Tuesday, April 22, 2014

Exploratory and Scripted Software Testing

My response to, The Software Tester’s Easter Egg Hunt
I also whole-heartedly agree with his overall point that skill-based testing is much more valuable than the ability to mindlessly create and run hundreds of scripted tests. The only issue here is that, in order to make Holland’s point a bit more realistic, you really need to add a few layers to this hunt:
  • The eggs aren’t always visible at first glance.
  • Each hunt lasts a finite amount of time.
  • After each hunt, someone else renovates the building and hides new Easter eggs.
When you include these factors in the equation, scripted tests can become an extremely valuable asset.
Also each bug may only appear when certain other conditions are in specific states and when they are not in those states everything works fine (pairwise and combinatorial bugs). Like I can't use your comment system with Chrome ("Disqus seems to be taking longer than usual. Reload?" - just forever, reloading...) but I can with Firefox.

The most apparent/predictable pairwise and combinatorial bugs can be caught with exloratory testing. Many may not be though.

Scripted testing is good to check specific settings for specific results. Doing a bunch of this programmatically is very useful (especially to catch unexpected bugs from minimal code updates - doing full exploratory testing of an entire application every time any code is updated would take a great deal of resources - and likely slow things down too). Doing some of it with a person looking for issues in specific test cases is wise.

Thinking this is all you have to do is very unwise. You need exploratory testing by a knowledgeable software tester (or if this isn't possible then exploratory testing by a user proxy - this is not perfect but is much better than nothing) if you care about the quality of your software.

Related: Which is Better, Orthogonal Array or Pairwise Software Testing? - Maximizing Software Tester Value by Letting Them Spend More Time Thinking - Cem Kaner: Testing Checklists = Good / Testing Scripts = Bad?

Tuesday, April 15, 2014

HP Leaders Once Again Caught in Corruption Scandal

Hewlett-Packard seems destine to continue to have extremely bad behavior by those chosen to lead the company. At some point they need to appoint a board with the ethics and moral compass to take the proper actions and the competence to take effective action.

Hewlett-Packard Admits to International Bribery and Money Laundering Schemes
Hewlett-Packard has admitted to creating and using slush funds for bribes, money laundering, and clandestine “bag of cash” handoffs in order to profiteer off of lucrative government contracts in Russia, Poland, and Mexico, according to court documents.

HP’s guilty plea carries with it a $108 million penalty — a combination of SEC penalties, as well as criminal fines and forfeitures paid out to the Department of Justice. Thus far no criminal charges have been brought against American HP executives. The multi-agency investigation, which was conducted by multi-national law enforcement partners, the FBI, IRS, and SEC, has revealed kleptocracies in the three foreign governments and corruption and dishonesty among HP corporate fat cats.
I have written before about the corruption on the HP board and other bad behavior. Such a shame for a company that once was ethical and produced value for society.

Related: Geo-obsolense from anti-global HP (in addition to planned [coded-in] obsolescence HP breaks customers products based on geography - HP Poor Service – Industry Standard? (2006) - $8,000 Per Gallon Ink from HP (2007) - Another Year of CEO’s Taking Hugely Excessive Pay (in 2008 HP CEO took 7.4% of corporate profits personally before being tossed due to ethical failings). - Bad Behavior at HP (2006)

Thursday, April 10, 2014

What I Would Include in a Redesigned Twitter Profile

Twitter has rolled out a new profile design with heavy emphasis on photos. It is being rolled out over the next few weeks, my account doesn't have it yet. Follow me on Twitter: curiouscat_com.

The new large banner image is good and the positioning of the Twitter user's avatar in that is good. The old design had the Twitter user's avatar in the middle of the larger photo which wasn't a great design.

The changes are not that large it doesn't seem to me, just some layout tweaking for more image space and a tiny bit of change (the list of followers is not "card" like instead of old tweet stream like) but still minor.

I would provide more space for the user to explain themselves and link to their other web sites, interests etc. I would have a new profile page (in addition to the current tweet stream page) that let the user write few paragraphs about themselves. I would let them add several web links (maybe force it into specific patterns but probably not). If it was forced into a specific pattern you could say let them add, for example): I would provide interesting view of data that can be gleaned from the Twitter universe on the profile page. I would have a "tag" cloud based on their use of # in their tweet stream (I would also put this tag cloud on their tweet stream page). How about a tag cloud based on those they follow? A tag cloud based on their favorited tweets.

Provide a link to their top 20 retweeted tweets (and such like things top 20 favorites). Provide another view with a decaying over time variable (so new stuff would rise and older stuff drop - like Reddit but much more slowly).

I would let them select tags they are interested in (and based on tags selected suggest other tags and users to follow). I would show links to popular users on specific tags. I would likely and some Klout like ratings (including doing so based on topics).

I would provide interesting data mining information based on users. For example, take the list of people following me, show a list of the top 20 people followed by everyone following me. Show a list like that but tweaked to compensate for overall popularity (so lets say Bill Murray is followed by millions of people and Justin Hunter isn't 5 of my followers following Justin would put Justin ahead of the 15 following Bill). I think there are probably all sorts of cool ways to show interesting stuff based on the data Twitter has.

I would also turn off nofollow on some links (I am not that tied to how this was done, personally I would do it for all links, in tweets, profile etc.) based on algorithms determining the user was popular and should be "trusted" as not spammy. It might make sense to have a couple levels based on how good the algorithm detrained the user to be.

Twitter is stuck in this outdated model based on fear of Google penalizing sites that annoy Google and so Twitter marks all non-Twitter links as "untrusted" (nofollow).

Maybe Twitter is also using nofollow because based on the poor way Google is using nofollow Twitter's pages itself are pushed high by telling Google not to trust any links on Twitter. Google+ started off not telling its Google search people all their links were untrusted. I am not sure, but when I look now it seems like Google+ has started untrusting all links that don't directly aid Google (so internal links to a Google page - like the users Google+ profile are trusted and all other links are said to be untrustworthy). We really need the other search engines to step of their game as Google gets worse and worse about finding good content and instead is focused on finding content that don't run afoul of any Google dictate.

It is this fear of Google that results in sites marking all links not to their sites (or sites with which they have corporate allegiance - so large companies benefit greatly from the aim to provide very few links that are not marked untrusted, as they have large set of corporate sites and large corporate alliances).

There is so much more Twitter could do with profiles and customization they really should be doing much more by now.

Related: Google Falls Victim to Google’s Confusing Dictates, Punishment to Google and Google Users Likely - How Google Could Improve Results (2005, most are still needed) - posts on usability (management blog)

I would also let you delete direct messages. I have idiotic spam DMs and I can't see anyway to delete them.

Tuesday, April 01, 2014

Site Owner Impressed with FBIs Response to The Theft of Their Domain

My Website Was Stolen By A Hacker. And I Got It Back.
The morning after I found out about the unauthorized transfer, I also called the FBI. I felt silly and dramatic making the phone call, but the reality is that this is an international cyber crime issue, and that’s FBI territory. And this is my business. It’s how I support my family, and it may be a “small matter” in the grand scheme of things, but it is not a small matter to me.

And let me tell you: of all the surprises I’ve had over the past week or so, most surprising of all has been the FBI. They responded immediately, with follow-up phone calls and emails, an in-person interview with two special agents at my own home within 24 hours, and a follow-up visit from two agents yesterday. Beyond that, each and every agent I have interacted with over the past week has been, without fail, compassionate, thoughtful, invested, respectful, and committed to action…in addition to treating me not like a case number, but like a human.

What I expected was to leave a message with a general mailbox and at some point receive a form letter; I certainly did not expect to see an active investigation opened immediately. I’m not going to write more about the investigation because it’s still ongoing (although I did ask for and receive permission to write about this), but I think it’s important to say how absolutely blown away I have been by the FBI’s response.
This is great news. The FBI needs to do a better job of stopping online crime. It is a difficult task, but the damage done is great and the criminals don't seem very concerned with the level of law enforcement effort so far. The task is very challenging and requires international cooperation. We should be funding a great deal more of that and a great deal less spying.

The companies she relied on did not do as well in your review of the situation

And once I reached people who could help me – who could literally make a single phone call or push a single button and return my property to me (or simply freeze it so that it could not be sold or destroyed) – they would not. They hid behind their legal departments and refused to do anything, knowing full well that their inaction would force me to either interact with and pay off a criminal, or lose an essential component of my business.

And hackers know that these companies will do this.

They rely on it.

There is a serious problem when a criminal enterprise not only exists “despite” a company’s policies, but actually thrives as a direct result of that company’s prioritization of their own interests over the security of the clients they allegedly “protect”. Do I understand why companies like HostMonster and GoDaddy are focused on protecting themselves against lawsuits? Of course I do. But the fact is that they not only do not “help” their customers, but actively contribute to creating situations that threaten small businesses and the families that they support.
The solution for this is that we need to support companies that prioritize doing right over those that decide to follow lawyers that could care less about illegal activity and the customers of their companies being defrauded. We need to move our sites to those companies with a history of doing what is right. To this we need to learn about what companies do so, which I am not sure of (Gandi might be a good registrar). Also, of course, use strong password, and use 2 factor-authentication if possible (with all your email account and other accounts - such as your registrar). The person that had their domain stolen believes the initial theft occurred due to a stolen email account (without 2 factor authentication).

Related: It is Refreshing to See Our Government Protecting Us - Bad Security on Government Required RFID e-passports - We Should Build Secure Software Systems