adric: books icon (c) 2004 adric.net (Default)
Unfortunately the next assignment is repelling me forcefully. Even after a few flybys as I try to actually dig into it it's not passing my "this is dumb" filters and is being rejected by a voice in my head yelling about how dumb it is and telling me to run or find something productive to do.

To help us learn how to digest and actually get useful information from specs and other complex documents the lectures and reading explain active reading techniques and emphasize the use of mind-mapping software. The assignment is to use a mind mapping application to make a map of a specification and answer some questions about the results. If you haven't got or aren't familiar with the mind mapping tool you are encouraged to snag it and start in early in the assigned time for this assignment , and I did yesterday with mixed results.

Here's where it gets choppy: I haven't met a mind mapping program that I can actually use effectively, though I have tried a few a few times. Much as no note-taking application is faster or more versatile for me than scribbles on paper (alas I would this were not true, see recent /. discussion for ample discourse. tl;dr use a pen and paper) I have to whiteboard or pen sketch flowcharts, timelines, swimlanes and especially formal maps (at work) before trying to fight them into a computer. So this assignment's technique is unlikely to work well for me however awesome it is. And confirmation bias as it may, I had enough trouble inputting the skeleton into the mapper yesterday that I'm pretty convinced it's a net-loss for efficiency and don't want to use it again, certainly not for inputting data.

But the real problem is that the specification document we are supposed to analyze isn't a spec. It's the bleedin' online manual and is mostly full of marketing and fluff. I haven't seen any numbers in the parts I have tried to skim and if there's a section of fluff about interoperability I haven't been able to find it yet.

I think I could have surmounted (kludged) one of these two problems but with both staring me down I'm locking up. I should be able to analyze this app from the fluffy manual and using it, but I won't have anyhting in 3-4 hours but a headache and a wall-white board full of scribble which it would take me a couple hours to clean up and get into the mapper (Or faster into Visio, Omnigraffle, Inkscape in order of speed and cost).

I've either got to learn to type quickly or the computers need to learn to understand my scribble and/or when I yell at them .. but this shouldn't have anything to do with how to analyze a spec or mock the thing they gave you in the specification folder.

I guess I should try and active read through the spec, taking notes as best I can (still no study skills to speak of) and ignore the map for the remaining 2-3 hours and try and come up with something. It either that or I'll drawn a moderately useful map and need another couple hours to get it into the shiny metal box on my table here. Argh.

ETA: a snip from the assignment to demonstrate the gulf between these techniques and anything that will actually work for me:

Every sentence of a specification should be telling you what the product is (Product Elements), in what way it is good or bad or needs to get better (Quality Criteria), or how it will be built and the context in which it will be built (Project Environment). As you find information about the product, note it under one of the topics or subtopics under these main headings.


This sounds like something best accomplished with printouts, scissors, and maybe a bunch of index cards. Then once you have something maybe you can put it in a computer. Am I really so far out on this? How can anyone actually organize a bunch of random crap on a computer?

ETA: Pics or it didn't ...
adric: books icon (c) 2004 adric.net (Default)
I worked through the lab assignment's questions and now need to covert this into a list of risks for other to critique. This was so much fun to write I wanted to hang onto it anyway even as an intermediate product. My actual submission for class is below the cut.

1) The variable of lastname is input (optionally) in the wizard that runs on first program execution of OOo applications, modified in the Options dialogue of any OOo application, and used in every facet of the office suite.

2a) Undefined is a valid state for this variable and any code path that uses the variable without checking for undef or doing so incorrectly will introduce errors in its functions. Additionally, too much data in this field would also be dangerous to any of the code that uses it do the likelihood of buffer overruns and unexpected characters or encoding in this field could lead to format string errors or exceptions in library string-handling code. If you can get a non-character or non-string value into this field due to input validation failures then wholesale memory and stack corruption becomes a concern.

2b) Use of lastname as well as the companion variables first name and initials is widespread throughout the SUT applications. Beyond the dialogs which directly manipulate this value (new user wizard, Options) many other functions read this variable and incorporate it into interface displays (document properties) or include it in requests to other modules (printing). The name variables are included in various places in the document data saved to disk automatically and intentionally including the document properties. If change tracking is enabled a tag generated from name variables and dates is displayed next to each change made by a particular user and recored with version information in the document files. Perhaps most excitingly the name variables are posted to Internet servers with registration information allowing for the small possibility that an error related to this variable could affect not only systems that process the document but completely remote systems as well!

2bi) Lastname is used in (at least) many display functions in all parts of the SUT applications, change tracking functions, save/load functions, printing functions, macros, user preferences, data generating functions such as headers and footers, and online registration.

2bii) Values of lastname are displayed in numerous parts of the UI, in change-tracking feature's tags, inside saved documents (and temp/autosaved ones), and may be printed depending on settings for header/footer and cover pages.

2biii) Values of lastname are sent to the operating system as part of stored data about the user and document as well as to remote devices for printing (settings dependent) and to remote Internet servers with optional software registration. I'm unsure about how lastname values may be used in API calls and macros.

2biv) Values of lastname are sent to the operating system as part of stored dat
a about the user (registry UserProfile.xcu) and document (meta.xml).

2bv) Values are read from the registry user profile files if available and may be input into the SUT via the first-run wizard or on demand with Options dialogs.

2c) Changes to the presence or boundedness (?) of last name during program operations could lead to corrupted data in memory, on disk, and displayed to users.

2cviii) Display of user data, document data or metadata could be impacted by incorrect information about the presence (undef), values (could change), or boundedness (wrong data type) of last name.

2cix) Boundary errors on lastname could influence other variable values in document metadata, document content, or application configuration leading to problems with these unrelated variables and functions. Gross misbehaviour on the part of lastname could completely corrupt XML program and document data structures rendering the document or preferences unreadable and thus broadly disrupting document or application functionality.

2cx) There any number of cases where software errors could cause the value of lastname currently in memory and on disk in the user registry or document to become de-synched. This could lead to incorrect data being saved or printed. Some of these cases include local or remote file system errors, unaccounted for 'races' with other OOo (or alien) process running on either the SUT or the file storage device, or just faulty RAM.

2cxi) Lastname is optionally sent with registration information to remote Internet servers operated by the OOo project. A chained failure of input filtering or other unlikely occurrence could cause unexpected format, encoding, or sized lastname to be injected into the remote system and processed. It is not entirely far-fetched that this could lead to serious problems on the remote system(s) that receive and process the data such as a buffer overflow or SQL injection attack.

2cxii) Perhaps the most outlandish and unlikely risk is to the hardware of a printer that receives a document to print with malformed or corrupt lastname information in the cover page, headers, or document body. The could lead the printer to malfunction, develop sentience, or start making toast if enough failures chain together in just the right (wrong?) way.

Risks for OOo Last Name: a continuum of failure stretching towards disaster )
adric: books icon (c) 2004 adric.net (Default)

Hi everyone!

I am quite excited (and nervous) to be diving into a new BBST course after how much I learned from the previous ones (and how much work they were).

I'm a security analyst in a small business unit of a really large company and before that I was in IT as a system administrator and what all else.
Cheerfully enough I live within walking distance of the office and try to take advantage of that as often as weather permits.

I use testing techniques, especially those learned in BBST courses, in a lot of non-development software work including vulnerability assessment and configuration management. I have a sneaking suspicion there is a crossover between security analysis and software testing methodologies in my future careers ...

I like testing and automation tools because they support my scientific focus on dealing with computers and users both. I demand reproducibility and hooks for automation in, well, practically everything ... and not just at work. I've been heard to cry out "It's computer science, not computer superstition!" on occasion when reboots(!) are suggested as a solution** to a problem.

Outside of work or software even I read escapist fiction and nerdy non-fiction, watch some telly, bemoan how I'm not keeping up with my foreign language studies, crafting, or martial arts lessons, and then get distracted by video games, cats, or other humans.

Greetings!

** Workaround they may be but not a solution and they destroy any hope of researching that instance of the problem...

Profile

adric: books icon (c) 2004 adric.net (Default)
adric

June 2025

S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930     

Links

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 4 July 2025 12:17 am
Powered by Dreamwidth Studios