Our Testing the Limits guest this month is Seth Eliot, the Senior Knowledge Engineer of Test Excellence at Microsoft. In this role, he focuses on driving best practices for development testing across the entire company. Prior to Microsoft, Seth had a successful stint at Amazon in addition to several startups. Apart from his professional background, Seth is one of the industry’s very best bloggers, writers and presenters. For proof, check out his blog or follow him on Twitter.

In this must-read interview, we ask him about testing challenges at Microsoft, including those of Bing and the new Surface tablet; the notion of testing in production (TiP); the most rewarding testing project he’s ever worked on; big data and more. Enjoy!

********

uTest: You’ve spent the bulk of your testing career with two of the most successful companies of all-time: Amazon and Microsoft. Unfortunately, most testers spend their careers with companies that – how shall we put this – aren’t so successful. In your opinion, is testing easier or more rewarding when the company is doing well? And what advice do you have for testers who might be working at a dysfunctional company?

Seth: The most satisfying testing job I ever had was a small startup in Pittsburgh called CoManage. It ultimately fizzled, but at the time we thought we were all going to be millionaires and I was consistently surprised to walk out of the test lab to see it was dark outside and I didn’t even know where the day had gone. If your company is dysfunctional, ask yourself if there is something you can do to turn it around and turn it into one of those dream successes. Learn new strategies and approaches for software engineering, change the direction, and bring new life to the company. At best you will be the hero, at worst you will have learned some valuable skills and lessons for finding that next job.

uTest: Prior to your current role at Microsoft, you were the Senior Test Manager for the team working on Bing, where you were primarily tasked with exabyte storage and data processing challenges. What were some of the specific testing challenges here and how were you and your team able to overcome them?

Seth: Yes, this is an internal system called Cosmos – a massively scalable, distributed data processing system. The technical challenge to put it simply is how do you test something so big and complex? I was fortunate to have a really talented team of testers who built out tools and monitors that enabled us to evaluate end-to-end test cases leveraging actual jobs being run in the production system. This led to us to finding the bugs that really mattered – those that affect real users. We were even able to prioritize our test scenarios based on the revenue impact of the user workflows and on the current pain points experienced by those users. This is an advantage of having an internal customer, but with good monitoring you can also approach this level of insight with external customers too.

uTest: We’d be remiss if we didn’t ask you about the recent launch of Microsoft Surface. First off, did you know about the project beforehand? If so, good job keeping it a secret. Secondly, what are some of the big testing challenges you’d expect to be associated with this project? The hardware? The Windows 8 OS? The touch functionality? We’d love to hear your thoughts on this HUGE Microsoft endeavor.

Read more…

Our Testing the Limits guest this month is Galina Kramer, the Senior QA Manager of Localization for Zynga. In this role, she is responsible for L10N testing of the company’s web and mobile games, including hits like CastleVille, Mafia Wars Hidden Chronicles and Poker. Galina has over 13 years of experience in quality assurance, with stints at Bill.com, Wells Fargo and others. For more on Galina’s background, check out her LinkedIn profile.

In this interview, we asked Galina about the challenges of testing high-profile applications in more than 16 different languages; what testing is like at Zynga; her criteria for hiring testers; switching industries and other topics. Enjoy!

***********

uTest: You’ve spent much of your QA career in the healthcare and financial sectors. Now, you’re focusing on a different aspect of QA (localization) in a totally different industry (social gaming). What’s been the most difficult adjustment you’ve had to make during this transition? Similarly, what advice do you have for QA professionals switching industries?

GK: The most challenging aspect of working at Zynga overall is the release cadence. I was used to weekly releases, but not daily. Having such a short release cycle brings its own challenges to functional QA, which I managed at Zynga for a year. Now that I am working in Localization QA, it is even more complicated since everything has to get translated first.

My advice to anyone switching industries – GO FOR IT! Try new things and have some fun!! I love working in the gaming industry and never thought work can bring so much enjoyment.

uTest: At Zynga, you oversee L10N for all of the company’s web and mobile games, which are currently supported in 16 different languages (with more to come we assume). What languages or markets have been the most challenging thus far and why?

GK: When we first started localizing our games, we had a lot of issues with staffing for certain languages and that was a real challenge. Now that we have established a robust process, we are smooth sailing. It helps having great partnerships with both internal and external teams in order to make things happen as fast as we need them to.

uTest: Not only are you supporting 16 languages, you’re also supporting countless versions of operating systems, mobile devices, wireless carriers and other factors. How is your team able to manage such a complex testing matrix?

GK: It’s all about prioritization and risk assessment. We shuffle resources on a daily basis depending on a priority and work together. Teamwork is the key, truly.

uTest: With so many users who are willing to report issues, it’s often assumed that in-depth testing isn’t needed in certain industries, such as social media and gaming. This is obviously not the case at Zynga. What is the company’s philosophy when it comes to testing and QA? And has it changed as they continue to expand their global footprint?

Read more…

In the latest installment of Testing The Limits we speak with Gerald Weinberg. Jerry has been practicing, teaching, lecturing, consulting, coaching and writing about software programming and testing since the 1950s. With decades of experience and accumulated knowledge he’s written more than 80 books and has dedicated his life to helping others be the best testers they can be – despite ever changing testing trends. In today’s Testing The Limits interview we’ll find out the biggest lessons Jerry’s learned over the years, how his books remain top sellers 20 years after their release and what the biggest issues facing testers today are. To keep up with Jerry visit his website or follow him on Twitter.

uTest: You’ve spent nearly 50 years working with computers and software in one form or another. Obviously, much has changed during this time, but surely some things have stayed the same. In your experience, what is the most notable “constant” in the world of software?

GW: The infatuation with the latest fad which is supposed to “increase productivity” by some arbitrary amount, with no clue as to how that “productivity” is measured. For the most part, these fads are usually a new set of names for old practices. Yet at the same time a segment of the developer population goes ga-ga over the fad, a much larger segment doesn’t even attempt to learn what is good about the fad. The majority of developers are working the same primitive way their predecessors did 50 years ago, just using more machine power to do it.

uTest: In a recent “testing roundtable” discussion, panelists were asked what they considered to be the biggest weakness in the way companies test software. James Bach and Cem Kaner both cited a lack of testing skills and a lack of means to acquire such skills. Do you agree? As a long time consultant, what do you think is the biggest weakness in the way companies test software?

GW: To me, the biggest weakness is not considering software testing anything but a (barely) necessary evil. Testing is seen as something that could be done by a troop of monkeys, so serious testers are treated like third-class individuals. The lack of means of acquiring testing skills arises from this attitude, as do most of the other poor practices in the testing business. You treat people as if they are stupid, then they will wind up acting stupid.

uTest: A good debate has recently sprung up on the subject of whether testers should be able to code. As an expert in programming (and testing) where do you stand on this matter? Are coding skills (or at least a base knowledge of coding) a requirement for good software testing? Are they a nice-to-have? Or are they totally superfluous?

GW: You can be a great tester if you have programming skills. You can also be a great tester if you have no programming skills at all. And, you can be a lousy tester with or without programming skills. A great tester will learn what skills she needs to continue to be great, in her own style.

Read more…

In the second part of our Testing the Limits with Anne-Marie Charrett, we get her thoughts on the meaning of exploratory testing, the challenge of agile adoption, how to grow as a tester and more. Enjoy!

uTest: Certain industries appear to be ahead of the curve when it comes to testing practices, while others remain in the proverbial stone age. Is this an accurate statement? Or have testing practices evolved at similar pace across all industries? As someone who has spent time in many sectors, we’re interested to hear your thoughts on this.

AMC: I think companies that demand value from their testing are generally more receptive to new ideas and change in testing. I don’t think it’s fair to silo this into industries.

Take for example the finance industry, yes many large insurance and bank corporations are risk averse and resist change but not all. For example Barclays Bank are using coaching & Rapid Software Testing.

I’ve worked with small companies in R&D who you would associate with flexibility and being pro-active, yet they want very traditional, heavily documented testing processes. Often this is because someone did testing ‘once’ and this is what they did.

I’ve seen testing practices change within sectors too. For example, the telco sector in the mid 1990‘s were typically heavily documentation orientated. Often testing went on for years before a product was released. By the late 90’s and early 2000’s testing practices had to evolve as smaller companies with lighter and more flexible delivery approaches challenged this paradigm.

uTest: There’s a good debate right now on the true meaning of exploratory testing, with people like James Bach and Michael Bolton chiming in with their opinions. What is your definition of exploratory testing? And in your view, what is the most misunderstood term in testing today?

AMC: So many questions!! The beauty of Exploratory Testing is that it can mean different things to different people. Thats why there are so many different perspectives on it.

There are some core values to Exploratory Testing, namely that it’s an approach (not a technique), it’s simultaneous learning, design and execution and that it’s tester centric.

The latter ideal is something that I cherish and hold dear.  I think it’s essential that we take responsibility for the testing we do. This means each tester decides on their testing approach, what they test and when they’re done. Owning these decisions is what matures a tester, helping them become skilled, confident and motivated to excel in their testing.

Read more…

To kick off another amzing year of Testing the Limits we reached out to Anne-Marie Charrett, an independent tester who has worked for the likes of Mercury Interactive, IBM (twice) and Nortel – just to name a few. She also arranges for speakers to visit Ireland as part of Softtest Ireland and blogs about her testing experience and offers coaching at mavericktester.com. 

In part I of this month’s interview, we learn what motivates Anne-Marie to coach via Skype, what’s caught her interest lately, how her book with James Bach is coming and what the biggest mis-conception about testing is. Come back tomorrow for part II.

uTest: In terms of writing, speaking and researching, you are one of the most active testers in the business. So we’ll start by asking you this: What hot topics within testing have captured your interest recently?

AMC: 2012 has kicked off with a flurry of activity. Key topics appear to be, How we learn, Rapid Test Management and more recently James Bach has been looking Exploratory Test Documentation.

It goes like this. Typically we write tests and charters as artifacts for other people as evidence of work performed. But writing is a lot more powerful than that, it has the ability to assist in design (think brainstorming in mind maps). Exploratory Test Documentation is about changing the purpose of writing from an end product to a by product.

I also like the way new conferences and peer workshops are happening at a grass roots level, for example Lets Test in Stockholm. These are not necessarily big conferences, but ones that offer value to testers and that encourage participation. I hope that this will be the conference circuit of the future!

uTest: You’ve made quite a name for yourself as a testing coach; offering advice to testers free of charge via Skype. In your experience, what areas require the most coaching on your part? In other words, what does a typical tester coaching session cover?

AMC: Often testers come looking for coaching in a particular skill (e.g Test Automation), but many fail to understand basic testing concepts such as: “What is testing?” and “How do you determine bugs?”

Understanding testing is key to improving your testing skill.  After all, if you don’t understand something, how can you improve it?

Software delivery typically doesn’t allow for this type of introspection. Our jobs demand we focus on delivery, often to the detriment of how well we are doing our testing.

Coaching is the breathing space that all testers need to learn and grow.

In coaching I encourage testers to work through tasks to acquire skill. I’m there to guide and help them, but they need to work out the answers. That way, their learning experience is deeper and more meaningful and empowering.

Read more…

In part II of our Testing the Limits interview with security expert Richard Stiennon, we get his thoughts on where companies are least prepared for a security breach; the explosion of mobile related threats; the future of cyber security and much more. If you missed the first installment, read Part I now.

uTest: What’s the one piece of security advice you would have for companies that are in their infancy?

RS: Plan ahead. As you grow so does your “target area.” When you launch your product or service you may not be in the cross hairs of a bad actor. But you will be. Sometimes security builds in “friction” that can slow down customer acquisition. So you may not want to require 12 character passwords and SMS authentication at the beginning but know that eventually you will have to deal with account theft, breaches, and spammers. Have a plan so you can implement defenses quickly; and ideally before a damaging attack or breach. You don’t want to be in the position of the Sony Play Station Network that implemented protections *after* a series of attacks that cost $170 million to recover form.

uTest: You’ve said before that mobile will not require its own anti-virus systems. That said, it seems that mobile threats are multiplying by the hour. In your view, what’s the biggest security challenge in terms of mobile?

RS: Apps, apps, apps. VPNs, firewalls, and carrier filtering are going to impede network based attacks. Containing and vetting applications is the biggest security challenge for the platform vendors.

uTest: Looking back to the 1990s, what’s surprised you the most about the evolution of cyber security? What’s been your biggest disappointment?

RS: For me the biggest surprise was the confluence of existing criminal organizations and cyber crime, especially arising out of the demise of the Soviet Union. In retrospect is seems obvious, but at the time it was a wake-up call for me that guys with guns and baseball bats were going high-tech. My biggest disappointment is that security has never become important enough to spawn secure networks or secure computers. Not a single ISP or carrier has gone to market with a secure network with complete content inspection. Not a single computer manufacturer outside the military has sold a computer whose primary feature is security. They are all happy to sell you security add-ons but not willing to step up and address the underlying vulnerability of their products.

uTest: What happens in the next decade of security is anyone’s guess, but your predictions carry a bit more weight. Care to make any bold predictions on the future of cyber security? The bolder, the better.

Read more…

What an honor it is to have security expert Richard Stiennon cap off another great year of Testing the Limits. Aside from being the most followed IT security analyst on Twitter, Richard is an accomplished writer, having authored Surviving Cyberwar and the soon to be published Cyber Defense: Countering Targeted Attacks. Richard is currently Chief Research Analyst of IT-Harvest, a security analyst firm with a wide range of high-profile clients. For more on his background, click here.

In part I of our interview, we get his thoughts on the difference between security and other types of testing; what the world would look like under full blown cyber war; the biggest threats to the typical web user; the motives of hackers and more. Tune in tomorrow for part II.

uTest: You started out in the field of aerospace as an engineer and wound up as one of the world’s top security experts (so typical). Kidding aside, what attracted you to the field of cyber security? And what’s kept you there for the better part of two decades?

Richard Stiennon: My transition from structural engineer to networking came when I started a dial-up ISP in Michigan, but I did not get the security bug until joining Netrex, which was an integrator of security products and services. Through Netrex I worked with a lot of the early security products and the founders of ISS, and Check Point Software. By the time Netrex was acquired by ISS (later to be acquired by IBM) I had moved on to PwC where I got exposed to large enterprise and performed audits on their security postures. From there it was on to Gartner and after that I was firmly entrenched in the IT security world. I have a low threshold for boredom. The security industry moves so fast you get left behind if you allow your eyes to glaze over for a second.

uTest: Is it fair to say that security testing requires a much different mindset/persona than other types of testing? If so, what specific qualities and characteristics are needed in a security tester? If you were assembling a team of security testers, what traits would you look for?

RS: Security testing of software throughout its development cycle is indeed different than quality and functionality testing. Instead of testing against end user use cases you have to have a mind set of an attacker, a completely different use case. In addition to meticulous use of security testing tools (HP-Fortify, Veracode, etc) a security tester must understand the application and how an attacker would leverage built-in functionality to subvert a system. A security tester must be diligent and detail oriented as well as imaginative and wily – a rare combination.

uTest: In 2010, you published Surviving Cyber War, which gave the world an inside look into the onset of state-sponsored cyber war. Since then, there’s been no shortage of similar incidents (Stuxnet, Anonymous, to name a few). Are you surprised at the speed in which cyber warfare is evolving?

Read more…

In part II of our Testing the Limits interview with Noah Sussman, we ask him some questions on Etsy’s testing challenges; assembling a testing team; localization testing and more. Did you miss part I? You can catch up here.

uTest: Total job interview question: What’s been the biggest testing challenge at Etsy and how have you been able to overcome it?

NS: Total job interview answer: concurrency has been a big challenge for us as we scaled our CI cluster. Most xUnit test runners aren’t designed to deliver massive concurrency out of the box. Eg if you want to run all your PHPUnit tests concurrently, you have to build a special branch of the test runner.

And even then, most tests are not written with concurrency in mind either. So a lot of design, debugging and rewriting of legacy code have been required in order to get to a point where we could run our tests in as concurrent a fashion as the available hardware would allow.

uTest: A previous interview guest once wrote a lengthy post on the “victims of fake agile.” In your view, is there a danger of a half-assed move into the agile methodology? If so, what are some of the major consequences?

NS: I can only speak from personal experience and I don’t know how typical my experiences are. I agree with the author of that post in that adopting Agile won’t fix a dysfunctional team, and it won’t help an organization to learn to accept its limitations and work within them.

uTest: What types of traits/qualities/skills does Etsy look for when hiring testers?

NS: On my team there are two roles for which I hire. These aren’t formal roles and we switch them up sometimes.

I hire software engineers who value quality and who are interested in how complex systems fail. These are the people who customize our mocks and fixtures, manage our coding standards, build static analysis tools, develop Jenkins plugins, design the CI system in general other things of that nature.

Then there is another equally important set of people whose skillset is generally described as “hardcore QA chops and a deep connection to the Etsy community.” The people I’ve hired here have many years of formal QA experience in high-risk industries like finance. These are people who are willing to use what they know about formal process, to help Etsy avoid the need for formal processes.

Here I look for talented QA analysts who are longtime Etsy users and deeply involved in the Etsy community. These are the people who develop functional testing tools, manage Selenium integration with CI and work with others in the organization to formulate test plans and resolve bugs. They also design and improve the process by which we triage bugs found in production.

uTest: How does Etsy – which has a global user base – deal with testing issues related to localization?

Read more…

Our Testing the Limits guest this month is Noah Sussman, test architect at Etsy. If you recall, we chatted with Noah last month as part of our STPCon video interview series, which you can watch here. Noah’s professional background includes a stint at Barnes & Noble, where he was the Tools and Automation Specialist, in addition to being a technical adviser to several startups and organizations. To learn more about Noah, you can follow him on Twitter, or check out his posts on github or Quora.

In part one of our interview with Noah, we get his thoughts on how Etsy tests software; why engineers should take more responsibility for testing their code; testing at startups and much more.

uTest: When it comes to testing, there’s certainly no shortage of collective knowledge to draw from. Who are some of your software testing role models – in terms of both companies and individuals – that you strive to emulate?

NS: As far as people, I work with a great team at Etsy. I feel really lucky to work with this many talented and knowledgeable people. Check out our engineering blog, http://codeascraft.etsy.com, as well as http://github.com/Etsy. You’ll find a large number of people with a wide range of ideas, all of which I believe are interesting. Once you’ve read their blog posts on Code As Craft, you should check out their personal blogs too, because those are fascinating as well.

Sebastian Bergmann and Jason Huggins have also been very helpful to me as I tried to figure out the best way to make CI work with Etsy’s unique deployment process.

As to companies, Blizzard, Amazon.com and Facebook all are using the Internet to build new kinds of communities and businesses. All three are essentially collections of Web services. But they’re able to manage their enormous communities and are constantly adding new features that their users pretty much love.

uTest: You’re an established figure in the testing space now, but you’ve spent much of your career on the development side of things. What (if any) were some of the biggest challenges you faced transitioning from dev to testing? And conversely, what advantages has your prior dev experience given you in your testing career?

NS: When I began making Web sites in 1999, I manually tested each site I built. Sometimes I worked with a QA team and sometimes not, but I have always checked my own work before delivering it, regardless.

As the Web grew, my projects got more complex. Tasks like making sure there were no broken links on a site quickly became infeasible to do manually. Soon even manually viewing every page on a site became unworkable as well.

So I learned some Perl and suddenly I could do static analysis. Then I learned to parse and alert on the output from tools like HTMLTidy, the W3 CSS Validator and later JSLint. After that, the number of bugs in my code dropped dramatically.

At first most people thought I was a little nuts for taking this approach. In 2001 almost no one cared if a site was robust. Web sites were cheap, throwaway things — “brochureware.” But a few years later along came Google Maps and GMail and now Web sites were first-class applications, expected to perform well and last a long time.

After that I just found myself more and more involved in helping teams produce quality Web sites. I think once everyone realized testing Web sites was important, I just naturally got drawn into that because I was interested in the domain. There aren’t a whole lot of Web developers who are really deeply passionate about testing. Or if there are, I haven’t met most of them yet!

uTest: What’s the biggest difference between testing at a startup versus testing at a larger company like Etsy?

Read more…

In Part II of our Testing the Limits interview with Michael Bolton, we get his opinions on the corporate fear of Rapid Software Testing; the challenges of coaching testers; the similarities between testing and sex; why programmers should learn to test; writing about testing; negotiating with the other Michael Bolton and more. Did you miss Part I? Then you can find it here.

uTest: It seems that your primary audience is fairly open the principles of RST. But for those who aren’t, what are their main objections? Have the skeptics made you rethink or refine any aspect of RST?

MB: The primary objection appears to be that people are reluctant to give up their safety blankets. They’re frightened of reducing bureaucracy and paperwork, because those things appear to make testing work more legible.  But that’s an illusion:  bureaucracy and paperwork make illusions about testing work more legible. (Have a look at James C. Scott’s Seeing Like a State for a wonderful description of legibility and how the neo-Platonists and the high modernists get it wrong for everyone except—sometimes–for themselves.)  People seem frightened to invest in skill, because even though skillful work can be very well documented, it doesn’t necessarily leave a familiar kind of paper trail.

People seem frightened of telling a different kind of testing story in a different way, because managers have become used to a certain kind of test reporting.  I think most companies are frightened of finding out what’s really going on in a product or a project, because the truth would be pretty horrifying in a lot of cases.  People are frightened of acknowledging the role of skill and tacit knowledge in technical work, because they’re frightened of having to replace people who leave. The assumption there is that the new hire only learns through documentation, but that’s clearly false; we learn through social interactions, by interaction with our products, and by doing meaningful work for which we’re held responsible.

One more thing:  many people whose jobs are titled “quality assurance” seem unwilling to give up their perception of their own authority. People want to be “influential”, to “own quality”, to “be the gatekeeper”, to “speak for the customer”.  I don’t have authority over the project unless I’m the project manager.  As a tester, I don’t have that authority, nor can I claim to speak for the customer more credibly than anyone else. I’ve met testers who believe that it’s their prerogative to tell programmers what to do or how to do it.  I recommend that such testers reflect on how they feel when they’re told what to do by people who’ve never done testing work.

As for what we’ve done to rethink or refine things, that’s a continuous process. James and I are currently working on a few important threads. I learned a great lesson from Jerry Weinberg in his Problem Solving Leadership workshop a few years back.  Someone accounted for a less-than-successful attempt at problem solving by saying “The complexity of the problem screwed us up.”  Jerry peered over the top of his glasses and replied, “Your reaction to the complexity of the problem screwed you up.”  So in the delivery of the class, we’re trying to focus on helping testers to see the simplicity behind complex situations, so the testers can be more confident in their ability to deal with them. On the other hand, we’re also focusing on helping testers to see the complexity behind apparently simple situations, so the testers have the wariness that they need to avoid being fooled too easily.  We’re also working on showing how to use Rapid Testing approaches in highly formalized or highly regulated environments, pointing to our experiences in financial and medical contexts. Excellent format testing (which is often confirmatory or demonstrative) begins with excellent informal testing. Consistent with that, we’re trying to make people aware that the bulk of their work is exploratory in nature, even though they might not have noticed it.  “Formal testing”, which often takes the form of dog-and-pony shows for regulators or auditors, is one thing. Testing to make sure that people don’t die or lose a fortune or pile on some horrible risk is another thing. Excellent testing of the former kind of testing depends on excellent testing of the latter kind.

uTest: If the Context-Driven School of Testing were a traditional school, there’d be a lot of students on the waiting list. In other words, the community is growing rapidly every day. What’s surprised you the most about the emergence of the Context-Driven community thus far?

Read more…