Testing & Software Blog

The occasional thoughts of a freelance software tester, drawn from experience across the software development life-cycle.

Healthcare.gov and Death Marches

Posted on October 27, 2013 by Tim Hall

Healthcare.govThe problems with the American Healthcare.gov website is making the whole thing look like one of the highest profile software project management failures in history. As a contractor working for a UK software house supplying IT solutions for the public sector, it’s impossible not to take a professional interest in what went wrong, and what lessons should can be learned.

When it went live, Ben Simo was live-tweeting his experiences trying to set up an account, and highlighted some severe security issues with the website, and Bob Martin blogged about some of the problems. It’s clear that the system went live with wholly inadequate testing.

And then it occurred to me. The programmer did not write the questions! Some bureaucrat wrote the questions. The programmer never talked to that bureaucrat. The programmer never read the questions that the bureaucrat wrote. The programmer was simply told to display a set of questions from a database table, and to store the responses in the user’s account. The programmer had no idea that this particular question was asking for a date! So the programmer was not trying to match a date! The programmer was just accepting any string.

Well, not any string. After all, I had been typing strings for the last ten minutes. No, someone had told the programmer (or the programmer simply decided on his own) that certain characters would not be appropriate in the answers to the questions. One of those inappropriate characters was probably: "/". I think numbers must also have been considered to be inappropriate since I had tried: 17 July, 1973. Or perhaps it was the comma. Who knows? Who cares? (Apparently not the bureaucrat, the programmers, or the people who tested this system.)

I don’t think it’s fair to blame this solely on the testers failing to do their job properly. It sounds more like the time given to test the project thoroughly got severely truncated as the development overran, a scenario I’ve seen play out time and time again.

I’m sure we’ll be hearing inside stories detailing precisely what went wrong in the coming weeks and months. The whole thing sounds like a perfect storm of failure, in particular a fixed end date dictated by politics and legislation, with those same politics delaying the finalisation of requirements. Not to mention trying to save the failing project by throwing more warm bodies at the problem, despite the fact we’ve all known for thirty years that such an approach just doesn’t work. In other words, a classic software death march, a problem endemic in the IT industry.

This paragraph from the linked piece jumped out at me.

But when politics becomes the dominant “driving force” in a large, complex project, the project is likely to degenerate into a death march. Remember my definition of a death march project: It’s one where the schedule, budget, staff, or resources are 50–100 percent less than what they should be. Why are these constraints being placed on the project? There are many possible explanations, as we’ll see in the discussion below; but in many cases, the answer is simply, “Politics.” It may be a power struggle between two ambitious vice presidents in your organization, or the project may have been set up to fail as a form of revenge upon some manager who stepped on the wrong toes at the wrong time. The possibilities are endless.

I’ve worked on failed projects like that…

Posted in Testing & Software | Tagged , , | Comments Off

Bug Under The Track

Posted on September 3, 2013 by Tim Hall

There are a lot of lessons about bug reporting you can take from this BBC News story about a train suspended on washed-out track for 12 minutes

For a start, can you read the story and form a clear story of precisely what actually happened? No, neither could I.

Whatever did happen, the fact that nobody was injured and there was no apparent damage to the train meant that a potentially very serious incident was never properly reported or investaged at the time.

The responsible manager in Translink’s Safety department said he was not aware that the front of the train had run over the unsupported track and did not think the incident required a formal investigation.

It had happened just before key staff had gone on holiday and there was `”insufficient senior management oversight” of the events. Delays meant evidence was not properly collected and the train’s black box data recorder was overwritten before the information on it could be downloaded.

Although i have to say this line also raises eyebrows:

The previous year the Rivers Agency had also hosted a workshop on the flood map for owners of infrastructure to help them understand the risk to their assets. Northern Ireland Railways were invited but did not attend “because the invitation, sent by email, ended up in a spam folder”.

I’m resigned to the fact that mainstream news reporters lack domain knowledge when it comes to the railway industry, but the whole thing is, as Ben Simo said on Twitter, it’s “Bad reporting on bad reporting exampled. There are some bug reporting lessons in here somewhere”

Indeed.

Posted in Testing & Software | 1 Comment

“There was an infestation of tribbles in Apocalypstick Avenue. We sent Donald Rumsfeld to deal with them, but he couldn’t get in because of the shoggoth”. Who said software testing was boring? And yes, that was an actual, real test scenario.

Posted on August 29, 2013 by Tim Hall | Comments Off

If the best software engineers working for my ISP cannot prevent my email inbox from overflowing with “male enhancement” spam, what do you think are the chances of David Cameron’s porn filters working the way we’ve all been told they will work?

Posted on August 23, 2013 by Tim Hall | 1 Comment

This week’s DRM horror story. A reminded, if you “buy” anything that’s infected with Digital Rights Management, you don’t actually own anything. All you did was pay money to someone who has the power to take away what you thought you’ve bought at any time, without warning, for any reason at all.

Posted on August 17, 2013 by Tim Hall | Comments Off

You know you’re an IT nerd if you use the phrase “Object reference is not set to an instance of this object” to mean “I have no idea what you’re talking about”.

Posted on July 15, 2013 by Tim Hall | 2 Comments

Is This A Bug?

Posted on July 1, 2013 by Tim Hall

Photo & Video Sharing by SmugMug

This is an actual screenshot from a well-known hotel booking site. Do you think this is a bug? And if so, why?

Posted in Testing & Software | 8 Comments

Is friendship ruining your testing career?

Posted on June 17, 2013 by Tim Hall

Good blog post from Joel Montvelisky: Is friendship ruining your testing career.

Our main task as testers is to criticize the work of our peers and to provide visibility into the status of our projects.

Criticising in itself is not a bad thing!

The definition of the word is actually “to consider the merits and demerits of (something) and judge accordingly“. For example think about the movie critic who writes a positive review of a movie, or the food critic who recommends a restaurant to his readers.

I’ve previously drawn parallels between my day job as a tester and my evening and weekend activity as a music critic, and so this post counts double for me. I’ve always thought that if you have an adversarial relationship between developers and testers then you’ve doing it wrong, which is one of the points Joel Montvelisky makes.

Not that software testing and music criticism is exactly the same. Most of my testing is on software that’s yet to be released to the customer, whereas records and live performances have already happened. But there’s always the next gig and the next record to consider. I won’t forget the band who thanked me for telling them they needed to change their lineup in a hurry.

Occasional talk of “rock star developers” makes me laugh. Whoever uses the term has never dealt with real rock stars. Though I ought to say that the vast majority of them are lovely.

Posted in Testing & Software | 2 Comments

The Colonel

Posted on May 30, 2013 by Tim Hall

The Daily WTF is always an amusing site for anyone involved in software development. Many of the stories are grisly coding horrors, but since I haven’t been a developer for many years, I find the best stories are the tales of project management trainwrecks. A reminder than no matter how bad the worst project you ever worked on, someone, somewhere has had it far worse.

This one, featuring “The Colonel” is a classic tale of how putting someone with no knowledge or understanding of how software is created can go horribly, horribly wrong.

The project started out on the wrong foot, with something that happens all-too-often with statups.

As for their problem: The Colonel and his sales team told prospects that the prototype was their core product, and managed to sell a handful of licenses for it … To ensure that programmers were focused on programming, The Colonel cut out a lot of the unnecessary parts of the software development process like system design and testing.

As the whole thing goes pear-shaped it shows the failure mode of authoritarian command-and-control management.

To no one’s surprise, the crackdown didn’t quite help morale or increase business in the least. It did lower expenses quite a bit; by the time this next email was sent out, twelve of the staff had resigned:

While The Colonel sounds like a textbook case of an ex-military type unable to cope with the civilian world, I can’t help feeling he would have been equally disastrous leading troops on the battlefield.

Posted in Testing & Software | Tagged , | 1 Comment

Assigning Priority to Bugs

Posted on May 22, 2013 by Tim Hall

A post about assigning priorities to bugs.

My current client uses an internal defect logging system rather than a proprietary tool. It doesn’t have separate “severity” and “priority” fields, instead we have two fields called “Priority” and “Internal Priority”. In practice testers no longer use the former at all, since all priorities bar the default are now reserved for issues raised by customers via the help desk. So testers use the latter as “our” priority to identify those bugs that need fixing urgently. It’s a numeric field which allows priorities from 1 to 999, although we don’t use anything like the full range.

Without getting into jargon-laden moon-language or buzzword-parody words like “Seriosity”, I’ve used the following two factors in assigning values to this when logging defects found during testing.

First take the importance of the feature in question, on a scale of one to three.

1 – Critical feature on the end-to-end life-cycle of the object under test
2 – Important but non-critical feature
3 – Minor or little-used feature

Note that I’m using “Feature” rather than “Function” here, and the definition of a feature is a level of granularity below the module it’s logged against. For example, a search module blowing up when you press “Go” would be a 1, but an advanced search criteria on the third tab not returning the correct rows might be a 2 or a 3.

Second, take the impact of the bug on the feature in question:

1 – Feature unusable with no workaround
2 – Workaround exists but significant inconvenience to the user
3 – More irritation than inconvenience

Then multiply the two figures together, and you get a figure from 1 to 9 (The numerically-literate among you will notice that you’ll never get 5,7 or 8), and assign that as the Internal Priority. So a critical feature that just doesn’t work at all will be Internal Priority 1, an inconvenience with a workaround on an important function will be 4, and so on.

It’s a bit quick-and-dirty. I know. But it works well enough, and is a little less subjective than “Think of a number between one and six”, and the product owner always has the option of raising or lowering it later.

What rules of thumb to you use for assigning priorities, severities, seriosities or whatever? Are testers even responsible for assigning priorities at the time of logging, or is the deferred to the product owner or a bug triage meeting?

Posted in Testing & Software | Tagged , | 9 Comments