Please work it into your testing accordingly.

THERE is no today in Samoa.

The tiny nation will jump forward in time as it crossed westward over the international dateline to align itself with its main trading partners throughout the region.

At the stroke of midnight on December 29, the time in Samoa will leap forward to December 31 – New Year’s Eve. For Samoa’s 186,000 citizens, Friday, December 30, 2011, will simply cease to exist.

I wonder how many automated processes melted down. Or are still going to melt down.

Remember to test all of your future applications that allow you to select a birthdate and country or a start/end date and country that this particular rule should exist.

Oh, man oh man, I can’t wait to log my first defect and start my first fight over it.

(Courtesy Trisherino.)

But, Director, what sort of madman would do such a thing?

• Someone used to the desktop paradigm might do it just because he or she does not know not to (someone like Roberta).
• Someone like me who doesn’t see any action immediately and wonders if he clicked the link or if he clicked while the cursor was not on the link.

Case in point: In WordPress, you can move an item to the trash by clicking the link labeled, appropriately, Trash:

If you click the link, the page comes back with the item missing from the list and your trash incremented by 1.

If you double-click the link, though:

Hilerrority ensues! The application deletes it and then tries to delete it again! This results in an unspecific error condition, but what would happen in your application?

Come on, guys, the user might double-click a link, and your Web application needs to take that into account and to handle it elegantly. More elegantly than a non-specific error message with no further navigation, certainly.

The year 2038 problem (also known as Unix Millennium Bug, Y2K38, Y2.038K or S2G by analogy to the Y2K problem) may cause some computer software to fail before, in the year 2038 or after. The problem affects all software and systems that both store system time as a signed 32-bit integer, and interpret this number as the number of seconds since 00:00:00 UTC on Thursday, 1 January 1970. The furthest time that can be represented this way is 03:14:07 UTC on Tuesday, 19 January 2038. Times beyond this moment will “wrap around” and be stored internally as a negative number, which these systems will interpret as a date in 1901 rather than 2038. This is caused by Integer overflow.

In the end, all software shortcuts will out and will crash a moonplane.

Click for full size

So what portions of your application come out of the printer? Does it work right? Does it look right? Is it correct?

It’s not enough that you make sure the print dialog comes up correctly. You need to make sure that the extras that are often added to the printed page display correctly. For example, some maps add details such as the location, some Web sites put their names on it, and some applications use formula. To ill effect in this case.

If you want to be a real rapscallion, see what happens if you print to a file or to a PDF driver of some sort. Because someone out there in the real world just might.

Well, if you’re new here, let’s recap:

• Large files: make sure the application can handle 1Gb or more or stops user from uploading them.
• Empty files: make sure application can handle 0 kb files.
• Invalid files: make sure application can handle files that are corrupted.
• Wrong file types: make sure application can handle when you try to upload the wrong type of file
• Long file names: make sure application can handle long file/path names.
• Invalid file/path: make sure application can handle invalid locations if you’re allowed to type in file names and paths.

The little Space Your Face Flash ditty created by NASA hangs on the 2nd and 3rd of the bullets above:

Click for full size

Worse, it hangs with some cheaply produced space groove playing.

Also, the eszett or scharfes S (ß) is used. It exists only in a lowercase version since it can never occur at the beginning of a word (there are a few loan words starting with an s followed by a z (e.g. Szegediner Krautfleisch but that is not the same as the eszett which counts as one letter).

In all caps it is converted to SS….

There’s a new unicode symbol for the capital version, but a lot of old applications will still force that into an SS. So a word like confuße might get uppercased to CONFUSSE, and if you set the string to the maxlength, uppercasing it will blow that up.

To be honest, I did discover this when I was working on an application for a German customer and I (and only I of a team of far more seasoned QA people than I at the time) sought out the German alphabet to learn its vagaries.

I just ruined a little of my mystique, didn’t I?

However, if your application might possibly be localized to German, you have my permission to use this. Use this new power only for good. Strangely, though, QA good means evil to everyone else, but that’s not our fault.

Remember to check your form fields for these bad dogs when you can.

(Link courtesy the Twitterverse.)

You can view that sample here.

I hope that my regular readers and especially those of you who got here by a Google search find it useful for your testing documentation.

Click for full size

It offers the user the opportunity to enter some sort of contest to go to Nashville. It’s obviously a Web browser in kiosk mode, but this one has a full keyboard with a trackball and two mouse buttons. Uh oh.

So I click the Contest Rules link at the bottom and get the contest rules, which has a naked link at the top that takes you back to the form. But hover over the link and right click and…. Uh oh.

Click for full size

What happens if I open that in a new window? Hello, Internet!

Click for full size

So a user has complete access to the Internet. Go where you want. Get all the malware you want. I didn’t try to see if a regular download and install worked, but I would not doubt it. What happen if I ALT+TAB?

Click for full size

Lookie there! Lookie there! It’s the command line. A little CTRL+C action and I have access to issue commands to the machine and maybe even the network.

So is that Cat-5 cable running out of the back of the box connected to the airport network itself or a dedicated safe portal to the Internet? Given what we’ve seen here, what do you think?

If you’re ever called to check out a kiosk application, not only should you run through the form the kiosk will host, but you should get a kiosk itself and run it through its paces and look outside the confines of the application to look for security pitfalls.

You need to check out the user interface action. This kiosk gives the user all the normal tools that users need for full input opportunity to the Internet. Some kiosks only have touchpads or touchscreens. Here are a couple of things to think about:

• Know your keyboard shortcuts. Most people don’t know these keyboard shortcuts, but they do things to your active window (even your kiosked browser). What can you do with that?
• Know your internal browser behavior. I remember seeing a kiosk with only a touchscreen that offered the Web sites of a building’s residents. Within a touchscreen environment, you would think you’re limited to navigating through links in the browser window. You would be wrong. mailto: links trigger the helper application associated with e-mail. What can you do when you try that?
• What happens when you unplug the machine and plug it back in? It reboots, probably, affording you the ability to go into alternate bootup scenarios and whatnot. Should your user have access to that? Probably not.

To begin vetting kiosks, you need to think outside the terms of your application and think in terms of the technologies that encapsulate it. The better you understand those and can identify the ways users could interact with the whole kiosk, the better you can prevent them from doing so inappropriately.