Pages

June 18, 2017

Nortal Summer University Workshop About Tools for Front End Testing

On last week Nortal held Summer University once again for junior specialists who want to join us. The first week was about general introductions and workshops just to give a taste about Nortal itself and about the role of juniors (some of them are developers, some of them analysts and testers, of course). So I did a small workshop about tools for testing front end and I want to share some thoughts about it.

The content of the workshop is available at GitHub repo – github.com/iriiiina/nsu. You can find three exercises, used tools and further reading there. The workshop was made for non-IT people, who were not encountered testing before.

First two exercises I've made specifically for this workshop, so you can find some hidden bugs in HTML and JavaScript code using DevTool or some browser extensions. Third exercise was about REST services and Postman, so the link is just a sandbox where you can take a lot of different types of REST services.

The slides are here, but they are not very useful without the explanation:


This is the first workshop that I would like to reuse and improve – I never wanted to repeat any of my previous workshops before. I don't know why, may be because this one is simple and can be introduced to any kind of specialists and levels.

I didn't get a lot o feedback from participants (there was about 10 people), but here are some:
  • I found front-end testing tools part really useful.
  • Very informative, nicely composed workshop plan.
  • Very useful tools; a bit hard to follow the demonstration at times.
  • The topics were cool and informative but the presentation was a little slow.

The presentation was indeed slow for some IT students, because they already knew DevTool and may be some other staff. So one of the lessons for the next time is to create more flexible content and give an opportunity to dive deeper for people who are bored.

The second lesson is better plan less and make more breaks, which in this case worked great for me. I was actually surprised how timing went well this time.

And the last lesson is don't waste time on technical staff that doesn't matter for the main goal. For example, don't mess with creating your own REST services if you want to show Postman. Or don't deal with data base if you want to just print some data (you can save it into browser storage or into session). It went quite well this time as well, mainly because I had a limited time for preparation, so external limitation didn't allowed me to play with all this staff, which is sure interesting, but makes everything more complex.

In summary, this was the first workshop that didn't make me think that I hate public speaking. Maybe because I was least prepared for it and improvised a lot.

June 11, 2017

Nordic Testing Days 2017 Summary

This year I participated only on two conference days of Nordic Testing Days and didn't take any tutorial. Here is a small summary about tracks I took (the order is chronological).

[keynote] Enjoy the Ride! by Henrik Roonemaa

Very good talk for the keynote: interesting, not very technical and a little bit off topic. Some short takeaways:
  • There are two types of bad products: those that exit the market and those that enters it.
  • iPad has a great intuitive design – that's why it's the future. Not for technical people, but for the majority.
  • In the internet you are for everybody or for nobody.
  • The product should do something for me, not me doing something using the product.

[workshop] How to Build a Robust API Checking Framework by Mark Winteringham
Nothing new for me. One good phrase: if you submit a form for many times, what do you test: UI or API?

[workshop] Me, Myself and Siri by Sami Söderblom
It was not very useful, but really fun. There was a small part about other AI systems besides Siri, but just as references. In summary – you can't really use Siri at work now: may be in a combination with clicks if you really want to, but it's not faster than usual computer usage. However this workshop was way better, than many so called "useful" ones.
Interesting links:
  • @seeBotsChat – Twitter account of two AI robots speaking to each other
  • Quick Drawing – game-ish neural network, that recognizes human's doodling
  • Perpective – API that tells you how many people will be abused by your text etc
  • Wolfram Alpha – API that measures and compares everything

[keynote] Creating Yourself as a Tester – make your own testing path by Alan Richardson
  • Describe rather than define.
  • Do notes about how you work and analyse them later to work better.
  • People who came up with software testing knew math and physics very well and they generalized some complex staff to known testing methods. But to understand the roots of these methods you could learn math and physics as well.
  • People are complex systems. If you are trying to copy someone you are coping only high level of the whole system. That's why you need to develop your own system with roots and low levels.

[keynote] 10 Commandments for Ethical Software Testers by Fiona Charles
  • Developers don't even know that libraries, that they are using, collect users data.
  • Big data is fed into fare and independent algorithm, but this data was selected by someone. Data is biased.
  • There are risks in acting, there are risks in not acting. How much risk do you tolerate?
  • If you have concerns – make good solid notes for future evidence.
  • We develop systems, because we can. Not always because it makes the world a better place.

[workshop] Just Enough JavaScript to be Dangerous by Alan Richardson
The level of the workshop was "like fish in the sea", but as for me it was more for beginners. But I have learned a couple of new tips: like iterating an array in JavaScript without a loop or snippets in Chrome DevTool. Also that button as not a button element is bad, because it leads to cross-browsers problems.

[talk] Test Your Java Applications with Spock by Iván López
Best track on the whole conference! There is a funny thing: the best talk on testers' conference was from a developer. It was actually a demo, where unit tests on Spock and Groovy were shown. And here is a second funny thing: it doesn't need to be a workshop to learn a technical staff. Iván López just showed really cool features of Spock (like presenting an arrays in tables for data driven testing), so I definitely will try it at work.

[talk] A Story of a Tester Building his First Mobile App by Risko Ruus
Good short talk about how idea came true as an app.

[talk] Determining Your Application's Heartbeat Through Monitoring and Logging by Gwen Diagram
General talk about need of proper logs and monitoring systems. Maybe useful for beginners who didn't encountered real projects yet.

[keynote] Building Smart and Reliable Self-Driving Robots by Kristjan Korjus
Perfect for final keynote, but I wish the robot do more staff on the stage.
  • They limit speed of the robot to 6 km/h, so it won't be classified as self-driving car and won't fall into regulations.
  • Software can help to get maximum out of a crappy hardware.
  • They don't have tests and documentation, because hardware is changing too quickly.
  • To avoid security issues related to 9 cameras on robots, no person ever see pictures with normal resolution, so it's impossible to see numbers or faces.
  • Craziest people are in London, who says something like that's my street, I don't allow robots here!
  • There is no self-destruction system, because they don't have tests and what if there is a bug in this system? :)


Other Staff Mobile app is super cool! I don't see point in notes and feed, but favourite tracks in the schedule, notifications and feedback is very convenient.

Notebooks with conference floorplan and tracks description is cool, as always.

Drum show with drum sticks is the best!

March 12, 2017

Secure Logging Training by Clarified Security


This is my second training in Clarified Security, first one was Web Application Security. This one is shorter – only one day, – and trainer was Mait Peekma.

The most useful part for me was about what and how to log, but unfortunately it was the shortest one. As always, logging depends on the context of your application, so the only thing that public training can give you is the understanding of attacker's logic (like log evasion and tampering) and the sense of importance of logs in software security – both these things were done good.

In summary, good training to start. If you participated at Web Application Security before, then you already know some things, but in Secure Logging they were expanded. Also I had a chance to perform some attacks that I have heard about, but never succeed to do them by my self. I suggest it for those who should deal with incidents or just care about security.

February 11, 2017

Automatic W3C Validation Using YAML Conf in GitLab Continues Integration

As I already wrote I host my Profile Page on GitLab and use Runner to deploy the code. Runner is quite powerful tool, than can be managed with YAML .gitlab-ci.yml conf file.

Basically, it means that after every commit some automatic actions happen (well, actually, not on every commit, depends on how you configure it). In my case .gitlab-ci.yml looks like this:

stages:
  - deploy
  - test

pages:
  stage: deploy
  script:
  - scripts/move-content-to-public.sh
  artifacts:
    paths:
    - public
  only:
  - master

w3c-validation:
  stage: test
  script:
  - scripts/w3c-html-validation.sh
  only:
  - master

It means that after I commit something into master branch it performs deploy stage (script move-content-to-public.sh) and test stage (script w3c-html-validation.sh). Both scripts are my own custom sripts and in this post I want to talk about the second one – W3C validation of HTML file.

You can find the script content in my repo: w3c-html-validation.sh. The good thing is that W3C has public API for validating some URL. So all I need is just requesting this API with URL of my page as an input parameter. And that's the reason why I perform the test stage after the deploy stage: new changes need to be published to check them. Also, W3C errors are not verty critical, so I dond't want to fail the whole deploy because of them.

It looks like a very simple thing (it actually is), but it took a time for me to configure this validation (as I was not very familiar with YAML), so I decided to leave some notes here.

February 9, 2017

Profile Page 2.0

Two weeks ago I published my Profile Page. Since then some changes were made, that I think are worth sharing.

First of all, blog changes. As I have now profile page I don't need to keep same staff here, so blog design has been simplified: pages with extensions and the right panel with some weird staff has been removed to give more space to post content. I think I will make some more design changes in the near future.

Second big staff: both FireFox extensions URL&p and JIRA Issue Opener has been finally refactored and redesigned. So now they are in consistancy with Chrome extensions and should properly work with final FireFox versions.

After reading an article An opinionated guide to writing developer resumes in 2017 I decided to remove skill progress bars from the page and CV. Now there are two sections of Strong and Knowledgeable technical skills. Also short descriptions of previous experience has been added to CV.

One more modern thing that I have completely forgotten about is page sharing in social media. So this time I added some meta tags to help Facebook and other medias better share my page. Good article about sharing: A Guide to Sharing for Webmasters.

At last, I have encoutered interesting fact: fixing general and fundamental architecture things automatically fixes several small bugs. Of course, I knew it before, but I have never experienced it personally. For example, I am a fan of SVG pictures, but in Microsoft Edge they looked strange. I didn't pay much attention to this compatability bug, but at some point I started to optimize pictures for web. And it turned out, that you should never use text as a picture. If you have only text you should use HTML+CSS (and almost always it's possible to get the same result as with picture). So I migrated all headers in profile section from pictures to text and the Edge problem was automatically fixed.

January 29, 2017

Profile Page with HTML5 and CSS3

I decided to learn about new web technologies, so I have a plan to build a few small projects. Basics first - profile page from scratch (without any CMS-s and templates) - irina-ivanova.gitlab.io.

All the source code of the page and description about used technologies can be found in GitLab repo gitlab.com/irina-ivanova/irina-ivanova.gitlab.io.

Shortly: HTML5+CSS3 (and a little bit of AngularJS to show last 3 posts from this blog). New challenges for me were responsive design (which turned to be not so hard as I thought), SEO and performance (images and fonts optimization, SVG, content optimization etc).

Also I tried to use new Git manager GitLab and I love it! GitLab, unlike GitHub, allows to create private repos for free. Also there are a lot of free build in functionality like milestones, issues, Kanban board, continues integration, hosting the page etc. I'm not only host this new profile page there, but I migrated all my extensions and scripts from GitHub. Speaking of extensions, I redesigned them all (actualy, only Chrome ones for now), so they should be more fresh and modern now. GitLab has one downside: UI is a litle bit slow and continues integration sometimes pending the changes for an hour (but not too often).

If you are interested in details about used tehnologies and resources - see README file in the repo. There are some links on articles that being used in the process.

Some surprises during this experience:

P.S. The day I was planned to publish the page and this post I've got a subscription email with the article An opinionated guide to writing developer resumes in 2017. A lot of things in my CV are incorrect and I plan to change it in the near future.

November 19, 2016

Use Oracle Data Base in Command Line


Cadmus Asks the Delphic Oracle Where He Can Find his Sister, Europa by Hendrik Goltzius, 1615


Sometimes I need to make some quick changes in data base. Or I need to do several changes using some patterns and templates. In that case I don't want to open editor (I use DataGrip) and wait for loading all resources, connecting to DB, opening SQL window and inserting or copying SQL query. I am that kind of person who keeps open only those applications that I am going to use in next 30 min. If I don't plan to use something in next half an hour I close it, so every opening takes some time and effort.

The best way to save time and effort is command line or, actually, scripts. SQLPlus is a great tool for using Oracle data base in the console. You can find instructions about installing SQLPlus on MacOS on StackOverflow: Oracle Sqlplus client on Mac.

The annoying thing about using data base in the terminal is connecting: you have to remember and write all credentials of data base every time you want to connect to it. But, as usually, scripting resolves this problem. I wrote simple Bash script connect-to-oracle-db.sh, that opens connection using small alias as an input. For example, I write sql test in terminal and it opens connection with test data base where I can write some SQL right ahead. Instead of test it can be any base that I work with: demo, live, production etc.

Second script that I use is changing some value in specific data base in specific table. Some times one of the clients asks me to change specific data in their DB, so now instead of opening an editor I can just run a script with parameter given by client and it changes all the data, which saves me time and doesn't disturb my attention on other tasks so much. The script looks something like that:

#!/bin/bash

parameter=$1
sqlplus= # Path to SQLPlus
username= # DB username
password= # DB password
db= # DB name

SQL="
  UPDATE some_table
    SET some_column = some_value
    WHERE some_other_column = '$parameter';"

"$sqlplus" "$username/$password @$db" << HERE

$SQL
commit;
quit
HERE

Of course, SQLPlus doesn't replace editors like SQL Developer or DataGrip, but it can save a lot of time and effort in performing small and routine tasks.

October 24, 2016

Why I Don't Like Testing Conferences


The painting: "The Witches’ Cove" by Jan Mandijn

The best book about software testing has following introduction: "This book is about software development as we've experienced it." ("Lessons Learned in Software Testing" by Cem Kaner, James Bach, Bret Pettichord). Because you can't talk about testing without the context of the general development itself.


I like conferences – they are usually very inspiring, motivating and sometimes challenging. Visiting testing conferences gives a lot of ideas how to do my job better, but almost always that means improving some processes at the project. And it's almost impossible to change some steady process if more than 10 (or even 5) people are involved in it. To change the process you need to convince all team members that it brings benefits to the project or product. And to convince team members you need to retell the story you heard on the conference (which usually is as long as the conference talk or even longer with all the preparations you need to do) and to be talented speaker (usually inspiring speakers at the conference are good at speach), which in major cases is not true. So, wouldn't it be better that all (or maybe the key ones) team members just visited the conference all together to hear the same talk from experienced speaker and be inspired all at a time?

Majority of the people in the audience is having some ideas during the talk, they are very inspired and willing to do some changes in their project, they came back to work and start to talk about these changes with developers or project managers and then... they get couple of arguments why it won't work in this specific project. And this person, who visited the conference, is not so skillfull as the speaker to pitch other team members. So everyone thinks he is a boring tester who constantly offers some silly ideas.

This is not just impractical, this is harmfull. It brings discord between programmers and testers (and analytics, but programmers vs tester is the most popular confrontation). Programmers doesn't understand why testers suggest to do their life harder, because they haven't heard the same speach. For example, the idea to involve testers into the development as early as possible may seem to be silly if you hear that from one junior tester who visited some conference ("he doesn't understand anything at the early stage and I don't have time to explain it" – may say some programmer). But the same idea from the experienced speaker on the stage is not so silly anymore (at least you need to have a proper argument to argue with it).

I'd like to have conferences about software development generally, where all roles can participate. Surely, there should be specific conferences for testers and programmers, where speakers may talk about how to automate tests, which tools can be used, how to do security or performance testing. However questions like why we need automation, why we need security, at what stage of the project we need to thing about security, how ofter we need to release updates in production should be convered in general conferences, because these are the problems where all team members are involved. The problem is that I don't know any widely spread good conference about software development generally - all good conferences are role specific.

After all, all team members have one common goal – to create a product (good teams have goal to create a qualitative product). Both testers and developers works for the same goal, but visiting different conferences they start to see the same goal from two different perspectives.

September 7, 2016

Checking Deployments on Tomcat Server Without Web Manager

In some cases Tomcat web manager is disabled (for example, in production for security reasons). Then the only way to see deployments and their statuses is to use Tomcat API. To list deployed applications you may do following request:
http://localhost:8080/manager/text/list
And you will get something like this:
The problem is that if you have a lot of applications such output is not very easy to read – you can't say is there any stopped applications without reading all rows. For that case you can use awk to color the output, which is much more informative:
The next problem is that awk command is quite long and you don't want to type something like this every time:
curl http://localhost:8080/manager/text/list | sort | grep ^/ | awk '{ gsub("running", "\033[32m&\033[0m"); gsub("stopped", "\033[31m&\033[0m"); gsub("\\:[0-9]+", "\033[34m&\033[0m"); gsub("^/.+:", "\033[36m&\033[0m"); gsub("[0-9]+$", "\033[33m&\033[0m"); print }'
So you can use a script, that returns you colorful list of deployments without typing any URLs and regexps:
./show-status-of-applications-tomcat.sh

There is one other case, when script is even more convinient than web manager – if your environment is running on many servers and clusters (like production, again). In that case script can show information about all clusters and servers on one page:
I have separate script show-status-of-prod-applications-tomcat.sh for that, but it's possible to merge them into one file or modify it to work with parameters (for example, give a manager URL as a parameter).

All scripts are available in my GitLab repo gitlab.com/irina-ivanova/scripts and don't forget about aliases!

August 9, 2016

Probe Testing in The Martian

The story from The Martian about testing the probe is worth a post (some scenes and phrases are skiped).