If you want it quick and dirty, you’ll surely get it dirty.
Archive for September, 2007
You might have heard that the definition of insanity is doing the same thing over and over again and expecting to get a different result? Software and Web applications are much the same way, in a twisted fashion of their own. You’re insane in QA if you do the same thing over and over again and expect to get the same result.
That’s why QA has to check everything, all the time, over and over again. The simplest and most slam-dunk, we’ve done this a million times before things. The things everyone else takes for granted. For example, let’s look at a simple state combo box/drop-down list.
You want to stop the heart of your tech team or project managers? Here’s how you do it:
- Open your crucial, behind, and ultimately doomed Web project in your Web browser.
- Type the following into your Web browser’s address bar:
- Press ENTER.
- The images on the page will start to swirl. Set focus to the Web browser’s address bar.
- Walk away from your desk knowing that will display until the screensaver kicks on.
Ah, yes. A wayward project manager wandered over and caught sight of it, almost entering a state of hyperventilation as she summoned the complete tech team to her aid to discover what was going on.
I only wish I could have been there to see it, but I was away from my desk.
If nothing else, it should teach lessons in shoulder-surfing QA.
There are many things one can learn from this story:
Symantec Corp.’s early-warning system gave its enterprise customers a brief scare late Friday when it erroneously sent an alert that said an Internet-crippling attack was in progress.
However, the one I want to tease out is this lesson: always keep your junk data clean and readable and clearly defined as test data.
As many of you know, I do not care for virtualization as a solution to simulate multiple environments when testing; I’d rather have actual hardware to represent as many possible combinations of user environments as I can. Virtualization software is just another set of excuses that your development staff can use to avoid investigating and fixing their own bugs. Stories like this one give them data points and anecdotes to push you off:
A set of newly discovered flaws in components of VMware Inc.’s virtual machine software has called attention to some of the security risks associated with the practice of running virtual computers on a single system.
It’s not just security problems, but performance and whatever else that can fail, invisibly, that can provide erroneous defective behavior in your software.
Besides, all kinds of shiny hardware is pretty and keeps the QA lab warm in the winter.
Forrester Research apparently says that IT departments are overconfident:
Six years after the events of 9/11, many corporate IT operations are overconfident about their ability to handle a disaster, according to a Forrester Research, Inc. report released on Tuesday.
The survey of 189 data center decision makers found a severe lack of IT preparation for natural and manmade disasters.
For example, the report found that 27% of the respondents’ data centers in North America and Europe do not run a failover site to recover data in the event of a disaster. About 23% of respondents said they do not test disaster recovery plans, while 40% test their plans at least once a year. About 33% percent of respondents described their operations as “very prepared” for a manmade or natural disaster while 37% called their sites simply “prepared” for such events.
Overconfident, somewhat; after all, geeks are like the GODS! if you ask them. However, disaster planning, like quality, requires planning and spending. Both of which, unlike confidence, are in short supply in many IT departments.
You know, it must be easy to work quality assurance on government projects:
Because of a continuing software glitch, the first high-tech “virtual fence” at the nation’s borders remains unused, three months after its scheduled debut.
Nine 98-foot towers laden with radar, sensors and sophisticated cameras have been built across 28 miles close to the Arizona-Mexico border near Sasabe, southwest of Tucson, in an area heavily trafficked by illegal immigrant and drug smugglers.
The towers, each a few miles apart, are intended to deter or detect border-crossers and potential terrorists and to enhance the ability of Border Patrol agents to catch them.
Homeland Security Secretary Michael Chertoff said more testing is expected by early October.
“We are now looking to begin acceptance testing in about a month – meaning that’s the point at which they (contracting officials) will say to us we think you can test this. And we will then kick the tires again,” Chertoff told the House Committee on Homeland Security early this month in Washington.
But Chertoff also said he’s withholding further payment to the prime contractor, Boeing Co., unless and until the pilot project in Arizona works.
Yeah, it must be easy to be a tester on a government project. Unless you care.
I think Computer World’s headline writers need to learn a little more about what the word means when they say “Testers give high marks to new features in SQL Server upgrade“:
A conference being held in Denver this week by the Professional Association for SQL Server user group will provide a forum for the biggest public unveiling to date of Microsoft Corp.’s SQL Server 2008 database.
But as many as 20,000 users have already been testing the upcoming software, which is scheduled for release by next June. And their reactions, detailed in interviews or via blog postings, have been mostly positive thus far.
For instance, David Smith, CIO at ServiceU Corp. in Cordova, Tenn., said that SQL Server 2008 has improvements in “hundreds of areas. It’s exactly what I need.”
Son, that’s executives at customer companies, who are not exactly the sort of people who should be allowed to pass judgment on software, especially basing that judgment on a demo.
Real testers who give high marks to anything haven’t tested it enough.
Whenever I bring up performing data validation on information returned from the database to the application, they tell me it’s a waste of resources. However, I think Robin Harris might agree with me.
The Dr. Pepper Go for More promotion is one of those marketing ploys where when you buy a product, you get a secret code you can enter at the Web site to see if you one deals. Man, I miss the old days where you could find out right away whether you won or not; instead, now we have to opt-in to lose, which seems like a lot of trouble to me and certainly doesn’t encourage me to purchase a product where I have a chance to win over one where I do not.
So I go over to the Web site after buying some Dr. Pepper and create an account. However, I exist in the database, so a validation message offers a unique convenience.
Deep in the heart of Redmond, danger lurks as you try to download service packs for Windows 2000:
Click for full size
The UK House of Lords might be looking at ways to put software companies on the hook for their quality negligence:
The Science and Technology Committee of the House of Lords published a report in August on personal Internet security, which concludes that it is all too easy for vendors to “dump risks” onto consumers through licensing agreements to avoid paying the costs of insecurity.
The report stated that efforts to promote best practices have been hampered by a lack of commercial incentives to make products secure. The committee’s solution is to propose transferring the cost of insecurity onto demonstrably negligent hardware and software manufacturers, with the long-term goal of establishing a framework for vendor liability across Europe.
This sounds like a good idea, but it runs counter to my antigovernment leanings as well. We’ve seen in America what happens when you make company executives spend lots of money on financial compliance and sign off on it personally; you’ll see the same thing and other unforeseen consequences of this action, and I’ll be hanged if I sign off on the quality of any product I test if my neck is in the noose.
This stack trace occurs when the Jedi Master developers play mind tricks on the weak-minded code:
The following banner ad, probably a PointRoll ad or some such, left detritus on the screen when its animation played and did not close when the user moused out:
Click for full size
But, Director, what are you supposed to do? Test the banner ads? Perish the thought! With the new technologies and dependence upon browser plugins, you need to test them. I’ve done it, and so can you. So could your damn hipster designers if they weren’t so caught up talking about what they saw at Burning Man.
Ever feel like you’re stuck in The Matrix?
Spoon boy: Do not try and bend the row at position 0. That’s impossible. Instead… only try to realize the truth.
Neo: What truth?
Spoon boy: There is no row at position 0.
Neo: There is no row at position 0?
Spoon boy: Then you’ll see, that it is not the row at position 0 that bends, it is only yourself.
Well, it’s not really Microsoft Warstrike, it’s Microsoft Web Application Stress Tool (WAST, which as you old Bard’s Tale fans know was the keystroke combination for the Warstrike conjuror’s spell, good for 4-16 points of damage on a group and a pretty potent weapon). Now, Microsoft Web Application Stress Tool lies buried in the Microsoft Downloads section (here). Screenshot:
It’s an old download (ca. 2002), but it looks to work with IE 7. So if you’re looking for a free rudimentary load-style tester, here’s something.
The cool kids like to use Adobe Flash to build rich Web applications because if you build it in Flash, you don’t have to worry about compatibility with Web browsers. Oh, who am I kidding, they like to use Flash because it offers a bunch of effects out of the box and it does some right purty things with animation and pictures. It allows them to put forms and data submission stuff right into the flash really fast, too, often without any data validation, but that’s another story.
No, today’s lamentation is about how those cool kids build Flash animations or applications using the latest version of Adobe Flash love to use the latest gimcracks and whatnot and how people who have a previous version of the Flash player installed with their browsers sometimes don’t get to see and marvel at the genius of your design team. Sometimes, they will see nothing at all, which is very, very bad. And you know, some browsers/computers ship without Flash installed in the default browser, right? So what happens when that user tries to hit the page, he gets no message and no warning, which means he thinks the site is defective. Because it is.
Hey, who wouldn’t put a credit card number into an e-commerce site spitting out config errors on page load?
Click for full size
What probably happened here is that the Alexa Ray Joel Web site (AlexaRayJoel.com) activated the merchandise link before the “store” was configured on the partner site. But shouldn’t someone working on AlexaRayJoel.com have found that instead of a stray Billy Joel fan looking for some new rock music with the Joel name on it anywhere he can get it?