Introduction to Software testing: What is it, Why do we need it and what are the different types?

Software testing is an important step during its development lifecycle. It ensures that the software function or operate as what the stakeholders wanted, which contribute to the perception of quality software. Failure to properly test a software can lead to disastrous consequences, especially if the software is running in an environment where lives are stake or is responsible for the financial health of an organisation or nation.

What is testing?

Software testing is the process in which a piece of software, be it a module, component or an application, is verified and validated. In other words, it is the process to make sure a piece of software is:

  1. Built right (Verified)
  2. The right thing that the user will want to use (Validated)

There are two ways to go about software testing; one is automated testing and the other manual testing.

Automated testing is done to automate certain repetitive but necessary tasks in a formalised testing process, or to perform additional tests that would be difficult to do manually.

On the other hand, manual testing is done by testers playing the roles of the users to identify defects in the software that the automated testing missed. A written test plan is followed by the tester to ensure completeness of a test.

In the latter part of this article, we will look at the different types of testing and how they are done.

Why testing is important

Now, you know what is testing but you may be wondering why it is important. Let us use a simple scenario to illustrate the importance of testing.

A highly-reputable medical device manufacturer, AXT, designed and sells a new surgical robot equipped with a laser scalpel mounted on an arm. The scalpel can cut through the human skin and tissues with precision. The control panel for the robot comes with two joysticks. The one on the left moves the robotic arm along the vertical plane (up or down) while the one on the right moves the robotic arm along the horizontal plane (forward, backwards, left and right).

For the left joystick, AXT stated that for every 1 degree tilt forward or backwards shall move the arm down or up by the same amount in centimetres. AXT also stated that every 5 degree tilt of the right joystick in any direction shall move the arm in the respective direction by one-fifth of an inch.

After seeing several live demonstrations done on dummies and receiving good feedbacks from trials that involved some of the surgeons from Tea General Hospital, the hospital finally bought one such surgical robot from AXT for their new operating theatre. Technicians from AXT went to the hospital installed it in the new operating theatre, indicated on the official checklist stating they have verified that the robot was working.

Three days later, a surgeon who’s trained to use the surgical robot decided to use it to perform a brain surgery on a young patient. With the patient lying on the operating bed, the surgeon powered on the robot and started manipulating the joysticks. He moved the right joystick to bring the scalpel end of the arm above the patient. It worked as intended. Then, the surgeon moved the left joystick, shifting it forward to lower the arm. Even though the joystick has a tilt of five degrees, the arm plunged downwards and hit the patient in the face with the laser scalpel punching through the skull into the brain.

The patient died on the spot, leaving the parents extremely distraught and the surgeon traumatised. The surgeon quit his job a day later and was found dead on the ground floor of his apartment building two days later, having jumping off from his kitchen window on the ninth floor.

An investigation later revealed that the technicians did not test the robot and checked off the checklist confidently, assuming that they have done it correctly. They believed in their installation and setup skills as they have done it many times for other hospitals. If they have tested the robot in the first place, they would have found that they failed to connect the signal regulator for the module that controlled the robot arm’s vertical movement.

The scenario described above maybe seem like it came from some horror movies but it does reflect the reality of what will happen when software system, or any system for that matter, is not tested thoroughly.

Different types of software testing

Software testing can be divided two different categories: functional and non-functional testing.

Functional testing is a quality assurance process that checks the individual software component does what it is supposed to. For example, if a calculator software says it can determine the sum of two numbers, then a check will be performed to verify that it return the correct sum for any two numbers.

On the other hand, non-functional testing checks the way the software operates. Using the calculator example, a non-functional requirement would specify that the calculator has to return a result within a second. So, if the calculator takes up to 20 seconds to return the correct result, it is technically functional. However, who would use a calculator that takes a longer time than a human to calculate the sum of two numbers?

Functional testing

Unit testing

Unit testing is a type of functional testing that tests a piece of software using Unit Tests, which are automated tests written and run by software developers to verify that a section of the software meets its design and behaves correctly. Generally, they are written to cover specific core functions within the application and ensure the functions return the correct response from a given set of inputs.

With continuous delivery and continuous testing, unit tests form a big part of that process since they are used to verify that every section of the software they covered behave correctly. In the event that there are failing tests, this would indicate that certain functionalities within the application has not been implemented properly by the developers.

Smoke testing

Smoke testing is a type of testing that verifies a software is built correctly and it can run. It is commonly used to reveal any simple failures and allowing a prospective software release to be rejected.

Unlike the other type of testing, smoke testing is supposed to run quickly, to give the benefit of faster feedback. This way, developers can quickly fix what went wrong and get the next build ready.

Integration testing

Applications have grown increasingly complex with a lot of moving parts. Integration testing is a type of testing that verifies the different parts are able to come together and work. One way it does that is by ensuring the interfaces between the different software components are defect free and they can communicate with each other correctly.

Exploratory testing

In contrast to other type of functional testing, exploratory testing is a type of informal testing that is more ad-hoc and freestyle, relying more on the tester’s creativity instead of following scripted test cases. The term exploratory testing was coined by Cem Kaner in 1984.

With exploratory testing, it is all about discovery, investigation and learning while the test is happening. It is up to the tester to come up with new test cases as they navigates through an application. This help to ensure that software bugs that were not picked up by other type of testings are identified and resolved.

Non-functional testing

Usability testing

Usability testing measures the ease-of-use of an application by testing it on users who have never seen or used it before. If an application has good design intuitiveness, users would less likely to be confused by it, thus are more likely to use it.

To do usability testing, a scenario or a realistic situation need to be setup where the user can perform a series of tasks on the application being tested. Observers will watch and take notes. In addition, other test instruments such as scripted instructions, paper prototypes and questionnaires are also used to gather feedback. Another popular testing method is the Think Aloud Protocol where users will vocalise what they are thinking about as they navigate through the application and how they will be performing an action.

Performance Testing

Performance testing determines how well an application performs. A non-functional requirement given by the users could specify that able to execute an action and return a result or give a response to the user within some time limit. In this case, it would fall under performance test coverage.

Using the calculator example mentioned earlier, a simple performance test can be conducted using a stop watch and a tester using the calculator to calculate the sum of two numbers. The stop watch will start counting once the user press the “=” button. When the calculator screen shows the result, the stop watch is stopped immediately. Then, the time taken could be record as part of a performance test report.

Stress testing

A modern application generally perform quite well on modern machines and could handle several dozen of people using it. However, when the number increases to several hundred or even several thousands users per minute, the application might not even function. It might start crashing due to limited hardware resources.

Stress testing is about putting the application under heavy load and finding out what is the breaking point. With that information, the amount and type of resources to be provisioned can be done more effectively to ensure availability of the application, or that developers can improve the application in terms of its error handling and prevent it from crashing due to insufficient computation resource, thus improving its robustness.

10 Wi-Fi terms that you should know

Have you ever taken a look at the Wi-Fi logs generated by your router?

Or if you are on a Mac computer, have you seen the details of the Wi-Fi connection by pressing and holding the Option key while you click on the Wi-Fi icon?

Do you wonder about what do those terms that you see in those places mean? In this article, we will look at 10 Wi-Fi terms that you may come across.

1. HT

HT is short for High Throughput and is the alternative name for 802.11n (Wi-Fi 4). The reason behind the name was due to the speeds improvements, which can range from anywhere between 72mbps to 600mbps, thus making it a lot faster than 802.11g (Wi-Fi 3).

The new technologies introduced with Wi-Fi 4 enable support for more antennas which in turn enable higher data rates, adding 40 MHz channel width, 5GHz band and standardising Multiple Input and Multiple Output (MIMO).

2. VHT

VHT or Very High Throughput is the alternative name for 802.11ac (Wi-Fi 5). It is designed to be the successor to HT. With Wi-Fi 5, wireless communication over the 5GHz band is improved with new technologies, enabling speeds ranging from anywhere between 433mbps to 6933mbps.

Some of the new technologies for Wi-Fi 5 include support for optional 160 MHz channel width and mandatory 80 MHz channel width, increasing the number of MIMO streams from 4 to 8 and 256-QAM support.

3. HE

HE is short for High Efficiency and is the alternative name for 802.11ax. The reason behind this name stemmed from new technologies that improve efficiency and performance. Some of these new technologies include OFDMA and MU-MIMO. For more information about Wi-Fi 6, check out this explainer.

4. MCS Index

MCS Index or Modulation and Coding Scheme Index is a unique reference value that identifies the combination of the following:

  1. Number of Spatial Stream
  2. Modulation Type
  3. Coding Rate

When this value is combined with the Wi-Fi channel width, it allows you to quickly calculate the likely data rate of a given connection. Naturally, the larger the MCS index value, the better as it indicates a faster Wi-Fi connection.

5. NSS

NSS or Number of Spatial Stream refers to the independently and separately coded data signals that are transmitted from multiple antennas of an Access Point (AP). MIMO wireless communication use this technique to increase the throughput of a communication channel by sending and receiving multiple data signals simultaneously.

6. RSSI

RSSI or Received Signal Strength Indication in the Wi-Fi context refers to the relative received signal strength in some arbitrary units. It is calculated from the perspective of the receiving radio. Generally, the greater the value, the stronger the signal. Therefore, it is common to see them represented in a negative form since the closer the value is to zero, the stronger the signal strength.

7. Tx Rate

Tx Rate or Transmission Rate refers to the transmission speed of the wireless communication channel from the perspective of the client device. Naturally, the higher the value, the faster the connection since more data can be sent from the client.

8. Rx Rate

Rx Rate or Receive Rate refers to the receiving speed of the wireless communication channel from the perspective of the client device. Naturally, the higher the value, the faster the connection since more data can be received by the client.

9. DFS

DFS or Dynamic Frequency Selection allows a wireless network to use 5GHz frequencies that are reserved for use by radar stations. Without this feature, ApPs are limited to the following 20 MHz channels:

  1. Channel 36
  2. Channel 40
  3. Channel 44
  4. Channel 48
  5. Channel 149
  6. Channel 153
  7. Channel 157
  8. Channel 161
  9. Channel 165

In environments such as an apartment building where multiple APs can be deployed, this can slow down network performance due to the increased wait time brought on by congestion.

With DFS, the issue of congestion is mostly resolved as APs can use 16 additional channels on the 5 GHz band, thus leading to improved performance. These 16 channels are known as DFS channels.

However, if there is a radar station nearby using any of the DFS channels, the AP will detect that and switch to one of the non-DFS channel. When that happens, client devices will temporarily lose internet connection while they re-establish connection.

10. MUBF

MUBF or Multi-User Beam-Forming is an extension of beam-forming to support multiple receiver devices.

And what is beam-forming then?

Beamforming is a technique that allows an AP to focus radio signals towards a receiver. The AP does this by transmitting multiple radio signals from its antenna array in a manner that results in both constructive and destructive radio interferences. The destructive radio interference will cancel the transmission in the directions that have no receiver while constructive radio interference will increase the power of the transmission towards the receiver, thus improving the transmission quality and range.

Asus ZenWiFi AX (XT8) Tri-Band Mesh System Review

In the time between the announcement of Wi-Fi 6 (IEEE 802.11ax) standards in October 2018 and now, the market have seen a variety of Wi-Fi 6 capable devices released by various vendors ranging from networking devices to smartphones. If you like to know more about Wi-Fi 6 and the benefits it brings, here is an explainer.

Even though Wi-Fi 6 is more secure and performant than Wi-Fi 5, wave 2 Wi-Fi 5 routers or mesh systems remain a good choice for majority of households if they have a small/medium-sized home with a few devices.

Background

Personally, I was using the D-Link WiFi mesh system, COVR-2202, for the past one year. During the early stages of the work-from-home arrangement because of COVID-19 pandemic, I could participate in video/conference calls with minimal issues. You can find a review of this mesh system that I wrote previously here.

However, the mesh system started having performance and stability issues this earlier this month. It was due to a change in my home network environment. The number of networked devices had grown to 24 devices—nearly half of these are smart home devices. My video calls started suffering from connectivity issues with stuttering videos, and sometimes, I could not hear what my colleagues were saying. Even the smart home devices are suffering from connectivity issues.

Therefore, my next networking gear purchase had to fulfil the following conditions:

  1. Is a mesh system
  2. More control on the Wi-Fi configurations
  3. Future-proof for WiFi 6
  4. More powerful hardware that provide good WiFi coverage and stable connection for many devices

When I was looking for a new WiFi 6 mesh system, I narrowed my choice down to Netgear Orbi RBK852 (3 pack) and Asus ZenWiFi. I did not consider the other brands as they do not have a good track record when it comes to keeping their products up to date. Furthermore, their product designs leave much to be desired.

In the end, I went with the ASUS ZenWiFi AX6600 (XT8) as I have used an Asus router (RT-AC68U) before and my experience with that then was good. The RT-AC68U was stable in terms of its performance and connectivity even after going for three or four months without a system reboot. And Asus routers do come with a lot more configuration options in their web interface when compared to the others.

Hardware

The Asus ZenWiFi comes in two colours: black and white. For me, I went with the black version because it fit better with the overall house theme. In terms of pricing, the hardware itself cost SG$775 from Challenger.

You may be wondering why it cost that much. Unlike other mesh systems, the ZenWiFi mesh system consist of two full-featured wireless routers that can be configured to run independently or operate together in a mesh system through ASUS AiMmesh technology.

In terms of design, it is minimalistic and does not stand out. It comes with a single LED light at the front that indicates the state of the router. It has specially designed vents on the sides to help keep the routers cool.

Physical appearance aside, we shall take a look at the specifications.

Below is the specification for each router:

  1. 1.5 GHz quad-core processor
  2. 512 MB RAM
  3. 256 MB flash storage
  4. Tri-band: 2×2 2.4 GHz, 2×2 5 GHz-1, 4×4 5 GHz-2
  5. 6 internal antennas positioned to give maximum WiFi coverage
  6. 3x gigabit Ethernet LAN port and 1x 2.5G WAN port. The latter can be used as a LAN port on the satellite node

From the above, we can see that the Asus ZenWiFi mesh system is a tri-band mesh system.

With that, the 2.4GHz and 5GHz Wi-Fi band are freed up for our devices to connect to while a separate 5 GHz Wi-Fi band is used for the wireless backhaul. This wireless backhaul is used by the satellite node and the main router to communicate with each other.

From the product’s official site, the device is capable of the following:

  • 802.11a: 6,9,12,18,24,36,48,54 Mbps
  • 802.11b: 1, 2, 5.5, 11 Mbps
  • 802.11g: 6,9,12,18,24,36,48,54 Mbps
  • 802.11n: up to 300 Mbps
  • 802.11ac (5GHZ-1):up to 867 Mbps
  • 802.11ac (5GHZ-2):up to 3466 Mbps
  • 802.11ax (2.4GHz): up to 574 Mbps
  • 802.11ax (5GHZ-1):up to 1201 Mbps
  • 802.11ax (5GHZ-2):up to 4804 Mbps

However, the above are just theoretical numbers that is hardly achievable due to various factors such as neighbouring Wi-Fi interference, physical obstacles like walls and the distance between the mesh system and our devices.

If we use the 5GHZ-2 band as an example, the speed indicated is achievable if the mesh system is able to utilise all 4 streams to send and receive data using the 160 MHz channel width.

However, there is only one channel available for 160 MHz and that is assuming there are no interference from your neighbours and you can use DFS channels. The latter is important to note as eight 20 MHz channels will need to be combined into one channel. And in Singapore, most of those 20 MHz channels are DFS channels and their availability is dependent on whether you are living near a radar station. Furthermore, if you are living in a HDB apartment with a lot of neighbours, the mesh system will find itself dealing with a lot of interference and likely to fall back to using the 80 MHz channel width. At least when using 80 MHz, there are 5 channels to choose from.

But all the above is just theory. We will need to test the mesh system in the real.

Performance

As described earlier, the mesh system comes with a dedicated wireless backhaul. However, the use of the wireless backhaul would mean that you will not be able to get higher WiFi speeds since the total amount of available wireless bandwidth will be divided equally between the backhaul and other connected devices.

If you do need a higher backhaul speed, ethernet backhaul connection for the mesh node to the main router is supported and available. With this, the WiFi 5 GHz-2 band can be freed up for use by devices.

For me, I decided to go with the wireless backhaul due to two considerations:

  1. The mesh node should try and stay as close to the center of the house as possible since the main router is at the corner of the house in the living room. It is so the remaining half of the house could get WiFi with no dead spot.
  2. Remove the need to route additional ethernet cables from the main router to the node.

After spending time tweaking the configurations, I was able to achieve a decent WiFi speed on the 5 GHz-1 band with my MacBook Pro connected to the satellite node. In this case, there was a direct line of sight between the node and the MacBook.

This is the result of the first test.

Other than the WiFi performance for devices with direct line of sight to the router, it is equally important to have good performance for devices that are behind walls or further away from the nodes.

Another test of the connection speed was conducted. This time it is between my iPhone X and the satellite node while I’m in the laundry area of the house, which is the furthest possible point from the satellite node with at least one wall between.

The phone being able to achieve 101mbps in download speed is nothing short of impressive. We need to keep in mind that there are 23 other devices connected to the mesh system and at least one wall sitting between the phone and the satellite node.

To achieve the above speeds, the following configurations were used for the mesh system.

Basic Configurations

2.4 GHz and 5 GHz-1 front-haul Wi-Fi configuration

5 GHz-2 dedicated wireless backhaul configuration.

Advanced Configurations

5 GHz-1 advanced configurations

5 GHz-2 advanced configurations

In order to achieve higher speeds, a device ideally should establish a WiFi connection using the 80 MHz channel width. In my case, my laptop was able to do that.

However, there is no guarantee your devices will be able to get that since it is dependent on whether the Wi-Fi hardware supports higher bandwidths and negotiate with the router for that. In addition, there is also a higher chance of interference due to channel overlap with your neighbour’s WiFi routers since a wider channel is nothing more than the combination of multiple smaller channels, which can cause connectivity or performance issues.

Over the following one week since getting the mesh system, I made more changes to the advanced configurations.

5 GHz-1 advanced configurations

5 GHz-2 advanced configurations

A second internet speed test was done using the updated configuration from my 2018 15 inch MacBook Pro.

Stability

Compared to the D-Link Covr-2202 mesh system, the Asus ZenWiFi has been stable for 8 days now since the last restart due to configuration changes. Devices remain connected to the mesh system and could access the internet without any issues. Again, we need to keep in mind that there is a constant 22 to 24 devices connected.

Furthermore, I did not find myself having to deal with stuttering video and audio during Microsoft Team/Google Meet/Zoom calls. The longest call that I have can go up to one hour and a half.

However, I could not say the same for the Covr-2202. When I first got it to replace the Asus RT68U, my devices would not be able to access the internet from time to time. An investigation revealed that the routers would either drop connections or refuse to issue IP addresses. This tend to crop up after a week of use for reasons that remain unknown to me. So, to prevent the dropped connections from happening again, I scheduled a weekly restart that happens at the stroke of midnight on Monday.

Wi-Fi Coverage

Asus states that ZenWiFi mesh system is able to cover up to 5500 square feet (or 6 rooms) when using both routers in mesh mode while single ZenWiFi router is able to cover up to 2750 square feet or 4 rooms. With that in mind, single router is enough for majority of households in Singapore since we live in HDB apartments, which have an average size of 1027 square feet.

However, it did not take into account that there are a lot of concrete walls and solid objects such as cabinets in a HDB apartment. Solid objects such as concrete walls can block or reduce the strength of WiFi signals causing connectivity issues, low speeds and high latencies. In this case, the 5 GHz band is more severely affected than the 2.4 GHz band.

During my unscientific tests, the ZenWiFi did surprise me. My phone was able to stay connected and achieve about 30mbps of download speed even when I am standing in the kitchen, near the common toilet. At least two concrete walls stand between my phone and the mesh node.

The next test was done with me walking around the house. My phone was able to stay connected to WiFi and I was able to stream video without any visible issues.

Furthermore, I lived on the eight floor. When I was on the first floor, my phone was still able to secure a connection to the mesh system. I suspect it is due to the fact that the main router of the mesh system is placed near the window in the living room. Nonetheless, I find this impressive since I can continue to use my WiFi even when I’m outside my house.

Conclusion

The Asus ZenWiFi AX6600 (XT8) is expensive but not as expensive as the Netgear Orbi RBK852 WiFi 6 mesh system, which cost an additional SG$200 or SG$300 depending on where you get it.

In terms of hardware specification, the Asus ZenWiFi comes with only 6 internal antennas compared to the 8 on the Netgear Orbi RBK852 WiFi 6 mesh system. More antennas meant that the router would be able to provide more bandwidth for devices, which translates to better performance. The Asus model also comes with a slower quad-core processor and 1 less gigabit LAN port.

But for that price, what you are getting is two Wi-Fi 6 capable, fully-featured wireless routers that you can choose to give one away to your family or friends. The AsusWRT, which is the operating system of all Asus-made routers, tends to be more stable from my personal experience and comes with more configuration options. The latter can be a consideration point if you want to improve the mesh system’s compatibility with older wireless devices or smart home devices that you might have at home.

For example, I have a few LIFX light bulbs that operate on 2.4GHz band with 20MHz channel width. I was able to set that explicitly in the router and ensure the light bulbs stay connected. Previously on the D-Link Covr-2202, the LIFX light bulbs tend to lose connection and I would be left unable to control them from my phone.

Lastly, you are also future-proofing your home network as there will be more Wi-Fi 6 capable smartphones and laptops coming out in the later half of 2020 and the whole of 2021.

What is Wi-Fi 6 and why it is a game changer?

Wi-Fi 6 is the consumer friendly name for the IEEE 802.11ax, which is the current generation Wi-Fi specification standard and the successor to Wi-Fi 5, also known as IEEE 802.11ac.

This new standard comes with various improvements to efficiency and throughput. It is also backwards compatible with your older devices since it supports both 2.4 Ghz and 5 Ghz bands.

But, before we can dive deep into explaining what is Wi-Fi 6 and advantages it bring to the table, we need to be on the same page regarding certain terminologies. We shall also setup some analogies that we will use to explain technical details in simpler terms.

To connect to the internet, we will need to install either a modem or gateway provided to us by internet service providers. If it is the former, a router typically is connected to the modem to provide additional connection points such as ethernet ports and Wi-Fi for our devices to connect to in order to access the internet. If a gateway is used instead, the gateway itself is also a router and could also provide the same functionality as a standalone router.

With that in mind, let us imagine the router to be a large warehouse in a middle of a small city. It has a number of gates or main doors that represent antennas. In addition, there are buildings (or clients, if you will), which represents devices such as smartphones and laptops. Then, there are also couriers who represent radio waves. These couriers are the middlemen between the warehouse and the various buildings, and are responsible for transporting packages to the mall and back to their respective clients. These packages contain things, which are pieces of data, that the building need.

It is fast

Wi-Fi 6 has a theoretical maximum speed of 9.6 Gbps (gigabits per second) or 1.2 gigabyte per seconds. That is almost 2.6 times more than Wi-Fi 5. To put things in perspective, it is possible to transfer a 100GB 4K blu-ray video in just under two minutes with such speed.

There are three key technological updates that contribute to Wi-Fi 6’s improved performance over the previous generation: MU-MIMO, OFDMA and 1024-QAM

MU-MIMO

MU-MIMO stands for “multi-user, multiple input, multiple output”. It is a technology that help increase the number of antennas a router has and could be found implemented in most Wave 2 Wi-Fi 5 (IEEE 802.11ac) routers and devices.

Wave 1 Wi-Fi 5 and earlier routers could only communicate with one device one at a time and the others have to wait until it is their turn.

With MU-MIMO release for Wave 2 routers, they could communicate with up to four devices simultaneously.

The caveat here is that, the location of each client device matters. If two or marke devices are in the same general location, they will still need to wait in line to communicate with the router.

And you might wonder how does this technology help to improve performance?

Let us assume that a router will be placed in the center of the house or a room. Then, if there are multiple devices around that require Wi-Fi access, they could access the router via the nearest antenna pointed in their respective general direction. If two or more devices are in the same general location, then these devices will share the same antenna and need to wait for their turn.

For those who have a hard time understanding that, let us go back to the analogy we created earlier.

When the warehouse is first built, which represent the earlier version of Wi-Fi, there is only one gate. In order to enter or exit, couriers need to queue up by the gate and wait for their turn before they can proceed to either deliver or collect their respective packages.

Then, with MU-MIMO technology for Wave 2 Wi-Fi 5, the warehouse undergoes a renovation to have four gates installed according to the points on a compass instead of just the one. Now with four gates, more couriers can enter and exit albeit from four different directions at any given point in time. With this, the buildings are now able to get their requests serviced faster.

But if a particular gate has a long queue of couriers, they will still need to wait for their turn to enter or exit unless they choose to use other gates.

And for Wi-Fi 6, MU-MIMO is upgraded to support up to eight devices at the same time.

Going back to the warehouse example, renovation is done to add four more gates, for a total of eight. More couriers now can enter and exit the warehouse from eight directions at any given point in time, therefore servicing even more buildings.

OFDMA

Orthogonal frequency division multiple access (OFDMA)is an extension of Orthogonal frequency division multiplexing (OFDM) technology.

But, before we can dive deeper into OFDMA, we must first understand what is OFDM.

OFDM is a technology that takes a radio channel such as the 20 Mhz channel, which is often used for Wi-Fi, and sets a number of sub-carriers instead of having just one carrier. For Wi-Fi 5, 52 sub-carriers can be created from a single 20 Mhz channel using this technology while Wi-Fi 6 take that to the next level and can create 234 sub-carriers.

To the uninitiated, a carrier is a modulated wave that convey information.

Each sub-carrier is then modulated independently and simultaneously to form symbols, which are waveforms that represent information or data. And these symbols are separated in time by guard intervals to prevent interference cause by neighbouring sub-carriers. Finally, a single transmission to the receiving device will consist of a number of these simultaneous symbols spanning the sub-carriers.

The receiving device is able to track all these sub-carriers simultaneously and extract data from each sub-carrier independently. This contributes to the increase in Wi-Fi performance since multiple pieces of data are transmitted at the same time.

However, the problem with OFDM is that any device is free to transmit a signal whenever they are ready, creating a first-come-first serve situation. This may work in a home-setting where there are not a lot of devices but does not work in a high-density area such as a stadium and shopping mall. Too many devices will be fighting for a chance to send and receive data from the router, resulting in an inefficient use of the router.

For those who have trouble following the above explanation, let us go back to the warehouse example we used earlier.

OFDM can be thought of as multiple couriers who are dispatched to a specific building but at slightly different timings. They travelled on the same road but on a different lane, and each of them carries a different part of the final data. Once they arrived at their destination, the building’s manager will collect the different parts of the data and began the reconstruction process. Even if some of the couriers got lost, the manager is still able to reconstruct the data because each courier carries a nice little clipboard containing a detailed description of the content and its relation to the other couriers.

However, there could be couriers serving other buildings traveling on the same road. Some of these couriers could end up on a lane where other couriers are on. This can lead to a scenario where the couriers would fight amongst themselves in order gain access the warehouse first. During the fight, packages will be lost and when that happens, the buildings need to dispatch couriers with the same packages again in an attempt to gain access to the warehouse.

This is where OFDMA comes in.

OFDMA technology solves the network contention issue by grouping the sub-carriers into Resource Units (RU) to service one or more clients depending on their needs.

Therefore, if there is a client that need higher bandwidth because of the data it is downloading, then all the sub-carriers can be grouped as one Resource Unit to give the client the full bandwidth of the channel. Similarly, if multiple clients in the same area need a fraction of the bandwidth because of their small data requirement, then multiple Resource Units can be created to serve all of the clients.

And the change in the RU configuration is also done in real time, therefore enabling a consistent efficient use of the available network bandwidth.

To the layman, it is the equivalent of upgrading the warehouse to dispatch one truck per lane to serve a group of buildings that are close together. The purpose of the truck would be to carry as many couriers as it can hold and transport them to the group of buildings where they could then drop or pick up the packages.

When does the warehouse dispatches the trucks and decides whether the couriers on board all serve the same or different building are dependent on the requirements such as the service type, package size and total number of packages.

With that, the odds of couriers losing their packages and having to restart the transport process again, which is an overhead, is reduced. Furthermore, the different buildings (clients) in the same area get an equal amount of attention from the warehouse.

1024-QAM

Wi-Fi 6 improves on the amount of data transmitted per signal, allowing improvement in speed by up to 30%. This means that you can stream bandwidth hungry content such as 4K video with further reduction in loading times and have a smooth viewing experience.

But before we could dive deeper into how Wi-Fi 6 achieve this, we need to understand how Wi-Fi work in general.

Wi-Fi works by using radio waves. To transmit data so that the receiving device understand it, the sender need to modulate the signal to represent bits of binary code. This type of modulation is known as “Quadrature amplitude modulation” or QAM for short.

The better a device is at modulation, the more information it can transmit each time.

For example, a 2-QAM device means it capable of transmitting one bit (1 or 0) of information each time because it can modulate the signal in one of the two ways. A 4-QAM device can transmit 2 bits (00, 01, 10, 11) of information each time because it can modulate a signal four different ways.

With that in mind, current generation of Wi-Fi 5 devices are 256-QAM, which means eight bits of information can be transmitted each time. This is why most of us today do not spend a lot of time waiting for video to load and buffer. With Wi-Fi 6, devices are able to do 1024-QAM, which means 10 bits of information can now be transmitted each time.

To explain QAM much simply, let us go back our warehouse example.

2-QAM is the equivalent of the courier only having one hand. They can either carry one bag or nothing at all. 4-QAM give them another hand, so now they can carry up to two packages. 256-QAM for Wi-Fi 5 is the equivalent of giving a courier four pairs of hands, thereby enabling them to carry up to eight packages. With the upgrade to 1024-QAM for Wi-Fi 6, each courier now has five pairs of hands to carry up to ten packages.

On the surface it may not look like much. However, if a request is for a large amount of data such as those typically found during 4K movie streaming, having the ability to transfer more data per trip will mean less trips needed to download the full content. After all, less trips equals more time saving.

It could improve battery life

Other than being faster, Wi-Fi 6 also comes with a new feature call Target Wake Time. This allows certified Wi-Fi 6 routers to schedule check-in times with connected devices.

With scheduling, devices only activate their antennas at the right time instead of having to keep their antennas powered on to transmit or search for signals for an extended period of time, which can consume quite a fair amount of power.

For devices such as laptops or desktops which are connected to a power source and do need persistent internet connection, this feature may not be useful. But for IoT devices it could be a world of difference since they may not have access to consistent power and probably run on batteries.

It has better security

Since 2004, the Wi-Fi security revolves around WPA2. It is a protocol that encrypts the communication session between the router and the client device so that they could exchange information safely and privately.

WPA2 was considered to be very secure until 2017 when a weakness in the protocol was discovered that made it possible for attackers in range of the Wi-Fi router to steal sensitive information.

The Wi-Fi Alliance announced WPA3 in 2018 to be the replacement. WPA3 replaces the need for the 4-way handshake to authenticate a client in WPA2 with another method called Simultaneous Authentication of Equals (SAE).

SAE is a proven zero-knowledge method to establish a secret shared key that both the client and the router will use to generate the session key to encrypt and decrypt Wi-Fi transmissions. If another client wishes to connect to the network, the client will established its own secret shared key with the router.

The other important feature of WPA3 is Forward Secrecy, which is an indirect effect of implementing SAE. This ensure that even if an attacker managed to capture the encrypted Wi-Fi transmissions and then crack the session key, older data continue to remain unaccessible as the keys used to encrypt those data will be different.

WPA3 is optional for existing devices and many device manufacturers may choose not to patch these products via firmware update. But in order for these manufacturers to market their devices to be Wi-Fi 6 certified, the Wi-Fi Alliance mandated that WPA3 be implemented. Therefore, we can be sure that Wi-Fi 6 will be more secure.

Other than improvements made to the WPA protocol, the security and privacy of open Wi-Fi networks such as those we find in cafes, shopping malls and stadiums are also improved. Wi-Fi 6 will see the implementation of Opportunistic Wireless Encryption (OWE).

OWE is a security technique that is similar to SAE to encrypt the transmission channel between the device and the router but without the need for authentication. The established shared key is only known to the client device and the router.

Although it is not as secure since there is no way to tell who is connected to what, it is more secure than connecting to a public Wi-Fi secured by WPA2 and using a the pre-shared password, or connecting to a completely open Wi-Fi network.

More than one million WordPress sites attacked over the weekend of late May 2020

WordPress throughout its history has always found itself appearing in the news for its security vulnerabilities. The most recent vulnerability incident with WordPress is with a plugin call Page Builder by SiteOrigin.

Attackers mount a campaign over the weekend of 29 – 31 May against more than one million WordPress sites in an attempt to download wp-config.php, a file critical to all WordPress installations. This file contains sensitive information such as database credentials, connection information as well as unique authentication salt and keys. Therefore, anyone with access to the file could gain access to the database where the site content and users are stored.

To download that file, the attackers targeted cross-site scripting (XSS) vulnerabilities found in older plugins or themes that allow files to be downloaded or exported.

The attacks came from more than 20,000 IP addresses, which were also implicated in a previous attack that happened earlier in May 2020 used by the same threat actor.

The earlier attack targetted a different set of XSS vulnerabilities with the intention of having visitors redirected to malvertising sites. This set of vulnerabilities were found in plugins that have mostly been patched or plugins that have been removed from the WordPress plugin repository. Below is the list of plugins and their respective vulnerabilities that were popular with the attackers.

  • Easy2Map plugin — Removed from WordPress plugin repository due to XSS vulnerability
  • Blog Designer — XSS vulnerability that was patched in 2019
  • WP GDPR Compliance — Options update vulnerability that was patched in late 2018
  • Total Donations — Removed from Envato Marketplace permanently. It had a critical options update vulnerability.
  • Newspaper theme — XSS vulnerability that was patch in 2016.

The good news is that WordPress site owners who uses Wordfence are protected. According to Ram Gall at Wordfence, the Wordfence firewall blocked over 130 million attacks intended on harvesting database credentials.

How do you know if you were attacked?

The attack should be logged. You could look for any log entries that contain wp-config.php in the query string with the HTTP response code 200.

Below are the top 10 IP addresses used for this attack campaign.

  • 200.25.60.53
  • 51.255.79.47
  • 194.60.254.42
  • 31.131.251.113
  • 194.58.123.231
  • 107.170.19.251
  • 188.165.195.184
  • 151.80.22.75
  • 192.254.68.134
  • 93.190.140.8

What should you do next?

WordPress sites running Wordfence are protected from the attack. For the other users, you should change the database password and the unique authentication keys and salt immediately if you believe you are compromised.

The reason is simple.

WordPress servers that have been configured to allow remote database access could easily allow an attacker with the database credentials to add an administrative user, extract sensitive data or delete the site. Even if remote database access is not enabled, an attacker who knows the authentication keys and salts could bypass other security mechanisms that protect your site more easily.

And what if you are not comfortable making changes mentioned above?

Then you should contact your host or service provider since changing the database password without updating the wp-config.php file can render your site offline temporarily.

Last but not least, you should also update any plugins and themes. You may also want to consider changing the plugins or themes if these are no longer maintained by the original developers.


This article uses material from Wordfence.

Dyson Pure Cool Fan Review – Is it worth the premium?

When you hear of the brand Dyson, the first thing you would associate them with is the vacuum cleaner. It is not surprising as the company was founded by James Dyson with the cyclone vacuum as the first product. Since then, the company has diversified their product lines to include other types of home appliances such as hair dryers, air purifiers, fans, heaters and lightings.

And as a result of their sleek marketing, they could be perceived as the company that makes premium and high quality appliances.

I will admit, it was that perception that got me yearning for a Dyson fan when I first saw it several years ago.

And after several years of waiting, and having gone through a period of hypersensitivity to gaseous compounds from cigarette smoke and haze, I got myself the Dyson Pure Cool Advanced (TP04-White/Sliver) model and it cost me about ~$700 after some sort of discount.

I have been using it for several months now and that has allowed me to get over the initial emotional high of a new toy, which enables me to give a more objective review.

The Pros

Clean the air

The Dyson Pure Cool is first and foremost an air filter and then a fan.

Air is sucked in by the fan located at the base of the machine. There are two types of filter installed, and when combined are designed to capture up to 99.5% of pollutants in the air.

The glass HEPA filter is able to capture most pollutants, allergens, dust and viruses as small as 0.3 microns. The second filter is the activated carbon filter that can capture other smaller particles and gaseous vapours.

As of this writing, the COVID-19 pandemic is still ongoing and this double-filter system ensures the air you breathe in is clean and safe.

Air quality monitoring

It comes with a suite of sensors that detect air pollution ranging from PM10 to NO2 and will display these information in the form of graphs.

The graphs will start from green and will turn yellow if the air starts to contain certain pollutants. Red and purple graphs will follow when the pollution becomes worse.

It is especially useful in Singapore where we have haze seasons due to burning of the forest in Indonesia. Or when you live in HDB apartments where you are so close to other people who pollute the air with their cigarettes and those toxins enter your living area due to wind. You can use the Dyson air quality monitoring to help you determine if you need to take additional steps to protect your health such as putting on a mask or closing the windows.

Easy to maintain

Unlike the traditional fans, the fan blades are kept hidden within the base of the machine with the filters to keep out dust and dirt. Other than changing out the filters once every year or so, the machine needs only a simple wipeout with a lightly damp cloth.

Compact size and lightweight

Most standing fans are rather heavy and most can be difficult to transport around the house due to their size, especially due to the large fan blades and protective cage.

The Dyson Pure Cool stands at about 1.06 meters tall with a max diameter of 22.3 cm, which makes it much smaller than most standing fans. It also weighs about 5kg and that makes it light enough to carry with one hand.

During the time I had it, I have moved the machine around my room just so that I could get a decent air flow depending on where I am. And this ultimately lead us to the cons of the machine.

The Cons

Very noisy with weak air flow

At its core, it uses a motor to suck in and propel air. At lower speed, the motor is relatively quiet but it comes at a cost of low wind speed.

With the motor speed set to 5 or 6, the air projected out by the so call air multiplier technology is perceived to be weaker than a simple $20 desk fan.

As you raise the motor speed up to 8, 9 or even 10, there is a distinct whining sound that you typically hear with vacuum cleaners. Even then, the amount of air movement you get is less than a ~$30 standing fan with fan speed set at 1.

Does not cool you

The machine does not actually live up to its name Pure Cool.

It has tiny silts along the central tube that allow air to flow out after it has been pushed through the internal tunnel. To increase the airflow, a technology called air multiplier is used, which is nothing more than a fancy name that take advantage of inducement and entrainment to move a higher volume of air than it actually takes in through the machine’s base.

With the air multiplier, air moves like a steady stream but the airflow is weak. Really weak when compared to traditional standing fans. The stream of air is not fast enough and spread wide enough to create a situation where you can get indirect air flow from air molecules bouncing off surfaces.

My non-scientific test involved setting the fan speed to 8 and see how far I can go before I stop feeling the airflow. And the result is about 2.5 metres.

Also, due to its inability to move large volume of air with sufficient speed, it is unable to remove heat from a room faster than the heat can accumulate. And it is a problem especially in a country as warm and humid as Singapore. The room is so much warmer than it should have been when compared to using a traditional standing fan. Without a strong air flow, it is not able to induce faster sweat evaporation in such a weather, which makes you feel even hotter than usual.

The feeling of cheap build

When you buy a product such as a fan or an air filter, you would expect that the material used to construct the product would be of a higher quality. Yet, most of the device is made out of plastic that does not really make it feel like a premium product.

What are you actually paying for?

In my opinion, the price tag you pay for the machine is to cover the following cost:

  1. The engineering hours that goes into the sensors and software needed to run the machine
  2. The motors, asymmetrical fan blades and the R&D of the filters
  3. Whatever tests Dyson need to conduct to claim their product can filter out 99.5% of the pollutants in the air
  4. Manufacturing

Other than the above, I do not see how they could justify the price tag, which is as much as an 128GB iPhone SE (2020).

Conclusion

If you are living in a country as hot and humid as Singapore, I would not recommend the Dyson fan unless the company figure out a way to deliver high airflow needed to encourage heat dispersal within a room and sweat evaporation from the body.

If you need something that does not consume a lot of electricity like the air-conditioning but can still cool you down in this country, I would recommend you buy a standing fan from companies like Mistral or Sona.

But if you are looking for an air filter that doubles up as a fan and you plan to use it in an air-conditioned room with temperature around 25 degrees celsius, then Dyson Pure Cool is a product that you can consider. You can use the fan as a method to even out the cool air in a room so that there are no warm spots.

And if you are looking for just an air filter, there are other cheaper alternatives that can do the job just as well.

Bugs in WordPress page builder plugin leave 1 million sites vulnerable to full takeover

Are you using WordPress? If you are and have installed SiteOrigin’s Page Builder plugin, your site could be vulnerable to full takeover by hackers.

To the uninitiated, Page Builder is a WordPress plugin created by SiteOrigin that is used to build websites using drag-and-drop functionality. It currently has a million active installations.

Researchers at Wordfence found two security bugs in the plugin that can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). These two bugs allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser.

The bugs have been assigned with a severity rating of 8.8 out of 10 by the researchers, but no CVEs have yet been assigned.

The details of the flaws

The two flaws can be used by attackers to redirect a site’s administrator, create a new administrative user account or inject a backdoor on a site. The details of the flaws could be found in the link provided above.

The first flaw affect the built-in live editor within the plugin.

For the plugin to show the modifications done in the live editor in real time, it registers the is_live_editor() function to check if a user is in the live editor. If the user is in the live editor, the siteorigin_panels_live_editor parameter will be set to “true” and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content. Then, the “live-editor-preview.php” rendering file updates the page preview with changes made in real time.

This is all good but the problem lies in the lack of nonce protection. It is a method that could be used to verify that an attempt to render content in the live editor came from a legitimate source.

According to the researchers, some of the available WordPress widgets, such as the ‘Custom HTML’ widget, could be used to inject malicious Javascript into a rendered live page.

The second flaw is also a CRSF to XSS issue and it lies with the action_builder_content function of the plugin.

The purpose of the function was to transmit submitted content as panels_data from the live editor to the WordPress editor in order to update or publish the post using the content created from the live editor. Although the function did have a user permission check, there was no nonce protection to verify the request source, causing a CSRF flaw.

The researchers found that the “Text” widget could be used to inject malicious Javascript due to the ability to edit content in a “text” mode rather than a “visual” mode. With this, potentially malicious Javascript could be allowed to be sent unfiltered.

What should you do?

The flaws affect SiteOrigin’s Page Builder version 2.10.15 and below. In order to avoid full site takeover, admins should upgrade the plugin to version 2.10.16.

And it should be noted that an attacker needs to trick a site administrator into executing an action like click on a link or an attachment for the attack to succeed. Therefore, it is advisable not to click on any link or open any attachments that you are unsure of.

Official government COVID-19 apps comes with security threats

COVID-19 is one of the worst public health crisis ever faced by humans since the 1918 flu pandemic.

Governments around the world launched their own version of mobile apps to help their citizens track symptoms and virus infections. However, security researchers at ZeroFOX Alpha Team uncovered various privacy concerns and security vulnerabilities —including backdoors with these apps.

The Iranian government released an Android app called AC19 on the Iranian app store known as CafeBazaar. The app claimed that it can detect whether or not people are infected by the virus and was released by the Ministry of Health. It was to take advantage of the confusion and fear gripping many parts of Iran about COVID-19 to boost Tehran surveillance capabilities.

When Iranian users downloaded the app, they are prompted to verify their phone number despite the fact that the government has access to all phone numbers via its control of the country’s cell providers. Once users provided their phone number, they are prompted to give the app permission to send precise location data to the government servers.

In addition, there is a copycat app called CoronaApp created by threat actors that is available for direct download by Iranian citizens rather than via the Google Play Store. As a result, the app is not subjected to the normal vetting process that might protect these users from malicious intentions. However, many citizens in Iran cannot access the official Google Play store due to sanctions, so they are more likely to download the unvetted apps.

Once installed, the CoronaApp does request for permission to access the user’s location, camera, internet data and system information, and to write to external storage. It is this particular combination of permissions requested that demonstrates the developer intent to access sensitive user information.

Separately, the Colombian government released mobile app called CoronaApp-Colombia on Google Play store to help people track potential COVID-19 symptoms in March 2020. However, ZeroFOX researchers discovered that the app included vulnerabilities relating to how it communicates over HTTP, affecting the privacy of more than 100,000 users.

As of March 25, the app with version number 1.2.9 communicates insecurely with the API server throughout the app workflow. Specifically, it uses HTTP instead of HTTPS or other more secure protocol for server communications. By making these insecure server calls to relay users’ personal data, CoronApp-Columbia could put sensitive user health and personal information at risk of being compromised.

But there is a shred of good news. The Columbian CERT fixed the vulnerabilities three days later after ZeroFOX Alpha Team submitted the vulnerability, listed as CVE-2018-11504 on MITRE, to them on March 26.

Last but not least, the Italian government created region-specific apps for tracking coronavirus symptoms as the country is one of the places that the COVID-19 pandemic has hit the worst.

As a result of the greater number of government-sanctioned apps, users are less certain of which COVID-19 mobile apps are legitimate.

Threat actors are taking advantage of this confusion, and inconsistency in the apps releases and availability to launch malicious copycats that contains backdoors.

ZeroFox Alpha Team found 12 android application packages related to the attack campaign. 11 of these packages were found to use various methods of obfuscation.

The first app analysed by Alpha Team was discovered to use a signing certificate where the signer was “Raven” with a location in Baltimore, likely a reference to the Baltimore Ravens NFL team. Furthermore, every other app analysed by the team used these signing certificate and issuer details.

The backdoor is activated when the Android app receives a BOOT_COMPLETED event when the boots, or when the app is opened.

The researchers advised governments with COVID-19 related apps or those thinking about releasing new ones to ensure the consistency in where the apps can be downloaded as well as in their appearance to help avoid the spread of malicious doppelgängers. Exercising due diligence during the development process will help secure the app and avoid putting citizens at further privacy risks.