Category Archives: Marketing

GDPR – The Forgotten Tests – Test 1

General Data Protection Regulation or GDPR is all about privacy. If a company handles privacy in the right way, then it can dodge penalties like 20 million Euro or 4 % of the worldwide revenue.

Time for a legal break. Right after this break some idea.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a GDPR expert.

I am just a tester finding test ideas about GDPR. Thanks for joining in advance.

The following story has been sanitised by me. Important details have been changed.

Bad idea

The job interview was about an agile tester. I thought I could handle that role. The probing questions from the interviewers were increasing. I tried to stay calm and answer the questions in a friendly way.

Then came the expected question about test cases. They should be written beforehand. Time to explore.
“You never know what you will find.”, I remarked.
“Let me give me an example.”

“Your company sent me this mailing.”
I showed a part of the mail.
“At the bottom of the mail I could say, whether I like this mail.”
There were two pictures: one green thumb up and one red thumb down. There was an orange arrow pointing to the thumb up.

“If I hover above the picture of the green thumb, the URL will be shown in the status bar of the mail.” The URL was contained in a red eclipse.

A sketch of a mail with an orange arrow pointing to a thumb up next to a thumb down. The mail also contains a URL in a red eclipse.

“As you notice: the URL is http. This is not secure. If the mail is intercepted, then the reaction of the customer can easily be determined. This is an email about credit, so you can derive that the customer probably has some debts.”

One of the interviewers politely interrupted me:
“Is it possible to intercept mail?”
I gave a technical answer using normal words.
Okay, I got his attention.

Then the exploratory tester awoke in me. And I could not stop him.
“There is a customer number in the mail. This number can be used to get access to an online account.”
I went in full brainstorm mode and described all kinds of product risks or things which could harm the user. I could find information about correspondence about money.

 

I didn’t get the job, but the mailing was fixed afterwards. Obviously 20 million Euros are not enough to qualify as a tester.

But there are retrospectives for.
[On the melody of ‘That’s What Friends Are For’.]

Breakdown

Most of the time primary systems were and are tested for GDPR and national privacy laws. Sometimes this software did not easily support mailings. An easy solution was to use another system outside the company. Specialised in mailings.

All kinds of data like email addresses, names, and profiles were used for mailings. Technical decisions were taken like http instead of https. Somehow the legal department and testers missed something.

According to GDPR the protection of personal data is a fundamental right [ (1) on page 1]. The economic situation of a person can be used for profiling. In turn this can be used to exclude people to get certain services like mortgage [ (75) on page 15].

My tips for testing:

  • become a customer of your own company and use all available channels. Watch for the legal details like the missing s of https. (See last tip)
  • follow security experts on social media. (You know about the last tip)
  • explain legal and security stuff in normal words.
  • let the owner control the flow of information. I should have send my brainstorm on request.
  • read  ‘Here’s Why Your Static Website Needs HTTPS’ by Troy Hunt, a security researcher. It contains an entertaining 25 minute video with several attacks on an http website.
    For people new to security, just watch the video and focus on what you would not like to happen on your website.

Closing note:
At the moment there are browsers showing whether a website is insecure. This was not the case, when I received this mailing.

To be continued.

May 2018 Testing

For the interested British reader this is not about politics. It is about testing software so that it complies with the General Data Privacy Regulation or GDPR in May 2018.

For the people who are only concerned about money. It can cost your company 4% of the global annual income of your company or 20 million Euros. That is seriously a lot of money.
Thanks for your attention.

Disclaimer

I am not a legal expert. So please have a look at my used sources. Or contact a GDPR expert.

I am just a tester finding test ideas about GDPR.
Thanks for joining in advance.

Just show it to me

Suppose you have a cinema and a special web site. You can order tickets, drinks, and snacks in advance. This is a unique selling point.

A marketeer has a nice idea:
“Let’s make some profiles. We’ve got lot of sales numbers, so boost those numbers.”
“What do you have a mind?”
“We just tag customers: B movie, Friday night, first week, ..”
“First week?”
“Like ‘I want to see the movie in the first week after release.'”

If I would go to  this specific cinema, all my actions are recorded.
Big Buyer is being watched too. This sounds creepy. This is my alarm bell as a tester.

My simple question is:
Is profiling allowed?
More accurately, is profiling of European citizens allowed for this cinema web site according to General Data Protection Regulation?

What makes someone a European citizen?

sketchnote with cradle, parents passport and database

Obvious candidates are:  parents, place of birth, passports.  I just stick to Citizenship Administration. I found this one while doodling in my head.

Let me give you a royal example. The Dutch queen has the Dutch nationality, but had Argentine parents and was born in Argentina.

Let me show some graphs:

  • European Union
  • People with no nationality
  • People with 1 nationality
  • People with 2 nationalities

I could make these 2D graphs:

One chart of part of Europe and three coloured graphs about number of nationalities

I could try to stack them and squeeze them afterwards:

One more try:

3D graph made of a chart of a piece of Europe and pieces of sticky notes depicting the number of nationalities

So the best way to define an European citizen is that she or he is registered as an EU citizen in a Citizenship Administration in the EU. Now comes the difficult part: as a web site owner I have no access to this administration. Well. That is a good one.

How can I determine whether an European citizen is in my database?
In most cases I don’t. Because nationality or EU citizenship is not always registered.

“Is an address not sufficient?”
“What about An American in Paris?”
“Okay, email address.”
“What about american@home-in.nl or william-to-be-married@my-awesome-wedding.com?”
“The nationality is registered.”
“Good. What about EU citizens with two nationalities? ”

Looking at the context: if no nationality or EU citizenship has been registered, then I would suggest to look at GDPR. Otherwise definitely use it.

But this is a premature advice. This is a warning. Please read on.

Finding GDPR

If there is one thing I hate about learning, it is memorising information for the sole purpose of memory. I like to have some fun in a good sense of humour.

Here’s where deliberate practice comes in.
Determine a strange situation and look it up.

On my search for the official GDPR document I quickly determined that my target was:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Yes, it takes some time to read it.
And a natural person is human being. Like you and me.

I am well aware that English is not everyone’s native language. Now the EU has this little nice webpage with links to GDPR in your favourite language. Hopefully.
No Chinese, but maybe French?

Profiling and data subjects

Profiling can take place after informing the data subject, who has agreed to these terms for data processing. [GDPR 32, 42]
That is a lot of info.

Let’s go a step back to nationality. I warned you for this.
I am not familiar with the American laws. Remember I am not a legal expert.
Suppose profiling of natural persons is legal according to the American law. For example ‘s sake.

Take a case of an American woman who starts buying action movie tickets. My guess is that her new boyfriend is lucky. Piece of case.

It is very easy to make a profile of her boyfriend. Now this lucky guy happens to be British. And has some royal blood. It rhymes on What?!.

There is still no problem, because it cannot be traced back to some palace. Unless I would couple the data with the email address of a fortunate American actress. Oops intended.

Chain of Gift

The American woman is a data subject. All kind of data is collected, but there is an unpleasant side effect: her boyfriend or fiancee also ended up as a data subject. I doubt whether he would have given any permission. No thank you.

Actrice gives something to a prince.

The Chain of Gift leads to interesting doodles. In orange is the American woman and in blue an European Citizen wearing something called a crown.

Quick explanation for the colours: the European flag is a blue flag with yellow stars. So the EU citizen is blue. For the American woman the colours white and red remain. Somehow these are not appropriate. So I chose orange.

So there is a difference between buyer and user. A man can buy movie tickets and give them to his children. ‘Finding Marlin’ and ‘Monsters Unlimited’ seem quite innocent pieces of data to share.

Dad gives movie tickets to children.

Is it possible to determine the birthdays of the children just based on his cinema visits?
Not based on the movie titles. There is a better chance looking at the number of bought children tickets.

“When are we going to the cinema with my friends?”
“What do you think?”
“On my birthday?”
“Good girl.”
[Big smile]

Birhday party

Another interesting case: a man who buys gifts for his  grandchildren. Depending on the gifts I could guess gender, age, and hobbies. If those grandchildren live in the EU, you might have a major problem.

Man gives gift to daughter, who gives it to her children.

With a low number of children per family it is relatively easy to make a family tree.
I can guess that princess cookies are for 5 year old grand granddaughter and that superhero suit with XS size is for …
You get my points.

My best guess is to make a GDPR compliant approach for my whole customer base. There is no way to determine which European people you are profiling.

Permission granted
Scenario 1
Suppose I am in the living room and one of my kids tries to sneak out of the room. I look in the right direction and get eye contact. The door is opened and closed.

A few days later a man is at my front door with a box of 20 tablets. You know those fancy computer things.
The name of my kid is on the box. O oo O.

Scenario 2
Suppose I am in the living room and one of my kids tries to sneak out of the room. I ask:
“What are you up to?”
“I gonna hack. You don’t mind?”
“Yes, but”
The door is opened and closed.

A few days later a man is at my front door with a box of 20 tablets. The name of my kid is on the box.
“Where can I place the other 500 boxes in my truck?”

Scenario 3
Suppose I am in the living room and one of my kids tries to sneak out of the room. I ask:
“What are you up to?”
“Just read this legal document and you will be just fine.”
“It has more than 10 pages.”
“Can I go now?”
“Okay.”
The door is opened and closed.

A few days later a man is at my front door with a box of tablets. The name of my kid is on the box.
“There are three extra trucks coming with tablets. Where can we unload the four trucks?”

Let me finish the three scenarios at the same time.

A box, one truck and a group of 4 trucks on the way to a finish

“Excuse me, I have to call someone.
Would you please wait outside?”
I close the door and the mobile phone is in my left hand instantly. My kid picks up the phone right away.
“A package arrived for you.”
“The tablet arrived?”
“You can better say: ‘Tablets.’”
“Huh, those are the most expensive tablets on the world. They cost a fortune.”
“That’s why I am calling you. How can you afford these things?”

“You know dad, I needed some purpose in a life.”
“Yes?”
“So I learned to hack.”
“O no.”
“It’s worse.”
“Huh?”
“Legal hackers don’t get paid much. I had my eyes on this tablet. So I said: ‘You pay me in Those Tablets.’
If I got one extra, I could always give it to my Best Friend.”
You’ve got a friend in me.

Websites sometimes are like kids. Scenario 1 would look like:
A window where no permission is asked but just taken
No permission is asked, just taken.

Scenario 2 would lead to the following picture:
A window with a default permission for profiling
A very fast designer filled in a preference.

Scenario 3:
A window with unreadable text with a request to accept these conditions
O yeah. The legal stuff one.
At least the checkbox for the conditions has not been filled. But I cannot install the program, unless I agree with them. Hmm.

GDPR forbids all these three options. They lack the support for the user who wants to protect her or his privacy. Website 1 must use transparency, website 2 a default for no profiling. And finally website 3 must use concise and plain language. [GDPR 32]

Thanks for jumping in

For the interested British reader this is not about politics. It is about testing software so that it complies with the General Data Privacy Regulation or GDPR in May 2018. Déjà vu.

There might be readers in my audience who had another association with May 2018. I know that Harry is a major export product for the UK. And I am not writing about the scarred man who has been featured in a lot of books, movies and a theme park.

Some people are more interested in an upcoming royal wedding of Harry. That might have some impact on your online Harry product web shop. For the people interested in performance tests here are some nice blog posts about performance test and Q&A. From yours Mindfully.

Some research notes

A lot of you who are reading this can still follow me. What you actually missed, is my nonlinear search. For the answer on my question: Is profiling of an EU citizen allowed according to GDPR?

The first thing I did was to download all relevant legislation. With a search engine a legal document could easily be found. Then my inner critic voiced his concerns: where are you basing this blog post on?

What I needed, were traceable sources for my research. The more EU the better. Again I am not writing about politics.
I found some links to some non EU websites. But my main target was the GDPR on an official EU website. This took me some browsing. At last I downloaded the wanted document and saw no differences with the other document on first sight.

I took no risk and started to use the official document as main source for this blog post. There was one big but. BUT the document was a pdf. This format is widely supported by all kinds of apps, but not search friendly. A search takes a while on my smartphone.

I converted the document to epub. Now I had a significant win in time. There was no more interruption in my flow of thoughts.

Let them flow.
[On the melody of Let it go.]

So I sought on the word child and hit my next obstacle: the word article. Now are articles quite common in laws, but to my dismay I had not encountered this word before.

I did another search: article. My references to this document were obviously wrong. So I was referring to numbers between parentheses. I switched back to the pdf document to find exact starting point of the first article. It was roughly at the same spot: 38.6 % of the document. Apparently I was referring to some notes in the introduction. And that is not a problem. I think.

Kids, definitions and laws

Of course there are some exceptions. And exceptions on exceptions. This is a great playground for testers. For sure. For ever.
Because people tend to change their minds. This is my most political statement BTW.

Writing about kids reminds me about the definitions debates which pop up every now and then.
“Children have special protection.”
“What do you mean?”
“You need the permission or consent of the people who take care of the child.” [GDPR 38, article 8]

“And the exceptions are…”
“services for prevention and counseling. In these cases you need consent of the child after asking it in a way easily understandable for child. It is not about child proof but about child friendly.”
“What is a child according to GDPR?”
“A person who is not older than 16 years.” [GDPR Article 8]
“No exception?”
“Of course. Glad you asked. Some national laws can set the limit on 13 years.” [GDPR Article 8]

The first time I read about laws. I thought about stacking them like this.

national privacy law stacked on GDPR

A few weeks later I came up with this.

A pyramid with the following layers from the bottom up; Human rights, GDPR, National privacy law, Region law, and Place law

Yes, another test pyramid.
Why? Because the lower the law, the bigger the impact of the law.
And this model is dead wrong.
Small reminder: it is my model, which is wrong.
Next is my proof.

Let me focus on two layers of this pyramid: GDPR and a national privacy law. If I am a judge judging about a privacy case in Belgium, this is my route: GDPR, Belgian privacy law.
Sign with GDPR pointing pointing to sign with Belgian Privcay Law

Time to add some complexity. You know exception on exception. I have to judge a person with two nationalities.

Sign with GDPR pointing to signs with Belgian Privcay Law and Spanish privacy lawas pointing in the same direction

This is my route: GDPR, Belgian privacy law. and Spanish Privacy law.
I am really lucky. Both laws lead to the same judgement.
Now people will say:
“Hey. I can still use the pyramid?”
“I can make it a camel case”
[Pun intended]
GDPR block with two smalls blocks on top: Belgian privacy law and Spanish Privacy Law

“What about this?”
Sign with GDPR pointing to signs with Belgian Privcay Law and Spanish privacy lawas pointing in the different directions

Summarised: the test pyramid uses impact instead of direction, which is rather complicating things.

Finders fixers

The one, who finds a problem, solves it. This is common practice in my DevOps team. I made a model for testing purposes and found a fault in it, so I have to correct it. Fair enough.

When I was looking for the best law to apply, I thought about the strongest law. Something with the most articles and most severe penalties.

I looked on the internet and found a page in Wikipedia about Conflict of laws. My children are quite sceptical about Wikipedia. “My teacher told me that you cannot trust Wikipedia, because everyone can edit the page.”

A flag, a house, and an arrow pointing to a big dot

Anyways, the following laws seem proper candidates: the law of the country where you live or the law of one of the nationalities or the proper law.
So my mental picture of the signs is the right one. Sign intended.

Writing about signs. I could make a model like this:

A sign which points to 2 signs, which in turn point to 2 signgs
But this model is also too simple. The Benelux, a union of 3 countries, is more complex than this model. The Netherlands is part of the Benelux and has 12 regions. It is difficult to show this in a 2D figure.

A few sticky notes, which hold smaller sticky notes, which in turn hold smaller sticky notes.

But frankly this is even for me confusing. So I rebuilt this 3D by using sticky notes with blue lines:

Sticky notes with 3 blue vertical lines on them

Then I put a sticky note with curly red lines to one sticky:

Sticky notes with verticla blue lines and one has a ticky note with red curly lines.

An then I connect some very small sticky notes with a single orange lines to the last attaches sticky note:

Sticky notes with verticla blue lines and one has a ticky note with red curly lines, which have sticky notes on it with orange line

This model gives me a more appropiate way to handle the laws.

Also on Wikipedia there is a page which described how to determine the right law.  There is basically a set of rules which a judge must follow.

And yes, I do mind the warnings of my kids and their teachers. Kids are like websites: sometimes I cannot ignore them.

If your company is GDPR compliant, then there is no time to rest. You still have to browse through the national laws. [GDPR 8]

This might sound complicated. Let’s take a huge example: the United States of America. If you live in Florida, you have to stick to the laws which are used for all states and the Florida State Law.

What now?

So have a chat about GDPR with the people from the legal department. They can become your best friends in the coming months. And beyond.

To boldly go where no techie has gone before.

Q & A Bits of performance testing

“Why are you writing this Q & A?”
“Because people have questions, which are unanswered about ‘Bits of performance testing’ . ”
“Like?”
“The use of drawings and perfornance test it self.”
“So I can send in questions?””
“Sure on this page. Why not?”

“Hey, I am the one who is supposed to ask questions.”

Plan
“You used a lot of pictures. Is this not a waste of time?”
“In my blog post I drew a picture about the customer journey. This led to the conclusion that the Wifi network should be split in a private and public ones. This is not a waste of time.”
“I agree. But there were other pictures, which did not have that big impact.”
“That is right. But the drawing of picture takes minutes. Implementing the wrong performance scripts takes days.”

“You used SFDIPOT instead of another heuristic., FIBLOTS”
I am aware that this heuristic exists. I also know that a performance tester made it. And I just forgot it.
The reason I chose to pick SFDIPOT is to use this heuristic in another context. I learn by taking small detours. What if I do it in another way? My main reason was that I wanted to write about performance test in another way.
This kept my spirit high and extended my Circle of Comfort. That is a comfortable thought.”

“Your story about the performance test is sometimes difficult to follow. Why did you write a nonlinear story?”
“Testing is an activity which is unpredictable. I can find bugs on the strangest moments. This can trigger other ideas.
In this blog post I tried to describe what is going on in my head.”
“How can you sell this to your boss?”
“Just ask her or him, whether business cases are also written in a linear way?”

“I miss disk storage That is an important resource to watch.”
“You are right. I missed that one.”
“How do you know that this is a good load profile?”
“Some data have to be gathered. Think about log files and analytic stuff. The challenge is not to confuse frequency with resource usage.”
“Would you please explain that?”
“If 1000 users look to a simple web page, then almost no resources are used. If 1 user asks all articles in stock, then a lot will happen. The database is bring queried and much data is moved over the network. So look for resource usage.”

“So I only have to focus on user actions with heavy resource usage?”
“That is only possible with a very simple web site. Sometimes web sites or programs on the backend do not remove their garbage.”
“What do you mean with garbage?”

“Suppose you have a cinema web site. The purchasing department wants to know what kind of drinks and snacks are ordered in advance. Suppose all the results of the queries are stored. It might be interesting for their department and it should be stored on one of their systems. But not in a module of the web site.

Another thing is to simulate the customer. Use the customer journey. A customer does not only buys cards, snacks and drinks. She or he will also collect them. This lead to click paths, how does the user maneuver through the system: which screens will be visited and which options are used?”

“So if you have a lot of data, what do you do?”
“The challenge is to find patterns. Joe Common is more like this:”
customer journey Joe Common
“Why did you not draw the payment page?”
“It is important. I left it out because of the page size. My plan was to sketch out a rough journey. Just wait a few pics.”

“I suppose you left out snacks out for the same reason. Smart ”
“Cheers”

“Why does he go one screen back?”
“That is hard to say. You can make some assumptions or hypotheses: the price was too high. Or the wrong movie was selected. You can always ask some questions to validate the assumptions.”

customer journey no deal

“Hey there is no deal. What’s wrong?”
“Most of the yearly cinema visitor is looking around or scouting. Were there any changes in the web site? Which movies can I see? ”

child birthday party
“What is going on here?”
“A children birthday party.”
“That looks like a lot of fun.”

noted bar graph

“What are you showing me?”
“This is the number of screens and locations which were visited, and their corresponding numbers.”
“The bars in the graph are getting lower. Is this not frustating for marketing? ”
“Actually this is normal. This is a sales funnel.”

extended sales funnel

*It is like commercials: not everyone buys what they see on the television. They do not buy everything they see in the shop. You actually want people to do things which bring profit. The Call To Action or CTA for this web site is buy tickets, drinks, and snacks.”

“Okay Mr. Monologue. I’ve got a few questions.
How did you make that funnel?*
*Like this.*

bar graph to funnel

*Why do you call this an extended sales funnel? Your CTA is buying tickets, drinks and snacks.*
*But there are two moments to buy drinks and snacks: in advance and on location.*

extended sales funnels with CTAs

“If I had put the CTA in the first funnel picture, it would be cut off right under. By delaying this action I got a better view on the situation.

The second CTA is successful, if the first CTA.is good. John Common is not willing to buy extra drinks and snacks after a slow performance of the web site.”

*Are you writing that models can confuse people?*
*Yes, they do. Let me give another example.*
*Be my writer.*
*if you go twice to a cinema, you go twice through the sales funnel.

two funnels in a row
*So you should take repeat customers in account. *

For some businesses good customer contact is vital. In ‘Delivering Happiness: A Path to Profits, Passion, and Purpose’ it is called creating a moment of Wow.”

“And if things go wrong?”
“Just watch social media. Several companies have web care teams who actively look on the internet and engage with grumpy customers.”

“I would be interested in the numbers. So how would it look like?”

draft breakdown numbers

“Wait. This concept looks better than the draft one.”

concept break down numbers

“Are these estimated numbers for all visitors?”
“That is a good question. It is only for the website visitors, who also ordered drinks or snacks in advance. So I have to add a another set of numbers for the website visitors, who did not order drinks or snacks in advance and the visitors who pass the web site.”

“What is no showup?”
“That is a situation, when a customer does not get, what she or he paid for. He or she is ill. She or he found another group of friends and skipped the cinema.”

“This is strange: there are people who go to the shop without the ticket.”
“This is a common group mistake. A group of people at the cinema asking each other: “Who bought the tickets?””

“Why did you show the draft version?”
“I do not jump to solutions. I want to share my way of thinking. My thoughts and my pictures.”

“But those reversed trees with numbers is not a good starting point for scripting, I assume.”

“You are completely right. All that number crunching can take the attention away. If we have 3525 visitors coming in, then this must be translated in scripts somehow. We have to look at the chances.”
“But this is a cinema web site. It is not a casino.”

“Just have a look.”

click paths

“What does 70 % at Movie mean?”
“This means, that there is a chance of 70 % that a visitor goes from the Select Movie Window to Select Ticket Movie. You can call these click paths.”

“You are basically stating that the software has to roll a dice to determine the next step.”
“Yes. There is no single ideal path through the system. I already showed pictures of customer journeys.”

“Wait a sec.”
“Waiting.”
“The web site can easily be tested using a standard performance test, but a shop with real people is difficult. Do we need to test them? ”
“What is the system under test?”
“The web site and the shop.”
“Can you explain it to me?”
“The software supporting the web site and the shop are connected.”

“What does hold you back?”
“How can you test it?”
“I have not much experience with this particular situation. My suggestions would be: make a special interface for the shop just for performance test, mock the users in the shop, or use actual human beings. The latter option I call hybrid testing.”

“”Do you have experience with hybrid testing?”
“Yes, I have. For a web site we had to do a performance test. The visitors were simulated by the software. The web masters were real people including your interviewee. The actions of the web masters were too complicated to script, so we did testing manually. For more info there is a Dutch presentation, A performance test with a tail.”

“What is a good way to determine whether the performance is good enough?”
“A lot of people want a fixed number like a certain response time. Like the application will respond within 6 seconds. I’ve got an example.
In a performance test percentile is used: at least 90 % of the users have a response time of 6 seconds or less, if they do a specific action. This reduces discussions like:
“40 % has a response time of 5.3 seconds. That is quite good.”
“50 percentile has a response time of 6 seconds and the limit is 80 percentile.

Another thing to consider is to determine the worst realistic conditions for the system under test.”

Preparation

“Can automated tests be used with performance tests?”
“I assume you are talking about automated functional tests.”
“Yes.”
“I once got this request and it does not solve the problem. Is your manager writing a business case, a roadmap, and items for the back log for the same release at the same moment? I guess not. Every artefact has his own purpose.
But I wrote a blog post about the combination of automated tests and performance test.”

“When can the scripting start?”
“It is good to have a testable version before the final one.”
“But performance issues might still be in there. Also the interface can still change.”
“Change is always a companion of a tester. What I mean is that a tester should focus on things which will not change on long term. The technical basic components will probably not change. Test data is always needed. Data about the usage of the system is quite stable. Etc. ”

“There are always discussions about the test environment:
“We just put a part of the database in the test environment. “”
“Yes, a copy of the production environment is very expensive.
And yes, a performance test on a reduced environment can give a false impression.
I have a blog post about a huge test environment: Do you really need it?”

Execution or performance
“What would you advise during a performance test?”
“Have a hot line. If things go out of control, make sure everyone knows who to call or mail. Or your favourite communication style.”

Report
“So what should a test report contain?”
“In the report it should be described whether the performance criteria have been met. Percentile graphs are really cool. It is all about a special point in the graph:”

special point

“I would like to see some real life graphs.”
“Sure be my guest. They are on slides 14 and 15 of  the  presentation, A performance test with a tail .”

“What about the resources?”
“That is a good question. This should be covered. A nice pic would be great, but that is something for another time.”

“Thanks for answering.”
“Thanks for questioning. And thanks for reading.”

House rules for bug reports

Some people liked the TV serie about a doctor with a walking stick. This blog is about rules, which are applicable in a company or an office

“There is 1 rule: There are no rules.”
3rd movie about Mad Max

“This is not logical.”
Leonard Nimoy

Let me finish
The most dreaded part of the game: she or he will win for sure. Or worse we have to hang on for another hour. Of mental mockery. This is a sign of unbalanced game. A game you only play once. I am not writing about life here. This is not serious.

Some smart people developed some house rules to balance the game or to accelerate the game. Preferably both.

There is also some serious stuff to do.

One of the basic skills of a tester is to write decent bug reports. There are complete courses for them. I want to share some of my thoughts about them. Particular how house rules are applied to bug reports.

The trick for a good tester is to find the house rules for bug reports. Sometimes they are familiar. Let’s examine an imaginary situation.

  • Select movie Monsters Unlimited.
  • Select two for tickets.
  • Press Next.
  • Add Cola.
  • Set Cola to 1.
  • Add Lemonade.
  • Set Lemonade to 2

Actual situation:
The following message is shown: “You ordered too many drinks.”

Expected result:
It must be possible to order more than 1 drink per ticket. A warning should be shown.

That looks like a pretty example, how to describe a problem.

Let me determine some house rules:

  • Every button press is described.
  • It is completely repeatable.
  • The actions are described in an objective way. No hard feelings. Devoid of emotions.

This is logical.
Leonard Nimoy.

  • It describes what I would expect as a tester.

There are some serious drawbacks:

  • It is hard to read for a dev.
    One dev once gave up after reading my reports.
  • It took me time to write it well.
    You might have notice the tickets and drinks are set in different ways. And I am quite experienced.
  • A standard reaction is: “No user would ever do that.”
    Bug reports are not about proving the odds, but about telling the plausible.

So the trick is to modify or add house rules for bug reports. As a tester I have to make reports. As a dev someone else has to solve them.

It is time for Finding Marlin
“Finding Marlin you wrote?”
“Yep and I …”
“Don’t write any more.” [I just did.]
“It is about three fishes. Now the dad has been caught. Now his son and his blue thin friend whose name I always forget, go on a heroic journey to get dad back.”
What is your favourite sea dweller?”
“Dolphin..”
“So the dolphins are going to help.
And…”

“Thanks for your help.”
“Huh, I was just brainstorming about a movie spoiler. ”
“You just described a realistic situation, what people do in a particular situation.”
“Talking about fish?”
“Yes and showing how people can act in a natural way. ”
“I just happen to like movies.”
“And that’s what makes this talk completely plausible.”

Actually, Marlin stands for ‘Make a real life impression now’.

If I can tell a realistic user story, then devs are compelling to solve the problem. It is not something like this:
“As a cinema visitor I want to order my snacks and drinks before the visit, so I can save time.”
This is an abstraction.

It is about thoughts and needs. Let’s read a mind.
“In the movie Monster Unlimited there are too many monsters, so Mike and his blue furry friend have to move to the desert. That thought makes me thirsty. I need 2 lemonades for sure ”

Is this plausible? I think so.
Let’s ask the PO or Product Owner. Fine with you? So what are we waiting for?

Let’s tweak again
I do a small rewrite of my three drink bug report:

  • Order two tickets for Monsters Unlimited.
    [Hey. That is great. I can order my drinks in advance. Let me see]
  • Order 1 Cola.
    [Looking at a desert makes me thirsty, so I take an extra drink.]
  • Order 2 lemonades.

Actual result:
A message is shown, that at most 2 drinks can be ordered. [I need that drink. This is ridiculous.]

Expected result:

It must be possible to order more than 1 drink per ticket. A warning should be shown. [I take the consequences].

Let me extract some modified and new house rules:

  • The actions are written in a more natural way.
    This speeds up my reporting and it is more readable. I am not programming the programmer. I wouldn’t dare to.
  • Thoughts have been added, so people can identify themselves with the user.
  • Emotion has been added.
    This is a dangerous one. It is extremely helpful in the steps and can become harmful in the actual result. My thumb of ruie is, that it is allowed for a customer and in a few cases for a tester. A customer is not always a tester.

Are you in for a little experience? Have another read.

  • Order two tickets for Monsters Unlimited.
  • Order 1 Cola.
  • Order 2 lemonades.

Actual result:
A message is shown, that at most 2 drinks can be ordered. [This is ridiculous.]

Expected result:

It must be possible to order more than 1 drink per ticket. A warning should be shown.

“This is ridiculous,” sounds a lot harder than in the first rewrite, when only 1 thought has been added.

I will come back to the emotional part later and a few decimeters lower.

A more important question is: Why did I stop the presses? I mean the description of presses on a button or mouse.

This might be a lack of detail for some people.
“You ordered 1 cola and 2 lemonades. Right?”
“Yep.”
“So how did you do it?
Add 1 cola, add 1 lemonade and add 1 lemonade.
Or was it: add 2 colas, drop 1 cola, add 2 lemonades.
Or: add 1 cola, add 1 ginger ale. Drop 1 ginger ale, add 2 lemonades
I could even add some steps to go back, select Finding Marlin, order 2 drinks, change movie to Monsters unlimited, add third drink. But you wrote, that you did not do this. … Maybe.”

Sometimes programmers are great debriefers for testing.
What did you actually do? Why do you think this was a useful test? Did you also have a look at the other features? Did you also check the interaction with the other modules?

“They scare, because they care?”
That is not the appropriate way to write about devs. I do not have to fear, if I can answer their questions. And yeah I make mistakes like devs. Then I have to admit, that I was wrong.

Back to the example:

  • Order 1 Cola.
    [Looking at a desert makes me thirsty, so I take an extra drink.]
  • Order 2 lemonades.

Now I can make another house rule: take the shortest route.
Of course the devs have to agree. Then you have a new rule. In da house.

Can this lead to a discussion?
You bet.

“Did you test other combinations?”
“No, I was just exploring the web site.”
“Did you know you cannot order the lemonade in the winter?”
“No”
“So you better test it. It took me some time to program that.”
“Thanks for the information. I wonder how I can change the system time. Maybe you can help?”
“Well that is easy. You …”
I just leave these 2 techies alone. I have another interesting section coming up. In the meantime ..

is a scenic tour also plausible:

  • Order 3 donkeys.
  • Order 2 dragons.
  • Reduce the number of donkeys to 1.
  • Reduce the number of dragons to 1.

This is still the shortest route. Every step was needed.
You might call it Advanced Donkeys and Dragons. So long the troll stays away.

Lectori Ludum – Game for the reader
The game shown in the picture is the pocket version of the Hive. It is a 3 dimensional game and it has house rules.  And it is about bugs.
I like it’s complexity.

Let me get emotional
I promised you to explain, why emotions are important. I already gave a small hint.

This is something I experienced.
I was in the hospital. The nurse behind the desk tried to formulate excuses to me:
“I did not give [your case] a high priority. You sounded completely in control. ”

This is a big disadvantage of being a tester. I had been programmed – I know: bad word choice. – to give an objective report, which put me in the middle of the line.

A bug report is a thing I not only make for work, but also in private life. If I don’t like something, then I want to get things fixed. So if I order a book and the book is damaged on arrival, I file a bug report. If the book seller does not provide a good service, I get angry. So why can I not show anger to get things fixed?

Do users of software have needs and feelings?
I think they do.
What about persona?

This is a description of customer with all her or his interesting characteristics. A good name can help a lot.

I do not have any experience with it. Personally I think it can be useful. No pun intended. I am a personal ally of the User experience or UX designer. That’s an intended pun.

Let’s start a thought experiment.
So we have the excited Kid, the bragging teenager, the unlimited cinema visitor, ….

Of course the excited kid will not handle the payment on a cinema web site, but she or he will definitely want to choose her or his own drink and snacks. “Dad, how can I order a Cola? It has already been chosen.”

A small side step.
For marketing people this is cool: can I sell packages to the kids?
For the regular movie visitor a limited collectible cup for the drink can be quite tempting. Gotta have them all.

Back to the Excited kid.
“Dad, did you really choose Finding Marlin?”
“Yes, I did. Just pick your drink and snack, dear.”
“What is a kid package?”
“I think it is a drink, a snack and maybe a toy in a box. Does the web site show some description?”
[A little silence]
“I can use a link. Yes you are right, dad. ”

[Another little silence]
“How can I get back on the page?”
“Push the back button.”
“It does not work.”
“Just close the tab.”
“It works.

Where is the page for the drinks and snacks? I cannot find it dad.”
“Let me have a look dear. That is strange I cannot find the tickets.
We have to start all over again.
O dear, all tickets have been sold out.”
This will start an outburst of emotions. In turn these form a good starting point for Non Violent Communication.

Last week while I was still assembling this blog post, I saw a tweet of Santosh asking about NVC. He had read a conversation between Jari and Lucian. And he couldn’t resist himself to “barge” in. I sent him a link to some basic  resources.

NVC stands for Non Violent Communication. This model uses 4 elements: observation, feeling, need, request. Luckily there is a cinema example available for use.

  • Observation
    The kid tried to figure out, what a kid package was. This led to a situation, that tickets were lost.
  • Feeling
    The kid is sad and the dad angry.
  • Need
    The kid has a need to share: to tell about the movie at school. The dad has a need for independence, that his kid can order her or his own drink and snack.
  • Request
    Would you please provide a way to show information about the kid package without losing the ordered tickets?

Browsing through these four elements makes the request reasonable. I am tempted enough to call it logical.

[Answer on, why his parents married]
“That was logical.”
Leonard Nimoy [TV serie]

By the way it took me a while to determine the need of the angry dad on https://www.cnvc.org/Training/needs-inventory. A need is personal. The basic thing is to describe the point of the view of the user. As an observer I have to be very careful to fill in the need of the user. It is not possible to read one’s mnd, but it is possible to ask about someone’s need.

Now I am quite close to the heart of the bug report. If someone asks to solve a bug report, then it is easy to program the expected result. If I test something, it is easy to check only for the expected result. And of course I can test all the other impacted functions and data, but does it really solve the problem?

Let’s have another look at the kid package problem.
A programmer could program the interaction as follows:

  • if the mouse is on the kid package, a small message will be shown containing the description of the package.
  • The message will disappear, if the mouse is moved.

As a tester I can easily determine, that the impact on the data and features is minimal. So it looks easy to test.

Well. There is a huge problem lurking there.

Let’s take a closer look
“So I have 2 tickets for Finding Marlin, 1 cola, and 1 carrot.”
“A carrot?”
“What’s up, doc?

So I go to the ticket counter and get tickets, the package, the drink and the veggie.”
“No, you only get the tickets. The rest you have to collect in the shop.”
“Why?”
“There is no place for all the snacks and drinks.”
“Sounds fair to me.”

“If I enter the shop I pick up my order and continue to the movie.”
“You actually have to collect all your ordered stuff yourself.”
“Why?”
“Just imagine a cola standing there for a few hours. It might have less bubbles and is warmer. Now think about ice creams. Or your carrot’s waiting days for a nibble.”
“You’ve got a point.”

“But where does it state that I have to collect all the stuff?”
“It is on the voucher.”
“Which voucher?”
“The one you get at the ticket counter.”
“Okay. Can you please show me 1?”
“Sure. Here’s one.”
“Hm that is small font.
That means I still have to be 10 minutes earlier to collect my order.”
“Uhuh.”

“So I collected.my order, I show my voucher and see the movie.”
“Yes, you just go to the counters to claim the voucher.”
“Wait. You said counters. But I do not have to pay again.”
“The counters have a scanner for the vouchers. There are so many orders, that there is no standard voucher.”
“Okay, let me summarise again.”
“Collect order, go to the counters, show voucher and see movie.”
“You’ve got it.”

“So I go with my voucher to the voucher queue.”
“There is no voucher queue.”
“Wait a minute. I have to get in the same queue like the other people.”
“Yes.”

“But there are no real benefits to the service. I only pay in advance.”
“Yes, but I like the idea of a special voucher counter.”

“The user story was:
‘As a cinema visitor I want to order my snacks and drinks before the visit, so I can save time.’
If I look for a need, i would say the need for ease. Within minutes I should get everything: just show the tickets and collect everything.

What about this?
How much time does it take to collect the order for a customer?”
“3 minutes.”
“So if I couple the GPS location of the customer to the order, then it is easy to collect the order. What about that?
Faster service and happier customers. Just make them smile.

And I could continue writing about what to do with the money in case if the customer does not show up. Or the customer changes his mind over the snack. Every solution should be focused on the need for ease.

Let me speed up the reporting
Navigation can be compressed using arrows. E.g. Menu => New.
If too many arrows are used, then the user experience should be improved.

It is possible to save time by adding bug descriptions in the comments instead of linking new bug reports to the report. If the devs can keep up with your pace of reporting, this saves lots of time. In one project I had a supplier, who had no overview and was slow. Then separate bug reports were extremely handy.

During my first year in an agile team
“I found a bug.
Do I have to report it?”
“You can talk about it?”
“So I do not have to write it.”, I wondered.
“We are talking.”, my scrum master answered with a smile.

Let me think
Post Ludum [After the game]
A continuing thought from me: are there other house rules to break? For better quality of life and work.

Why am I now thinking about retrospectives? It must be a flash of insight. I just wrote one : )

 

 

 

 

 

 

Let me write
I thank you for that.

Let me talk
I wanted to write a small blog post about bug reports and it almost turned into a talk. Too many stories in my head. So …

my proposals for talks for test conferences will be sent in the following months.

Let me thank you.
Thanks for reading. Real thanks again.

FAQ for Tester Recruiters

An imaginary situation decades ago.
[Phone rings. I pick it up. Interested, who is calling]
I: “Hi”
Caller: “Hi. Joe mentioned you were interested in a blind date.”
I [Pleased to be called]: “Sure.”
Caller: “Are you intelligent?”
I [Ignoring the undertone]: “I am studying at the university.”
Caller: “That’ s great. Can you talk about computers?”
I [Internal sigh]: “I am studying computer science.”
Caller: “Are you attractive?”
I: “Just pretty.”
Caller: “Hum”
I [Annoyed]:”Why can pretty people have no blind dates?”
Caller: “Do you look good in a bikini?”
I [Upset]: “Excuse me. I am a man!”
Caller: “I just thought you had a low voice. Sorry for wasting your time.”
I [Angry]:”What the …”
[Caller ends conversation.]

Standard questions from tester recruiters, which are usually asked at speed date speed
Are you interested in a job?
Yes. I don’t have a job.

[LinkedIn] Can we connect?
If I do not know you, then I will not connect with you. I connect with you, if I trust you.

Would you please call me?
If you provide enough information about your company or customer, I might be willing to call you. It is also handy to provide a phone number.

Would you like to send me your CV?
All relevant information is on LinkedIn. I will send you my CV, if I am interested in the job.

Where do you like to work?
In the Randstad and the area southward to and including Breda.

 

Do you work and think on an academic level?
Yes. I am an engineer graduated at Eindhoven University of Technology.

How long have you tested?
In 1996 I started with my career as a professional tester. The information can be retrieved from LinkedIn.

Do you have relevant test certificates?
Yes, look at my LinkedIn profile.

Do you know the following test automation tools [tools names]?
I have no experience with test automation, but I have theoretical knowledge. At the moment I am experimenting with Selenium, Eclipse, and Java. I have more than 5 year experience with programming in C and C++.

Do you have experience with scrum?
Yes, one year.

Do you know Cucumber?
No. But I can pick it up.

Do you want to freelance?
No.

I’ve got a job for a test coordinator. Is this interesting?
It depends. I can make test plans and test reports, if necessary. But I prefer to test hands on most of the time.
Do you want to be a senior tester?
Yes. Please.

Do you know other testers, who might be interested in this job?
Yes, I know a lot of good testers. Even excellent ones. In the past I suggested some names. I did not get proper feedback, so I decided to stop mentioning names.

More preferable questions for me from tester recruiters
How can I contact you?
Just send a personalised e-mail.
What is “personalised” according to you?
If I replace my name by the name of a random fellow tester and the mail is still applicable, then it is not personalised.

Do you want to know more about my company or client?
Yes, of course. I am really interested in the way they work, the company culture, and the products / services. I am all ears.

What kind of company are you looking for?
A company, which has agile projects in house.

What is important for you?
I like a company, which is committed to go to the next test level and where I still can develop myself.

How do we stay in touch?
I prefer one contact person.

How often can I ask you something?
If there is an interesting job, you can ask any questions. Please don’t ask the same questions twice. It’s extremely annoying for me, especially if you have my recent CV.

When should I thank you?

  • After I sent you an e-mail.
  • For this blog post.

Disclaimer
I wrote this blog post on 8 December 2015. Things might have changed in the meantime.

Sound check (and other interesting things in other backyards)

Xoun is a strange brand name to pronounce. The question is, whether this sounds right to shopping people. If you turn the picture upside down, you will read a known brand name in the Netherlands. (Which I associate with a mug with welcome warm soup after hours of sailing on the lakes in Friesland.) By taking a different view some things might need more attention than you might expect. In this article I will tell about three situations, in which non IT related information can be helpful for an IT engineer.

Granting a small favour

In the nineties my customer planned in a special activity to introduce internet to his employees. So I ended up talking with a woman from the legal department. She stated, that shipping information should always be mentioned. It would save her department and company a lot of time and money.

A few weeks later it was time for my courtesy call. I called the lady from the legal department. After a short introduction I came to the point: “I just discovered, that your company is selling products on the internet. I could not find the shipping information.” A silence followed, so I had to repeat the message. A muffled “Thank you” followed. A few days later the web shop was off line.

In case of surprise

A special meeting was planned and the project manager was constantly talking about Rbbit. After a while I figured out, that the Rbbit was not a nice white fluffy animal appearing in the magician’s hat, but a Big Bug in the software system. “Two weeks ago we had a Rbbit. Last week we had a Rbbit. What do you expect for next week?” I answered, that another Big Bug would show up. “What are we going to do?”. I spoke up again: “I would set up an emergency procedure.” The project manager was not pleased with the answer: “Do you expect, that I will restore the complete database?”

“If wrong information is sent to the customers, then a new mail must be sent to them, that they should ignore the information in the sent mail. You could also add information, when the right information will be sent. The next step is to investigate and solve the problem.” The project manager finally agreed: he needed phone numbers of people in the operations department and operational measures.

What’s it in for them?

As a software tester it is very tempting to use different plug ins in your browser to analyse web sites. During one of my trials I encountered a tool, which provided me much information. I did not understand, why the tool was given away for free. The web site for the plug in tool was basically stressing the benefits. At that moment I was doubtful, whether I had installed malware.

After more extensive searches on the web I discovered a related business web site, which offered information about websites. This information was gathered by users using the above mentioned plug in. So the business model was as follows: determine, which information is useful for IT people. Provide a free tool for collecting information and sell the gathered information with a nice profit.