Author: Danny Kwok

Test Grouping Tips

~ Danny Kwok ~ Leave a comment

With the increased migration of Cloud or upgrading activities, testing efforts are increased exponentially. Full testing is often ideal but unrealistic and costly. Thus, you will need to strike a balance in your testing coverage. One method is to group your test cases to reduce the testing duration. However, there are ways to prepare for this approach.

Preparing for Test Group

The purpose of test group is to reduce cost and efforts. You can also maximise testing coverage with minimal test cases. However, you will require deep understanding of your test cases before you can conduct a proper grouping. There are many approaches to group your test cases. A common way is to group the application features. Other methods involves functional grouping or customer groupings. You can also group by user base or locations. While there is no right or wrong, the key is to obtain the most efficient grouping.

Agile your Test Grouping

There is a misconception that test grouping is fixed when testing is on-going. This statement is true for many waterfall projects. On the other hand, you are encouraged to iterate your test groups if you are running on Agile. The testing process will gauge the effectiveness of your test grouping. It is important to update your test grouping to maximise your test coverage. As opposed to waterfall mindset, test groups process will lead you to design a better testing approach for your next Agile sprint.

Testing is most efficient and effectively if you can group them properly. Preparation is a key part to start your test group on the right track. You should also be prepared to amend the groups accordingly for your next Agile sprint.

Language Pack vs Translation Service

~ Danny Kwok ~ Leave a comment

Many Cloud service have provided language pack and translation service options in their product offerings. I managed to test both of this in ODA (Oracle Digital Assistant) Chatbot. It is ideal that translation service be used as this simplify the maintenance and need for language packs. In reality, languages are complex and on the fly translation often turn to gibberish.

Why Language Packs?

These are the reasons why you still need language packs for your key texts.

  • Accurate translated texts.
  • Avoid ambiguity in translation.
  • Support acronyms and puns.
  • Able to translate industry terms correctly.
  • Faster translation for fixed text.
Why Translation Service?

In Chatbot, translation service is a must-have beside language packs. Other type of application may not need translation service. Will translation service obsolete language pack? These are some reasons why you must enable your translation service.

  • Helps to increase language type coverage.
  • Prevent unnecessary setup.
  • Aid Chatbot which allows NLP (Natural Language Process)

For the moment, it seems you have to support both language packs and translation service. Language packs are more accurate but cannot cater to unknown wordings like translation service.

End of COP26 Deal

~ Danny Kwok ~ Leave a comment

The end of COP26 deal making saw a clear division of views for sustainability. Targets are set but lack the commitment of rich Nations. Overall, this conference is a small step to save the dying Earth. What are the good things that we know from COP26?

COP26 Outcomes

Glasgow Climate Pact was the outcome that came from COP26. This pact had its up and downs. Some claimed it’s a milder version of what was expected. The key outcomes are:

  • Reduce carbon or achieve net zero carbon.
  • Limit temperature rise to 1.5C
A Mild COP26

Resistance remains from carbon nations. There were talks that zero carbon is the desired goals. However, these were rejected from heavy carbon countries. The interventions from these countries had prevented a more aggressive target.

These climate conferences are like a tug of war. There are often push and pull factors in committing on sustainability. We will see this “wayang” for the years to come because coal remains a cheaper energy source. Can Earth be patience to wait for full commitment? Only time will tell.

ORDS vs Standard REST

~ Danny Kwok ~ Leave a comment

Many applications are providing a standard set of REST API. Thus, you may wonder if you will still need to setup ORDS (Oracle REST Data Services). This is a quick summary on why you will need ORDS to extend the capabilities from standard REST.

Why you need to enable ORDS?

The key reason to enable ORDS is enhance what your current application can provide. Standard REST API usually provide a common information at a product level. This will mean that you may need multiple REST or additional function to get your desired datasets. In contrast, ORDS allows you to customise what you need with a single REST service. This suits high volume and reduce overheads from standard REST API.

Why stick to standard REST?

ORDS should only be used if the standard REST API cannot cater to your requirements. The good part of using standard REST API is to facilitate upgrading and lower maintenance for future. This is because these are seamlessly handled by the upgraded system. If you do not have specialised team to handle ORDS, you should stick to standard REST instead.

There are pros and cons to use ORDS instead of standard REST points. You should evaluate the setup against the user requirements. In most cases, ORDS can handle more than the standard REST.

Security Review Checklist

~ Danny Kwok ~ Leave a comment

Security review is a plan that will be needed for many Cloud deployment. Currently, many security review are paper in nature and lack clarity on the security requirements for many organisations. It should be a standardised process to be conducted for all applications. A checklist is one way that can be provided for developers. Template use cases can also be given to speed up the review process. Two common security to take note in your checklist is infrastructure and application.

Infrastructure Security

Infrastructure security leverage on PoLP (principles of least privilege) as the guideline in the design. They are usually configured at infrastructure objects for cloud platform. These are the common checkpoints you can take note.

  • Secure all root and administrative access to authorised users.
  • Ensure network subnets are segregated from public Internet access.
  • Ensure that your applications and services are segregated with the right security policies.
  • Ensure you have the appropriate user roles and security groups.
  • Implement services to detect, protect and mitigate against threats like DDoS attacks.
  • Data or network traffic must be encrypted.
Application Security

Application Security are setup or built within the application. Your checklist must include the following key points.

  • Authentication must be setup to prevent malicious access.
  • Authorisation must be enabled at functions or data level.
  • Application must protect against SQL injection.
  • Cross-side scripting must be disabled.
  • CORS must be secured and used with cautious.

The above are standard checklist that can help you kickstart or speed up your security review process. It is important to develop your application with security requirements and not fix security at the last moment.

ODA Chatbot Composite Bag

~ Danny Kwok ~ Leave a comment

Composite bag in ODA (Oracle Digital Assistant) Chatbot is an interesting concept to extract values from user input. The idea of composite bag is to emulate a realistic extraction of required values from user natural input. However, there are certain things that I have encountered that will require some workarounds.

Optional Values

In the real world, there are optional and mandatory values that users require for their decision. It is like ordering a meal and deciding if you should go for dessert. In this case, dessert is your optional add on that you may have. Currently, composite bag does not prove the options to state if the values are mandatory or optional. The workaround is to let users skip or set a default value for the entities value.

Ambiguous Confusion

Enabling composite bag is straightforward if the entity field are distinct type like location, date time or number. If there are multiple entities of similar type like string, a single string user entry will resolve for all the string entities in the composite bag. If you find it hard to resolve the ambiguity, a workaround is to disable out of order extraction. This way, prompts will be used in sequence to ensure users key the right inputs.

Composite bag is a first time to natural inputs. However, there is still some tweaking if you want to allow optional user inputs. For the moment, you may only use composite bag out of order extraction for clear distinct entity type. If you have complex user inputs, you may choose to include prompts and disable out of order extraction.

PMO for Agile?

~ Danny Kwok ~ Leave a comment

PMO (Project Management Office) will be facing a dilemma soon. This is because many of the standards from PMO derives from waterfall model. As organisations shift towards Agile for project implementation, can we transform these PMO for Agile approach? This is one area that digital transformation can consider!

Photo by Ethan
PMO Relevance

Like all trends, project methodology moves towards Agile as mobile apps and Cloud become prevalent. PMO functions as “enforcer” or standards for standards like PMP or PRINCE2. It also serves to facilitate, support or even control project implementation. Relative to Agile, this is like a scrum master role! Does this means that PMO is no longer relevant with rise of Agile? Should PMO be transformed to scrum master roles?

Transforming PMO

For starters, I will advocate the transformation of PMO as scrum master if your organisation is going to adopt Agile as the main project approach. There will be a gap in project alignment when you are transitioning from waterfall to Agile. Rather than digital transformation, I will deem it as a project transformation journey. The new scrum master (formerly PMO) should be in charge of guiding the project transformation to Agile.

The adoption of Agile become stronger and stronger as organisations require speed and adaptability for projects. PMO will no longer be relevant because of these digital transformation. Thus, project transformation should be driven by the transformed PMO (scrum master). By now, you will realise that digital transformation involves the need for PMO to transform for Agile.

I Need a Catch-up Plan

~ Danny Kwok ~ Leave a comment

During software upgrades, it is common to encounter dependencies or showstopper that will cause havoc to your planned activities. Thus, one of the items that I always look in a plan is the catch-up plan. After all, you need to anticipate and mitigate risk like delayed dependencies. A well crafted catch-up plan can reduce the impact from delays or even meet the intended delivery date.

Ways to Catch-up

Many of standard catch-up plan requires flexibility and autonomy to your intended project plan. The first step is to obtain the authority to amend and modify the planned activities. You can also reallocate your idling resources to do tasks that have little dependencies. Another approach is to make use of the downtime to look into automating tasks. This helps to reduce and catch-up on the delivery dates. Do note that adding resources could run counterproductive due to tight timeline.

Catch-up Tips

There are no catch-up plans that will not work. These are some tips that you can consider for your catch-up plans.

  • Build a collaborative catch-up plan to meet tight delivery date.
  • Automate mundane and routine tasks.
  • Allocate your best resources for catch-up plan.
  • Do not turn your catch-up plan into the main plan.
  • Commit to the success of catch-up plan for a realistic goal!

The catch-up must be triggered if the anticipated delays are affecting your project schedule. You need to commit to the success of your catch-up plan. There is no point to initiate a catch-up plan if it is impossible to meet the timeline. Finally, a well executed catch-up plan can make or break your project.

Composability 101

~ Danny Kwok ~ Leave a comment

Composability is an interesting term I came across in this article. It will redefine how teams are structured and managed in organisations. In summary, composability is a design principle to view the interaction between different systems. Organisations must move towards highly composable architecture to satisfy continuous user needs. Basically, it is how you are able mix and match your components together with ease.

Being Composable

The shift to composability is not new. Web services or SOA (Service oriented architecture) are earlier design of composability. The push to be highly composable is triggered by COVID-19 pandemic to be resilient and adaptive to business requirements. Unlike SOA, composability aims to be modular yet stateless. It is the vision to fully plug and play with quick and minimal cost.

Composable Technologies

Cloud platform is the best example of Composable technologies. You can quickly deploy and configure different architectural model within a short time frame. Different services can also integrate quickly using REST API. These technologies disrupts the traditional way of implementation business requirements. You will need to utilise Composable technologies to accelerate your collaboration and system delivery.

Organisations are now digitally transforming to composability mindset. The typical approach is to migrate to Cloud. Teams will be formed to be Composable and Agile. The ability to react will be the future way on how we develop our technologies as enabled to business needs.

PoLP 101

~ Danny Kwok ~ 1 Comment

Over the years, it was still interesting to note that humans seek greater power. In software applications, they usually request more access rights and configuration control. Requests like this often becomes a topic for audit and security team. This is because the principle of least privilege (PoLP) is being practiced in many organisations.

Why PoLP?

The key advantage for PoLP is the limited access granted to user to perform the required functions. This restrict data exposure and interventions to the system. Roles, security groups and policies are some of the key Cloud concepts created for the purpose of PoLP. By default, many cloud services are PoLP in nature.

Security Strategy

PoLP remains a major security strategy for applications and infrastructure in Cloud. The idea is to prevent security breach if any of the user account is compromised. Root account and admin role are restricted. Cloud objects are also not set to public by default. Typical security measures are to expose the required layers to the public Internet. Other prevention includes limiting the number of privileged user roles and user accounts.

PoLP is a key approach for security in major cloud platform. There is ongoing debate that PoLP creates a hassle for development. For the time being, you need to continue to educate users on the importance of PoLP.