New Podcast – QR

I am not a fan of podcasts because I struggle to focus all my attention to only one sense. But today I saw the info about new podcast made by Keith Klain and got curious. I opened the link and my first reaction was – are you KIDDING me? Over 1 hour!!! Who can concentrate to listen to something for so long? But I wanted to hear a lot what they talked about testers mental health, so I clicked the play button.

I listened to it all in one piece and was blown away how open Trish and Keith tell stories about their professional life and personal struggles. I wish I could listen to them 9 years ago when I started to work in testing and felt not enough.

I was so hooked that I continued and listened to the other QR podcast with Damian. He sold me his workshop 🙂 and surprised by diving deep for meaning and analysing failures. I thought I am good at this, but he takes it in a new level.

Trish and Damian both are consultants and both has beautiful and informative websites.

Now I have just one question: Keith, when comes the next?

Dictum – Factum

I am the doer. I see a problem/aim/thing I want and I go for it. If I have obstacles, I will put my mind around it, I will make compromise, but I will get a results.

I have put my finger on several key processes along my employee career and for a looong time I thought that I do not need to label my ideas and/or results as mine. Mainly because I believe in following two things:

  • an idea is more important as human who brought it to the life. If my idea/work lives and developes without me, than that was really necessary for the world and not just for my ego.
  • everyone who works together with me, knows what I am capable of and which parts of work was delivered by me.

Mostly it worked well. Everyone in the company knew QA=Kristine, even if I was not part of the project. If people needed help with testing or quality related issue, they were looking for me and I helpe as best as I could. I am also very good in puzzles – from small information bits I like to create big picture – that comes handy if you work on big projects or big companies where people do not know each other. Than one day I organised feedback workshop with my old team. We had small, but cool team and I thought it could be perfect to exercise on self-introduction and feedback giving the same time.

Nice and easy, right? To my surprise I got one negative (and 4 positive) feedback about my introduction! I was so surprised. I shaped my introduction to people with whom I work together, I was assuming that they all know who I am, what are my topics and how I am working. In this case I could excuse myself with the fact that the person, who gave that negative feedback, was working remotely. But frankly it shocked me that even people on my team can misunderstand me so greatly.

I started to rethink it all and to pay attention what is my message, what do I say. Besides other things, I noticed that in most of the cases I use “we”. One example – since almost two years I organise TestParadies – a meet-up for testers and QAs. Alone. I have no team, no sponsors, all the fees I am paying from my own pocket. Year ago I was lucky to get Petra on team to write retrospective blog posts about the meet-ups, but generally I do the whole thing alone – looking for speakers, looking for locations, maintaining platforms, writing emails, moderate discussions, deciding on topics. And still when I talk about TestParadies I say “we did…”, ” we plan…” no matter that there is no “we”. An outsider could think that I am ashamed of running a meet-up! Why I do not take the credit for my work?

Why and How Testers Should Act Like Marketeers” was talk by Rosie Sherry on European Testing Conference 2017. I was not lucky to attend it, but found her slides on slideshare. Many good ideas there! Marketing and selling testing seems not to be those things testers are familiar with. Currently I am trying to shape my blog as my portfolio and I struggle on first page – how to design it that the message is clear? I decided to visit blogs/websites of test people who do consulting to collect some of ideas. Almost everyone I checked had a personal bio, but I was very surprised to found just a few business oriented introductions. 

Some time ago I was working together with a developer on contract. He was working 3 days/week on the project and 2 days/week managing his company. At the beginning I thought that it is only an excuse, he is working on some other project and does not want to admit it. Now I see it from different angle and believe that being great developer or tester is not enough. I expand that old Latin saying to:

Dictum – Factum – Signum – Explicatum

Testing Personas

James wrote a nice post about test data and inspired me to write my approach to this topic.

In Germany “Max (Maximillian) Mustermann” is a tipical placeholder for a name. You can find examples of passports, bank cards, driving licences, CV and many other with this name.

Fun fact – person with name Max Mustermann really exists.

When I see tests from developers, it usually consist of: test test, teststraße 1, Teststadt 12345. Nothing wrong with that, but I cannot work like this,  after 2 weeks I will not be able to remember what did I test with this test user. So I came up with test personas, inspired from my family and colleagues. Here few of them mostly for bondary, layout and data mapping testing.

Names

Anna Jautrīte Broņislava Pilz

My 90 years old greataunt is German, but born in Latvia in times when it was typical to give three given names for a child. Since WWII she lives in Germany and uses only her first name on daily basis. I was next to her as her hand bag was stolen in Berlin during our round trip. I guided her to the police office and experienced the situation with her full name. Police officers had trouble to squeeze it into the form. The field was simply too small for it.

María Dolores Martínez Ruiz and Juan Pablo Fernández de Calderón García-Iglesias

Several years ago I worked in a small company, whos 50 employees spoke 14 different native languages and none of them was English. We worked on products which main functionaly was based on data mapping. One of my colleagues came from Columbia and had trouble with his name. The system mixed up his last name with one of his given names. Here some information about traditional spanish names.

Calligenia Ioánnou Papadopoúlou

If I want to test bondaries, but not overact, than I use Greek names, which typicaly are long.

Jörg-Christian Müller

Given name with hypen. One of my developers had a name with hypen and in one of his tests he uses his own name and found a bug. Since then name with hypen is on my list.

Addresses

Similar to names I use long, hypened and typical street names. In case I test something for abroad and not sure about address layout there, I search for restaurants in the specific country and use their addresses as a test address.

If I test something for ecommerce, especially for B2B customers, than I check if they have defined areas for sale representatives and use edge cases on daily bases. People tend to forget about special implementations – my test personas saved developer time already several times.

E-Mail Addresses

As I started my test career one of project colleagues showed me www.mailinator.com – free tool with free access inbox. “Isn’t it great?!Everyone uses it.” he added. I was not so big fan of it, I saw security issues everywhere. If you test an emails, than there is some information in it. For example, link to your test system. Are you sure you want it to be exposed?

Instead of that I have variety of registered email addresses, but I also use following two workarounds.

GMail Address with a dots

For example, if you have gmail address: gracehooper@gmail.com than you also can use: grace.hooper@gmail.com, gr.ace.hooper@gmail.com or grace.h.o.o.p.e.r@gmail.com – because GMail simply ignores dots.

Plus sign “+” in every e-mail address you have

For example, my email address is kristine@test.org. In this case I can use kristine+anna@test.org and kristine+calligenia@test.org to seperate my test cases by test persona.

Digital Information Units

I start new series of digital information units collection. Pieces I read and found interesting, moving or/and useful for my daily work.

  • Hackers Tactics, Techniques, and Procedures shows some very smart moves. My favourite staging cookies!
  • Blog about “not attacking people with a different understanding of terminology than you”. I like the list of misnomers as a reference that it is OK to be not correct and yes – people should not be attacked, but the same time I disagree with David.
  • Great article about developers bug diary. Do your developers write a bug diary?
  • did you test your back-ups? I remember a conversation with my sysadmin several years ago. update of our issue tracker went wrong and we found out that we do not have a backup. I partly saved the day because I never delete my emails. I offered my help to test the backup after it is set up, but the guy promised that he has it now. Week later system went down again and there were no backups again…
  • tips to organise information – simple but illustrative oracle
  • bringing value or standing in a way? We Latvians have the saying: the way to the hell is made of good intentions.
  • do you want to fail as a consultant? Here is a guideline how.

 

Independence Day

This day – 4.May – is very special day for all Latvians. The Declaration “On the Restoration of Independence of the Republic of Latvia”[1] (Latvian: Deklarācija Par Latvijas Republikas neatkarības atjaunošanu) was adopted on 4 May 1990. The Declaration stated that, although Latvia had de facto lost its independence in 1940, when it was annexed by the Soviet Union, the country had de jure remained a sovereign country as the annexation had been unconstitutional and against the will of the people of Latvia.

This year I really cannot celebrate this important event with my people, because my mind is occupied by something else. Today is also kind of my own independence day. After a long process of consideration, I finally dear to quit comfort of employee and start my way as entrepreneur. After full two years, I leave diva-e. Thank you all for time you shared with me! It was my pleasure to get to know you and your stories. Some of you I will keep seeing in software related MeetUps, dragon boat trainings or on a bike path. Especially hard was to say goodbye to my team, I will miss them a lot! But my way takes turn now. I am over excited and anxious the same time, but one thing I know for sure – in following few years I will learn a LOT!

Find Courage – A #TestBash Story

tb_utrecht

On January I was on a trip to the Netherlands. I had an honour to support Rosie and Huib – people, who made another incredible Test Bash event.

I had much, much fun to run registration both days. I love to see new faces, to see the expectations in their eyes, I love to be the first one who meets, greets and guides them into TestBash world. I am kind of staying in the gates to the new knowledge and encouraging people to come forward. I met a lot of new people, had very interesting discussions and good laugh. But let’s start from the beginning.

Meet-Ups

In good old TestBash tradition there were a pre-TB event and pre-pre-TB event, a game night!

If you do not know what is TestBash meetup, then imagine crazy loud tester gatherings in some local bar, where over a drink you have a chance to have a word with a speaker or another cool testing personality. Sooner or later you will realise that all TestBash talks are keynotes and all testers who attend TestBashes are really cool testing personalities. Even yourself! Another very cool thing about TestBash meet-up is, that if you are in the area and can not make to attend the conference, you still have a chance to meet the test people.

Workshop day

Huib picked some very good workshops for the first TestBash Utrecht conference. I heard only good or excellent references.

After registration was done (and it took some time…) I participate in the afternoon workshop about exploratory testing by Jean-Paul. As a person, I am quite impulsive, but since I live in Germany and work as a tester, I work really hard to make me more organised to not to fall out too much. That is why I was expecting to get some practical tools how to do my exploratory testing. And I got them. Thank you, Jean-Paul!

Besides that, Jean-Paul gave me permission to think. This was so unusual, I am too much used to deliver, that I forget how it is to take a time and think. Explore slowly, for example, the room where you are sitting. In fact, everything in the workshop was a little bit like Zen. We tested applications, wrote test cases, documented our findings and let them go. No one wanted to know what exactly we found, what we thought. Very confusing and in the same time healing, because the process was the thing, not the result. Inspired by all that, in February I run my very first exploratory testing mini workshop.

img_20170126_180336

The day ended up with setting registration area and desks with swag. We learned from mistakes and rearranged place that people move faster to the rooms and do not stay in cold. It worked out good and in the next day there was no jam.

The conference day

My day started after 5 am. Very first thing was to move the car. Then I headed to the old church – TestBash Utrecht location. Punctuality is not my thing, that is why for important stuff I work hard to break my habits. As the result I was the very first one, the church was locked, no lights to see, freezing cold. Ha ha, next time I will take it easier on myself.

The conference started with Alans talk about misuse and fun, which unfortunately I did not hear it in Utrecht because people were coming in late for registration. Luckily my boss got for us Dojo access, talks are now uploaded and available for watching. Jipī!

The second highlight of the conference for me was Gitte talk about courage to be yourself. I met Gitte shortly during ATD and she heard pieces of my trust talk, we share similar values and some of experiences as well. I was thrilled to hear her talk. I can imagine that some felt uncomfortable and some could think that it is not a proper talk in tech conference. But it is proper and it is important! It is the blessing that we have people among us, who dare to remind us – we are humans, we are different and it is OK.

All other speakers were amazing too, but I will highlight only one more – Mary. Her talk about “Just enough security” had huge amount of information and I will rewatch it on Dojo to make some notes. Mary, you gave me the push to participate in #30daysofsecuritytesting. Thank you!

I like to talk to speakers after their presentations and take photos of them. The atmosphere of sharing is amazing!

I also like to take group photo of all lady speakers to show role models and inspire more women submit their stories, but in Utrecht they were too many to organise in one photo. Good job, Huib!

99 sec talks

Another tradition of TestBash is 99sec talks. Never participate? You should! That was first stage experience for several presenters, me including. The idea is to give a 99 seconds long (short) talk about testing related subject. As I first stand on the TestBash Brighton stage, I was surprised that the lights are not so bright as they seem to be and I could see all attendees. Before that, in my imagination, I thought it will be like a crowd of wolfs starring on me from the darkness. But instead of that I saw bunch of friendly faces, some carefully listening, other checking or typing something in their digital devices.

Utrecht

Usually, I do not have a lot of time to see a place where a conference is happening. This time I came by car and had no time pressure for leaving.

At the end…

In few days TestBash Brighton will start. If you are going – I wish you joyful learning journey! If you just got to know about TestBashes – I guess there are still some tickets left – invest in your future, you can afford it yourself, if your boss does not see value in sending you to the conference. I fund most of my activities myself and look where it brought me!

#30daysofsecuritytesting – February

February is over, but my 30 days of security testing challenge is not done yet. I have done only 11 of 30 so far: I, II, IV, V, VII, IX, X, XII, XVIII, XX, XXX, and I am not thinking to give up. This has been amazing learning journey! I always wanted to learn more about web security but never had real reason or time to do it. Challenge helped me to realise it is not so difficult as I thought it would be. Those 30 tasks are like a map with turning points and there is so much information if you know what you are looking for.

One of my information sources is YouTube – you will be very surprised to find out how many conferences upload the talks on YouTube. Like this talk from Troy Hunt.

In his talk Troy shows several examples with insecure passwords. It is something what I could definitely use for testing.

Thank you: Melissa Eaden, Claire Reckless and Dan Billing for putting this challenge together. I am very intrigued how it will go on.

#30daysofsecuritytesting – Task XX

All previous posts in this series: I, II, IV, V, VII, IX, X, XII, XVIII, XXX

Task 20: Read about DOS/DDOS attacks. Share examples/stories via social media.

screen-shot-2017-02-28-at-17-19-30

I started the task by looking the definition of DOS/DDOS attacks, to be sure that we are on the same page, one of the first results in DuckDuckGo was this interesting website. Emergency readiness team, cool! DOS/DDOS attack they classify as security tip.
Security header check: D

If there is US CERT team, there should be EU CERT team, right?
screen-shot-2017-02-28-at-17-57-10
Yes! only Europeans call it Computer Emergency Response Team. The website is a collection of articles and I definitely weekly will check top stories, hall of fame or latest info from security vendors.
Security header check: F

Continue my research in German websites. Again very interesting first DuckDuckGo result. Cyber-Sicherheitsrat Deutschland in English “Cyber-Security Council Germany”. Cool name, but there is something strange. Founded by a “group of reputable individuals” and “the cost of an annual subscription is 2,500 Euros. There is also a one-off admission fee of 1,000 Euros”. What kind of security group is it? And is it only me or that home photo I have seen somewhere else?
Security header check: F.

The real institution in Germany is Bundesministerium des Innern (BMI)

screen-shot-2017-02-28-at-21-11-22
Security header check: D

And Bundesamt für Sicherheit in der Informationstechnik, which has listed “common sense” as one of the suggestions for internet security.

screen-shot-2017-02-28-at-21-53-06
Security header check: C

OK. It is very interesting but what was the subject? DOS/DDOS attacks.

You will find information about latest DOS attacks on EU page above, but I liked the story about possiblly first DOS attack. Especially interesting are the comments.