Highlight

Security update KB5063878, made available by Microsoft as part of Windows 11 24H2, brought a critical bug that can make SSDs (and even HDDs, in isolated cases) inaccessible after continuous transfer of large volumes of data. When the problem occurs, the operating system stops recognizing the device and, after restarting the computer, the partitions may appear as RAW, inaccessible to the user. Reports indicate that the bug manifests itself when trying to write more than 50 GB of continuous data to drives that are already over 60% occupied. The tester, identified as Nekorusukii, evaluated 21 SSDs from various brands (including Samsung, WD, Seagate and Crucial) and found that several of them were inaccessible. The WD Blue SA510 2 TB SATA drive was the only one that suffered permanent damage and didn't work again, even after rebooting. Although it was initially thought that the problem was restricted to SSDs with Phison controllers, the bug apparently affects models with other controllers too. Microsoft has confirmed that it is aware of the reports and said that it is investigating the case together with market partners such as Phison. As a precautionary measure until there is an official patch, experts recommend that users avoid making very large file transfers, especially on drives that are already heavily used, and keep their backups up to date. The original article via TecMundo and PCWorld can be read here and here. 

At the end of July, a software error in the National Air Traffic Services (NATS) radar systems at the control center in Swanwick, Hampshire, led to the temporary closure of the airspace over England and Wales, causing a general suspension of flights for around 20 to 60 minutes. Despite the rapid technical resolution - with NATS activating a secondary system in around 20 minutes - the effects of this blackout continued for hours, with aircraft jams and crews scrambling to resume normal operations. More than 150 flights were canceled, and it is estimated to have affected more than half a million passengers. The Secretary of State for Transport, Heidi Alexander, summoned the CEO of NATS, Martin Rolfe, to explain what had happened and guarantee preventive measures for the future. Ryanair has demanded Rolfe's resignation, claiming that previous failures - including one in August 2023 that affected around 700,000 passengers - have not served as a lesson. Experts and political opponents are calling for an independent government investigation into the resilience of the country's air traffic control infrastructure. Although emergency systems assured that there had been no cyber-attack, nor any risk to flight safety, the incident gave visibility to latent weaknesses in central traffic control systems and reinforced the urgency of modernization and more robust contingency plans. The original article via The Telegraph can be read here. 

If there's one thing you want in any car, it's a way to stop. It's even more important than power, style or any kind of flashy gadget. Having a brake pedal that doesn't work isn't good, which is why Volvo is warning drivers of certain plug-in hybrid and electric vehicles to stop driving until they download the latest software update. According to the recall report, this bug in the programming of the brake control module is part of software version 3.5.14 and only appears in certain conditions and in plugged-in models. Affected customers may experience a temporary loss of braking functionality after coasting for at least 1 minute and 40 seconds with the "B" driving mode for PHEV vehicles and the "One Pedal Drive" mode for BEV vehicles without applying the brake pedal or (to some extent) the accelerator pedal. If the situation occurs, pressing the brake pedal can completely remove the braking functionality. Although many plug-in hybrid drivers probably don't always drive in "B" driving mode, people living in mountainous areas may do so, just as some battery electric vehicle drivers religiously use one-pedal mode. This is how the defect was discovered, and the NHTSA (National Highway Traffic Safety Agency) even published a video from a DashCam showing this brake failure mode occurring. There's something unsettling about knowing that a software update can interfere with brake performance, because although it should work fine, what if it doesn't? The solution is to stop driving the vehicle and download the latest over-the-air software update as soon as it becomes available. If an affected car needs to be moved, make sure that "B" mode on plug-in hybrids and one-pedal driving on battery electric vehicles are not selected. The original article via The Autopian can be read here. 

In the United States of America, a software error led to widespread confusion among millions of Los Angeles County residents who received an evacuation warning message shortly after the outbreak of the Kenneth Fire in Woodland Hills, according to a report released by US Congressman Robert Garcia's office. The text message was sent to residents' cell phones on January 9, shortly after the Kenneth fire started, during a strong windstorm that two days earlier had caused the devastating Palisades and Eaton fires, which destroyed thousands of homes. The message was intended only for the residents of Calabasas and Agoura Hills, since the fire was spreading west towards them. Twenty minutes later, the county sent out another alert correcting the error and clarifying that the warning was only for the Kenneth Fire evacuation area, the report says - "The Kenneth Fire false alert was a wake-up call," Garcia said in a statement. "It showed the consequences of software glitches, vague message wording and a lack of federal standards. We must modernize our emergency alert systems to ensure warnings are accurate, timely and targeted. The public's trust is at stake." The erroneous messages were sent because an accurate element of the assessment area had not been uploaded into the federal public alert and warning system. Genasys Inc., which oversees the alerts, did not notify the county that the element was missing, so the alert was sent to about 10 million people instead of the targeted neighborhoods, according to the report. The company said it believed the error was due to a possible network outage, but did not go into detail, the report said. Through the same report, it is stated that Genasys has since added safeguards to correct the problem, including a warning to the user when the element is missing. The original article via EastBayTimes can be read here. 

In November last year, a bug was discovered in the Modefer application, which manages around 1,500 patients a month for the UK's National Health Service (NHS). The software flaw left patient data vulnerable to hacker attacks, reports the BBC, and according to the software engineer who discovered it, it has existed for at least six years. Modefer says it has no proof that the vulnerability has existed for so long and says that patient data has not been compromised. Within days of the discovery, the bug was fixed, the company assures. An NHS spokesperson said that it was taking note of the concerns raised about Medefer and will take the necessary action. It was explained that Medefer's system allows patients to make virtual appointments with doctors, who have access to the associated clinical data. The engineer who discovered the vulnerability said that the APIs Medefer used were not properly secured and could be accessed by malicious third parties and have access to patient information. The engineer also accuses Medefer of not taking appropriate action as soon as the vulnerability was discovered. "I've worked in organizations where if something like this happened, the entire system would be shut down immediately" - he adds that an external cybersecurity specialist should have been called in to investigate the problem, something Medefer failed to do. On the other hand, the company says that an external security agency has analyzed the problem and that the data is safe. This was confirmed by the company's founder, Bahman Nedjat-Shokouhi, who said that the fix was released within 48 hours of the vulnerability being discovered. He also points out that the claim that the bug gave access to large amounts of patient data is false. "We take our duties to patients and the NHS very seriously. We have regular external security audits of our systems, on several occasions annually." Because Medefer deals with highly sensitive patient data, such as medical information, cybersecurity experts who analyzed the case presented by the software engineer point out that the NHS data was not as secure as it should have been and that external cybersecurity experts should have been called in immediately to ascertain the true scale of the problem. The original article via Sapo24 can be read here. 

John Cheeks, a resident of Washington DC, bought a Powerball ticket on January 6, 2023. The draw took place the next day, but he didn't see it live. However, when he went to the website, his numbers were there. And there was no doubt about it, since his key included a combination of family birthdays and other numbers with personal significance, says The Guardian."I got a bit excited, but I didn't shout, I didn't scream. I just politely phoned a friend. I took a photo, as he recommended, and that was it. I went to sleep," he explained. However, what seemed like a dream turned into a nightmare. When Cheeks went to the Office of Lottery and Gaming (OLG) to claim his prize, he was informed that this would not be possible - and an employee on the spot even told him to throw the ticket away, because he would not receive any prize."The applicant's prize claim was rejected because the ticket was not validated as a winner by the OLG's gaming system, as required by OLG regulations," a letter sent later read. But John Cheeks decided to keep the evidence he had and then sue Powerball. In court, it emerged that the key was not the lottery winner after all. Apparently, quality tests were being carried out on the site, so Powerball's test numbers were accidentally published instead of in a development environment that mimicked the official page, but which was not visible to the public. Richard Evans, the plaintiff's lawyer, says that the justification doesn't show how to move the process along. "They said that one of their contractors made a mistake. I haven't seen any evidence to support that. Even if a mistake was made, the question is: what do you do about it?" he asked. He also gave an example of another situation in which figures were published by mistake, in November last year. In that case, the temporary winners - the people who had the numbers in question - were able to keep their prizes, which ranged from 4 to 200 dollars. It now remains to be seen what happens to the 340 million. The original article via Sapo24 can be read here. 

Opinion article signed by Adem Tural. 1. Finding Bugs Encourages Us Testing software is like a treasure hunt: You can investigate the work of expert programmers and discover any flaws or defects in the software. It's a bit like hacking, but completely legal. Finding and fixing bugs gives me an adrenaline rush and I'm proud to help create solid, reliable software for end users. When I see stakeholders satisfied with the results of my hard work, it's very rewarding and makes my job even more satisfying. 2. Challenging the Mind As a software tester, you need a sharp mind to analyze the work of the best programmers. It's not just about solving problems, it's about finding them. You have to be critical, analytical and thorough in your approach. It's a challenge that requires creativity, an eye for quality and superior logic. Your mind is constantly engaged in solving puzzles and unraveling the mysteries of software. And you know what? It has made me more focused and detail-oriented, not only at work, but also in my personal life! 3. Improving Social Skills through Teamwork Software testing is not a one-person job, but a team effort that requires intense collaboration, working closely with functional specialists and technical experts who have different perspectives and angles. You need to understand, integrate and manage these different points of view, collaborating constructively to improve the quality of the solution. In this sense, it has helped me to improve my personal skills and thrive in a collaborative working environment. 4. Win-win: Learning from Colleagues One of the best things about being a software tester is the opportunity it gives you to learn and grow. At OMP, I'm constantly learning from my more experienced colleagues, some of whom are the best in their field. Collaborating with functional product managers, I review test cases while they generously share their time and knowledge, providing valuable information about various products and solutions. Their input helps me produce higher quality test scenarios for the end user. The developers teach me new technical skills, recognizing that my in-depth knowledge of the application enables me to carry out rigorous tests. In return, I help them improve the quality of their code. It's a win-win situation, constantly motivating me to keep learning and improving my skills. 5. exploring new technologies and methodologies Software testing is a dynamic field that is constantly evolving, offering interesting opportunities to explore new tools, technologies and testing methodologies as part of the job. I'm fortunate to work with cutting-edge tools and technologies, including JavaScript, Python, REST API, UI automation, Git, AzureDevOps, SQL Server, InfluxDB, Kubernetes (K8s) and cloud technologies. In addition, our team collaborates using scrum tools and agile methodology. As a software tester, we should aim to be at the forefront of the latest industry developments, continuously learning and adapting. 6. Thrive on Professional Diversity Finally, another thing I like most about software testing is the diversity. From front-end testing to API testing, performance testing, scalability testing, database testing and end-to-end testing, I'm always dealing with a variety of tasks simultaneously. I analyze requirements for validity and feasibility, run different tests and participate in a number of projects, all at the same time. It's like being a complete project manager, juggling multiple tasks and challenges without ever getting bored The original article via OMP can be read here. 

In the high-risk world of space exploration, precision is everything. A single misplaced decimal place, an omitted character or a small syntax error can mean the difference between success and catastrophic failure. One of the most infamous coding errors in history - the absence of a hyphen - led to the destruction of NASA's Mariner 1 spacecraft just moments after launch, costing the agency a staggering 18.5 million dollars. On July 22, 1962, NASA's Mariner 1 was ready to embark on a groundbreaking mission to the planet Venus. The spacecraft was designed to transmit valuable scientific data back to Earth, advancing humanity's understanding of the solar system, yet just 293 seconds after liftoff, the mission ended in disaster: The rocket veered off course, prompting ground control to initiate the self-destruct sequence. The culprit? A single missing hyphen in the guidance software code. The missing hyphen led to incorrect speed calculations, causing erratic flight behavior that eventually made the spacecraft uncontrollable. In short, the Mariner 1 spacecraft relied on a combination of ground-based and on-board guidance systems, and its software was responsible for interpreting the signals from the tracking stations and adjusting the rocket's trajectory accordingly. The missing hyphen in the code disrupted the mathematical instructions that dictated the velocity corrections, resulting in erroneous calculations. The error translated into unintentional trajectory deviations that became increasingly serious, leaving NASA with no option but to abort the mission. This incident remains one of the most costly typographical errors in history, highlighting the critical importance of meticulous attention to detail in programming, particularly in mission-critical applications. In the world of software development, even the smallest oversight can have far-reaching consequences. This is especially true in aerospace engineering, where precision is paramount. For today's developers and engineers, the failure of Mariner 1 serves as a cautionary tale; it underlines the need for rigorous code reviews, extensive testing and redundancy in mission-critical systems. Today, software verification processes, automated error detection and simulation-based testing have evolved to reduce these risks, but the lesson remains relevant: every character in the code matters. Although the Mariner 1 incident is among the most famous coding errors, history is littered with other examples of small mistakes that led to catastrophic results: Explosion of the Ariane 5 rocket (1996): A software error in the inertial reference system led to the self-destruction of this European Space Agency rocket, causing 370 million dollars in damage. The Mars Climate Orbiter (1999): A failure to convert units from the imperial system to the metric system led to the spacecraft entering Mars' atmosphere at the wrong altitude, resulting in mission failure. The collapse of AT&T's network in 1982: A single line of faulty code in a software update caused a massive telecommunications failure, affecting 75 million phone calls. The Mariner 1 disaster underlines an essential principle in both software engineering and wider technological endeavors: the devil is in the details. Regardless of how far technology has advanced, the fundamental need for precision and complete validation remains unchanged. In today's fast-paced digital world, where software governs sectors ranging from finance to healthcare, ensuring accuracy at every level is more important than ever. The original article via YourStory can be read here. 

Opinion article by Giridhar Rajkumar. 1. Integration of AI and Machine Learning The role of AI and machine learning in the software testing industry continues to grow every year and is predicted to become increasingly influential. AI will transform various software testing activities, including generating new test cases, enabling self-healing capabilities and creating test data to reduce manual effort. It improves automated testing by creating code snippets, thus allowing testers to focus on their core tasks. In addition, AI supports testers by prioritizing critical tests, detecting anomalies and identifying the root causes of system failures, or of the tests themselves. This includes categorizing failures into product defects, automation defects or faults. 2. Shift-Left and Shift-Right Testing In today's fast-paced software development lifecycle, it is essential to get feedback on tests quickly and efficiently. Traditional software testing methods can delay the development lifecycle by providing information in later phases: Shift-Left testing is an approach to getting feedback faster to help programmers fix problems/defects as quickly as possible, helping to reduce the cost and time associated with fixing defects. On the other hand, they can also be improved by Shift-Right testing, which extends testing into production, using techniques such as A/B testing, canary releases and blue/green deployments to gather feedback from users. Active monitoring systems gather information on performance and identify faults to ensure that the software meets real-world requirements. Once a feature has been released, end-to-end testing, which includes user interface testing, can also successfully validate it. 3. ethical AI testing AI is playing an increasingly important role in software testing, but ethical practices should guide its use. As AI evolves, it can unintentionally generate biased results, leading to unfair or discriminatory outcomes. And that's where ethical AI comes in. Ethical AI testing ensures that systems meet key standards such as fairness, accountability and compliance with regulations such as the GDPR (General Data Protection Regulation), which protects sensitive data. This means continually testing the results produced by AI systems to maintain security, robustness and reliability. 4. Increasing Demand for Low-Code Testing Platforms The demand for low-code testing platforms continues to grow as many organizations prefer faster and more efficient ways of delivering high-quality software. These platforms allow non-technical stakeholders, such as commercial and UAT (user acceptance testing) testers, to create, execute and maintain automated tests with minimal coding experience. By bridging the skills gap, low-code platforms promote seamless collaboration between the company, developers and testers. Simple drag-and-drop functionality speeds up test creation, reducing test development time. With CI/CD support, low-code platforms allow tests to be run efficiently from pipelines, providing quick feedback. They help simplify Agile and DevOps practices, increasing their accuracy. In addition, low-code tools increase scalability, simplify maintenance and increase productivity by automating repetitive tasks, making software testing more reliable. 5. cybersecurity-focused testing By 2025, cybersecurity testing will increase among organizations as the frequency of cyberattacks increases. Many reputable organizations are increasingly vulnerable to threats such as phishing, data breaches, distributed denial of service (DDoS) attacks and ransomware, which can lead to financial losses and operational disruptions. Companies therefore need to consider implementing cybersecurity into their development lifecycles. One such approach is DevSecOps, in which security is applied at every stage of development activities. Proactive practices such as penetration testing, static application security testing (SAST), dynamic application security testing (DAST) and threat modeling can help organizations identify vulnerabilities early and mitigate risks proactively. AI-based tools can help with real-time monitoring, faster attack detection and predictive analysis to stay ahead of evolving threats. The continuation of the original article via Get XRay can be read here. 

Opinion article by Brooke Masters. With the spread of electric vehicles and more sophisticated systems, managing updates will only become more important as they become more popular, and the digital information and safety systems of gasoline vehicles become increasingly sophisticated. Software patches accounted for 15% of vehicle recalls in the US last year, compared to 6% five years ago, according to data from the National Highway Traffic Safety Administration. Last year, BMW was the target of three software recalls in the US, more than many of its rivals, according to the same organization's records. Globally, Ford registered the highest number of cases, with 19, closely followed by Chrysler. Tesla had the largest market share, with 50% of the 16 recalls requiring software fixes. This is not surprising, given that electric cars rely much more on software and have fewer parts than internal combustion engines. But the recall data only scratches the surface of a wider software problem: Like cell phone providers, car manufacturers regularly use updates to improve existing features and sell new services to existing customers. Most manufacturers send out updates on a regular basis, covering everything from interior lighting modes and battery usage improvements to important safety changes. "It used to be that you could manufacture a car, wrap it up and sell it," said Kevin Mixer, senior analyst at consultancy Gartner. "The automobile is now a living platform... Companies are learning in real time." This is proving more difficult for traditional car manufacturers than for emerging competitors. Last year, when Gartner ranked car manufacturers according to their digital performance, the top seven were all Chinese and US electric vehicle manufacturers, including Rivian, Tesla and Nio, while traditional manufacturers got a dismal average score of 33 out of 100. Software problems have delayed recent launches at companies such as Volvo and General Motors. Frustrated with in-house software development, Volkswagen executives signed a 5 billion dollar partnership with Rivian last summer. Software updates are also revenue opportunities in themselves. Accenture predicts that by the 2040s, digital services could generate up to 3.5 trillion dollars a year for car manufacturers, representing 40% of total revenues, compared to 3% today. The possibilities range from upgrading to heated seats and automatic parking to allowing drivers to buy high-quality food, fuel and entertainment directly from inside the vehicle. But that lucrative future will have to wait until the automotive industry masters the art of seamless software updates. The continuation of the original article via the Financial Times can be read here.