Archive for June, 2008

Hey, What Is Saying About My School?

Tuesday, June 3rd, 2008 by The Director

Probably not so much what says about my school as what it says about its QA practices:

null what, you Parkway West developer?
Click for full size

Or lack thereof.

No QA had better have looked at this and not have seen the null that appears on almost every profile page.


Security Is Job 1; Unfortunately, We’re Counting Down From 65,000

Monday, June 2nd, 2008 by The Director

Son of a glitch:

Paying bills online is fast, efficient, and you save the price of a postage stamp.

But how safe are you? Every company with an online payment system says you needn’t worry about privacy or security.

Leigh McDowell believed it.

She’s a paralegal in O’Fallon, Ill., and pays her $60 monthly cable TV bill to Charter Communications online on her home computer. She has paid electronically without any problem for five years.

Tuesday morning, she entered her regular logon and password, but got the Charter account of a woman in Kingsport, Tenn., instead.

It showed the woman’s full name, address, phone number, security code number, her cable TV service (the “Big Value Package,” with Digital Sports View), her high-speed Internet service, and her Charter telephone service (she paid $1.79 for one directory assistance call) — and her bill for $237.16.

“No stamps, no check, no hassle!” Charter promises on the woman’s electronic bill.

McDowell was horrified that she had somehow gotten into a stranger’s account. She quickly logged off. Besides, she still had her own bill to pay.

She tried again to log on to her account. This time she arrived at the Charter account of a woman in Slidell, La.

McDowell logged off and tried again, this time arriving at the Charter account of a woman in Covington, Ga.

McDowell says she did this 20 times, each time getting the account of a different Charter customer. She couldn’t see any connection between the names or addresses, although she did note that many of the accounts listed overdue bills.

“I just kept entering my name and password, and every time it gets another account,” McDowell said. “I could see everything, just as if I was that person.”

McDowell is so upset, she says, she won’t pay online again.

Here’s a quick question for you: Do you, as a QA person or other IT person, use online bill paying? I sure do not; I have worked with too many billing systems and have seen what kind of issue passes as an acceptable risk for a deployment to production. Your chances of winning the lottery don’t seem to be that far lesser than encountering a billing error. Some of which come with special “prizes” of their own in the form of extraneous, incorrect debits that can cause your bank’s overdraft charges to kick in, thank you very much.

I’ll stick with the chance of human error or data entry problems that come with writing a check, thanks. I can forgive human error, not computer error that’s engineered into a software system.

(Yes, I know that’s human error, but in too many cases, it’s human error that’s overlooked and unrepaired for a variety of rationalizations, at which point it goes beyond error into willful malfeasance.)

Heeded Advice Is Sweet, But That Unheeded Is Sweeter Far

Monday, June 2nd, 2008 by The Director

Well, maybe not, but this test manager has some advice for developers from QA:

A good friend pointed out that a blog on advice to developers from an experienced test manager would be helpful. With 13 years of tech experience now, I have a good idea of what works and what doesn’t.

Heeded advice would be more helpful, but, hey, good luck speaking to a roomful of developers with their hands in their laps, texting each other plans for sushi after this dull orientation is through.

wordpress visitors