Selenium 4 Facebook & Twitch Hack TGNS17

About This Episode:

Want to know some key insights around API testing.

Why did Facebook go down for almost a whole day?

And did you hear about the huge Twitch hack?

Find out the answers to these and all other full-stack end-to-end automation performance security in DevOps testing topics. In this episode of the Test Guild news show for the week of October 10th.

So grab your favorite cup of coffee or tea, and let's do this.

Exclusive Sponsor

This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery, and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!

Links to News Mentioned in this Episode

*** Applitools free account: https://rcl.ink/xroZw ***

https://applitools.info/jgu

https://www.selenium.dev/blog/2021/selenium-4-rc-2/

https://www.abc12.com/2021/10/06/japanese-startup-autify-raises-10m-series-advance-software-testing-automation-through-no-code-solution/

https://www.ontestautomation.com/on-codeless-automation-or-rather-on-abstraction-layers/

https://www.linkedin.com/posts/menesklou_testing-automation-testautomation-activity-6850724889448484864-U3fJ

https://smartbear.com/news/news-releases/smartbear-releases-results-of-2021-state-of-softwa/

https://link.medium.com/HrqlswQh8jb

https://www.marketscreener.com/quote/stock/VMWARE-INC-58476/news/VMware-Announcing-availability-of-VMware-Cloud-on-AWS-Outposts-36600466/

https://www.thousandeyes.com/blog/facebook-outage-analysis

https://www.linkedin.com/posts/tammybutow_facebookdown-outages-sre-activity-6851556660675137536-RGbJ

https://www.linkedin.com/posts/nvanderhoeven_testing-in-public-how-to-plan-a-load-test-activity-6851624350391574528-LNLt

https://www.globenewswire.com/news-release/2021/10/06/2309760/0/en/Fluent-Project-Creat%5B%E2%80%A6%5Dirst-Mile-Data-Observability-Platform-for-Enterprises.html

https://jobs.apple.com/en-us/details/200295220/site-reliability-engineer-sre-apple-cloud-services?team=SFTWR

https://www.pcgamer.com/security-experts-aghast-at-the-scale-of-twitch-hack-this-is-as-bad-as-it-could-possibly-be/

News

First up, automation news,.

Also speaking of Applitools, make sure to check out their white paper on Disrupting the Economics of Testing Through AI. This is a really great resource it goes there are many things, but some highlights that they point out is why is the cost of quality control out of control? The critical pinpoints faced by modern software development teams in five ways artificial intelligence and machine learning can help you today. Definitely, check it out.

Joe Colantonio: The second in last release candidate for Selenium 4 is now out. It actually will ship with all the language bindings for .Net, Java, Python, Ruby, and JavaScript, so definitely give it a go and try it out. If you haven't already.

Joe Colantonio: So on the show, we've been hearing a lot about codeless or no-code automation solutions, and this next news item caught my attention. It's a series of A funding going to a company I just heard about called I think it's Autify. So Autify is another no-code AI-powered software testing automation platform that just raised $10 million in Series A funding.

And speaking about codeless, I don't know if you've ever looked in LinkedIn comments, but a lot of times you have a lot of awesome experts actually commenting on other people's posts that then lead you to other information that you didn't know about. And this is what happened to me when I was looking at both codeless automation. I came across this post and a comment by Bas that actually, I think, illuminates some areas where people may be confused about what is codeless or debating of codeless is even automation, or is it even worthwhile? So in post about codeless automation, the benefits of it, and in the comments, I notice, Bas said. You say codeless, I say abstraction layer. So potato, potato, tomato, tomato for Bas. He calls it abstraction layer. I'll have a link to Bas's full blog post on codeless automation and why he likes to rather think of it as an abstraction layer and just a lot of good insight here on how you can get your head around what is codeless? What does it mean by codeless? Some pros and cons of codeless and how thinking about as an abstraction layer may be more beneficial.

Also, SmartBear just released its 2020 state of software quality API survey results with some interesting insights around API testing and some key insights that they highlight is that a majority of API practitioners operate in multi-protocol landscaped. Of those surveyed, 57% state they use three or more protocols within their organizations. Developers are also increasingly involved in testing and taking on more testing responsibilities, with close to 60% reporting that they are directly involved in the API testing. Also, ease of use was reported as being the top factor of driving API tool choice in the biggest obstacle to ensuring quality of APIs, as well as API documentation, is an increased demand for speed and delivery. So check out the link for this survey down below because it goes into detail to a whole bunch of other topics and why they bubbled up those particular insights as key things they should take away from this report.

Joe Colantonio: Another aspect of automation that's often overlooked in software development is actually automation or treating infrastructure as code. And so one popular technology that's used to help you do that is Terraform and have a really good medium post that goes into detail on this as well. This talks about how to use integration testing using Terraform Test, so run breaks down some prerequisites for getting started. Test for TerraForm modules, how to run test and a whole lot more. So definitely check that out as well.

Also, another hot topic we've been talk about as well is cloud and cloud automation. So VM just had an announcement of announcing the availability of VMware Cloud on AWS Outpost and I like how this article points out how modern I.T. infrastructure is one of the core pillars of digital transformation strategies and the public cloud has been a digital transformation enabler for organizations because of several benefits, such as elasticity, on-demand scalability, agility, innovation, and reduced operational overhead, to name a few. So just another reason why I think automation should be expanded to incorporate and embrace other forms of automation, including infrastructure and cloud-based technologies.

Next up, performance in site reliability news.

In probably the biggest news item of the week has been the outage of Facebook and Instagram. People are panicking. It was down for almost a day. So why did it happened? A lot of people ask, was it a hack? How could have been prevented, so I found a really great article on LinkedIn that was posted by Tammy. And Tammy also post an article to a really detailed breakdown of what happened, why it happened, and if it could have been prevented. So thank you, Tammy for posting this in LinkedIn. If you click on this link to the article at Tammy reference is a really deep dive into what happened for the Facebook outage, so has a really good breakdown step by step of what happened and how they eventually resolved it. I thought was even more enlightening was Timmy's discussion going on and on? Do you think this could have been prevented? Could SREs have helped in this? And survey results say that yes, it could have been prevented. 27% say no. But then once again, as I mentioned with other comments on LinkedIn, if you dive into the comments, Tammy adds further insight into what other people are saying and helps illuminate how she thinks it could have been prevented or at least found out or touched earlier or resolved earlier. So so a lot of good stuff going on there. So definitely check it out. And also, I think I said it before, but definitely give Tammy a follow. She's one of the goto resources for me, for site reliability engineering and especially chaos engineering.

And speaking of goto resources, Nicole Van Der Hoeven is back on the news with another awesome resource around performance testing, though you definitely need to check out. This is on how to plan a load test, so definitely check out the video. Really good insight around all things performance-related topics, so definitely give her a follow as well.

Another news item that caught my attention is something I never heard about before, but the creators of the Fluent Project actually announced a cloud software solution for what they call the first-mile data observability platform for enterprises. So they I share with you because I've never heard of it before, so maybe it's something that would benefit you. So observability actually is a huge trend I've been seeing this year, so I'm seeing a lot of tools coming out and it's just another example. So let's just talk about how you can ensure that users are successful in their first mile of their observability journey and help scale to manage data across thousands of servers per day. And the solution is available to help with that. So look like another cool piece of technology that we should know about since I said observability is a hot trend and these types of tools are probably something we should learn more about as well.

And finally, security news

This next news item may be just as big, if not bigger than the Facebook one we just talked about. And that is Twitch is having security issues, so a lot of interesting quotes in this particular article. One of them is reading of a data breach that includes the entire source code, including unreleased software, SD case, financial reports, and internal red teaming tools will send a shudder down the spine of any hardcore infosec professional. And the first question everyone's mind has to be, how on earth did someone do this? This sum up the article basically by saying whatever Twitch was doing for application security, they need to redouble their efforts because anyone can run a static analysis, interactive analysis, fuzzing another application security testing tools and switch needs to push their application security to the next level to find it fix in vulnerabilities before anyone else could find them. So interesting quote there, though, even though you may have in place automation tools to help you do scans and help find low hanging fruit that your security efforts need to be much more encompassing than this, and you definitely need to invest in your infosec team needs to be expanded for a lot of these companies because exploits like this will sink your company and your brand. So just a cautionary tale for any other company out there if they're not heavily investing in their security efforts.

So that's it. For this episode of the TestGuild news show, make sure to help support the show by clicking the links down below and make sure to check out Applitools visual AI. Definitely, check it out if you haven't looked at it yet, and click on the link down below to create a free account now so you can get up and running to see how AI and visual testing can help really find bugs that you would not find anyway else without using technology like Applitools.

Once again, I'm Joe, and my mission is to help you succeed with creating end-to-end full-stack end-to-end automation awesomeness.

As always, test everything and keep the good. Cheers.