For unit testing i decided to go with Eclipses’ included Junit 5 for testing. The library is now added in my project, and it can be used in the case of the implementation i used by importing the Junit.assert.asserequals function to check if a message is displayed correctly.
The following is a review of a podcast done by “Scott Hanselman” on collaboration with “Kent Beck”. This is my interpretation and reflection of what i thought was interesting in the interview heard on the podcast.
Although the podcast was a bit longer than i had expected in the beginning it was quite satisfactory to listen to (although a bit heavy). As someone who never ever heard or read much about Kent Beck beforehand, listening to him about ho he talked about how he enjoyed making “nerds” feel more comfortable.
Kent Beck talks about testing and committing/reverting changes which is a theme that interested me a lot as i have been through this. What I meant previously refers means that the programmer updates a lot of code, and when it fails whilst testing all changes are reverted and everything is lost. I enjoyed hearing about the “test, commit, revert” workflow, in which not so much work is destroyed because it es made in a way so that a programmer only makes small changes before testing, leading to much less destruction of code and ideas.
In general i thoroughly enjoyed the podcast and even though i didn’t quire learn anything new it was pleasing to hear alternatives to the way I’ve been working so far.
As we continue learning from the “Mobile device application development” course, we are planning how we are going to go about the development of the project.
The topics covered this week were all about changing activities/views and the general usage of databases. As such we are currently researching the appropriate database that will be needed for storing the intended data our users will be providing. As of right now, because of ease of use and because it is the database well be using for the general class will be SQLite. If a change is needed or a different database is selected for the project, said change will be documented in a future blog update.
We have determined to do a joint project between “Mobile device application development”, and “Software Quality and Testing”. This means both projects will be done in parallel.
The idea for the project in mobiles is a platform on android that allows the combination and synchronization of events (such as homeworks, quizzes etc… ) on multiple educational platforms i.e. : “Google Classroom”, “Blackboard”, “Canvas”, “Schoology” etc…
The name of the project has been determined to be called “Project Iungo”, Iungo meaning connect in latin, as our intention is to connect multiple of the school oriented platforms out there for a simpler and more organized way to manage schoolwork.
The previous will be done by investigating and learning the way in which the api for each of these websites works, and join them in a single simple to use platform. There’ll be a calendar in which the assignments’ due dates will appear, as well as push notifications sent at a time specified by the user.
As such, all of the quality assurance and testing will be documented, and used as the entry for the final project for the Quality and Testing class.
Week 1 the general goal will be investigating how all the apis for the respective platforms are used. After that planning in the correct path to take will be determined.
Week 2 will be used for creating mockups, meaning the general look of the app will be designed and drawn with a heavy focus in making it simple to use for the end user.
Weeks 4-13 will be used mostly for coding such that the project will look nice and function in the correct and expected manner. Testing will also be done as to verify everything is working as expected.
weeks 14-15 will primarily be used for testing, such that most if not all the issues the code and app may have are totally fixed and the end user may enjoy our app.
I helped marco to finish the Android app for the final presentation, these changes were UI changes, and there are push notifications, that was something more elaborated than I tought, I needed to obtain some keys in our firebase database to let our server comunicate with the gcm service (now it’s called fcm, firebase cloud messaging), then when the user signups or updates their profile, the android device sends a token that fcm generated for the device and we store it in neo4j, then when someone invites that user to a pool or asks them to pay his debt we send a push notification to his phone. Now, to receive push notifications, we needed to register a service in the android app that would listen for the messages, then depending on the messages we would create a different behaviour when the user clicks the notification, or one of its buttons. It was a pain in the ass.
Today we officially delivered the project at the Engineering Expo. There we presented our project to some judges and fellow students. Well, usually the explanation was for the judges, and the students would come just to play the game and try to get through the last level and put their playertag in the leaderboard.
I have to say that my score will be (Or already has been) overcomed by anyone who has a just a fraction of eyes to fingers reaction. What I’m trying to say is that even after one semester of development, I’m so bad at the game… After more than 1 hour playing level 4, I surrendered, and assumed that I could go trought all the levels in 2 hours, more or less, and then I pushed my score to the DB, manually. I think I deserved to be in the leaderboard of the game, even if I couldn’t put it there usiang legal abilities.
But now, onto my kinda semester retrospective.
I feel that overall this smesterI learned a lot about WEB development using NodeJS. In my WEB Development class project I learned about front-end frameworks, back-end development and deployment, different ways to make requests to de server, implementation of MariaDB queries on the server’s routes and the delivery of JWT and local storage.
What I learned in that class was useful for me, so that I shouldn’t need to worry about how to do all of the back-end development on this project, and instead focus on enjoying more the project, setting up Mongoose and MongoDB and designing server tests. I found out that I could really have fun doing those three new things because I didn’t worry at all for the rest of the stuff.
Mongoose and MongoDB were a first time experience for me. From designing the connection “raw” to mLab, to implementing Mongoose for testing and quality of data, to migrating to MongoDB Atlas because the Tec wouldn’t let us use mLab (Because reasons?), and finally updating and designing new schemas and models. It was fun, because it was new and it felt that I trully had time to do some research so I could write some clean and functional code.
And about testing, that was still fun, but it got difficult at sometimes. I’m proud beacuse I pushed myself on designing more specific tests, with more functionalities (such as hooks and a dummy DB, so the real DB wouldn’t be polluted). After I thought that i couldn’t make the API requests tests more complicated, I decided to use the same testing framework to create a scrip for level testing and designing. And that was really complicated, to change a JSON file and see the changes on the DB without restarting the server.
At the end, I think we all delivered what we promised. And I think that every member of the team did their best to do their assigned tasks but also helping each other.
Okay, so now it’s the time where I extremely regret the moment I decided to procastinate the publication of both the posts on week 10. Supposedly at the end of the semester I have to had delivered a grand total of 30 blog entries, 2 per week. And I currently have 26 blogs. That means that if my “I’m sorry entry” (This final review is my “I’m sorry”) could be exchanged for those two missed blogs I was talking about, I would have credited 28 blog entries… I don’t know how could I achieved 30. Maybe Ken took into account the Spring vacations (Semana Santa). But if it’s another reason, I have nothing to ammend it, so I will accept the consecuences.
Still… It was a great semester, with a great project and a nice team.
Okay, so… Have you heard of the famous cake layers? If you haven’t, please, check out my last blog. Else, we can continue!
And just for you to understand the reference. The anchors go the ocean floor… Deeply… To the depths…
So, why did I asked you to read about the security layers? Because security in depth is based on the layers implementation. We already discussed how layers are supposed to function, if you achieve to cover all holes of each layer with the preceding layers, there will be no way an attack could be successful to your system. The thing is that achieving that level of perfection is impossible. Instead, security in depth assumes from the start that the layer method can, and will eventually fail. The layered security only achieves the exhaustion of the threat (Successful defense) or the slowing of it, giving time for other plans of action and countermeasures initialize.
Depth defense also assumes that the hack or breach isn’t necessarily of remote origin, this means that the possibility of physical theft, threats, unauthorized person access, and some other unique events (See van Eck phreaking below).
Usually, taking into account those possible events involve the set up of:
Monitors, alerts and emergency responses
Authorized personnel activity logs
Reports on criminal activity
Remeber that the objective of depth defense is to gain time. Each of the set up new components main objective is to delay the threat, which might not be obtained if we used only technological solutions. The obtained extra time should be used by the administrator to identify and try to overcome the hack.
And I guess that is for now regarding security.
As a mini comment on the course: I enjoyed it big time. It was fun and learned a quite a lot of new stuff
As the 8th blog regarding security, I will talk about the computer security layers. There are some people who state that there are 5, there are some people who say there are 8. What I mostly found during the investigation is that there are security layers as layers in the cake (Including the top frosting), 7.
What you, dear reader, need to remember during the reading of this entry, is that this set of rules can be implemented either by a network system administration or a regular single computer user.
The logic behind the security layers is the following: A single defense will be ineffective or flawed if the defense mechanism leaves unprotected areas, with its protective layer (umbrella), empty. That it’s why the layer’s purpose is to cover those empty spots. Theoretically, the empty areas on each layer would be so different, that an attack can’t penetrate through all the holes, and the service would remain available.
Application Whitelisting: The objective is to install just a set of limited programs and applications in the administered computers. The fewer applications, the fewer possibility there is of a breach.
System Restore Solution: This is one of the most talked security solutions in the classroom. Basically, it consists of creating a plan of action when the hack peril arouses. This would let the user gain access to their files, even if the system is hacked and damaged files remain.
Network authentication: A system of usernames and passwords must be taken into place. This would give access only to authorized users. This means no login without a password prompt.
Encryption: All of your files, disks and the rest of removable devices should be encrypted. This will provide a method for users to not risk an information breach, as the encrypted USB (Or any device), will not be able to be read on a foreign machine.
Remote authentication: This is a very obvious rule. It consists of setting usernames and passwords for remote server access. These usernames and passwords should only be provided to trustworthy users. This is the obvious part.
Network folder encryption: Most of the websites that deal with this topic, consider that this layer should be included in layer 4. I guess it is different enough that I would let it pass as a different layer (As not everyone uses this features). This concept consists of also managing the encryption of shared data. This will prevent users from listening unauthorized access to the network information.
Secure Boundry and End-To-End Messaging: This basically consists of using emails and instant messaging as a secure method of communication, rather of dealing with the encryption from the server to the user and vice-versa.
And I guess that that is a simple and easy summary of the 7 layers. Remember to implement all the layers you are capable of activating or at least finding someone who cans helps you.