Archive for August, 2007

Little JavaScript Errors Mean So Much

Friday, August 31st, 2007 by The Director

Here’s a little JavaScript error courtesy of

Unterminated String Constant
Click for full size
When you’re reviewing Web sites, you can easily sniff these out by watching your status bar on in Internet Explorer (it is by default, but if you’ve turned it off, turn it back on). When Internet Explorer finds a JavaScript error, it displays the error icon in the bottom right corner of the status bar:

JavaScript Error Icon
Double-click that bad dog to get the details as shown above. It will help you make the developers feel small when you can tell them the exact error message.

Thanks For The Reminder

Thursday, August 30th, 2007 by The Director

I love FTP Voyager by RhinoSoft; I’ve used it off and on for a decade now. However, during one previous workstation migration, I didn’t get a license for it and relied on the command line until such time as I was managing too many Web sites relative to my typing speed. So I downloaded the trial version and ran it for 29 days (of 30) before purchasing.

Immediately, the application popped up a modal dialog box whenever I opened the application reminding me that it was a trial version and I could purchase the application and register it. After a set number of day, it began popping up the dialog box while I was running the application (in addition to when opening the application). I think this was an event-driven reminder, as it often showed when I finished a file transfer.

However, I think the reminder event logic could use a review, as it popped up the modal dialog box immediately after I successfully entered the registration code:

Remember to do what you've already done
Click for full size

Think Of It As More Joss Stone To Love

Wednesday, August 29th, 2007 by The Director

Some songs do seem to go on forever, but not that long:

The extended remix version
Click for full size

I have no idea how iTunes deduced that. Bad data in the Internet servers keeping track of the songs? Corruption in data transmission? All I know is that the song never seems to end.

IBM’s Cheap Banner Ad Tricks

Tuesday, August 28th, 2007 by The Director

When do you make the same sort of control do different things? In two situations:

  1. You’re lazy.
  2. When you want to trick someone into exposing a banner ad and blaring audio at them.

For an example of this, let’s look at this IBM banner ad I saw on

IBM Banner Ad Open Button

See that little Open link with the X on it. You’ve seen similar control types even on banner ads, mostly with the X Close thing to shut those BadBoys up, right? So one would assume that this banner ad requires a click to open it and expose its content.

Ha ha! Fool! This merely requires a roll-over to expose it and start its audio come-on blaring. Given that, at, it sits in the right sidebar between the scrollbar and the content, the odds of the user inadvertently mousing over it are pretty high indeed.

When it’s open, look what we have:

IBM banner ad close button
Click for full size

Does the banner ad close on mouseout? Oh, but no; now, you do have to close the button to shut it down.

The two similar-looking controls behave differently, and not only that, but they behave differently in the fashion that will prove most annoying to the disinterested user.

Message: Columnist Doesn’t Want To Hear From You

Sunday, August 26th, 2007 by The Director

In a column by St. Louis Post-Dispatch columnist Bill McClellan, dummy values shine through:

Dummy contact information
Click for full size

A little bit of logic checking to see if the data-driven information was the dummy/default information and hiding the block if it was would have prevented this unfortunately not-embarrassing gaffe, but because it wasn’t embarrassing, the development team decided they could live without a couple extra lines of validation code.

That Sounds Painful

Friday, August 24th, 2007 by The Director

If it hurts to sign in, only people who have to sign in will sign in:

Singe sign on -ow!
Click for full size
Great idea for security, IBM!

Gallery of Stack Traces: Potentially Dangerous? QA?

Friday, August 24th, 2007 by The Director

As you know, you should always test your edit boxes to make sure that it can handle things like HTML and XML tags within it, particularly the dreaded </html> and </xml> or </table> or <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">. At best, the application will handle it through any sort of mechanisms, such as:

  • Accepting the value, but using escaped characters so that the application, browser, and database know this isn’t supposed to render.
  • Disallowing use of the < or > characters.
  • Performing client- or server-side validation to tell user to try again without the markup.

What the application should not do is this:


Remember Your Users

Thursday, August 23rd, 2007 by The Director

Remember, computer users are not all geeks, nor are they godlike rockstar developers who live on Web logs, twitter, usenet, or whatever today’s cool means of intrageek chatter is. Here is your computer user:

Pensioners surfing the internet are spending more time online than their younger counterparts.

So-called “silver surfers” dedicate an average of 42 hours a month to the World Wide Web, compared with 37.9 hours among 18 to 24-year-olds.

Those are the computer users who need the bumpers and the training wheels and all the mechanisms within your Web sites/applications. If it’s good enough for those who quote Office Space or Hackers or Star Wars all day, it’s not good enough to ship. It has to be good enough for your grandmother who’s one of the 12 million people still dialing up through AOL.

Pardon me for harping on this again, but I spent several hours last night trying to explain client-server technology, again, to someone who asked me how to move image files (my term, not hers) from My Documents to My Pictures.

A Good Defect Process Is Worth 1000 Swear Words

Wednesday, August 22nd, 2007 by The Director

Well, you’ve found an issue, ungentle tester; now what? Well, we’ll assume you have some sort of mechanism in place to track that issue, but the software mechanism (usually called a defect tracker, but sometimes known as the developer’s junk e-mail box) only serves to provide a technological means to support a process that handles these issues. That is, your organization needs to have an effective idea of what to do when QA starts identifying what the developers have done wrong and how to make sure that the issues are addressed correctly. That is, the developers are brow-beaten into actually opening up their little script editors/Eclipse/IDEs and making things right.

This post, then, will discuss various ineffective defect processes I’ve seen and how issue resolution should work. (more…)

If Only Alt Text Rendered HTML

Monday, August 20th, 2007 by The Director

One of the dangers of becoming too automated in your page generation:

Break tag in alt text

 You can automate junk right into your alt text.

Third Party Disintegration

Monday, August 20th, 2007 by The Director

You know what’s worse than your development team? Someone else’s development team. At least, your development team has to deal with you. Whether you have the dev team frightened of you, fearing for their existential meaning and worth because you can hold them accountable, or you have the dev team ignoring you until such time as you can triumphantly claim, “I told you so!” when something fails spectacularly, many shops don’t even have that. And they’re proud of it. Chances are, if you have to work with some other group for any aspect of technology or design, it’s going to be crap. Because that QAless organization has a better grasp on the whole “It’s more profitable if we do it with eyes closed” and “Deliver the client’s minimum expectations at maximum bill rate” things than your organization, which is why you’re employed and why your company is at the mercy of slops.


Make Your Site Look Like A Security Risk

Thursday, August 16th, 2007 by The Director

There’s nothing like making your Web site look like a security risk to the general user:

Certificate warning message

Especially since those in the know recognize the domains as delivering ads. So one of the ads on the page under review triggers this alert, making it look to Joe Consumer like….well, who knows what evil malware/spyware/spam Joe Consumer would think this message represents? Regardless, Joe Consumer thinks your Web site is the problem.

Sometimes, developers mock up certificates for dev or test environments so the company doesn’t have to pay for an extra certificate. Sometimes, during deployment to production, mistakes happen. Did I say sometimes? I meant Always. Once in a while, they deploy an invalid certificate like this one.

How do you find this error? You look at the Web site. Which, and for the life of me I cannot fathom why this is, most people involved in developing Web applications or Web sites do not do. They leave it to QA, if they have QA, and to the client to find the obvious for them.

Meanwhile, Joe Consumer looks at this and thinks I just got a virus and never comes back to the ad-delivering Web site.

Sales Cred Is Not Street Cred

Wednesday, August 15th, 2007 by The Director

In an otherwise tolerable article entitled “Defect Tracking Lacks Appeal But its importance is at a premium” about how defect tracking can serve other useful functions in addition to the already useful function of taunting developers using a database backend, the author inserts this howler:

Nathan Rawlins is yet another bug-tracking pundit who declared process to be more essential than ever. Rawlins’ role gives him sufficient street cred to make that claim. He is a senior director of product marketing at San Mateo, Calif.-based Serena Software, a company that generated more than US$250 million in revenue in fiscal year 2007 selling application life-cycle management software, a category that includes defect tracking.

To those of us in the trenches, sitting in a corner office in San Mateo evangelizing a software product does not give one street cred in QA. Scars from lessons learned meetings, QA lab tattoos, and large number of bug-shaped decals on one’s cubicle wall, each representing a stack trace eliicited, now that gives you QA street cred.

Gallery of Stack Traces: Date/Time Fun

Tuesday, August 14th, 2007 by The Director

As you know, stack traces provide QA with the joie de vivre and esprit de corpse that get us through the day. As part of an ongoing series, I am going to present a series of some of my favorite stack traces that never fail to bring a smile to my face and a Dosso double-snap to my fingertips. From the Gallery today, we have two extra fun .NET stack traces that occur, frequently, when you do naughty things with dates and times.

Emily Dickinson, Project Manager

Saturday, August 11th, 2007 by The Director

It sure sounds as though she’s worked on a timeline or two:

The Days that we can spare
Are those a Function die
Or Friend or Nature — stranded then
In our Economy

Our Estimates a Scheme —
Our Ultimates a Sham —
We let go all of Time without
Arithmetic of him —

A Proper QA Playlist

Thursday, August 9th, 2007 by The Director

Last evening, as they worked late into the night on a production deployment, a tech lead and his tester asked my opinion on a proper QA playlist. Well, not exactly; no one ever asks for QA’s opinion, but they all surely receive it, often accompanied by expressive hand gestures or an icy stare.

So what is a good playlist for your iTunes while you’re breaking software? I offer the following which served as the sweet sounds by which I serenaded a previous collection of co-workers. The open floor plan ensured that everyone got to enjoy the music that properly captured the QA mood.

So here’s what I had on the playlist:


Tools of the Trade: Paint Shop Pro

Wednesday, August 8th, 2007 by The Director

The following is not a compensated post; I’m merely extolling the virtues of a piece of software I found useful.

As I’ve mentioned, falsifying taking screenshots is a good means to capture details for defect reports. Your basic Windows install comes with Microsoft Paint, which is a mechanism you can use to save and manipulate your images, but it’s very clunky, with rudimentary tools and only the ability to have one file open at once.

Some people use Microsoft Word or PowerPoint for their picture editing ability and save their screenshots as documents or slide presentations, but some of our outsourced friends might not have Microsoft Office on their workstations. Remember, you want to save those screenshots as an image format so the developers can ignore the obvious that’s presented by an image editor or a simple Web browser.

I’ve used Paint Shop Pro since version 7 (which I still have installed on my main workstation, since there’s nothing I’ve needed since 2001. Jasc and then Corel have come out with newer versions every couple of years, and they’re still priced under $70 a seat (unlike other, more expensive graphics editors). Like UltraEdit, I’ve spread it across several of my employers.

Paint Shop Pro has a pretty good set of tools for circling or highlighting issues on screenshots, for adding text for emphasis, and for altering Web 2.0 user submissions to give cute little doggies red demon eyes to match your QA soul. You can do all of these at once because you can have more than one file open at a time.

So if you haven’t considered a graphics editor, consider this one. It costs under a hundred, so you’re not exactly breaking the budget on it, either.

More Developer Hubris; Sorry, Expert Developer Hubris

Tuesday, August 7th, 2007 by The Director

I thought an article entitled A Guide to Hiring Programmers: The High Cost of Low Quality would thoroughly explain why spending lots of money on developers was a bad idea, and how you could improve your process by putting development and the developer staff back into its place in the software development lifecycle. Unfortunately, while the article makes some good points about how a good developer is better than a bad developer (I mean, when isn’t good better than bad?), it falls too easily into the trap of DEVELOPERS ARE LIKE THE GODS!

Companies need to stop thinking about their developers as cogs in the machine. They are more akin to artists, authors, designers, architects, scientists, or CEOs.

The rest of the piece explains why expert developers are worth top dollar: because they’re ROCK STARS!

Expert/experienced anything are worth more than less skilled/less capable employees because they have experience in their field as well as problem solving ability related to their job duties. In many cases, developers have seen the rudiments of software (presentation, data access, network communication) before so they can apply those lessons to new problems at hand.

Big deal; any produce clerk at a grocery store who’s been on the job for a while will develop a system for culling stuff left on the rack quickly, for optimal filling patterns, and for building appealing displays. But does that mean that he or the equally skilled meat clerk is the axis around which the whole store rotates? No.

Likewise, having smart developers is better than having dumb developers, but it won’t make or break your organization because smart developers are only cogs in your machine. If you blow all of your money on Expert Developers, you’ll not afford smart project managers, smart QA, smart customer managers, and smart everything else. And an organization run by and for Expert Developers will do lots of cool and smart stuff, but that’s rarely the same as profitable stuff.

Developers Unleash More Wild Magic

Saturday, August 4th, 2007 by The Director

What, foolish mortals playing with things they don’t understand because it’s cool? Say it ain’t so:

Software developers using Asynchronous JavaScript and XML (AJAX) techniques to jazz up corporate Web sites are failing to pay attention to some very fundamental security issues, researchers warned at the Black Hat USA conference here Wednesday.

As a result, many companies that have rushed to AJAX-enable their sites may be dangerously vulnerable to a variety of Web-based threats they’re not even aware of.

So once again, software “engineers” put on their pointy hats, mutter some incantations, and in most cases, the user gets data loaded into a Web site without a page refresh, but every once and again, a boy in India suddenly gets rich, an airplane drops 10,000 feet rapidly, a Martian rover does a doughnut, or an Eastern European crime syndicate steals the user’s data.

And the grown ups in QA have to try to simulate all of those situations to test for them.


Friday, August 3rd, 2007 by The Director

The Mozilla Foundation plans to give away its own security tools, including a fuzzer:

Mozilla Corp. will release some of its homegrown security tools to the open-source community, the company’s head of security said Wednesday, starting with a “fuzzer” it uses to pin down JavaScript bugs in Firefox.

The JavaScript fuzzer, said Window Snyder, Mozilla’s security chief since last September, will be handed over tomorrow morning, following a presentation at Black Hat, the two-day security conference that opened today in Las Vegas.

“We’re announcing that we’ll be sharing our tools with the community,” said Snyder, “and releasing the JavaScript fuzzer then.” Other tools, she said, would follow, including fuzzers that stress-test the HTTP and FTP protocols. Those two, however, are not ready to offer up to outsiders, largely because Mozilla wants to wrap up talks with other browser vendors before they do.

So if you haven’t been fuzzing your applications, you’re running out of excuses.

wordpress visitors