Lets talk about software development. Recently I have worked to get a team I am part of using a new development methodology called BDD, or behavior driven development. If you develop software at all, and have not been living under a rock for the past 10 years you maybe wonder if BDD is anything like TDD.
The answer is a little, but with some key differences. First and for most unit testing is about function/method level validation. Secondly it is an internal development practice (your stakeholders *should* not care if you do TDD). BDD is about a higher level of validation. It is about verifying the application works. It is also something your stakeholders should care about.
When do you develop software using BDD before you ever write a line of code you must write what is called a scenario. A scenario is nothing more specification or requirement defined by example. There are a near infinite number of ways one could go about doing this, but I am a strong advocate of using something called Gherkins. Gherkins is nothing more than a grammar for documenting the preconditions, key actions, and expected outcomes. [This will be covered in a later article.]
After the scenario(s) are documented development can start. As these scenarios are really the solidified requirements for the application it is fitting that they also become the acceptance tests which the application will need to pass. The first problem which needs to be solved is how to turn scenarios into an executable set of tests. Each scenario is made up of steps. These steps are converted into executable code which can drive the application (through the real ui). As the driver is being developed the code make the steps succeed is written.
Once a feature is implemented, you should have an automated set of acceptance tests that prove the applications works. Which frees your testers, and quality assurance engineers up to worry about how the application works and not if it works.
What maybe surprising to you though is the automated acceptance tests are not even the biggest value of BDD. The biggest value of BDD is the scenarios give developers, stakeholders, and business analysts a framework for communicating about what will and will not be implemented.
Posted by Jmaxxz on April 1, 2013
Assessing someone’s technical skill level is a quite difficult thing when one only has 30 minutes. Let me start by saying I am no expert at how to do this, but I would like to share my favorite interview question for assessing a developer’s experience the question is targeted for C# developers. However, most of it the question is applicable to Java developers as well. Read the full post »
Posted by Jmaxxz on May 7, 2012
Here is a fun little vulnerability that lets you remotely crash Lotus Notes on demand.
- Set your Sametime status to a REALLY, REALLY long value without any white space in it (this should work).
- Message the person whose Lotus Notes instance you would like to crash
Now this does not really crash Lotus Notes, rather it puts Lotus Notes in an infinite loop making it unusable until it is restarted. My present theory is that Lotus Notes is trying to figure out how to word wrap the super long status and is looking to replace space characters with newline character. As it can’t find any spaces to replace it just keeps trying forever. (But this is only my theory.)
Posted by Jmaxxz on May 2, 2012
One of the major disadvantages to using a popular CMS like Joomla or WordPress is that the popularity of the platform means that it is also a popular target for black hat hackers. Until recently I was using Joomla to manage all the content on my website during this 5+ year time period my site was hacked twice. The first time the site was defaced by an attacker who used an SQL injection attack against the Joomla password reset page to deface the site. This was far from a targeted attack against my site rather the attacker seems to had a script that searched for any site running Joomla and attacked it. My site fell to this attack a mere 14hrs after Joomla published an updated to close the hole. The second time my site was hacked it was also done via a non targeted attack. This time it was a worm which had been infecting WordPress sites and Joomla sites. I am not sure what vulnerability the worm used to get into my site, but once in it injected every php file in the user account that the site was running under. The following are things which I learned from both attacks to help prevent and make cleaning up a future attack easier
Read the full post »
Posted by Jmaxxz on March 18, 2012
I finally decided to put my old site to rest (mostly because it was defaced thanks to yet another security hole in Joomla), please bare with me as I move all the content over. I apologize in advance for any broken links.
Posted by Jmaxxz on March 16, 2012
A couple good quotes from a great article from Bruce Schneier.
“Security is a mindset, and looking for vulnerabilities nurtures that mindset. Deny practitioners this vital learning tool, and security suffers accordingly.”
“Anyone can design a security system that he cannot break. So when someone announces, “Here’s my security system, and I can’t break it,” your first reaction should be, “Who are you?” If he’s someone who has broken dozens of similar systems, his system is worth looking at. If he’s never broken anything, the chance is zero that it will be any good.”
Posted by Jmaxxz on September 26, 2011
Security, it is one of those hot button issues. Lots of companies like to pretend they are security conscious. One particularly troubling trend is the suppression of vulnerabilities which are discovered during development. It is a nice story for a company to be able to go to be able to say to potential users, “We have no known vulnerabilities.” This statement is actually meaningless:
Posted by Jmaxxz on August 30, 2011
A couple days ago I had a fun idea running through my head. What if one could take the standard linq function Concat() and have it “consume” its own output as the input which created the output, a paradoxical call if you will. This can be represented with the following F# like pseudo-code:
Let y be 1…100
Let x be y.Concat(x)
Read the full post »
Posted by Jmaxxz on February 19, 2011
Airborne Mouse is an Android application designed to work with the Logitech Touch Mouse Server. Letting you control your computer with your Android phone. Airborne Mouse is unique in that it allows users to install a single piece of software on their computer and control it with either an iPhone/iTouch/iPad or an Android phone.
Read the full post »
Posted by Jmaxxz on February 13, 2011
A couple weeks back I published Jmaxxz.Deet, a software library which brought reference types to the C# language which were guaranteed never to be null. While I maintain that null references are an indication of poor design and should be avoided at all cost, I am forced to admit that Jmaxxz.Deet is not the answer. Over the course of the week following its release I adopted into all my code. I found that the syntactical complexity it added significantly reduced the readability of my code. This added a certain level of cost to maintaining any code written using Deet. In my estimation this cost is not worth the benefit of formal declarations of the nonnull state of reference types. The only way something like Deet become a reasonable solution is if it has first class compiler support, or through the use of a tool like PostSharp to add it in as a post compile step so as not to pollute the code-base with noisy declarations.
Posted by Jmaxxz on February 12, 2011