My Ubuntu Java Environment Setup Script

I know this has been done. And I know mine isn’t so great (I left out ALL error checking), but this is my quick set up script for when I install Ubuntu on a laptop or VM. I put it on a flash drive just in case because just in case happened to me 3 times in the past month or so. Note: a couple lines wrapped so I used \ to mark them.

#!/bin/sh
CURDIR=`pwd`
# export BACKUP=/media/MYFLASHDRIVE/backup
export BACKUP=/media/LIFESTUDIO/MediaBackup/Downloads
export ME=dave
export GRP=dave

delete() {
	if [ -f $1 ]
	then
		sudo rm -f $1
	else
		echo "does not exist"
	fi
}

install() {
	if [ ! -x /usr/bin/$1 ]
	then
		sudo apt-get install -y $1
	fi
}

install curl
install git
install zsh
if [ ! -x ~/.oh-my-zsh ]
then
	curl -L \ https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh
fi
install autojump
install ack-grep
cd ~/.oh-my-zsh
tar -xvzpf $DOWN/custom.tar.gz
sudo chmod +rwx $ME:$GRP ~/.oh-my-zsh/custom
cp $DOWN/config.zshrc ~/.zshrc

#Java
if [ ! -x /usr/share/jdk1.7.0_40 ]
then
	tar -xvzpf $BACKUP/jdk-7u40-linux-x64.tar.gz
	sudo mv jdk1.7.0_40 /usr/share
	cd /usr/bin
	delete java
	sudo ln -s /usr/share/jdk1.7.0_40/bin/java
fi

#Maven
if [ ! -x /usr/bin/mvn ]
then
	sudo apt-get install maven
fi

#Intellij Idea
if [ ! -x /usr/share/idea-IC-129.713 ]
then
	tar -xvzpf $BACKUP/ideaIC-12.1.4.tar.gz
	sudo mv idea-IC-129.713 /usr/share
	cd /usr/bin
	delete idea
	sudo ln -s /usr/share/idea-IC-129.713/bin/idea.sh idea
fi

#JMeter
install jmeter

#RUBY
if [ ! -x /home/dave/.rvm/rubies/ruby-2.0.0-p247/bin/ruby ]
then
	install curl
	curl -L https://get.rvm.io | bash -s stable --ruby
	/bin/bash --login
	rvm install ruby-2.0.0-p247
	sudo chown -R dave:dave .gem
	gem install map_by_method
	gem install what_methods
	gem install bundler
fi

#Sublime Text 2
if [ ! -x /usr/bin/sublime ]
then
	cd ~
	tar xf $BACKUP/Sublime_Text_2.0.2_x64.tar.bz2
	sudo mv 'Sublime Text 2' /usr/share/Sublime_Text_2
	cd /usr/bin
	sudo ln -s /usr/share/Sublime_Text_2/sublime_text
	sudo ln -s /usr/share/Sublime_Text_2/sublime_text sublime
	sudo cp $BACKUP/sublime.desktop /usr/share/applications
	cat /usr/share/applications/defaults.list | \
		sed s/gedit.desktop/sub\lime.desktop/g > ~/defaults.list
	sudo cp ~/defaults.list /usr/share/applications/
fi

#Skype and recorder
if [ ! -x /usr/bin/skype ]
then
	sudo dpkg -i $BACKUP/skype-ubuntu-precise_4.2.0.11-1_i386.deb
fi
if [ ! -x /usr/bin/skype-call-recorder ]
then
	sudo dpkg -i $BACKUP/skype-call-recorder-ubuntu_0.10_amd64.deb
	sudo apt-get -f install
fi

#Favorite Browser
if [ ! -x /opt/google/chrome ]
then
	install libxss1
	sudo dpkg -i $BACKUP/google-chrome-stable_current_amd64.deb
fi

#other personalizations
if [ ! -x /usr/bin/dconf-editor ]
then
	sudo apt-get install -y dconf-tools
fi
install nautilus-open-terminal
install ushare
install gimp

cd $CURDIR

Improving the Value of Testing – Security!

Do what you say and say what you do.

I think I got that from an ISO 2001 audit preparation meeting in the mid-90’s during an effort to sell fax machines that we were manufacturing at HP to the EU. I like that so I try to use it.

Do What You Say

I said that I was going to try Improving the Value of Testing. What would be better than security testing? A bunch of things, you might say. But the reality is that security is the highest risk you are facing in your products. The bad guys understand more than you do, and probably more than the people who make the security tools you use already. For me, I do not even understand much about what the tools do, or know the difference between sql injection and cross-site scripting. 

Say What You Do

So I am going to venture into this a little by trying to do some security testing with tools that I get from where ever. I will even make some home-grown tools if possible because I like to build and I like control. That would help amp my understanding to a higher level, in my opinion.

My first attempt was to crack open an old book How to Break Web Software by Mike Andrews and James A. Whittaker. Things change a lot in 6 computer years. All the web services are in SOAP – yuck. That’s like getting your mouth washed out. And almost all the tools are for Windows, but I primarily use a Mac. Still, I think I can get some concepts out of this. I try the paso proxy, but it’s not working for me yet.

So I move on to SoapUI. That’s an old friend, but I have never used it for security nor Rest. I spent some time on trying to simply send a request (POST) to my system under test but the SoapUI crashed. And crashed. And crashed. I tried five times before I went to their forum and found an recent unanswered post called Clean Install: Mac OSX beach ball of death. Oh dear. 

I spent a lot of time on those without getting anywhere. Edison would have said that I learned some ways that it doesn’t work. I will add more as I have time and additional information!

Improving the Value of Automated Testing

I have an idea. I will not get too high on it except that it is intriguing to me. Maybe the idea is not new to other people. The idea came to me while I was thinking about the test automation pyramid (or ice cream cone as automation expert Alister Scott recognized the typical shape). I am fond of the three-layer concept – enough so that I made myself learn how to write unit tests and service-layer tests, in addition to the GUI-based tests that are commonly practiced by software testers.

I am thinking about the shape of the triangle, which part should be how big, etc. Suddenly the problem hits me. The problem is not isn’t the investment in automated tests. It isn’t the maintenance (which I thought maintenance was a big issue). Alright, I am lying. Investment is half of the equation – the return on investment calculation. The problem is the (lack of) focus on the return for the investment.

So much is invested in tests that will find what? Low severity defects that do not halt releases? I do not care about low severity defects until I have sussed the high severity defects. I care even less about them when I am faced with making a substantial investment to find them. Where does that leave me? Focus on the big bugs. Automation for big bugs. Which bugs? The ones we do not want to ship with them in. The ones that require a patch if you miss them. The ones that make you slip release dates if you catch them late.

“I don’t care about low severity defects until

I have sussed the high severity defects.”

I expect to get criticized for this idea. Why? I have no experience on this. I have never tried it. It is an untried idea. What could be less valuable than a hypothesis? I can try it, but this kind of thing would take a while to prove itself out. But I cannot worry about that while I am brainstorming an idea. The idea will be flawed in many people’s minds. Automated tests are really just automated checks. That is not new. People are not particularly suspicious that the results are false positives, they do not like that the test are little positives – that is they test so little compared what a person can do. I believe this concept too.

What I really believe in is the ends, not the means. The means is how I will get it done. The ends is what I want to accomplish. I care about the automation only when it affectedly helps me get the good defects. What are those? In my world, those are the defects that reduce my organization’s ability to meet agreed or assumed service level agreements. I call those Enterprise Readiness defects. Examples include poor performance, poor performance after time (example: caused by a memory leak), poor resilience during or after high loads, problems with failover, and problems with data retention.

How can I accomplish that? By remembering that automation is just a tool in the toolbox.

More on this later…