6 years of blogging – time for a change!

Oct 252011
 

Six years ago, I was still a student at the University of Geneva, I decided to host myself a blog in order to be able to share my ideas and views with other people. It was also a convenient way for me to be able to remember some random ideas I would have read or learnt.  

I quickly realized that nobody was reading my blog :)! So I changed the switched the main language to English instead of French, this helped quite a bit to increase the number of visitors. I remember that I was really proud when around 30 people per day would visit my blog.

With time my focus and the focus of this blog sharpened on web design and web development (mostly Macromedia/Adobe Flash). Being actively focused drive this blog high in page rank and I had a decent amount of daily visitors (for a personal blog, that said).

Since my professional focus shifted from web design and development to software engineering and testing, the focus on this blog has been lost. Frankly, I am writing about too much random stuff to be able to capture someone attention.

In computer science there is a known paradigm, called divide and conquer, that state that to fix a complex problem a solution is to divide it in simpler problems. Starting today I will apply this paradigm to my online presence.

I am a software tester by profession and I am passionate about software testing knowledge and theories. I have opened a blog dedicated to software testing: testingpatterns.info where I will be blogging about software testing whenever I have something to write. Join me there if you are interested by software testing :).

I work at Microsoft, on Lync server and I own the testing for Response Group Service and Call Park Service. I have opened a while ago a blog on MSDN dedicated to this topic. Join me there if you are interested by Lync server response group service and call park service :).

What about metah.ch / ahmetgyger.com blog? Well I am going to use this blog only for more personal related blogging, giving my point of view on technologies and sharing some information about my life in the US.

Thanks for reading!
A.

Two days at PNSQC – what I took away

Oct 172011
 

A few weeks ago I had the chance to win at a tombola organized at SASQAG (Seattle Area Software Quality Assurance Group) an entry ticket for the PNSQC (Pacific Northwest Software Quality Conference).

With this ticket in my pocket, we decided (with my wife and kids) to have a trip to Portland, OR. I haven’t had time to visit Portland too much but I understood from my wife that there is no state taxes in Oregon :).

The conferences lasted two days (+ workshops that I did not attend) and was really interesting I must say.

Day 1:

The keynote was given by Julian Harty about the future of quality. The main idea is that software testing needs to focus much more on the users than on the functionality, testing needs to take into account more parameters than just a functionality.  

Following the keynote I went to a talk from Wayne Roseberry about software reliability. The reliability, he claims, can be achieved by good metrics and measure, development of tools to help improving the investigation in case of issue.  After this talk focused in process improvement I jumped to the testing track of the conference.

The test talk was an introduction to customer focused test design by Alan Page. The main takeaway of this talk, as already mentioned during the keynote, is that the focus in testing needs to shift to the customers. The testers should focus on the main scenarios from the customers and thus help increase the perception of quality. This could be done by increasing testers’ awareness on security, privacy, usability, reliability, performance, interoperability and globalization. Another tool to increase the coverage of customers’ scenarios is live testing or test in production.

This was actually the topic of the next talk I attended, presented by Keith Stobie. He went through a lot of technics to control and monitor test in production, from A/B testing to fault injection.

I then went to a talk by Jim Sartain about inspiring, enabling and driving quality improvement. As the title reveal, he focused on how to give the test teams the environment and the resources they need to make their job. Some technics he promoted were peer review, scrum and unit testing.

Finally, I went to a presentation about application security for QA – Pain or Gain, the emphasis was on modifying the perception about testing and giving some tips on how to make security testing.

Day 2:

Next morning was rainy and I was really tired because my 9 month old son teeth were piercing so I did not have much sleep. At least the first talk was really entertaining so all that did not really matter. The keynote topic was Value Sync, presented by Robert Sabourin. His presentation went through the logic of understanding and synchronizing the value between stakeholders and testers.

After the keynote, it was time for Michael Bolton talk. I was quite looking forward for this one actually. Topic was about standards and deviations. I felt a bit uncomfortable as the talk was really oriented against the drafts proposed for ISO 29119 (software testing). I mostly agree with his points but it did not deserve two hours of talk in my opinion.   

I then attended a presentation under the soft skills track: the ladder of unmanaged conflict by Jean Richardson. The presentation was about how to deal with conflict in your organization.

After that I went to a presentation about playback testing by Vijaya Upadya, a very interesting presentation about using application logs to reproduce bugs (in short the tests parameters are extracted from the logs and allows to reproduce issue found on customers side or during live production testing).

It was time for a talk by Marlena Compton about understanding the psyche of the software tester. I was a really entertaining talk but I did not really agree with the content. I think the presentation missed a very important point on the interaction between developers, testers and project managers. She analyzed the conflict from the tester point of view, without taking into accounts the context of these conflicts.

To finish the conference, I decided to listen to Bj Rollison about parameterized random test generation. This was an excellent talk, I really liked how he presented an intelligent framework to have a great test coverage with realistic random data.

Overall, these two days were really refreshing and introduced a lot of new ideas in my perception of software testing. It sounds like we are in the middle of a profound change in software testing and the great news is that the users trends to the top priority in the testers mind.

If you are interested about the topics presented at PNSQC, they share all the content of previous events. You can head to the past conferences part of their site and you should soon be able to read / watch the presentations yourself!

First week in Seattle: ✔

Jun 292011
 

Last Sunday, my family and I landed in Seattle airport after more than ten hours traveling.  We then settled in a temporary housing in Kirkland, with a breathtaking view on Washington Lake. So far, we are all excited and happy to be here!

On Monday morning, I was at Microsoft for the New Employee Orientation (employee that relocate have to attend the NEO). It was a pretty good way to adjust my jet lag and understand what I needed to do in order to get my administrative work done. Main blocker for us is still the social security number. In the US without a SSN you cannot get credit. Without credit you cannot get a phone, a car or a house. So our temporary situation is going to last for a few more weeks, not bad considering the current view on the LakeJ.

Being at Microsoft mothership is quite impressive, around 60’000 employees dispatched in numerous building all around the area. This is a radical change from my experience in Zurich (Switzerland) where we were “only” 30 employees.  When I learned that the Dev Center in Zurich was about to close, I decided to stay in the same group (Lync) while extending my responsibilities. This means that I am now testing Lync Response Group and Xmpp Gateway.

The Seattle area is very promising, close to mountains, forest and the Pacific Ocean. I am really looking forward to discovering this area.

 

Spec Explorer – Model Based Testing for all

Jun 112011
 

Some interesting Spec Explorer videos from Channel9. It is all you need to get started with Model Based Testing.
The idea behind spec explorer is to make a model of the requirements of your products and let Spec Explorer generate millions of interesting test cases. You just need to find enough CPU power to run all the generated test cases :-)!

Continue reading »

Where do software testers get their knowledge from?

May 162011
 

I will soon celebrate my three years anniversary as a professional software engineer in test. After three years, I still feel like I am missing some formal “education” on software testing. Despite owning a Master  degree in Information Systems and Communication and having spent 5 years at University I never had any introduction to software testing ( no, it was not the course(s) I was too lazy to go to).  Of course, during the last three years, I went to some conferences, read books and blogs and tried to engage with influential software testers to get some expertise on the topic.

However, I would like to have a website that aggregate as much as possible of the software testing knowledge. Developers started earlier with what is called design patterns but I could not find an equivalent for software testing. So, I asked (on the Software Quality Assurance & Testing Stack Exchange QnA site) to other software testers if they were aware of any repository for software testing techniques and patterns. Answers I had were a bit scary as the only place still active on this topic was the Wikipedia portal about software testing, it looks like all repositories evolved to a “dead tree” variety. So currently most of the online knowledge on software testing is hosted on QnA sites or on personal sites where owners will have no external control over their sayings.

To address this issue, I decided to create and host a wiki about software testing patterns: http://www.testingpatterns.info. I will add as much content as possible during a full year. I hope to be able to educate myself doing so and ideally I hope that other software testers decide to give some of their time to increase the content of this wiki. I will be contacting some of the influential testers and hope to make them create a committee to validate each new pattern.

Are you interested in participating, do you know some people that might be? Please help me (blog, tweet, talk, comment) making this wiki a successful idea!

If you are interested in more than participating, ie administrating the website, feel free to contact me.

Thanks!


A son, a new job and a relocation

Jan 252011
 

There have been quite a lot going on in my life the past months, following the timeline of the events:
Most importantly, my wife gave birth to a healthy and beautiful son, named Baptiste. He is already quite tall and is wearing 3 month cloth after only 1 month of life :).
Few weeks before, I learned that my office in Zurich was shutting down and that my job was relocated in Redmond / Washington.
My wife and I planned to move to Redmond in a few years but with the unexpected closure of the Zurich development center we decided to take a shortcut in our plan and to accept the relocation offer. The decision was not too hard to take and I must say that I am super existed to be working in the mothership of Microsoft. Although Zurich is a beautiful city that offers incredible life quality I was never able to get myself to the Swiss German culture, probably because I am so Swiss Frenchy :).
The most annoying part of this move will be to get so far away of my family and friends but as I learned from previous experience friendship is not a link that can be broken by long distance.
The current plan is to have my family and me moving to Redmond in end of June 2011. So until then I will enjoy having team meeting in the middle of the night with my new team :).

Impersonation with C#

Oct 152010
 

.Net offers multiple ways to manage impersonation and its level. The important point to understand is what is being impersonated: the thread or the process also is the impersonation happening on the process or is it happening only on the network. Below classes will show you how to impersonate in all this cases.

First class: ImpersonateManager – allows starting impersonation and will apply to the thread scope. You will need to allow unsafe code in your project build properties.  Below program is an example of using the ImpersonateManager.

class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);

            try
            {
                ImpersonateManager.ImpersonateUser("domainName", "userName", "password");
                Console.WriteLine("Impersonated User: " + WindowsIdentity.GetCurrent().Name);
            }
            catch (System.ComponentModel.Win32Exception e)
            {
                Console.WriteLine("Exception while trying to impersonate: " + e);
            }

            ImpersonateManager.StopImpersonation();
            Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);

            Console.ReadKey();
        }
    }

The ImpersonateManager.cs is like this:

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
namespace ImpersonateThread
{
    public class ImpersonateManager
    {
        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
        public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
            int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

        [DllImport("kernel32.dll", CharSet = System.Runtime.InteropServices.CharSet.Auto)]
        private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr lpSource,
            int dwMessageId, int dwLanguageId, ref String lpBuffer, int nSize, IntPtr* Arguments);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
            int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

        // OurIdentity
        private static WindowsImpersonationContext _impersonatedUser;

        // Tokens
        private static IntPtr tokenHandle = new IntPtr(0);
        private static IntPtr dupeTokenHandle = new IntPtr(0);

        // If you incorporate this code into a DLL, be sure to demand FullTrust.
        [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
        public static void ImpersonateUser(string domainName, string userName, string password)
        {
            const int LOGON32_PROVIDER_DEFAULT = 0;
            const int LOGON32_LOGON_INTERACTIVE = 2;

            tokenHandle = IntPtr.Zero;

            // Call LogonUser to obtain a handle to an access token.
            bool returnValue = LogonUser(userName, domainName, password,
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
                ref tokenHandle);

            if (false == returnValue)
            {
                // Logon failure
                int ret = Marshal.GetLastWin32Error();
                throw new System.ComponentModel.Win32Exception(ret);
            }

            // Use the token handle returned by LogonUser.
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);

            // Now the thread is impersonated.
            _impersonatedUser = newId.Impersonate();
        }

        public static void StopImpersonation()
        {
            // Stop impersonating the thread.
            _impersonatedUser.Undo();

            // Free the tokens.
            if (tokenHandle != IntPtr.Zero)
            {
                CloseHandle(tokenHandle);
            }
        }
    }
}



Now this might not be enough for your need, you might need more than thread impersonation.

There are basically two main logon scenarios in this case:

1)      The user you want to impersonate is on the same domain as the current process

  • Load the profile in the registry (like runas /profile)
  • Sample with: ProcessImpersonator.ImpersonateProcess_WithProfile()

2)      The user you want to impersonate is on a domain without trust relationship

  • Use the specified credentials on the network only (like runas /netuse)
  • Sample with : ProcessImpersonator.ImpersonateProcess_NetCredentials()

Below program do exactly this, it will start another executable (located in the same folder and having a name of test.exe).

class Program
    {
        static void Main(string[] args)
        {
            // Will impersonate the process based on a user existing on the same domain
            ProcessImpersonator.ImpersonateProcess_WithProfile(@"C:\test.exe",
                "domain", "user", "password");

            // Will impersonate the call from the process based on a user on a domain
            // with no trust relationship.
            ProcessImpersonator.ImpersonateProcess_NetCredentials(@"C:\test.exe",
                "Otherdomain", "user", "password");
            Console.ReadKey();
        }
    }

ProcessImpersonator.cs looks like this:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;
using System.Text;

namespace ImpersonateThread
{
    public class ProcessImpersonator
    {
        [Flags]
        enum LogonFlags
        {
            LOGON_WITH_PROFILE = 0x00000001,
            LOGON_NETCREDENTIALS_ONLY = 0x00000002
        }

        [Flags]
        enum CreationFlags
        {
            CREATE_SUSPENDED = 0x00000004,
            CREATE_NEW_CONSOLE = 0x00000010,
            CREATE_NEW_PROCESS_GROUP = 0x00000200,
            CREATE_UNICODE_ENVIRONMENT = 0x00000400,
            CREATE_SEPARATE_WOW_VDM = 0x00000800,
            CREATE_DEFAULT_ERROR_MODE = 0x04000000,
        }

        [StructLayout(LayoutKind.Sequential)]
        struct ProcessInfo
        {
            public IntPtr hProcess;
            public IntPtr hThread;
            public uint dwProcessId;
            public uint dwThreadId;
        }

        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
        struct StartupInfo
        {
            public int cb;
            public string reserved1;
            public string desktop;
            public string title;
            public uint dwX;
            public uint dwY;
            public uint dwXSize;
            public uint dwYSize;
            public uint dwXCountChars;
            public uint dwYCountChars;
            public uint dwFillAttribute;
            public uint dwFlags;
            public ushort wShowWindow;
            public short reserved2;
            public int reserved3;
            public IntPtr hStdInput;
            public IntPtr hStdOutput;
            public IntPtr hStdError;
        }

        [DllImport("advapi32.dll", CharSet = CharSet.Unicode, ExactSpelling = true,
         SetLastError = true)]
        static extern bool CreateProcessWithLogonW(
            string principal,
            string authority,
            string password,
            LogonFlags logonFlags,
            string appName,
            string cmdLine,
            CreationFlags creationFlags,
            IntPtr environmentBlock,
            string currentDirectory,
            ref StartupInfo startupInfo,
            out ProcessInfo processInfo);

        [DllImport("kernel32.dll")]
        static extern bool CloseHandle(IntPtr h);

        ///
        /// This will use the Logon_NetCredentials_only value.
        /// Usefull for inter-domain scenario without trust relationship
        /// but the system does not validate the credentials.
        ///
        public static void ImpersonateProcess_NetCredentials(string appPath, string domain,
            string user, string password)
        {
            ImpersonateProcess(appPath, domain, user, password,
             LogonFlags.LOGON_NETCREDENTIALS_ONLY);
        }

        ///
        /// This will use the Logon_With_Profile value.
        /// Useful to get the identity of an user in the same domain.
        ///
        public static void ImpersonateProcess_WithProfile(string appPath, string domain,
            string user, string password)
        {
            ImpersonateProcess(appPath, domain, user, password, LogonFlags.LOGON_WITH_PROFILE);
        }

        ///
        /// Call CreateProcessWithLogonW
        ///
        private static void ImpersonateProcess(string appPath, string domain, string user,
            string password, LogonFlags lf)
        {
            StartupInfo si = new StartupInfo();
            si.cb = Marshal.SizeOf(typeof(StartupInfo));
            ProcessInfo pi = new ProcessInfo();

            //
            if (CreateProcessWithLogonW(user, domain, password,
            lf,
            appPath, null,
            0, IntPtr.Zero, null,
            ref si, out pi))
            {
                CloseHandle(pi.hProcess);
                CloseHandle(pi.hThread);
            }
            else
            {
                throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
            }
        }
    }
}

For more information on the topic:

MSDN – CreateProcessWithLogonW.
MSDN – WindowsIdentity.
Geeks with blogs – Managed CreateProcessWithLogonW.

 Older Entries