Software Testing Blog

Shortly after Mike posted his article about German banks experiencing Y2K fashionably late with their 2016 glitch, two more great 2010 bugs came across my desk:

SpamAssassin Loses Its Mind – Marks Everything as Spam
SpamAssassin filters spam on thousands of email servers around the world, blocking millions of emails you don’t want.  And as of January 1, 2010, it also blocked all the emails you do want.  You see, one of SpamAssassin’s rules blocks emails that were sent from the distant future because some spammers use that tactic hoping they’ll appear at the top of your inbox.  For years now, that rule has hard coded January 1, 2010 as the cutoff date for emails – meaning anything with that date or later was flagged as spam.

If you run SpamAssassin and are wondering why you haven’t received any emails lately, you should probably update your software.

Symantec – Have You Updated Lately?  What About Now?  Now?  How About Now? I Don’t Believe You.
For reasons that are not clear, Symantec’s Endpoint Protection Manager product believes that any virus definitions received after December 31, 2009 are out of date.  Of course, it would really like you update your obsolete definitions even though they’re perfectly fine.  A fix is apparently in the works, but workarounds have already been posted.

It arrived much later than expected – 10 years in fact – but the Y2k bug may finally get its time to shine. According to the AFP,German Banking officials have warned that as many as 30 million card holders may be unable to withdraw cash or make online payments due to the “feared Y2k computer bug.”

Apparently, certain chips used in a new series of “high tech” banking cards are unable to recognize the year 2010. The problem could persist for the next ten days, which is especially bad for the “EC” cardholders, as they are direct debit instruments, and are not able to purchase anything on credit even when they function properly.

This news coming just days after similar problems had been reported in Australia, where certain POS (point of sale) transactions were unable to be processed. This bug was dubbed the “2016 glitch”, since the machines apparently recognized the year 2016 in place of 2010.

Either way, I suppose this would be a good time to remind our readers of the importance of regression testing….

Here’s a holiday gift for those of you who know what the phrase, “above the fold” means –

Mashable’s Ben Parr recently wrote a piece about several Google Tools, including one new one that will be supremely useful to web designers and developers.

We already know that Google is obsessed with their own speed and efficiency, but the search giant is also trying to make everybody else faster on the web as well. Google Site Performance, for example, provides tips from Google on how to speed up your website, while Speed Tracer increases the efficiency of web apps by tracking performance.

The company is once again tackling the realm of website efficiency with a new tool that doesn’t track site speed or app performance, but the size of the browser window. The app, Google Browser Size, aims to help website owners solve one of the most fundamental problems in web design: How should I lay out and design my website for higher engagement and conversions?

Want to see Google Browser Size in action?  Check below to see how we did when re-designing the uTest home page.

This is a very helpful tool (as well as quick, simple and free).  Try it out on your own site today, and I’d highly recommend it for anyone who’s launching or re-launching a site.

For the third time in our brief history, Dr. James Whittaker will be hosting an exclusive uTest webinar. On Thursday, December 10th (from 1pm to 2pm EST) James will discuss exploratory software testing – which also happens to be the title of his latest book. Here’s what he plans on covering this time around:

• How to make test planning more streamlined and prescriptive
• How to be more conscious about testing and test case design
• Techniques for helping testers come up with better test cases
• How to communicate the purpose and intent of test cases

Be sure to reserve your spot now. These webinars are highly recommend for anyone looking to advance their career development, testing skills, or to simply learn more about exploratory software testing. Did we mention that it’s free?

As part of the webinar, there will also be a live Q&A session, and so if you have any questions for James, you’ll be able to submit them online. To get a better idea of what to expect, you should check out his first two uTest webinars: 5 Ways to Revolutionize Your QA and The Future of Software Testing.

Hope to see you there!

Plugins have long been a double edged sword for software.  On the one hand they make software more flexible than it would be otherwise.  On the other hand, plugins can be poorly maintained and full of bugs.  That second issue is so much of a problem that a little while back I wrote a post describing several methods to better manage the plugins for your favorite piece of software.

Now WordPress has gone one better with their new Plugin Compatibility Beta.  Blog owners can now vote on how well a plugin works with different versions of WordPress, making it easy to see if a plugin is well maintained or dying.  The new feature is already available within the WordPress plugin directory, and anyone with a WordPress login can vote.  Here’s an example with WP-Polls.

And the future looks even brighter.  According to the development team:

Eventually, we’d like to gather this compatibility feedback from within WordPress, allowing you to vote directly from your plugins admin screen. The ultimate goal is to use this information to inform you of plugin incompatibilities with a new version of WordPress during the upgrade process. For that to be useful we need a large set of high quality compatibility data. Start voting!

Hopefully, selecting the right plugin for your needs will become even easier and more reliable.

Do you own a Sidekick mobile phone (AKA the Danger Hiptop)?  Then please accept my condolences while I describe the pain and suffering you’ve experienced over the past few days.

The Sidekick is made by Danger, a company acquired by Microsoft in 2008.  As one of T-Mobile’s flagship mobile phones, the Sidekick was one of the first and most popular consumer smartphones.  Featuring a real keyboard, it offered an instant messaging application at a time when many phones were still figuring out SMS.  For IM and SMS addicts, the Sidekick was THE phone to own.

One of the Sidekick’s key features was that it kept all of your important stuff “in the cloud.”  That meant it stored all of your contacts, messages, photos, and just about everything else on a server managed by Danger.  This made it easy to recover your data in case your phone lost power or failed.  What nobody anticipated was the cloud server itself failing.

In what the BBC calls “the biggest disaster yet for the whole concept of cloud computing,” that very thing happened this past weekend.  A failed upgrade to the server managing the data for all Sidekicks resulted in the loss of everyone’s data at once.  Microsoft is now warning Sidekick owners not to turn off their devices, thus permanently deleting what little data they might have cached locally.

Anyone building an app on the cloud should be worried,  because what happened to Microsoft could just as easily happen to you too.  With that in mind, here are a few lessons for cloud computing app developers:

Read more…

Last week I wrote about some of the issues with plugins (especially those in WordPress) – they’re often times poorly maintained, buggy, and insecure.  We got some great feedback, both on and offline, and today I want to give a few ideas for making the most of plugin-based platforms.

1.) Popular Plugins Hint at Missing Features

Read more…

Last week, the WordPress team fixed a pretty nasty bug and released version 2.8.4 of their blogging engine.  Prior to that, version 2.8.3 fixed a security bug in version 2.8.2 which was a security update for version 2.8.1 which itself fixed a number of security issues in version 2.8.  The WordPress team has certainly been busy!

With such a strong record of fixing flaws, WordPress’s security does not worry me.  What worries me are all the WordPress plugins…

Read more…

“There is nothing final about a mistake, except its being taken as final.”

More software testing words of wisdom from my fortune cookie. Like the last one I blogged about, this quote captures a fundamental truth about the testing profession: Many of the bugs you find will never be fixed.

This blog post helps explain why:

“We live in a world where there just aren’t enough software developers. No matter what stage of development you may be at, your team could always use just a few more developers to build that great feature marketing wants, fix that extra bug that’s been nagging technical support, help build some tools so that software development can work more efficiently, etc. But sadly, we live in a world of constraints and that means that the marginal cost of any investment has to be paired with the marginal benefit it will bring.

To  improve this situation (that is, getting more of your bugs fixed) it would be wise to consider this recent piece of advice from uTester Joseph Ours: Change the way you report bugs.

In the second part of his blog post “Security Testing Tips From a Bug Battle Winner”, uTester Bernard Lelchuk takes a closer look at some of the more effective tools to use when performing security testing.

There are quite a few attacking testing tools which can make security testing easier and more productive for both novice and veteran testing engineers alike. I will not list all of them here,  but rather cover the most essential, common and interesting FREE tools. So here they are, in no particular order:

Wireshark
A comprehensive yet easy-to-use protocol analyzer (sniffer) which will allow you to view, filter and analyze all network transmissions. (http://www.wireshark.org/)

Paros Proxy
Acts as a proxy which allows the tester to intercept and modify all HTTP/S data between server and client, including cookies and form fields. (http://www.parosproxy.org/index.shtml)

Burp Suite (Man-In-The-Middle)
Integrated platform for attacking web applications which contains several interfaces for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Acts as a man-in-the-middle between client and server, thus allowing the tester to intercept and modify all HTTP requests between both parties. (http://portswigger.net/suite/)

Read more…