Google maps offline mode scenario testing

TL;DR

As I was traveling to CAST2016 in Vancouver, and roaming cost for 1MB of data traffic using my Croatian operator is 10 US$, I decided to use Google maps in offline mode.

Why you did not buy Canadian sim card with data plan? I investigated that option, and I could not find on web simple explanation how to do that. Also, doing business in Croatia is rather complicated, and putting that expense on my company account would be very complicated. So I decided to go with Google maps offline option, and using wi-fi where possible.

Day before travel day, I downloaded Vancouver map. In iOS Google map application, you need to search for Vancouver, and select in main menu offline areas. Touch big blue plus sign, and hit download.

Offline content is valid for one month.

First surprise is that route feature is only available for Cars option, bus and walk is not available. My heuristics is that this is because of security implications for walk option. Google only wants to guide you for walking using up to date information. For example, you do not want to go through some riots area.

Bus option is not available because bus timetables need to be up to date all the time to have the most accurate routing.

My current location works in offline mode, but only when airplane mode is off.

And one interesting scenario (BBST scenario testing) happened. On Paris airport, I enabled data roaming, because those prices are acceptable (Croatia is part of EU). On plain I switched on airplane mode on, with data roaming enabled. Next stop, Toronto, Canada. And guess what, IT IS NOT POSSIBLE TO TURN OFF DATA ROAMING WHEN AIRPLANE MODE IS ON.

I was afraid that I will get some data traffic after I turn airplane mode off. But, luckily, my phone was not able to connect to any of Canadian mobile networks, so I could turn off mobile data roaming without any cost.

Scenario testing is very important part of professional testing activity. It is unfairly called manual testing, giving the impression that it is low skill activity.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Tester on a journey

TL;DR

I traveled to Vancouver, Canada, in order to attend TestRetreat and CAST 2016. Here is the experience from the tester’s point of view.

First issue I found was at Zagreb Airport. Boarding card reader is only used just before you enter the Gate. Boarding card reader failed, and just in front of me, it was restarted. Scan of my board card returned “unknown flight” error. Despite that, I proceeded with boarding the plane.

In Paris CDG Airport, I took the picture (featured picture of this blog), because every step at the top of stairs section have this metal endorsement. I do not know why, I just documented that pattern.

While waiting for flight to Toronto, I did one exercise from book programming elixir. I was connected to Internet (only wifi connection), and started my Mac terminal. Exercise was a small program that is accessing the github api. I run it, and got ssl security exception, github certificate mismatch. This is security exception for man in the middle attack, and it means that you do not have direct connection with a server.

I opened Chrome and noticed airport wifi provider page where I needed to accept terms of service page. After that, I got direct connection with github api server.

Tester should never be bored during his journey.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Example of fast decision making

TL;DR

It this blog post I will give an example of fast decision making and explain why the skill of making fast decisions could make you better software tester.

Olympic basketball tournament started great for Croatian national team. They won over Spain, one of the best teams in last decade. Decision was made with last ball, when Dario Saric, new signed Philadelphia 76ers blocked one of the best world Players Paul Gasol.

What caught my attention as software tester was Dario’s statement about that block:

I saw that ball is not going to Nikola Mirotic (second center position Spain player), SO I JUMPED  BEFORE PAUL got the ball in order to block him.

That was fast decision (less that 1 second), he gambled a little bit, but with his observation, gambling was very justified.

He blocked Paul Gasol, and Croatia had an excellent start in Olympic tournament.

In order to be a better testers, you have to make a decision (for example, should I deploy to production this code change) in your context that is based on your observations. And it is important to start practicing your decision making by doing observations. You can start with your daily environment, it does not need to be connected with some software product.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Django time machine

TL;DR

In my previous blog post, Simulating time in Ruby on Rails framework, I described how to travel in time in both directions by using Ruby on Rails console. In this post I will describe same feature for Django framework.

Here is example how to update in django shell user table last_login column, using Django active record classes. User is filtered using email column.

cd to_root_of_your_django_project
>python3 manage.py shell
>> from sl_models import user
>> user_instance = user.models.User.objects.filter(email="user_email value")
>> user_instance.values()
>> from datetime import timedelta
>> from datetime import date
>> user_instance.update(last_login=date.today() - timedelta(days=7)) //we are traveling by days, but it is also possible to travel by other time dimensions. Check python timedelta documentation
>>user_instance.values()

I wish you happy time traveling in Django!

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Quick test idea: try inverse feature

TL;DR

In this post I will explain one quick, but very important, test idea. Inverse feature.

In order to avoid complex mathematical description and proof, let’s use simple plain explanation. Inverse feature does exactly the opposite from the original feature. And operates on output data of the original feature. Ad in the end, we should get back original data.

Here are few examples.

Every browser has zoom feature. Let's zoom in for 10% of this blog post, and again, zoom out on same blog post for 10%. You should view  blog post in starting resolution.

Or you have feature that exports list of users. The best way to test this feature is using import feature of users. Export users, delete them, do the import, you should get original list of users.

Inverse feature is very important quick test idea, because you can test original feature very quickly. Also, users will be very satisfied with your product if features of that product come in pairs.

This quick test idea is fallible because you can have four possible combinations:

both features work, both features fail, original feature fails, inverse feature fails.

It is important to be aware that using only this quick test method is not enough.

Which method would you use to help you in case when both features fail?

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Testival 2016 press release

We are proud to announce Testival 2016!

Testival is, simply put, a software testers’ event. A place for software testers to meet with each other and talk about testing. It is a combination of unconference format, where participants selects topics of interest, and keynote speakers.

Testival 2015 was a great success! We had 40 testers and two speakers. Dario Hrupec had talk “How do natural scientist test their ideas” and Maaret Pyhäjärvi talked about “Collaborative exploratory and unit testing”.

This year Testival 2016 will be hosted by STEP RI Science and Technology Park of the University of Rijeka Ltd!

Bookmark your calendars with Testival 2016 dates: September 23rd and 24th 2016!

This year we also have two exciting speakers:

Mirjana Kolarov is Test Department Manager at Levi9 IT Services and she will gave closing keynote: Reaching symbiosis of Exploratory and Automation Testing.

Ben Simo is Amphibious time-traveling context-driven cyborg software tester and he will give opening keynote Putting Context First.

In between is your time, our dear testers. This will be the time for session according to you selection in open session format.

With help of our sponsors, admission is free, and it is mandatory to register through Entrio system.

Our sponsors are:

Screen Shot 2016-07-23 at 3.47.00 PM

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Feature analysis for my Internet banking application

TL;DR

This post is feature analysis of my Internet banking application. As a user, I am not satisfied how those features are implemented because using them I spent much more time than expected.

As a user, I want to pay my bills reliably and as fast as possible. Feature that I used every month is to ADD MY BILL TRANSACTION TO BATCH OF TEN, and then I confirm that transaction with ONE transaction token.

SELECT PAYMENT TEMPLATES is also very important feature, because using them I only have to change one dynamic part of every bill, that is my PAYMENT ID created by the owner of the bill.

Combining those those two features, I spent less that 20 minutes to pay all my monthly bills. And that is acceptable for me.

Current system is live from the beginning of this year, which means that I used feature, CREATE A PAYMENT TEMPLATE, in the old system. All payment templates were successfully migrated to the new system.

This month, I needed to update one of those templates, and all the frustration and fun began. In user interface, there was no obvious information how to do that (obvious information in user interface is my prefered way of application documentation). Then I checked official user documentation.

Search for predlozak, croatian word for template. Second word will reveal Slika (picture) 10.17 and observe upper right corner. Yes, this is where you select to save NEW TEMPLATE.

So, there is no feature, UPDATE TEMPLATE. You need to delete current template and then create new one.

And here comes the BIG BANG FEATURE! In picture 10.17 you can see how to pay a transaction. Wait a minute, what does this have to do with creating the template? Well, they decide to merge two features, pay ONE transaction and during that feature, mark that you want also to create NEW TEMPLATE from that payment transaction. Simple and logical, if you are a Vogon.

So, here was my workflow:

  1. Add payment transaction to transaction batch of ten.
  2. Remove it from batch because I wanted to update it.
  3. Delete current template.
  4. Create new payment, mark that I want also new template from it
  5. Pay just one transaction
  6. Continue with adding other transactions, using their templates that need not to be updated, to batch transaction

There is also one feature, that I call ANNOYING FEATURE. Remember that in every PAYMENT, I need to update PAYMENT ID, hard coded by the owner of the bill. Croatia Vogons created a set of rules for that PAYMENT ID (and increased croatian employment number for 5000 thousand).

And bank developers decided to implement MAGNIFICENT FEATURE, check that business PAYMENT ID WHILE I am typing it in input field. Yeah for Javascript! Problem is that they trigger rule check BEFORE I FINISHED typing!

How is your Internet banking application these days?

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

One character to rule them all

TL;DR

In this post I will provide example how just one character can make a significant difference regarding security of Django web application.

The issue is sql injection. When I test for sql injections and I have access to client codebase (which can save significant amount of money for client), I first search code for using raw sql code. I am using simple unix utilities, less and grep:

grep -H -r 'what_you_search' * | less

In Django code system, you should search for raw function because it accepts for input raw sql.

You should learn what is proper way to send sql parameters to that function. For Django raw, this is proper way:

>>> lname = 'Doe'
>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s', [lname])

I searched the codebase, and found following:

>>> lname = 'Doe'
>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s' % lname)

Have you noticed the difference? % instead of ,

Here is how you can easily construct strings in Python (Django is Python framework):

"welcome sql injection %s" % hacker_string

This just replaces hacher_string with %s. And does not check hacker_string for possible sql code injection, which raw function does, but only when user input is send as raw function parameter, as explained in documentation.

%, one character to rule them all!

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

As tester, be alert during the alternative flow

TL;DR

One of my previous heuristics was that people make more mistakes in alternative path that are usually complicated than basic flow. Here is one more example that supports that heuristic.

Today I was shopping in my neighborhood store, and alternative business flow was triggered at the cash register. Brand that owns that store usually do not have enough change coins at the cash register. So when I gave my money, cashier realised that I have enough amount in coins that she desperately needs.

Amount was 113 kunas. I gave 100, 10 in paper and 3 kunas in coins. At that moment she realised that I have 10 kunas in coins. She put aside 100 and 10, and counted 10 in coins.

You probably guess what happened. I needed to ask her to give me back my 10 paper kunas.

Conclusion.

People make mistakes. And that is ok. This is our nature. When you are testing always be alert at alternative flows. Because people make mistakes at alternative flow with higher probability.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Blog that makes software testing interesting and exciting.