QA Hates You

My first 417 Server Error, I think:

Here’s a checklist of them all. I can mark this one off.

This error occurred on a page-initiated reload, which makes it double awesome.

Take a look at this image; the original is infinitely larger than the thumbnail:

As big as an image scaled infinityx seems, any mathematician knows there are at least two numbers larger than infinity.

And when Google discovers them, it will become self-aware.

I don’t know why, but when I conduct this search on one of my machines, the result is:

I, too, am one of nothing.

Strangely enough, this works on another of my machines and yields search results. I don’t know if it’s browser incompatibility or some sort of load balancing issue, where on machine is bound to a Web server that is working and the other is bound to a Web server that is not. However, it is broken.

I’ve spoken on many occasions about the pitfalls of putting the labels within the text boxes in a data collection form. I know, the designers are all about the “real estate” as though they’re subdividing oceanfront lots in New Jersey, but they’re really doing it because that’s how the other cool designers are doing it this year.

So allow me to show you a pitfall of this as it happens in Google+.

If you want to add links to your personal profile, you look at this little bit on the right sidebar:

Ha! As if Google didn’t already know where I am on the Web, where I was on the Web, and where I was last Thursday at 10:32 am when their satellite passed over. At any rate, you click and you get this little control:

All right, I want to add a link, so I click that link and:

I get a control box with focus set to it, so the cursor replaces any text that had been in it. Like the label.

Being a seasoned computer veteran, I immediately typed my URL into that box, which failed.

When I changed focus on another try, it became clear that the form’s idea of what I was supposed to put there differed from my own:

Ah! Not the URL, but a free text label to apply to the link. That is, the clickable text to display.

But I had no idea. But real estate was saved!

As I mentioned on Twitter, I’m currently up to 3 defects I’ve found with Google+ acting only in the capacity of a user. What’s your score so far?

Toyota.com’s Spanish site is very good. Most elements, error messages, and alt text is translated. Say, 99% of it.

But not all of it:

You can always find something not translated on a foreign language version of a Web site within a couple minutes of looking. Unless you’re working on it professionally, in which case you will catch most things, but one thing will slip through that someone will find.

Adding those nines is what gives me fits when testing. We’ve found 99% of the problems or have covered 99% of the code. That’s not enough. How can we add a nine to the end of the number and take it to 99.9%? How can we add another nine and make it 99.99%? How can we add another nine and…. But I repeat myself.

Frankly, this is some sort of dysfunctional family airing its grievances in public:

As a reminder, you know you can set Internet Explorer to puke up JavaScript error messages instead of meekly accepting them, right? Granted, this does not emulate the user experience–the user will hide these messages if he can–but you should always be happy to accept the free defects that it displays.

You do test it in IE, don’t you?

Which defects can you find on this results page from Miami Herald-badged Homefinder?

Hint: If you try now, you’ll find at least one of them is fixed.

I said in a Two Minute QAte I’d seen payment portals vulnerable to changing parameters in the querystring. Apparently, Citi had the same problem:

Details have emerged has to how hackers were able to steal over 200,000 Citi customer accounts, including names, credit card numbers, mailing addresses and email addresses. It turns out quite easily, in fact. All they had to do was log in as a customer and change around a few numbers into the browser’s URL bar, NYT reports. Facepalm.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else’s account.

More details at this New York Times article, which quotes an anonymous security “experts”:

The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.

One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. “It would have been hard to prepare for this type of vulnerability,” he said. The security expert insisted on anonymity because the inquiry was at an early stage.

I wish they would have put their names to it so the real world could know which security experts would call this an ingenious exploit of a browser flaw. Seriously. Dudes, and I say “Dudes” because that’s how the other kids in your college dorm address you, this is not a browser flaw. This is an application flaw. And one that you could fix if only you, I dunno, were “experts” in basic software testing.

Here’s a primer, dudes:

(Story seen via Rob Lambert tweet.)

UPDATE: Maybe those security experts quoted by the New York Times were the in-house team responsible for the recent New York Times pay wall fiasco.

Victoria’s Secret ran a contest leading into Valentine’s Day where you could send an e-card to your special someone and enter to win something.

If you entered Hamlet into the fields on the Tell-A-Friend panel, hilarity ensued:

Click for full size

That edit box has more covering it than Ms. Lima, left.

Actually, my facile crack about distracted testers misses the mark. ePrize handled the promotion, and as we’ve seen before on this site, its idea of quality assurance is making sure the client’s checks clear.

You know edit boxes aren’t supposed to do that, right?

(By the way, if some of you are wondering if I’ve included Adriana Lima on this serious site just to boost search engine traffic, I do have to admit that the hits for Suzanne Sena and Alyssa Milano have been falling off.)

If you want a chance to win a $50,000 ve-HICK-le (me, I want a new diesel quad cab full size pick-up truck), you can enter the Accelerate Into The Fast Lane Sweepstakes. You can enter on the Web, and you can see the official rules here.

The thoughtful designers here have used the common spoiler-hiding mechanism of making some text the same color as the background:

Click for full size

What’s hidden? The predetermined winner? The outside contest administrator’s home phone number? No! It’s the URL of the site you’re visiting?

Click for full size

Why did this happen? I can’t tell you. But I can tell you why it made it to the Internet that way:

Nobody looked at it.

I know, a lot of companies like to build their sites around CMSes and then turn the actual content entry into an intern. Once that CMS is humming along, they think they’re golden.

Until it looks like an incomplete Mad Lib:

Click for full size

Jeez, Louise, if that process is anything like what you’re doing, if you’re not going to have someone in your QA staff proofreading, at least make sure another intern looks over the content before it’s published.

Total Beauty magazine shows that it follows a best practice in having a staging environment. Unfortunately, they show this by leaving some links pointing to it:

Click for full size

I’ll tell you all about how adamant I am about checking every page, every link when it goes up (content management system or not, you’re not putting up hundreds of pages at once).

If you’re not going to do that, you should routinely run automated link checks on the site, and instead of just looking for broken links, run a report and look for links to your development and staging environments. They’re probably not going to break on your machine if you’re geared to test in those environments.

When you order something from the QA Hates You swag shop on CafePress, you’ve probably already noted the double Close Window link on the pop-up window when you opt to view the receipt. In case you have not yet finished your Christmas shopping for your team, here’s what I’m talking about:

Click for full size

It’s a good opportunity to remind you that every single auxiliary, small time pop-up window in your Web application requires its own testing.

A lot of times, you’re so busy focusing on the major, full size main browser windows that you can miss these bits. Maybe you don’t click the link that launches them, maybe you just make sure it opens as you expect it.

But you have to make sure not only that the data is correct, but that the navigation within it works as well. Make sure the Print link spawns the print dialog. Make sure the close links close the window. Treat it like it were a Web page like any other in your site.

Right before Thanksgiving, I tweeted:

So who’s running the QA office pool about which Web store fails first from the load on Friday?

I am sad to report I did not have Omaha Steaks in the pool

Omaha Steaks were a hot topic on the Today show earlier this morning. The Today show announced that Omaha Steaks is extending some of the great deals it offered earlier during Black Friday and Cyber Monday.

The response from viewers was so overwhelming, the Omaha Steaks website crashed for a period of time. Thousands of enthusiastic shoppers looking for deep discounts and free shipping on select steaks had to patiently wait for the Omaha Steaks site to come back up.

The spot was probably available, since no one remembers the middle tier retailers. Kinda like the middle tier retailers never bother to load test.

On the one hand, when you have a nice framework in place, you can rapidly build something reusing the existing pieces and practices. This increases efficiency and makes it easier to replicate existing sites and programs at lower cost. On the other hand, your framework is like a Mad Libs, and you don’t want to leave out some very important silly nouns like this Green Bay Packers contest:

Click for full size

In this case, someone left out some field names that the JavaScript validator was looking to present to the user.

This is another indicator why QA has to test every thing, every time. To make sure that key components of the framework have been fleshed out so the application doesn’t end up at a dead end.

A helpful message from the Springfield-Greene County Library System:

Click for full size

“Please note: Some users are getting a security certificate error message when trying to place holds or log in to their accounts on COOLcat. COOLcat’s security certificate is valid and we are working to resolve the problem. Please use the Internet Explorer browser to access your account until we have the problem resolved.”

That is, since we have a technical problem on our end, if a security message from Firefox bothers you, use a browser that’s not so pushy about valid certificates.

Thank you, that is all.

QAHY quick quiz! What’s missing from this e-mail?

Click for full size

Need a hint? Okay, if you fill out the form available here, the thank you page looks like this:

Click for full size

So what’s missing from these items?

UPDATE A couple of you guys got it right out of the box: the asterisk appears on both items, but the footnote identifying the limitations does not.

You not only have to look at what’s before you when testing, but you have to look at what’s missing. You get that with not only experience or business knowledge in the area of the software you test, but also from real world experience or business knowledge from outside the domain. The domain can be a blinder, and you have to look above it.

Good work, guys.

Do you look at the images in your Web site or application with your jaundiced QA eye? You should. Here’s why:

Click for full size

As you can see in the above image, which accompanies this story, the designer grabbed a number of images from the Web and put them together into a single file.

Unfortunately, he or she did not right-click and download the image file. No, in the interest of serving ignorance, this designer took a screenshot of the image while the cursor was over the image and didn’t notice the alt text displaying even when he or she created the complete image.

Not a professional designer, you say? Well, someone has a job making images for an Internet site here. And when you’re on your job harassing them, it’s your job to watch for this sort of boneheadism in the images.

Things to look for:

• Are the words spelled correctly?
• Are the client names spelled correctly? Note that in most cases in the 21st century, these are not real words and are ripe for misspelling.
• Do the lines align properly?
• Are the colors right? You can take a screenshot and get the color information through your graphics program (you do have something other than Microsoft Word and Microsoft Paint, don’t you? Why the hell not?).
• Make sure the image isn’t compressed into looking like something out of an 8-bit video game. If the happy couple using the product looks like Mario and Luigi, make the creatives try again.
• Get your minds in the gutter, QA.

And, of course, just pipe up if something doesn’t seem right. Like there’s alt text floating somewhere in the image that doesn’t belong to the image.

At least, that’s what I’d guess if the clue was “Invalid character M.”

Click for full size

Alex would say, “No!” because apparently the Cyrillic alphabet has an M in it. In retrospect, it’s hard to spell Моско́в without it. I’d have to hold out hope that my nearest competitor would ring in with, “What is the next James Bond Film?” to keep the scores close.

Come on, I can’t be the only one to make up fanciful stories about the errors I encounter, can I?

When I went to read a story on Yahoo!, I got a little inconsequential error at the bottom of the page:

Click for full size

Gee, I’m not that eager to see that particular ad. Better luck next time!

Of course, when I went back to snag the URL in Internet Explorer, I got a host of other errors. Not only a host, but a whole dinner party full: (more…)