QA Hates You

The developers of the Circuit City store locator fail logic.

Here’s the situation.  You’re a user in tiny Grantwood Village, a mostly forgotten municipality in St. Louis County, Missouri, who wants to go to Circuit City because….well, okay, maybe it is an outrageous use case, but it fails:

1. Go to the Circuit City home page.
2. Click the Store Locator link at top.
3. Store Locator displays:
   
   In the City edit box, type grantwood village.
4. From the State drop-down list, select Missouri.
5. Click Find.
6. Uh oh.  According to Circuit City, Grantwood Village does not exist:
   Much to the chagrin of Grantwood Village.Well, then, type the zip code of Lakeshire, Missouri (63121) into the Zip code edit box.  Funny, though, Lakeshire is even smaller than Grantwood Village, as it’s essentially a small subdivision with a post office.
7. Click Find again.
8. The application acts as though the zip code is invalid:
   

This occurs whether you click the Find button underneath the Zip code edit box or underneath the City/State combination.  Don’t get me started about the design wisdom of putting two controls on a form that do the same thing.  You cannot convince me of its utility, and I disbelieve in your value of symmetry.

In this form, if the application detects a value in the latter, it ignores the former, period.  So it does sort of handle Or (you need to enter something in one or the other), it does not handle both (And) correctly.  Even though someone will probably encounter the situation of entering data in both forms.

And, when you’re feeling particularly nasty (which is to say, every day of the week), remember to try 87894.  This is an invalid zip code, and if your application doesn’t handle nonexistent zip codes (not merely strings that are not five numbers) or relies on a Web service call or whatnot to an application that does not handle nonexistent zip codes, hilarity ensues.

Courtesy of Hanes’ Inspector 12.

I didn’t mean to go looking for this much trouble.  I mean, I was looking at the Web site for KMOV, a local television station, for a specific flaw for a longer post (forthcoming), and instead I find a host of others.

For starters, the blogs maintained by the station personnel do not reside on the domain for KMOV; instead, they’re on beloblog.com.  If you go to the root there, you see that it displays a pseudo page for WCNC in North Carolina:

Click for full size

Ah, never mind that.  So I look more closely at a blog entry, and I notice the comment form has a text box for a CAPTCHA that doesn’t display at all:

Click for full size

Finally, I click the Submit button to see if the form actually does require a captcha. The results: stunning.

Click for full size

It’s a 404, but look closely: It’s looking for something on dev.beloblog.com.  That is, the form appears to point to the development environment, not the production environment.

Can’t anyone here play this game?  Probably not, if you’re the blog hosting experts at Living Dot.

As you know, or you should know, many e-mail clients will block images and links from incoming messages from unknown addresses.  If you’re sending out an e-mail, perhaps you should keep that in mind when your organization designs an e-mail.  Remember to include good alt/title text and try not to put every last bit of copy in an image, okay?  Otherwise the beautiful, wonderful e-mail you designed to look like this:

Click for full size

Looks like this: Read the rest of this entry »

There are three kinds of workers in IT: Developers, QA, and collateral damage.

Someone over at FoxNews.com uses Microsoft Word to create his or her posts:

Click for full size

And, apparently, someone does not preview content before pushing it live.

Sadly, I grabbed this screenshot last night, and although most of it has been fixed, detritus remains in the copy.

Yeah, that’s the ticket:

Banner ad rotators: Is there one that actually works right all the time?  We may never know, but I certainly doubt it.

Maybe I need a separate category for these screw-ups.

When one browser dies, another rises to join the pantheon:

Google Inc is set to introduce on Tuesday a new Web browser designed to more quickly handle video-rich applications, posing a challenge to browsers designed originally to handle text and graphics.

This browser will probably eat into Firefox’s market share, as some of the hip developers switch to using it instead.  Maybe some civilians will try it out, but probably the same civilians out there who run Firefox.  I don’t expect Roberta to run right out and adopt it, and I expect the same tightly locked down businesses that don’t allow installation of Firefox on business computers will not rush right out and allow installation of Chrome.

Still, it will prove to be one more example of your organization’s developers writing code that works on a browser with geek cachet and then complaining when you tell them to make sure it works in IE.

At DailyWTF, a reader offers another object lesson in having clever developer messages, not for public consumption, consumed by the public.

Whereas the article at DailyWTF talks about the hard-coded messages within the application, remember, ungentle reader, that QA also has the chance to enter badness into the system when creating junk data for testing (see Keeping Your Test Data Clean).

Developers need to assume that the impossible error condition will occur (assuming the application even works, that is), and QA needs to assume that the business stakeholders will be stupid enough to use the test environment for demos or for milestone meetings with the client.

As some sort of perception/perspective gimmick, Gojko Adzic asks how many points there are to a star.

I got your QA answer right here, buddy: There is no point to the star.  Destroy it.

If you’re not in the business to serve your own nihilism, you’re in it for the wrong reasons.

A posting on craigslist in the Software Jobs section:

Click for full size

This is a quality assurance for manufacturing, not software quality assurance, but one wonders if the recruiter knows the difference or cares as long as he or she gets a warm body and the percentage off the top.  Manufacturing quality deals mostly with established processes and procedures designed to help manufacturing large numbers of the same things day in and day out.  SQA, as you know, deals with a single SNAFU evolving over a long period of time using unproven technologies wielded by hubris-riven kids out of a four year program in learning Visual Basic.

Some of the skills can transfer over in the abstract, I’m sure, but I canceled my ASQ membership because it was so manufacturing and pharmaceutical intense and I did not get much insight I could apply to SQA except maybe some terminiology to impress my boss and to throw around statistically-based meetings, if I cared to throw them.

To do an SQA job effectively, you’ve got to be rat-mean and weasel-devious to figure out how to go outside the lines that the business analysts and developers have drawn.  You’ve got to suss out crazy alternative workflows and incomplete paths and intermediate states to try to grab as many of a practically infinite number of points of failure.  It’s a little different from looking at a graph and thinking, “Hmm, maybe we should lubricate the punch press every 16 hours.”

Also, when contacting the recruiter, remember not to call their contractors “Kelly Girls.”  That violates their trademark, which instead of being violated is mostly forgotten in the 21st century.  Way to protect a trademark!

Bizjournals.com offers good advice with its latest e-mail’s subject line:

Click for full size

If I waited too long to adjust to my ma, I got a whuppin.  Frequent whuppins led me to a career in QA, where one can abuse others and get paid for it.

Okay, this one does not occur in nature, but man, if only:

Click for full size

Today’s term: a zool.

Zool: a row in a database, added via an INSERT command, or rendered in the presentation layer (client application or Web interface) that is expected to contain information, but because of defective behavior of the software does not.

In context:  “There is no data, only Zool.”‘

It’s best said in a demonic voice, but that’s sort of redundant, since any QA communication is best spoken hellishly.

A sample of this vocabulary word below the fold, sort of. Read the rest of this entry »

g33klady sends a screen capture of another integration problem with Yahoo!  Apparently, some character is showing as broken on its news pages:

You know, Yahoo! gets a lot of play on these pages, and I’m not even a disgruntled employee or former employee.  Maybe they had word that, since Microsoft was going to acquire them, to mesh quality standards.

UPDATE: I suppose a bigger problem is that this story still displays on the front page of the Classic Mail page.  The story not only displays the characters, but is 3 days out of date.

The company formerly known as Diebold but changed its name when Diebold became a bad word due to poor quality in electronic voting machines admits that its voting machines might have lost a couple votes here and there:

 A voting system used in 34 states contains a critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point, the manufacturer acknowledges.

The problem was identified after complaints from Ohio elections officials following the March primary there, but the logic error that is the root of the problem has been part of the software for 10 years, said Chris Riggall, a spokesman for Premier Election Solutions, formerly known as Diebold.

Acknowledged, but not before running through the gamut of excuses:

As recently as May, Premier said the problem was not of its making but stemmed from anti-virus software that Ohio had installed on its machines. It also briefly said the mistakes could have come from human mistakes.

But the important thing, I suppose, is that Diebold met its deadlines and had the faulty software up and running in time for the elections and in time to cash the government contract checks.

Andrew Binstock asks, Is unit testing doomed?

I ask, was it anything more than a myth to begin with?  Even in the largest companies I worked for, I didn’t see any sort of developer testing processes in place.  They’re too busy updating the Wiki to waste time writing tests to check themselves.

If you’ve got a control on a subform, you really ought to make it do something, even if it’s a link.

Take, for instance, the little Add an Application subforms available on the home page of LinkedIn.com (note you have to be signed in to see them in the right sidebar).  To get this subform, you mouse over the Add an Application link and then select a subform type, such as the jobs form:

Suppose you change your mind and don’t want to add this “application” to your sidebar.  What do you do then?  Click Cancel?

Hah!  Fool!  You do not; apparently, LinkedIn GUI wizards expect you to click the X to close the application which you have not yet added.

What they’ve done is gone cheap and made the Add form look exactly like the Edit form because it’s easier that way.  Instead of altering the behavior of the Cancel link to make it behave like the Close button during the edit operation, they have just made it do nothing.

Poor form, Peter; you should never offer controls that do nothing, and especially you should not do it because you’re too lazy to write a little bit of branching logic.

Also, I might add that allowing users to open more than one Edit/Add form at one time is sort of, well, dumb.  I’ve seen this behavior in applications I’ve had to test, and sometimes instead of an AJAX subform, the application refreshes the page entirely, which either abandons or saves changes in the other subforms (where the user did not click Save) according to the developer’s behavioral preference (or accident, but I repeat myself).  Crikey, how about expecting the user to make one change at a time and guiding him or her to do it in a logical fashion?

Nah, let’s go willy-nilly and get it out the door on time so we can get in line for Halo VIII.

This is the third book in the trilogy (How to Break Software, How to Break Software Security, and this book).  This book, as you could guess by its title, focuses on applications written for the World Wide Web.

As with previous books, this one uses an enumerated list of “attacks” you can perform on the software you’re testing.  However, the “attacks” motif is a little misapplied, as the last chapters of the book are broadly constructed, including a chapter on “Privacy” and another broad overview of Web Services.

However, by focusing on differences between Web applications and regular applications (the stateless nature of the Web as well as exposed underlying technologies in the Web server and database server) that can help you transition if you’re used to working on desktop applications to the Web.  Heck, even if you’re already testing Web applications, you might find something in here to add to your repertoire.

However, read the book and apply the “attacks” in a triage fashion.  Sure, your pages’ source code might reveal something, but brothers and sisters, reviewing page code is the first attack (”Panning for Gold”) presented in the book.  It is not the first thing in my test plans.  As a matter of fact, given the projects I’ve worked on, reviewing source code has been spotty at best and falls in the test plan somewhere beyond spraying the Web server with a hose.  But if you have timeline enough and time, it is a good idea.

I bought these books for my team, so can expect I’d recommend them to you.  Go forth, buy them, and learn from them.

A poster to the ComputerWorld Shark Bait forum discovers why 214-748-3647 is such a popular phone number.

The answer, of course, is lack of quality assurance.