Category Archives: learn testing

Exploratory session of Pena Palace

Reading Time: 2 minutes

TL;DR

Using this excellent post by Marcel Gehlen , I am learning about exploratory software testing.  I created github wiki where I put notes about every resource listed in that post. This post is practical exploratory session of Pena palace located in Sintra, Portugal.

My vacation for end of this summer was Portugal tour, organized by Mondo Travel agency. Part of that visit was Pena national palace, located in Sintra town. As I just had read about session based test management by James Bach, I decided to practice it on Pena palace.

# CHARTER

Mission: Cover every walking path allowed to tourists in Pena palace and document interesting parts using Iphone 6s camera.

Note: When you do testing coverage, it is very important to state in report which coverage was done. Cem Kaner listed 101 testing coverage types, so please read it in order to know how complex is test coverage problem. By stating properly your testing mission, it is easier to estimate how much testing sessions is required.

I stated that I would do every walking path allowed to tourists. So no sneaking to restricted areas. Here are some other possible testing coverage types:

  • investigate every wall picture
  • investigate every palace window
  • investigate every palace door
  • investigate every tiles

# START

I know exact time that is when I took first Pena photo.

# TESTER

Karlo Smid

TASK BREAKDOWN

# DURATION

90 minutes

Note: This was “hard” requirement, because if I had exceeded that time, my group would have waited for me.

Timestamp of last picture

# TEST DESIGN AND EXECUTION
90%

# BUG INVESTIGATION AND REPORTING
0%

# SESSION SETUP
10%

As a group, we got info about Pena Palace from our guide. Also, I checked my testing tools, Iphone 6s and Iphone 6s smart battery case.

#CHARTER VS. OPPORTUNITY
80/20

Note: Kitchen looked very interesting. I would have definitely investigate it more if I had had more time.

# DATA FILES

# TEST NOTES

I managed to walk all available paths and document all items of my interest. When you go on vacation that is organized by agency, your are in the group and you need to adapt to given time. This is tradeoff. Positive thing is that you meet new people that have something in common: like to travel!

# BUGS

None

# ISSUES

None

In this post you learned about test coverage and how to apply session based test management during your leisure time. Have you noticed that exploratory word was striked through in TL;DR? James statement is that every testing is exploratory, so there is no need for exploratory word. And I agree with that statement based on my practical experience in last month when I applied my latest knowledge of exploratory testing.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Learning risk management by example

Reading Time: 2 minutes

TL;DR

After taking state of the art software learning courses, I concluded that best way to comprehend knowledge is to learn by using examples of presented  materials.

How to measure quality of a course or workshop? For me, one metric are examples used in course or workshop. Of course, not THE NUMBER of examples, but my subjective measure how examples helped me to understand theory. And what is more important, how those examples help me to remember what I learned.

My examples of such courses are Rapid Software Testing  by Satisfice or BBST courses by AST foundation.

Today is SATURDAY and it was RAINY morning, and I drove to my hometown Zabok in EARLY morning. Security of my trip was jepordised on third stop light. Traffic lights were off. This was intersection with one direction road and intersection had road signs.

Should I wait for traffic lights be repaired? In that case, I will be late.

Since it was SATURDAY, EARLY RAINY morning, the traffic on the intersection was very light and it was intersection with one direction road, I crossed the intersection SAFER than on working day.

Ok, that was example, but what is the topic?

Your project is using a lot of 3rd party software components. Those components could have important security fixes. Deployment of new version for 3rd party component requires testing.

You are at YOUR crossroad with jeopardised security, this time of your product.

Should you upgrade? Will your sprint be late because of it? Do we need to deploy? Can project be secure enough without the patch?

This is security risk analysis for your product in the context of 3rd party component security fix. You need to create questions and answers in the context of your product and related to software security domain.

Can you give us any example?

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

The Black Swan event

Reading Time: 2 minutes

TL;DR

Yesterday I experienced negative Black Swan event. I will described it along with explanation what is Black Swan event.

This is explained in the book “The Black Swan (Taleb book) which is on my reading list. Every influenced software tester will recommend it.

“””The book focuses on the extreme impact of certain kinds of rare and unpredictable events (outliers) and humans’ tendency to find simplistic explanations for these events retrospectively. This theory has since become known as the black swan theory.”””[Wikipedia]

Yesterday I arrived home with combination of olive and engine oil on my sneakers. The risk: this significantly lowered traction between my shoes and ground, so there was high probability of fall.

I was in grocery store. There was funny smell in the grocery store. Then I heard crashing sound. One lady dropped a bottle of olive oil at the store entrance. I was in a hurry and did not wait for employee to clean this.

A few minutes later in public garage next to the place where I parked there was a car with big oil spill. Car owners were tourists.

My simplistic explanation (thinking about this event for five minutes).

It is highly probable that people drop things in this grocery store because they get sick with funny smell.

Yearly increase of tourist visitors in Zagreb is on average 10%. It is highly probable that you will meet tourist with broken car.

To conclude.

“””The main idea in Taleb’s book is not to attempt to predict Black Swan events, but to build robustness to negative ones that occur and to be able to exploit positive ones. Taleb contends that banks and trading firms are very vulnerable to hazardous Black Swan events and are exposed to losses beyond those that are predicted by their defective financial models.

The book’s position is that a Black Swan event depends on the observer—using a simple example, what may be a Black Swan surprise for a turkey is not a Black Swan surprise for its butcher—hence the objective should be to “avoid being the turkey” by identifying areas of vulnerability in order to “turn the Black Swans white””” [Wikipedia].

My robustness in this context. For last year of so, I pay extra attention to my shoes. They must have Goretex or similar technology, and advanced sole technology. Currently I am using Columbia Men’s Ventfreak Outdry Multisport Mesh Athletic Sneakers with Omni-Grip™ non-marking traction rubber outsole. The reason is my back pain and when I am wearing those shoes, I do not have back pain. By keeping attention to my back problem I also enhanced my robustness to explained Black Swan event.

Hmm, how can I apply that to my software testing?

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

What I learned at Testival #30: learning by playing card games

Reading Time: 2 minutes

TL;DR

This post is about hands on session for learning about software testing using card games.

Intro

At TestBash Brighton2017, on Friday conference day, during the Lean Coffee, one lady ask question that you have probably already heard: “How should I motivate my team of testers?”

I suggested card games. Another participant immediately dismissed me: “I DO NOT LIKE GAMES IN SOFTWARE TESTING BECAUSE THIS IS NOT PROFESSIONAL!”

Noticed that this was his subjective opinion and he did not provide any arguments why is this bad idea. Well dear fellow software tester, this blog post is to prove you wrong.

Introductions

As usually, we started with 2-5 minute introductions. Every tester must be good at explaining things, so this is good way to practice that craft. We had new participants, 3 of them international. Meetup .com is powerful platform.

In this video extract, Priamo explains one concept from excellent book: “The design of everyday things

TestSphere by Ministry of testing

TestSphere is deck of cards about testing concepts, 100 cards divided in 5 dimensions:

  • Heuristics: Possible ways of tackling a problem.
  • Techniques: Clever activities we use in our testing to find possible problems.
  • Feelings: Every feeling that was triggered by your testing should be handled as a fact.
  • Quality Aspects: Possible aspects of your application that may be of interest.
  • Patterns: Patterns in our testing, but also patterns that work against us, while testing such as Biases.

My point of view is that TestSpehere cards can be used for:

  • test plan
  • interview tester
  • share learning

TestSpehere also represents coverage of knowledge that skilfull tester must have. We randomly picked up green cards which represent technique. Each card has:

  • name
  • product level – hint how you should apply this card
  • three examples to seed idea flow

And magic happened! I handed a card to each participant and everybody had something to say about it. Which means we have the knowledge for software testing techniques, and TestShere cards helped us to structure that knowledge.

FluXX

FluXX is card game where rules and goals could be changed on every hand play. You have seven card types:

  • basic rule – draw one, play one. Game initial state
  • new rule – adds rule and removes existing rules if contradicts with them

Hmmm. Are those two rules contradict each other?

  • Goal card – how to win instruction
  • Creeper helps you to lose
  • Keeper helps you to win
  • Action – do something
  • Surprise

Note: play and discard card are two different actions!

How to play? Have one experience player and just play. Start from basic rule, everything else is written on cards (requirements!), but, you will have to think in order to apply them.

Fluxx helps you to practice all types of thinking in fast changing environment.

Game of Set

Helps you to practice multidimensional pattern recognition.

You have four properties: shape, quantity, filling and colour. Each property could have three values. Rule is very simple: you have 12 cards on a table, cards make a set of three if each of four properties are same OR different.

During gameplay I noticed that players usually forgot about one dimension, or they do not take into account that properties could also be DIFFERENT.

Have you ever tested something that has more than four dimensions? Our brain has system one and system two (more about that in Michael Bolton’s Critical thinking for testers.), you need to give system two time to wake up!

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Be careful with your testing tools

Reading Time: 2 minutes

TL;DR

In this post I will describe how I got different test results using two testing tools Bug Magnet and Counter strings.

Bug Magnet is handy Chrome Extension developed by Gojko Adzic.

It is: “Convenient access to common boundaries and edge cases for exploratory testing.

Counterstings is implementation of James Bach algorithm that quickly reveals character position in string.

In my test, I used them to check maximal number of allowed characters in input form. This test should be simple, right?

One interesting thing happened. I first used Bug Magnet and inserted string with 128 characters. String was accepted and test failed because maximal allowed number should be 64 characters. I did second test with counterstrings. Boundary of 64 characters was successfully detected. What!?

What happened?

For me, any test should provoke sapient thinking process. In modern web applications, input form could be implemented in two ways:

  • html 5 standard, where all input constraint checks are done by browser code according to that standard

You can recognize this by inspecting input text box (Chrome developer tools) and if you see something like this:

<form action="/action_page.php">
  Username: <input type="text" name="usrname" maxlength="10"><br>
  <input type="submit" value="Submit">
</form>

then input textbox is implemented in pure html5.

  • using one of popular javascript frameworks (Angular for example, and that was the case with application that I was testing).

Then there is javascript code triggered on keyboard typing action. That code usually manipulates DOM tree to create better looking results.

Application created using modern javascript framework.

Bug Magnet is implemented in javascript, and it manipulates DOM tree in order to insert the test data. Be careful, because application user does not do that. Application user types directly into input box. Doing that manipulation, Bug Magnet managed to avoid string length check.

Counterstring uses Ruby on Rails code to generate counterstring on server side. It uses javascript to copy/paste counterstring to user clipboard. My input was done with copy/paste, something more closer to application user.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to expose your reading list using rss

Reading Time: 1 minute

TL;DR

This post is about how I manage blog posts reading list. It list tools that I use on daily basis to collect and share what I read.

My first try was twitter. I use it for collecting my blog post reading list by following software testers that blog about software development and testing topics. Here is my following list.

But very soon, twitter failed me. As they started pivoting their business model, very soon I received in my twitter feed a lot of noise (shares, likes, advertisement, flame discussions).

Then I turned to rss Google reader. RSS is old technology, and you can check if web site supports it by just adding /rss at the end of site url. No noise, no flame wars, just useful data. Notifications about new blog posts. But Google decided to shut down Reader (no advertisements rings a bell).

Rss reader market is not so big, and after short investigation, I found Newsblur . It has browser and mobile desktop and I use paid option (I think 27 us$ per year).

I have around twenty feeds that I am following (security, software development and software testing).

Another issue is how to share what I have red to support the author? I know, there is Twitter, Facebook. But my Facebook friends are mostly not connected with software development.

Here is how I share my reading list. Newsblur has it own share feature, one click away. It is called blurblogs. What I share, directly goes to my blurblogs page. That page also has rss feed. I expose it on this blog first page.

rss is old and very useful technology, give it a try.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Safety nets

Reading Time: 2 minutes

TL;DR

In this post I will present two examples of safety nets created by software industry professionals.

Note the context, I stated software industry professionals, which includes anybody involved in software development.

In Circus, trapeze artists have safety net to catch them if they fell. In modern software development, safety net for developers are software testers. Not to save their life, but to catch as many bugs as possible. In order to resolve that issue, companies started to remove dedicated software testers. Software developers are responsible for all software testing.

This is wrong from two angles. First, software tester job is not to find bugs but to provide information about software to people that matters (doing that, they also find bugs). Second, software testing is a craft that has SOME connection points with software development (writing automated tests). And usually, software developers are very bad at testing. I do not mean they write bad software testing automation code, but they are very bad in performing experiments (James Bach: “Testing is not about creating test cases. It is for damn sure not about the number of test cases you create. Testing is about performing experiments.)

During the Brighton TestBash 2017 open session day, I listened conversation between Anne-Marie Charrett and Paul Holland about safety nets. She consulted in company that removed software testers. They wanted to “cut” developer’s safety net. And guess what, developers found another safety nets.

I also have one example. I created a document with installation instructions. In order to avoid copy/paste effect, all commands were put as screenshots. Guess what? Software tester created his intermediate text file with those commands, so they could be copy pasted. As that created another level of documentation, those .txt files become very soon out of sync with main document that had screenshots.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Speak Easy program

Reading Time: 2 minutes

TL;DR

This post is about my journey start with speak easy program.

During the CAST 2016 in Vancouver, I heard about speak easy program. That program helps you to compose your talk proposal for testing conference. It is voluntary based and created by Anne-Marie Charrett and Fiona Charles.

I applied in August last year.

On patient. When I asked my friend Zeljko Filipin how to make a good homebrew beer, he said: “To make a good beer, the most important part is patient”. With my third batch on the way, I found that it is true. Just to taste your beer, you need to wait for one month.

This month, I got speak easy feedback. I was patient because I knew that this is free volunteer based program.

After few emails exchanged with speak easy volunteer (I stated my time zone and most important testing topic which is at the moment Session Based Test Management) , I was assigned to Gil Zilberfeld.

He asked me a few questions to put me in software testing context, and we are set to go.

For start I need to pick three testing topics, which will be foundation for my future talk proposal.

Why I assigned for speak easy?

As when you want to learn some new framework or programming language, you start by reading and applying a book written by the expert from that domain. SpeakEasy will help me to get professional help from the domain of preparing and giving software testing talk.

Because I think that I have some valuable thoughts about software testing. My goal is to apply testing talk to permanent TestBash call for papers. TestBash is paid conference, and if I would be accepted, I own to participants to give my talk in the most professional manner. SpeakEasy will help me to do that.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Screen size test strategy: always test on smaller screen

Reading Time: 1 minute

TL;DR

This short post is about simple but effective test strategy that varies application environment: screen resolution.

When you test application, ask developers which resolution they use and then set the resolution for your computer screen to value that is less than minimal developers value. Screen resolutions have some standard values.

For example, if minimal developer resolution is 1440×900, you should set 1280×800.

Developers use large screens with big resolutions, so they are not best representatives for users of your application.

Using this strategy you will find corner view cases. If application view contains a lot of UI elements, then you issue will be dismissed. In that case, when you are testing again that application page, set you screen to larger resolution. But do not forget to set it back to lower one when you are done with that screen.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Do not be tester’s police

Reading Time: 2 minutes

TL;DR

This post is about 99 seconds talk that I presented at Testbash Brighton 2017. Idea is that we should not act as tester’s police in agile team.

Doing stand up comedy helped me to do public speaking, and doing 99 seconds talk in front the full Testbash audience was a great experience. Stand up comedy helped me to realize one other important thing. Greg Wilson said in his stand up comedy video course: Do not be the stand up police, you need to worry about you r act in front the audience, not about other stand up comedian acts. Doing that, I improved my stand up comedy act a lot.

Presenting your ideas and knowledge as police officer is not a good approach. How do you feel when you are stopped by traffic police officer? I am always nervous and scared, despite the fact that I had not done anything wrong.

You have to tailor your approach first. When you have some feedback on developer, product owner or conference organizer, try first to understand their line of work.

Being a developer is hard work. New languages, frameworks, IDE, coding katas are what they need to learn on daily basis. So it is possible that they put testing mindset on the side. For start, just try to read some introduction blog posts about their topics.

Project owner has to deal with people and how to direct their talents to final product. And people are emotional machines, they compare with each other, and product owner is in the middle of that story.

Organizing a conference is hard work. Try to organize one, and you will know what I am talking about.

When you comment on blog post idea, do it by writing your own blog post with follow up thoughts. You do not have a blog post and you put harsh words as your comments? Shame on you!

In order to feedback on something, you need to be credible for that. Organize a conference, write a blog post, read about development framework or language. You have to own the right to comment on something.

All 99 talks can be found in this 30+minute video:

https://dojo.ministryoftesting.com/lessons/99-second-talks-testbash-brighton-2017

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather