Friday, May 29, 2015

Flushing Out the Bugs

First, let me say that all of May has been a very difficult month weather-wise for those of us in Oklahoma, then later in May, for folks in Texas. Thankfully, all the tornadoes and flooding did not affect us personally, but we have friends and neighbors who were impacted and some of the stories are just tragic. So, I ask that if you are able to send a relief gift to the Red Cross designated for these disasters, please do so. It would really help those in need.

Here in Oklahoma we have had two years of extreme drought. One of the major lakes was over 31 feet below normal levels. Now, it has risen to 99% capacity. We have some lakes that are 33 feet above normal. Just in the month of May we have had 27.5 inches of rain, which shatters the record for the wettest month in history 
--> (May 2013 with 14.52 inches and the all time monthly record was 14.66 in June of 1989). Texas has also seen similar records broken. In short, we’ve had all the rain we need, thank you. California, we would be happy for you to get some of this for your drought.

The image above is of the main street of my hometown, Chickasha, OK.

Then, there are the tornadoes that make everything even more exciting. One night this month, we had to take shelter twice but no damage, thankfully. Then yesterday morning I was awakened at 5:30 a.m. to the sounds of tornado sirens. That is freaky because you have to act fast to see what is really happening. In this case, the tornado was 40 miles away, heading the opposite direction. I question the decision to sound the alarm in that situation.

Anyway…with that context…

About a week ago, I started noticing ants everywhere in and around our house. I mean parades of them everywhere. Ironically, I even found one crawling on my MacBook Pro!

Then, came the spiders, a plethora of other bugs, snakes and even fish in some peoples’ years. A friend reported seeing a solid white opossum near his house, which is very unusual.

And you perhaps heard that in one tornado event nearby on May 6, a wild animal preserve was hit and it was reported for a while that lions, bears, tigers, etc. were loose. Turns out that was a false report, too. But it did make for some juicy Facebook pictures for “Tigernado” movies.

Other weird things have happened as well, such as storm shelters and entire swimming pools popping out of the ground due to the high water table (and poor installation in some cases)!

But back to the ants and bugs and why they are everywhere. Turns out that we have had so much rain, their nests and colonies were destroyed and they are now looking for other habitats. The same has occurred with spiders, snakes, mice and rats.

In fact, my wife and I are finding bugs we have never seen before. I had to look some of them up on the Internet just to know what kind of bug I was killing.

That caused me to think about a new testing analogy to reinforce a really great testing technique. To flush out the bugs in something, change the environment.

Of course, the difference here in this analogy is that software bugs are not like actual bugs in many regards. However, there are some similarities:

·      Both have taxonomies
·      Both can be studied
·      Both can mutate
·      Both can travel
·      Both can destroy the structure of something
·      Both can be identified and removed
·      Both can be prevented
·      Both can be hidden from plain view

The main differences are:

·      Bugs have somewhat predictable behavior – not all software defects do
·      Bugs can inhabit a place on their own initiative – software defects are created by people due to errors

(Although I have wondered how squash bugs know how just to infest squash plants and nothing else…)

In the recent onslaught of ants, it is the flooding that has caused them to appear in masses. In software, perhaps if you flooded the application with excessive amounts of data such as long data strings in fields, you might see some new bugs. Or, you could flood a website with concurrent transaction load to see new and odd behavior.

Perhaps you could do the opposite and starve the environment of memory, CPU availability, disk space, etc. to also cause bugs to manifest as failures.

This is not a new idea by any means. Fault injection has been used for many years to force environmental conditions that might reveal failures and defects. Other forms of fault injection directly manipulate code.

Another technique is to test in a variety of valid operational environments that have different operating systems, hardware capacities and so forth. This is a great technique for testing mobile devices and applications. It’s also a great technique for web-based testing and security testing.

The main principle here is that if you can get the application to fail in a way that causes it to change state (such as from “normal state” to “failure state”, then it is possible to use that failure as a point of vulnerability. Once the defect has been isolated and fixed, not only has a defect been found and fixed, but also another security vulnerability has been eliminated.

Remember, as testers we are actually trying to cause failures that might reveal the presence of defects. Failure is not an option – it is an objective!

Although, we commonly say that testers are looking for defects (bugs), the bugs are actually out of our view many times. They are in the code, the integration, APIs, requirements, and so forth. Yes, sometimes we see the obvious external bug, like an error message with confusing wording, or no message at all.

However, in the external functional view of an application or system, testers mainly see the indicators of defects. These can then be investigated for a final determination of really what is going on.

As testers, we can dig for the bugs (which can also be productive), or we can force the bugs to manifest themselves by flushing them out with environmental changes.

There is one more aspect to this situation. With all the standing water and moisture, the next phase will be mosquitoes and ticks. The tick invasion has already started.  Instead of being flushed out my the flooding, these parasites are attracted to it. What attracts the bugs in your software?

And let’s be real here. In some software, the bugs are not at all hard to find!

Me? I’ll continue to both dig and flush to find those defects. Even better, I’ll go upstream where the bugs often originate (in requirements, user stories, etc.) and try to find them there!

Tuesday, May 26, 2015

Upcoming ASTQB Conference 2015 and Free Webinar

I hope you had a great weekend!

I want to let you know about two events that will add value to your testing efforts. 
I'm very excited to be a speaker at the upcoming ASTQB Conference 2015 in Washington, D.C. on September 14 - 16. This is a special conference because we are giving focus to critical topics such as Cybersecurity Testing, Testing of Critical Applications, The Business Value of Testing, Agile Testing, and Test Leadership. In this conference, our goal is to provide valuable take-away ideas for increasing the reliability, security and quality of software projects.

I often tell my clients there are two places you don't want to be during or after a project - the newspaper and the courtroom. Your organization's reputation is at stake with every project. I'm sure, like me, you hear stories every week of another cyber attack, system failure, or failed project. The costs of these failures are enormous.

At this conference, we are bringing together some of the country's leading experts on cybersecurity, software quality, and test management to provide real-world solutions to some of the most challenging issues we face as software testers.

Early-bird pricing is still available until June 15. But, if you use the code "astqb2015a2u" during registration, you get an extra 10% discount!

Free Webinar - Thursday, June 4 from 1 p.m. to 2 p.m. EDT

As part of the lead-up to the ASTQB Conference 2015, Taz Daughtrey and I will be presenting a free one-hour webinar on how to "Protect Your Company - and Your Software Testing Career." This free sneak peek of the ASTQB Conference will preview the keynote topics, tutorials and breakout sessions that are designed to keep you out of trouble.

In addition to the preview of the conference topics, Taz and I will share some practical information you can use immediately in testing cyber security, mobile applications and agile projects. I'll discuss a few of the new "Free and Cheap Tools" I have found recently as well.

I promise it will be an entertaining and informative time!

Very important note: This webinar will be full at 100 people. We will probably get 300 or more registrants, so if you want to actually get in to the session, you will want to log in early - at least 15 minutes prior.

I really hope you can join me at one or both of these events!

Thanks for reading,


Wednesday, May 06, 2015

Just Another Brick in the Wall ( And What it Means to Your Career)

I hope you are having a great week. I wanted to share some thoughts today about building your career. I hope you read through this short article and see some of the training events and offers I have for a limited time.
Recently, there have been two new homes built right next to me. The noise and mess can really get to my wife and I at times, but it’s a part of living in a partially developed neighborhood.

The house across the street caught my attention the other day. The house has been under construction for months and now the workers are in the process of laying natural stone on the entire front of the home.

What strikes me about this process is how slow it goes. This is not a process that can be completed in a day or two. This is more like a matter of weeks. Each stone must be made to fit in a particular spot to achieve a particular appearance. The stones can’t be cut in advance because each stone is uniquely fitted with other uniquely shaped stones.

This got me thinking about how we build our careers. Your basic education in school is the foundation, but after schooling is finished is when the real learning begins out in the real world.

All the skills we learn, the experiences we have with people, the books we read, the courses we attend, the projects we work on, are all stones in our wall. That’s why the wise person keeps fitting new stones into their wall.

Some people end up with a fully formed wall (i.e., career), although sometimes it may need even more stones added. Others lay only a few stones every so often that may look nice to a point, but fail to reach the level they desire.

This is hard work. It takes time to read the books, take the courses, complete the projects, get the mentoring, make connections, and do all the other things needed to keep building a career.

This is also why sometimes we see people with twenty years experience in their field, but it’s actually one year of experience repeated twenty times over. You want to be the person with diverse knowledge and experience. That’s one reason I went into consulting. I figure that one year of consulting experience is like three to five years of job experience in that I get to experience so many new things just in one year.

My encouragement to you in this short post is to stay at the work of adding those stones to your career wall. It’s slow and painstaking at times, but the reward is a beautiful work of craftsmanship – a career that serves you now and in the future.

E-Learning Specials

I have five courses on sale through Wednesday, May 13th:

Basic Training in Software Testing - $249 per person, a savings of $150.
Structured User Acceptance Testing - $349 per person, a savings of $221.
All ISTQB Advanced Level Courses - $100 off the normal price, exam still included! Use Coupon Code "ASTQB12A" to get the discount.

If you already have the ISTQB Foundation Level certification, now is a great time to go deeper with advanced level training!

Live Online Class - Establishing the Software Quality Organization - May 19 - 20, 2015, 1:00 p.m. - 4:00 p.m. EDT

This is a great class led by Tom Staab. In this course you will learn the activities required to establish a successful software quality organization (SQO). The SQO is comprised of three distinct quality functions, quality assurance, quality control (testing), and configuration management, that work in harmony and complement each other. The successful establishment of this function requires careful planning and execution. It is essential that the SQO function provides business value and ROI to the organization; therefore it is imperative that it has the proper placement, infrastructure, and governance. This class further defines all activities related to the successful planning and establishment of an SQO activity.

Thanks for reading this newsletter! Please contact me if I can be of any service to you. I am happy to create a custom quote on training and consulting for your team.

Best regards,

Randy Rice