This is a brief explainer of SSL certificates for anyone who’s curious. Content warning; there’s lots of acronyms when it comes to understanding internet traffic.
One of the issues with using plain HTTP, is anyone can intercept that traffic and read everything in plain text. They can even introduce HTTP redirects so all of your information gets sent to their malicious server instead.
Introducing the secure layer (SSL)
This is where HTTPS comes into to play. The S stands for Secure. By default, most web browsers these days use HTTPS and will let you know if the website you are accessing doesn’t use HTTPS. This is often done using Secure Socket Layer (SSL) and encryption.
An SSL certificate is issued by trusted third party provider. This certificate comes with a public key and a private key. I use the private key on my server to encrypt data before I send it to your web client. Your web client then uses the public key to de-crypt the data.
My blog uses a self renewing certificate generated from Let’s Encrypt. And you can see this little lock icon in your browser to trust me. My website is legit, mate.
You can check out my certificate details, including details of when it expires and the public key information:
Expired SSL certificates
On my old blog, I use to purchase a SSL certificate from a certificate issuing authority, and manually upload it to my blog. This wasn’t hard, but I’d often have periods of my website having an expired SSL cert cause I was too lazy to upload it. If you go to my old blog today you get this SSL warning:
Also when you go to many internal test environments you get a similar warning, because teams often use self signed certificates to encrypt their internal test environment traffic.
Anyway, SSL stuff can get pretty complicated.I hope you learned something new or were able to refresh your SSL knowledge.
Angie Jones has this awesome video explaining the technical interview process for software testers. This blog is a summary of that process in written form. I often watch these videos at double speed.
1. The Testing Question
Many automation engineers out there are great at code but not so great at the testing element. Companies are looking for people with strong skills in both. Someone could ask you:
How would you test this pen/chair/bottle?
How would you test a username/password log in field on a website?
It’s easy to jump straight into test scenarios. BUT make sure you come back to the context;
Why is this being tested?
Who is it being built for?
What are the requirements/features?
2. Unit Testing
You might be given a sample function and ask to come up with some unit testing ideas. As an Automation Engineer you probably won’t be writing unit tests but this question is to see how you apply that testing mindset. You might answer this in a Test Driven Development approach.
public int add(int a, int b);
Does this method add two integers and return it?
What are the min and max values? e.g. is what about an integer larger than 32 bits?
a = 0 and/or b = 0
3. Service Tests
You might be asked to test a simple CRUD API for a sample API e.g. user management, what scenarios would you create to test the API? Make sure to talk about the different HTTP methods and the different error responses. How would you create scenarios to test them?
4. UI Tests
You might be given a web page and asked to create some UI tests using the tools you are the most familiar with. You could talk about the different approaches you might use too. If you could talk out how you would build out a page object model, what parts are common across different pages and how you’d abstract them out in their own classes such that they could be easily reused this would be gold.
5. Programming questions
Unfortunately you might have the same programming questions thrown at you as developers. These are a horrible part of the interview process but it’s something we have to live with. HackerRank is a great way to practice and to get efficient at this type of performance.
Dan Ashby has this great post on how he interviews testers using this mindmap:
If I was interview a technical tester I’d start with an intro. We will then dive into an exploratory testing question. Then ask about using GIT and how you would collaborate with developers. Then deep diving into some more technical questions on unit/API testing depending on the role.
tell me a bit about yourself…
How would you test a username/password login page?
How do you create a pull request in GIT?
What unit tests for this function can you come up with?
How would you test this sample API?
If I was interviewing for a mobile tester role I’d ask about using command line tools like Android Debug Bridge (ADB). For example, how would you generate a battery historian report and pull files from an android device using ADB?
How do you go about interviewing testers? Do you have any other tips to add?
There’s tons if software testing weekly newsletters for keeping up to date on current trends. There’s testing bits and Software Testing Weekly. But this got me thinking, how much awesome content is out there that could be resurfaced?
Welcome to my first Software Testing Archives series. This series is a deep dive into content that was published this month years ago.
Subscribe to get this content straight to your inbox:
August 2016 – CAST Conference keynote
My old boss from Tyro; Anne-Marie Charrett gave this awesome keynote at CAST conference 2016. The sentiment is transitioning from Test Manager to Test Leader. This conversation is still relevant today. When Anne-Marie left Tyro, I co-authored with Brian Osman this blog post on free range testing; a reflection of my experiences working in this team environment. I was tester number 8 and the second tester to be embedded in a dev team. I saw that team grow to 23 testers.
Douglas Hoffman and Cem Kaner gave this presentation at Cast Conference. Both of these blokes have been contributing to the testing industry for a very long time. Cem Kaner started the BBST software testing training program. Here’s some videos that feature these two blokes:
Have you every experienced a problem and haven’t been able to reproduce it 100% of the time? What did you do about it? James Bach does a deep dive into how to investigate these problems in more detail.
a strategy doesn’t have to be a big giant document. It starts as an idea in your head and you have to get other people on board as part of that strategy. So you need to share some knowledge in some format to help share your idea. This blog is about how I’d go about developing a new test strategy in a new team.
History of the term
First let’s take some time to understand this term; strategy. Historically the word strategy is associated with war and battle:
Strategy is to help you win or achieve some goal. Many people talk about their tactics when they are thinking of their strategy. Tactics are your how. They aren’t your whole strategy.
A tactic is a conceptual action or short series of actions with the aim of achieving of a short-term goal. This action can be implemented as one or more specific tasks.
This book helped me understand the term, “Strategy” in a visual and fun way.
According to this book a strategy has 4 parts:
A distinct, measurable goal
A sequence of actions or tactics
Start with a purpose
If I was dumped into a new team tomorrow and asked to develop a test strategy, I’d start by interviewing/surveying a few people. Depending on the size of the team and who I was working with it could be an online survey or a casual chat over a coffee. I’d ask something along the following lines:
What does quality mean to you?
What are common problems in the testing process here?
If you could fix just one thing about our quality, what would it be?
Now different people are going to answer this differently. Developers might say test code coverage, easily maintainable code and easy deployments make a high quality product. Your project manager might say happy customers. Testers might say less bugs found in the test phase.
Develop a goal
Once I’ve surveyed enough people (5 people is a good enough number for most user research interviews), I’ll work on constructing a goal. it might be;
improve our continuous integration build times
increase our test coverage
reduce the amount of negative customer feedback
Make sure it is measurable. You could use SMART or OKR goal formats.
Develop a plan
Now what are some things I or the team could do to achieve our goals? We could create tasks during our sprint to help us work towards our goal. Once you’ve achieved something you survey those original interviewers to see if the perceived quality has actually improved.
Measure the improvements in quality of your product. For my team we are tracking the average app store ratings, crash rates and engagement with in app features to see if they are actually useful. https://bughuntersam.com/metrics-and-quality/
Risks and Gaps
A Test Strategy could also have a section about risks or gaps in this approach. For example things like performance testing and security testing might not be included. Having a brief explainer why these aren’t part of your strategy can be useful for explaining the context and scope.
if you are working on improving the UI Test automation coverage you can use this visual risk based framework to help focus on where to start and what to automate first and measure progress against it as part of your strategy.
I’m more comfortable with the term marketing strategy over test strategy because it’s easier to measure your impact and easier to come up with concrete goals. Software testing isn’t as tangible as many other parts of the business process and can be hard to measure.
Can your strategy be summarised by this comic:
What resources have helped you understand test strategies? I’d love to check them out.
There are many forms of discrimination you could face when you are looking for work or in the workplace. Whether it’s based on;
Many of these forms of discrimination are illegal in many countries. Hiring Managers/Recruiters who work in Human Resources departments (HR) know how to protect their companies from potential lawsuits, so they won’t be directly discriminatory to your face. However you still might face indirect discrimination.
This blog post is a deep dive into the the subtleties of discrimination so you can be more aware of it during the job hunting process. Topics covered include:
Women still face discrimination in the tech industry. Trans folk even more so. I read a story about a female to male transition for a tech support worker. When he transitioned he visited an old client to help fix a computer. The client thought it was a new person and complained about how the women who use to help fix their computer didn’t know anything about tech. It was the exact same person.
Here’s another story about how a Husband came to understand the discrimination his Wife and Business Partner faces on a daily basis.
In my early career I avoided using my full name (Samantha Connelly) on my CV because of the gender association. If you look at my old 2014 CV, I have S. Connelly as my name.
Now that I have a reputation in the industry, I can’t hide my gender. I’m a little gender queer in my representation and could easily go by Sam (he/him) but I don’t suffer from gender dysphoria and don’t have a strong desire to change. I will remain female because I’m comfortable in my own skin (CIS). Also men’s fashion isn’t as fun as women’s fashion.
I use to be 127kg (that’s 280 pounds for my US readers and 20 stone for my UK readers). I’m now around 83kg, at 160cm tall this still puts me in the Obese category. I had always grown up being the fat kid. I had weight loss surgery (gastric sleeve) in 2016.
People tend to think fat people are lazy and unmotivated. Back when I was fatter and saw someone else who was even larger, I use to thing, “well at least I’m not that fat”, but I’ve seen my mindset change first hand. I now have the same knee jerk, “ew, gross” reaction as everyone else.
Fatness itself is generally not cause for legal discrimination (unless it’s classified as a disability), however overweight people are less likely to be promoted to leadership positions because they are seen as less competent.
When was the last time you saw a fat leader in a tech company? That weight loss surgery has probably already paid for itself based on my increased in potential earning capacity and more leadership opportunities.
They thought I had been fired because of my history of mental health impacting my performance. At the time I was recovering from a broken ankle and I had presented to the whole company about my struggles with depression.
However, the reason why I was let go was a mismatch of skills and expectations. It was an experimental Quality Coach role, through hiring me they discovered they actually wanted someone to help grow the test automation framework for the C# backend. This wasn’t my strength and we broke up on good terms.
Through my career coaching sessions and leading Sydney Testers over the last 4 years, I’ve spoken to many people who are looking for their first job here in Australia. They often get rejected for not having any “local experience”. I view this as a form of discrimination. It’s an excuse to not consider you as a candidate.
I can’t blame hiring managers for taking this mental shortcut. When you are dealing with 100’s of applicants and you want to get the list down to 4 to interview, you take many shortcuts to get there.
I have no idea how other people over come other forms of discrimination (like agism and racism). But this blog is full of stories of things I’ve tried or heard that can help people put their best foot forward during the job hunting process.
If you’re an older disabled fat black mother working in tech good luck out there because society isn’t on your side.
At the end of Buddha in Testing, Pradeep asks the reader to co-author the next chapter with him. So this blog post is my attempt at writing part of Chapter 5 of this book:
What is the chaos that surrounds you in testing?
Write now, during the pandemic a lot of people have been made redundant and are struggling to find work. I’m lucky enough that my day job isn’t all that chaotic, which is a good thing. The mobile app I’m working on is doing pretty well. I wouldn’t want to be dealing with a stressful work load on top of everything else.
What is my contribution?
I put together a software testers career cheatsheet to help anyone whose struggling to find work right now. After having career coaching sessions with a bunch of people, a few themes came to light. I got the inspiration to do a video series on those points. I found out it makes for great marketing content.
What situations have put you out of calmness?
Last weekend I recorded 7 career tip videos in one weekend. I was burnt out by Monday and a blubbery, teary mess. I couldn’t focus on work and took the day off to mentally recharge. I told twitter I was out of spoons.
How did you bring peace?
Walking around the city, listening to podcasts and shopping in second hand clothes stores was how I recharged. I even had a beer in a sports bar at lunch and watched some cricket (England vs West Indies) :
What answers are you searching for?
Satisfaction in life. I’m over software testing. I’m starting a graduate diploma in financial advice next week because I have an idea to disrupt the retirement funds industry here in Australia. Making retirement funds easier is something I can get behind.
How will you recognise the peace?
I enjoy adding value to other people. It’s a huge driver to most of what I do. I miss the constant interaction with people from my shop assistant days. If money/labour wasn’t a drawback I’d prefer to work in a supermarket over most of the testing roles I’ve had. With my history of depression, I don’t think I’d ever achieve peace but I can be more content with life.
I’m now outta steam
I could continue answering the questions but I think I’m going to leave it there. How would you answer some of these questions?
In a previous marketing blog post; I talk about how eyeballs/views are king. This blog post is a follow up and is a deep dive into how you can measure your impact. Using real life examples from my own marketing adventures.
On Sunday I’ll be Interviewing Manoj Kumar who’s a Principal Consultant at ThoughtWorks & a Selenium Conf Organiser. And I was chatting to Manoj about my marketing strategy as a tester. I’ve been fascinated about marketing (more than learning about test automation tools) and this blog post is a reflection on that strategy.
Marketing is a numbers game
In marketing, click through rates, conversion rates and eyeballs are king. You can either increase your eyeballs/views or increase the conversion rate.
E.G. You are promoting a free event, if you send an email to 100 people and 5 people sign up, your conversion rate is 5% for that campaign. It’s alot easier to increase the number of emails sent than the conversions/click through rates.
You could send that same email to 100 more people or send follow up emails to the people who opened the email but didn’t register to increase conversions. Or maybe the subject line didn’t get people’s attention?
Anyway, there’s tons of testing and iterating that can be applied to a marketing campaign.
What is your goal?
Have a think of what you’d like to achieve with your marketing campagin before starting out. I’ve structured my LinkedIn to get more views of my blog. Nearly everything I do on LinkedIn is to increase the web traffic to my blog.
My goal is to get more views/traffic on my blog
You might want to increase ticket sales for a conference, increase sign up rates for an event, etc. My secondry goal is to grow my number of followers on YouTube/Twitch.
How will you measure your goal?
I use analytics on wordpress to measure sources of web traffic. First let me tell you about my template messages and then I’ll explain how I use analytics to measure it.
Here are my LinkedIn template messages
Thanks for connecting. What are some of the challenges facing you these days?
If that’s too early for you the interview will be up on youtube 24 hours after the live event.
I’ve had over 30 people respond to that last message directly over night, that’s a 30% response rate of people who’ve atleast clicked on the auto generated response message, “Thanks”.
Using wordpress; Jetpack paid services, I can track views, where they come from and what people look at:
Yesterday I had 286 Views from 141 Visitors which is my second best performing day over the last month for web traffic.
Out of those 286 Views, 11 were on my Metrics and Quality blog, so they were probably from my New_Connections template message.
173 Views were from India (Normally most of my traffic comes from Australia) and 16 of those views came from LinkedIn. This would indicate that my blog was shared outside of my marketing efforts.
Here’s a more regular day
As a comparison, here’s a more regular web traffic day for my blog:
Newer published blogs are the most viewed (especially if I’ve shared them), Most of my traffic comes from LinkedIn and most of my traffic is from Australia, because that’s my biggest area of influence.
I can also keep an eye on my engagement in LinkedIn too, this helps me to understand if the content I’m sharing is resonating with people:
Is this useful?
Would you try/test anything from this blog post? What are your views on marketing?
One of the hardest things in software engineering is naming variables. They need to be easy to understand, short (ish) yet descriptive. And working in international teams, everyone has a different understanding of language. It’s a nigh impossible task if you ask me.
Say there’s a kill switch feature that a business or developer can enable to block a client from hitting a backend via an API. Just in case there’s peak demand or something in the system is struggling. Or maybe you are concerned there’s a widespread Denial of Service Attack (DoS) hitting your system and you want to keep your customer data safe.
What should this kill switch be named? And what state corresponds to the switching off of web traffic?
The enabled state should correspond with the no traffic state. When this kill switch is enabled, the business has gone in and switched it on, effectively switching off traffic. By default this kill switch is disabled and web traffic is normal. You might want to call this kill switch something that relates to the API it switches off, e.g. WebLoginKillSwitch if the kill switch prevents people from login to your web.
A feature flag is a software development technique used to enable or disable functionality remotely without deploying code.
Say you are working on a new feature but you are operating in a continuous integration and deployment environment. Once your code is merged in it could be deployed to customers within minutes. But your feature isn’t ready for customers just yet. You can wrap your feature behind a feature flag and enable it for your team so you can test in production even before your customers see it.
By default this feature is disabled for most of your users. But you could also set up a % rollout for the feature too. Maybe 5% of your users see the new feature before doing a general release.
When naming a feature flag you don’t need to include the word enabled or disabled in the variable. If you are experimenting with a new way of web login using apple ID you might call this feature flag webLoginWithAppleID and have it disabled by default.
Read the art of readable code
If you are interested in learning more about readable code, I recommend reading the Art of Readable Code:
Do you have any code smells related to naming of variables? How about test code smells?