The source for your Quote #4 is your web site it looks like. Am I understanding this correctly that you are comparing it with a general introductory line in the introduction paragraph in Hursti Report supplement?
I think you are referring to this:
2. Further study needed on macros:
TS6 and TSx machines have as built-in features new kinds of macro capabilities. These capabilities make use of a simplistic Windows Window Manager Message recording and play function. Presumably the feature has been designed for automation of volume testing. If this is the case it is important to understand that this approach bypasses part of the system and therefore is by no means equal to end-to-end testing. There are a number of concerns around this feature functionality warranting
further studies.
But to say "been there done that" would take the findings out of context. That sentence is only an introduction not the findings. Here are the findings in the Hursti Report:
- The files are stored on the removable memory card as unprotected plain-text files. There are no protection mechanisms against modifications to these files.
Creation and access to the macros is available with poll worker level access, under some circumstances even without any smart card authentication.
In preliminary testing the following issues were identified :
- The macro is not contained in the user interface logic. Because of this, the macro can access settings, changing the telephone number / ip address and initiating calls.
- Two machines with completely identical software release numbers had different behavior with the same macro. Machine A just had a software crash and become unstable, while machine B produced an error message on the system log and contained the error while still resulting in loss of software functionalities. There were also other examples of different, but reproducible, software behaviors between machines with both modified and unmodified macros.
- File handle processing seems to be flawed and interrupted by exception macro processing, producing open file handles.
- There seem to be user interface race conditions, which can not be triggered by human interaction with the machine, but are revealed by no delay playback of the human actions, i.e. unmodified macros.
I am not an expert but three parts jump out and anyone can understand they are not too good:
The files are stored on the removable memory card as unprotected plain-text files.
There are no protection mechanisms against modifications to these files.Two machines with completely identical software release numbers had
different behavior with the same macro.(uh-oh!)
The macro is not contained in the user interface logic. Because of this, the macro can access settings,
changing the telephone number / ip address and initiating calls. Shit. If a computer person can weigh in, my logic and basic reading comprehension tells me that the above three things say that:
You can change the macro files because there are no protections. Different machines already behave differently so there might be different programs in them already. The macro can initiate calls to remote locations or change where calls go.
That sounds pretty bad to me.
edit notes: I did change this post because re-reading it, I could see that it was arguing with boredtodeath and instead I want to clarify and expand. From the call last night I can see that people are coming from different places but we can all work together if we try.