GDPR Awareness

We got 2 years to adapt to GDPR (General Data Protection Regulation), the new EU Privacy law. But most of us are excellent in procrastination and sometimes it is easier simply to panic.

In my understanding GDPR is about personal data, operations with it and consent of data owner. I have very simple wordpress blog/website. I do not collect any information about my readers, I never force somebody to read my blog post or any other pages of my website, I have no special plugins or cookies to track you, I do not send any emails. So why should I bother about GDPR?

If I do not collect any personal data, am I sure that the platform I use for my blog (WordPress) does not do it as well? To answer that question, I checked first what GDPR understands with “personal data”. Answer is simple – anything what helps you to identify physical person. Some examples: name, postal address, bank account, email address, IP address.

Yes, you can identify somebody by his email address and IP address, and both are pretty necessary to do anything on internet.

WordPress is no exception – it collects personal data of users – readers and spammers. Here you can see site stats and link in admin panel to akismet stats – both default features which I cannot deactivate. If you want to leave a comment than 1) you have to log in and 2) your IP will be saved, which is another default feature, which I cannot deactivate.

Second bunch or potential danger are all kind of embedded social networks – g+, FB, twitter … you name it. They are present in our digital lives, but I have no idea what exactly they do.

What i did?

  1. reduce the waste! I removed everything what I do not find necessary. e.g. I have no liking or sharing options anymore, because I do not use it myself and I do not know what the third parties do with my readers data.
  2. started to rework privacy policy page and consider to look for another blogging platform
  3. WordPress created webpage for all GDPR related issues. I expected to find there answers to all my questions, but unfortunately it did not happen. One of the issues (please notice that this is less then 24h before regulation takes effect):
>> How do I opt out of being tracked when I use Automattic’s services?

We’ll offer an opt-out from our first party analytics tool for WordPress.com users. We are still working to finalize this process for our products. We will update the information here, and in our documentation, with more details about how these processes work once they are ready.

 

what should you do?

  1. first of all you should know that I do not collect any data on you
  2. if you do not want to be identified –
    • do not spam (in this case WP saves your IP address to protect my website)
    • do not leave a comment on my website (in this case you have to log in on the platform) — UPDATE: until WP updates the platform, I am closing commenting feature.
    • do not follow my blog (login on WP)
  3. if you want to contact me – do it via email: kris [at] corbus dot digital  or twitter

Some links, I found useful

Definitions what GDPR understands with personal data, operations with it and consent of data owner

GDPR compliance checklist

DSGVO Selbsthilfegruppe on FB (German)

Privacy policy of others (German)

Privacy policy generator (German)

 

 

Don’t Patronize Me

Some time ago I talked with a testing friend and he said: “I have never seen you test nor have we talked much about testing”. And suddenly it hit me, I am afraid to talk about testing. I am afraid to be patronised. There is always somebody who knows better. I remember the time 10 years ago – I wrote a question in some forum how to test something better. Very first response explained me that I asked the question wrong. Since that time unaware I have followed unwritten rule:

  • do not ask questions
  • do not give statements
  • never claim that I know something
  • answer the questions

Why? Because I was afraid to be judged.

First step was to realise – I can hide as hard as I want, I am judged anyway. Second step was to accept it, but without impact on my self-awareness. It took me some time and energy to change it. I have confidence now to deal with somebodies opinion about my abilities or knowledge.

 

 

Words Has Meanings – QA

Words matter. Words are the way we transfer ideas from person to person. Shared words do not guarantee shared understanding. I understand 4 languages and I try to understand 4 cultures. Time to time I experience situations where I cannot express myself in none of the languages and my motives are misunderstood in all the cultures. At the moment I try to help my son with his Latin studies, it means I am kind of studying it as well. And it is quite fun because grammar is very similar to Latvian, but words to English and/or Italian.

You may wonder why I am writing about languages and what it has to do with quality assurance (QA)? You see, I really like quality assurance in software. I am very into processes, responsibility about the software and improving quality of an end product. If I would need to name one thing what I am good at, it would be seeing links/ matches/ connections. When I see a bug in the software, I see that it comes from a bug in the process. You can fix the bug in the software, then write and maintain 10 regression checks to get information when it happens again, but for me, more sense is to fix the bug in the process which caused the bug in the software.

One illustrative example. Imagine bakery. Good recipe does not guarantee tasty cake. Bad recipe does not mean that a cake will not taste. Testing in all this is trying the cake – quality should be baked in, if it is not in there, for this particular cake you can not change (improve) the quality. QA in bakery would be observing processes, identifying bottlenecks, questioning actions in place, analysing end products, which does not meet quality standards, with an aim to find a source, talking to customers and then decide what to do – to improve a recipe, approach, method, marketing or selling strategy.

I really like to work efficiently and remove a cause instead of effects, so I applied for jobs with title “QA Manager”, “Head of QA” etc, but always at the end, thing, I was doing, was software testing. If you call a bread as a cake, it is still a bread, right? I wondered why companies and clients use “quality assurance” incorrectly. I broke it down and asked people what “quality” means to them and mostly got no answers. How you can assure something you cannot describe? So I came up with this idea that a) that they do not know about QA as a discipline; b) it is some kind of strategic game played by companies: let’s put “QA” in our job openings and use the word “quality” few times on our website, then our customers will think that we care about it!

Let me tell you this – you can add sugar coating and glitters to your cake, but everyone, who will eat it, will see that it is floppy.

#30DaysOfTesting – ECommerce Task II & IV

Previous in this series: Task I & III

Task 2: Read and share an interesting blog about ecommerce testing

Task 4: Find and share a useful video on youtube about ecommerce testing

One testing website I like and read since I started to test software is Software Testing Help. Vijay has done amazing job by collecting all kind of testing ideas and helping so many rookie testers. 8 Important Segments Of Testing eCommerce Websites is very good place where to start if you are starting to test retail software.

For advanced testing or as Daniel says at the end – to put a smile on your face – do some penetration testing.

#30DaysOfTesting – eCommerce Task I & III

Task 1: Look up some definitions for ‘ecommerce’, from these create and share your own definition

Task 3: Join the #ecommerce channel on https://testers.chat and introduce yourself!

e-commerce

For me e-commerce is a system where you can exchange all kind of goods and services. I used word “system” because there is more what the eye meets. In those digital transformation projects where I worked and e-commerce was a part of the project, companies were unprepared how big their e-commerce system can be.

#ecommerce channel

For those who use Slack : you will find Testers.chat under testersio.

I like that this time MinistryOfTesting involve other testing communities into challenge and created channel on testers.chat.

Each of us have some good tools in their toolbox. If we put those together we could help the domain to get better and lighten up entry for rookies.

What Is Quality Assurance?

Note: This article originally was published by trendig in English and Deutsch.

Are you in charge of software projects at your company and facing problems with your software? Do you want to improve the quality and have no idea where to start? Then this article will help you to start implementing QA processes!

qa

QA stands for Quality Assurance and is a very important subject in the complex world of software development. We observe our software and find that it has discrepancies with customer expectations. A discrepancy in software is called a bug. If we remove the bug from the software, it does not automatically mean that it now works flawlessly. A requirement is the term for customer expectations for a system and it could be that the bug hides there as well. Sounds difficult, right? That is why we need dedicated QA engineers!

Assurance

Let’s start with the assurance part in QA. Spoiler: Nobody in the industry can assure that your software is flawless. Every software application has at least one bug, the question is: Do we know what it is, where it is and do we want that others (end-users, competitors, hackers) find it? Now that we accept that, we can move on. How can we ensure that we know about all the relevant bugs in our software? We test the software! We can also test all kinds of documents, design and code. Testers have a comprehensive toolbox on how to collect information about the system in test.

After some time of testing you will notice that there is a pattern of some kind (testers are really good in discovering hidden patterns) on how bugs appear or reappear. When you discover that pattern, one thing you might want to do is to reduce the number of known bugs or bug types from your product in the future. We can divide this process into two steps:

The first step is to analyze bugs in a software with the aim of finding the source. Why and how did a defect find a way into the software? Possible questions to ask: Is our system architecture too complex? Bad (or no) technical documentation? Vague or contradictory requirements? Do our people have the necessary skills to design/implement/test the software?

Second step: To define a set of actions and procedures to avoid appearance of the same bugs in the future. A typical approach might be: define a set of guidelines and standards to prevent this type of failure in the future, improve the quality of requirements by creating a checklist of what good requirements should cover, or use a specific tool to help us.

To summarize, with the help of analytical techniques we collect information about the software, with the help of constructive software quality assurance methods we prevent reappearance of bugs from a known source.

Quality Assurance requires processes and structure in order to analyze and improve software quality.

quality

Now we need to talk about the quality part of QA. To better understand the topic let’s use the analogy of a chair. If we need new chairs for our dining room, we go to the store, see 20-30 different types of chairs and feel lost. How to find the right model? Which chair can we describe as having good quality? Different people mention different things. For me, it is important that the chairs fit with the rest of the interior decor, and that they are stable and easy to clean (because of my kids). For my son, it is important that he can swing on it without the fear of falling backwards. The best way to address these needs, is to create a list of requirements. Do we need armrests? Should they be stackable? What kind of material/style/colour?

We do the same with software. We create a list of requirements and measure the degree of compliance. The biggest problem is that software development is a very complex process and many customers lack an understanding of it. Customer requirements influence up to 50 % of project success. That is why we talk about quality attributes. One way to classify quality attributes and metrics is the standard ISO/IEC 25010:2011.

Like testing, quality aspects can be applied to all kind of sources: software, subsystems, documents, single requirements, design and code. When starting a project, consider which quality aspects you will cover and what you will use as measurement. Choose it wisely, because what you measure, you will improve.

To illustrate the idea of quality, I used an example of finding a set of chairs, but software is a very complex system, more like a house. Quite often in development teams we hear customers saying: “We do not have the final set of requirements, but you can start and implement what we have so far.” This is wrong for many reasons, but I will mention just two of them. Firstly, a requirement baseline is part of the contract between customer and service provider and should be synchronised with a SLA (service level agreement). Secondly, imagine building a house and, when your constructors are halfway done, you have the idea to put a swimming pool in the basement. Will it work? No. It is the same with software. If you cannot read the source code and see software architecture yourself, it does not mean that it does not exist. Your software has a structure and developing it requires you to follow certain rules.

Conclusion

Software development is a complex process which involves specialists from different domains. Quality Assurance is a discipline which shadows SD starting with the gathering of requirements and ending with testing rollback scenarios, with the aim of finding errors as soon as possible, analyze them and improve the process to reduce or eliminate those types of bugs.

Find and fix errors as soon as possible to keep costs as low as possible.

Why do we do all this? Because prevention and reduction of errors as early as possible cost less than the rework involved in fixing the bug. In this case we can talk about build-in quality. It is a smart business decision to invest in effective software quality assurance.

If you want to read more about QA processes, we suggest you blogs from Janet Gregory and Anne-Marie Charrett.

AM I A SEXIST?

some weak guy from google search

Recently many say and write words about “men in tech,” which led to some negative reaction on Twitter. I believe I owe my readers an explanation. Some of them already got confused and came to me with the question: “If you’re so much against slavery, where is this female sexism coming from?” Let me explain what’s going on. Indeed I am a big fan of freedom, but recent hysteria around gender equality is not helping us to become more free. Instead it is causing quite the opposite effect.When I was a kid my parents and my teachers told me that I had to be a lady. That literally meant that I had to treat men with respect and always remember that they were weaker than us women—physically and emotionally.I had to let them copy my math homework, I was not allowed to debate with them as I did with my female friends, I was punished for being smarter in front of them, and many other things. I did all this not only because of what I was taught, but also because I saw that they indeed were weaker. They were physically and emotionally different from us girls. They played wars, we played families. They wore grey and brown shorts and t-shirts, we wore whatever we wanted. They cried behind closed doors when someone was offending them and we showed emotions and got stronger. It was always obvious that we were the troublemakers, but also the protectors of common peace, who those weak creatures eventually one day would marry.

Now back to the main problem: men in tech. I’m a software tester myself. I wrote and debugged test automation code every day. I also managed testers, programmers and projects. My 20+ years of experience in software development tells me that this job is not fun most of the time. It’s hard, it requires a lot of logical thinking. It’s exhausting and constant war against men, who are too afraid to acknowledge that they failed, who are afraid to change and against  programmers who produce unmaintainable and unreadable code.

I don’t feel good about sending man, who cannot accept that he is not so smart, into this war. I also personally don’t like the idea of men being doctors, managers, teachers, master chefs, caregivers or male-nurse, even though it’s not up to me to decide what they do for a living. Those jobs are stressful and dangerous, both physically and emotionally. Not that I believe that men can’t take this stress, I just don’t want them to suffer. There are plenty of ladies who can do that instead.

Do I respect men who write code on a daily basis? Yes, a lot. Because I understand how much stress they have to go through. Would I recommend my husband to do the same. Defiantly not.

Am I a sexist? Maybe. But the real question is: what will you do about it?

post scriptum

If you wonder why did I wrote this article, that now it is time to say – I did not write it. I took an old blog post from somebody, switched “men” to “women” and “women” to “men” and did few adaptions to make the story smoother, with an aim to hold a mirror for you.

Why?

Because recently I got an offer to give a talk about me as a woman in IT and I cannot decide to accept it or not. Here some thoughts why:

  1. I am sick and tired to speak or listen about it. 20 years in business and nothing has been changed.
  2. I do not want to be labelled as women who has problems with men.
  3. I want to give talks about testing software or requirements, about digital transformation, software development, agile practices and my life as a trainer.
  4. If nobody will talk, nothing will change.

This blog post is another experiment. We will see where it goes. May be it will help me to decide to give or to refuse a girl-in-IT talk.

add on

After I published my post, I got to know that there is a tool for swapping genders on the websites: GenderSwapper!

Attracting Girls To Engineering

Statement “girls are not interested into engineering” is wrong.

Take me as an example. I had loving parents, but they had strong opinion what kind of toys are meant for girls. I beg them, but still never got a car or train to play with. Never understood why I cannot wear pretty dresses AND play with the trains?

Later at school we had craftsmanship lessons. Girls did cooking, knitting, crochet, weaving, boys could build something from wood and they took plumbing lessons. One thing I was interested in, but never were allowed to try. Because I was a girl.

At university one of my professors once told me: no way you wrote this code yourself!

It was so frustrating… I did not get chances to show what I am capable of OR every time I delivered something, my work got questioned just because I have no penis!

Based on my experience here are seven simple suggestions how you can attract girls to engineering:

  1. give chances to girls to try
  2. do not question results what they deliver. no comments that they could do better. they will do better after some time of practice
  3. invite not just one girl, but all her girlfriends. it is safer to fail, if your friends are around you
  4. find a role model. tell stories about women, who was the very first programmer, did very first debugging, wrote code to fly to the moon etc.
  5. listen when a girl talks
  6. make no suggestions if she does not ask for those. let her figure it out for herself
  7. if you see somebody doing opposite what I wrote in 1-6, call him/her out, tell that it is wrong. tell to the girl, that it is wrong

Gmail And Dots

This week I was on the phone with my insurer. It was Saturday and I had to say my name, my address, my birthday and my bank account to identify me as me. I asked insurer in future to contact me via e-mail because during workday I mostly cannot answer the phone, because I work as a trainer with full class of students.

  • she: please spell your email address
  • me: kristine dot <rest of my gmail address>
  • she: your phone number
  • me: we are on the phone right now, you know my phone number
  • she: sorry, I have to register this kind of information. this is for Saturday calls only.
  • me: ….. +49 <numbers>
  • she: do you have a dot in your email address? is there any capitals?
  • me: (i spelled it and you did not listen) it is gmail address, it does not matter. And email addresses are not case sensitive.
  • she: no, you are wrong, it matters!

I almost forgot about this conversation, but today got reminded by Netflix scam story. I wrote a year ago how handy it is that Gmail finally decided to ignore the dot and sell it as a feature. I was thinking as a tester, not as a user. But James is right, Google never informed me that I have infinite set of email addresses. If users does not know, and services, who collect my email address does not know it, then we are back to: it’s a bug not a feature! again.

As a tester I will keep using Gmail dot ignorance feature, but as a user I will pay more attention and write a mental note to myself about possible misuse.

 

 

Today I Learned

Last September I joined trending and became one of the ISTQB trainers. I have a whole story “why?” and I plan to share it one day, but today I want to talk a bit about learning.

How I see learning from the trainer side is pretty ugly – mostly students do not want to learn. It is trendy to talk about learning and training should be safe place where to learn, but in many cases ISTQB is something where they have been sent by a boss or something, what they think they have to do, to get a next shiny job title. I try hard to make trainings entertaining (I carry different testing games with me) and informative (learning materials, stories from the past), but sometimes it is simply not working. Sometimes I am happy that at the end of the day everyone simply memorised what negative test is and why we should do it. Most challenging are the ones who refuse to understand some definitions or concepts, for example, difference between validation and verification. Most frustrating if this is a person who has 20 years of experience in IT. In those moments I ask myself, is this really for me? But then I remember my “why?” and everything is OK again. Part of that “why?” are students, who are engaged and eager to learn everything I can share with them. They did some research upfront and have clear vision what they need. It is highly rewarding to work with that kind of students. Discendo discimus – while teaching we learn.

In trainings I invite people to embrace failures, to share experiences, to learn from each other, to use synergy. To help them to do that, I point to my own mistakes. Something like the picture on the top of this post. Few month ago I put whiteboard into our home kitchen. We use it as drawing board, as shopping list, as design board for next game we will program and sometimes I write citations. I guess, now till end of my days, I will spell “intelligence” correctly. Not always I was so cool about my mistakes. Few years ago I would feel ashamed and embarrassed, would try to hide it, put a lot of energy to deny it. Today I share it with the world. I know who I am and spelling mistake will not make me less me. I better put my energy to think why did I spell it wrong? Am I writing too less on an analog information carriers? Do I assume that software will catch all my spelling mistakes?

Since this month we have new colleague Dani. One thing what he did, he created channel in our company slack #todayilearned to share our learnings. It has became simple but effective training for me to identify what did I learn new today. Sometimes it is simple stuff, like, how to spell “intelligence” or that I am afraid to sit in the car which moves faster than 210kmh on busy autobahn, or that people who smell lavender fragrance make less typos and are more productive (I sent this fact immediately to my colleague with whom I used to share an office and passion to lavender). Or sometimes it is realisation that not everyone reads and spends on learning about a software as much as I do. I moved away from digital transition because I was sick of explaining software development basics again and again. Now I explain them on weekly bases :D . I like to think that I can assume correctly about previous software development experiences of my respondent and explain missing parts accordingly his/her level of understanding. And almost every second time I fail, because of aiming too high. People try to write an essay without knowing the alphabet! Yes, even in 2018 you have to explain, with patience and empathy, what is a smoke test, what is a negative test and regression test to a developer with 10 years of experience in software development. And this is OK. We all make mistakes, take wrong decisions and can use it as learning possibilities.