“It is only the (truly) virtuous man, who can love, or who can hate, others.” –Confucius
You better believe that’s going on my resume in the Awards and Achievements section: Truly virtuous, awarded by the Chinese sage. Although anyone familiar with Confucius reading my resume would instantly throw it into the discard pile, because he or she would know Confucius did not think of himself as particularly sagacious.
An Internet of Things software update renders things even more insecure by making door locks work incorrectly:
The failure occurred last Monday when LockState mistakenly sent some 6i lock models a firmware update developed for 7i locks. The update left earlier 6i models unable to be locked and no longer able to receive over-the-air updates. LockState Marketing Manager John Cargile told Ars that the failure hit about 500 locks. The company is offering affected customers one of two options: (1) return the back portion of the lock to LockState so the firmware can be updated, with a turnaround time of about five to seven days, or (2) request a replacement interior lock, with a turnaround time of about 14 to 18 days. In the meantime, customers can use a physical key to unlock doors. (Like most hotel rooms, the doors automatically lock each time they’re closed.)
I haven’t really tested any IoT things yet, and sometimes I wonder if anyone has.
When preparing to check my brand engagement this morning (that is, check my Twitter feed, but to be a consultant, you have to have a brand and you have to continually propose to companies, as I understand it), I encountered an unfortunate problem:
A Spidey protocol error.
I blame Venom.
A control that says (Internal Use):
What do you suppose that means? I, a member of the concert-ticket-buying public, should not choose it?
Yer dang right I wrote in that office use only spot.
Fortunately for me, the tickets did arrive in the mail.
Mind your application’s labels, brothers and sisters, and ensure they contain relevant, helpful information for the user.
As some of you might know, I’m particularly lazy. When my hands are on the keyboard, I don’t like to reach all the way over to that mouse to do something, so I pay especial attention to hot keys and tab stops. And apparently, I am one of the few people to do so.
If I have a couple minutes and want to vex the developers, I start checking the tab stops in the applications I test.
Here’s what I like to check:
Remember the tab stop and keep it wholly for my benefit.
After century of dispute, the German alphabet just got a new character:
Have you ever been typing in German in a blaze of BLOCK CAPITAL anger, but been stopped short by the inability to write the next letter of the word SCHEI…? Help is finally at hand.
At the end of June, the German Spelling Council decided to add a capital ß (Eszett) to the language, bringing to an end a debate that had raged on in the world of German orthography since the 19th century.
Now, instead of using SS to capitalize the Eszett, Germans should use ẞ.
Oh, boy, what will this do to your legacy data?
On the other hand, it will render this old test obsolete.
(Link via.)
Say, doesn’t the icon for Private/Incognito browsing sort of look like a bra?
As I once said:
Yeah, QA, in the meetings and in the defects, you have to go there. Remember, the Internet is place full of miscreants, miscontents, and people who will, in fact, go there.
Hopefully, your co-workers will recognize that you’re just being professional. So just be professional about it, but do bring these sorts of things up.
As you can probably tell by looking around, every employee at our startup is 23 years old. On the morning of your 24th birthday, the barcode on your employee ID stops working and you can no longer enter our building. We do this to ensure our company has a ceaseless, youthful energy. We believe old people are displeasing to look at and also, bad at ideas.
The startups I’ve worked at and with have been started by people over 30.
But I’ve talked with a number of places where I wondered if my, erm, years of experience might not have been dissuasive.
So I’m testing a Web application that sends a lot of different notification types to the users, including emails that include links to the items the user just posted on the site or things the users can do now on the site.
So instead of just clicking the link, I’m copying the link to the clipboard, and when I paste it into the address bar of the browser, I lop the last couple of characters off.
For example, if the URL in the email is:
https://(redacted)/posts/198992
I lop a bit off so it’s:
https://(redacted)/posts/1989
That should either display a post with that ID (if one exists AND the user logged in can see it) or an error message that says the post doesn’t exist.
The site should NOT spit up a Python error or an HTTP 500 error. I argue (and at length) that it should not display a generic 404 in this case, as that will make it look like there’s something wrong with your site instead of the URL it was given.
Instead of a simple problem with an invalid ID, you might find the truncated URL bollixes up some routing information (to make a long story short: Modern URLs include in the paths, separated by slashes, identifiers that tell the Web server what part of the code should handle the request). You might even want to specifically bollix the routing information to see what happens. For example, a URL like this:
https://(redacted)/users/edit/1099991/
Chop out some of the routing information:
https://(redacted)/users/edi
Where does that go? Who knows?
In any application that sends out URLs, you really have no idea how the user will handle that URL. They might click a link, they might swipe and paste, they might get a forwarded email where the URL is wrapped on two lines but the email program only makes the first part on the first line into a link the user can click. So your application has to account for and to handle elegantly URLs that are truncated.
So let it be truncated, so let it be done.
Data glitch sets tech company stock prices at $123.47
A stock market data error this evening set an undetermined number of companies listed on the Nasdaq exchange to a share price of $123.47, sending some tech companies’ stock prices crashing and others’ soaring. In a statement obtained by the Financial Times, Nasdaq said the culprit was “improper use of test data” that was picked up by third party financial data providers. The exchange said it was “working with third party vendors to resolve this matter.”
I hope none of you gentle readers turned in resignation letters based on sudden ephemeral wealth.
And I hope you work with your devops guys to help make sure they scrub test data appropriately before promoting to production. Although they might rankle at it, your scrutinizing gaze upon their procedures and processes can sometimes help to find problems or to spot places to improve. Bloody heck, in the olden days, testers worked on Extract/Transform/Load, data warehouse, and conversions between expensive software packages. Just because your company does the same thing every week or every night doesn’t mean QA involvement should be less.
Has this been helpful?
Cue the Meghan Trainor, again.
I wonder if I could do nothing but posts about CAPTCHAs and what they can teach us; after all, this is my second one recently (see also.)
But here’s another one.
You see, it says Select all squares with street signs, but there are no street signs in the image.
Which made me think of all the forms that ask us to put something into edit boxes other than what the labels describe.
Do your labels all give proper patterns for data entry? Ask for the right thing? Are your end users doing strange workarounds and using data elements to contain different things than expected?
Is your application or your customer support team telling the user to lie to it to make the application work right?
That’s a problem, you know.
Of course you know. But make sure everyone else knows, too.
Putting placeholder text in edit boxes in addition to (or, heaven forfend, instead of) labels became all the rage sometime recently (and, by recently, I’m using the old man’s yardstick of sometime in the last decade).
Which leads to a simple test often overlooked:
What happens if I type that placeholder text into the edit box?
Now, ungentle reader, what should happen is that the string you type replaces the sample text. If your developers/designers are kludging the equivalent of a placeholder attribute into the control, you might end up typing at the end of the placeholder string which is a bit inconvenient for your users, particularly those who type without clicking on the edit box first (aka your keyboard-loving users).
Now, what happens when you submit?
Well, if the placeholder string fits within the constraints of the data string you can enter in the edit box, your application should accept it.
However, I’ve found situations where the placeholder text, when typed into the edit box, trigger validation messages because the validation logic looked for the placeholder text. This is less a problem when the placeholder text is “First name” but more a problem when the placeholder is “John”.
I got the idea for this post when I typed the placeholder text for an online import edit box that accepts a URL. The sample URL apparently resolves to a real Web site, but one which returns an HTTP 599 error due to a bad certificate (which led to a defect report about an unhelpful error message for HTTP 599 errors).
But typing the placeholder text into edit boxes can prove to be a test that occasionally bears bad fruit. Like any test.
Paralandra, “All Fall Down”:
Well, it’s our job to make the software fail early and fail fast.
The instructions on this Captcha are pretty clear:
Select all the images with cars
Click verify once there are none left
Clearly, I cannot click the sample image. So I can never click Verify.
Remember, kids, when the interface change, make sure to check that the text around the interface elements and instructions as to how to use the interface change to match. In this case, they probably added the sample image after inserting the text.
I would say “Make sure your documentation is correct,” but, ha, ha, what is this, 1997? Nobody writes documentation any more.
The Mothers of Invention, “Trouble Every Day”:
Don’t just watch the trouble. Be the trouble. For your developers, anyway.
A consulting company offers this Information Assurance Engineer position to residents of Springfield, Missouri.
Except the job is actually located at Fort Belvoir. Which is near Springfield, Virgina.
A little off-by-1000-miles error.
But good enough for government contract recruiters.
Yabba-dabba-darn: Flintstones block sale of Ont. woman’s van:
Documents show fictional characters Fred Flintstone and his daughter, Pebbles, have taken out very real liens against a Perth, Ont. woman’s van.
. . . .
Documents obtained by CTV Toronto show Fred and Pebbles Flintstone listed as debtors claiming liens against Maureen’s vehicle. Their address is listed a 9 Yellow Brick Road, Markham, Ont.
The registering agent is listed as “PPSR Test Data1,” which suggests the lien may have been created as part of a Service Ontario system test. The documents also show other vehicle numbers under liens from the Flintstones, which could trigger more stone-age issues for other motorists.
On the other hand, the software was probably only wildly and not cancellingly over budget and just a couple years late. Incorrect data and legal battles of unknowing users of the software is a small price to pay!
(Source: Someone who reads Fark so I don’t have to.)
Not Des’ree. Motionless in White, “Loud”:
You gotta be loud
You gotta be rude
so the world can hear you
You gotta be crass
You gotta be cold
it’s everything we know
So just be yourself, testers.
It’s hard enough to try to cover all the combinations in desktop and mobile software, or at least the few combinations you can think of that are deemed worthy of testing before shoving it out the door. I can’t even imagine what it’s like on industrial or embedded applications.
So I feel for the guys who didn’t find this:
Fiat Chrysler Automobiles NV said Friday it would recall more than 1.25 million pickup trucks worldwide to address a software error linked to reports of one crash death and two injuries.
The error code could temporarily disable the side air bag and seat belt pretensioner deployment during a vehicle rollover spurred by a significant underbody impact, such as striking onroad debris or driving off-road, the Italian-American automaker said.
Unless there are no testers or someone said, “Who’s going to have a rollover spurred by underbody impact? What is this, Tremors? DEFECT REJECTED!”
In which case I only feel for the users and the former users.
