July 10, 2018

Nortal Summer University Workshop "Getting Started With Web Testing"

In June Nortal has held traditional annual Summer University for developers, analytics and testers. This is an internship program for juniors, who want to make a career in IT. Generally they are IT students, but not necessarily, so everybody in Estonia, Finland, Lithuania or Serbia had a chance.

This year I did a 2h hands-on workshop Getting Started With Web Testing, which is partially based on the last year's workshop What Tools To Use To Test Better? There was small theoretical part about browsers and three practical exercises about DevTool, web accessibility and security. I leave slides here, just in case, but I don't believe that you find something interesting there.

Practical exercises can be more useful for you – they are available at GitHub repo You can find all three exercises, used tools and further reading suggestions there. The workshop was made for non-IT people, who were not encountered testing before, so exercises are quite simple and trivial.

On last year's post I had following lessons-learned about previous workshop:

The presentation was indeed slow for some IT students, because they already knew DevTool and may be some other stuff. So one of the lessons for the next time is to create more flexible content and give an opportunity to dive deeper for people who are bored.

This year there was fewer IT students, but I still tried to divide exercises on smaller parts. For example, I didn't give 10m of theory + 20m of personal time on one exercise, but 5m on small task + 5m of personal time + 5m of discussion and new small task + 5m of personal time etc. That went quite well for me. But some IT students were still a little bit bored, because they already knew a lot of basic stuff.

The second lesson is better plan less and make more breaks, which in this case worked great for me. I was actually surprised how timing went well this time.

I am not sure about this lesson now. This time I made too much time for QA part, which ended much quicker than I thought. I think this year I would modify this lesson: better plan some backup topic that you can talk about if there is left some time at the end. In fact, I was planning to talk about web automation if time is left, but refused this idea because you can't talk about automation briefly.

And the last lesson is don't waste time on technical stuff that doesn't matter for the main goal. For example, don't mess with creating your own REST services if you want to show Postman.

This is absolutely true. In fact, this year I used basically the same one exercise with minor modifications. If you open all three exercises, you can see that they look almost identical. The difference is in the back-end. For example, on second exercise about accessibility image without alt tag is added, on last exercise about security cookie is added etc. I forgot to remove annoying pop-up dialogs on the second exercise, my bad, but I am still glad I choose this approach, because juniors can focus on specific features that are important, without need to learn new environment and design.

This year I didn't get any specific feedback, but main point is the same: participants have very different background, so either basic part is too boring or advanced part is too confusing. As always, there should be too many trade-offs.

June 21, 2018

GeekOut vs Nordic Testing Days

This year instead of Nordic Testing Days conference I decided to visit developer's one – GeekOut. Here is a brief overview of GeekOut 2018 and some comparision with Nordic Testing Days 2017 from tester's point of view.

Some raw facts for beginning:
  • both conferences are located in Estonia, Tallinn
  • both are being held on the exact same days, at the beginning of June
  • both have very decent list of well-known speakers

GeekOut offers 2 days of conference talks mainly about Java world. On the first day they have only two tracks, which are more general and lightweight. On the second day there are three tracks with more technical talks. Considering great party at the end of the first day, it's a little bit strange for me to have more hardcore talks on the next day after the party. As I already mentioned, all talks are for listening and there are no practical workshops at all, even small ones. This is a big downside compared to Nordic Testing Days, where you can have full day tutorial on the first day and two days of conference mixed with practical tracks.

The venue is not a hotel. All NTD attendees will understand me, because it is really cool when you have a conference, tutorials, lunch, party, bed and breakfast at one place. You save a lot of time. GeekOut was held at Kultuurikatel, which a former Tallinn power plant and is one of the coolest venues in Estonia with a great atmosphere, but I am note sure is it worth it.

The food was great. Queues were quite long, but the food was totaly worth it.

Sponsors, booths, challanges and corporate swag are basically the same. There is a little bit more swag from conference organizers at GeekOut than at NTD – for example, you get t-shirt and a cool bag with GeekOut logo at registration table, which is nice.

Nortal (the company I work for) had a Tech Radar at their booth. Briefly, everyone could add some tool, platform, framework or technique on the board and mark whether it must-try or must-avoid stuff. At the end we have quite good statistics about favorite technologies of Java developers. You can read Nortal's blog post about it, if you are interested in details: GeekOut 2018 participants tell Nortal what’s hot and what’s not.

The party. Food and drinks were cool. Short films were awsome (the theme of the party was movies). I didin't like music and it was too loud for talking and networking stuff. But I am not a party person anyway, so can't tell you a lot about it.

And last, but not least – the content. I really liked the first keynote by Derek Mathieson "CERN, from an IT Perspective". I suggest you to watch the video on GeekOut page. It's nothing about IT actually, it's just interresting story about CERN.

I liked talk about Java Next - New Releases, Valhalla, Amber, and More Goodies by Nicolai Parlog. This one is specific for people who can decide whether is Java being updated in the project or not, but still interesting talk.

I liked the second keynote by Martin Thompson High Performance Managed Languages. I didn't understand all things that he was saying (too hardcore for me), but I think that it is the property of a good talk.

And that's it, basically. Only 3 talks that I liked. Others were eather too general or too specific for me.

All videos are available on GeekOut page – videos. As for me, next year I would prefer Nordic Testing Days, but I am not sure why. I can't say that GeekOut is worse, I guess it's just a role specific stuff.

August 22, 2017

Beautiful Mac OS Terminal

This post is about making your Terminal window beautiful and easy to use. I use all of them on Mac OS, I guess they are compatible with all UNIX systems.

1. HTTPie for working with HTTP requests

This tool can be used instead of cURL. It just makes responses beautiful (but it's quite powerfull tho):

2. Oh My Git for working with GIT repositories

This tool prints information about Git repo status: branch which you are currently using, number of unpushed commits, tags, untracked files etc. Official readme has a lot of screenshots:

3. ~/.bash_profile for configuring prompt

I configured my promp according to this article, so in my ~/.bash-profile file I have the folloring part:

Which makes prompt look like this:

4. ~/.vimrc for configuring Vim

If you already use Vim - read A Good Vimrc. If not - see Vim isn’t that scary. Here are 5 free resources you can use to learn it.

Here is my ~/.vimrc file:

5. ~/.bash_aliases for quick commands

I have already wrote about aliases that I use here, here and here, but as I already mentioned Git here, I want to share one more alias I have:

It transforms git log output into something like this:

June 18, 2017

Nortal Summer University Workshop About Tools for Front End Testing

On last week Nortal held Summer University once again for junior specialists who want to join us. The first week was about general introductions and workshops just to give a taste about Nortal itself and about the role of juniors (some of them are developers, some of them analysts and testers, of course). So I did a small workshop about tools for testing front end and I want to share some thoughts about it.

The content of the workshop is available at GitHub repo – You can find three exercises, used tools and further reading there. The workshop was made for non-IT people, who were not encountered testing before.

First two exercises I've made specifically for this workshop, so you can find some hidden bugs in HTML and JavaScript code using DevTool or some browser extensions. Third exercise was about REST services and Postman, so the link is just a sandbox where you can take a lot of different types of REST services.

The slides are here, but they are not very useful without the explanation:

This is the first workshop that I would like to reuse and improve – I never wanted to repeat any of my previous workshops before. I don't know why, may be because this one is simple and can be introduced to any kind of specialists and levels.

I didn't get a lot o feedback from participants (there was about 10 people), but here are some:
  • I found front-end testing tools part really useful.
  • Very informative, nicely composed workshop plan.
  • Very useful tools; a bit hard to follow the demonstration at times.
  • The topics were cool and informative but the presentation was a little slow.

The presentation was indeed slow for some IT students, because they already knew DevTool and may be some other stuff. So one of the lessons for the next time is to create more flexible content and give an opportunity to dive deeper for people who are bored.

The second lesson is better plan less and make more breaks, which in this case worked great for me. I was actually surprised how timing went well this time.

And the last lesson is don't waste time on technical stuff that doesn't matter for the main goal. For example, don't mess with creating your own REST services if you want to show Postman. Or don't deal with data base if you want to just print some data (you can save it into browser storage or into session). It went quite well this time as well, mainly because I had a limited time for preparation, so external limitation didn't allowed me to play with all this stuff, which is sure interesting, but makes everything more complex.

In summary, this was the first workshop that didn't make me think that I hate public speaking. Maybe because I was least prepared for it and improvised a lot.

June 11, 2017

Nordic Testing Days 2017 Summary

This year I participated only on two conference days of Nordic Testing Days and didn't take any tutorial. Here is a small summary about tracks I took (the order is chronological).

[keynote] Enjoy the Ride! by Henrik Roonemaa

Very good talk for the keynote: interesting, not very technical and a little bit off topic. Some short takeaways:
  • There are two types of bad products: those that exit the market and those that enters it.
  • iPad has a great intuitive design – that's why it's the future. Not for technical people, but for the majority.
  • In the internet you are for everybody or for nobody.
  • The product should do something for me, not me doing something using the product.

[workshop] How to Build a Robust API Checking Framework by Mark Winteringham
Nothing new for me. One good phrase: if you submit a form for many times, what do you test: UI or API?

[workshop] Me, Myself and Siri by Sami Söderblom
It was not very useful, but really fun. There was a small part about other AI systems besides Siri, but just as references. In summary – you can't really use Siri at work now: may be in a combination with clicks if you really want to, but it's not faster than usual computer usage. However this workshop was way better, than many so called "useful" ones.
Interesting links:
  • @seeBotsChat – Twitter account of two AI robots speaking to each other
  • Quick Drawing – game-ish neural network, that recognizes human's doodling
  • Perpective – API that tells you how many people will be abused by your text etc
  • Wolfram Alpha – API that measures and compares everything

[keynote] Creating Yourself as a Tester – make your own testing path by Alan Richardson
  • Describe rather than define.
  • Do notes about how you work and analyse them later to work better.
  • People who came up with software testing knew math and physics very well and they generalized some complex stuff to known testing methods. But to understand the roots of these methods you could learn math and physics as well.
  • People are complex systems. If you are trying to copy someone you are coping only high level of the whole system. That's why you need to develop your own system with roots and low levels.

[keynote] 10 Commandments for Ethical Software Testers by Fiona Charles
  • Developers don't even know that libraries, that they are using, collect users data.
  • Big data is fed into fare and independent algorithm, but this data was selected by someone. Data is biased.
  • There are risks in acting, there are risks in not acting. How much risk do you tolerate?
  • If you have concerns – make good solid notes for future evidence.
  • We develop systems, because we can. Not always because it makes the world a better place.

[workshop] Just Enough JavaScript to be Dangerous by Alan Richardson
The level of the workshop was "like fish in the sea", but as for me it was more for beginners. But I have learned a couple of new tips: like iterating an array in JavaScript without a loop or snippets in Chrome DevTool. Also that button as not a button element is bad, because it leads to cross-browsers problems.

[talk] Test Your Java Applications with Spock by Iván López
Best track on the whole conference! There is a funny thing: the best talk on testers' conference was from a developer. It was actually a demo, where unit tests on Spock and Groovy were shown. And here is a second funny thing: it doesn't need to be a workshop to learn a technical stuff. Iván López just showed really cool features of Spock (like presenting an arrays in tables for data driven testing), so I definitely will try it at work.

[talk] A Story of a Tester Building his First Mobile App by Risko Ruus
Good short talk about how idea came true as an app.

[talk] Determining Your Application's Heartbeat Through Monitoring and Logging by Gwen Diagram
General talk about need of proper logs and monitoring systems. Maybe useful for beginners who didn't encountered real projects yet.

[keynote] Building Smart and Reliable Self-Driving Robots by Kristjan Korjus
Perfect for final keynote, but I wish the robot do more stuff on the stage.
  • They limit speed of the robot to 6 km/h, so it won't be classified as self-driving car and won't fall into regulations.
  • Software can help to get maximum out of a crappy hardware.
  • They don't have tests and documentation, because hardware is changing too quickly.
  • To avoid security issues related to 9 cameras on robots, no person ever see pictures with normal resolution, so it's impossible to see numbers or faces.
  • Craziest people are in London, who says something like that's my street, I don't allow robots here!
  • There is no self-destruction system, because they don't have tests and what if there is a bug in this system? :)

Other Stuff Mobile app is super cool! I don't see point in notes and feed, but favourite tracks in the schedule, notifications and feedback is very convenient.

Notebooks with conference floorplan and tracks description is cool, as always.

Drum show with drum sticks is the best!

March 12, 2017

Secure Logging Training by Clarified Security

This is my second training in Clarified Security, first one was Web Application Security. This one is shorter – only one day, – and trainer was Mait Peekma.

The most useful part for me was about what and how to log, but unfortunately it was the shortest one. As always, logging depends on the context of your application, so the only thing that public training can give you is the understanding of attacker's logic (like log evasion and tampering) and the sense of importance of logs in software security – both these things were done good.

In summary, good training to start. If you participated at Web Application Security before, then you already know some things, but in Secure Logging they were expanded. Also I had a chance to perform some attacks that I have heard about, but never succeed to do them by my self. I suggest it for those who should deal with incidents or just care about security.

February 11, 2017

Automatic W3C Validation Using YAML Conf in GitLab Continues Integration

As I already wrote I host my Profile Page on GitLab and use Runner to deploy the code. Runner is quite powerful tool, than can be managed with YAML .gitlab-ci.yml conf file.

Basically, it means that after every commit some automatic actions happen (well, actually, not on every commit, depends on how you configure it). In my case .gitlab-ci.yml looks like this:

It means that after I commit something into master branch it performs deploy stage (script and test stage (script Both scripts are my own custom sripts and in this post I want to talk about the second one – W3C validation of HTML file.

You can find the script content in my repo: The good thing is that W3C has public API for validating some URL. So all I need is just requesting this API with URL of my page as an input parameter. And that's the reason why I perform the test stage after the deploy stage: new changes need to be published to check them. Also, W3C errors are not verty critical, so I dond't want to fail the whole deploy because of them.

It looks like a very simple thing (it actually is), but it took a time for me to configure this validation (as I was not very familiar with YAML), so I decided to leave some notes here.

February 9, 2017

Profile Page 2.0

Two weeks ago I published my Profile Page. Since then some changes were made, that I think are worth sharing.

First of all, blog changes. As I have now profile page I don't need to keep same stuff here, so blog design has been simplified: pages with extensions and the right panel with some weird stuff has been removed to give more space to post content. I think I will make some more design changes in the near future.

Second big stuff: both FireFox extensions URL&p and JIRA Issue Opener has been finally refactored and redesigned. So now they are in consistancy with Chrome extensions and should properly work with final FireFox versions.

After reading an article An opinionated guide to writing developer resumes in 2017 I decided to remove skill progress bars from the page and CV. Now there are two sections of Strong and Knowledgeable technical skills. Also short descriptions of previous experience has been added to CV.

One more modern thing that I have completely forgotten about is page sharing in social media. So this time I added some meta tags to help Facebook and other medias better share my page. Good article about sharing: A Guide to Sharing for Webmasters.

At last, I have encoutered interesting fact: fixing general and fundamental architecture things automatically fixes several small bugs. Of course, I knew it before, but I have never experienced it personally. For example, I am a fan of SVG pictures, but in Microsoft Edge they looked strange. I didn't pay much attention to this compatability bug, but at some point I started to optimize pictures for web. And it turned out, that you should never use text as a picture. If you have only text you should use HTML+CSS (and almost always it's possible to get the same result as with picture). So I migrated all headers in profile section from pictures to text and the Edge problem was automatically fixed.

January 29, 2017

Profile Page with HTML5 and CSS3

I decided to learn about new web technologies, so I have a plan to build a few small projects. Basics first - profile page from scratch (without any CMS-s and templates) -

All the source code of the page and description about used technologies can be found in GitLab repo

Shortly: HTML5+CSS3 (and a little bit of AngularJS to show last 3 posts from this blog). New challenges for me were responsive design (which turned to be not so hard as I thought), SEO and performance (images and fonts optimization, SVG, content optimization etc).

Also I tried to use new Git manager GitLab and I love it! GitLab, unlike GitHub, allows to create private repos for free. Also there are a lot of free build in functionality like milestones, issues, Kanban board, continues integration, hosting the page etc. I'm not only host this new profile page there, but I migrated all my extensions and scripts from GitHub. Speaking of extensions, I redesigned them all (actualy, only Chrome ones for now), so they should be more fresh and modern now. GitLab has one downside: UI is a litle bit slow and continues integration sometimes pending the changes for an hour (but not too often).

If you are interested in details about used tehnologies and resources - see README file in the repo. There are some links on articles that being used in the process.

Some surprises during this experience:

P.S. The day I was planned to publish the page and this post I've got a subscription email with the article An opinionated guide to writing developer resumes in 2017. A lot of things in my CV are incorrect and I plan to change it in the near future.

November 19, 2016

Use Oracle Data Base in Command Line

Cadmus Asks the Delphic Oracle Where He Can Find his Sister, Europa by Hendrik Goltzius, 1615

Sometimes I need to make some quick changes in data base. Or I need to do several changes using some patterns and templates. In that case I don't want to open editor (I use DataGrip) and wait for loading all resources, connecting to DB, opening SQL window and inserting or copying SQL query. I am that kind of person who keeps open only those applications that I am going to use in next 30 min. If I don't plan to use something in next half an hour I close it, so every opening takes some time and effort.

The best way to save time and effort is command line or, actually, scripts. SQLPlus is a great tool for using Oracle data base in the console. You can find instructions about installing SQLPlus on MacOS on StackOverflow: Oracle Sqlplus client on Mac.

The annoying thing about using data base in the terminal is connecting: you have to remember and write all credentials of data base every time you want to connect to it. But, as usually, scripting resolves this problem. I wrote simple Bash script, that opens connection using small alias as an input. For example, I write sql test in terminal and it opens connection with test data base where I can write some SQL right ahead. Instead of test it can be any base that I work with: demo, live, production etc.

Second script that I use is changing some value in specific data base in specific table. Some times one of the clients asks me to change specific data in their DB, so now instead of opening an editor I can just run a script with parameter given by client and it changes all the data, which saves me time and doesn't disturb my attention on other tasks so much. The script looks something like that:

Of course, SQLPlus doesn't replace editors like SQL Developer or DataGrip, but it can save a lot of time and effort in performing small and routine tasks.