Scripting on Windows – PowerShell 1.0

For years Windows users and administrators have had to live without an inadequate scripting shell environment.  Sure, there is Perl, Python, and CMD.exe, but those never really could keep up with the all-in-one Swiss army knife of a shell Unix administrators gets to use.

Enter stage left:  Windows PowerShell.

Described as both a shell and a scripting language and designed for IT professionals and administrators, PowerShell provides all of the functionality expected from a scripting shell plus some more.  There is a free book available online that serves as a nice introduction to the program.  The download requires you to log into your .NET passport account.  If that’s a problem for anyone, let me know.

It is important to note how PowerShell is fundamentally different from all other shells.  Unlike most shells, PowerShell uses an object-oriented model based on the .NET framework for input and output.  Here is an excerpt from Frank Koch’s free text, “Windows Powershell” explaining what that means:

PowerShell’s object-oriented concept makes the standard parsers for Unix shells (analyze/evaluate) and text-based information with all its problems and error proneness completely superfluous. To make this clearer we provide the following example: Assume that you would like to have a list of all processes that consume more than 100 handles. With a traditional Linux shell you would call up the command for displaying processes (ps -A). The command then returns a text list. Each line would contain information about a process, separated by spaces. You would parse these lines with a tool, filter out the process ID and then query this with another program to find the handle number. You would then parse these text-based results, filter out the relevant lines and then finally display the relevant text.

Depending on how well cutting and filtering of information from the text lists functions, this approach is more or less reliable. But, for example, if the title of a column in the output changes and the process names are then too long, you will certainly have problems.

PowerShell uses a fundamentally different approach. You also start with the command get-process, which returns all running processes in the operating system. Only here they are returned as an object list made of process objects. These objects can then be investigated for their attributes and directly queried – therefore you do not have to examine any text lines and split them into columns.

There is another good explanation that can be found by following this link.

I haven’t spent a lot of time exploring the uses or getting comfortable with the syntax, but it quickly becomes apparent how powerful and useful this application is.  Consider the following script:
(from “Windows Powershell” by Frank Koch”)

$a = new-object -comobject excel.application
$a.Visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = “Service Name”
$c.Cells.Item(1,2) = “Service Status”
$i = 2 get-service | foreach-object{ $c.cells.item($i,1) = $_.name;
$c.cells.item($i,2) = $_.status; $i=$i+1}
$b.SaveAs(“C:\Users\Public\Documents\Test.xls”)
$a.Quit()

Can you guess what that does?  Here’s the neatest part, because of line 2 ($a.Visible=$True) I was able to watch all of this happening in an instance of Excel that was opened in the background.  The scope and capability of this application leads to my next point, security.

It appears that Microsoft has learned some lessons from JavaScript and ActiveX scripting in regards to security.  Scripting is disabled by default, meaning any local or remote scripting file (*.ps1) cannot be run.  Built into PowerShell are four different security settings, in regards to signed scripting.

Restricted (Default) - No scripts are run
Allsigned - Only signed scripts are run
Remote - All remote scripts must be signed.  Unsigned local scripts will run
Unrestricted - All scripts are run

Beware, this setting can be changed by any user that can run the application, even if they aren’t an Administrator.  It’s very nice to see Microsoft implementing some security by default considering this will be included into Windows Server 2008 (Longhorn).

Windows Powershell
Powershell Team Blog
Windows PowerShell Script Repository

Microsoft SDET Interview

Recently, I had the opportunity to interview with Microsoft for their Software Engineer in Test position.  The purpose of this post is to assist anyone who is about to interview with them, and hopefully provide them with some information that I did not have.  First off, Microsoft conducts and very unique, and surprisingly challenging interview.  Microsoft has the luxury of choosing just the right person for their job, and it may not have anything to do with their technical ability.  I will use my experience as an example, because that is what I am most familiar with, but I don’t what to dwell solely on myself.  I applied through my university’s career fair and secured a second interview on campus.  After the second interview, Microsoft arranged for me to interview at their Redmond, WA facility.  I will gloss over the details of the first two steps because they were pretty straightforward.  Throughout the processes the interviewers will ask simple, yet revealing programming questions.  On Florida Tech’s campus, I was asked the following question:  two strings are given, remove all occurrences or the characters in the second string from the first string.  For example: when given ”Interviews are challenging” and “ial” then output should be “nterviews re chenging”.  I solved this problem, yet my solution was terribly inefficient.  Nonetheless, I was granted a third interview in Washington. 

The worst part about the interview was that I had so many different people telling me what it was going to be like that I had no real idea of what to prepare for.  I cannot speak for all positions, but I am fairly confident that if you are interviewing for an SDET position you will have a similar experience as mine.  First of all, to ease concerns, everything is taken care of.  All expenses are refunded, and your trip will be a comfortable one.  This is important to know, so that you can relax and focus on the important part, the interview!  The interview day starts by meeting an overly outgoing concierge.  He or she will try her best to make you feel comfortable.  The first “interview” you will have is with you recruiter.  This is the only person who truly wants you hired, no matter what.  Your recruiter will explain to you what teams you are interviewing with (you will not know ahead of time) and generally what to expect during the day.  Be sure to ask your recruiter a lot of questions, they are there to help!  Mine was very helpful and suggested some great questions to ask my interviewers.  After this, the difficult part of the day begins.

Your recruiter generally will set you up with three teams to interview with. I was only given two.  These teams are chosen based off of your interests and your talents.  Initially, you will have one interview scheduled with each team.  As the day goes on, if a certain team likes you, more interviews will be scheduled with higher ranking members of the team.  The more interviews the better.  I ended up with five interviews.  Each interview is an hour long except the lunch interview, which is an hour and a half.  This is where they hit you with the “why do you want to work here?” and “what are your goals?” questions.  I warn you, it is one of the most awkward lunches you may ever endure.  

Every interviewer will ask you a programming question and you will either solve it on a white board,  piece of paper, or a computer, whichever is most comfortable.  You can find examples of these question all over the Internet.  The questions are simple, but I recommend you practice them ahead of time.  As the day wears on you will be pretty tired, and you will forget how to do these programs unless they are engrained in your mind. I was asked the following questions: convert ASCII to integer, find the nth element from the end of a singly linked list, convert integer to ASCII, reverse the order of the words in a string, find all combinations of strings a phone number can make (2 – ABC, 2 – DEF, etc), and finally, write out the queue and de-queue methods for a fixed length queue that is shared between two objects.  As you can see, they get progressively more difficult as the day wears on, which means if you don’t practice you will fail towards the end.  If anyone wants a quick walk-through of the solutions let me know.  The point of the programming questions is to test fundamental computer science skills: mod, div, linked lists, recursions, semaphores, etc.  These are important, however solving them is not necessarily the key.  Microsoft is more interested in how you think about problems, how you approach them, and how you come up with a solution.  Be sure to think out loud when solving the problems.  Practice this ahead of time, since if you’re anything like me, you usually program quietly by yourself. 

In the end, the same principles apply to this interview as with any other:  ask a lot of questions, be interesting and interested, prepare, and get plenty rest.  You have the skills for the job, you just need to be able to perform and demonstrate them.  I must stress again to ask a lot of questions because you are interviewing with multiple teams, and there is a good chance that you may get an offer from more than one of them.  Use the interviews as a chance to understand the teams better so you can make an informed decision.  I learned some things about the Terminal Services team I really did not expect, and it scared me a little.  If you have any questions, post a comment here and I will reply.  Good luck!

Testing Tools – Process Explorer

Any substantial computer programs interfaces with and relies upon many different system objects.  These objects include files, network and physical devices, and other programs.  Each time a program interacts with one of these objects, there is an assumed level of trust associated with the action.  For example, if the program is opening a file, it assumes the file is correctly formatted.  Often times programmers fail to implement robust input validation into their applications, meaning that any error (benign or malicious) can harm their program.  As a software tester, and especially a software security tester, these interfaces are an important area to test. 

Before you can test a program, you have to know where to look.  A comprehensive map of all the entry points to the program needs to be mapped out.  This is sometimes called the attack surface.  Process Explorer, by SysInternals, is one of the best tools available for mapping out a Windows application and determining its interfaces.  Process Explorer shows a real-time view of all open processes.  Depending on the selected mode, the program will also display all open handles a process is using, or all of the DLLs and memory-mapped files currently in use.  Look closely at the file handles and you will see that Process Explorer also included network device handles, like \Device\Ip.  Programs that interface with the network should be tested with more scrutiny.  The data gathered from this program will provide a great footprint of an application and give you a good starting point for testing. 

By no means is Process Explorer designed solely for software testers.  This programs gives you absolutely tons of information about your system and the processes running on it.  This application is invaluable for anyone who wants insight to their computer or an application, and is a good supplement for Window’s default Task Manager.  Later I will post about tools that dig deeper into an application and reveal precisely what files and registry keys are opened, read, and written to at any given time.  For now though, this should be a good start.

Silverlight and MLB.tv

For those of you that haven’t been following the new Silverlight technology, I will provide some background.  Silverlight , also called WPF/E,  is Microsoft’s a new cross-browser, cross-platform plug-in designed to deliver rich multimedia through the web.  In principle it is very similar to Adobe’s Flash and Flex technology,  but it is an entirely different in design.  The runtime environment includes a subset of the .NET framework, and the development tools allow for the integration of C#, AJAX, VB, and other web applications.  This is an attempt by Microsoft to bring the rich graphical abilities and interoperability of the .NET framework  onto the web.  This simplifies the development process, and gives the web developer a lot more tools to use.  One of the most interesting capabilities of Silverlight is its ability to stream HD video efficiently.  Check out the Silverlight gallery page for some great samples.

Now on to the real point of this post.  Las Vegas hosted MIX07 this week, which is a convention intended to demonstrate the capabilities of Silverlight, WPF, and .NET3.0.  Numerous companies were there presenting their prototypes and sharing their ideas about how to use this technology to spread their multimedia.  Among those presenting were Netflix, who will integrate Silverlight into their “Watch Now” feature and Fox Movies, who made a demo showing trailers for their new movies.  Of course, the most important demonstration was done by Major League Baseball.

 Here is a video from the MIX07 convention featuring Bob Bowman, President and CEO of MLB Advanced Media, and Justin Shaffer, VP New Media, introducing what MLB.tv plans to do with their player and how Silverlight will improve the experience.

There are a couple of interesting points in the video that I want to bring up.  First, Bob Bowman claims that they create 8-10 DVDs worth of data every second.  Which is a testament to how obsessed baseball fans are with statistics, video clips, and media. 

The other point I want to discuss is Bob’s claim that his site can’t be simple and plain because it “has to appeal to 16-17 year olds and have 65 moving parts.”  I am interested in the reader’s (all two of you) opinion on this, and also how you all feel about the new look of the MLB.tv player.  Here’s mine opinion:  I like the new MLB.tv player and I am excited about Silverlight.  It provides web developers and media companies the freedom and flexibility on the web that they never had before and could lead to some beautifully designed and incredibly useful websites. On the other hand, it could pollute the web (even more so) with cluttered, annoying, and ultimately unnavigable sites.  If designers truly believe that their websites need “65 moving parts” then I think the latter will happen more often than the former.

MLB.tv
MIX07
Silverlight