I've spouted off before why I think being a tester-developer is important. Do you want to work your way into being a .NET Tester-Developer? Microsoft is trying to make it easy as pie for us. With videos targeted at the beginner with ZERO experience this is a perfect opportunity for you to dive in and start down the path of Tester-Developer.

Are the videos too slow for you speedy QA mind? With Windows Media Player 11, right click the play button and select "Fast Playback", set back and soak them in at 1.5x speed.

I found a great article over at the Google Testing Blog entitled Automating tests vs. test-automation. The article does a great job of summing up some things about automation that I had to learn myself over the years. The last set of bullets is oh-so-true, and if you are starting down the automation project path be sure to heed the advice:

To summarize, I figured out that a successful automation project needs:

The ACE TEAM over at Microsoft has released a tool that does static analysis for cross site scripting (XSS). Confused about what a static analysis tool is? The ACE TEAM explains it well:

There are two types of web application vulnerability scanners: dynamic and static. Dynamic analysis tools are also called penetration testing tools. You point such a tool at a live application; the tool begins crawling the web pages in the application and throws test strings at each of them. The effectiveness of a penetration testing tool is therefore dependent on its ability to go through all the use cases in the application. Most tools in the market, if not all, are not very good at it. Static analysis tools on the other hand scan the application source code or binaries to detect programming errors. Consequently, they offer 100% coverage and are able to identify many more vulnerabilities than penetration testing tools. XSSDetect is a static analysis tool.

Get all the specific details on how XSSDectect works here. XSSDetect is now in Beta and is a free download here. Question is, who is going to run the tool in your company? QA or Dev? We all know who should be running it first. Don't we? DON'T WE? Okay then, download it, play with it, get to know it, present it to the Dev team (making you look REALLY smart and up to par on the latest technology), and then talk them into running it against their code before release for testing.

Life is good when your app isn't vulnerable to XSS. Life is better when the developer finds the XSS vulnerability before you do.

Tuesday evening I had the opportunity to attend my first Phoenix Software Quality Association meeting (PSQA) where another Rock-Star GoDaddy employee Lauren Snyder presented an "Introduction To Watir". It was really great to see her enthusiasm for automation and on top of that she is a great presenter. The presentation provides a HEAP of information about Watir and would be valuable to anyone diving into Watir.

Heh, get it? DIVING INTO WATIR.

Awe, never mind.

Lauren gave me permission to post the presentation here for your consumption:

Introduction To Watir.htm
Introduction To Watir.ppt (Powerpoint 2003, 8 MB)

If you're in or are interested in software quality assurance, and are in the Phoenix area, be sure to check out the PSQA site and come to our next meeting.

We testers have a wind-up.

No, not  wind-up as in wind us up and watch us go like a little Chihuahua nipping at the heels of software...

I'm talkin' rear back on the haunches, LOAD UP, and DELIVER:

Except in my software testing mind I see it more like this:

My wind-up consists of:

• Gathering requirements
• Writing test cases 
• Getting to know the application
• Setting up the test or automation framework

Once I wind up, the blow is...

crushing

devastating

ruinous

tragic

That poor, poor, POOR piece of software. Let the defects flow like the river Nile.

But really, is it any one persons fault?

Marketing defined it as (notice its a little dark and hard to see):

Developers did their best with the shady requirements and time constraint:

And well, testers tend to deliver a smack-down and exposed the frightening truth:

Wind-up and deliver that blow Mike Erbes!

Company: ISI
Job Title: Developer in Test/Test Engineer

Description
"We are looking to add a Developer in Test/Test Engineer to our team here at ISI. We are a product development shop in the POS for Quick Lube and Car Wash industry. We are continuously getting better at producing our products in a Lean/Agile fashion.

We are looking for a test infected developer to help us jump start our test automation effort. You will work primarily with our testers to design our test automation strategy and then execute on it. We have multiple technologies including DataFlex, PowerBuilder, PocketBuilder, C, Java, PostgreSQL, Sybase, Linux, Windows, WinCE"...

Get the complete job description here.

I'm going to try to do something a little different here on QAInsight.net. I get a few requests to take a look at jobs "if I'm interested, or know of somebody that is". Why not post them here? I'll put them in a separate RSS category, so you can avoid them if you want or subscribe to them if you want. The new category will be Testing Jobs.

This isn't an invitation to send all your QA jobs to me recruiters. My intent here is to help those that I'm working with or I've worked with in the past. Hopefully I can also help those who may be looking!

It's a small QA world and it's funny how we follow each other around from job to job or eventually cross each other's paths. In my small QA world many have contributed to me and my career (willingly or not). It doesn't hurt to return the favor.

I made my decision about a year ago. The format I want to use is HD DVD. That's my vote.

XBox.com is offering 5 free HD movies with the purchase of the XBox360 HD DVD Player or the Toshiba HD-A3 DVD Player. If you buy the XBox 360 version you also get a copy of King Kong. A pretty sweet deal, however..

This whole Blu-Ray versus HD DVD issue is pathetic and vaguely familiar. Can you say BetaMax versus VHS? Why do they do this to us? I have a beautiful TV capable of 1080P and really want to get started on a 1080 movie collection but don't want to make the wrong choice and end up with a library of unwatchable movies. Yes unwatchable, as I conform to the industry and buy products that use the industry chosen format (video camera, video converters, portable player, etc) those movies in the other format will quickly gather dust. 

Sure, for home I can buy the LG BG100 that is capable of both formats and cover my format player bases. But I still have my problem...I really want to start buying high definition movies. I suppose by buying a HD DVD Player and getting these movies I am "voting" for HD DVD and this is my contribution to helping the industry decide on the chosen format. It just disgusts me that my vote could turn into a player that everybody will laugh at me for owning 2 years from now. But the bright side is that I'll have a beautiful collection of HD DVD drink coasters.

What to do? 

I've been following the Microsoft hacking blog %41%43%45%20%54%65%61%6d (can you decipher that?) for a while now, but its content isn't necessarily what you may be thinking... posts on how to hack Microsoft products? Nope, instead the content of the blog is written by hackers that now work at Microsoft. You know, the white hat kind. If you can't beat 'em, hire 'em? There aren't a lot of posts, but when there do post they tend to be interesting.

The latest post First Line of Defense for Web Applications - Part 1 had a lot in common with a recent project I'd been working on, and the image they created to illustrate their point is a beautiful summary for their post and also for what I was working on. What the image portrays is a very common problem, a problem that a lot of testers don't know how to test for, or help enforce with good requirements:

This series should be good and I look forward to the next post. So should you.

While I'm at it, make sure and check out a little less of a white hat perspective at http://ha.ckers.org/. There is a ton of valuable stuff here, stuff that has worked its way into my test cases.

Back in October of 2006 I wrote an article for Better Software Magazine entitled The $60 Web-Testing Toolbox. Wrong or right, I'm posting it here (3.9 MB) since I have a heck of a time tracking down where I put the digital copy whenever the subject comes up. The $60 toolbox is not my ideal toolbox, but it proves the point that you can get a great set of tools on a low budget. I've got about half an article written about my ideal Web testing toolbox (see my placeholder on the right entitled "Brent's Test Toolbox). Hopefully someday soon day that "Coming soon!" link will become active.

In my ideal software development world... "Quality is everybody's job". If you could help negotiate and create that world where quality is everybody's job, what would your Quality Contract Proposal to the project team be? Recently I submitted to my project team something similar to this:

Team Quality Tasks

• Communication
  • Daily, morning 5-10 minute stand-up meetings for quick progress and issue reporting
  • Team notification of document and code changes
• Documentation
  • Requirements required
  • All documents are stored in a common area for easy access, check-in/out and versioning (e.g. SharePoint)
• Code Reviews
  • Large code reviews are scheduled during stand-ups
  • Peer code review before check-in for small or quick changes
• Use of Development & QA metric tools

Developer Quality Tasks

• Unit Testing
  • Web pages containing business logic will be unit tested with NUnitAsp
  • Other layers with VSTS Unit testing (Microsoft.VisualStudio.TestTools.UnitTesting) or NUnit 
• Builds
  • Dedicated build box for build integration.
  • Build and test on check-in.
  • Build and unit test run schedules (e.g. hourly, daily).
  • Automated build success and failure notifications.
  • Build Integration rules
    • Get latest from source control, merge, compile, and unit tests success before source control check-in.
  • Official builds released to test
    • Starts on functional section code completion. 
    • Developer collaboration and agreement on release time and contents.
    • An owner for release to test (owner checks with team to ensure release readiness).
• Provide "Quality Hooks" that don't impact performance or usability (e.g.)
  • Use of special image naming.
  • Use of special ID and name attributes.

Tester Quality Tasks

• Participation in design meetings and discussions.
• Review and feedback of requirements draft document.
• Review of Developer unit tests to provide suggestions for improvement as well as get a better feel how/where to provide further test coverage.
• Testing
  • Functional
    • Testing starts on functional section code completion
    • Utilizes test case libraries for common tests (HTML elements)
  • Automation
    • Scripting starts on functional section code completion
  • Performance, Load, & Scalability (typical and per functional unit if needed)
  • Other

Some of these items may apply to your company or team and some may not. Each has its benefit, each has its cost. In my experience the benefit outweighs the cost. Wouldn't you agree that this Quality Contract Proposal is a good place to start? Do you think it it may be a little far fetched for your company or current process? How about starting smaller then? Throw the list out there and get the team to commit to 25% of the items. When the project is over, take the lessons learned and infrastructure built from that 25% and use them in the next project, but now since that 25% is tried and true, ask for 25% more. Then 25% more...Get my drift?

Baby steps are okay. Be a salesman for software quality, negotiate that Quality Contract!

Back in January I defined an ass-load of hard drive space. Pondering that subject left me with another item in the "To Blog" list that I'm finally getting around to.

What exactly is "half-ass"?

Back when I was young, when it came to doing my chores my Mom consistently claimed that I did them half-ass. More specifically: "You're not done. THAT'S HALF-ASS".

The flashbacks to those days where I was scrubbing toilets with tooth brushes will certainly cause me to weep as I write this post, but the tears of pain will turn to tears of evil laughter as I remember using my brother's tooth brush to scrub the toilet.

Back to my point. Err.. Starting my point that is.

Half-ass...

A donkey cut in 1/2 horizontally?

A miniature donkey?

Exerting force with only one butt cheek?

A donkey cut in 1/2 vertically?

Half the load that an average donkey can carry?

Honestly Mom, what the hell do any of those that have to do with me pulling weeds in our 1/4 acre backyard, for 4 hours, for $1.00?

UrbanDictionary votes the definition of half-ass to be:
 
1) Done half-way
2) Not done with quality

Ah, yes. My work was half-ass, as in definition #2, "Not done with quality"

Ironic isn't it? The Quality Assurance Engineer, Brent Strange, did his chores...

(e.g. family laundry, empty the dishwasher, mowed the lawn, trimmed the edge of the lawn on his hands and knees with a cheesy Black & Decker edge trimmer, weeded the bark-dust, weeded the garden, baby sat his brother, vacuumed the house every other day...yeah I was 8, but I'm not bitter)

...so that they were "Not done in quality"

And here we come to the end of yet another career limiting post. Thank you for your time. Get back to work you half-ass.

Still here? You have a real motivation problem. Time for a reality check... Is your ass half full or half empty?

Comments are working again. I narrowed it down to the search form I had on this page. For some reason the plain and simple <form></form> tag, using Internet Explorer, and .NET 2.0 causes the following error:

System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
at System.Web.UI.ClientScriptManager.ValidateEvent (String uniqueId, String argument)
at System.Web.UI.Control.ValidateEvent (String uniqueID, String eventArgument)
at System.Web.UI.WebControls.TextBox.LoadPostData (String postDataKey, NameValueCollection postCollection)
at System.Web.UI.WebControls.TextBox.System. Web.UI.IPostBackDataHandler.LoadPostData(String postDataKey, NameValueCollection postCollection)
at System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
while processing http://www1.qainsight.net:8080/login.aspx.

So, for now, no searching from the site. But at least you can comment! You can always search the site using Google though: http://www.google.com/search?q=site%3Aqainsight.net+

I've been avoiding blogging for a while now due to being so frustrated with the comment issue (I probably spent 4 hours, here and there, debugging this thing).  I have a few posts in the queue that will be coming your way soon.