Unit testing software tends to break down at the boundaries of a system.  It’s difficult to test the graphical user interfaces (although with some of the new technologies like Selenium, testing browser-based GUIs is easier…) and the database access. I’ll save the UI for another time, today’s topic is the database access. Read more

In a recent post I talked about ATM skimming devices. It seems from a recent article in Wired that theives have taken ATM fraud to a new high. In Europe machines have been found that have been compromised with modified software, which eliminates the need for card skimmers or cameras.  It requires someone with insider access to install the software on the machine, but it definitely ups the ante quite a bit.

The malware captures account numbers and PINs from the machine’s transaction application and then delivers it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief can also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

Where before you stood a chance of spotting a card skimming device on your neighborhood ATM, with this scheme you really have no idea whether the machine has been compromised, since it’s all in software.

The good news is it seems like more recent ATM machines have newer security measures that make the attack ineffective.  On the other hand, how long has your bank had their current ATMs?

[ Original story at Wired ]

I picked up a project at work that’s working on an iPhone application, which I’d asked to coach since it sounded fun. I was going to Bookpool.com tonight to look for books on iPhone programming, and the domain is parked!

This came as quite a blow. Bookpool always had good service, and their prices couldn’t be beat. A quick Google came up with a number of threads where others are also grieving the loss of Bookpool.

Here’s hoping they come back, I’d certainly buy from them again! If not, rest in peace friend.

Over the weekend, Kelly and I finished up the new logo. It’s her inspiration, with my fine tuning that got us to it, and without further ado, here it is:

There’s another version which I’m also planning on using, but doesn’t work so well when printed out:

So, what do you think? I like them, personally…

It’s no secret how to write a good user story, you just need to keep focused on the outcome you want to see. Cohen’s formula, “I, as a , want to so I can ,” does a good job keeping us focused on that. Still it seems like people want to throw all kinds of things into the backlog as a user story.

I’ve started to notice, however, that there’s another interesting thing out there, which we’ll call User Story Factories. (I was calling them “story generators,” Lowell Lindstrom, a Certified Scrum Trainer, suggested that maybe “factory” was a more appropriate term, which seemed like a sensible suggestion.)

Sometimes someone will suggest a story along the lines of “we need to educate the organization on our new product.” It’s a pretty sensible suggestion, it’s something that the project needs to do, and it has a business value. It presents some interesting challenges when you consider how you get to “done” with that story.

How do you say you’re “done” with educating the organization? You can’t, because there’s always something else you could do.  You can pull specific stories out of this factory, however. You can decide to offer a lunch-and-learn, schedule training, or visit with teams using the current version of your product. All of these have pretty clear criteria as to what “done” means, but the factory itself doesn’t.

I think this is an interesting tool to keep around. When you’re planning iterations/sprints, you can look at these factories and decide if you need to make some progress in the area they describe.  If so, you pull some stories out of the factory, decide on how you’ll be “done,” and put them into the backlog.

Some of the purists might say “that’s not a good story,” but I think it helps keep your customer/product owner engaged with the project if you can speak in their terms. They’re worried about “organizational education,” then cool, keep it around and decide how to get good stories out of that factory.

For those who aren’t aware, there are folks out there who are stealing your ATM information not by breaking into the transaction processing company, but by stealing it from you at the ATM. This process is called “skimming,” and it involves installing a card reader and a camera on the ATM. The card reader gets the information on the magnetic stripe on the back of your card, and the camera watches what you enter for a PIN.  I knew these were out there, but it was a surprise to me to see how advanced they were, transmitting information wirelessly to the thieves.

It’s a good idea to try to keep an eye out for these devices, but you have to know what to look for, so I was interested to see a guide on spotting a skimmer. It’s a brief PDF that’s worth the read.

[ Consumerist via Lifehacker ]

Folks who know me in the real world (there’s a real world, I hear some of you cry) know that I have a fondness for anachronistic technology. I’ve got a 10 MB hard drive, a mylar tape, and an actual 64K core board (ask your father if you don’t know what this means).  I also repair watches as a hobby.  That’s what got my attention about this absolutely amazing looking phone from Ulysse Nardin.

the handset {…} will incorporate a visible, fully-functional kinetic rotor that will apparently assist in providing power, just like you might find in a mechanical wristwatch.

And, yes, they’re serious about that “No. 1 of 1846″ business, they’re apparently not making many. No really, if you want to get me one for my birthday, I wouldn’t object…

[From Timezone via Engadget]

Well, it was nice while it lasted. After McColo was taken off line last year, we saw an amazing 75% decrease in spam, that wonderful unsolicited commercial email.  It was only a matter of time however, before the spammers adapted.

Word out today from Microsoft says that now, 39 out of every 40 email messages is spam.  It’s absolutely dumbfounding.

[via Geeks are Sexy]

Just a quick note to wish people a happy April Fools Day. Hopefully you didn’t get pranked too badly.

I was amusing myself reading the Wikipedia article on April Fools, and I didn’t realize that BWM was such a consistent generator of April Fools pranks!  It’s worth a read if you haven’t seen it.

For those in the know, Friday is Cheese Weasel Day, for those who celebrate it. I’ve done so for the last few years, it’s a holiday that suits my sense of whimsy. Since I’ll be out of the office that day, I brought Irish Cheddar (NUM!), Wensleydale, Danish Havarti and Stilton with Apricots to the office today. All seemed to go over well.

Finally, I’ve got a friend with an artistic bent working on a new logo for the business, I’ll be posting that here for folks to see once it’s done. I hope it’s soon, I’m excited about it.

The Register has an article on the Payment Card Industry decertifying Heartland Payment Systems and RBS World Pay from their Data Security Standard.  As of now, those two entites that suffered the most recent, and dare one say huge, security breaches, are no longer able to do business with PCI merchants.

I wrote before (The New Computer Hacking Game) that it was a amazing to me that a company could be PCI-DSS certified and have an ongoing breaches as Heartland, and apparently RBS, did.  It seems I’m not alone in being incredulous, as the Reg observes:

The ability of attackers to penetrate both companies while they were in good standing with the PCI guidelines has prompted some to criticize them as little more than a rubber stamp designed to make the public feel more comfortable using credit cards.

It would be nice to have something positive come out of this, other than getting new credit cards where the shinyness hasn’t worn off the numbers yet…

via [The Register]