched the old screen disappear? And when have two fingers ever been used to navigate a touchscreen?
The second is Trivago Guy. Not only has he drawn attention for being creepy, but his ham-handed interaction with the user interface makes me cringe. Poking at points on a calendar, full-handed presses of the Search button, and similar miming make me look up from my desk and gag. Similar interactions with after-effects like those in the Endurance Extended Warranty commercial make me wonder if anyone thought to proof the commercial before buying ad spots day after day, year after year. An alternative explanation would be that the producers honestly think this is the way people interact with computers. Either one disarms the viewer and places the product as unfavorable in their eyes.
I would like to propose that each of the above cases can be grouped together as potential examples of the Uncanny Valley. As a movie viewer familiar with how a violin is played, I connect notes and the movement of bow in a way that the uninitiated cannot. I reject the characterization as invalid for a brief period, but my emotions pull me back in with other human interactions elicited by the actor's performance. For these commercials, this does not happen. The terrible user interface interactions remove focus from the message of the commercial, and it is judged as unfit just long enough that I reject the product on offer. Worse, subsequent viewings reinforce my first impressions.
Generalized lessons in the User Experience design space are many. After testing a new user interface, I have found it helpful to let the uninitiated take it for a spin. While I have been long-desensitized to bad interaction by other considerations ("It actually works once you get used to it!" being one, "I just want to be done with this." being another), initiates see the unnatural interaction, and one can read the revulsion in their face even when they don't come right out and say it. This commercial for the new product is a failure, and I don't wait around to see them lulled into the same sense of security. It stinks, they know it, and now I do to. While users might not be expected to use a new interface right away, something that is counter-intuitive from the start should be avoided. Depending on the medium, counter-intuitive steps can be overcome, but not without good decisions elsewhere to draw the user back in.
Tuesday, January 6, 2015
Context-Driven Testing, An Education
- Entrenched methods are represented by the International Software Testing Qualifications Board (ISTQB) and its many local equivalents. Certification is their path to expertise, with accompanying wares of training sessions, books, tests and standards.
- Context-driven Testing focuses more on a set of tools and skills that typify testing. Advocate offer classes at conferences, but certs and best-practice are four letter words. They state that there are no best practices, and a tester knows best how to apply the tools to explore, experiment and learn about the system under test.
Something Just Didn't Feel Right
I strode onto this battleground in 2011 as a new manager and new tester. Promoted from an application integration team, I was used to working with outside developers while using and abusing buggy product. This did little to prepare me for the reality of testing: limited time and endless defects! I dove into the online community in the hopes that it would help sort the good from the bad. What I found to be the central influences were conferences, consultants and blogs.At testing conferences, half the talks were advertisements for bug trackers, test case repositories and automation frameworks. These were great for managing a project, but they didn't support the essence of testing: finding more defects. Expensive tutorials before the conferences showed similar taint: how to use this tool, best practices for testing this specific type of thing, certification in a process and not a portable technique. The cost was the most surprising thing: Thousands of dollars for something I couldn't justify to myself, the eager tester with a training budget to burn.
Delving into webinars brought more despair. A demo of the latest automation tool invariably lead to a pitch to get me to purchase something. The topic purported to discuss principles, but I ended up in the morass of industry jargon. I learned how to write, automate, and justify my time, but I was no closer to actually finding bugs in a more efficient manner. And what's more, I was spammed by vendors for months after. I found zero techniques that were universal.
Finally, the blogs showed a glimmer of hope. Some people wrote about techniques. Others wrote about test cases and how they managed their overhead. Still others advocated that QA should be involved earlier in the development process. Nowhere did anyone extol the virtues of their test management system, bug tracker or automation too in helping them find bugs. This was a breath of fresh air, but it still felt stunted and directionless. My closest analogue, software development, spawned a generation of people applying agile to everything from families to manufacturing, but there wasn't a similarly powerful framework for testers. I started to feel that no one was excited about my new career outside of the context of getting paid for it.
This muddled world left me questioning: Shouldn't there be some "ethos of testing" to unify our efforts just like in agile software development, lean manufacturing, and so forth? Why do vendors have a place at the table at industry conferences? Why isn't anyone embarrassed that the main competitor to major test management software is a spreadsheet? Who cares about my expertise and not just my dollars?
"Answers" and Answers
For a long time, I thought the answer was in certification. Surely, if ever there was an organization that could be a cheerleader for quality, it would be the ISTQB. However, the reality is much different. Manuals are filled with process, conferences host vendors and not practice sessions, and training classes are about extracting fees and not learning techniques. The certification exam that guarantees your resume goes to the top of the pile and organization that proctors it is a laughing stock.The alternative came through an unlikely route: Twitter. Long a tool of celebrity publicists and companies looking to engage directly with individuals, Twitter also has a reputation as the way to communicate within a subcultures. Have an idea? Publish it in under 140 characters. Want to learn the pulse of an industry? Follow its leaders. Computer security wonks, hackers, and now testers joined my follow list, and I was soon introduced to a new debate: is certification a waste of time? I'd found my people.
The new school touted something called Context-driven Testing. Instead of best practice, effective testing was supposed to be driven by context. Instead of test cases, a set of tools were taught that could be used depending on the product (mainframes are tested differently than mobile devices). Even among superficially similar products, the most effective testers would make judgement calls based on the needs of the customer and the time available. Testing was not a set of rigid processes, but a scientific exploration of the software. The knowledge gained by testing increases the confidence of the organization in the software. In other words, testing challenges the assumptions made by the developers that the product works in the time we have available. This sounded like the meat I was looking for, but the results were amazing too.
In an experiment, I had our work study group put down the ISTQB manual with its test cases, and I instead introduced them to exploratory techniques. We first learned about the requirements and returned a bunch of questions to the developer. Then we tested without scripts and tracked our coverage on a mind map. It was the first time we had been prompted to field trial a technique in our study session. The best part was that a person with very little previous experience in testing was able to pick up the technique almost organically.
This revelation about software testing was what we were all looking for, and it was delivered through experience instead of pronouncement. James Marcus Bach, one of the proponents of Context-driven Testing compared the ISTQB and certification organizations to the medieval medicine of Galen. People wrote down what testing was and proceeded to bleed their employers without knowing why it wasn't finding bugs. Testers were outsourced instead of valued as their techniques were old or ineffective. Yet in spite of all this, the consultants and conferences kept making money printing outdated works of questionable value. Once context-driven techniques come to light, the old ways start dying. We can only hope this continues so that meaningless certs are no longer valued by testers, managers and HR alike.
Where Next?
After stumbling through the world of testing for a few years, I have abandoned certification as a path to expertise. As with computer security, network administration and technical support, certifications are a poor way of communicating true expertise. This revelation places testers firmly in the camp of indispensable elements of the development organization. They are not monkeys running scripts but knowledge workers with a valuable investigative skill that challenge the product from all angles. They cannot be outsourced if you hope to be successful, and they cannot be replaced by automation.I am beginning a new training regimen with my testing colleagues based around Context-driven techniques. We hope to learn the techniques and apply them to our current projects and continually grow our skills in this new framework.
Further Reading
- A Context-driven Testing manifesto of sorts
- Black Box Software Testing, Coursework in Context-driven Testing
- Rapid Software Testing, James Marcus Bach's courses on Context-driven approaches:
- Exploratory Testing techniques explained
- Testing is not Automation. Why Automation is another tool and not a cure all.
Monday, December 8, 2014
Clark County, Nevada Elder Abuse Resources
Before going nuclear on someone new in your relative's life, first do the single most important thing: talk to your older relative. Often, misunderstandings or matters of privacy can be sorted out without resorting to law enforcement, state assistance or subterfuge. The matter of trust between you and your relative is the single most important factor in maintaining their long-term health and well-being. If you lose their trust, you lose almost all ability to help them.
Local Police Resources
Police seem to only be able to make 'welfare checks' for elderly people that outsiders suspect are being abused. They can only visit the premises when the person is home. The Las Vegas Metropolitan Police Department Operator and Dispatch informed me that there are dedicated Elder Abuse detectives. Unfortunately, they only operate M-F, 7-4. As the crisis was after this time, we couldn't get a welfare check immediately. The numbers for these departments are below:- Metro Operator: 702-455-8697
- Metro Dispatch 702-828-3307
- Elder Abuse Detectives: 702-828-3111 (Hours are 7-4, no voice mail)
State Resources
Though I I have not taken advantage of these resources, there may have been help available through the Aging and Disabilities Services connected through the county. Comparable services may exist locally in your neighborhood. Perhaps there are some interventions that would be helpful going forward?- http://www.shouselaw.com/nevada/elderabuse.html
- http://www.health.nv.gov/HCQC/SB129ElderAbuseTrainingforWebsites.pdf
- In Nevada, crimes committed against elderly command double the sentence.
Social Engineering
When trying to find out more about people that have entered a loved one's life unexpectedly, unexpected phone calls from unknown people are a great source of more information. Generally, act as if the person is at home but not available. The person on the other end of the line may divulge information that gives you clues about the intruder. Effective phrases are below:- "Yeah, he's here but he's busy. He asks what you need."
- "Hold on, let me get her...She's here but can't pick up right now."
- "Who is this again? I didn't get that down last time."
- "His phone is dead. What number can he reach you at?"
- "What was it again that you're meeting for?"
If you must get the police involved, minimize the impact on your relative. See if they will come around when you try to have a person escorted off the property. Ensure your relative is not involved in any illegal activity before involving the police, and, most importantly, get the consent of your relative before escalating. You must maintain their trust, and asymmetric reactions to otherwise benign or diffusable situations can ruin that bond and expose a vulnerable relative to harm from both the intruder and the police.