TOPP makes Google’s Open Source Blog

We’re getting some Google attention at the geo-side of our organization. Today, TOPP’s work on GeoWebCache made Google’s open-source blog, mentioning GeoWebCache’s lead developer Arne Kepp.

Good work guys!

Update: Alright, full disclosure. I just realized the post was written by Chris Holmes, TOPP’s “geospatial CEO.” It’s still pretty cool, but a little less so.

WOPR: Work Presentation Slides

I just gave a presentation at work about my experience at WOPR. From what I can tell, it went great, and was a good introduction for the organization.

Here are my slides.

They were crafted specifically for The Open Planning Project, though they may be useful elsewhere.

A big thanks goes to everyone at WOPR, and a thank you goes to David Winslow at The Open Planning Project for setting up this talk!

WOPR & Pre-WOPR

There’s nothing like getting off of a plane, taking a shower, then showing up almost-late to jam with a bunch of software engineering professionals. There’s nothing like it, and career-wise, it was one of the best weeks I’ve had.

I was in Miami two weekends ago for a friend’s wedding. After missing the vows — we got lost! — paintball, and an extremely great weekend, I flew back Monday morning and headed straight to the pre-WOPR event. WOPR, for those that don’t know, is the Workshop on Performance and Reliability, and “pre-WOPR” is a similar workshop held a few days beforehand.

Like all workshops previously, I had a bit of nervousness going in. For this one specifically, I felt I didn’t have much experience related to performance testing, and I felt… well, performance anxiety (pun intended) because I’d have to to participate with folks each having 10 - 30 years experience in the field. To make matters worse — as nervousness is concerned — for WOPR, I was asked to give my views on each experience report, in front of the group, after group discussion finished, in a spotlight that became known as “Tim-bits”. For a newbie out of college, this was some pressure.

Though I had nervousness going in, I enjoyed both workshops immensely. I wrote my Tim-bits down — as “sound bytes” that best describe what I learned — and am providing them for WOPR, pre-WOPR, and the world! :)

I’ve attributed each bit to the experience report that led to it; however, I would like to stress that many of these bits were the direct result of group discussion afterward. Attribution not only goes to the presenters, but to everyone who attended the workshop.

  1. Exercise-centric courses that are meaningful to the audience will be more likely to produce better performance testers in a practitioner-based performance testing course. (Ross Collard, independent consultant)
  2. Tools don’t solve problems, they help people solve problems. Like a hammer helps in building a roof, our tools help in doing performance testing. No one tool will do our work for us. (Goranka Bjedov, Google)
  3. Performance testing’s monitoring tools are very much like astronomy’s telescopes. Although our tools do more and more things everyday, the best monitoring tools will be those that provide more — and more accurate — information. (Scott Barber, PerfTestPlus, inc.)
  4. The same problems in consultant-taught performance testing courses exist in academic professor-taught courses: Fuzzy prerequisites; diverse student backgrounds; variable student interest; turbulent teaching environments. They’re all there in both contexts, and the problems generalize. (Gustavo Vazquez, Uruguay Center for Software Testing**)
  5. a) The knowledge of a good performance tester intersects all facets of software engineering. When teaching them — for one course, at least — you must give them a slice of programming, a slice of process, a slice of statistics, and a slice of practical testing environments. Doing so successfully is difficult. b) Bureaucracy, and conflict of interest by those in power (management) can screw up a very effective testing course. (Dawn Haynes, PerfTestPlus, inc.)
  6. Graphs, graphs and more graphs! They are — as far as we know — the quickest and most powerful way to give decision makers the information they need to make release decisions. Prepping the decision makers beforehand at the start of the testing process will set expectations and create a healthy reliance on the testing group. (Jude McQuaid, Intuit)
  7. Relate performance testing to beer.*** (Andre Bondi, Seimens)
  8. Apprenticeship in performance testing has benefits in some contexts, and is more beneficial when testers are newer (avoid the word “junior” :) ). Also — like a Sith Lord — it’s too hard to manage too many apprentices. (Roland Stens, independent consultant).

** Gustavo: Let me know if that’s the correct translation. :)

*** His slides are available — and I’m working on getting them — that explain the analogy much better. The group roared with excitement when he showed them, and some said it was “the best performance testing analogy seen yet.”

Though there’s much more detail lurking behind each bit above, the biggest thing that struck me was non-technical — rather, it was how comfortable I felt throughout these two workshops.  I can’t quite pinpoint the exact nature of this comfort, or what made these workshops different than the many others I’ve been to; however, in general, I finally feel like I’m “part of the group.” I probably always was — heck, I’ve been dubbed a “wolf” for a long time now — but I think the realization is finally setting in. Big thanks to all!

Speaking of thanks, I want to thank Rob Sabourin for being content owner; Ross Collard and Scott Barber for co-organizing; Julian Harty and Goranka Bjedov for hosting; Paul Holland and Nick Wolf for facilitating; and all the participants who made WOPR and pre-WOPR great events to attend. I learned a lot — more than what my Tim-bits might show — and I appreciate all the great insights that came from this experience. Thank you!

Streets are for the people. Let’s take ‘em back!

The Open Planning Project just released a small community website for those in the greater NYC area: http://www.blockpartynyc.org

From here:

Block Party NYC is a new program by the New York City Streets Renaissance Campaign helping neighborhoods around NYC come together and enjoy their street, free from the usual hazards and distractions of automobiles. This summer, we’re providing mini-grants to over 30 block parties throughout the 5 boroughs, [as well as] the services of a professional urban planner to combat community problems like traffic, speeding, noise and air pollution.

Interested in meeting your neighbors? Getting outside? Having some good ol’ fashioned family fun? Well here’s your chance.

Recent Look & Feel Change

I’ve been playing around with the look of the site in order to get more space on-screen. You’ll notice that the sidebar’s gone, and the archives have moved to their own page.

The one problem, which, depending on your perspective, may not be a problem at all: It’s hard to tell the difference between the main page (’/'), and a single post. For instance, go to http://www.oneofthewolves.com (you’re likely already there), and then click on a single post. Can you tell the difference? If you clicked on the first post, were you able to tell the difference without scrolling?

I’m not sure I like it, though I do enjoy the added space. Watch for more dust as I keep making changes.

It’s not just Google…

Since my previous post below, I received three spam email messages that linked to malicious content using Google’s ad servers. The first time was interesting, though the next few times made me think: Is Google the only ad service that allows this?

The answer is no. I went searching the net for online ads similar to Google’s, and I found some pretty interesting results. See a pattern?

Where known — or easy to find through a whois lookup — I’ve listed the company serving the ad.

  1. Google: http://pagead2.googlesyndication.com/ …. &adurl=http://www.oneofthewolves.com
  2. Interclick: http://a1.interclick.com/ …. click.ic?http://www.oneofthewolves.com
  3. EyeWonder: http://www.eyewonderlabs.com/ …. &click=http://www.oneofthewolves.com
  4. Etology.com: http://pages.etology.com/gtbclk/ …. /15/http://www.oneofthewolves.com
  5. MySpace: http://desb.opt.fimserve.com/lnk/?k=Nz …. href=http://www.oneofthewolves.com
  6. http://adc.brandreachsys.com/ …. &Redirect=http://www.oneofthewolves.com
  7. Tacoda: http://anad.tacoda.net/ …. //REDIRURL=http://www.oneofthewolves.com
  8. ReduxMedia: http://ad.reduxmedia.com/click,JiIAA …. ,,http://www.oneofthewolves.com
  9. DoubleClick: http://ad.doubleclick.net/ …. fhref=http://www.oneofthewolves.com

For some reason, it seems these companies don’t care that they’ll redirect to any site on the net. Granted, sites like desb.opt.fimserve.com look like spam anyway… But Google is a household name. Shouldn’t they care?

The one condolence I had in all this was Yahoo! For reasons that you might expect, the following link results in: “This link is not authorized by Yahoo!”

http://rds.yahoo.com/_…. /**http://www.oneofthewolves.com

Woot!

Google’s ad servers forward spam?

I received an email this morning purporting I was the main actor in an embarrassing video online. The email — obvious spam to anyone tech savvy — insisted I take a look.

The sender was Bale Garnock. I don’t know a Bale, but from his (her?) email address, I could tell he was legit: myoshida AT ws.ipc.fit.ac.jp. (Please, if this is anyone’s email address, let me know!) I mean, c’mon: Who takes the time to alert others of embarrassing videos they star in? This guy must be my friend.

His email only contained one line of text, which got my attention. It said “Take a look at yourself :)”, all of which was linked to this address:

http://www.google.com/pagead/iclk?sa=l&ai=YJsnJu
&num=85998&adurl=http://scramignon.com/video.exe

Being as cavalier as I am, I decided to click it. What came up (unsurprisingly, of course) was a “video” I was asked to download. No website. No ads. Just a video.

Before actually looking at it — Hey, it’s a video of me right? — I noticed the link pointed to http://www.google.com/… Wow. I was pretty surprised.

From what I can tell, it seems a spammer was able to peddle their “video” through Google’s servers by simply editing a Google ad’s query string. (Look. I can do it too: Reader, take a look at yourself!)

This is interesting, if not concerning. On one hand, I’m sure this is something that Google doesn’t want to support, as they have a campaign against promoting unsafe internet material. On the other hand, if the recipient is not careful, they could assume the email — or the link, at least — is a legitimate one.

* * *

Googlers! By no means am I making a judgment of your services by writing this post. Although spam going through Google’s services is likely a concern, I’m more poking fun at how spammers expect people to fall for these type of emails (though, unfortunately, people do). If there is someone I can contact to alert them of this email, I would be very happy to do so.

UPDATE, 4/23:

Since I made this post, I’ve received three spam emails containing links pointing to Google servers.

UPDATE, 4/21:

I finally found Google’s contact information for security issues (found via Google, no less), and I sent them an email alerting them of the problem. Although they did respond, it seems I was given a default form response, pasted below, implying nothing more will likely happen with it.

Oh well…

Hello Tim,

Thank you for bringing this issue to our attention.

The email you have received is not owned by Google. Instead, it was likely
designed by an unauthorized party operating under false pretenses while
using the Google brand. This practice is commonly called ‘phishing.’

‘Phishing’ occurs when an unauthorized party claims to be a representative
of a legitimate organization in an attempt to trick the recipient into
disclosing important personal information like passwords or bank account
numbers.

Remember, Google will never send unsolicited mass messages asking for your
password or personal information, or messages containing executable
attachments. If you ever receive one of these messages, we strongly advise
you not to view it, and to delete it immediately.

Keeping our users safe from phishing is something we take very seriously.
To help us stop phishing attacks, we ask that you report any suspicious
messages or websites to Google at phishing@google.com

We appreciate your assistance in keeping Google users safe.

Sincerely,

Andrew B.
The Google AdWords Team

Re: My Little Rant Below

One of the great things about open-source software is that you can take ownership of it and make it your own.

Mel Chua, a recent intern at The Open Planning Project, saw my rant below — while also hearing me speak of it in the office — and took it upon herself to do something about it. During a presentation last week on “How to write Trac plugins,” she gave me and fellow coworkers a great introduction, smoothly following it up with a demonstration of a working trackback plugin. (No lie!)

I was estatic.

Through collaboration with Mel, Douglas Mayle and Joshua Bronson at The Open Planning Project, we’ve come up with a first implementation of  “tracbacks” within Trac (notice the missing ‘k’). In fact, Mel wrote up a great description here.

Along with the Tracbacks plugin, I used Mel’s tutilage and help from the #trac channel on Freenode to create what I’m calling “Trashtalk.” Trashtalk is, in a sense, the external version of the Tracbacks plugin, where it (enter: slogan) “records incoming links — url’s that link to each ticket — in order to gauge each ticket’s effect on the community.” Ever want to know who’s talking about your bugs? Well now you can with Trashtalk.

It’s in its early stages now, and there’s still more coolness to inject into it, but — thanks to Mel’s initial contribution — I get the feeling TOPP and TOPP’ers alike will feel more empowered to change their (bug reporting) environments for the better.

PS: A more in-depth showcase of both plugins may be on the horizon. You probably want screenshots. If I were you, I’d want screenshots. :)

A Little Rant Against Aging Bug Reporting Systems

I’ve tried to write this post many times. I’ve tried taking different strategies, from telling a story-based account that led me to an idea, to being blunt and direct about what I was trying to say. I even tried using big words that act as “intelligence flags” for those who don’t understand the message. Though I made three tries, I was satisfied with neither.

Instead of trying to talk around a topic that doesn’t seem to have a whole lot of discussion — nothing that I can divine, anyway — I’m instead going to say it very cheaply.

Given these premises: …

  1. Bug reporting systems are communication tools that aide people in talking about software defects, problems, bugs, etc.
  2. Bug reporting systems intentionally or unintentionally become huge silos of information that don’t play nice with other software.
  3. Bug reporting systems encourage communication that is formal, dry, and sometimes (most of the time?) uninteresting.
  4. Bug reporting systems are not people focused.

… And, given this observation: …

  1. Bug reports and blog posts are essentially the same technology. They are, at their core, a block of text followed by inline discussion.

… I’ve come to this conclusion:

  1. Bug reporting systems are rather old technology, and their creators can learn a lot from the blogging movement.

What if bug reporting systems had trackbacks, for instance? Or a meaningful RSS feed?* Or maybe, “What’s new?” “What’s interesting?” or “What’s the hottest bug that we know of right now?” What if a bug report displayed who was talking about it (e.g., who linked to it) or performed the mundane task of figuring out which bug reports were related (again, who’s linking to it)?. Wouldn’t that make things easier? If there was a better interface — rather than the top of the bucket — that management could peer into, wouldn’t that solidify the role of the testing organization and help management keep track of their software’s status day-to-day?

Isn’t that bug advocacy?

This all stemmed from our use of bug reporting systems at The Open Planning Project. In short: One Big Bug Reporting System is unmanageable given many users and many avenues of input. Eventually, the silo will become too big. Multiple bug reporting systems are unmanageable given software systems that are tightly integrated. Eventually, a single bug will affect each system, and multiple people — whose hands are somewhere within each bug reporting system — will have to respond to it.

I almost hate to say it, but online bug reporting systems are the oldest Web 2.0 applications I know. So why have they fallen so far behind?

* Our system, thankfully, has an RSS feed, though my impression is most bug reporting systems are behind the times.

PS: I could be convinced that all I’m really suggesting is that Y generation testers will start advocating bugs to management through current Web 2.0 technologies, such as blogs. However, I wouldn’t be disappointed if some bug reporting systems learned from the blogging movement, evolved a bit, and became more open to information sharing across a large, interested audience.

My current open-source favorite is Trac. No guarantees, but there may be a new plugin on the horizon.

Alright, we should be up and running.

Quick tests show that timothyjcoulter.com is up and running. Things may be rocky for the next couple days, but I’m optimistic it’s working as normal.

« Previous PageNext Page »