Hey all,

This blog is moving to Dreamwidth from here on in.

Inasmuch as I wish the folks at Posterous the best with their experiment here, I've had some problems with

1) Their reliability: I realize I'm not their target audience, but their post formatter makes it tough on those of use who want to edit straight HTML. Moreover, the editor's been flat busted for me on several occasions, leaving me unable to edit posts to clean them up.

2) Their transparency: Back in December, they parnered with Viglink, a service which adds a Posterous affiliate code to links in your blog. They didn't see fit to inform their users of this change; one of the Posterous founders replied on HackerNews, but they haven't mentioned it on their official blog or twitter stream.

Dreamwidth has always been rock-solid for me. The people who founded it did so because they wanted a blogging service that embraced transparency, inclusiveness, and open source, and my interactions with them have borne this out.

From here on in, then: http://rickscott.dreamwidth.org/. See you there!

At the Writing About Testing Conference I gave a lightning talk on how to give a lightning talk.

I adore lightning talks. They're a great format for beginning presenters, because you get a nice round of applause if things go reasonably well, and you're off the stage in less than five minutes if they don't. They're great for experienced presenters, because you can field concepts without having to prepare a full-on presentation slot. Finally, they're great for audiences because they're information-dense: they pack 10 to 12 new ideas into a single hour of conference time.

Here's my slide deck: your choice of pdf (560K) or odp (292K).

I gave a presentation at Ignite Sault 3 on testing, bug reporting, and purging our software of the many annoyances that people take for granted. The video isn't up yet -- it will take some time for the all-volunteer ignite crew to edit and render it -- but here's my slide deck for the time being (2.2mb pdf).

I admit it. One of the best moments of my undergrad degree came when our small group of thesis students was bandying about topics. When I mentioned I was set on doing decompilation, there was a long, awkward silence. One of the other students, apparently speaking for the entire group, said "We wouldn't touch your research subject with a 10-foot pole."

As smugly optimistic as I was, though, my thesis on automated decompilation would never have seen the light of day without the work of Dr Cristina Cifuentes -- particularly her PhD thesis on Reverse Compilation Techniques.

Dr Cifuentes' research runs head-on into some of the most thorny theoretical problems of computer science -- problems like the Halting Problem, which define the limits of what computers can actually do. Amongst other things, she's also worked on binary translation, static analysis, and parallelization, topics that people sometimes shy away from because of their reputation for both practical and theoretical difficulty. But this work yields awesome real-life applications, like programs that find bugs for you by reading your source code, and holds out the promise of many more, like tools that can scan compiled binaries for security bugs, or general-purpose decompilers that can read in a binary originally written in C and 'decompile' it to Ruby source code instead.

I think we forget how many women were involved in pioneering work in the early days of computing (eg the ENIAC programmers) and how many are in the thick of pioneering work today. The hardcore research isn't just done by bearded guys in white lab coats -- women are pushing the boundaries and making the future of computing possible, too.

Ada Lovelace Day is an international day of blogging about women in science and technology. You can find more information at the Finding Ada website.

The metaphor of Technical debt has gained currency since Ward coined it. Paying off your tech debt can be thought of as "technical investment": one hopes to reap rewards somewhere down the road, in the form of fewer defects, being able to add features more easily, and so forth.

Just like saving real money, trying to muster the will to pull this off can be difficult. The organization may balk at the notion of sinking the tech team's time into making changes that don't have an immediate customer-visible benefit. Even the tech folks can be unsure that it's going to pay off -- will the code you refactor now be instrumental in the next round of changes, or be thrown out and completely replaced a few iterations from now? Recently, I saw a remarkably clear example of the utility of paying off technical debt.

Backstory: we own a large legacy web application, created by an outsourced development company over a period of years. This application grew to the point where the company that wrote it was unable to maintain it or to add new features. It was brought in house and turned over to a small team of crack developers in the hope that they could bring it under control. In other words, right from day one, the dev team has been saddled with a huge mass of technical debt.

Our app sends a lot of email: monthly account statements, bills, proposals, dialog between users and staff, dialog between users, news and policy updates...the list goes on. As fate would have it, several pressing items to mail all landed right at the same time last month. Combined with an increasing number of clients, this put us well over the limits of our email setup. We needed to rework how our app sent outgoing mail; specifically, we needed it to be able to algorithmically choose from a list of outbound mailservers. The longer we took to make this change, the longer our clients' documents would be delayed.

This kind of thing can be a nightmare. The codebase we're working with doesn't have anything approximating a consistent architecture. The different modules of the system were almost certainly written months apart and by different developers. There's no reason to expect that each function that sends mail does so through the same interface; in fact, given our history with it, there's every reason to suspect that somewhere deep in the guts of the system, there's a well-obscured routine with its own little mailserver configuration hardcoded into it. Sorting through something like this would probably take a few days; the better part of a week for the whole change with testing and release factored in.

About two months ago, however, one of our developers went through the system with a fine-toothed comb, looking for every place the app sends mail. They got rid of the patchwork of ad-hoc methods that were littered through the code and routed all mail sending through a single consolidated class. When it came time to make a change, then, the dev got to make it in one place instead of tracking down multiple places to change or refactor, and I got to focus on how the new mail setup worked instead of trying to find places in the code that bypassed it. The new feature was developed, tested, and rolled out in a single day.

Whether we'd done the consolidation part of the work before or after we found out that our mail setup needed fixing, the total time to make the entire change probably would have been about the same. Had we not paid off our debt, though, this week would have come at a time when we could ill afford to spend it. In short, we were better prepared to react. If we had wanted to make a different change, like digitally signing all of our outbound email, this consolidation would have helped us do that as well.

So there you have it. It's only a single anecdote, but it's a point of reassurance that paying off your technical debt now can work in your favour down the road.

I admit, I'm not super-knowledgeable about security. I know some of the fundamentals, but not a great deal beyond that.

Still, in my early days on the 'net I got the distinct impression that allowing random people to execute arbitrary code on your computer is bad. I mean, that's somebody else using your computer to do stuff without your knowledge or consent, right? That's why attacks like this really, really make me shake my head (NSFW, offensive, turn off javascript before following):

hxxp://encyclopediadramatica.com/Firefox_XPS_IRC_Attack

Despite all this, somehow today's ordinary browsing experience consists of downloading pages full of arbitrary javascript written by any random person who controls a website, then blithely running them on your machine.

I don't get it. Where did we go wrong?

(PS. Firefox users: NoScript is your friend. =)

This is more about "mind hacking" than QA or tech, but still, stuff like this fascinates me:

http://en.wikipedia.org/wiki/Pointing_and_calling
http://search.japantimes.co.jp/cgi-bin/ek20081021wh.html

Background: In Japan there's this practice called shisa kanko (指差喚呼), usually translated into English as Pointing & Calling. It's a technique that makes sure you actually check critical safety items. You

• call out loudly what you're supposed to be checking,
• point at it,
• check it and announce the result.

Train drivers are the most conspicuous example; they're actually the ones that started doing this in the first place. If you were sitting in the cab of a train about to leave Ueno station, you might see the driver pointing to items and checking them off like this:

• (Door indicator light) "Doa: shimete-aru!" (Doors: closed!)
• (Signal light) "Shuppatsu: shinkou!" (Departure signal: proceed!)
• (Speed limit sign) "Seigen: sanju-go!" (Speed limit: 35!)
• (Timetable) "Ueno: hassha!" (Ueno: depart!)

This sounds stilted, nerdy, and quite frankly, embarassing. Does it really work?

"I posed that question to Kazumi Tabata of the Japan Industrial Safety and Health Association, who showed me research conducted in 1994 ...The combination of pointing and calling reduced mistakes by almost 85 percent."

All of us sometimes have to do tasks where the key challenge is to stay sharp and pay attention to a very routine or boring set of inputs. Driving is a good example. Sifting through columns of identical-looking numbers searching for an error is another. We've only got a limited ability to stay alert, so it's easy to go "on autopilot" during tasks like these. We might skip steps in a checklist, or "check" something without really checking it, especially if we're tired or distracted. How many times have you looked both ways at an intersection and completely failed to see an oncoming vehicle?

As technical people, it shouldn't come as a great surprise that we focus a great deal on technical tools and techniques. Will this database tweak make our site run faster? Will this test tool let us catch more bugs? I think we often neglect ways in which we can upgrade our wetware, even though it may be the most fruitful place in the system to look for improvement.

Humans are inherently error-prone and are always going to make mistakes, but that doesn't mean that there's not room for improvement. Any way that we can improve our acuity as individuals reduces the number of mistakes we send downstream for technology, process, or other people to catch. It's a no-brainer.

I've had both really great and really bad experiences while telecommuting, as have a lot of people on the writing-about-testing mailing list. Sometimes the bad experiences come down to inadequate tools; more often, it's because not everybody has bought in to having telecommuters working on an equal footing with people who are in the office.

We put together a generic Telecommuting Policy based on our collective experience. If you are or want to to be a telecommuter; if you're considering or engaged in telecommuting at your workplace, then I think you'd be better off for reading it.

http://chrismcmahonsblog.blogspot.com/2009/12/telecommuting-policy.html

Due to a recent fortituous change in my personal circumstances, I'm suddenly able to attend the Writing About Testing Conference if I'm selected for it. Here's the brief that I submitted.

I didn't set out to become a tester. I just wanted to make better software.

As a developer, I realized that there was only so much I could improve the end product by honing my individual skills. Being human, sooner or later I was going to make a mistake, and that'd yield a bug. Obviously something different needed to be done if I ever hoped to produce software with fewer defects than I (or any individual developer) create. That train of thought doesn't go very far before it pulls into QA station.

Landing a testing role with Ken Pier, Chris McMahon, and Matt Heusser at Socialtext was an incredible stroke of fortune. I got to jump in with both feet and learn from an amazing group of people; in fact, I sometimes feel as though I've somehow landed in the master class without having graduated from kindergarten yet. I've heard of enough different paths to becoming a tester that I don't feel exceptional in this regard.

I'm curious about how people end up getting into test, and what we do when we're new to the field (often transitioning from somewhere else). I'm interested in bringing my unique set of talents to bear in this field while avoiding yesterday's pitfalls. I want to write about my experience simply in the hopes that it'll be useful to others -- so they can see what I've tried, try it themselves if it seems to have gone well, or avoid repeating my mistakes if it didn't.

In testing, the notion of diversity (of approaches, of the team) is a powerful one. I hope I can stumble across and write about experiences that other people might not chance across, and that they'll do the same for me. Harnessing our collective diversity and learning from each other is how we advance the state of our craft. I'd like to take part.

I created this space because I need to write more about the technical stuff I get up to, and because I need to write more, period. Some really amazing people whom I greatly respect have encouraged me to get going on this, especially when it comes to writing about testing.

There are a lot of different technical areas I'm interested in, and I'm not going to restrict topics here to just one. However, it seems to me that there's a ton of writing "out there" about programming, systems admin, even UI design, but a dearth of writing about testing. I'm the furthest thing from a Great Ghod of Testing, but I *can* share what I've done, what's worked and what hasn't, and people will find some value in that.

So, I had best get writing.