Software tester experience of CRAFT2014

Reading Time: 4 minutes

This week I attended CRAFT 2014 software craftsmanship conference that was held in Budapest. In this blog post, I will describe conference experience and takeaways from the software tester perspective.

Conference preparation

I went on this conference with RubyOnRails guru developer, Vlado. He recommended Airbnb for accommodation reservation, and within 20 minutes I reserved an apartment in walking distance from conference venue. We arrived by car. Vlado notified me about conference “stars”: Chad Fowler,  Douglas Crockford and Michael Feathers.

Day 1

During breakfast I greeted Gojko Adzic and, as usual, my brain was in “fifth gear” during the conversation. I always find out about new valuable books, this time it was “What customers want?“. I pinged Gojko about latest development in his startup Mindmup, and it is always a pleasure to see his “live coding session” about his latest git push. As always, there is new Gojko short wisdom clause: “Programming is magic, you create something from nothing.”.

I also acquainted Nebojsa, Rails developer that works for Semafore, startup from Serbia.
As we were waiting keynote, I looked stuff in my bag and I found out that we got pencil but no notebook, and we got mysterious blue object (in picture above). We all thought that must be some test of our craftsmanship but in the end it were just sponsored earphones. My testing method was observation. I noticed some strange movable elements in the object (something similar just before moment when Alien was going to pop up from John Hurts chest), I flipped object in my hands and I drop it on the floor several times. Nothing happened. Than I noticed that object has two parts, soild white plastic and rubber blue one. I removed blue rubber and I found out that white part is compartment for earphones and the wire. I had to test them and there was no any damage.

I took keynote session “Programming, only better”notes on Google sheet for Nexus 7 game. Talk provided guidelines how to program better. Famous Dijkstra was mentioned, in context of formal reasoning during the programming. Dijkstra was against debugging and testing (with test, you can not prove absence of bug, only its existence) and claimed that every program must be proved using formal reasoning. Other concepts (e.g. mutable objects are bad) could be found in archive of Google testing blog.

Quick browsing preview of O’Reilly boot (40% discount!) and Vlado solved my notebook problem with free O’Reilly notebook.

First talk was “Lessons from Facebook’s codebase”. Facebook codebase enhancement is going into direction to help developers not to make obvious mistakes in code (e.g. xss security issues), to get data only relevant for the query context, to help them to check their new feature or code refactor,… If you have very enlightenment question: “Why not just switch to Ruby or other super language” ask your self: “Could you do it with your simple (compared to Facebook) code base?” What is bothering me as a tester is a hunch that Facebook is probably not using services of context driven software testers. After the talk, I approached to Ben (please notice that this is NOT twitter link), and he happily answered all my questions (big like because I thought that this is against first Facebook rule).

I checked what is new for testers in Vagrant world, and because I like mathematics, I listened about browser encryption (I like Keybase concept and I hope that someone did risk analysis for that product).

“Agility and the essence of software architecture” is aligned with my experience with creating software architectures (also with Architecture war stories).  Talk takeaway, do your architecture in your code. Do not use any intermediate tool. Simple as that.

  “The journey to mastery” explained how to become a master and how to create another master. “Testing the hard stuff and staying sane” provided an example how concurrency testing should also be done: as early as possible, as simple as possible using some tool. Talk was about in house developed tool and I recommend open source Grinder (Java world).

Between Douglas and Michael, we choose Michael, because Douglas is coming to The Geek Gathering. Michael opening was “Do you know who is Gerald Weinberg?”. That question and question for organizations “Could you please show me your code?” confirmed his credibility. G. Weinberg is famous for his definition of quality: “Quality is value to some persons.”

Day 2

Chad Fowler keynote also tried to answer question “What is software quality?”.
In “The art of building tools” I found about JetBrains MPS tool. As a software tester I was very suspicious about “Find the abstractions level for your tests”, but I have no any objections on that talk. It clearly talked only about level of test abstractions and there was no impression at any point that this method is the only testing method.

“Building on solid foundations” was the strangest one for me. Here are the reasons: it is development talk, two UK speakers for which I have problems understanding because of the accent, I did not get any concept described in the talk (except previously known SOLID).

“Delivering continuos delivery continuously” provided live deploy of Australian Guardian site.
In next talk I learned about WebRTC protocol. Talk about RAFT was interesting for me because I am familiar with concept how clusters work. It presents consensus algorithm that is much simpler than PAXOS protocol.

Final talk was about Twitter distribution system problems and their practical solutions. I learned about Zoo Keeper.

In between first and second day we acquainted Sofia, software developer from Israel who works on product that provides features of remote monitoring for Java Virtual Machine (JVM). I am aware of JVM challenges, so it was very interesting to discuss with her info provided by JVM heap and thread dump.

Conference satisfactory survey

I am very satisfied with conference organization and my takeaways. Proof is this blog post. My grade is 4/5. Only minus is real time schedule change that happened on first day.

Post conference

I was hit with lot of information. I did my notes and this blog post, without them my takeaways would be slim (by my fault). I bought three books:

  • Shipping greatness (I do not agree with proposed testing method)
  • The passionate programmer (signed)
  • A theory of fun for game design (there is still a child in me)

We had a problem with paying our parking. Money was not problem, picture depicts the problem (true, I am very bad at taking photos with my IPhone). As tester Ben Simo says: “Testers are sometimes bug magnets.”
Little testing lessons. We executed two scenario tests that failed:

  • User is not able to dismiss windows OS error message and put back machine in state “Ready for payment”
  • User is not able to put paper money in machine.
Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Dear fellow tester, what have you done for software testing?

Reading Time: 3 minutes

I have to apologize to all specialist from the software development industry because I successfully completed BBST test design course. I need to be a little bit ironic, but we have to be open and blunt and admit that software testing is not acknowledged and recognized as it should be. What are the reasons for this situation?
Can we blame any of software development professional who has worked with not skillful tester and because of that does not recognize software testing as skillful and valuable craft? Software tester is responsible to educate software developers about software testing. But it must first educate himself.
I recently talked with one excellent software developer.
Me: How do you test your product?
Great dev: Oh, we are writing cucumber and rspec tests.
Me: Great, what else?
Great dev: What do you mean?
Me: For example, what about risk analysis?
Great dev: Say what?
Software testers are also responsible for this situation. I also had been responsible in my past, up to the moment when my colleague questioned my software testing skills asking one simple question: “Have you ever read any book on software testing?”
So, my fellow testers, what is your answer on that question? We can expand it. “Have you ever read any book, blog post or article on software testing? Have you ever listen to any podcast about software testing? Do you share in your blog your testing experience and thoughts about software testing? Have you ever questioned statements read in those resources?” If your answer is no on all those questions, than my dear fellow tester, you are not doing anything good about making software testing a recognized craft. And please do not use lame excuse like “I do not have time for that!”. Reality check my dear fellow tester, you will never have enough time as software tester! Time management is one of the most important software tester skill.
However, If you answered yes on any of my questions, than next step is to reconsider taking some of software testing courses. But which one? I am not against certification programs, I am against bad certification programs.
I recommend to every software tester AST-BBST courses. In this blog post I would provide all answers on my BBST test design exam cram questions. Just kidding, previous sentences was just to boost my Google page rank. I will describe what worked for me in order to pass BBST Test design course.
Course length is four weeks. I spent in average four hours per day on this course. Deadlines are on Wednesday and Saturday midnight. There are six lessons and exam week.
What I did. I first watched video, then went through presentation aligned with video. I started answering open book quiz questions that were mentioned in presentation. If I did not understand question topic, I started searching recommended reading about that topic. Then I went to exam cram forum and answered questions it that were mentioned in watched video lecture.
After that I started my lesson assignment. And that was my course pace.
Important recap, quizzes are open book, their purpose is not to grade you, but a mean to comprehend lecture materials. Quiz grade is not relevant for final pass/fail decision.
But there was more. I regularly checked what is happening in exam cram forum and I provided feedback to other students work (aligned with my total time resource). I also got feedback on my answers. Guess what, participating in those discussions is my greatest takeaway from this course. For example, in discussion with one fellow classmate, I successfully comprehend what is long sequence regression testing. But there is more. I worked four hours per day just for first three weeks. Using described pace, last week (exam) was an easy ride for me.
What I learned? Well, you have to find out this by your own by visiting BBST test design site. Psst! Yes, you can read all materials in advance. And practice on listed assignments.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Two testers at 3rd #OSCHackathon

Reading Time: 2 minutes

Yesterday two testers participated at 3rd #OSCHackathon, Davor was jury member and I was member of MCT team. I think that was first time in the history of all Croatian hackathons that testers participated in it. #OSCHackathon was organized by Osijek Software City organization and location was coworking space at BIOS center. My goal was to test how dedicated software tester could help developers in hackathon way of working when it is important to deliver functionality as quickly as possible. Organization was great. By that I mean we had uninterrupted wi-fi connection with satisfactory speed for our Heroku git repository communication. And for lunch there was traditional Slavonia menu.

My team had three great and experienced Ruby on Rails developers: Berislav, Vlado and Oliver. You can read hackathon experience from Berislav (developer) perspective on his blog.
I would like to write in this post about hackathon experience from tester perspective. Task was to create web crowd-funding platform. We obviously chose Ruby on Rails framework. We used Heroku platform, for deploying final application and for managing our git repository. There were two branches, master and dev. Master branch was our presentation environment, and dev was merging point for Vlado, Berislav and Oliver. Using code from dev branch, I was testing on my MacBook Pro environment (foreman for controlling unicorn server with Postgres database backend) In the beginning, my task was to handle testing data. In Rails world, that means populating seeds.rb file. Here was my workflow for the first part of hackathon: pull from dev branch, bundle install (install new Ruby gems), rake db:migrate (database migration for model changes), start foreman, test. Second part mainly involved mostly git pull command. Later on, I was doing Croatian internationalization for our site. I learned how to do that during the hackathon. As deadline was approaching I took over Heroku deploy and testing. I knew which features should be finished, so my feature testing was directed with that information. After I confirmed that features were working, I did scenario testing in order to prepare for the presentation of our project in front of the jury. Code that was coming to dev branch very close to deadline was tested only on my MacBook. I did not want to merge it to master branch and possibly break working features on our presentation environment.
I did the presentation in front of jury. We finished second, and I think that my presentation did not show all the advantages of Rails platform. I should have done simple cross site scripting (xss) demonstration and demonstrate that Rails platform has security implemented out of the box. Other teams would probably failed xss test, because most of them were using  php based frameworks (for which I know that do not solve xss out of the box).
As I am currently taking BBST instructor course, I know that jury had hard job to grade our projects. In BBST instructor course one of the lessons is how to grade the student work.
The jury did great grading job, because I guessed final order.
Here are first three teams:



I met some great kids (they are kids from my perspective) that were part of this event. My advice to them is to keep up the good work!
Did I help my team as a tester? My opinion is that I did, especially as deadline was approaching.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Heroku ACTION REQUIRED: Potential security vulnerability in Ruby and YAML parsing

Reading Time: 1 minute

I received email from with that subject on April 3rd, 2014 at 22.55 local time. I was expecting that email. How many of you who have Rails application deployed on Heroku, patched your application by following instructions in security heroku email?
I followed instructions by typing them in my Mac terminal, and found out that instructions are wrong.
First command from email:

heroku run “ruby -rpsych -e ”p Psych.libyaml_version.join(‘.’)”” -a application_name   

should be replace with:

heroku run `ruby -rpsych -e ‘p Psych.libyaml_version.join(“.”)’ -a application_name

I do not explicitly use Psych gem so I found out that cmd:

git commit –allow-empty -m “upgrade ruby version”

should be replaced with:

git commit –allow-empty -m ‘upgrade ruby version’

I had to upgrade my Ruby from ruby-2.0.0-p247 to ruby-2.0.0-p451. For ruby-2.0.0-p247, libyaml version was 1.4.0 and by upgrading Ruby, I only managed to upgrade libyaml to version 1.5.0. I do not want to upgrade Ruby to ruby-2.1.1 because of following issue.

If you do not parse user yaml input in your application, then this issue does not affect you.
This blog post shows what security risks you should consider when you deploy your application at 3rd party cloud application platform. You can learn more about risk based testing in lecture 2 of BBST test design course.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather