Archive for June, 2011

Cascading Failures in the Airline Industry

Thursday, June 30th, 2011 by The Director

The Wall Street Journal has an article about cascading failures in airline computer systems:

Whether it’s caused by a power failure or a possum, an airline computer outage unleashes more problems more quickly than similar breakdowns in almost any other consumer business.

A recent spate of technology glitches at U.S. airlines has inconvenienced thousands of travelers, spawned long airport lines, delayed or canceled flights and led to a wave of negative publicity.

United Continental Holdings Inc.’s United Airlines unit suffered a meltdown June 17 that forced it to cancel 36 flights and delay another 100. US Airways Group Inc. was hit by separate glitches on June 10, 18 and 19.

Alaska Air Group Inc. had its turn back in March, canceling 150 flights affecting more than 12,000 customers. Earlier in March, Southwest Airlines Co. experienced two separate technical foul-ups within two days, although the one related to the rollout of its revamped frequent-flier program didn’t delay flights.

With packed planes leaving little room for error, airlines are trying myriad upgrades and other solutions to keep their computers running everything from flight dispatching to crew scheduling, passenger check-ins, airport-departure boards, ticket sales and frequent-flier programs.

Cascading failures caused by unforeseen, unrelated, or untested circumstances. Now you know why some of us use milk of Magnesia as our coffee cream.

QA Music: Your Friends Define You

Monday, June 27th, 2011 by The Director

Couch Flambeau, straight outta Glendale, Wisconsin, with “Satan’s Buddies”:

I actually owned the Models EP on vinyl. There, I’ve admitted I’m out of the target demographic of all marketeers.

A Defect Just In Time For Father’s Day

Wednesday, June 22nd, 2011 by The Director

Frankly, this is some sort of dysfunctional family airing its grievances in public:


As a reminder, you know you can set Internet Explorer to puke up JavaScript error messages instead of meekly accepting them, right? Granted, this does not emulate the user experience–the user will hide these messages if he can–but you should always be happy to accept the free defects that it displays.

You do test it in IE, don’t you?

ICANN Renders All Web Address Validation Obsolete

Tuesday, June 21st, 2011 by The Director

In going with yesterday’s theme, ICANN renders any bit of code you have that validates uniform resource locators or email addresses obsolete:

The number of top-level internet domains is set to double over the next few years, after ICANN today approved the launch of a program that will let any company apply to run dot-anything.

Many large companies are expected to apply for so-called “.brand” extensions – Canon and Hitachi have announced plans for .canon and .hitachi, for example.

Others will apply for potentially mass-market terms such as .music, .web, blog, .porn and .sport. Some, such as .bank, will likely be restricted to very narrow groups of registrants.

Finally, and perhaps most importantly, the program will enable the creation of domain extensions in non-Latin character sets, such as Arabic, Chinese, Greek and Cyrillic.

Yeah, your applications that check to make sure that the domains are fewer than 4 characters? All will be defective when this goes into effect.

(Link via CGH.)

What Happens When The Valid Value Goes Away?

Monday, June 20th, 2011 by The Director

Tucked into this sad story about a boomtown going bust, we have this little nugget:

On June 20, that tongue-in-cheek greeting will become a fact. Empire, Nev., will transform into a ghost town. An eight-foot chain-link fence crowned with barbed wire will seal off the 136-acre plot. Even the local ZIP Code, 89405, will be discontinued. [Emphasis added.]

I know all of your applications validate United States postal ZIP codes, right? Ha! I’m just kidding. We’re lucky if our applications actually limit users to five numbers or five plus four numbers.

However, in the real world, sometimes valid values go away. Particularly if they’re maintained by a government or governing organization that handles industry standards. And woe be to you, wayfarer, if your application deals with both. In that case, sometimes the government will give you one value (or take away one value) where the industry organization gives you another (or takes it away or does not take it away when the government does).

So what’s your plan for that? Don’t think only in terms of how your application will react (badly), but also how your organization will deal with them procedurally. Or when the clients or users start calling to raise holy Dis.

Let’s Play Spot the Defects

Friday, June 17th, 2011 by The Director

Which defects can you find on this results page from Miami Herald-badged Homefinder?

Guess the defects

Hint: If you try now, you’ll find at least one of them is fixed.

You Can’t Say QAHY Didn’t Warn You

Thursday, June 16th, 2011 by The Director

I said in a Two Minute QAte I’d seen payment portals vulnerable to changing parameters in the querystring. Apparently, Citi had the same problem:

Details have emerged has to how hackers were able to steal over 200,000 Citi customer accounts, including names, credit card numbers, mailing addresses and email addresses. It turns out quite easily, in fact. All they had to do was log in as a customer and change around a few numbers into the browser’s URL bar, NYT reports. Facepalm.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else’s account.

More details at this New York Times article, which quotes an anonymous security “experts”:

The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.

One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. β€œIt would have been hard to prepare for this type of vulnerability,” he said. The security expert insisted on anonymity because the inquiry was at an early stage.

I wish they would have put their names to it so the real world could know which security experts would call this an ingenious exploit of a browser flaw. Seriously. Dudes, and I say “Dudes” because that’s how the other kids in your college dorm address you, this is not a browser flaw. This is an application flaw. And one that you could fix if only you, I dunno, were “experts” in basic software testing.

Here’s a primer, dudes:

(Story seen via Rob Lambert tweet.)

UPDATE: Maybe those security experts quoted by the New York Times were the in-house team responsible for the recent New York Times pay wall fiasco.

Remember the Day QA Destroyed The World?

Tuesday, June 14th, 2011 by The Director

A classic scene from WarGames:

Fortunately, they did not have anyone testing the WOPR. I mean, seriously, number of players zero? Anyone reading this blog would have caught that and made them fix it, and blammo, nuclear war.

Maybe They Were Testing Subject Lines

Friday, June 10th, 2011 by The Director

The amateurs handling Westlake Ace Hardware’s email campaigns show their chops again by sending me the latest circular three times, the last with the job and customer number:

Email Fail

Email vendors are outside the reach of interactive agency QA in most cases, and it shows.

The Official QAHY Stance On Easter Eggs

Thursday, June 9th, 2011 by The Director

Apparently, one flavor of Chrome OS ships with an Easter egg:

Brad Wells found the Easter egg. Aided by a little Google searching, he found out how to activate a fake blue screen of death–one of the “legacy” leftovers from the PC era Google hopes to banish with its browser-based operating system.

Which leads me to my official QAHY pronouncement on Easter eggs: professionally, I am against them and argue against them any time I can.

Why? It’s a nugget of code thrown in that does not apply to the function of the application. Sure, it’s a spot of fun, but it’s extraneous code, and extraneous code has the chance of being buggy and whatnot that all other code has along with a) the possibility it won’t be tested if someone is sneaking it in and b) the possibility that it won’t be kept up-to-date or retested in later versions.

Also, I am against any developer having any spot of fun at any time for any reason (unless they appear in my novel, available now!).

Think Environment Doesn’t Matter?

Wednesday, June 8th, 2011 by The Director

In the software development world, we like to think we can artificially constrain environments to a limited subset of real-world situations so as to limit our time required for testing. We don’t want to test in IE 6 because our organizations’ designers no longer think it’s cool and whatnot.

Fortunately medical device makers and government arbiters are not so constrained:

In a large chamber at the Food and Drug Administration labs here, scientists are bombarding medical devices such as pacemakers and hearing aids with electromagnetic waves. Their goal: to see how safely the critical medical devices can interact with the growing volume of waves people encounter daily from increased use of electronic gadgets like microwaves, airport scanners and cellphones.

The so-called anechoic chamber, which measures nearly 36-feet long, is made of special material that absorbs electromagnetic waves. It’s considered to be the purest way to measure interactions between medical devices and electronic gadgets because there are no echoes or reflections of electromagnetic waves from the chamber’s walls or ceiling to affect the calibrations.

The research effort, led by the FDA, has resolved such mysteries as why a type of electronic wheelchair tended to start itself and drive out of control, and why some people with spinal-cord stimulators, implanted to help control chronic pain, collapsed after passing through a metal detector. Still unresolved, the scientists say, is how to stop the screeching noise that hearing-aid wearers experience when they try to use a cellphone. Researchers also are trying to understand how a new technology widely used to track inventory in retail stores might cause problems for people with pacemakers.

I often say I’d like to test for Underwriters Laboratories so I could fire Howitzers at things, but it sounds like the FDA has an environments lab to envy.

So what’s my point? Your organization might think it has a grasp on what your users are going to do and into what environments your clients will (or MUST according to you) install your applications, but remember all your legalese terms-of-use hand-waving matters only so much in the real world.

AC/DC: Not Music To QA By?

Monday, June 6th, 2011 by The Director

Anecdotal research seems to indicate just that:

A South Australian charter boat operator has made a fascinating discovery whilst conducting research into what kinds of music affect the behaviour of Great White Sharks.

Every sensible swimmer knows that avoiding a school of bait fish or immediately leaving the water if a cut started to bleed is ‘best practice’ when attempting to avoid a meeting with a shark.

But Eyre Peninsula’s Matt Waller has added another tip to the ‘don’t get eaten’ handbook with his discovery that Great White’s are much less aggressive when listening to ACDC – particularly ‘You Shook Me All Night Long’.

I don’t know if I’ll like it so much when we have to crank up Enya in the lab to improve productivity.

QA Music: Men of a Certain Age Might Recall….

Monday, June 6th, 2011 by The Director

Queen doing the theme from the movie Flash Gordon:

Replace the “Flash” with “QA,” and you pretty much sum up the proper role of QA in any organization.

QA Makes Developers Smarter

Friday, June 3rd, 2011 by The Director

Psychologically proven:

The authors examine whether and how observing anger influences thinking processes and problem-solving ability. In 3 studies, the authors show that participants who listened to an angry customer were more successful in solving analytic problems, but less successful in solving creative problems compared with participants who listened to an emotionally neutral customer. In Studies 2 and 3, the authors further show that observing anger communicated through sarcasm enhances complex thinking and solving of creative problems.

With this scientific paper backing up our value, I think raises are in order.

(Link seen here.)

Most Companies Are Doing Their Part

Wednesday, June 1st, 2011 by The Director

An email about a webinar coming up:

Stamp out the risk of quality

I don’t think most organizations need to pay a consultant to teach them that. They’re all pretty good at avoiding the risk of quality already.

wordpress visitors