Blog

Toyota’s Roadside app bug that delayed my tow, or was it a feature?

The running joke between QA professionals and Developers is to sometimes call a bug a feature. The premise behind it is pure sarcasm on all sides (well at least I think). What one person may consider a bug may actually be a feature and what another person considers a feature may actually be a bug. In between that “bug” and that “feature” may even be a usability suggestion.

Well last week I had the week of all weeks. On Sunday evening my cell phone gave up on me. On Tuesday my printer was malfunctioning. On Wednesday I was on my way to a business meeting with a toddler in tow, as I had been given permission to bring her. I packed lunch, snacks, two laptops, and all the materials I needed for the meeting and loaded them into the car. I turned on my car and it started saying all kinds of things to me, “CHECK OIL”, “CONTACT DEALER”, “BRAKE ON”, “ALIENS ARE COMING”. Okay maybe I’m lying about the alien thing.

I decided to call the dealership first. When I called the dealership they advised that I call Toyota roadside assistance so they could tow my car to the dealership. I then called roadside assistance and received the automated system. The automated system guided me through the process smoothly (at first). A text message and a link was sent to my phone and I was advised to put my phone on speaker and follow the steps. The automated system then guided me through the app. I was able to fill out my name, the type of car I had, what I presumed may have happened to the car and more.

The problem occurred when it came to narrowing down my location. I was allowed to “allow” the location and after I allowed my address appeared on the screen. However, there was a map dependency where it forces the user to also point the location with the pin on the map. So even though your address has already been allowed you still have to select it on the map with a pin. Between it being an usually hot November day and a toddler walking around the car saying, “Mommy, it’s time to go”, for some reason I couldn’t get the pin right. Every time I adjusted the pin it gave me the address of 2 houses up or it would go to a completely different street. When I tried to override it and type my address in again it would then tell me to select the pin on the map. If I didn’t adjust the pin but save my entry it would give me the wrong address. When I tapped to edit all of the information I entered previously would disappear and I’d have to start completely over by filling out my name, type of car etc. So eventually I decided to leave the wrong address in and type the correct address with a note in the comment section of the app. In the note I informed customer service why I couldn’t enter the correct address initially. After that I got a call from a roadside assistance customer service rep and they confirmed my address and that the tow was on the way.

Before customer service hung up I suggested that maybe the app shouldn’t be so dependent on selecting the pin on the map. If a user enters an address that should override anything else and the map should update. Or allowing the location should be just what it is. Allow the location and let it be. One person may say there were a few bugs here and some additional usability suggestions. Another person may say the app was fine and it was human error. But what I say is that I am very thankful that my daughter and I were in our home garage and not outside on the road somewhere. Whether it’s a bug or a feature people are dependent on technology and in some situations there may be life or death situations. Or maybe a toddler is just ready to go. No matter the issue this is why we improve upon technology and we know that no build is actually “final”.

So needless to say not only did I miss my meeting on Wednesday I also missed the networking event that I was scheduled to go to on Thursday. It was a rough week.

By the end of the week I felt like I loss the battle but won the war. I had a new phone, I resolved my printer issue, the meeting I was going to on Wednesday for assistance I actually conquered on my own and nailed it. I may have missed Thursday’s job fair but on that same day I was contacted about a 2 day contract assignment that I wrapped up by Saturday morning and enjoyed.

I forgot to mention that when I got my car back on Thursday morning the dealership told me that my car battery had died. They said it was a defective cell in the battery that most likely came from the factory.

I now scratch my head and wonder if it was actually a “feature”. A feature to slow me down. I had been so busy that week I missed taking my daughter to the library earlier in the week for story time. We did a few adhoc activities and picked up some new books. I try to do that at least 1-2 times a week. On that Thursday when I got my car back we went straight to the library after and later that evening I started my contract assignment.

Advertisements

Beginners guide to understanding the sticker details on your ISP’s routers

For those of you who don’t know ISP stands for Internet Service Provider. In simple terms, an internet service provider is any company that utilizes their network to allow you access to the internet. Depending on where you are located this could be Comcast, Verizon, CenturyLink, AT&T, Frontier, Spectrum and more. Here’s a link to find the best ISP’s in your area.

Your ISP usually provides you service through a router. There are two types of routers; wired and wireless. Nowadays wireless is more common. Routers allow you to connect multiple devices to your home network. This includes but is not limited to your laptop, phone etc. Here’s a little more detail on routers.

Below is a picture of my wireless router compliments 

 

Photo credit: AQSCORNER

 

What you need to know about your Router Model Number:

Just like many things you purchase a router has a model number. In this case the most important thing to pay attention to in regards to the model number is the 802.11n. Please note that your letter may be different. 802.11x references the version of WI-FI that you have. The higher the letter the more data the wireless router can obtain. So for example 802.11n can obtain more data than 802.11a.

What you should know about your SSID:

The SSID is the routers name and stands for Service Set Identifier. This name is often created by the ISP before it is sent to you. In my case the first half of my router name is CenturyLink and the second half is a numeric value determined by the company. This helps them identify and keep track of my router. Once your wireless connection is set up this is the name that you look for when trying to connect. I remember when I lived in New York I changed my SSID to say, “FBI VAN”. From time to time you’ll see people set up different names.

What you should know about your Security Type:

To keep thing simple in 2018 your Security Type is most likely WPA2-AES. This is an encryption method for the data being transferred on your network. So this helps to protect the privacy of your network.

What you should know about your KEY/Passphrase:

A Key/Passphrase is actually your “password”. However, it is called a passphrase because it is a bit longer than a regular password for added security. If you know anything about Multi Factor Authentication you’ll know that users are often authenticated on the following: something they are, something they have, and something they know. One of the examples of something they know is a “passphrase”.

What you should know about your Modem GUI Address:

The Modem GUI (Graphical User Interface) Address is essentially the ip address of the modem associated with your router. The ip address should appear as a numeric value similar to the following format: 192.XXX.X.X. You can open a browser and type your Modem GUI Address in a browser. You may get a login screen similar to below. My ISP is CenturyLink so this is how my GUI appears. Yours may appear different.

 

What you should know about your Admin Username:

In this case the Admin Username is for your Modem GUI Address. So once you are on the above screen you will login your Admin Username.

What you should know about your Admin Password:

The Admin Password is for your Modem GUI Address and is not to be confused with the Key/Passphrase. The Admin Password is for logging into your Modem GUI.

Once you use the Admin Username and Password you may see a screen similar to below:

 

All of the items in the above screenshot allow you to access a particular feature depending on how the GUI is set up. For example when I click “Modem Status” below is what appears on the screen:

The above screen may be useful if you are having a problem with your internet connection and can’t find any immediate issues. Once you contact your ISP you can let them know whether your router is showing a “connected” status or not.

So the next time you call your ISP don’t be so afraid when they tell you to look at the back of the Router. Show off your new tech skills. Have fun exploring your modem but be careful on changing any settings you may not be familiar with.

 

Beginners guide for testing your website against the Heartbleed bug

The “Heartbleed bug” surfaced publicly in 2014. However, it debuted in software long before that in 2011. If you are not familiar with the HeartBleed bug here’s what you should know:

  • The Heartbleed Bug was a vulnerability in the popular OpenSSL cryptographic software library.
  • The Heartbleed bug was a memory leak of protected information.
  • The Heartbleed bug affected the SSL/TLS and was said to be an implementation issue with older versions.
  • The Heartbleed bug not only affected the Transport layer, it also affected the Presentation and Application layer as well, as it affected (HTTPS, SMTP, IMAP, POP3, FTP, and SSL) which is a combination of all 3 layers.
  • The OpenSSL 1.0.1g released on 7th of April 2014 fixed the Heartbleed bug.

Fixing a bug does not mean we shouldn’t still keep an eye on it. In fact, the National Institute of Standards and Technology keeps a national vulnerability database and the “Heartbleed bug” is filed under CVE-2014-0160. “CVE” stands for Common Vulnerabilities and Exposures.

It is everyone’s job to be proactive and protect themselves and their end users against vulnerabilities and exploits. Here are 3 options for you to become comfortable with the process as a beginner:

TEST TOOL OPTION 1: SSL-TOOLS NET

  • After clicking “Test web servers” you would see the below result.

TEST TOOL OPTION 2: PENTEST TOOLS

  • After clicking scan now you should see a similar result to the below.

 

TEST TOOL OPTION 2: NMAP Utility 

For those of you who want to get really fancy and challenge yourself you can run a command using nmap:

I’m currently using a mac terminal so these instructions are based on a mac terminal. You may Google further for other options if necessary.

  • Navigate to your mac terminal
  • Before running the test you should ensure that you have the latest version of nmap 
  • Once you are at the terminal enter the nmap command with your hostname ip address. You can copy and paste the below and enter your ip address where the X’s are: nmap -sV xxx.xx.xx.xxx –script=ssl-heartbleed

NOTE: with nmap the “-sV” means: Probe open ports to determine service/version info

Below is an example of a healthy system. If you were vulnerable to heartbleed it would be listed in the port scan.

There are many tools on the internet that you can use to check your heartbleed vulnerability status. Take sometime to dig deeper.

If you’d like to see a full list of known vulnerabilities and exposures you can view them here.

 

Beginners guide to understanding SSL/TLS and your website certificate

For those of you who may not know what SSL is, it is the acronym for Secure Sockets Layer. In the case of your website SSL is a way to establish an encrypted connection between your website and a web browser. Essentially this is any browser that a user loads the URL to your website in.

Another term you should become familiar with is TLS. TLS is the acronym for Transport Layer Security. In some cases you’ll see SSL/TLS. TLS is the predecessor for SSL. If you are familiar with the 7 layers of the OSI model, you’ll know that the transport layer is the fourth layer and that it manages the packetization of data and also checks for errors. This layer also provides services for the applications as well. The Transport Layer controls end to end connections and works closely with the seventh layer, which is the Application layer. 

In simple terms if your website is “http” and not “https” it is likely that you do not have a certificate and your website is not secure.

My business website is hosted by WordPress.com and while studying for my CompTIA Security+ certification, I’ve decided to take a deep dive into what it means to have a verified site.

ACCESSING THE CERTIFICATE:

I loaded my website in a browser and tapped the lock icon in the top right hand corner. Afterwards, the “Connection is secure” pop up appeared.

From the “Connection is secure” pop up I clicked the “Certificate (valid)” option. After clicking the “Certificate (valid)” option the certificate pop up appeared.

 

The pop up immediately displayed 3 valuable things within a hierarchical structure:

  1. DST Root CA X3 – Root Certificate
  2. Let’s Encrypt Authority X3 – Intermediate Certificate
  3. aqscorner.com – Domain Name

DETAILS ABOUT THE CERTIFICATE PROCESS:

Let’s Encrypt is an automated and open certificate authority created by the Internet Security Research Group. These certificates provide users with the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free. Since “Let’s Encrypt” is still fairly new it also requires additional verification from another certificate. This process is referred to as cross signing. In the cross signing process the intermediate certificate Let’s Encrypt Authority X3 is signed by ISRG Root X1. ISRG Root X1 is still not yet trusted by most browsers so it’s signed by Certificate authority, IdenTrust, whose root is already trusted in all major browsers. IdenTrust has cross-signed the intermediate certificate using their DST Root CA X3. After that, Let’s Encrypt issues to the domain name aqscorner.com

 

 

 

GENERAL BREAK DOWN OF THE CERTIFICATE DETAILS:

 

  • Subject Name

Each of the 3 items in the hierachial structure (DST Root CA X3, Let’s Encrypt Authority X3, and Domain Name (aqscorner.com) have a subject name. The fields associated with the subject name are the organization and the common name. When you view the details you will see that the organization and common name are similar to one another.

  • Issuer Name

Each of the 3 items have a certificate issuer. Digital Signature Trust Co is the issuer for DST Root CA X3 and Let’s Encrypt Authority X3. Let’s Encrypt is the issuer associated with the domain name aqscorner.com

  • Public Key Info

Each of the 3 items have public key information displayed. You will see the RSA encryption in the algorithm section. RSA is an asymmetric cryptography algorithm. The value in using an asymmetric algorithm is that it works on two different keys (private and public). The Public Key is given to everyone and Private key is kept private.

  • Extension

Each of the 3 items has an extension. The extension section verifies the key usage. Key usage includes the common digital signature and key certificate signatures. However, it also includes a Certificate Revocation List (CRL) Sign and Key Encipherment. A “CRL” is a list of digital certificates that have been revoked by the issuing certificate authority and should no longer be trusted. Key encipherment is when the key in the certificate is used to encrypt another cryptographic key.

  • Fingerprints

Each of the 3 items has a fingerprint. A fingerprint is the unique identifier of the certificate. In the case of my website SHA-256 and SHA-1 are being used. SHA stands for Secret Hashing Algorithm. The differences between the numerical value is the encryption bit. SHA-256 is a larger encryption bit than SHA-1, as SHA-1 is a 160 bit encryption.

This article is just a general overview to get you started with understanding the security of your website. Take sometime to explore your website certificate to see what you learn.  

 

 

Arianna Huffington, my new BFF

Look at you, wondering how Arianna Huffington is my BFF. It’s quite simple, I emailed her and she emailed me back. But, the backstory isn’t that simple.
 
For two years I had been sending submissions through a general HuffPost online form. Yet, I had never received a response. While searching online one day I saw a blog post from a woman who said she emailed Arianna Huffington.
 
For giggles, I said let me try this. I never expected a response back. I emailed Arianna Huffington on January 11, 2017, and received a response back on February 13, 2017.
 
In that short timeframe, I had started to focus on building out the content for my site. By the time Mrs. Huffington emailed me back I was a completely different person. I’m glad I kept going.
 
The great part of this story is that Thrive Global shares my mission. That mission is to allow others to see the greatness in their lives.

I did, however, fill out a form and I was immediately granted access to write for Thrive Global. You can read my latest article here.

How I Almost got Into Porn

Photo Credit: Via Pixabay

DECIDING WHO YOU WANT TO BE IN BUSINESS

Photo Credit: Via Pixabay
Photo Credit: Via Pixabay

After I tell you the story you might think the title of this article is a bit dramatic. But, it’s not. I did actually have an opportunity to work in the porn industry. Just not the way you think.

I stumbled upon what appeared to be an interesting opportunity on a site for contract work. I would have the ability to test software and I’d also write articles about the software I tested. I’d be the company’s driving voice behind their new product. Not to mention the salary they were paying was ridiculous! You would have thought they wanted you to be in a movie. Yeah, it was that ridiculous!

When I first applied for the role I knew it was an adult entertainment company. But, I figured I’d give it a shot. Spending many years in software testing, I’m always intrigued with the opportunity to test new software. I also look for opportunities to broaden my writing portfolio. So I submitted my resume and writing portfolio. I received a response almost immediately.

The representative who responded replied, “You do know this is for adult entertainment, don’t you?” I’m assuming she asked that because she liked my credentials. But realized this would be a different industry for me. She then went on to tell me more about the opportunity. She said that I’d have to think outside the box. Stating that I’d have to be willing to be a little uncomfortable at times.

I thought about the opportunity and even the money. But, I also thought about the type of brand I want to build. I wasn’t 100% sure I wanted my brand to be associated with porn. I’m not saying that this was a horrible thing to do. I’m saying I realized it wasn’t for me. I’m all for stepping out of my comfort zone. But not for porn. I’m not passionate enough about it. I’d never want to take on a project I’m not passionate about. It’s not fair to the client. It’s important for me to give clients my all. I also didn’t want to change the dynamic of the business I’m creating.

In business and in life, we often have to decide who we want to be. Sometimes we go through many phases before we find out exactly who we are and where we belong. Sometimes we will make great choices and sometimes we won’t. On our quest to establish ourselves we shouldn’t break too many of our own rules. We must stand firm where it matters most, so that we don’t step too far outside of ourselves.

5 Things I’m learning building a business from the ground up

I’m coming off a few weeks, that I wish would have been better. I had to take a step back to reflect on the lessons learned.

Here are 5 quick things I’m learning while building a business:

What services will bring in the most revenue

I’m finding that there are things that people will pay for. Things they might pay for if you package it nicely. As well as things they won’t pay for. This is great for me to know in the long run so that I know where to put the most energy. As well as the most financial resources. It will also help me continue to narrow down my exact target markets.

What business ideas I should be looking into that many businesses aren’t talking about

It’s true that building a business means solving other people’s problems. But what about the problems that people don’t know they have? While doing economy research, I’ve found two major things that are important in business. Talking to both employees and small business owners, the majority don’t care. Others didn’t know it was a problem that needed solving. I’m taking the time to learn more about them. As I predict they will be important to people in about 2-4 more years.

Where I will need the most help

I’ve spent a lot of time evaluating my strengths and weaknesses. I completely understand them both. I’m definitely looking to have people around me that are smarter than me. I don’t fear people knowing more than me. Because I like to constantly learn. So I never stop growing myself. This is a mindset I’ve grown into after years of being in the technology industry. Not being afraid of competition is not something that came easily initially. However, I’ve learned how to use competition to my advantage.

An understanding of each role I’ll need an employee for

Understanding a role gives me an idea of the effort it takes to be in the role. Meaning, this helps me learn to layoff when someone says they need more time. It also allows me to monitor them a little when I feel they are taking too much time. I‘ll be able to know the right questions to ask, without coming off insensitive. I must note it’s never good to claim to fully understand someone else’s specialty. So you do have to give them that respect. But it’s also good to have an idea.

How to create educational career paths for employees

I’ve taken different classes and webinars to help my business. I’ve also attended quite a few events. Some free and some paid. For very specific roles, I’ve started to outline what it would take to educate people in that role. As well as making note of the resources I’ve used, the cost associated and what appeared to be effective. Obviously, the type of educational course will vary from full-time, part-time and contractor. But there definitely will be some educating going on, should I get to hire folks.

No, I don’t think I know everything. But I have a vision for my business and it is very clear. Repair the economy!

3 quick tips for preparing your career for a recession

During National Small Business Week, I joined “The U.S. Economic Outlook and its Impact on Small Businesses” webinar. I learned that the Economist predict a mini-recession in 2018. They don’t predict it to be as bad as the recession in 2007.

Here are 3 quick tips to prepare your career:

Make sure you understand the technology you use at work

Know the software you use at work like the back of your hand. I’m not just talking about the portion you use for your job. Learn more about the backend and front end systems. If someone asks what’s the name of the software you use, you should be able to tell them the name and the version. It doesn’t matter what your job is. I don’t care if you are a dental technician.

 

Learn about industry equivalent software

 

It’s always great to know how to use the software at your job. But, very often companies customize the software to be specific to their needs. This is not a bad thing for them. Yet, for you, it’s not always the best thing. Make sure you know about 3-4 types of industry equivalent software that you can speak to. Make sure at least 1-2 of them you actually know how to use. This will help you if your company ever switches software. It will also help you if you are interviewing for another company.

 

Make sure you understand your role and how if fits in your industry

 

It’s great to go to work every day and know your job. It’s even more amazing if you do it well. But, to have a sustainable career you need to know how to live “in the outside world”. Things change quickly. So I would say examine your career every six months. Do online job searches and match your skills up with the job descriptions you see. If things aren’t adding up even ask for more responsibility at work. Or learn a few things on your own time.

 

Always make sure you set yourself up for success, no matter what the state of the economy is.

Disengaged employees aren’t always evil

I recently walked into a small business, made a buy and then asked about the company website. My purpose for asking about the website, was so that I could order even if I wasn’t in the neighborhood. The employee behind the counter told me that there was no website.

 

Her words, “we don’t have a website, we only have Facebook”. I left the store, went on their Facebook page and immediately found a link their website. Not only was she unaware of the website. She didn’t ask me if I was looking for something in particular. Nor did she try to research to see if anyone else could help me.

 

During the entire transaction, she was very nice and smiled. Unfortunately, that didn’t make her any less of a disengaged employee. Disengaged employees aren’t always the ones who need a break, as soon as you get to the register. Or the ones that are telling you they hate their job, while you pay for your things. They also come with smiles and are pretty clueless about their job and company.

 

If an employee does not know the answer to a question, they should either research or ask someone else. Knowing if your company has a website and directing people to it, is pretty basic. If you are a small business owner, make sure your employees aren’t making you lose money.

 

Ensure that they are not just nice, but that they can speak to your products and services.
Small Business – Train Employees on Sales

You’re UnderEmployed if you are not doing this at work

We’ve all been fooled by the question, “What was your previous salary”, on job applications. Which has led us to believe that as long as we are making money, we are doing good? Yet, underemployment also means that you are not living up to your full potential at work. Whether that be you not putting in the effort or your employer not allowing you to.

Your next employer doesn’t care if you’re getting paid manager money if you don’t have a manager skillset. Asking what your last salary was, only gives them a ballpark of what they should offer you. Nothing more, nothing less. Yes, a pay increase can pay bills. Yet, having a competitive skill set will pay off, if a layoff should arise. Besides states are eliminating the salary question. This goes to show there isn’t any real importance in knowing someone’s salary.

Getting paid and educated at work is the norm. Unfortunately, when some people realize this, it’s too late. Don’t want until a layoff to wish you had done more. Don’t wait until you are job searching to find out that your skills are pretty dated in your industry.

Spending decades at a job doesn’t make you successful. What you’ve learned in those decades does.