Saturday, August 19, 2006
Too Busy to Blog? Say It Ain't So.
- I wrote a tool to work around a problem that Visual Studio can create with Authenticode signatures on EXEs and DLLs. Given that I was the Authenticode tester in my previous life at Microsoft and I understood the problem, I was the one to write an app to get around the Microsoft cruft. I'll blog about that soon and I'll ask Ray (our CEO) if he's cool with me even posting source code for the app.
- I got to write a build script so that our devs could stop spending so much time manually doing different tasks to get a build out. Next week, I'll work on setting up a scheduled task to check Subversion for source changes and automagically build, share out the build MSIs, and send everyone a build mail. Maybe I'll even have the test machines automatically install the new build overnight so that I have shiny new bits waiting for me in the mornings.
- I hacked an MSI to change the installer's behavior. Being able to continue the install even though files were in use and couldn't be updated hosed everything. Because we were about to release, the decision was to remove that option. Unfortunately this wasted some time for the folks in marketing who were nice enough to install the new build for us. I should really figure out some way to repay them for their kindness in helping test the software.
- I got Bugzilla to mail people when bugs were updated. It was all new to me. Luckily it was in Perl, so it wasn't that difficult to understand. I guess that functionality had been broken since late April. Sheesh! No wonder the PM and the devs *and* Nan (the head of creative marketing) had all complained to me about how it didn't seem to work any more. Part of me wonders why nobody else bothered looking into the problem for the last 4 months, but I don't want to point fingers or throw stones, so I'll just shut up about that.
- Did I mention that I'm *still* working on that spec for our product that should have existed eons ago? I got too sidetracked with testing and reproducing customer problems to put enough time into it so far. Progress: sluggish.
- There was also a little management hat goin' on. I met with some recruiters to help determine what I'm looking for in a boss for me ('cause who in his or her right mind wants to be an SDET Lead?). And I also set up some phone screens with candidates to be my SDET peers. Based on their resumes, those should be fun. I hate to say it, but having recently gone through so many interviews myself, I started to enjoy interviews. Yeah - I know - weird.
Lotsa stuff. I don't even think that covers everything. It definitely leaves out the near-daily fire drills. Those have to stop. Soon. Once I get a little more process in place.
I think my next work-related blogpost will be about our product: what it does, what it doesn't do, how it helps people, and a bird's eye architectural overview. That might help my only reader so far that I know of understand what I'm working on now and it will also keep my focus on cranking out that spec. After that maybe I'll drill down into the technical, social, and general business worldy kind of problems with the model. Or maybe I won't. I suppose I should get Ray's ok first for that, too.
Wednesday, August 09, 2006
Security-related Daily WTF Post
Anywho . . . here's the Daily WTF post. Enjoy!
Pop quiz: What wasn't right about that email? Try answering *before* reading the comments on the original blogpost. Ouch.!Just . . . ouch.
Ramping Up on Everything
After a great deal of ad hoc testing trying to figure out how things work (or should), I think I have a pretty good grip on what an end user would/should expect. So it's time for a test plan. ESS had nada for testing before I showed up. Nothing. Zip. This will be the first attempt anyone's made at a test plan. Ideally, I could start with a spec and build the plan from there, but things aren't always ideal.
Luckily, the job of writing a spec has fallen to me, so the world is more ideal than I had thought. Or is it? I'm just some test schlub and I'm new to the product, but I'm the one expected to write the spec? Aaaaargh! And there's a crapstorm of testing that needs doing NOW because we're about to put out another dot release? Double aaaaargh! I'm just hoping to muddle through and have draft one ready for lots of red ink from the rest of the team by the end of the week.
I'll drill down into what the product is, who the customers are, et al. in later posts.
(P.S. I wonder whether or not I should actually use the spell-checker that Blogger offers. It's a cool feature, no doubt, but I want this to be off the cuff. Maybe a few misspellings work better than dictionary-perfect blogposts. I dunno.)
Who I am:
An ex-Microsoft dev in test. This means I live and breathe code. The sole tester at a startup. This means I'm interested or at least willing to take some chances and play "business". A total security geek. This means I'm all about either breaking into some system or securing it. That's the most interesting game of all . . . (Hack my blog - dare ya - go ' head - it's worth a laugh!)
What this is all about:
I'd ideally like to explain my job to my mom. Beyond that, it would be nice to explain it to all y'all, too . . .
After 7 years of Microsoft (test dev in Windows security), I'm now a (*the*) tester at a startup doing DRM stuffs. We're "Essential Security Software" in case you're keeping score at home. This is my blog about the trials and tribulations of making a startup start up. In the security space. As some insider. That's it. My schtick. Not so sexy, maybe, but it's *mine*.
More on the trials and tribulations of my job later. And probably also more about past things I should do even if the official documentation didn't.