Latest Entries »

Off the beaten track

Filed Under: Automation, Performance testing by Trish Khoo
Jul.30, 2010

You learn a lot more when things don’t quite go to plan, than when everything goes smoothly. So here’s a story I think we can all learn from.

James and I wanted to do a kind of performance test which involved the creation of many elements in our system. So we decided that a quick way to do it would be to leverage the common methods in our existing GUI automation suite to create a heap of accounts through the interface. We drew up a plan and wrote the test script.

Why did we choose to use GUI automation? First, as was mentioned, we already had existing code we could reuse, so we thought script creation would be reasonably fast. Also, James hadn’t used our test suite much before, so it was a good opportunity for him to become more familiar with it. In addition we figured it might reveal some interesting GUI bugs while it was running, as kind of a by-product.

This test script was massive. Luckily, most of the creation methods were already written, so we just had to get the test creating what we wanted. I knew that GUI automation could be a bit fragile. So we got the script to track its progress in a text file, so that when it got interrupted, we could just restart it and it could just pick up from where it left off.

We estimated it would take a couple of days to create the script, and about 50 hours to run it. How wrong we were.

The first day started out slow, as James battled with installing Visual Studio, Webaii and Gallio on his machine, which progressed as an epic series of fails until finally he was able to START writing code at the end of the day. Meanwhile, I managed to make a decent start on my part of the script. After a while we realised we would have to write some of the data directly to the database, so we asked a friendly developer for some help. Writing data this way would prove to be a bit of a time saver later.

Four days later, we were finally able to start running this script. It tripped over a few times, but it could run uninterrupted for an hour or two. Some observations were made:

TK: a little null reference exception never hurt anyone. off it goes again.

JM: As if nothing ever happened

TK: happy, carefree test script

TK: gamboling through the wild plains of GUI automation

TK: though null reference exceptions may block its path, does it falter? nay it continues, unhindered and free

a majestic beast

It was actually running quite smoothly on my machine, only occasionally failing to find page elements for some unknown reason. So we ran it on my machine for about half a day.

JM: Sweeping majestically across the plains and all that…

TK: like a gazelle, leaping through the DOM…

JM: Yeah!

JM: Definitely evoking gazelle-like feelings

TK: let no id=basicTab stand in its way

TK: it’s much nicer to think of it as a gazelle

JM: Than?

TK: rather than how i usually think of it – like a small child picking up the browser and punching it into submission

After a few hours we realised that our original estimates were way off. At this rate it was going to take about 250 hours to run. We didn’t have that kind of time, so we decided to split up the creation workload and run it in parallel across five different machines. Then the real fun began. While it ran relatively smoothly on my machine, it didn’t go so well on other machines because my machine was much faster than the other machines we acquired. So pages were taking longer to load on the other machines, and the automation kept falling over because it couldn’t find page elements in time. Our majestic script was not looking so gazelle-like anymore.

TK: off it stumbles, like a fumbling beast, tripping over its own legs and the occasional blade of grass

TK: running like an oafish monstrosity, crashing into trees and occasionally falling into holes that aren’t there

TK: oh see how on broken wings it flies, soaring erratically through slight zephyrs, smacking into small buildings

It would only run a few hours at a time if we were lucky, and it had to be manually restarted. After a few days, its progress was dismally short of its target.

We decided that we couldn’t spend much more time on this, so if it wasn’t done by the end of the day, we would just use what we had. We still wanted to get some nice peaks happening, so we modified the progress files to focus only on the peak areas, divided it up among the working machines and set it on its way again.

With most of the test data in place, we made plans to start our performance test. The final piece of the puzzle was simulating user activity in order to trigger the functionality that would (we hoped) stress the system in interesting ways. We took the path of least resistance in this case; using a Ruby library that had been written as an experiment in a previous test. With a few small modifications, the Ruby script consumed the output from our main setup automation and simulated the actions that we required. Again, we divided the work and ran several scripts in parallel to speed things up.

After running the test for a few days, we didn’t find any big showstopper bugs but we did end up finding a few smaller bugs. So was it worth doing? We didn’t necessarily get what we set out to achieve, but it produced many valuable outcomes:

  • It demonstrated a few things about our test framework that could be improved upon, which motivated us to make these improvements.
  • It demonstrated a few shortcomings of GUI-level automation. Trying to get GUI-level automation to do anything for a long amount of time is prone to error from multiple sources: The test environment, the browser, the speed of the machine it’s running on, the sun, the moon, the way MbUnit happens to be feeling at the time, etc. For generating data, we would have been better off just directly injecting the data into the database.
  • Just by telling the development team that we were going to do this test, and telling them exactly what we were planning to do made them think about what issues it could run into and they started working on improvements even before the test had been run. One developer who was assigned to look into a specific bottleneck ended up using elements of our data setup script to create his own targeted test for his changes.
  • The Ruby user action simulator ended up being a really useful general purpose tool.
  • We discovered a heap of GUI-related bugs as a result of checking the progress of the GUI automation.

What could we have done better?

  • When we started out, we only had a vague idea of how long it would take and how long we could afford to spend doing the test (we needed to ship the software at some point too). In hindsight, perhaps we should have set some clear upper limit on the time we would spend working on the problems before admitting defeat and attempting to tackle the problem in another way.
  • Our objectives and expectations evolved as we learnt about the system, the test framework and hundreds of other variables that we hadn’t considered. This is a common problem in software projects and perhaps if we had set some clearer goals at the start we wouldn’t have drifted at times.
  • We could have involved other team members more in what we were doing by updating them on the specifics of what we were actually implementing in order to give them a chance to give their feedback and opinions.

And hey, in the end the feature was deployed successfully and within a reasonable timeframe. So ultimately we achieved our mission, and learned some valuable things in the process. Success!

Written in collaboration with James Martin.

read more

Why writing blog posts can be as difficult as shipping software

Filed Under: Random musings by Trish Khoo
Jul.25, 2010

First you have the inspiration phase – you’ve got this great idea, so many thoughts on the topic and you can’t wait to write it all down. This will be the greatest blog post ever!

Then you have the implementation phase where you start writing madly. You probably get about halfway, maybe three quarters of the way through and then you stop. You’re pretty pleased with how it’s started, but how do you finish it?

Then comes the scope creep. You see a few points that you’d like to expand. Suddenly you’re putting mini blog posts within your blog post. But you don’t want to just save the expanded points for a separate post because you figure if you don’t write them now, then you probably never will.

Now that you’ve expanded some of the points, you wonder if you should be expanding all of your other points, for balance. It all starts to seem like too much work, and you haven’t even wrapped up your post yet.

Then there’s the quality assessment phase. At this point you’ve probably left it for a few days and decided to re-read it, hoping to recapture that inspiration that will let you finish it. But the initial inspiration and motivation has worn off somewhat, and you’re starting to dislike what you’ve written. You consider rewriting part of it, or all of it. Or maybe scrapping the thing all together and starting on something new.

If you’re lucky there will be a release phase after this, which often can seem like a bit of a death march. You’re struggling to find any words to summarise your once-great blog post, but everything you write seems corny or contrived. Eventually you declare it “good enough”, whack it online and hope for the best. You’re probably still thinking about the parts you wish you could have done better.

And then most of your readers will skim it, get the general gist, and probably even like it. A couple of typos might be reported here and there, big deal. What were you so worried about?

read more

Rockstar testing

Filed Under: Random musings by Trish Khoo
Jul.24, 2010

I often hear about “rockstar developers”, but I never hear about rockstar testers. Which makes me think we could do with a few of them, since at the very least they’ll make our profession sound a lot cooler. Not that software testing isn’t viewed as a glamorous lifestyle already of course. So here are some ideas of mine for being a rockstar tester.

Who needs the rules, man? Software is an evolving industry, testing particularly so. Methods that were accepted as best practice just a few years ago are already being questioned now. New approaches are being formulated all the time, and many of them work really well. Everyone has the opportunity to be a pioneer in this industry. Don’t limit yourself by what others tell you is right. The best way to learn is through your own experience, so get learning!

Keep the band together. Don’t wait until meetings to talk to your team members. Talk to each other every day, tell each other what you’re working on and how it’s going. Share interesting articles, catch up over lunch. Then maybe you won’t need such lengthy team meetings anymore.

Give the people what they want. What good is music if nobody wants to listen to it? It’s the same with everything you do – testing, reporting – none of it matters if nobody wants it. If nobody is bothering to read your reports, trim them down or find a different method of communication altogether. I used to write 20 page test plan documents at my last company. When I tried it at my current workplace, nobody wanted to read a document that long. The last test plan I wrote was a paragraph-long note written on our bulletin board. Nobody complained about missing information, actually they were all pretty pleased because they had less to read.

Listen to your critics, but listen to your fans more. It’s easy to take criticism to heart, but don’t let it deter you from taking risks. People won’t always like the way you do things, especially if it defies convention. But when someone likes what you’ve done, don’t just do it again, think about how you can improve on that and make it even better.

Also, it couldn’t hurt to get a guitar, take up some kind of illicit drug and stagger into the office at 1pm every day smelling of cigarettes and hard liquor, with a couple of groupies in tow. Actually that probably could hurt a bit, in the sense that it could get you fired. Best to just stick with the guitar part of that advice.

read more

Considering job title change to “Technical Voorlooper”

Filed Under: Random musings by Trish Khoo
Jul.10, 2010

Lately I’ve been using a little ruby script (made by fellow Campaign Monitor tester James Martin) to generate random strings of words for test data. Yesterday it generated something like “conical oribi voorlooper”.

From voorlooper.net:

“Voorlooper means in the simplest sense a scout or  forerunner – someone who is ahead of the pack. It also means someone who  is searching for answers, ie. testing new grounds, something also like a  scout in an adventurer’s party. It also has a darker meaning of one who  brings news of the future, of foreboding or a harbinger.”

Sounds a bit like a tester to me!

read more

Haiku dedicated to a special automated test script

Filed Under: Automation, Random musings by Trish Khoo
Jul.06, 2010

Unhindered and wild

Null pointer errors no obstacle

A majestic beast

read more

Getting started with test automation

Filed Under: Automation by Trish Khoo
Jul.03, 2010

Test automation seems to inspire mixed reactions in the testing community. There are those who believe it’s absolutely essential, and those who shun it completely, with all shades of grey in between.

Are we all even talking about the same thing?

“Test automation” is generally used to describe any form of testing where some form of software is executing tests rather than a human being. This kind of testing comes in many flavours, such as:

- Scripted unit tests

- Tools that allow testing of services

- GUI-level test automation using record and playback tools

- GUI-level test automation using hand-coded frameworks

When I talk about automation, I generally talk about GUI-level test automation using hand-coded frameworks.

Why do some people mistrust automation so much?

Your own experiences with test automation will shape the way you see it. Here’s a pretty typical story that I’ve heard many times:

Once upon a time there was a test team that had thousands of manual test scripts to run and it took them a very long time to do it. One day, a friendly automated test tool vendor told them that they could reduce the time to do it if they just used a test automation tool to do it for them. The test team bought the tool and automated a large portion of their tests. After some time, they found that they were spending so much time fixing the automated tests that it really didn’t save them any time at all. What’s worse is that they weren’t finding as many bugs now that they were using the tool to test for them. But by then it was too late – they had already paid for the tool so they were stuck with it and had to use it.

Why do you like automation?

Here’s my story:

I started out as a developer, but my boss soon noticed I had much more of an aptitude for finding bugs than fixing them. So he encouraged me to try testing. So I joined a company that was big on test automation. With my developer background, I easily picked up automated testing. This company tested projects in the following way:

- Manual test scripts were created from requirements

- 80% of these test scripts were automated, using GUI-level test automation with hand-coded frameworks

- Automated tests were run every night. Any scripts not automated were run manually during regression testing.

And it WORKED. Projects were built in an environment with very strict processes and change procedures, with staff dedicated to test automation. The developers were all very experienced and built the software in such a way that it would be easier to automate tests for it while it was being built. The software was built to a consistently high standard and deadlines were met with this approach in place.

So that was an approach that worked FOR THAT CONTEXT. I saw this same approach attempted in a different context and it did not work at all. Without the strict change processes in place and the experienced developers building software with automation in mind, the testers were struggling to meet their 80% automation target. More time was spent fixing automation than looking for bugs. Bugs were missed, deadlines were missed – bad news all around.

So GUI-level automation built on a large scale can work. I’ve seen it work. It can also fail horribly. It’s just a tool. Understanding what it is and how it works will help you to know if it’s able to help you any way.

So should I use it or not?

Here’s my advice to anyone wanting to get started with a bit of automation:

1. Find someone who already knows about it and consult them. There is a massive learning curve involved with this kind of automation. Sure you can learn all about how to use the tools just from books and online information, but the trickiest part of using automation is knowing what the best approach is for the context of your project. That sort of knowledge is best gained through experience. If nobody on your team has that experience, it’s very costly to just try to implement one approach, and then use trial and error until you find the best one. It can cost you heaps of money in tools and training, and heaps more time in trying to get the damn things to work.

2. Know what you’re getting yourself into. If you do attempt to build GUI-level automation on a large scale, you are basically building another software application to test your software application. As testers, we already know how hard it is to build quality software. So it’s a big job, and it needs a lot of work, and some developer-level coding skills.

3. If you can’t go big, then think small. The biggest time waster with GUI-level automation is the maintenance. So have a think about if you can use GUI-level automation tools to your advantage without the maintenance cost. If you can train your team to easily script use-once automated tests that might speed up repetitive tasks, then maybe that’s worth looking into. Maybe you can use it to simulate constant user activity, or to generate and input large amounts of data. Maybe you can just automate a small suite, like a smoke test, which wouldn’t require much maintenance.

4. Don’t get suckered into using expensive tools. I’ve used expensive automation tools and free automation tools and quite honestly, the quality was about the same. Don’t get stuck in a situation where you’ve paid so much for something that you can’t justify abandoning it if it turns out to be a bad idea.

5. Remember, it’s just software, and software is buggy. We know this – we’re testers! So don’t rely solely on automated tests to tell you if your application under test is working fine. Use the automated tests results as a bug trap, but remember to check the trap in case it has a big hole in it. Use it as an aid, but never a substitute, for manual testing.

For anyone wishing to know more about automated testing, I just discovered The Automated Testing Institute, which seems to have a fair bit of useful information on the topic. Probably not a bad place to start. But definitely find someone to consult!

read more

Automation warning

Filed Under: Automation, Random musings by Trish Khoo
Jun.14, 2010

A good sign to stick on your automated test suites (thanks BoingBoing)

read more

Security testing and a cheesy weekend testing session

Filed Under: News, Security testing by Trish Khoo
Jun.14, 2010

Yesterday I did my first weekend testing session. Weekend testing is an event where a group of testers hop onto Skype on the weekend to do some testing-related activity and talk about it. Collaborative learning! Very geeky, very fun.

I really have to give a big thanks to Marlena Compton for organising weekend testing for Australia and New Zealand (WTANZ), otherwise I would have been testing in the middle of the night instead of at the leisurely time of 4.30pm EST.

We had a small group of about 5 testers, and our mission for the afternoon was Jarlsberg. This brought a smile to my face – Jarlsberg is a tutorial on web security created by Google, and I’ve had it on my to-do list for quite some time now.

I had done a bit of security testing before, because in late August last year, not long after I had joined Campaign Monitor, we had a security breach by a hacker looking to use our network to deliver large amounts of spam. That was a very memorable week. We of course upgraded our security very significantly, and organised regular professional security audits, but it really drove me to improve my own security testing skills and try to work security testing into our regular test cycles.

So anyway, back to the weekend testing. We started going through the exercises at our own pace, but I think most of us just managed to get through the Cross-site Scripting (XSS) section. Cross-site scripting was a great thing to learn more about. One thing I found interesting was that if I started with a black box approach, I could notice interesting behaviours in the application (like accepting certain script tags), then when I looked at the application code it showed me why the system was behaving that way and I could extrapolate more attacks from there. I doubt I would have had as much success if I had looked at the code before trying a few things “blind” first, as it would have guided my thinking towards what the programmer DID do, rather than what they DIDN’T do.

I was glad to pick up a few more tricks, but one thing that always proves a problem for me with XSS vulnerability bugs is the bug advocacy side. Examples for methods of exposing these vulnerabilities generally give you a script that will create an alert box on the screen – if you see the alert box, then you know that scripts can be executed on this page. But try taking that to a developer to fix – “So? You made an alert box appear in your own account. It’s not hurting anybody but yourself.” The reason that the more evil scripts aren’t widely available is because basically it’s illegal to use them. So the challenge is trying to convince them that even though all they can see is alert boxes, that is because I am a nice security tester, and not an evil mastermind hacker, so I don’t know what nasty hacker tricks the hacker will use but if he sees alert boxes jumping around he’s probably going to think it’s his birthday and go nuts on it. Marlena recommended using Cornify, as a more sparkly rainbowy way to attract attention to the vulnerability, which is something I want to try.

Another thing I found interesting was that the choice of web browser made a big difference. Some browsers block certain XSS attacks by default. I was using Chrome, and in some of the exercises I couldn’t get the attacks to happen. It said in the tutorial that Chrome and Internet Explorer blocked against some attacks, so maybe Firefox or Safari would have been better for this kind of testing.

We all had a good talk about the session, and came away with some good ideas. I want to continue through the Jarlsberg tutorial sometime.

The next WTANZ session is on July 7. Marlena has some information on how to sign up here. Hope to see some new Skypers there next time!

read more

Why aren’t there more women in IT?

Filed Under: Random musings by Trish Khoo
Jun.09, 2010

Some kind of gender diversity in testing debate started on Twitter on the weekend, and it seems to have become a series of blog posts, like this one. I found most of the discussion to be pretty confusing. It seems like everyone is keen to get more women in the IT field, so why aren’t there more? There seems to be this idea that women feel somehow repelled by all the men already in the industry, whether it be due to intimidation, exclusion, or something like that.

So I thought I’d ask around for some answers.

First, I went to my favourite IRC chatroom with some of my favourite geeks, who are all male. I asked them if they thought there weren’t enough women in the industry, or if there were too many, or if it was just right.

“Not enough. It’s a total sausage fest in here”

Okay that made me laugh, and I told my husband who is a software architect, and he said “well he’s got a point, it IS a total sausage fest in here.”

So followed a lengthy conversation where several male programmers conveyed the following points:

  • One guy said he saw women as equally capable of doing jobs in IT and he was confused about why there aren’t more women
  • One guy lamented that having less women in IT made his career choice look less studly, because there aren’t as many women around
  • One guy theorised that most women just don’t like programming, and that there’s no problem with that, it’s better if people do what they want to do

The last point made a lot of sense to me. I like programming and other geeky stuff, but most women I know aren’t very into it – even many the ones who work in an IT job and have a computer science degree. I talked with a woman programmer that I know, and she said the same thing – most women just don’t like this kind of work. And it’s not easy to do technical work if you don’t have an interest in it.

I don’t think women are being discouraged from being in IT, at least in Australia. And I’ve met heaps of women testers. In some places they’ve outnumbered the male testers. So maybe this women in IT issue is not as much of an issue on these shores?

read more

Using GUI automation as a blink test

Filed Under: Automation, Manual testing by Trish Khoo
May.27, 2010

I just spent the last 3 days doing the Rapid Software Testing Course run by James Bach. It was an excellent and fun course and I learned heaps from it – highly recommended for anyone interested in testing. One of the things James taught was a “blink test” – basically a test where you run a heap of data in front of you very fast to look for patterns or problems.

So I was thinking today about uses for GUI automation and how GUI automation often blindly flies by obvious bugs, and how I’ve often found bugs while watching automated smoke tests run. If you run a huge suite of test cases overnight it’s not worth watching the whole suite run because that would take hours. But hey, what if we just grab the automated tests that run in the area that we’re interested in and watch them while they run? Not only would it offer us an inexpensive way to spot interesting things, but it serves the dual purpose of being a soft audit for the automated tests, to make sure that they’re still doing their jobs properly.

Does anybody already do this? An automation blink test?

read more
Powered by WordPress. Theme: Motion by 85ideas.