A quarter-million hospital patients social security numbers were burned to CDs, put in an employees bag, the bag was exchanged at a store for a larger version, and the exchanged bag (with CDs) were bought by another person. The person brought the CDs back 3 days later.

Think about this story and the lack of responsibility next time you give somebody your social security number!

Read the full article here.

I know this is old but I like to run it against my sites every once in a while to have myself a little chuckle. View QAInsight in Jive here. Translate your site into Jive here.

Today, my coworker Aaron Jensen provided a link to Microsoft's Privacy Guidelines for Developing Software Products and Services paper. I haven't had a chance to read it yet but I think this will be a great starting step towards helping develop software with respect for user privacy. The development community needs this...The testing community could benefit highly from this document too. A guy could create a pretty sweet set of privacy test cases from this information.

About a month ago I posted about how NUnit fails with SystemIOFileNotFoundException. This month Noah left a comment stating "A malformed xml file screwed me up too. You saved me hours of my life."

Hell yeah! My blogging did somebody some good! I love it! This is what I want to see... This is what I want to hear.

As far as I figure you peeps think I'm in it for the Google Adsense revenue but... REALLY I'm not. Yes, the revenue is nice and has paid for my car, bike, house, dog, and the wife's boob job (super-duper thanks for that by the way), but I'm not materialistic like that. I'm doing this for you peeps...

Google Adsens Revenue for 10 months of blogging: $108.71 (Have you seen my car? Not gonna touch the boob thing). 

Helping somebody via a blog post: priceless 

Thanks for the comment Noah.

I can't imagine this is a feature, so I'll call it my Defect of the Day (imagine loud booming, stereo, monster truck announcer voice with that). Here try it again....DDEEEFECT OF THEEE DAAAAAY:

Many a time while listening to MSN Radio I'll hear a song that I really like and wish that I could hear it again, over and over and over and OVER. Nothing like a little musical spice while testing, spice that forces you to shake your little booty in your chair while nodding your head rapidly to the beat (all the while making darting glances into you rear-view PC mirror to make sure your co-workers aren't mocking you in the background).  Back to the defect... Since its "Radio" you can't rewind or go back right? Wrong...In Media Player (I'm using version 10) when the song is nearing the end press the stop button, the progress indicator will go back to the beginning of the song. Press the play button and the song starts from the beginning. Sweet!

I can't even begin to tell you the number of defects I found today while testing, groovin' with my "MSN Radio manual repeat defect", and Ice Ice Baby.

Net-Security.org published an article stating the Top 10 Web 2.0 Attack Vectors. In their opinion the top 10 are:

1. Cross-site scripting in AJAX
2. XML poisoning
3. Malicious AJAX code execution
4. RSS / Atom injection
5. WSDL scanning and enumeration
6. Client side validation in AJAX routines
7. Web services routing issues
8. Parameter manipulation with SOAP
9. XPATH injection in SOAP message
10. RIA thick client binary manipulation

Do you have test cases in place to help prevent these top 10?

FireFox 2 is released and can be downloaded at GetFireFox.com! What does this mean for us browser compatibility testers?

From experience, my compatibility testing woes that come with version changes are:

1. JavaScript version changes, causing JavaScript errors.
2. Rendering engine changes (especially CSS); causing display issues (e.g. object alignment, font changes/inconsistency).

So....as I peruse the FireFox 2 feature list I see an upgrade to JavaScript 1.7. Hmm, sounds historically defect prone...BUT, before I read the feature list I went and did my own homework of seeing if the JavaScript version changed. My homework unveiled that FireFox 2 was using JavaScript 1.5? WHAT THE? Am I looking at an issue caused by having multiple FireFox installations on a machine (I have 1.0.8, 1.5.4, and 2.0 installed). When you're running FireFox 2 what is your JavaScriptVer when you visit BrowserHawk.com? Leave your findings in the comments please!

The formerly known Atlas is now ASP.NET AJAX and was released as v1.0 Beta last week. You can download the free framework here. The accompanying site has quite a few "How Do I" videos that show off the framework and guide you through using some of the features. See the video list here. I watched the 18 minute video entitled  Developing ASP.NET 2.0 Applications using AJAX and was impressed with the simplicity of developing with ASP.NET AJAX.

So I'm told...When a Web server that has the 1.1 .NET framework installed as well as the 2.0 framework, if the Web app's virtual directory is set to utilize 2.0 it's possible that "issues" could occur and that it could revert back to 1.1 to keep the app running (not too sure what "issues" are). How do you figure out which framework your Web page was created with? Modify the applications web.config's trace key "enabled" and "pageOutput" parameters to be true and then the "localOnly" to be false:

<trace enabled="true" requestLimit="10" pageOutput="true" traceMode="SortByTime" localOnly="false" />

Once modified, you are then in BIZNESS! View/open the suspect application/Web page in your browser and look at the very bottom of the trace dump. The .NET Framework version will be displayed. It will will look something like this:

Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42

Have a Stupid Testing Trick? Email me using the "E-Mail" link on the right.

I often discover new QA blogs through my readers via comments or referrer URLs. Today I discovered zeljkofilipin.com because Željko left a comment on QAInsight.net. When I went and checked out his blog I laughed pretty hard at one particular post/joke Software is like sausage:

Software is like a sausage. You lose your appetite when you see how it is made.

Check out Željko's blog he's a Ruby/Watir user. Hey Željko, when are you going to leave the dark side? SWEA is patiently waiting for you!

Which is faster when using DHMTL? The innerHTML property or the HTML DOM? Gleb Lebedev over at gloo.ru did all the hard work for us and gives us an answer. In a nutshell: innerHTML wins in Opera 9.01, FireFox 1.5, IE 6.0 32-bit, and IE 6.0 64-bit. By far!

A new check in the performance code review? Your developers do that right? Right!?

Ben the "Virtual PC Guy" tells us that Microsoft Virtual PC 2007 Beta is out. Get the feature list over on his blog. Sign up for the VPC 2007 beta here.

I spend a large portion of my QA day using VPC 2004, so I'm pretty excited, and SCARED, to see what 2007 will do for me. My hopes are high that the performance improvements will make my testing experience faster. Please? Please. PLEASE!

Today Microsoft released Internet Explorer 7. When I got home from work today I installed it on my wife's laptop. Any minute I should see what the WAF is.

I noticed my 12 year old son was using it while doing some homework and I asked him what he thought, the conversation went something like this:

Me: What do you think about Internet Explorer 7?
Jake: The thingy with the gold ring?
Me: Yeah, the Web browser you are using right now (peering over the top of the laptop and noticing a Web page with pictures of Lysosomes)
Jake: Looks the same to me, I didn't notice.
Me: You don't see ANYTHING different?
Jake: I guess up here is kinda weird (as he points to the Yahoo toolbar at the top of the Web browser...which doesn't look any different than it did in IE6).
Me: Hmm...

I think his experience is a good thing? If you think about it, a twelve year old doesn't care about security, phishing, integrated search, and all the other new, key features of IE7. The fact that he opened IE7 up (with the new desktop icon), did a search on Google for Lysosomes, and printed a picture out for his storyboard/report tells me that Microsoft did a great job with revamping their browser but not confusing their customers.

Kudos to Microsoft.

Download IE7 here.

Don't download it here (IE7.com ...haha)

Our group has recently converted our source code repository from CVS to Subversion. The helpful article Top Ten Subversion Tips for CVS Users was forwarded to the group as an additional aid in getting us up to speed.

Every since Borland bought Segue there has been a LOT of marketing material coming from Borland. Thing is, it hasn't been just "Buy our products" material, it's been some good testing and quality assurance info (75%)that leads up to "Buy our products" (25%). 

The latest push is with their Lifecycle Quality Management (LQM) process which is one of their 4 processes in their Software Delivery Optimization vision. Read the news release here. In promotion of LQM, Borland is offering a free Webcast entitled: Lifecycle Quality Management; Infusing and Automating Quality at Every Phase

Here's the Webcast info...

Date: Wednesday, November 1st 2006
Time: 11:00 AM PT / 2:00 PM ET; 1 hour

Featured Speakers:

• Brad Johnson, Product Marketing Director of Lifecycle Quality Management solutions for Borland® Software
• Matt Light, Research Director for Gartner Research
• Frank Derfler VP, Market Experts Group - Ziff Davis Media

Register for the Webcast here.

SPI Dynamics (known for being experts in security for Web applications) has released a white paper on the dangers of Ajax. It's a worthy and quick read if you are doing any testing or development with AJAX. Get the paper here.

I've seen a lot of activity and focus on implementing secure Ajax solutions, which is a great thing, but I'm telling you people...it's dangerous if not done right. The more I read and play with it the more I think:

"Ajax...the new, great way to exploit".

"Bad Ajax implementations...A phishers dream!"

Yeah, yeah... I don't want to hear your "The technologies used in Ajax aren't new" crap. The technologies aren't, but the focus is.

It wasn't long ago that I ran into a scenario when performance testing that required some creative thinking to fix. The root of my problem was that each of Silk Performer's Agents utilize their own copy of all the data files in a project, and when my application's User IDs are in that data file, the Agents will end up having Virtual Users using the same User ID at the same time, causing inconsistent/clashing user behavior (which caused an error in the application). Working from 1 pool of User IDs with 1 Performer Agent is no problem (when using the function FileGetNextRow() that retrieves User IDs sequentially), but add that 2nd Agent and all hell breaks loose. 

My half-ass fix to the problem? Divide the User IDs and Virtual Users between Agents. For example, if you have 2 Agents and 1 million User IDs, then one file with 500k will go on Agent #1 and another file with 500k will go on Agent #2. Seems feasible right? Wrong, as stated before, Silk Performer will load all data files to the Agents, in other words...you don't get to choose which data files are uploaded to your Agents. Thus, Agents will use both sets of files in the 2 file example.

So, now the problem becomes: How do I have each virtual user recognize which Agent it is coming from and use a uniquely assigned User ID file? Answer: Use the GetAgent() method in the Init transaction:

GetAgent() will return the machine name or IP that the Virtual User is coming from. You can now use that value to instruct the Virtual User to grab a User ID from the correct User ID file for that Agent (still within the Init Transaction):

//Split up users between agents to avoid behavior issues/error //Check for localhost too so that Try Scripts will still run if (sAgent = "Agent1") OR (sAgent = "localhost") then    FileCSVLoadGlobal(nAcctFile, "Users.rnd"); //500k users elseif (sAgent = "Agent2") then   FileCSVLoadGlobal(nAcctFile, "Users2.rnd"); // other 500k users else   RepMessage("Agent not found.", SEVERITY_ERROR);   halt; end;

Now, in your transaction where the user will be initialized you will use the method FileGetNextRow() forcing the Virtual Users to grab the User IDs sequentially from the file (choosing User IDs randomly would put us back to square one...the error):

FileGetNextRow(nAcctFile); sUser := FileGetCol(nAcctFile, 1, STRING_COMPLETE);

It's been a while since I wrote this code, but I think my friend Mark McCorkle helped me think through it. Thanks Mark!

My good ol', thrill seeking, programming, secret harboring, friend Matt blogged about a bug in a Coke vending machine that will get you 2 cokes for the price of 1. From a quality assurance perspective this is really quite interesting...well at least it is to me because I've been in more of a software quality assurance world for most of my career and hadn't really thought about porting my hacker mentality to physical or mechanical devices in the "real" world. It's Quality Assurance and testing on a different plane but the same concepts still apply. Interesting...

Do you think the creator of this vending machine actually went through an official testing process?

Check out these Coke vending machine "bugs":
Overflow exception
Change the menu 
Two for the price of one

Now that I think about it, I think my first memory of lack of testing on this plane was when I was about 6 years old. I remember going to the grocery store with my babysitter and her son (who was about 13) would play the Asteroids arcade game that sat by the exit door using filed down metal washers instead of quarters. Pure genius... I wonder what he's doing now? I wonder if he's in QA?

Today is a day to remember for me...today my first magazine article found in Better Software Magazine hit readers' mailboxes. My article entitled The $60 Web-Testing Toolbox hit the shelves today in the October edition. Sweeeeeet! It's a privilege to write to this shady blue blog and have regular readers but its a different sense of accomplishment to see your words on paper coupled with other authors in a monthly publication. I've been getting the magazine myself for a few months now and I really enjoy it. It has content that I can relate to as Quality Assurance Engineer. You too can subscribe to Better Software Magazine here and get 20% off.

So... back to my accomplishment. Huge! I'm currently working feverishly to make sure QAInsight.net will handle the monstrous load that will be brought in from the link in my Bio. I've added backup mail servers to handle the Terabytes of fan mail. I went to Home Depot and bought 4 wheel barrows to help cart the loads of money around (money made from fame and sponsorships). I've forewarned my wife about the hoards of frenzied QA girls that will be waiting on our door stoop and peeking through our windows just hoping to get a glimpse of me.

Don't worry; I won't let this go to my head. I promise I'll stay faithful to you my faithful blog readers. I don't care about the fame and fortune, I care about Software Quality.

My dear SWEA fans,
Our IE automation expert Alex Furman has added some plumbing to SWEA to allow us to use the HTTPWatch automation library from an Internet Explorer/SWEA instance. This is SUCH A GOOD THANG! I for one am looking forward to the things I can now integrate into my current automation test suite.

Don't know what SWEA can do for you? Check out my prior posts on automation with SWEA. Not sure what the benefits of automating HTTPWatch are? Check out this prior post. 

Download the latest version of SWEA that supports HTTPWatch here. Download a demo of HTTPWatch here.

To help you get a grasp of the two and how they work together I've created a demo Visual Studio project that utilizes SWEA, HTTPWatch, IE, C# and NUnit. Compile it, point NUnit at HTTPWatch_NUnit_Demo.exe and run the 5 tests. The NUnit Test Suite will conduct the 5 HTTPWatch related tests against Ebay.com which will work with HTTPWatch Basic Edition (their demo).

Download my SWEA-HTTPWatch demo project here (7.73 KB).

"Defect of the day" is going to be dubbed "Bug of the day" today and the prestigious award goes out to fellow blogger Dror Engel with this bug found on Google:

In the past I've written about my use and the value of the testing and development tool HTTPWatch. In the latest release of HTTPWatch (4.1) Simtec has added to its value by exposing an interface to be used for automation. My thoughts on the matter: "Whoa..that's freakin' cool, now I can automate some of the things I have to test manually for?"

The HTTPWatch automation interface as described by the folks at Simtec:

"HttpWatch has a comprehensive automation interface that can be used by most programming languages (e.g. C#, Javascript & Ruby). The interface can be used to control the HttpWatch plug-in for IE and access data in HttpWatch log files. If you are already running automated tests, you can integrate HttpWatch and record HTTP level information during your tests. The recorded data that then be checked for certain types of configuration and performance problems (e.g. HTTP compression is not enabled)."

I've played around with the new interface for a little more than a week now and the more I play the more I realize how valuable analyzing the HTTP traffic on the fly during an automated test could be. While exploring the interface, I put together a Visual Studio .NET 2003 project with some examples of the things that can be done:

• Check every request for 404. This isn't just page requests, this is all HTTP traffic that goes along with the page (e.g. catch broken images, missing .js files, etc.)
• Check every request for 500. Same as above except for 500s.
• For performance improvements, check to see if .jpg, .gif, .css, .js are found in cache instead of being downloaded with each page request.
• For performance improvements, check to see if .jpg or .gif files are greater than a designated byte size.
• Check that objects don't exceed a specified download time.

My demonstration project that uses the HTTPWatch interface, IE, C#, and NUnit can be downloaded here (thanks Matt for helping me refactor it). Compile it, point NUnit at HTTPWatch_NUnit_Demo.exe and run the 5 tests. The NUnit Test Suite will conduct the 5 tests noted above against Ebay.com which will work with HTTPWatch Basic Edition (their demo) and the Professional Edition.

The project is pretty simplistic due to it only validating one page, but hey it's a demo. Now that I better understand the interface, the BIG VISION for its use would to be to be open a browser, turn on HTTPWatch, log all the traffic for each page in my Website, and then conduct a battery of tests against the log, dumping the details to NUnit.