FIT for testing

It’s been a while since I subscribed to the XP mailing list, but I manage to hear about most of the important developments, I think. A few weeks ago, Dave Thomas told me about FIT, Ward Cunningham’s Framework for Integration Testing.

It sounded intriguing, but I really didn’t have time to investigate it. Then, at the Lone Star Software Symposium in early November, Daniel Steinberg mentioned FIT and how interesting it is. And last week, Mike Clark sent me a draft of some early work he’s done with FIT. By the rule of three, then, I suddenly had to spend the time on it … when three people of that caliber are talking about something, it deserves attention.

And FIT does deserve attention. Ward designed it to address one of the more difficult parts of Extreme Programming: the idea that customers should specifyand ideally writeautomated acceptance tests. FIT is a fascinating approach to that problem. Naturally, the programmers must help, but they help in very small ways; primarily by writing tiny, simple adapter classes that hook application objects into FIT.

FIT is still in the early stages, and there are numerous problems to be solved. But it has the potential to work really well, at least partly because it is simple and adaptable rather than feature-complete and all-encompassing. If you haven’t looked at it and played with it, make the time to do so.

More Quicksilver info

I spent part of lunch today in the bookstore. Cryptonomicon is finally out in a mass-market paperback (approximately a foot thick). And I couldn’t help but notice that the cover said it contained an excerpt from Quicksilver. Next thing I knew, I was in one of the big comfy chairs.

The excerpt definitely made me want to read more. (I’ve been getting hungry for more from Stephenson anyway.) It takes place around the turn of the 19th century, on the cusp of the Enlightenment. We see the ancestors of Lawrence Waterhouse and Bobby Shaftoe, along with Isaac Newton, Liebniz, a young Ben Franklin, the founding of MIT, andas many have suspected Enoch Root.

It’s the first volume of a series called The Baroque Cycle, and apparently it will be published in October, 2003.

Seams? I meant chasms.

Microsoft says: Don’t trust Microsoft

(via my O’Reilly blog)

There’s a new security hole in Microsoft software. An ActiveX control, supplied and signed by Microsoft, can run arbitrary programs on your computer. Microsoft has issued a fixed control, but there’s still a problem: sites can request the vulnerable version, and it will be fetched and reinstalled.

Microsoft’s solution: remove Microsoft from your list of trusted providers (if you ever put them there, that is).

It’s tempting just to chortle at this, but it illustrates serious problems with the code-signing approach in general. Way back in January 1997 I wrote that the ActiveX security architecture wasn’t actually a security architecture; at best it’s a blame-assignment architecture. I believe that even more today.

I’ve worked on projects that do code signing. And there are big security holes in the whole process. Think about how organizations work. Too many people will have access to the signing key. Signing becomes part of the automated build process, and it stays there even if security audits fall by the wayside. (Assuming, of course, that there ever were security audits.) You have to be careful with trusting individuals. Why would you ever grant blanket trust to a corporate entity?

Ken Thompson was right. The problem of trust runs deeper than technology.

Journalling is on

I’ve been running OS X.2.2 for over a week, and today I turned on the new journalling support in the file system. Supposedly it’ll slow my system down a bit (presumably just on writes to disk), but I want the assurance that my file system will be OK after a crash.

This morning I was copying something to my iDisk, and it bogged down. I had to get to work, so I tried clicking Cancel, but the Finder was unresponsive. I finally had to just unplug and go.

When I got to work and opened the machine again, things were still stuck. I tried a restart, but 10 minutes into the shutdown process, looking at a machine that wasn’t doing anything, I powered off. The fsck on reboot found a lot of things to fix. I hope all my data is OK, but in any case, it’s time for the safeguard of the journalling filesystem.

subscribe via RSS or JSON Feed