The open-source Mozilla has been offering money bounties for safety bugs for six years now, but typically bug finders merely flip down the cash.

Between 10 p.c and 15 percent of the serious safety bugs reported since Mozilla launched its bug bounty program have been supplied freed from cost, based on Mozilla. “Lots of people would say, ‘Don’t worry about it. Donate it to the EFF [Digital Frontier Basis] or simply send me a T-shirt,’” stated Johnathan Nightingale, the director of Firefox development, in a latest interview.

Mozilla was a pioneer on this area. It began offering a US$500 bounty for security bugs in August 2004. Since then, it is had greater than a hundred and twenty bugs reported by about eighty researchers. The mission just lately upped its bounty and is now paying out a maximum of $3,000 for vital security bugs. A number of weeks later, Google announced that it, too, would pay as much as $3,000 for security bugs reported in its products.

“It has been a extremely successful program for us. We’re actually happy with it,” Nightingale said.

Sarcastically, it’s Mozilla — the challenge that is been built on free contributions — that pays bounties for bugs, while its biggest competitor — Microsoft — has to date refused to pay out.

Mozilla does not pay for the vast majority of bugs that get reported — just for security flaws — and builders do not complain, Nightingale said. “Security bugs are in contrast to other things,” he said. “There are other markets.”

NTLM uses a challenge response authentication mechanism, in which users are able to establish their identity without the use of a password. This is generally handled by a certificate that the user already had in their poccession. It includes three exchanges, in general known as Type1 (negotiation), Type2 (challenge) and Type3 (authentication). The exchanges work on the following basis.
The client generates and sends a Type 1 communication to the server. This contains a feature supported by the client and requested of from the server.
The server responds with a Type 2 communication. This contains the features decided to be supported by the server. More notably however, it contains a challenge generated by the server.
The client responds to the challenge with a Type 3 communication. This contains a number of pieces of data about the client, including the domain and users name of the client user along with the secret key. This secret key that has been sent should match the secret key that is held by the server.

Finally Digital signatures can be managed. This means that the signed message has not been intercepted and means the sender is privy to the shared secret. This could be a Radius client interating along with Active Directory whereby the shared secret is manually set within each configuration by the administrator. The keys used in signing and sealing are established as a by-product of the NTLM authentication process. Signing functionality is performed by the addition of a Message Authentication Code (MAC) to any message. This is checked by the server who can now be certain that the message integrity is safe. The signature is generated using the secret key, known by both the sender and receiver. The MAC can only be checked by any party holding the key.

Sealing is carried out by a different function, which adds encryption to a message to put a stop to it from being viewed by another party in transit. There are several encryption protocols used throughout signing and sealing, plus more are appearing frequently. As well as providing message integrity, communication discretion is ensured by the use of sealing. Under SSPI (Security Support Provider Interface) sealing (and signing) is at all times performed in combination with the same key. This encryption allows that a message cannot be intercepted or tampered with whatsoever. (Unless of course you are employed for the FBI).

NTLM is a popular authentication protocol. While there are other authentication protocols that are used, the straightforwardness of use and it’s integration with Microsoft leaves it as nearly all administrators number 1 choice.

Steve Feloney is the face of HP’s Performance Centre. I met Stephen a year ago as he was doing a world tour to endorse Performance Centre. Stephen is passionate about Performance Centre. He does his work well, and you can’t avoid agreeing with him about Performance Centre and its value.

Now Stephen has written an article about PC and how you can get a great Return of Investment (ROI) even though PC is itself very dear to buy.

It goes something like this……If you were to travel from London to Rome, a car would be a very nice idea. To get a car, it will price you a lot of cash to buy one, but it is much easier than doing the journey by foot. It would take two months to walk, and as a extremely well paid IT worker, the overall cost of the voyage in terms of lost income would without difficulty cover the price of a car.

To my mind, there are other forms of transport like public transport. It is a much less expensive option, however, the voyage is longer and a lot less comfortable. That is the same with PC, you don’t necessarily have to obtain the best possible option, you can look downmarket and that will pretty much facilitate you to achieve the same ends.

You can make up your own mind.

The trouble with using a data centre is the service provider does not always respond to queries. I was in recent times asked by a client look at an issue concerning a hosted website.

The problem was a website which was running slow. I wanted to know what they had changed recently thinking that something they had done may have caused a problem. They told me that they hadn’t made any alterations of late, it had simply started to perform poorly suddenly. They did state that some time back they had made performance improvements on their website by by installing compression and by making any images on the site more efficient. They had checked the performance after these changes and the website was running well and had been for quite some time now. The reduced performance had started a couple of days earlier and they were certain the performance problem was due to the data centre where the website was hosted.

A study was started to see what was occurring. The opening thing I did was to execute a ping. This can be initiated from the command window (from the start windows prompt, type ‘cmd’ and enter. The command itself is simply “ping www.testingperformance.org” This generates 4 requests to the website each with a packet size of just 32 bytes. It’s pretty small, and the response should give you a good idea of latency. Of the 4 hits, twice out of 4 the replys timed and the remaining 2 took over half a second. That is not very quick. There are a variety of options with ping. “Ping -l 200 www.testingperformance.org” will ping the website with 200 bytes. While this is still very slow, it can be increased quite simply to 100Kb which is more realistic of a big web page.

As I was in Britain and the website was located in the North America, I wondered if the latency could be owing to the distance across the Atlantic. To answer that query, I ran a trace route. The format of the command is “tracert www.testingperformance.org” This should demonstrate the various hops that are made when accessing from a workstation or laptop to a server or website. What I could see was that the last 2 or 3 jumps (out of about 20 jumps) were extremely sluggish. It was possible that these hops were in the data centre itself.

I conveyed this information to the data centre and said, look, here is substantiation, are these hops with reduced reply times caused by your equipment? The data centre people in due course contacted me back and stated, they could not tell a lie, the answer was no, it was not them. Well I knew it wasn’t me, and I knew it was not my ISP, and the data centre said it wasn’t them, but I didn’t believe them.

Scouring the net, I located some tools I considered should help, one was named IWEB. I downloaded the tool and it checked the homepage on my website for an interval of time. The results showed response times varying between 2 seconds and 25 seconds. I sent this data back to the hosting centre and asked them to make a statement.

“Oh yeah,” they said, “oh there has been a issue with {one of the} sites on our hardware, it has been receiving lots of hits recently.” “hang on a second,” they said. Half an hour later, my clients site was delivering 1 – 2 second response times again. The assumption was we had been moved to a better performing server. Well, I guess we were ok, but there remains around 90 – 100 websites still hosted on the hardware with performance issues? It wasn’t that we complained, it was showing the evidence which managed to settle the issue for us, thanks to IWEB.

CIFS is an acronym which stands for Common Internet File System. It is based on Server Message Block protocol which has been around since the mid 80’s and enables a standard method for sharing files on networks. CIFS runs on TCP/IP and utilises the DNS. For resources on a network to be locatable, a means must exist whereby the resources can easily be found.A great example of this is a list of printers which a user can access. Microsofts Active Directory can be used, and responds to requests with a list of currently available devices and services that the user is able to access.

Active Directory provides advantages such as controlling and managing security necessities and single-sign-on authentication for users.

The key to ensuring Web 2.0 performance under any workload lies in swiftly gathering performance data over the full width of your Web 2.0 application delivery chain, from the viewpoint of your users. Load Testing 2.0 delivers this performance data, ensuring businesses to detect and fix the root causes of performance issues. A Knowledge Center contributor explains how Load Testing 2.0 can help businesses guarantee more pleasing Web 2.0 experience for their users. – Web 2.0 is normally described as an advancement, from the web as information source (that is, Web 1.0) to the Web as a more appealing, participatory medium. The Web page has grown consequently, from a static download with partial functionality to a starting point for a rich Web experience full of complexity.

Cloud computing normally describes implementation of dynamically and often virtualised resources as a service across the Internet . Cloudbursting is one of the terms connected with cloud computing at the moment.
Using cloud computing models for any application and associated traffic could be costly, and using it for handling the spikes in a company’s usage patterns might also be laden with issues because of the time required to get the system set-up and seeded with the data. Ramping up in the cloud is difficult since it might take minutes to fire up more hosts but a company’s peak requirement may perhaps last less time than that.

Application code testing is time consuming and needs outlay in funds and time and frequently results in documentation, procedures, test data, test environments as well as a working software. There is an attraction to skimp on testing as it is an costly business. Application code testing is indispensable.

If the application is unusable when it goes into production, it will cost much more to fix those issues then than it would have if testing had been undertaken before implementation. Fixing defects in live is an expensive matter, it makes pre-production testing look cheap.

How much testing must be done? There is no right or wrong answer to this. The longer that testing carries on, the better the implementation might be. The cost of finding defects increases as testing continues.

While perfection with testing is theoretically possible, it is seldom achieved, the expenditure is simply too great.

Testing assets are not usually thought of as an asset. Financially, testers are seen as a negative not a positive on the balance sheet. Test environments are expensive and are not seen as obligatory and valuable. A server has a definite base cost, a server installed with an application to be tested complete with test data may cost 10X. With many test scripts the testware is worth a good deal more than the hardware asset itself that is listed on the balance sheet.

While this does seem like a cost, it’s not, it’s an asset. The test pack can sustain the implementation of future business requirements going forward.

Generally, much effort is spent executing testing cycles. Now with the introduction of automation and when used in tandem with a test management tool, much of the testing exertion is spent installing code drops, tracking faults and fixing them. There is a financial bottom line value to testcases and the ability to execute them. Good well written testcases supported by a good test management tool and a well configured supported test environment are valuable.

Test automation can increase the worth of the testpack. The setup costs for test automation are high, but the benefits to the testing process are also high. One of the key benefits is that the time to test is greatly reduced. While automated testing itself is much quicker, sometimes just taking a few hours, it can also be run overnight. If the code was ready for testing late on a Tuesday, the test execution could be completed by first thing on the Wednesday.
Generation of an automated test pack is a specialised task using software licenses that can run into the thousands for a single license.The planning stage is considerable with much thought going into determining the keying steps. Test automation uses a substantial amount of logic so that it can adapt to diverse situations when executing against the system frontend.
A test automation specialist will ideally make sure that test automation code does not need to be updated every time the application under test is changed, although sometimes, changes are required if new objects are added to the software screens.

Certainly test automation built with little thought can become a genuine expense to a company, not an asset.

So What exactly is the method of Crowdsourcing?
Testing on mass is generally done in-house by organisations. Crowdsourcing is doing the same thing but classically it is done over the internet using a lot more people.A really interesting contest recently took place that exploited Crowdsourcing. The idea was to get as many people as possible to uncover as many flaws as possible within the major search engines.- What a immense idea! A titanic battle between the search engines under test took place. It was organised by uTest. The company used crowdsourcing to put some of the worlds biggest systems under test. Apparently the turn out was unbelievable with over 50 countries participating. This included approximately 1500 resolute!