Alice, Bob and Mallory

The incident I wrote of in Hello this is special agent Brian were covered in a Swedish radio documentary a little more than a month ago. It's all in Swedish. You can find out more here and you can download the documentary from here.

I also would like to add that we did not press charges like the police officers says 37 minutes into the documentary. Not because we thought it wasn't a big deal but we knew that a couple of big players already had so we thought we could spend our time better.

I'm sorry to admit that this blog has died from lack of content and I have absolutely no guarantees to give you that it will ever come alive again.

At least I'm still alive and last night I had some fun with C, Code::Blocks and SDL.

I've felt it and I've heard it from colleagues several times. Writing unit tests can be hard work. Especially adding unit test to an existing code base is, at best, cumbersome. Also it's one of those things with delayed gratification. Sometimes it's not even you that will benefit from them being there because the biggest win can be long down the road, when changes to the system has to be made.

Tests may seem to be isolated and it's even considered a good thing to keep them that way. Even so the tests of your application has a correlation to what the system aims to do on a bigger scale. This one of the things BDD focuses on. I think that one of the biggest advantages is that you in one process writes a specification and tests that ensures that the spec. is met. Testing becomes a natural part of the development process. This way it clearly shows that BDD and TDD are design processes and that it's certainly not all about adding unit tests.

Find out more about BDD on: http://behaviour-driven.org
It must be stressed that BDD is a rephrasing of existing good practice, it is not a radically new departure. Its aim is to bring together existing, well-established techniques under a common banner and with a consistent and unambiguous terminology.

For Ruby RSpec has almost become the de facto standard for BDD. The concepts Story, Scenario, and Test feels natural and the syntax is short and easy to read.

In languages like Java or C# the tests often becomes much more cluttered and some of that clutter is the extra code that comes with static typing. I believe that dynamically typed and overall dynamic languages like Ruby or Python could find a nice little niche here. They could become DSL's for testing.

RSpec is on it's way for .NET/C# via IronRuby and for Java via JRuby but don't hold your breath because they are still in alpha and beta.

.NET / C#
Testing .NET with IronRuby...
NSpecify => RSpec… well closer anyway

Java
Java Functional Testing with JRuby and RSpec
JtestR

Ruby
Slapp - A simple chat wall Merb tutorial. With nice exampes of using RSpec.
Behavior-driven testing with RSpec

ASP.NET MVC
ASP.NET MVC Test Framework Integration Walkthrough
MVC Preview - Testing
ASP.NET MVC Session at Mix08, TDD and MvcMockHelpers

In a recent release TrueCrypt now supports drive/partition encryption.

One reason to encrypt on disk instead of file level is that operating systems and applications sometimes accidently stores passwords on your hard drive. This can happen in a number of ways and one common mistake applications make is to not prevent to be put on disk by the OS. Modern systems have a page/swap file. If a program gets paged out while holding your clear text password in pageable memory your password will be written to disk. The problem is that there are password recovery tools that can scan your page file for passwords.

You can configure Windows (and surely most other operating systems) to clear the page file on shutdown which will give you better protection (and slower shutdowns). Be aware that if you simply turn off the power the page file will be intact.

I recently attended a session held by Marcus Murray. It seems it was kind of a compressed version of the session he held at TechEd earlier this year. Murray is witty, charismatic and has a broad and deep understanding of IT-security issues. He cracks jokes and practices a little social engineering to keep the audience attentive. If you and your IT-staff wants to be briefed (and scared) with the latest in IT-security I could easily recommend Murray.

He demonstrated a couple of tools that both impressed and scared me. First he demonstrated how to set up a mail based attack using the commercial Core IMPACT. It's a very impressive tool and mail based attacks are only one out of many attacks this software has the ability to execute. Before seeing this I could never have guessed there are tools this advanced and this easy to use. The lists of exploits it can test, in an all automated fashion, were long and seemed to be up to date.

Murray also demonstrated ARP poisoning and hijacking of a RDP session by using the free Cain & Abel tool. You could feel the discomfort in the air as it dawned on the audience how easy this is to set up.