Mind of Bigyellow

1.  Security Test for Application in docker Not many information, but put DUT into docker could be the same thing, 2. Put security test tool in docker. I do not see huge benefit to put security test tool in docker, but there are a few posts mentions that, and major open source test tool already have their own docker image. https://raesene.github.io/blog/2015/08/15/set-up-a-complete-security-test-environment-with-command-and-docker-compose/ https://github.com/enaqx/awesome-pentest#docker-for-penetration-testing 3. Docker Security This is mainly for deployment,  check whether the docker environment is secure enough. https://medium.com/@alexeiled/docker-security-testing-3545e7493843 https://github.com/gaia-adm/docker-bench-test https://github.com/docker/docker-bench-security https://github.com/docker/notary

Highlights: The programming skill of programmer are in general better than before.  Modern programming languages and frameworks make programmer potentially make less error.  Legacy system still lack of proper test, but the situation in many newly built system are better. Unit test and Integration test are paid more attentions, and in place.  The continuous integration and continuous deployment make the team the correct the error more fast and more often.  So if the team are confident can correct the defect within a short time, the formal manual test for the non-core function could be reduced.  But this is not true for safety or business critical product, which however only a very small part in the whole software industry.  The test need deeper domain knowledge and user knowledge to setup complex testcase.  Better architecture make the automation could be focus on the functional level, while the nature of frontend may not suitable for auto test ...

https://www.elastic.co/guide/en/elasticsearch/reference/current/_basic_concepts.html https://en.wikipedia.org/wiki/Document-oriented_database Configuration (a.k.a Design) matters a lot. Big performance impact to user. Design the configure based on the query pattern of users. Dual scoring model :  Bool query && ?? Shingles , 类似有pairwise，把一个句子里面的单词(token)没连续两个分组，比如 Hello the beautiful world -> [Hello the], [the beautiful], [beautiful world] Kopf:  https://github.com/lmenezes/elasticsearch-kopf, web admin page for elesticsearch

https://www.youtube.com/watch?v=CrzpkF1-VsA&list=PLSIUOFhnxEiAeGHYoBZCvEMY5wCOIpyOM&index=12 About 1.5% test are flaky, which is inevitable.  CI system must be able to deal with certain level of flakiness.  Retrier is good way to solve. and check the histroy of stacktrace,  check if the stacktrace is same as before.  MinRanl Concept: the number of layers from one node to another node  MinRank 3 -5 has highest probablity of flaky  Some source type may create more flaky test.  1 person modify the code, unlikely break the code. 2 have best results, if more than 2, the break increase a lot....

An interesting picutre from :   http://testerstories.com/2016/10/test-to-put-pressure-on-design/ If a test is failing, and we know which feature is failing, do we know which components need to be fixed? the traditional test praraid does not fit into the nowadays software developer which is far more complex. 

Find the tool to support this env here：  https://tkbase.com

The more is not the better, the less is sometime the better.   There is never best practices. 

https://medium.com/@ahmetatalay/continous-deployment-via-gitlab-jenkins-docker-and-slack-5d08836d01e0#.r1b33bco2

http://www.cigniti.com/blog/testing-online-banking-applications-hypothesis/

{ how often you run test, how often code change, audience changes. } { LATENCY, CONCURRENT USER } { DESCRIPTIVE model,  study the user behavior and design test accordingly. Do not random. } { design waiting time in the test to avoid saturation, production data arbitrary command, run queue length } { report: [Jmeter + influx db, use thread and wait time to get a optimized ration, no aggregate report enabled, find the deritive of the cure.] }

问题 信息 决定  注意力分散的人更容易向诱惑屈服 大脑需要不停地训练才会更加强壮。 睡眠充足意志力会更强劲。 疲惫不是一种身体反应，是一种感觉，一种情绪 当人做了一件好事的时候，会给自己一个许可，去做一些放纵自己的事情。 道德许可是一种身份危机，我们会奖励自己良好的行为，是为了去做坏事。 一点点奖励的承诺就能成为缓解焦虑的良药。 就能帮助不人们走近自己本想逃离的东西。通过我愿意，来产生多巴胺让自己快乐 要想办法缓解自己的眼里，通过增加大脑中改善情绪的化学物质。 关于诱惑和拖延的问题都回归结到一个特有的问题-- 我们如何看待未来。 有限意志力： 在我们真的需要自控力之前，我们一直拥有自控力。 是否有自控力，从小就能开出来。 能够控制自己的孩子成就回更高。 要实现自己的目标，就必须限制自己的选择，也就是预先承诺。 大部分人都是目光短浅的，档奖励的承诺摆在眼前的时候，他们没法把承诺当作及时的快感。那些受高瞻远瞩这么的人习惯于看的更远，而看不到屈服于诱惑时的快感。这个问题其实和目光短浅一样严重，最后都会带来失望和不快乐。 意志力也会传染，所谓近朱者赤。 如果我们相信社会规范就是做正确的事情，社会认同就会增强我们的自制力。 当人们试图摆脱某种想法的时候，他却像飞镖一样飞回来了。压抑想法是行不通的。档人们不再试图控制那些不希望出现的想法河情绪的时候，他们就不会来烦你了。 把我不要，变成我想要。

Model -> Test Interesting Change Things is smaller and smaller ​

Thread : number of user Test delay : delay between each run to simulate a breathing space for the server. Random: delay will be random between [random * give delay : given delay]

Test is expensive, the TA's job is to achieve higher quality with lower cost. It is difficult, but with subtle design, we can somehow achieve it. It is not risk-free, but try to manage the risk, and cost.  Control the false alarm which is a big cost in the test project.