Connect to a remote Xvfb server using VNC and a SSH tunnel

Xvfb is an in-memory display server commonly used to execute programs that require a UI in a server which does not have a screen output. Using Xvfb is very convenient when your automated tests are executed in a remote server and orchestrated by a Continuous Integration system.

While having a VNC server running in production instances is not always a great idea due to the potential security flaws, opening port 5900 on this server to allow external connections sounds even worse. This post will guide you through the steps required to access a remote VNC server via an SSH tunnel, without opening any additional ports.

Assuming that Xvfb is already running in your server and the display has been exported to :99, the next step is to install x11vnc:

sudo yum install -y x11vnc

IMPORTANT: Connections to remote x11vnc servers are not password protected by default which leaves your server accessible to potential attackers. Make sure x11vcn is always started with the argument ‘-rfbauth ‘.

We will now establish the tunnel to access the x11vnc server through SSH. This needs to be done in your workstation:

ssh -i [SSH key] -l [username] -L 5900:localhost:5900 [server hostname] ‘x11vnc -display :99 -localhost -rfbauth [VNC server password file]’

You are now ready to access your remote server screen by using a VNC client in your workstation and connecting to localhost:5900

Install LineageOS on top of CyanogenMod ROM

lineageos

This post will guide you through the installation of LineageOS on top of CyanogenMod. While data could be preserved during the upgrade using the EXPERIMENTAL releases, this did not work for my OnePlus One so I had to go for the full upgrade and then use the Google Backup to restore my data.

DISCLAIMER: This is an experimental process and might damage your phone or affect the integrity of your data. It is always a good idea to use backups.

Required downloads

Installing TWRP

The instructions below work on Windows.

1. Open a command line and navigate to the directory where you have downloaded the SDK Platform Tools.

2. Disable the CM Recovery protection in Settings > Developer Options > CM Recovery option.

3. Put your device into bootlader mode – If this isthe first time you are using the SDK, you will probably need to accept the connection in your phone:

    adb reboot bootloader

4. Unlock the boot – this will wipe all your data!

    fastboot oem unlock

5. When the welcome screen appears, reboot your devide and enter into bootloader mode by pressing volume down + power buttons for 10 seconds. Once the recovery menu appears select the option to boot from bootloader.

6. Flash the TWRP image:

    fastboot flash recovery twrp-3.0.x.x-xxx.img

5. Wait until the flash process is completed and then reboot your device:

    fastboot reboot

Flashing LineageOS release

6. Shut down your device and boot it in TWRP recovery by pressing the volume down + power buttons until the logo appears.

7. Copy the LineageOS images to your phone.

8. Select ‘Install’ in your phone and select the LineageOS image.

9. Swipe to confirm Flash.

Install Gapps

10. Copy the Gapps package to your phone.

11. Select ‘Install’ in your phone and select the Gapps package.

12. Enable the checkbox to reboot your device after the installation is complete.

13. Swipe to confirm Flash.

That should be it. If you have any question, feel free to ask on the comments.

Test your testing skills with the Atlassian QA Challenge

Today I found the Atlassian QA Challenge in this post during my morning feeds review, and I was quite delighted about the challenge itself! The company behind JIRA and Confluence proposes a set of exercises to train your abilities around security testing.

On the first exercise you will have to break in through a login form and get yourself authenticated on the system. After completing the first exercise you will be eager to test your abilities on the the other challenges!

 

atlassian qa challenge

Bug Driven Development

When a project backlog is turned into a repository where the majority of items are bugs, I like to think that we are then working under the premises of a Bug Driven Development process. Once this starts to happen you basically have 3 choices:

  • Review your user stories, trace them back to the original business requirements and ensure you have enough information to develop the work products.
  • Think about what caused the mess and try to fix it.
  • Start using Bug Driven Development.

Ideally we would go for the first option in order to have a clear view on the scope for the current Sprint. This could work when a) time permits, b) the team realizes about the problem and c) your options to further enhance the requirements definition through additional elicitation and analysis are good.

The second option proves to be the most reasonable idea when it comes to retrospectives. But it might cause a significant deviation (in money, time or quality) after having spent a whole Sprint building tentative components that are potentially useless, or would need an important rework.

And the only option left is Bug Driven Development (bDD); not to be confused with Behaviour Driven Development. I’m not trying to convince anyone that using bDD is a good idea, since reaching this status means that not only several aspects of the analysis have gone wrong, but also that you are increasingly doing it wrong. You would use bDD to enrich your user stories from bugs encountered in the system being tested.

And this exposes a high risk: testers covering the gaps from proper requirements analysis. But it also proves the importance of having testers in your Agile teams. When I’m asked how does Agile approach change the traditional role of testers, my answer is: it does not! While Agile emphasizes the importance of involving testers in the definition of the user stories and acceptance criteria, it has always been a good practice to have the requirements reviewed by testers (and the rest of the team) to make sure these were accurate, testable, measurable and anything that define them as SMART. Same happens in other parts of the testing process. Test automation? Reporting? Exploratory testing? I feel most of these topics became popular during the last few years but things are not done differently in general.

So what about using Bug Driven Development? Let’s think about this scenario: third Sprint, the Product Owner has not been deeply involved in the process and non-business users are appointed to attend the demos and sign-off the incremental part that has been built, user stories are too high level, the business analyst was only involved during the initial Sprint and the rest of the team does not have a profound domain knowledge. It sounds bad, right? But I told you: if you are using Bug Driven Development, this is the result of many things done wrongly in the first place.

Let’s use the example of the diagram below and put in a timeline:

bug driven development

  1. We have a business requirement which comes from the Project Charter or the Business Requirements Document, which defines the construction of a new interface to manually upload reconciliation files through sFTP. This is just a small part of the final solution and is targeted to be built as an increment on the current Sprint.
  2. As part of the initial analysis, the BR is broken down into 2 different User Stories: one of them relates to the user authentication and the other one to the upload process.
  3. While conducting the initial test design, the tester founds a lack of detail on the expected file extension which ends up in the addition of another user story defining the scenarios where it could contain zipped files of plain CSVs.
  4. After running one of the test cases for the first time, the tester founds a defect and while this is investigated the team founds that a user could switch from the base directory and browse sensitive data. This raises a concern and ends up with the addition of another user story to define the directories restrictions.
  5. The tester keeps exploring the system under test and founds something else as User Story N.

Some of these “discoveries” could have ended up as an enriched acceptance criteria, but the risk here is that an insufficiently defined requirement ends up with a significant amount of expectations in detriment of a very basic definition of its value or adherence to the business from a user point of view.

Obviously the sooner the user stories are enriched and completed, the less we will be using Bug Driven Development and the happier our lives will be 🙂

Install CentOS in your HP MediaSmart EX470

hp mediamart ex470I have been using the HP MediaSmart EX470 home server for few years and it was quite a nice experience. Unfortunately HP decided to stop supporting these devices which means not getting any updates or fixes. I then decided it may be a good time to park the built-in Windows Home Server and switch to CentOS. I have chosen this Linux distribution because this is the one I’m most used to (it’s extensively used in corporate environments). Ubuntu could also serve this purpose but I still preferred CentOS since it comes with the minimum basic packages and allows you to keep growing it per your needs instead of shipping lot of features you don’t really need.

You will need:

  • VGA cable for the MediaSmart devices. These servers do not come with a built-in video port, so you will need to install one (you can either build it yourself or buy it from eBay).
  • Physical keyboard.
  • USB storage device.

The installation is pretty simple, although there are few tricky steps to take into account:

  1. Backup all the data you want to keep from the installed hard disks (the process will delete it!)
  2. Shut down your server.
  3. Connect the USB storage device where you have copied the CentOS installation files to the BOTTOM USB IN THE REAR PART. This is the only USB port that will work when booting up from an external disk.
  4. Connect the keyboard to any other USB port.
  5. Turn on the server.
  6. Press the DEL key to enter the BIOS and disable the option to suppress the boot selection. It’s located under the Advanced BIOS settings.
  7. Save the BIOS settings and when system boots up again press F12 to select the boot device.
  8. Chose the option ‘USB-CDROM’.
  9. Install CentOS normally.

Bonus pack, if you want to have a GUI. You will need to install the VGA drivers manually:

Enable the Ethernet connection (remember CentOS has it disabled by default):

ifup eth

You probably want to also have your ethernet connection enabled automatically when booting up:

vim /etc/sysconfig/network-scripts/ifcfg-eth0

Change the line:

ONBOOT=no

to

ONBOOT=yes

You can skip the 2 next steps if you are using an HP MediaSmart EX470, but I have listed them in case they help people with other systems.

Install pciutils in order to have the lspci command and list which VGA driver you need:

yum -y install pciutils

Check your VGA device:

lspci | grep VGA

Install the VESA drivers for XORG:

 yum -y install xorg-x11-drv-vesa

Install the evdev drivers for the mouse and keyboard to work properly with XORG:

yum -y install xorg-x11-drv-evdev

You are ready to go. Just type ‘startx’ on the command line and you should be able to enjoy the GUI.

 

Surviving India as a tourist

It has been almost ten years since I visited India for the first time and I loved its landscapes and people; so much that Karen and I decided to visit India again in a longer trip where we could know more about its culture and its people. I have also been fortunate to work with people here and make friends with many people who have shown me the highlights of India.

India is a magical place: its colors, customs and cuisine are amazing. It is a must to visit, but not as clueless tourist. I mean, the frequency and magnitude of the scams to tourists is of enormous magnitude and frequency.

warning scams

Delhi Train Station

Since we arrived in Delhi dozens of people have beeng trying to rip us off in different ways. It all started a few minutes after leaving the hotel for the first time: a very friendly guy approached us and after chatting amiably about Spain, he asked which zone were we trying to find and warned us that we should be careful because the street we were walking by was not safe. Kindly escorted us to a busier area where he led us to an Autorickshaw that would take us to the government tourist office, where we would be given free passes to visit the station. Plus we got a very cheap price for the taxi ride. We found he was a very nice guy since he was helping us being safe in a very unsafe area. When we got to the alleged government tourist office a very gentle guy gave us a talk on India and concluded with a very insistent suggestion to book all our trips through the alleged government agency: just asked us 3000 Euros each for 15 days of travel and accommodation. At that point we had already realized that it was a scam and graciously declined any proposal from this person, who seemed not to be in a good mood after spending an hour and a half giving us indications about the whole country. Collateral Damage: 0.20€ that we paid the Áutorickshaw driver; benefit: 1.5 hours of information about places to visit. We can not complain.

scam tourism office Connaught place

SCAM: False Government Touristm Office near Connaught Place

In Delhi people tried to rip us off almost every few minutes. In other cities scam attempts occur more widely spaced. Staring with taxi drivers trying to take us to other fake tourism offices, moving to blackmailers inviting us to buy tickets for the monuments and thus prevent women being groped in the queue and ending with coordinated groups of people blocking the entrance to the railway station indicating that we should buy a pass at another office (obviously false). All this in front of the police. Nor scarce dishonest taxi drivers who receive commission for taking tourists to different hotels from those they have booked using false claims (most common: the hotel has burned) or simply refusing to take you if you do not pay a very high price for the journey. These are just few examples of the endless scam attempts around touristic areas.

Tourists scams do not end with this selected group of scammers. In the foreign exchange office you will see how the agent keeps some few rupees for his pocket. The same scene is repeated when we changed money at the Punjab National Bank. In the Vodafone shop we are buying a Vodafone SIM card with a balance of Rs.500 and when the line is activated after a few hours the amount loaded in the SIM is only 200 rupees. The ticket  agent in the undergroud station refuses to sell 2 tickets worth 44 rupees if we do not pay 400 rupees, the train ticket agent gets 50 rupees for himself the and museum officer sells us a combined ticket for the next day, which ws not necessary to pay since all the museums were free the day after. Most often the solution is simply refusing to accept frauds or threaten to call the police. Although sometimes it seems more sensible to overlook some things. For example, some travelers mention that if you do not pay a “premium” for train tickets, chances are that these will not be available.

India is a complex country and these dishonest practices towards tourists is a tiny problem compared to the enormous challenges that the country face. If you want to visit India, do not think a single moment, it is an incredible place.

Autorickshaw: the shortcut to move around Delhi

autorickshawThe experience is unique. Initially you have the feeling that you will not get very far and some other vehicle will crash with you at any time. But then you realize that the driver knows what he does (or so it seems) and you just go for the adventure of tackling in the streets of Delhi. So, first recommendation: if you are using an Autorickshaw relax, enjoy the experience and trust the driver.

The second point to note is that in India the horn is used very often, just to warn that going to pass with your vehicle. Therefore, do not panic if you use an autorickshaw or other transportation and think the driver is crazy. This diverges a bit with the way of driving we are might be used to, where the horn is used for unforeseen or just to curse another driver.

Last but not least, there are 2 important aspects regarding the price of taxis. The first is that tourists will pay a much higher price for using their services. The second is that, as with most things in India, prices need to be negociated. Before getting into a taxi (Autorickshaw, traditional taxi or others) you have to agree on a price for the ride. Normally the driver will give you a very high price and you will have to negotiate. We use the 30/100 rule: if he asks you 100, start offering 30. Another way that usually works quite well is to negotiate downward until the driver loses all interest in the ride and then this may be an interesting price. We have also found that in some areas the offering price is simply higher. In this case it is best to leave the place without an agreement and wait for the driver to come back offering a lower price.

This video was recorded on a journey with an autorickshaw.

World Quality Report 2013-2014

Some months ago I was offered the opportunity to participate in the Quality survey promoted by Cap Gemini, Sogeti and HP, and I found very interesting some of the contents in which it deepened. Few days ago I reviewed the results from the previous survey (2013-2014) and the they show a positive scenario for the world of testing. Below you can find the key findings as well as an interesting infographic.

  • QA functions are becoming structurally more mature – the number of organizations with a fully functional TCOE increased from 6% in 2012 to 19% in 2013
  • Organizations continue to increase the proportion of their IT budgets for Testing – from 18% in 2012 to 23% in 2013
  • QA teams are still engaged too late in the application development lifecycle, which contributes to the increase of testing’s share within IT budgets to manage operational and quality inefficiencies
  • Rise of Mobile Testing as a key discipline: 55% organizations now carry it out compared to 31% last year
  • Organizations face challenges in managing test environments and creating test data – 16% of testing projects are executed with data created ‘as we go’, up from 5% in 2012

wold quality report 2013-2014
The full report can be found here [link]

(Español) Telecos: colegiarse o asociarse

Aunque hace ya más de 10 años que terminé la Ingeniería Técnica en Telecomunicaciones, nunca me había planteado colegiarme o formar parte de alguna asociación de este ámbito. Ahora que he vuelto a tomar contacto con las telecos a través del Master en Ingeniería de Telecomunicación, estoy pensando que sería una buena idea pertenecer a alguna de estas entidades, para poder estar al día sobre lo que sucede en este mundo y participar en seminarios.

Al empezar a buscar información sobre estas organizaciones y compartir impresiones con otros compañeros, me he encontrado con un gran desconocimiento general respecto a los beneficios u oportunidades de pertenecer a una entidad u otra. Voy a resumir unos cuantos puntos que simplifican mucho la diferenciación entre los diferentes colegios y asociaciones.

  • Titulación exigida: Algunas de las entidades exigen estar en posesión del título de Ingeniería Superior o Grado. Es decir, no es posible colegiarse si dispones de un título de Ingeniero Técnico. En cualquier caso, en la mayoría de los casos existen opciones para pre-colegiarse como estudiante.
  • Ámbito geográfico: Algunas entidades són específicas a la región en la que se encuentran y otras són nacionales.
  • Ámbito asociativo: Existen Colegios oficiales y asociaciones.

A priori, la motivación y beneficios de estas entidades parecen similares, pero no hemos de olvidar el carácter formal que se aplica a los ingenieros que deban estar colegiados para poder firmar proyectos. También es importante resaltar que es posible pertenecer a varias de ellas.

Conforme vaya encontrando más información la iré añadiendo. Por el momento, aquí tienes un resumen basado en el ámbito de Catalunya y España:

Entidad Descripción Ámbito Geográfico Titulación mínima Ámbito Asociativo Cuota anual (regular)
ACETT Associació Catalana d’Enginyers Tècnics de Telecomunicació Cataluña Ingeniería Técnica Asociación No hay, pero es necesario ser miembro del COITT
COETC Col·legi Oficial d’Enginyers de Telecomunicació de Catalunya Cataluña Ingeniería Superior Colegio Oficial 145.20€ (+18€ iniciales)
COETTC Col·legi d’Enginyers Tècnics i Pèrits de Telecomunicació de Catalunya Cataluña Ingeniería Técnica / Périto Colegio Oficial 123.42€
COIT Colegio Oficial de Ingenieros de Telecomunicación España Ingeniería Superior Colegio Oficial 145.20€ (+18€ iniciales)
COITT Colegio Oficial de Ingenieros Técnicos de Telecomunicación; Asociación Española de Graduados e Ingenieros Técnicos de Telecomunicación España Ingeniería Técnica / Grado Colegio Oficial 128€
Telecos Asociació Catalana d’Enginyers de Telecomunicació Cataluña Ingeniería Superior / Grado Asociación 150€ (+40€ iniciales)

(Español) Cooperativa La Fageda

730214861_13450762052845114586

Aprovechando que estábamos de ruta por el Parque Natural Volcánico de la Garrotxa, nos hemos acercado a visitar la Cooperativa La Fageda. Ya conocíamos la magnifica labor que cumple la cooperativa hacia la sociedad en general, pero teníamos ganas de ver cómo funciona por dentro, así que nos acercamos interesados en hacer una visita guiada.

Cuando preguntamos por las visitas el único grupo con plazas disponibles iniciaba su recorrido, así que gracias al recepcionista, nos colamos en la sesión. La primera impresión cuando llegas a la cooperativa, que está situada en medio del Parque Natural Volcánico de la Garrotxa, es de una gran tranquilidad y armonía.

¡Manos a la obra! Nos unimos al grupo y seguimos las explicaciones de nuestra guía, que nos mostró el proceso de elaboración de los productos, comenzando con las vacas, pasando por el envasado de los productos y terminando con una exquisita degustación.

Para los que conozcáis la Cooperativa La Fageda, aquí van unos cuantos puntos muy interesantes:

¿Por qué es importante la Cooperativa La Fageda?

La Fageda es una Cooperativa en la que trabajan personas con discapacidades intelectuales y trastornos mentales severos. Fabrican derivados lácteos (yogures, helados, etc) y mermeladas de manera natural, entre otros. Aquí ya podemos entrever dos temas muy importantes: primero la función integradora con la que cumplen y segundo la calidad de sus productos. Respecto a su función integradora, simplemente hay que acudir a su historia para entender cómo nació el proyecto. Alguien con una amplia visión del papel de la sociedad decidió que las personas con discapacidades intelectuales y trastornos mentales severos no deberían de estar encerradas en una institución mental, sino que merecían ser valoradas por sus capacidades y habilidades.

Sus productos

La Cooperativa dispone de huertos y vacas que son tratados de manera totalmente ecológica y sostenible. Sus animales no toman ningún tipo de pienso e incluso pueden disfrutar de música y masajes para relajarse y generar más leche. El proceso de elaboración es muy respetuoso con los animales y el entorno. Por si todo esto no fuese suficiente, los productos no llevan conservantes ni colorantes. Esto genera un pequeño inconveniente: solamente se pueden obtener en localizaciones cercanas. Pero hemos de pensar que La Fageda cumple principalmente una función integradora y su función no es la capitalización de beneficios ni el dominio del mercado; pese a que son los terceros en volumen de ventas de Catalunya.

730214324_6771075701050600798

Cómo ser partícipe de un proyecto humano como este

A voz de pronto, hay dos forma muy fáciles de colaborar:

  • Visitando la Cooperativa. Sus instalaciones son muy interesantes, la visita guiada muy instructiva, está situada en un entorno espectacular y solamente cuesta 4€.
  • Comprando sus productos. Cada vez que adquieras yogures o helados, sé consciente de lo que significa ser partícipe de un proyecto como este y decide por ti mis@ si quieres contribuir al ciclo capitalista de la mayoría de empresas o te apetece colaborar con la integración de las personas.
  • Explica a tus amigos lo que significa la Cooperativa La Fageda.

En la página web de La Fageda puedes encontrar más información sobre el proyecto y sus productos: fageda.com.

730328741_4044954272117575562