Conference Digest Mind Map

This is my small tribute to Tony Buzan, who died on April 13th 2019. He was the inventor of the mind map. Rest in peace Tony.

Mind map with central object "Todo Wordcamp Rdam 2019 v1a" with main branches presentations, Notes, Goodies, Books, and Actions. Main branch presentation has sub branches Stomme post, Hashtag, http headers, Get fast and Live.  Sub branch Hash tag has sub sub branches #ewmrtc and a part of an URL. Sub branches  Goodies has sub branches Camera sticker and highlighter. The main branch Actions has sub branches 404, host, security.txt, xmrpx.php. Markers, and “words pictures”. The sub branch Markers has sub sub branch Backpack. The sub branch host has Csp and .htacess. The sub branch Books has sub branches “safe website”, “performance wordpress site”, and “SEO starters”!

Quick breakdown of my mind map

On my smartphone I use Mindjet Mindmanager. It is a rather dull looking mind map program. I can add colour, but that will slow me down. For me mind mapping is jotting ideas as fast as possible.

My first action was to make my conference notes readable. My handwriting is quite awful. The use of sketchnotes did not improve the quality significantly.
Just wait and see.

My notes were about WordCamp Rotterdam 2019. There were some really technical talks. It is almost impossible to translate technical stuff like settings of analytics programs or Cascading Style Sheets to images.
Yeah. You’re right.

Okay. The Notes branch was needed as a reminder that I would read my notes without thinking too long.

Almost immediately I added a branch with presentations. If needed, I would read the presentations in slow speed. Just before blogging I realized I made an error. I opened Twitter search and entered the hashtag “#wcrtm” and “slides”. #wcrtm stands for WordCamp RotTerdaM. All the presentations of the interesting talks popped up.

Another branch is Goodies. These are gifts of sponsors. I lost my highlighter somewhere. I marked this branch with a red cross. Then I remembered that I had a camera sticker from a previous conference, which I found and placed. So I marked this branch with a green V. For the English people: Jack in the box.

I got some booklets / books about SEO or Search Engine Optimalisation, performance of a website and website security. The reason, that I did put this branch under the central object, was to balance the tree. This tip was given by a business consultant. The way I interpreted was that I had to avoid a mindmap with too few main branches.

Back to my Books branch. This branch contained information which I could use. Not immediately, but it was something I could not put away lightly. The Goodies branch was more like: done and forget.

Now comes the most important main branch in my mind map: Actions. Sub branches were added during my note cleanup.

This website still had no proper 404 screen. Yes, there are some plug ins, but is there a more elegant way to solve this problem? Also too many plug ins will slow down my website.

During the conference there were lots of configuration suggestions. As a newbie WordPress administrator I asked, how I could configure this. The answer was to contact the host provider. Actions from my side could collide with actions from the host provider. Bracing for impact.

I still have to place a security.txt on my website. More information can be found in securitytxt.org.

On the web I read some disturbing information about Xmlrpc.php. On the conference it was strongly suggested to remove it.

Another action was to collect all my markers for future notes. A final action was to put extra information about text in my pictures in the Alt Text.

Depending on my progress and feedback of my host provider I will adjust my actions in my mind map.

Tweaking My Blog Accessibility

Accessibility is something which is within my reach. It just took me some years to use it properly.

If you are in a hurry, just go to the Accessibility Tips. If you have more time, you can start with the next paragraph. Next.

Sleight of thought

For my blog I use a default WordPress theme. I try to compensate this standard look and feel with humour. Am I kidding? No.

My first blog post was a struggle with looks. I did not like header 1. The font was too big. I just used bold to make the headers. That looked just right.

During an online computer course I had my first encounter with a screen reader. Users with bad or no view can use this program to read a web page aloud.

My trick for nice headers using bold was backfiring: a screen reader would not recognise them as headers. I really needed some header tag. So I ended up with header 6. This looked good, but it was still not right.

Just a little more

After tensome blogs I started to use the alternative text of the image.

In the attachment details of the pciture the location of the Alt text has been marked!!
In the past this was primarily used for people with slow internet connection. This way they still could get an impression of the webpage, when the text was shown.

In another online course I learned that the screen reader could use this for the communication. Then I read a tweet about using a proper description. So “another mindmap” was not really helpful.

Now I had to compress the information in a picture in a few sentences. That was really tricky, if some graph was involved.
A line graph is shown with three different colours: orange for beginners, green for proficient, and blue for expert. There is a green circle "Skill IQ 135" in the green line, which is connectd to a vertical line with "40th percentile" at the foot!"
The Alt text is as follows:
“A line graph is shown with three different colours: orange for beginners, green for proficient, and blue for expert. There is a green circle “Skill IQ 135” in the green line, which is connected to a vertical line with “40th percentile” at the foot!”

Maybe you noticed the exclamation mark or ! at the end of the text. This is a trick I learned later one: the screen reader reads this text differently aloud.

I even made a blog post with a few screen reader tricks. In this particular post a screen reader user has a big advantage over a user using a normal view.

More exploration from my side

The trick with header 6 was not right. I just knew. A lot of people start counting from 1, programmers from 0. But 6 is not the right exception.

It was a matter of months that I read about a confused screen reader. So I better start from header 1. Which was not my big favourite.

On Twitter I saw a tweet of a user with a bad view complaining about bad contrast. Within minutes another blogger reacted by adjusting his website.

My turn

I did quick check of my blog. It was all black characters on a white background. Then I noticed that my quotes were vague.

Now I had to find a way to change my headers and quotes. Time to explore the Content Management System or software to maintain my blog. Mine is called WordPress.

I first focused on the desired look of my header. I opened my word processor for note taking. My goal was to have my header 1 to look like header 6.

There was a nice tool in my browser: Dev Tools or Developer Tools. In my browser on my Windows machine I pressed F12, scrolled down to a header, selected the element, and saw the properties.

After the selection of header 6 in the upper window the properties of this element are shown in the right bottom window!

I did the same sequence for the quote. In HTML it is called blockquote. Fine with me.

The colour was grayish. I started to play with all kinds of colour codes. Until I realised that “black” was also good description for a font colour.

Dev Tools allowed me to experiment with the properties of the block quote without an intimidating program.

The color of the bloack quote has temporarily been changed to black!

Easy does it.

Now I had two pieces of code. Somewhere I had to fit them in. I started touring the CMS or Content Management System and found Additional CSS using the following path
Dashboard => Appearance => Customize => Additional CSS.

CSS stands for Cascading Style Sheets. Suppose I change the look of header 1 at 1 place. It will affect the look of all headers 1 in my whole blog. Cascading is cool.

I was too early for claiming my victory. Header 1 did not change in the visual editor. I did a preview and it looked right. Okay, found something.

In the left window Header 1 is shown in the Visual Eidotr, in the right window header 1 is shown in the preview!

At the end I had changed all headers 6 to headers 1.
So I only had to modify all the headers of my remaining blog posts. Great. Extra work.

The change of colour in the block quote went smoothly. But I was not pleased with the vertical alignment of the quote. It was too close to the left margin.

On the web I discovered that margin of an object was used to place a rectangle around the quote. Another search led to padding. If I could pad the text in the quote, then it would shift to the right. Left padding was enough.

Additional Css contains: "blockquote { 	color: black; 	padding-left: 5%; }  h1 {     font-size: 16px;     line-height: 1.5; } "!

Because I had only used block quotes for quotes, all quotes in my blog were automatically modified.

Accessibility tips

  • Use header to mark headers instead of making them bold.
  • Add an alternative text ending with an exclamation mark to all pictures.
  • Make the contrast of the colours of the text and background bigger instead of using some gray colour on a white background.
  • Use Additional CSS in WordPress, if you are still not pleased with the look of the elements on the page.
  • Look for other ideas on the Global Accessibility Awareness Day website. For the record it is the third Thursday of May every year.GAAD almost encircled by a powercard attached to a keyboard!

Ending notes

  • I know that there are enough readers willing to check the accessibility of my blog. The status of accessibility on my blog is in progress.
  • At the moment of publishing this post there are still words in bold who look like headers in my first blog posts. There are still pictures without an alternative text and/ or exclamation mark.
  • I would not be surprised that there is still work to be done after all these updates.

Escape The Consultant Trap

During a talk at a test conference a consultant told smilingly to stick to customers. The woman next to me was bristling. Her company hired consultants.

Is there a way to make this situation more painful for me?
You bet.

As a test consultant I had given her a ticket for the conference.
Ouch.

A good consultant makes herself or himself dispensable.

Definition obliged

Looking at the Dutch job market there is a cry for test automation experts. Even testers with a few months of experience have a distinct advantage over the inexperienced testers. They have a proof that they can use the demanded tool. And they are hired.

So if a company really needs test automation and no candidates have been found, then a test automation expert is flown in. This gives the company a real advantage. Or wings for the intended pun.

What is the consultant trap? After a while there is a test framework and lots of scripts and impressive heaps of test data which must be executed, updated, and maintained. In good order.

It is like buying a car which needs intensive care. If it is neglected for too long, then the car will not ride.

All the test automation stuff can be compared with a car. The mechanic is the test consultant.

No consultant means no working test automation, which means no edge, less revenue, and stronger competition. The company is trapped. This also hurts the revenue.

Path obliged

There are some managers who would object with

  • “This is a proof of concept.”
  • “The product is at the end of the life cycle.”
  • “The consultant is only hired during the holiday of one of my employees.”

These sound like sound arguments.

In this blog post I want to focus on test automation experts who are the only ones to operate the test automation in a company.
That’s bad.

Suppose you are a manager and you have the task to improve test automation. Now you have to avoid the consultant trap.

But you still need a consultant to teach test automation to your team member.
Hummm.

According to me a good teacher doesn’t make the homework of a pupil. In terms of test automation a consultant is helping your team member with learning instead of putting all test automation in place.

Don’t touch everything.

Is there a way to determine whether a consultant is a good teacher?
Sure.

Ask to explain how to set up test automation in plain language. Or ask for possible first steps in your company. Other useful resources are recommendations of other customers, talks, or blog posts.

My suggestion is to keep the number of hours of the consultant low and the number of hours spent by your team member high.

My favourite way to learn something new is pairing. As a pupil I like to share the same computer with an expert while figuring out what is happening. The teacher (she or he) demonstrates things to me and then let me struggle.

Pairing is an activity for 2 persons. I do not like searching the right note with fast scribbled words on it because of the high pace of demonstration. And then interrupting my teacher who is teaching someone else in the meantime.

Attention!

While I was learning Test Driven Development, a junior DevOps engineer was watching every step I took.

Once in a while he made remark. Then I told my thoughts aloud and he would gently lead me to the right solution. He had an educational degree and earned my respect.

In short it is about finding the right balance between demonstrating and experimenting.

Another way for me to learn is exploring. Elisabeth Hendrickson made a nice concise format for this:
Explore < target > with < resources > to discover < information>.

I personally like exploring because of the hidden treasures I might find. Dungeons and diamonds.

OK. Back to the Example.
(No DeLorean included.)

A consultant could suggest something like
“Explore data driven testing with Postman to discover a concise way to maintain test scripts.”
A bit vague.

I tend to ask questions.
“What is data driven testing?”

A good teacher will give some examples:
“Suppose you buy 2 items costing 1 Euro each. What will be the total cost?”
“2 Euro.”

“And if you buy 4 items costing 1 Euro each. What will be the total cost?”
“4 Euro.”

“6 items for the same price?”
“6 Euro.”

“23 items.”
“23 Euro.”

“What did you notice?”
“The question became shorter. And you only changed the number every time.”

“So the numbers are data. What I described were 4 simple tests. In Data driven testing a tester or developer extracts data from the tests. So you only need 1 test with a set of data.”

“What would be a good to store the data?”
“A table like in spreadsheet program.”

And this conversation and experimentation could continue for hours.

After the session a debriefing can take place to reflect and determine new points of interest.

After a while I could explore on my own. If I get stuck, then I could contact the consultant.

Let me write about exploration of data driven testing on my own.
“What is the first place to look for?
I don’t like manuals.

Wait. This is cool:
TestAutomationU offers a free online course from Amber Race about Postman.

It contains a section about data driven testing.”

For the video I used sketchnotes for note taking. When I did some experimentation in this course, I used a word processor for notes.

Also now a debriefing is the way to reflect and to determine new steps. A consultant or colleague can be a person to speak with.

Proposal obliged

If there is a company where I would like to work, then it is the one with experimentation and growth mind set. It will earn my loyalty.
Hold my engineer degree.

As a manager you might complain about the time spent. As an Agile practitioner I would answer that competitors might outperform your company by learning and teaching.

In summary hire people with ability to learn and ability to teach test automation.
Thank you for your attention.

Okay time for the legal stuff.

Disclaimer: I have no experience with this approach to escape the consultant trap. I did not do any research. But I do welcome feedback.

According to me this proposal is agile. You learn and adapt. Luckily agile is in high demand.
Say Cheese.

Disclosure: at the moment I am jobless, so I am biased. I would love to have a job with test automation. I made a special form for this occasion.

Struggling to become a DevOps engineer

Sometimes when I am cooking, a bored kid asks:
“How can I help?”
My answer is:
“You can cut the vegetables.” Or
“You can stir in the pan.”

When my kids were smaller, they loved to make pizza. And even small hands are handy for peeling off the brown layers of an onion.

Pair programming

The Test column was empty for a few days and I had finished all preparations for the items in progress. Was there a way that I as a tester could help the DevOps engineers?

“We can do pair programming.”
I was all ears and eyes. So I joined a programmer while he was coding. Once in a while he said his thoughts aloud.

“Okay, now it is your turn.”
I looked at the DevOps engineer expectantly:
“What do I have to do?”
“Programming”
“I mean: what must I program?”

A short dialogue followed. My knowledge of the development environment was almost zero and I did not know everything about Java.
“You better take a course at Pluralsight.”

Pluralsight and Java

In this company every DevOps engineer and the tester (that’s me) had access to Pluralsight. Courtesy of the employer. Pluralsight is an online course platform with a massive load of courses.

“There is a test to determine how good you are.”
Sure no problem.

A line graph is shown with three different colours: orange for beginners, green for proficient, and blue for expert. There is a green circle "Skill IQ 135" in the green line, which is connectd to a vertical line with "40th percentile" at the foot!"

A lot of readers might think:
“Wow, I would hire Mindful Tester.”
Sorry girls and guys. Up to 40% of all people got this level. This basically means that 2 out of 5 people knew as much about Java as me. Not enough to make complex changes.

Now Pluralsight had another nice feature called learning path. So I dutifully cruised through the courses. I had the advantage of two screens, so I could play the course on 1 screen and program on the other 1.

I had some doubts about the courses. It was like a typing course. Just enter the text and you have a working program. Tada.

Another doubt was the absence of Test Driven Development. I shared my concern with a bright DevOps engineer. He reassured me:
“First focus on the language, then the rest will come.”

The same engineer noted the lack of challenge, so he referred me to project Euler. This free online platform had mathematical / programming problems. Afterwards he reviewed my Java code, which I really appreciated.

Java is great, but my team used more tools to develop programs. So I followed courses on Spring and Maven.

At the end of the course I could get some certificate. With no real practice I had some knowledge. On the other hand my experienced DevOps engineers loved Pluralsight. They set the video speed to double speed and picked up their nuggets of knowledge.

HTML, CSS, and JavaScript

“I noticed that you focused on layout.” my scrum master said.
“We need someone who can design good interfaces. Maybe you should focus on the front-end.”

In this company the front-end was a website. So I had to study HTML or HyperText Markup Language, the basic programming language of web pages. I was familiar with HTML. <b> hello </b> is shown as hello. b is short for bold.

I picked a Pluralsight course for advanced web development. This was both horrifying and clarifying.

So I should have basic JavaScript and CSS knowledge. I picked a course with JavaScript: CSS was needed. I switched to CSS. Only HTML was needed. Phew.

What is CSS or Cascading Style Sheets? In my own words it is a way to style a website in s consistent style. E.g. all the buttons look alike and the web page can respond to different screen sizes.

I followed two courses of CSS. They were practical, so I was able to modify the look and feel of a website without changing the functionality.

Next stop on Pluralsight was JavaScript. In my own words this language is used by browsers on the computers or mobile phone of the users. This programming language basically reduces the traffic between the front-end (e,g, website) and the back-end, where the important things happen like handling a payment.

I was lucky again. There were some basic courses which gave me some practice with JavaScript.

If I look at Pluralsight there are some good courses, but it took time to find them.

Edx.org

The biggest disadvantage of Pluralsight was no examination. My scrum master found an interesting alternative, edx.org.

You could call it freemium. The course and examination are free, but you have to pay a premium for the certificate.
Freemium is “free premium” without ” pre”.

I picked HTML5. The course was for beginners. But I was really happy with all the Pluralsight knowledge obtained. The course gave me a good insight in HTML5, but it also showed its limitations.

Next certificate was CSS Basics. Again I had an advantage and obtained enough points for a certificate.

ReactJS should be possible with my basic knowledge of JavaScript. In my own words ReactJS is a language, which can better interact with users than HTML5. The course was tough and I dropped out.

Edx.org and Pluralsight

Edx.org had the same choice problems as Pluralsight. I had to follow course parts to determine whether there was a click.

A major difference is, that Edx.org courses are time bound. After a deadline the course is closed and only accessible for old students of this particular course.

Edx.org has a slight advantage that it offers up-to-date information. Pluralsight has some old courses. For a Maven course this is tricky. Old versions as shown in the video cannot be used.

Another deadline disadvantage of edx.org is that timing is personal. Several courses acquire 2 hours a week. For someone new to coding this number is too low. Sometimes one block of 2 hours would take me 40 hours. There is also a deadline for a certificate. My advice is first to get the required numbers of points and then buy the certificate.

Once I bought a discounted certificate before getting the required points. Let me write it was not my best investment. There are limitations to be aware of.

Security, privacy, and usability

A DevOps engineer does more things than programming. So I learned about website security, privacy laws, and usability.

In the meantime I acquired some DevOps skills like looking in and understanding log files.

Status update

In April 2018 I got the disturbing news, that I was fired.
No bingo for me.

In case you want to know what I am doing right now.

Thanks for reading. I really appreciate it. Cheers.

Other online courses

This year Trish Koo asked for some online programming courses In the answers there are some online platforms I will try the next time.

Tricky Driver Dilemma

Ability to learn

Decades ago I had a colleague without a driving license. In case of trouble he would take public traffic or got a ride of his boss. His boss decided to give him driving lessons during office hours. It saved the company time and money.

Suppose you have a delivery firm. Your company picks up packages and delivers them to the right addresses.

It takes about a few months to get a driving license for a car. But sometimes a motorcycle is more convenient. This will take another few months. If a lot of packages must be delivered, then another driving license for a truck is needed.

For super fast and expensive delivery you can use a spacecraft and …

This is the point, that a favourite quote of a project leader is used:
“This is no rocket science. ”

Searching testers

OK time for the real message.

Suppose you are a manager of a Dutch software delivery company.
You look surprised, but you mentioned Continuous Delivery. Let me continue with writing.

You happen to need a tester. On the Dutch tester job market there is a shortage of qualified men and women. The basic requirement is test automation.

A paper with "Qualified" lies on 2 steps "Advanced" and "Expert"

Why is test automation so hot?
My guess is DevOps or competitors.
But you are the manager and you have all the clues.

So you have to hire consultants to get things tested. And that is quite expensive.
At the end of the project or sprints you have less profit and less experience in your own workforce.
A graphs with a vertical axis with "Profit" and a horizonal axis with "Time" containing a red slow rising line with "Consultant" and a green steeper rising line with "Employed tester" above the red line

A graph with vertical axis with "Company expertise" and a horizonal axis with "Time" containing a red slow rising line with "Consultant" and a green steeper rising line with "Employed tester" above the red line

The only solution is to hire and train testers. Just like the driving license story it takes months and probably years to get testers at the right level.

New testers should be hired for their ability to learn. Of course you can wait, until an experienced test automation tester knocks on your door. Maybe you are lucky this year.

Basically you have a vendor lock in. You desperately need a consultant for the test automation.

A piece of paper with a picture of a lock and "Lock" lies on a step with "Expert"

According to me there are more unskilled testers willing to learn than qualified testers looking for a new job.

A tester is just unlucky, if he or she was not able to touch tools like Selenium and Cucumber during project or sprints.

Teaching matters

One of the things I learned is Zone of Proximity. If people are in the same zone, then they can teach each other.

Stairs with steps "Intermediate", "Advanced", and "Expert" on a floor "Beginner". A rubber band lies on the step “Intermediate” and “Beginner”

There are companies which really want qualified or expert testers.  It is too difficult to  teach test automation to testers with beginner level. In this case they are outside the Zone of Proximity. It would cost your company too much time and money.

Stairs with steps "Intermediate", "Advanced", and "Expert" on a floor "Beginner". A rubber band lies only on the step “Intermediate”.

  • A solution is to lower the requirements for testers and invest more time in teaching. This might attract more candidates.
  • The other option is to keep the requirements and hope high to attract the expert tester. Wait a minute. Wait a week. Wait a quarter.

In the ever changing world of software delivery you need a new edge: how well can you teach testers test automation?

We need to speak. Let’s talk.

Especially, if you want to speak at a conference in 2019.

My New Year’s resolution is to speak at one conference. But it takes a lot of actions from my side.

This year I tweeted about sketch notes for a workshop. This triggered me to write this post about using visual tools in 3 acts.

Ready? Set. Read.

Act 1

A conference does not need a complete presentation in advance. So this is a huge time saver. Call it a lifehack.
Serious. Hack.

I always look at the theme of the conference. Most of the times this leads to 2 proposals. A proposal is a summary of something.

Something is what I am mulling about in my brains. I only have to put it in a mindmap.

There are several structures. A favourite one is an experience report. STAR is rather useful:

  • Situation
  • Tasks
  • Actions
  • Result

Once I was a test coordinator and I was requested to execute a performance test. I hired a performance tester. The website could handle the load properly, but the web masters had to cope with long delays. So I opted for a hybrid approach: a computer for a load test on the website and human testers acting as webmasters.
The result were acceptable response times.

Another way is to address nagging questions. This could lead to a presentation about exploratory testing and regulations.

What about this pitch?
I used Exploratory Testing in the healthcare domain. My tests passed audits in 2 consecutive years.
Pretty cool.

A nice workshop is based on exercises. No sweat no gain.

Structure is something like 1 exercise per hour including setup, doing and reflection.

I always go to the submission form and find all questions in advance. While submitting I prefer copy and paste. I copy the text in the note of a branch in a mindmap and I paste the text in the answer in the submission form. I try to avoid situations like ‘That will take another hour to answer this question properly’.

Most proposals have the following elements:

  • Info about speaker including speaking experience
  • Description
  • Summary
  • Takeaways

Okay time for a visual tool. Enter the mindmap.

For more details just click on the pic(ture).

Mindmap with branches exercises, title, and English alternative
In case you noticed some Dutch words, it is my mother language. So I translated some words in English. For the record this proposal was accepted after more than 2 years.

At the office I worked with TDD. This lead to this mindmap.

Mindmap with branches timeline, setting, references,termen, summary, description, metadata, and Oud

The description. summary, and takeaways are shown in blue and bold. I wrote a lot of thoughts in the branches. This proposal was rejected several times, so I turned this in a blog post serie.

This year General Data Protection Regulation needed a bit of exposure.
A mindmap with the branches activity A, test ideeeen, Zelf, Reported website, mailings, purchase X, purchase Y. and Blad
This proposal was not accepted and also this one was transformed in a blog post serie.

This minimal mindmap was a remake of other mindmaps.
A mindmap with the branches Exercises, Proposal, and Writing
It took me several attempts to get my workshop for blogging accepted for a test conference.

Act 2

The last years I use a lined notebook to make sketchnotes. It is my way to be creative in a visual way. I feel like a Merry Potter.


“A lot of people think you can only use a laptop to write blog posts. Well, this picture shows my tools I use for blogging. And yes, marker and paper have impact on my writing. Sometimes I have to rewrite whole sections.”

Music notes followed by ‘Spotify iTunes”. “MUSIC” has an arrow with “?” pointing to “Blogs”.
“Would you please raise your hand, if you use Spotify or iTunes?
Thank you. As expected most people listen to these services.
Personally I think music is important.
I see people nodding.
Question: why do you not use music in your blog posts?”

"Getting in the flow " followed by a curly lined arrow. "movement" pointing to a typewriter with "Type" and a pen with "write".!
“One of the difficult things with blogging is paralysis. What is my first section, first sentence, or my first word? What I do, is start writing and get in a flow. Movement of the body also leads movement of my mind.”

"Finding" Picture of fish "Marlin"!
“When I blogged a post, I discovered the heuristic ‘Finding Marlin’ Marlin stands for ‘Make a real life impression now’”.

Readers recognise situations like conservations. I just describe what I see and hear.”

"Start" pointing to "0.1" and versa. The same for "Start" and "0.2". The same for "Start" and "0.3". Under picture "etc. Retell.”!

“A good story develops over time. The first time I write a story it is bland. It does not excite me. So I change a few words for more speed and flavour.”

“Meta Blogging”, followed by a rectangle pointing to a rectangle pointing to a cloud. There is also an arrow from the first rectangle to the cloud.!
“A blog post is something I put in the cloud. First I make a file. The text including markup instructions I copy to the cloud for multiple edits and  publication. I blogged about this process. The most left rectangle is the blog post about writing blog post and the resulting blog post. I call it meta blogging.”

A watch followed by "Time Traveling"!
“This trick is a nice one. In the blog post from 3 October 2016 I was really delighted to be invited to speak for my first workshop at an international test conference covering my travel and accommodation costs. The post contains:
‘The fun has started.’
It points to a tweet of 6 September 2016 with the text ‘Yes seriously’.

It looks like I did some time traveling: blogging in October, tweeting in September, and finishing blogging in October. I only wrote towards the tweet, that contained my punchline.”

Act 3

Most of the times I got ideas for pictures from my sketch notes. In order to avoid copyright issues I use my own pictures and sketch notes. Or ask and get permission.

While studying User Experience, I heard about a designer making 50 designs in 50 days. I really liked his work in Amsterdam.
As a Dutchman I am biased. Of course.

Back on course. He made a booklet for frequently asked questions. There were 4 categories with questions. In 2 steps an answer for question was likely to be found.

Now I had a writing exercise for a blogging workshop. Um. Wait, I could use a similar structure for this part.

4 quandrants containing a snail, signpost, someone looking up to a bar, and an empty thought balloon!

  • Snail  meaning “Slow”
  • Signpost meaning “Direction”
  • Empty thought balloon meaning “No idea”
  • Someone looking up to a bar meaning “Bar too high”

I made this nice obstacle map. Attendees could place a sticky note on the map. With 50 attendees I could get a quick overview.
Let’s get visual.

But how to keep up with a beamer? I had 20 mini presentations to handle questions.

Scrolling
is boring.

In my mindmap I placed links to presentations. My first version was solution driven.
Wait, how was I supposed to jump to solutions?
No idea.

I changed the solution to verification of the right context. What were the symptoms? I also would ask some additional questions. Nothing is worse to misinterpret a problem encountered. That is the moment my voice start to Rumble Or … I start to Fumble For …

OK time for a little demo:

A mindmap with branches "Direction", "No Idea", "Slow", and "Bar too high"!
Using the presentation mode only the speaker – that’s me – can see the mind map. I click on “Direction” and all subbranches are opened. Then I click on “How do I write this down? ” and my first slide is shown for the attendees.

TExt balloon containing "How do I write this down?"!

“So basically this is the question, what you are struggling with.”

A tweet showing a photo of "Perron 9 3/4" at Utrecht Central Station. It is overlapped by "Time for magic"!
“I took this picture at a Dutch railway station. ‘Perron 9 3/4’ can be translated to ‘Platform 9 3/4’. This seems impossible.
Writing a blog post looks like magic for a lot of people. Let me take this as a starting point.”

Eye and "Characters"!

“If you look to the books about Harry Potter, there are several characters. It is not all about a single hero. Every interaction adds to the story. If I write blog posts, I can use different views like the tester, the scrum master, or the manager.”

Disclaimer

This blog post does not offer 100% acceptance success of proposals. See act 1. Writing proposals and making talks take a lot of practice. And some visual tools really helped me.

BTW

if you are still hesitating to talk, please consider http://speaking-easy.com.

2024 Testing

This year I wrote some blog posts about legal and certification stuff. like January Testing and May 2018 Testing. So it would be appropriate to shed some light on accessibility and laws.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a legal expert.

I am just a tester finding test ideas about accessibility. Thanks for joining in advance.

What?

During #30DaysOfTesting I recommended to follow Karl Groves and Albert Gareev on Twitter for accessibility. Karl had interesting news for European software suppliers. Some law for accessibility was coming.

Accessibility is coming to EU.
[On the melody of “Santa Claus is coming to town.”]

I started my search engine and found the European Accessibility Act or EAA.
Great, a new abbreviation for upsetting the PO.

On November 8 the EU wrote a proposal to improve accessibility. In section 3.5 “The proposal” of Annex 1 is written, that the implementation should take place within 6 years.

A lot of readers might think:
“No worries, mate.
2024 is beyond the horizon.”

So what?

A lot of companies would think, that this is a rehearsal of the GDPR situation. A lot of companies still think, that everything is under control. Just have a read over a forgotten test.

Okay, a typical reaction about accessibility is:
“There is no law in place.”

Let me give several comments to this statement.

  • It is not ethical. People are dependent from the internet. There are online shops, online bank portals, online government points of access, and so on. People with limitations have a right to use them.
  • There are human rights and right no 9 states, that things must be accessible. Basically the EU bought companies some time.
  • The global organisation World Wide Web Consortium or W3C created Web Content Accessibility Guidelines to help people and companies to make applications accessible. WCAG or Web Content Accessibility Guidelines is mentioned in EAA. So it is a set of practical information to make websites accessible.
  • Actually there are American laws for accessibility.
    These laws are based on WCAG.

    Accessibility is coming from the States.
    [On the melody of “Santa Claus is coming to town.”]

    Companies are being sued because of these laws at this very moment. So watch out with shipping your software to the States.

  • Websites for European institutions must be accessible.
  • Maybe at the end of this blog post I have some other comments.
    : )
    Just scroll down and up.
    I can wait.

What now?

As a reader you have the right to ask for test ideas.
OK, let’s have a look at an OK button.

  • Is it possible to navigate to this button using the keyboard?
  • Is the contrast of the text “OK” and the background big enough?
  • Is OK written in clear font?
  • Are symbols and colours used to indicate, that a press of the button is a confirmation?
  • Is OK not offensive in this context?
  • Does the screen reader recognise the OK button?
  • Etc.

Imagine the dialog with the “OK” button.
Roll up your sleeves.

  • Are the consequences of pressing the OK button clear?
  • Is a pop up dialog really necessary?
  • And so on. And so forth.

What are we waiting for?

It takes time to find the right combination for accessibility.

Did I already mention, that American companies have a clear advantage?
Or the fact, that government websites in the Netherlands must be accessible to a certain degree.

Accessibility on Dutch goverment websites.
[On the melody of “Santa Claus is coming to town.”]

GDPR – The forgotten tests – Test 3

Showing the status code 451 instead of a website is not enough to avoid GDPR penalties in particular cases.

Management report

Showing an error message instead of the website to users with a laptop or PC in EU is not enough. Tracking EU citizens without consent is still possible and therefore not GDPR compliant.

The section ‘Advice’ provides a more detailed description.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a GDPR expert.

I am just a tester finding test ideas about GDPR. Thanks for joining in advance.

Experience report

This is my way to reflect on my research in GDPR of the last months. It took me lots of hours.

If I missed a legal or W3C link, you can always contact me. I am happy to update this blog post.

This spring I prepared a workshop about blogging. I tweeted about the use of sketch notes to find fieldstones. It got attention from @ConstanceHermit and Mike Rohde.

Mike had a familiar name. I bought his book about sketch noting.
He asked me for a sketch note for testing. OK. Wow. WOW.
Sure no problem.

I only had to wait for a good opportunity to put his request in practice. After a few months I saw a tweet about code on a web page:
“451: the website cannot be shown because of legal reasons.”

I visualised some scenarios and found some problems in the chosen solution. In case of impatience you can skip to the end of the article for the sketch notes. Be my guest.

Numbers are fast to communicate. If people want a pizza and call numbers, then I can go to the website and just enter the called numbers.

A pizza menu was used to abbreviate the pizza names: 16 is pizza Salami, etc. This way a protocol was set up.

The internet Hypertext Transfer Protocol is used for web sites. Status codes like 451 provide information to the user.

The problem with being a tester is to make an understandable message. This is quite hard. It is like telling how a car works without using names of car parts. I wanted to put 451 in the sketch note, but that was intimidating. I also skipped flow diagrams.

I also wanted to show off with test techniques. This was again: Not done. This is only nice for testers, but this is no good for people unfamiliar with testing. I can guarantee you that their number is way bigger than the number of testers.

Several drafts later.
One sketch note became 2 sketch notes. First I drew with a dark marker, then I used other markers for more details.

Then I set a new deadline for myself. I would use the sketch notes in a presentation. If a speaker could not make it at the test conference a week later, then I would volunteer. GDPR is still interesting stuff for testers. In legal terms it is good for the public interest.

Now I had to check my picture. And I hit the wall. It hurt.
Access is denied to the website because of tracking without consent

451 was used for legal demands. I clicked on the link to the official request to add an extra code to the HTTP protocol.
This looked pretty official.

In this case the ministry of justice contacted the internet service provider, which in turn shows a 451 to the user. Sorry access denied.

So this was not about web sites silencing themselves.
So all the hours spent were for nothing. I lost hours of work. I felt miserable. This is part of research.

The weekend before the test conference I looked on the internet. This time I searched on 451 and GDPR. The blog post ‘Is http 451 suitable for GDPR blocking?’ popped up.

So I started my due diligence.

Is it right
What I write?

The author is Terence Eden. That was the guy who had the idea for 451. I looked again in the official proposal for 451. Terence was mentioned. So my sketch note was almost good.

So I only had to change the picture. And I was all set.
Access is sometimes denied to the website because of tracking without consent
I shared my deadline with my kids and they talked about it the next days.

The evening before the conference I checked my sketch note about citizenship. GDPR was quite vague:
“Data subjects who are in the EU” [Article 2]

I could not find something about nationality. So a Dutchman in his own country is a data subject in EU. But a Dutchman in the US is not a data subject in the EU. Did I miss something?

So again I was facing a legal problem in my sketch note.

I used my search engine and found several answers on my question: is it possible to track EU citizens outside the EU?
On Quora there was majority in favour for not tracking. One legal looking website had a complex advice with lots of conditions.

Law is not about democracy, but about sticking to the rules.
Basically I hit the wall again.

Now I am a Dutchman. The big advantage is that the number of Dutch web pages is lower than the number of English web pages.

I entered several Dutch words in my search engine and I found an official web page
“Bedrijven buiten de EU die gegevens van EU-burgers verwerken, moeten een vertegenwoordiger in de EU aanwijzen.”

Please allow me to translate this in English by using the language button on the page:
“Non-EU based businesses processing EU citizen’s data have to appoint a representative in the EU.”

These are the first 2 times I found “EU citizen” on the official EU website pointing to GDPR.
“Is this legal stuff for the court?”
“Sorry no.”
“Really?”

There is a legal notice in the footnote containing a disclaimer. So I am quoting from an interpretation of the EU of GDPR. GDPR is leading and not the interpretation.

The day before first publication date I read article 2 again:
“This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

  • (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
  • (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.”

The location of the home of the user was not enough. Again I was trying to attempt to tweak this blog post.

Wait. In 2 (a) I found an interesting exception clause. What if an American shop offers products in the EU.
So I drew a shop in the EU.

Okay, here are the promised sketch notes. Sorry for the lengthy introduction.

In the first sketch note I point out that the web site uses the location of the laptop to identify an EU citizen. But this is different from GDPR. The nationality of the user and the location of the shop should be used instead.

Sketch note showing that a web site is denying access based on location instead of nationality and location shop because of tracking.

In the second sketch note there are two situations, which were not intended by the web site owner.

An American cannot access a website in the office in the EU. But GDPR is not applicable.

Suppose your American colleague comes to Germany to help you a hand. Then he wants to go to a website with an expensive subscription. It is not possible: 451. The web site owner will probably state something about GDPR. Hopefully a disclaimer was added for this case.

Looking at GDPR there is no violation. So no privacy penalties are involved.

The second sketch note is really worrying, because an EU citizen is tracked during her or his holidays in the US. That is not right.

EU citizen gets access to American website and gets tracked. This is not always possible according to GDPR because there is a shop in the EU.

The 2nd sketch note looks like

Sketch note which contains the pictures abouthe EU citizen and the American citizen  and emphasizing the differences.

Finally there is a test idea about an American living in the EU, who used to live in the USA and is planning to go back to the USA. I am quite curious whether customer tracking systems can handle all the moves.

For the people who are concerned about money.
Yes, GDPR can have a major impact on your profit.
“Failure to comply with the GDPR may result in significant fines of up to EUR 20 million or 4 % of your company’s global turnover for certain breaches.”

Advice

In some countries the privacy laws outside the EU allow more ways to track users of web sites than General Data Protect Regulation. According to GDPR it is not legal to track the users without their explicit consent in most cases. [Article 7]

A solution is to show an error page 451 that the website cannot be shown because of legal reasons. This is in spirit with the request.

A way to determine the nationality of the user is to use the location of the laptop or PC.  This can be done by determining the internet address.

This is true as long the laptop is used inside the EU. If the laptop is used by an EU citizen outside the EU, then the user might be tracked without consent. This is illegal, if the website offers products in Europe.  [Article 2.a]

According to me the best way is to switch off the immediate tracking of users and ask for explicit consent.

Tips for testing

  • Go as close to the source as possible.
    Read GDPR or find interpretation of the law given by the legislator or representative.
  • Check and double check information and sources.
  • Gamify testing by using different tools.
    I used sketch notes, mind maps, and the internet.
  • Get used to hitting the wall.

Note about experience report

This is my experience report about GDPR testing. I ran in some problems, but I was able to resolve them. I could just skip the problems encountered, but you, the reader, could get a false impression. Learning is stumbling and standing up. And walking again.

GDPR – the Forgotten Tests – Test 2

Black box testing is quite popular: the tester only has to focus on the functions of the system. There is no need to know about things like programming and other techy things.

“But the box in the picture is not completely black.”
“That is a good observation, because it is part of a black box.

Time for a legal break. After the break a pen test.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a GDPR expert.

I am just a tester finding test ideas about GDPR. Thanks for joining in advance.

The following story has been sanitised by me. Important details have been changed.

Pen test

My wife had bought a gift and she had also found a better gift. So she gave the second gift. And I had the pleasure to return the first gift to the shop. No problem dear.

I went into the shop straight to the counter. After a few sentences I came to my point.
“I want to get my money back.”,
while showing the first gift and the receipt.

The 2 young men went into action. There was a lot of pressing of keys and a new receipt was shown.
“Would you please sign this receipt?”

This was a standard computer generated receipt without a signature field. And I had to leave my signature here. I signed.

I remembered to explore.
“Why do I need to sign this?”
“This way my manager can control, that a customer is returning an article. And not we.”

I ran a quick scenario of returning articles in my head. This sounded reasonable.

But I was still hesitant to leave my signature in the hands of two young men.
“How long will my signature be saved?”
This question led to puzzled faces.

I scribbled the question on a piece of paper. It would be great to have a written answer, so I left my email address.

Then I got my money back and returned 1 week later.

The young man behind the counter recognised me. He went to a pole and pulled my paper with email address off. This was bad.

He dutifully repeated the story about the signature of a customer actually returning an article. The signature would be saved for 1 month. That was fine.

On my way home I was not convinced about the privacy. I had witnessed a breach of my personal data.

Breakdown

In this breakdown I will point to several articles of General Data Protection Regulation or GDPR.

The penalties can be quite big. Let me quote the worst cases
’20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher’ [Article 83 5].

Let me review the most important steps during my visits again. I wanted to return an article and get a refund. Because money is involved, the request for a signature is good [Article 5 1(b)].

The receipt was a bit confusing for me, because there was no clear signature field. I just had to trust what the young men told me [Article 6 1 (f)].

One of the most important things about data is retention period or how long will it be saved. The check of my signature could be executed within a month and then be destroyed. [Article 5 1(e)]

A signature alone is not special. But if I had paid in the online shop, then it is simple to combine my signature with my name and other personal data. This way it is possible for someone else to write letters on behalf of me. It is criminal, but possible.

The note with my email address on a pole was a personal data breach [Article 4 (12)]. It was not intended, but I could get a lot of mails with false promises.

Tips for testing

  • Test the UX or User Experience of the receipt.
    Is it clear to customers that they have to sign a receipt for a refund?
    Can they be specific about any doubts?
  • Ask the people behind the counter, how they explain the refund procedure. Also how they handle personal data like phone numbers and email addresses.
    There are of course managers who will answer the questions flawlessly. Unfortunately they cannot be present in more than 50 shops at the same time all the time.Receipts with signatures should be stored in the same way as money. I did not see how my receipt was stored.

    Small sidestep: after May 25 2018 there were boxes outside shops to collect receipts of customers. If I put a receipt with my name and phone number in the box, then I could be the lucky winner of some fantastic prize. They were cardboard boxes standing on tables.

  • This is an important lesson for myself. If something strange happens, wait to remember it and mention it.

To be continued

GDPR – The Forgotten Tests – Test 1

General Data Protection Regulation or GDPR is all about privacy. If a company handles privacy in the right way, then it can dodge penalties like 20 million Euro or 4 % of the worldwide revenue.

Time for a legal break. Right after this break some idea.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a GDPR expert.

I am just a tester finding test ideas about GDPR. Thanks for joining in advance.

The following story has been sanitised by me. Important details have been changed.

Bad idea

The job interview was about an agile tester. I thought I could handle that role. The probing questions from the interviewers were increasing. I tried to stay calm and answer the questions in a friendly way.

Then came the expected question about test cases. They should be written beforehand. Time to explore.
“You never know what you will find.”, I remarked.
“Let me give me an example.”

“Your company sent me this mailing.”
I showed a part of the mail.
“At the bottom of the mail I could say, whether I like this mail.”
There were two pictures: one green thumb up and one red thumb down. There was an orange arrow pointing to the thumb up.

“If I hover above the picture of the green thumb, the URL will be shown in the status bar of the mail.” The URL was contained in a red eclipse.

A sketch of a mail with an orange arrow pointing to a thumb up next to a thumb down. The mail also contains a URL in a red eclipse.

“As you notice: the URL is http. This is not secure. If the mail is intercepted, then the reaction of the customer can easily be determined. This is an email about credit, so you can derive that the customer probably has some debts.”

One of the interviewers politely interrupted me:
“Is it possible to intercept mail?”
I gave a technical answer using normal words.
Okay, I got his attention.

Then the exploratory tester awoke in me. And I could not stop him.
“There is a customer number in the mail. This number can be used to get access to an online account.”
I went in full brainstorm mode and described all kinds of product risks or things which could harm the user. I could find information about correspondence about money.

I didn’t get the job, but the mailing was fixed afterwards. Obviously 20 million Euros are not enough to qualify as a tester.

But there are retrospectives for.
[On the melody of ‘That’s What Friends Are For’.]

Breakdown

Most of the time primary systems were and are tested for GDPR and national privacy laws. Sometimes this software did not easily support mailings. An easy solution was to use another system outside the company. Specialised in mailings.

All kinds of data like email addresses, names, and profiles were used for mailings. Technical decisions were taken like http instead of https. Somehow the legal department and testers missed something.

According to GDPR the protection of personal data is a fundamental right [ (1) on page 1]. The economic situation of a person can be used for profiling. In turn this can be used to exclude people to get certain services like mortgage [ (75) on page 15].

My tips for testing:

  • become a customer of your own company and use all available channels. Watch for the legal details like the missing s of https. (See last tip)
  • follow security experts on social media. (You know about the last tip)
  • explain legal and security stuff in normal words.
  • let the owner control the flow of information. I should have send my brainstorm on request.
  • read  ‘Here’s Why Your Static Website Needs HTTPS’ by Troy Hunt, a security researcher. It contains an entertaining 25 minute video with several attacks on an http website.
    For people new to security, just watch the video and focus on what you would not like to happen on your website.

Closing note:
At the moment there are browsers showing whether a website is insecure. This was not the case, when I received this mailing.

To be continued.