Skip to content

2015

  • in DevOps
  • 7 min read

HTTPS should be the standard

OctoPerf is fully HTTPS. There is a are several reasons for it. Setting up HTTPS for all our websites (Documentation, Application and Website) is a little bit tedious and pricey1. It took us two days to complete the operation but the result is satisfying for number of reasons.

Why is HTTP so dangerous

HTTPS ensures that the communication between our servers and our customers is fully encrypted. Lots of people are using a Wifi connection to go on the internet. For example, if you connect from a HotSpot from Starbucks Coffee, the Wifi connection is completely unsecure. Any login or password transiting with non-secure HTTP protocol can be easily intercepted.

Software like Wireshark can sniff the network packets transiting over the Wifi connection, even if the communication is not targeted for your computer. It switches the network card to promiscuous mode: the Wifi card accepts any packet over the air.

HTTP vs HTTPS

How does HTTPS work

When surfing on an HTTPS secured website, the connection is encrypted from client to server. Only the server can decrypt what the client has encrypted. To make things short:

  1. The server sends a public key to the client,
  2. The client encrypts the request to send with the public key, and sends itself its own public key within,
  3. The server decrypts the request sent by the client using a private key, it encrypts the response using the client provided public key,
  4. Then the client decrypts the server response using its private key.

Okay, it's probably more complicated than that. But, we're surely on the right track.

How to Design Virtual Users as Fierce as RuPaul

Rupaul is an American actor, author, drag queen, model and recording artist born in the sixties.

What is recording

Recording consists of creating a snapshot of the interactions between a web browser or a mobile app and a remote HTTP server. This step is particularly important to create realistic load tests. We have already made great tutorials about recording using JMeter, Fiddler and Google Chrome.

Improved Import

We're excited to announce that we've added the following features:

  • New Record Wizard: the wizard has been greatly reworked for enhanced readability,
  • Automated containers (business transactions): when importing a Google Chrome or Fiddler HAR, we create containers for you automatically,
  • Automated Dynamic Resources: a recording can be bloated with many requests to resources like Javascript, Images or Css. You can now choose to remove them automatically, and we switch HTML request to download those resources dynamically.

Let's take a tour of all these features and see how they help to create realistic virtual users quicker than before!

New Load Testing Reports features

Why improving our reporting system? We were aware that some features were missing to make it easier to drill-down to bottlenecks. But, we prioritized those features low at the moment because we were focused on gaining traction for now.

If you have read How we greatly improved User Engagement, you know that we care about our customer needs. We carefully collect and prioritize customer feedbacks. And, at some point, we decided to get back to development to make some major improvements, based on what our customers experienced with our tool.

It's a matter of good balance between gaining traction to get new clients and improving the tool to avoid loosing leads. If people try your tool, it's already 50% of the work done. But, the other 50% are important too: our tool must solve our customer issues, and it must do it well.

We decided it was the moment to switch back to development because we were loosing some leads due to important features being missing. Let's take the tour!

How to load test a Rest API

REST APIs are becoming widely popular. Our own application is designed with a REST API. What does it mean? It's a software architecture where a client (the Web Browser) talks to a server (an HTTP server in our case) mostly using the HTTP protocol.

REST services used to communicate using an XML based protocol called SOAP. SOAP is still used by big companies in legacy REST services. Nowadays, REST APIs are mostly communicating using the JSON format. JSON is human readable, like XML, but simpler. It lacks all the security layers SOAP can offer, but most of the web application don't require them.

In this article, we explain how to easily run thousands of concurrent users on your REST Api using OctoPerf.

Unit testing AngularJS directives

As we are currently working on marketing our load testing solution we don't get much time left for coding. We identified some issues that could spoil user experience. It could make us loose some prospects.

So I took one day off backlinking / mailing / phoning / marketing to return to my beloved IDE. One day of coding in six weeks, it feels like holidays! I took the opportunity to improve our frontend SonarQube metrics. We now have only 5 hours left of technical debt. Not as well as the backend code quality, but it is on the right track:

Technical debt

I fixed a large part of the issues and started to unit tests our AngularJS directives using Karma.