Software Testing Blog

If you lived in the United States during the 1980s, then you probably remember the famous Your Brain on Drugs ad campaign.  Created by the government to combat drug abuse, the ad compares the damaging effects of using drugs to frying an egg.

So what about bugs, as in software bugs?  More than just a lame rhyme, it turns out that bugs may have a negative effect on our brains as well – if you believe the Extended Mind hypothesis.  Stick with me here.

The Extended Mind hypothesis says that our minds are more than what is contained inside our skulls.  When we create or use tools, then we are effectively creating extensions of ourselves.  For example, that would mean that there’s no difference between remembering the capital of the state of Kentucky and looking it up on Wikipedia.  (Here’s a link to help you remember.)

A recent study suggests that there may be some validity to this, a fact discovered by creating a simple software bug and seeing how people respond.  From a recent article in Wired:

An empirical test of ideas proposed by Martin Heidegger shows the great German philosopher to be correct: Everyday tools really do become part of ourselves.

The findings come from a deceptively simple study of people using a computer mouse rigged to malfunction. The resulting disruption in attention wasn’t superficial. It seemingly extended to the very roots of cognition.

Read more…

Before I get into the story of this fascinating bug, I wanted to take a moment to introduce you to T.W.I.T. We liked the “bug-iversary” concept so much here at uTest that we decided to make it a recurring column, called T.W.I.T. or This Week In Testing (also noting the happy coincidence that the word “twit” is synonymous with “fool” and “dope,” words that characterize many of these bug follies ).

But I digress! So, this week in testing brings us an interesting heart device bug discovered March 12, 2008.

A team of computer security researchers were able to gain wireless access to a combination heart defibrillator and pacemaker. According to the New York Times,

[The researchers] were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal. The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio embedded in the implant as a way to let doctors monitor and adjust it without surgery.

Full report and more after the bump!

Read more…

SCMagazine reported this week that researchers in Malta have discovered a decade-old vulnerability, present in all versions of Windows since 2000.  This bug can cause PCs to crash instantaneously and without warning, as well as reeling the compromised machine into a distributed denial-of-service (DDoS) attack.  This exploit is only dangerous if the user is duped into running an app with the malicious code (according to Paul Gafa, CTO of 2X Software).

The bug was discovered while Gafa was writing a software testing app:

“You can be the least privileged user on the system and still crash it,” Gafa said. “I believe it is very easy for Microsoft to sort it out. They just need to validate arguments passed to Windows APIs.” (source: SC Magazine)

Microsoft is currently aware of the defect and responded with this insight:

“Our initial assessment of the report is that malicious code would have to already be running or a user would have to be able to run a specially crafted application to cause the system to crash. In either case, the system has already been compromised or the user has rights to logon to the system.”

I’m curious to hear if anyone has other stories of old bugs causing new problems or vulnerabilities?

With our testing community currently hammering away in the “Bug Battle of the TV Networks” this week, it’s time to take a moment to reflect on our February bug-iversary.

On February 11, 2007, during its very first overseas deployment to Okinawa, Japan, six F-22 Raptors flying from Hawaii experienced multiple computer crashes, including navigation, communication and fuel system crashes, when crossing the International Date Line.

Read more…

It’s no surprise to our community that social networks have the potential to pose big security threats this year. During the “Battle of the Social Networks,” uTesters found a combined 718 bugs in Facebook, MySpace and LinkedIn; and an additional 300+ bugs were discovered in the top five Twitter desktop apps during the Q2 bug battle.

To add more fuel to the fire, today the company Sophos, which surveyed 500+ organizations, came out with a new report stating that in the past year:

• 57% of users report they have been spammed via social networking sites
• 36% of users claim they’ve been sent malware via social networking sites
• 72% of survey respondents think social networks are a danger for their companies (see Mashable article)

What’s the solution? Tina Fey, in her show “30 Rock,” recently spoofed social networks with her creation of “YouFace” (combo of Facebook & MySpace). Terms such as “finger-tagged,” “weirdsie,” and “pho-lo” (for photo and hello) had many ROFL. See video clip after the bump!

Read more…

Bug-iversary Alert! Tomorrow is the 20-year anniversary of the “crash” of the AT&T Long Distance Network. On January 15, 1990 faulty software was installed on the AT&T Electronic Switching System (Number 4 ESS): a one-line bug incapacitated the entire system, disabling switches throughout half the network.

Known as one of the most serious telecom bugs in history, more than 75 million calls were not connected during 9 hours, an estimated $60 million loss.

Dennis Burke of California Polytechnic said it best: “The Jan. 1990 incident showed how bugs in self-healing software can bring down healthy systems, and the difficulty of detecting obscure load- and time-dependent defects in software.”

Speaking of “load defects,” AT&T — after signing up to be exclusive U.S. provider of iPhone service — has recently come under fire for the quality of its network coverage. Businessweek’s top headlines read:

• An AT&T Mystery: Abrupt New York iPhone Shutdown
• AT&T Mulls Plans to Deal with iPhone Data Demand
• Can AT&T Meet iPhone Network Demands?

In light of this bug-iversary, I can’t help but wonder if more testing should have been done before AT&T took on the massive data demands of modern 3G smartphones? What do you think?

We’ve discussed Wordpress’s plugins before.  Like many pieces of software, Wordpress has implemented a plugin mechanism to make customization easier.  But as we’ve discussed before in our post about the problems with plugins, the downsides of plugins written by random people can include more security problems, integration issues, bugs, and more.

That may change if Wordpress adopts a new proposal for what they’re currently calling canonical plugins.  In their words:

Canonical plugins would be plugins that are community developed (multiple developers, not just one person) and address the most popular functionality requests with superlative execution. These plugins would be GPL and live in the WordPress.org repo, and would be developed in close connection with WordPress core.

Of course, picking the right canonical plugins to support relies on something else Wordpress does well: plugin rating and reputation.  The next step will be integrating all of that information, support, and functionality in a future version of Wordpress (maybe 3.0?).  With all of these features, Wordpress is rapidly shaping up to be a strong role model in plugin architecture for platform developers everywhere.

Breaking news! This week, we officially announced the results of our Q4 Bug Battle – Battle of the E-Tailers – along with a few prominent media outlets, including USA Today, Fast Company, Mashable! and eWeek.

Curious about the results? Check out the articles below:

• Study: Amazon Most User Friendly by Byron Acohido (@lastwatchdog)
  

• Amazon Trumps Target, Walmart in Bug Battle by Kate Rockwood (@katerockin)

• Holiday Shopping: Amazon FTW! [STUDY] by Christina Warren (@film_girl)

• Amazon Is Least-Buggy Retail Site, Says Report by Nicholas Kolakowski (@eWEEKNews)

So, the battle begs the question: Which e-tailer do you trust the most?

Mobile bugs are becoming a bigger and bigger problem, and iPhone users are the latest to be affected by buggy software.  Techcrunch reported yesterday that a bug in Safari causes it to consume bandwidth even when it’s closed.  The problem arises with the use of Motion JPEG (or M-JPEG), a video standard that is built off of the JPEG images standard.  When an iPhone user visits a page with an M-JPEG video, Safari will download continuously, even if the user pushes the Home button to end Safari and go back to the home screen.

What makes this problem really terrible is that many mobile users are charged for their bandwidth usage.  Even AT&T users, who are used to having unlimited data plans in the United States, can be charged for data consumption while traveling internationally.  That can mean big bills when they get back home.

Cellular service providers aren’t immune either.  Networks around the world are struggling to keep up with the data demands of the iPhone, and providers certainly don’t need to deal with unnecessary data consumption caused by broken software.  That means companies like AT&T are building out extra infrastructure to support buggy apps – something that costs you and me money in our phone bills.

For the security researchers who uncovered this bug, one hour of testing resulted in $3,000 worth of data charges. That is serious money, and anyone developing mobile apps should take heed.  Your broken app can cost enough money to buy 10 iPhones, and that’s a great way to get some bad press.  Further proof that mobile application testing needs to catch-up to the standards of web and desktop testing.

Plugins have long been a double edged sword for software.  On the one hand they make software more flexible than it would be otherwise.  On the other hand, plugins can be poorly maintained and full of bugs.  That second issue is so much of a problem that a little while back I wrote a post describing several methods to better manage the plugins for your favorite piece of software.

Now Wordpress has gone one better with their new Plugin Compatibility Beta.  Blog owners can now vote on how well a plugin works with different versions of Wordpress, making it easy to see if a plugin is well maintained or dying.  The new feature is already available within the Wordpress plugin directory, and anyone with a Wordpress login can vote.  Here’s an example with WP-Polls.

And the future looks even brighter.  According to the development team:

Eventually, we’d like to gather this compatibility feedback from within WordPress, allowing you to vote directly from your plugins admin screen. The ultimate goal is to use this information to inform you of plugin incompatibilities with a new version of WordPress during the upgrade process. For that to be useful we need a large set of high quality compatibility data. Start voting!

Hopefully, selecting the right plugin for your needs will become even easier and more reliable.