Thursday, January 21, 2021

Down With the Kids!

Tonight I attended Not Your Parents' Automation, a webinar by Paul Grizzaffi hosted by the Association for Software Testing.

Automation Assist is what Paul is calling non-traditional uses of automation for testing purposes. For him, the trad approach — the one your parents are comfortable with — includes regression tests and smoke tests, typically run on some kind of schedule to give feedback on behaviour changes in the system under test compared to some kind of oracle.

There is merit in that kind of stuff — the oldsters do have some wisdom — but there's much more that can be done with programmatic tooling. Paul gave a bunch of examples, such as

  • data cleansing to migrate gold masters from one framework to another
  • test account creation to speed up registration of new testers on a system under test
  • file checking help to take away donkey work and leave a tester to free to apply skill and judgement
  • high-volume random activity to identify potential problems based on heuristics about what undesirable responses are likely to look like
  • migration quick checks to show that core systems are functional for happy path scenarios and let the testers concentrate on special cases

In each of these, Paul will be happy to re-use or repurpose existing tooling or find novel tools that fit the need. Project need is the key driver, with cost and value a close second. He's happy to code up one-shot tools, or use automation to solve just some of the problem, if that's what's going to get the job done at appropriate level of effort and at the appropriate time.

I have done a lot of work myself using the approaches Paul described (see Exploring to the Choir for a few examples) which means, whatever my children might say, that I'm now officially down with the kids!

P.S. The Association for Software Testing are scheduling an event every month through 2021. Details are here.

Whose Quality is it Anyway?

Last night I attended Influencing Quality & tackling the problems that come with it..., a panel webinar hosted by Burns Sheehan and chaired by Nicola Martin. The panellists were:

As you might guess from that line-up the material covered was broader than simply testing, taking in subjects such as quality, value, hiring, and the delivery process across the engineering organisation. The signal to noise ratio was high, so my sketchnotes capture only a few points of the points made on each topic.

The idea that quality is a whole team responsibility came up several times. Quality is a notoriously slippery and subjective concept, so in the Q&A I asked whether any of the speakers had ever tried to create a Definition of Quality for their team, something like a traditional Definition of Done

The answers all about guiding practice:

  • Not tried to get a definition of quality because that's hard. Instead, tried to define principles that drove desirable behaviour.
  • Got agreement on the question "what does good look like?" for the project.
  • Defined quality at the story level as having an end-to-end test for the functionality described.

I found this interesting not least because my test team at Linguamatics put time and effort into coming up with a set of values that we could use to help us work in ways that we felt were beneficial to us as individuals, our team, and the wider company.

I've thought about quality a great deal over the years and found that I always return to Jerry Weinberg's formulation in which quality is value to someone. Crucially in that, quality is a relative concept. 

To see why this matters, take the iron triangle model of quality which was mentioned more than once during the webinar. On a common rendering the sides of this triangle are scope, cost, and time and even if you've never seen the triangle itself you'll have probably heard people say that those factors can be traded, or that it's possible for a project to have any two of them but not all three.

The model is a simplification, as they all are, but one of the things this particular model leaves out is the who. A project team might meet their scope target cheaply and deliver a feature to production in the time required. Quality bar met! But that feature might cost users dearly in time and effort because, say, it's extremely difficult to navigate. Quality bar met?

Anne Marie Charrett gave a fascinating talk on quality a few years ago in which she tried to find a way to balance business value, product quality, and production quality (see Quality != Quality). These essentially give three potential whos to consider the triangle against and, in my view, any non-shallow conversation about quality (and also risk) must think carefully about the perspective from which it is viewed.

The experiences that the panel described in answer to my question, I think, must either implicitly or expicitly have decided who matters in order to promote certain kinds of behaviour and discredit others. My preference would be to make that information explicit and include with it the why so that there's a basis on which to challenge the principles or what good looks like or the need for an end to end test, should the context change.

Tuesday, January 19, 2021

Risks Not Fears

This afternoon I attended From Fear To Risk: Redefine What Drives Your Enterprise Testing Strategy, a webinar featuring Jenna Charlton and Alon Eizenman, hosted by Sealights. In the first session, Jenna presented on risk from a very broad perspective and, in the second, Alon talked about how Sealights' tooling focuses on a narrow slice of (code-based) potential risks in a way which they hope complements the wider approach.

Jenna wants risks to be quantifiable and definable and scrutinisable. Fears, for her, are none of those things. To quantify a risk, she scores history (data about previous behaviour, including probability of error, etc), complexity (of the application, the context, the data, the build process, etc), and impact (or more correctly, business concern about impact) on a scale of 1 (low) to 5 (high) and then combines them using this formula:

total risk = impact * maximum_of(history, complexity)

This is an interesting informal variant of a more common calculation which multiplies impact by probability. True to my own experience, Jenna was clear that, despite the apparent formality of the maths, there's more than an element of subjectivity in the scoring of risks. Workshopping can help to mitigate biases that are introduced that way, though.

Alon presented a brief overview of ways in which the Sealights product prioritises test cases (manual or automated) based on risk factors such as recent failures, code usage in production, and the location and extent of code changes since the last release. He proposed this as a useful addition to the kind of global risks that Jenna would typically be looking at, which include business, team, and project considerations.

Speaking Out

This afternoon I attended How to become a Conference Speaker, a webinar by the programme chair for EuroSTAR 2021, Fran O'Hara.

Although Fran covered a fair bit of material specific to that conference, there was also a lot of good, general advice for aspiring conference speakers, dealing with why someone might want to speak, what makes good content, and how to write a compelling abstract.

EuroSTAR 2015 was my first test conference and the first time I'd presented at an event of any size. I've done it a few times since then, and also reviewed submissions for several conferences. While I wouldn't call myself an expert on this stuff, my own experience chimes with Fran's suggestions.

Friday, January 15, 2021

Cypress Thrill

 Last night I attended Cypress: beyond the "Hello World" test with Gleb Bahmutov. Here's the blurb:

Gleb Bahmutov, a Distinguished Engineer at Cypress will show how to write realistic Cypress tests beyond a simple "Hello World" test. We will look at reusable commands, starting and stopping servers, running tests on CI, creating page objects, and other advanced topics. Everyone who is just starting with Cypress or is an advanced user will benefit from attending this free meetup.

I'm always interested in building up my background knowledge around test tooling so a presentation from an expert with a bit of depth but still suitable for a relative newbie seemed ideal. I also thought I could take the opportunity to practice my sketchnoting on a technical talk, something I've failed at in the past.

Last things first, then: I still found sketchnoting hard. In this area, where I know concepts but not much specific, I don't have a good instinct for the level of detail to capture. I was pleased that the notes weren't a total scribble disaster, and I can see this morning that they jog my memory, so I'm counting that as a win.

In terms of the webinar's content, my lack of hands-on experience with Cypress meant that I sometimes had no context for the points being made, or they were at a lower implementation level than I need right now. However, because the talk was essentially a series of largely unrelated tips I never fell completely out of touch.

I got some of the background material that I was looking for, too. Anyone who's been around testing for a while will have seen chatter about the relative merits of Selenium and Cypress. For example, Jason Huggins, the creator of Selenium, says things like this:

It's true, tho. Cypress' in-browser, JS-only, trapped-inside-the-browser's-security-sandbox approach is the same architecture as the first version of Selenium. We abandoned it because it turned out to be a bad idea. I wish them luck though. Maybe they'll make it work this time.

Huggins is also on this Twitter thread, where Richard Bradshaw is trying to nuance the conversation:

My main point is it’s not Selenium vs Cypress. It’s a custom framework with many other libraries vs Cypress. That makes for a better comparison and also stops many negatives aspects bing slammed on Selenium, when really it’s the other libraries or poor code/design.

Naturally, Gleb talked about ways of executing code outside the browser using Node.js and also about advantages of running inside the browser such as being able to access browser-native objects. With that capability, some of the perceived weaknesses of Cypress can be worked around, for example by overriding capture data about links opening in  another page.

He also covered the problem of moving between multiple domains (for example when a commerce site subcontracts payment processing to a third party) where they're looking at an approach that, conceptually at least, pushes state to a stack at the point of changing domain, and pops it on return. I think this is a related ticket in the Cypress github repo.

I get a kick out of listening to people who know and care deeply about a topic. It's clear that Gleb is one of them and an hour in his company has helped me to incrementally improve my knowledge of the state of browser automation.

Gleb has made his slides available and the talk was recorded:

Tuesday, January 12, 2021

Practical AI

Last night I attended Using Artificial Intelligence, a webinar hosted by BCS SIGIST, the Special Interest Group in Software Testing of The Chartered Institute for IT. In different ways, the two presentations were both concerned with practical applications of AI technology.

The first speaker, Larissa Suzuki, gave a broad but shallow overview of machine learning systems in production. She started by making the case for ML, notably pointing out that it's not suited for all types of application, before running through barriers to deployment of hardened real-world systems.

Testing was covered a little, with emphasis on testing the incoming data at ingestion, and again after each stage of processing, and then again in the context of the models that are built, and then again when the system is live.

To finish, Larissa described an emerging common pipeline for getting from idea to usable system which highlighted how much pure software engineering there needs to be around the box of AI tricks.

In the second half, Adam Leon Smith walked us through three demonstrations of artificial intelligence tooling with potential application for testing. 

He showed us Evosuite (video, code), a library that, unsupervised, creates unit tests that cover a codebase. There's no guarantee that these are tests that a human would have made, and Adam noted a bias towards negative cases, but in some sense this tool captures a behavioural snapshot of the code which could be used to identify later changes.

In the next demo (video, code) Adam trained a model on images of magnifying glasses and used it to identify the search icon at Amazon's home page, an approach that might be used to check for the presence of expected icon types without requiring a fixed gold standard. Finally, he showed how synthetic test data could be generated by AI systems, using which creates photorealistic images of non-existent people as an example.

Friday, January 1, 2021

How To Test Anything (In Three Minutes)


I was very happy to contribute to QA Daily's Inspirational Talks 2021 series this week but, in case you're here for an unrealistic quick fix, I have to tell you that the three minutes in question is the length of the videos and not the time you'll need for testing.

So how do I test anything? These are the things I've found to be helpful across contexts:

  • I know what testing means to me.
  • I find tools that can me to achieve that testing.
  • I'm not afraid to start where I am and iterate.

If that sounds interesting, there's greater depth in How To Test Anything and the related (40 minute) talk that I did for OnlineTestConf in 2020: