Smart Contracts

Updating Solidity code and Testing a Smart Contract

Books on the Blockchain

Publica Self Publishing

Goodbye Contracting

Hello brave new old world...

Ruby-Selenium Webdriver

In under 10 Minutes

%w or %W? Secrets revealed!

Delimited Input discussed in depth.

Tuesday, 28 January 2014

Automating - Considering complexity in estimation

In preparing for test automation of existing scripts we'll go through a series of phases, sequentially or iteratively, depending on the way the project is being managed. One phase is the Analysis phase, a key activity of which is to analyse the existing set of Test Cases and assess various aspects of them prior to commencing automation.

Aspects we'll need to understand include; 
  • Amount: Total number of Test Cases to be automated 
  • State: are they current or out of date 
  • Quality: well written, easy to follow 
  • Complexity: number of steps, systems interacted with, set-up required 
Of the above, Complexity is one that I've seen myself and others stumble on. The issue is that often we just count the amount of Test Cases to automate, estimate how many a team can deliver each day, then divide by the number of days allowed. With that we come up with how many people we need in the team to hit the date. An alternate is that our team size is fixed and we try to move the date or the number of Test Cases we'll automate. This is just playing with the theory of triple-constraints; time-people-scope in this case.

The risk is that we'll start scripting, crack open the next set of Test Cases and suddenly realise they're way more complex than expected. The delivery rate slows down, team members start doing crazy hours and stake-holders begin to shout about dates. We need to add analysis of the Complexity to Automate into the analysis phase. This will ensure our estimates are more accurate and our delivery stays on-track to the schedule. 

What are the ways in which we can do this? The main issue is how we recognise complexity and assign some kind of value to it. In other words; 
  • What does complexity look like and how long does it take to address it when writing scripts? 

Once that's worked out, we still don't have our running order for delivery, we'd need then to map that to the usual question of: 
  • What is the business criticality of the Test Cases to be automated? 

From there we can cut a schedule of delivery which we'll have a better chance of achieving, while delivering scripts in an order relevant to the business. 

The main question then is around describing complexity. What makes a Test Case complex? Here's some suggestions; 
  • Total number of steps to carry out, before reaching the test validation point 
  • Pre-conditions that need to be met that set-up the system in a state that allows the Test Case steps to be run, which might include 
    • Data needed, of a certain type in a given state, in order to run the case
    • Access, permissions and accounts required 
  • The system and infrastructure dependencies 
    • Specific tools or scripts 
    • A particular kind of operating system or environment 
With these and other factors agreed, we need to apply some level of effort to them. For example, a typical length of time to automated a given number of steps. Maybe, a length of time to prepare data. 

As with all estimation, the margin for error is high as there's likely not complete consistency across all Test Cases. The trick is to do a little equivalence partitioning on the set, then apply your modelling in a consistent way at that level. With that we should address the idea that not all steps / data / etc is created equal, but in a common set of cases it'll be reasonably consistent. 


Monday, 27 January 2014

Avoiding the NSA, MI6, The man from U.N.C.L.E - Part 3 (Exposure)

EXPOSURE. Now that we have a sense of where our anonymity could be compromised, as we traverse the internet, let’s look at what data we could be giving away and how. With that understanding we can then identify what steps we can take to preserve our anonymity and protect our data. As with all things in these posts, keep your tester / analyst hat on and be thinking of the technology and systems we’re using. There are likely areas where you can feedback and comment on. Let’s re-cap where our data is going and as a minimum what we might be revealing as we go.

Connecting to your ISP
·         ISP account details, your WAN address, your IP address, browsing history

Sending a request for a web site /web resource to your ISP
·         All the above plus; URL requested, browser details, data you send if not encrypted

Website receiving your request
·         URL requested, WAN address, browser details, browsing history via cookies

On top of this information, we could be sending whatever we add in forms, leaking data via silent update and license checks from installed software, etc. as we covered in the previous post [link]. Let’s go over the above to be sure we’re 100% clear on the main ways we’ll typically be compromising our anonymity.

- ISP account details
Most home and small office set-ups no longer need you to log-in to the ISP. Connection is via the modem / router you have to your fixed line and to connect to that you’ll enter a password. Either way, your ISP will then have account details for at least one person. At home, that’ll mean the name of whomever the account holder is, some bank account or card details, an address, contact details such as email and phone number along with other details such as Date of Birth. You might also have answers to questions for security such as Mothers Maiden name, First School, Favourite Food and so on. This is a lot of information about you or someone in your household.

- Your WAN address (is NOT your IP Address)
It’s important to understand that the often asked question of “Does my ISP know my IP address?” is yes and no, because the question is usually asked in an incorrect way. The IP address of your system is a private one allocated by your router (1). The particular IP address you get depends on the manufacturer of your router. You can check the IP address you’ve been given by running a CMD window in Windows and typing ipconfig, for Linux (and OSX) it's ifconfigthen look down the list for the IP4 address. This will be something like 192.168.0.?? If you do the same on another computer connected to your wireless, you’ll see it looks mostly the same except for the last few digits. Remember these are private and are not meant to be seen outside your own network, except they CAN also be seen now.

Not actually, but you get the idea

What about the WAN address / the IP address that the sites you visit can see? The IP address stated on sites like is actually the WAN (Wide Area Network) address allocated to your internet connection by your ISP. Some are static, that is you get the same one every time you connect, others are dynamic meaning you get a different one each time you connect to the ISP. Go to and see what number it shows. See how this is different to your system’s IP address? We can prove the difference. Try doing an ipconfig on another computer connected to your internet connection and note the different internal IP address. Now go to the above site on both systems, same WAN address right? Because all devices are going through the same internet connection via the same router. The router gets your collection of web requests back from the ISP, works out which internal IP address asked for it and sends it on to your PC.

It’s you WAN address, allocated by the ISP you need to be hiding. Does it make sense now why your ISP gets the nasty legal letter, saying you’ve been using torrent to download illegal material first, then they send it onto you? Because the ‘IP address’ everyone can see on the Torrent software is really your WAN address. The ISP gets the letter, looks up who they allocated the WAN address to and sends the letter onto you then – later on we’ll look at how VPNs help us with this issue.

- IP Address
However, times have changed and your internal network IP address is no longer hidden from websites you visit. Have a quick visit to and if you’re using an up-to-date version of Chrome or Firefox, you’ll see your internal IP address… oh dear, thanks to WebRTC (2) we need to make sure we hide that as well now!

- Browsing History
I’m hoping you get that every single web request you make, first goes to your ISP. They work out what the request is, find the resource, fetch the content / data then send it back to you. If you use your internet connection your ISP has full knowledge. Enough said I’m sure and no, 'incognito' has no effect except hiding your surfing from the spouse/partner. It’s something else we need to consider.

As this is a long one already, we’ll leave our exposition of what data is getting exposed and look next at how we can start to get some anonymity back.

Read More

Youtube Channel: [WATCH, RATE, SUBSCRIBE]

Links for the studious

Tuesday, 21 January 2014

Ruby - Variables (Part 1)

In the last post on Ruby, where we worked with User Input, we used a few Variables. Variables are ultra-useful and ultra-important. It’s great to do some stuff with Ruby, but you’ll very quickly want to do some stuff that involves setting, getting, storing and retrieving data. I’m struggling to think of a really good example of doing something useful, that doesn’t involve data being stored at least temporarily.

Fortunately, we have Variables. These allow us to store data and then give that data a name that we can refer to later, when we want to use the data in some way. Imagine your kitchen with its Coffee, Tea and Sugar containers, fill them with the right stuff and store them for use later. When the wife asks for a cup of tea, bingo she’s used the reference name so you’ll know where to get the right stuff from. OK, not a perfect analogy but you get the idea!

A variable might look like these:
string = “David”      or maybe      integer = 12345   or maybe     float = 12345.123

Just in these examples there’s quite a lot shown.  First, we’ve declared a variable by designating it the name string and assigned a value which is a string. We do assignment here using the   =   operator. In the second example we did the above but assigned a value which is an integer, then another for float. Remembering that an integer doesn’t have a fractional or decimal component (i.e. it’s not like 12345.67). When a number in Ruby has ‘decimal points’, it’s usually called a Floating Point number or Float for short.

As computers are all about math, there’s a large set of Operators, which all have a Precedence, just like in real world math. However, we’ll stick with the basics here and follow up with that in a later post. For now, we understand how to declare a variable of varying Type and assign it a value. Actually, let’s quickly cover Type while were here. Fortunately Ruby makes it easy.

Some languages like Java, require you to declare a variable and define the variable type at the same time. Not Ruby. Unlike Java and others Ruby doesn’t use strong / static variable typing. Ruby follows the convention of Dynamic Typing or Duck Typing as it is often referred to. When you assign a value to a variable, Ruby will Type it dynamically and it isn’t set in stone either. Change the value and Ruby will dynamically change the Type again. This is a long winded way of saying, just define your variables and move on! However, for the sake of study, let’s look at some examples.

·         Open irb (Start > CMD > irb) and type in, string = “David”
·         Now type: string.kind_of? String
·         Now type: string.class

Pretty cool! Try it with the others and see what you get. Here we used to Methods of the Object (1) class, namely kind_of? and class. You can imagine your programme using data from another, but before doing so you want to check it’s the right type. Which reminds me, just assigning a variable a different type is a bit brute-force and obviously permanently changes the variable type. What if you want to keep its type (because say another system needs a particular type), but when you use it convert it only sometimes? Don’t worry there’s methods for that and generally a good idea to use.

The methods are to_f and to_s, I’m guessing you can work out which is which. Try this:

·         In irb type: myString = “012345”
·         Then confirm the type: myString.class
·         Now type: MyString.to_f
·         Then just to check type: MyString.class

You can see that using this method of the Fixnum (2) class is much less destructive. Now, the inquisitive will be wondering where to_i is to convert something, say a float, to an integer. Oddly, it’s hiding in the String (3) class we encountered previously. This is to do with Class Hierarchy and which is the Parent Class of a given class. If you look on the String class Ruby Doc page, you’ll see the parent is Object, tada!

I’ll keep saying, it’s good to read the Docs. For example, in String we see it has to_f listed with other examples of how to use it. One is “45.67 degrees”.to_f, try it in irb. That sort of thing could come in very handy when working with data.

Nothing to Declare
All pretty cool stuff, except for the slight mistruth I snuck in at the start… woops. In programming, Variables are declared in order to specify their Type, how they can be modified and what their ‘scope’ is (we’ll cover that next). Of course, as a careful reading of the above will reveal, Ruby doesn’t care about any of that. Therefore, you don’t really declare variables in Ruby. However, it conversation you’re likely to say that so others understand, it’s easier than explaining “I’m now not declaring my variables”.

NEXT Post: Categories and Scope of Variables (Global, Local, Instance, Constant)…

Links for the studious

Monday, 20 January 2014

Avoiding the NSA, MI6, The man from U.N.C.L.E - Part 2 (Scope)

Scoping the Problem 

Two of the most ubiquitous technologies we have are the phone connection and the computer. These might take a number of forms, the phone connection could be a fixed line broadband, cable or fiber or a mobile connection, using a SIM card with or without a handset. The computer might be a desktop, laptop, netbook, tablet or handheld device. These might be using various networks, have a range of functions or be more limited. In context of our story here, we have an internet connection of some form and a device on which to access the internet. For clarity going ahead, let’s make the distinction between the internet and world wide web which sits on top of it.

Let’s start with assuming we’re sat at home, with our wireless router plugged into the wall, connected to the phone line. Our device is any device running windows and we’re working with a standard suite of software, browsers. We have a typical collection of social media, web based accounts of various types, email, maybe a video game or two and some handy software like Skype installed. Quite a nice little set up that lets us be ‘social’ and ‘productive’ and have our data available ‘on the go’, along with all the other befits touted by the service providers.

Test Analyst, System Analysts, Business Analyst hat on now and let’s think about the following questions:

  • How many components / systems / links / places / accounts, etc. are there that could be hacked or monitored by one of the security services?
  • What kind of data could be exposed at each of the above that would allow you to be identified, traced, tracked, monitored? 

Have a go at drawing up the architecture of your personal network, add in as many system and sub-system components as you can, identify / label as many unique elements that would identify you, that provide a signature that points back to you. Some will be obvious, “my email address”, some are a bit less obvious, “the MAC address of my computer” for example. See how much you can put down before having a look at the diagram I’ve put together or just cheat by looking at the next page.

Drawing yours up is just joining in, the puzzle is for you to send me your diagram by email. Make sure you have any PII data removed, don’t put your specific data, e.g just put “MAC address” not the actual address, etc. I’d like you to send me these so I can learn what you have in comparison to me and because of what I said in post 1. I’m not going to mark them or anything, I’ll collate them and at some point I’ll share them in a future post. For now drop it to me in an email, which one? You need to work that out, all the clues are in this post, hidden in plain sight as they say. Have a look over things closely and see what you can do. When I get your mail, you’re in the game, consider it a dot price for entry if you like.

Thursday, 16 January 2014

Avoiding the NSA, MI6, The man from U.N.C.L.E – Part 1 (Introduction)

Ahh, the internet… probably the greatest invention since sliced bread. Which in my opinion, wasn’t that great of an invention anyway. For god sake... slicing bread… big deal. Sorry Otto, uniform thickness is so almost-100-years-ago. With the internet I’ve got email, YouTube, Spotify, Cloud Storage, Twitter, Skype, Forums, Pizza delivery… the list goes on! (No Facebook for me…Of course with this I also get PRISM (1) and Tempora (2) and the other initiatives for spying on my privacy.

This series of posts isn’t so much about the craft of software testing. It’s a series of posts about the technology we interact with as testers and as people in the connected world, the data we bring to the table, who might be interested in it and what we might do about that, by thinking like testers applying our technology understanding.

There are so many spy and privacy busting initiatives, it’s hard to believe any internet and phone activity gets away without being spied on in some way. Add to that, the likes of Facebook, Google and Microsoft are practically set-up to assist with. If not them, then the ISPs and phone companies are in on it, providing access to your activity at source.

Because we care...

Now, just to get two things out of the way before I focus on the title of this post;

1. ‘I’ don’t like being casually / arbitrarily spied on
I want and demand some level of internet and phone privacy, both from the ‘authorities’ and the public. I have separate phone numbers and ‘internet identities’ for a reason. Because I want separation between the various versions of ‘me’. My family life isn’t a topic for the testing community and testing usualy isn’t a topic my family are interested in! It wouldn’t take much for you to find my mobile number ending in 17 or my (main) gmail address. How about my number ending in 6? What about the email ending in .eu? Didn’t think so, all of the above probably have them though. Now most people have multiple email addresses, some multiple numbers and there’s no security-through-obscurity. However, I can say my entire life isn’t all conveniently packaged up and stuck in/on one place, unlike some people.

2. The old adage of not doing anything dodgy, so not having anything to fear, is complete crap
As any good tester will already have thought, define ‘dodgy’. At any point in history and in very short spaces of time, acceptable and of no concern can rapidly become the definition of dodgy. Something that’ll get you noticed, arrested and perhaps punished in some way. The populace should never be monitored just to make sure they don’t do anything ‘wrong’… this isn’t ‘1984’, Stalin’s Russia, Hitler’s Germany or Obama’s America… oh wait. Of course I’m not against the idea of individuals being checked out in the event there is some court agreed reason to do so, that isn’t ‘arbitrary’. Well, not unless the law is changed to redefine acceptable and suspicious behaviour… ah hang on. Jefferson had it right about who should fear who in the Government-People relationship.

Against that background, let’s take a man-or-woman-on-the-street look at how we can protect our privacy, hey maybe even hide, at least to some degree. Because unless you do a Paul Miller (3) vanishing act and go off-grid, I don’t think you can stay completely invisible to the world of electronic snooping. Maybe I’ll change my view about that as I dig into it more.  Along the way, I’d like to have some fun with this digging and have a nebulous idea of smattering these posts with a few tests and trials, let’s see what I can think of. Just to make it interesting, I’ve lined up a small but notable prize at the end of it for a lucky someone or two, but I’ll just hide that here as a first test of who’s reading on. This is not Cicada, so don’t panic about insurmountable challenges, the post isn’t about that, it’s about internet privacy and playing with tech. Let’s crack on by first defining the problem, before we look for a solution.
Links for the studious


Once in America, 5 eagles swooped over Obsidian Wolf, (Dave) to his friends

Ruby - Getting and Using User Input

Get, Use and Respond to User Input

Our Ruby scripts and programmes won’t be very interesting if we can’t get some input from the user. When we do, we’ll want to use it to do interesting and exciting things. This may be simply replaying the same input to the user, manipulating, storing or combining it, etc. Let’s look at getting some basic input, modifying it a little then playing it back to the user.

First thing, make a new .rb file, save it to your folder with other scripts and open it in your favourite editor. In the .rb file type:   puts “What’s your name?”  This will let the user know we need them to do something. Input from a user needs to be stored somehow and that somehow is via variables. Ruby has a whole bunch of rules around variables, but we’ll go into them in depth in a later post / video. For now let’s create a variable called name, as it’s easy to remember, then tell Ruby it’s equal to whatever string we get from the user. We do this by using the keyword gets as in get string. Pulling this together, we type: name = gets in our .rb file.

Now follow this by putting the string back to the screen, with a little message. To do that we use puts again. Put String, get it? Ruby is easy eh! In the .rb file type:
puts “Your name is “ + name

Your file should now have the following three lines and save the file:

puts "What’s your name? "
name = gets
puts "Your name is" + name + "."

You can also use print to output the user input as well, add the following, then we’ll see what happens:

print "Your name is " + name + "."

Don’t double click the file, instead open a CMD window, navigate to and run the file. For me that would be C:\Dev\ruby>gets.rb to run the file. In fact you could just run gets, leaving off the .rb as your system will know to use Ruby to run .rb files. Just like it knows how to open .txt, .jpg, etc. with the correct software.

 See what happened? The period at the end of the sentence is on another line! This is because gets adds a newline \n at the end of the string that it receives. Prove this by opening irb in a CMD window and typing gets then a string.

A simple way to remove this is by adding the word chomp after gets, like this

name = gets.chomp

Run it again and see what the effect is. Seem OK? Try changing the script to look like this, then run it again.

puts "What's your name?"
name = gets.chomp

puts "Your name is " + name + "."
puts "Your name is " + name + "."

print "Your name is " + name + "."
print "Your name is " + name + "."

How about now? What we find is the layout is messed up again. In that the last two lines using print, are running on the same line. Again this is because puts adds a \n newline at the end of the string!

OK, all good and slightly uninteresting but there’s a reason I’m harping on about this. When using Ruby, take the time to understand what each element, class, method does by a) reading the Ruby Docs and b) experimenting. If you see something ‘odd’, make a simple example and test out different variations.  The \n is a great example of how you WILL get caught out by something really really simple, that might take you hours to work out! Don’t worry about that. Just practice and do your research. Another example, change out the + symbols for & instead, as other languages would have it… you get the idea of simple syntax issues breaking things. Test often!

To tidy this script up just modify the first print line to read:
print "Your name is " + name + ".\n"

A little tidy up

Though we can write our lines with all the breaks and + symbols, there’s a way to make our line of code above much tidier, by using the #{} construct. Change the puts lines to read:

puts "Your name is #{name}."

It’s a much neater way to write out lines like this where we need to use the contents of a variable. Now let’s try calling a few methods and from some Classes we’ve in fact already been using.

puts "Your name is #{name.capitalize}."

Then enter say, david, instead of David and see what happens.

There’s a lot going on in the above and hopefully is a useful primer. We’ve covered variables, classes, methods, getting and transforming data along with learning a few gotchas that give us an idea of what to look out for elsewhere. Have a look over the Ruby Docs for what we’ve covered and get used to reading these to learn Ruby thoroughly.

Read More

Here's the links to the relevant Ruby docs.

Wednesday, 8 January 2014

Ruby - Download and Install Ruby

If you want to try out Ruby programming language, then run your Ruby scripts and programs, you’re going to need to install Ruby on your system first. That may seem obvious to some, but unlike say HTML, JavaScript and VBScript that can run with what’s on the system, Ruby isn’t sat there out of the box.

Download and Install
To download, you can go to a couple of locations, either or as shown in the YouTube Video, hit for Windows. Hit the big [Download] button and select the latest version.

Once installed, hit the Windows [Start] menu, type CMD and open a command window.  Then type ruby -v to check the installation had worked as expected.

Ruby comes with IRB or “Interactive RuBy”, which allows you to try out some basic commands. Personally, I wouldn’t bother with it as it’s trivial to start making scripts you can save and edit with ease. To have a look, just type irb in the command window and IRB will start. If you see a warning message, don’t worry. Check out the video at 2m 30s ( for instructions about how to get rid of it by commenting out the warning line.

To store the scripts we’ll start making, add a folder on the C:\ drive. Add a ‘Ruby’ folder or something that you’ll remember is for your projects. To run Ruby, we’ll need to call the scripts using the command window we just played with. I suggest you tweak it slightly by changing the background colour, size, etc. to make it a bit more comfortable to work with. To do this, click on the title bar at the top, then select ‘Properties’. Adjust to your hearts content, the main things are to make the window bigger and perhaps get rid of the retina searing white background.

First Script
Back in your Ruby folder that you just created, add a new .txt file but change the extension to .rb to make this associated with Ruby. Call it test.rb perhaps. If you double-click it, nothing will happen. Well, you may see what looks like a command window flash open and closed, but nothing really exciting. Let’s add exciting…

Open the file in whatever editing software you have, I use SciTe but even Notepad will work. In the file type the classic first line:  puts “Hello World!” then hit save. To run this, you need to go to the command window, navigate to the folder where the file is and type: test.rb to invoke your file. If all has gone well, you’ll see Hello World! On your screen.

That’s it, Ruby installed and working! Onwards and upwards,  go take over the world… or have a look at the video and read the other Ruby blog posts here!