Categories
Technology

Crash course in SSL certificates

This is a brief explainer of SSL certificates for anyone who’s curious. Content warning; there’s lots of acronyms when it comes to understanding internet traffic.

HTTP Protocol


When you hit a website/server you use a protocol called HTTP (Hypertext transfer protocol). This protocol opens up a connection with a server and can pass stuff like HTML (Hypertext Markup Language) to your web browser (client). Or this protocol can return data (often in JavaScript Object Notation – JSON or Extensible Markup Language – XML format) from an Application Programming Interface – API call. API responses such as 200 ok and 418 – “I’m a teapot” are HTTP responses.

One of the issues with using plain HTTP, is anyone can intercept that traffic and read everything in plain text. They can even introduce HTTP redirects so all of your information gets sent to their malicious server instead.

Introducing the secure layer (SSL)

This is where HTTPS comes into to play. The S stands for Secure. By default, most web browsers these days use HTTPS and will let you know if the website you are accessing doesn’t use HTTPS. This is often done using Secure Socket Layer (SSL) and encryption.

An SSL certificate is issued by trusted third party provider. This certificate comes with a public key and a private key. I use the private key on my server to encrypt data before I send it to your web client. Your web client then uses the public key to de-crypt the data.

My blog uses a self renewing certificate generated from Let’s Encrypt. And you can see this little lock icon in your browser to trust me. My website is legit, mate.

You can check out my certificate details, including details of when it expires and the public key information:

Expired SSL certificates

On my old blog, I use to purchase a SSL certificate from a certificate issuing authority, and manually upload it to my blog. This wasn’t hard, but I’d often have periods of my website having an expired SSL cert cause I was too lazy to upload it. If you go to my old blog today you get this SSL warning:

Also when you go to many internal test environments you get a similar warning, because teams often use self signed certificates to encrypt their internal test environment traffic. 

Anyway, SSL stuff can get pretty complicated.I hope you learned something new or were able to refresh your SSL knowledge.

Categories
Critical Thinking Software Testing Testing Archives

Interviewing technical testers

Angie Jones has this awesome video explaining the technical interview process for software testers. This blog is a summary of that process in written form. I often watch these videos at double speed.

1. The Testing Question

Many automation engineers out there are great at code but not so great at the testing element. Companies are looking for people with strong skills in both. Someone could ask you:

  • How would you test this pen/chair/bottle?
  • How would you test a username/password log in field on a website?

It’s easy to jump straight into test scenarios. BUT make sure you come back to the context;

  • Why is this being tested?
  • Who is it being built for?
  • What are the requirements/features?

2. Unit Testing

You might be given a sample function and ask to come up with some unit testing ideas. As an Automation Engineer you probably won’t be writing unit tests but this question is to see how you apply that testing mindset. You might answer this in a Test Driven Development approach.

public int add(int a, int b);
  • Does this method add two integers and return it?
  • What are the min and max values? e.g. is what about an integer larger than 32 bits?
  • a = 0 and/or b = 0
  • Negative numbers?

3. Service Tests

You might be asked to test a simple CRUD API for a sample API e.g. user management, what scenarios would you create to test the API? Make sure to talk about the different HTTP methods and the different error responses. How would you create scenarios to test them?

4. UI Tests

You might be given a web page and asked to create some UI tests using the tools you are the most familiar with. You could talk about the different approaches you might use too. If you could talk out how you would build out a page object model, what parts are common across different pages and how you’d abstract them out in their own classes such that they could be easily reused this would be gold.

5. Programming questions

Unfortunately you might have the same programming questions thrown at you as developers. These are a horrible part of the interview process but it’s something we have to live with. HackerRank is a great way to practice and to get efficient at this type of performance.

Dan Ashby’s approach to interviewing testers

Dan Ashby has this great post on how he interviews testers using this mindmap:

My approach

If I was interview a technical tester I’d start with an intro. We will then dive into an exploratory testing question. Then ask about using GIT and how you would collaborate with developers. Then deep diving into some more technical questions on unit/API testing depending on the role.

  • tell me a bit about yourself…
  • How would you test a username/password login page?
  • How do you create a pull request in GIT?
  • What unit tests for this function can you come up with?
  • How would you test this sample API?

If I was interviewing for a mobile tester role I’d ask about using command line tools like Android Debug Bridge (ADB). For example, how would you generate a battery historian report and pull files from an android device using ADB?

How do you go about interviewing testers? Do you have any other tips to add?

Categories
Software Testing Testing Archives

Testing Archives – August 01

There’s tons if software testing weekly newsletters for keeping up to date on current trends. There’s testing bits and Software Testing Weekly. But this got me thinking, how much awesome content is out there that could be resurfaced?

Welcome to my first Software Testing Archives series. This series is a deep dive into content that was published this month years ago.

Subscribe to get this content straight to your inbox:

August 2016 – CAST Conference keynote

My old boss from Tyro; Anne-Marie Charrett gave this awesome keynote at CAST conference 2016. The sentiment is transitioning from Test Manager to Test Leader. This conversation is still relevant today. When Anne-Marie left Tyro, I co-authored with Brian Osman this blog post on free range testing; a reflection of my experiences working in this team environment. I was tester number 8 and the second tester to be embedded in a dev team. I saw that team grow to 23 testers.

August 2012 – Defending the qualitative approach

This bog is by Ilari Henrik Aegerter who runs the House of Testing, Ilari has recently started posting single slide videos on a topic of software testing up on LinkedIn. You should check them out.

August 2010 – Exploratory Test Automation

Douglas Hoffman and Cem Kaner gave this presentation at Cast Conference. Both of these blokes have been contributing to the testing industry for a very long time. Cem Kaner started the BBST software testing training program. Here’s some videos that feature these two blokes:

August 2005 – How to investigate an intermittent problem

Have you every experienced a problem and haven’t been able to reproduce it 100% of the time? What did you do about it? James Bach does a deep dive into how to investigate these problems in more detail.

Categories
Critical Thinking Marketing Mobile Testing Software Testing

That elusive Test Strategy

I recently was asked about recommendations for learning about test strategies. Here are my sample strategies:

a strategy doesn’t have to be a big giant document. It starts as an idea in your head and you have to get other people on board as part of that strategy. So you need to share some knowledge in some format to help share your idea. This blog is about how I’d go about developing a new test strategy in a new team.

History of the term

First let’s take some time to understand this term; strategy. Historically the word strategy is associated with war and battle:

Quote: Strategy without tactics is the slowest route to victory. Tactics without Strategy is the noise before the defeat - Sun Tzu
https://www.pinterest.com.au/pin/287878601154737781/

Strategy is to help you win or achieve some goal. Many people talk about their tactics when they are thinking of their strategy. Tactics are your how. They aren’t your whole strategy.

A tactic is a conceptual action or short series of actions with the aim of achieving of a short-term goal. This action can be implemented as one or more specific tasks.

https://en.wikipedia.org/wiki/Tactic_(method)

Book: I have a strategy (No you don’t)

This book helped me understand the term, “Strategy” in a visual and fun way.

https://www.amazon.com.au/Have-Strategy-You-Dont-Illustrated/dp/1118484207

According to this book a strategy has 4 parts:

  • A purpose
  • A distinct, measurable goal
  • A plan
  • A sequence of actions or tactics

Start with a purpose

If I was dumped into a new team tomorrow and asked to develop a test strategy, I’d start by interviewing/surveying a few people. Depending on the size of the team and who I was working with it could be an online survey or a casual chat over a coffee. I’d ask something along the following lines:

  • What does quality mean to you?
  • What are common problems in the testing process here?
  • If you could fix just one thing about our quality, what would it be?

Now different people are going to answer this differently. Developers might say test code coverage, easily maintainable code and easy deployments make a high quality product. Your project manager might say happy customers. Testers might say less bugs found in the test phase.

Develop a goal

Once I’ve surveyed enough people (5 people is a good enough number for most user research interviews), I’ll work on constructing a goal. it might be;

  • improve our continuous integration build times
  • increase our test coverage
  • reduce the amount of negative customer feedback

Make sure it is measurable. You could use SMART or OKR goal formats.

https://www.toolshero.com/personal-development/smart-goals/
https://blog.weekdone.com/introduction-okr-objectives-key-results/

Develop a plan

Now what are some things I or the team could do to achieve our goals? We could create tasks during our sprint to help us work towards our goal. Once you’ve achieved something you survey those original interviewers to see if the perceived quality has actually improved.

Measure your progress

Measure the improvements in quality of your product. For my team we are tracking the average app store ratings, crash rates and engagement with in app features to see if they are actually useful. https://bughuntersam.com/metrics-and-quality/

Risks and Gaps

A Test Strategy could also have a section about risks or gaps in this approach. For example things like performance testing and security testing might not be included. Having a brief explainer why these aren’t part of your strategy can be useful for explaining the context and scope.

UI Automation Visual Risk Framework

if you are working on improving the UI Test automation coverage you can use this visual risk based framework to help focus on where to start and what to automate first and measure progress against it as part of your strategy.

https://bughuntersam.com/visual-risk-ui-automation-framework/

Conclusion

I’m more comfortable with the term marketing strategy over test strategy because it’s easier to measure your impact and easier to come up with concrete goals. Software testing isn’t as tangible as many other parts of the business process and can be hard to measure.

Can your strategy be summarised by this comic:

test all the things
automate all/some things

What resources have helped you understand test strategies? I’d love to check them out.

Categories
Job hunting mental health Software Testing Technology Weight Loss

Discrimination in the Workplace

There are many forms of discrimination you could face when you are looking for work or in the workplace. Whether it’s based on;

  • Gender
  • Appearance
  • Family
  • Religion
  • Sexual Orientation
  • Age

Many of these forms of discrimination are illegal in many countries. Hiring Managers/Recruiters who work in Human Resources departments (HR) know how to protect their companies from potential lawsuits, so they won’t be directly discriminatory to your face. However you still might face indirect discrimination.

This blog post is a deep dive into the the subtleties of discrimination so you can be more aware of it during the job hunting process. Topics covered include:

  • Women in Tech
  • Fatness and Bias
  • Mental Health
  • Local Experience

Women in Tech

Women still face discrimination in the tech industry. Trans folk even more so. I read a story about a female to male transition for a tech support worker. When he transitioned he visited an old client to help fix a computer. The client thought it was a new person and complained about how the women who use to help fix their computer didn’t know anything about tech. It was the exact same person.

Here’s another story about how a Husband came to understand the discrimination his Wife and Business Partner faces on a daily basis.

In my early career I avoided using my full name (Samantha Connelly) on my CV because of the gender association. If you look at my old 2014 CV, I have S. Connelly as my name.

Now that I have a reputation in the industry, I can’t hide my gender. I’m a little gender queer in my representation and could easily go by Sam (he/him) but I don’t suffer from gender dysphoria and don’t have a strong desire to change. I will remain female because I’m comfortable in my own skin (CIS). Also men’s fashion isn’t as fun as women’s fashion.

Fatness and Bias

I use to be 127kg (that’s 280 pounds for my US readers and 20 stone for my UK readers). I’m now around 83kg, at 160cm tall this still puts me in the Obese category. I had always grown up being the fat kid. I had weight loss surgery (gastric sleeve) in 2016.

People tend to think fat people are lazy and unmotivated. Back when I was fatter and saw someone else who was even larger, I use to thing, “well at least I’m not that fat”, but I’ve seen my mindset change first hand. I now have the same knee jerk, “ew, gross” reaction as everyone else.

Fatness itself is generally not cause for legal discrimination (unless it’s classified as a disability), however overweight people are less likely to be promoted to leadership positions because they are seen as less competent.

When was the last time you saw a fat leader in a tech company? That weight loss surgery has probably already paid for itself based on my increased in potential earning capacity and more leadership opportunities.

Mental Health

This time last year, I thought I was going to move to Newcastle to join a start up in a head of engineering role. After the offer had been made, someone on the board did “further research” into my history, and getting fired from Campaign Monitor came up.

They thought I had been fired because of my history of mental health impacting my performance. At the time I was recovering from a broken ankle and I had presented to the whole company about my struggles with depression.

However, the reason why I was let go was a mismatch of skills and expectations. It was an experimental Quality Coach role, through hiring me they discovered they actually wanted someone to help grow the test automation framework for the C# backend. This wasn’t my strength and we broke up on good terms.

I even presented at a conference of how I tried a quality coach role and failed at it. I put together this presentation with the help of my old boss from Campaign Monitor. I was super excited for this role back at the end of 2017.

Local Experience

Through my career coaching sessions and leading Sydney Testers over the last 4 years, I’ve spoken to many people who are looking for their first job here in Australia. They often get rejected for not having any “local experience”. I view this as a form of discrimination. It’s an excuse to not consider you as a candidate.

I can’t blame hiring managers for taking this mental shortcut. When you are dealing with 100’s of applicants and you want to get the list down to 4 to interview, you take many shortcuts to get there.

It does mean people often struggle to land that first job here. I’ve told people to invest in their online profile and networking to overcome this barrier.

Summary

I have no idea how other people over come other forms of discrimination (like agism and racism). But this blog is full of stories of things I’ve tried or heard that can help people put their best foot forward during the job hunting process.

If you’re an older disabled fat black mother working in tech good luck out there because society isn’t on your side.

What’s worked for you? Or did something backfire?

Categories
Craft Beer Critical Thinking Finances Job hunting Marketing mental health mindfulness Software Testing Technology

Buddha in Testing: Chapter 5

At the end of Buddha in Testing, Pradeep asks the reader to co-author the next chapter with him. So this blog post is my attempt at writing part of Chapter 5 of this book:

What is the chaos that surrounds you in testing?

Write now, during the pandemic a lot of people have been made redundant and are struggling to find work. I’m lucky enough that my day job isn’t all that chaotic, which is a good thing. The mobile app I’m working on is doing pretty well. I wouldn’t want to be dealing with a stressful work load on top of everything else.

What is my contribution?

I put together a software testers career cheatsheet to help anyone whose struggling to find work right now. After having career coaching sessions with a bunch of people, a few themes came to light. I got the inspiration to do a video series on those points. I found out it makes for great marketing content.

What situations have put you out of calmness?

Last weekend I recorded 7 career tip videos in one weekend. I was burnt out by Monday and a blubbery, teary mess. I couldn’t focus on work and took the day off to mentally recharge. I told twitter I was out of spoons.

How did you bring peace?

Walking around the city, listening to podcasts and shopping in second hand clothes stores was how I recharged. I even had a beer in a sports bar at lunch and watched some cricket (England vs West Indies) :

What answers are you searching for?

Satisfaction in life. I’m over software testing. I’m starting a graduate diploma in financial advice next week because I have an idea to disrupt the retirement funds industry here in Australia. Making retirement funds easier is something I can get behind.

How will you recognise the peace?

I enjoy adding value to other people. It’s a huge driver to most of what I do. I miss the constant interaction with people from my shop assistant days. If money/labour wasn’t a drawback I’d prefer to work in a supermarket over most of the testing roles I’ve had. With my history of depression, I don’t think I’d ever achieve peace but I can be more content with life.

I’m now outta steam

I could continue answering the questions but I think I’m going to leave it there. How would you answer some of these questions?

Categories
Marketing Technology

Marketing; measuring your impact

In a previous marketing blog post; I talk about how eyeballs/views are king. This blog post is a follow up and is a deep dive into how you can measure your impact. Using real life examples from my own marketing adventures.

WordPress + Jetpack Analytics

I published a blog post full of Software Testing career tips on the 25th of June. Here’s the JetPack Analytics (a free wordPress plugin) of how many views I’ve had of that blog post since it was published:

This blog post has been viewed 1,321 times since it was published 1 month ago.

Video + LinkedIn

After chatting to people via my career coaching sessions, a few themes kept coming up. I decided to turn these themes into a video series and I’ve been posting daily video career tips to LinkedIn.

Yesterday I publish part 10 and in one day it has been viewed over 2,500 times with 134 reactions, 16 shares and 10 comments. Here’s some of the insights LinkedIn Analytics provides:

I can also see the companies, roles and locations of the people who viewed my post. 673 were Software Testers, 243 were from Sydney and India is my second biggest audience.

Since I’ve started posting daily videos, the numbers of people who have viewed my profile has also increased, I’m now getting around 240 views a day:

Youtube + Analytics

I’ve also posted all of those videos on Youtube. Now they aren’t receiving as many views compared to LinkedIn but Youtube is a longer game.

My Interview with Manoj Kumar from my last marketing blog post has been viewed 342 times:

Apparently it has a 10% click through rate
Most people don’t watch all the way through, 91.5% of people watch less than 5 minutes, infact only a tiny percent finish the video
I got 7 new subscribers from that video
You can also see Audience metrics like Age and Location. I don’t trust this 100% male viewers number though…

How do you measure up?

What else are you tracking as part of your marketing adventures? I’ve found video + blog + regular posts to LinkedIn has increased my overall engagement.

Categories
Critical Thinking Job hunting Marketing Software Testing Technology

Technical tips for Software Testers

My software testing career tips series on Youtube is going well. So well in fact that I need to break out and collect the 4 part mini series on technical skills into it’s own blog post here.

Part 1: learn command line

Nothing will impress you colleagues more than your technical prowess with the command line, even if all your doing is checking your email. Here’s all of the references in the video:

You should focus on learning tools and technology that help you collaborate with the developers on your team. Here’s all of the references in the video:

Part 3: The Technical profile

Having a GitHub profile is key to establishing your tech credibility. Here’s all of the references in the video:

Part 4: Manual vs Automation

I avoid these terms in my profile like the plague and as an Industry we should drop these terms. Here’s all of the references in the video:

What are your tips for testers when it comes to improving their technical skills?

Categories
Conferences Marketing Software Testing Technology

My Social Media Marketing Strategy

On Sunday I’ll be Interviewing Manoj Kumar who’s a Principal Consultant at ThoughtWorks & a Selenium Conf Organiser. And I was chatting to Manoj about my marketing strategy as a tester. I’ve been fascinated about marketing (more than learning about test automation tools) and this blog post is a reflection on that strategy.

Marketing is a numbers game

In marketing, click through rates, conversion rates and eyeballs are king. You can either increase your eyeballs/views or increase the conversion rate.

E.G. You are promoting a free event, if you send an email to 100 people and 5 people sign up, your conversion rate is 5% for that campaign. It’s alot easier to increase the number of emails sent than the conversions/click through rates.

You could send that same email to 100 more people or send follow up emails to the people who opened the email but didn’t register to increase conversions. Or maybe the subject line didn’t get people’s attention?

Anyway, there’s tons of testing and iterating that can be applied to a marketing campaign.

What is your goal?

Have a think of what you’d like to achieve with your marketing campagin before starting out. I’ve structured my LinkedIn to get more views of my blog. Nearly everything I do on LinkedIn is to increase the web traffic to my blog.

My goal is to get more views/traffic on my blog

You might want to increase ticket sales for a conference, increase sign up rates for an event, etc. My secondry goal is to grow my number of followers on YouTube/Twitch.

How will you measure your goal?

I use analytics on wordpress to measure sources of web traffic. First let me tell you about my template messages and then I’ll explain how I use analytics to measure it.

Here are my LinkedIn template messages

New Connection

Hi {Insert_First_Name},

Thanks for connecting. What are some of the challenges facing you these days?

You might enjoy reading my blog on metrics and quality: https://bughuntersam.com/metrics-and-quality/ 

Is there anything I can help you with?

Regards,

Sam

They Ask for Work/Career Advice

Unfortunately it’s hard for me to refer someone who I’ve never worked with personally. I also don’t know what type of team would suit you.

Here’s my 6 step software testers career cheatsheet: https://bughuntersam.com/my-testing-career-cheatsheet/

Networking is king. I’ve gotten my last 3 job offers from networking, blogging and speaking at Meetup events.

Specific Campaign

I’ve sent the following template message to over 100 people who have QA Engineer in their title, are based in India and I’m connected to (I have up to 240 connections that meet this criteria):

Hi {Insert_First_Name},

How are you? Are you aware of the Selenium Conference in India? https://seleniumconf.in/

I’ll be interviewing Manoj Kumar, one of the organisers at 7am IST this Sunday https://www.meetup.com/Sydney-Testers/events/271598548/

If that’s too early for you the interview will be up on youtube 24 hours after the live event.

Regards,

Sam

I’ve had over 30 people respond to that last message directly over night, that’s a 30% response rate of people who’ve atleast clicked on the auto generated response message, “Thanks”.

Analytics

Using wordpress; Jetpack paid services, I can track views, where they come from and what people look at:

Yesterday I had 286 Views from 141 Visitors which is my second best performing day over the last month for web traffic.

Yesterday I had 286 Views from 141 Visitors which is my second best performing day over the last month for web traffic.

Out of those 286 Views, 11 were on my Metrics and Quality blog, so they were probably from my New_Connections template message.

173 Views were from India (Normally most of my traffic comes from Australia) and 16 of those views came from LinkedIn. This would indicate that my blog was shared outside of my marketing efforts.

Here’s a more regular day

As a comparison, here’s a more regular web traffic day for my blog:

Newer published blogs are the most viewed (especially if I’ve shared them), Most of my traffic comes from LinkedIn and most of my traffic is from Australia, because that’s my biggest area of influence.

I can also keep an eye on my engagement in LinkedIn too, this helps me to understand if the content I’m sharing is resonating with people:

Is this useful?

Would you try/test anything from this blog post? What are your views on marketing?

Categories
Critical Thinking Software Testing Technology

Code Smells and Boolean Logic

Have you ever come across a boolean in code (i.e. a TRUE/FALSE) variable and had to stop and question if TRUE meant enabled or disabled? I call this a code smell.

A code smell is a surface indication that usually corresponds to a deeper problem in the system.

https://martinfowler.com/bliki/CodeSmell.html

Naming variables is hard

One of the hardest things in software engineering is naming variables. They need to be easy to understand, short (ish) yet descriptive. And working in international teams, everyone has a different understanding of language. It’s a nigh impossible task if you ask me.

Kill Switches

Say there’s a kill switch feature that a business or developer can enable to block a client from hitting a backend via an API. Just in case there’s peak demand or something in the system is struggling. Or maybe you are concerned there’s a widespread Denial of Service Attack (DoS) hitting your system and you want to keep your customer data safe.

What should this kill switch be named? And what state corresponds to the switching off of web traffic?

The enabled state should correspond with the no traffic state. When this kill switch is enabled, the business has gone in and switched it on, effectively switching off traffic. By default this kill switch is disabled and web traffic is normal. You might want to call this kill switch something that relates to the API it switches off, e.g. WebLoginKillSwitch if the kill switch prevents people from login to your web.

Feature Flags

A feature flag is a software development technique used to enable or disable functionality remotely without deploying code.

https://launchdarkly.com/blog/what-are-feature-flags/

Say you are working on a new feature but you are operating in a continuous integration and deployment environment. Once your code is merged in it could be deployed to customers within minutes. But your feature isn’t ready for customers just yet. You can wrap your feature behind a feature flag and enable it for your team so you can test in production even before your customers see it.

By default this feature is disabled for most of your users. But you could also set up a % rollout for the feature too. Maybe 5% of your users see the new feature before doing a general release.

When naming a feature flag you don’t need to include the word enabled or disabled in the variable. If you are experimenting with a new way of web login using apple ID you might call this feature flag webLoginWithAppleID and have it disabled by default.

Read the art of readable code

If you are interested in learning more about readable code, I recommend reading the Art of Readable Code:

Do you have any code smells related to naming of variables? How about test code smells?