- Who Our Users Actually Are (2 Aug 2012): We often have an unrealistic mental image of our users, even though we are technology users ourselves. Society's norms of what a "technology user" looks like are flat-out wrong, and we need to get past them.
- Hero Culture or Crisis Culture? (6 Aug 2012): We often talk about avoiding a "hero culture", but I think this is a misnomer. The real problem is a culture that encourages a steady stream of crises, each of which requires heroic intervention to solve.
- Upgrade Your Wetware for Better Testing (9 Aug 2012): Testing is a thinking activity. I'm fascinated by how we can try to make our minds "think better" in order to become better testers.
- Learning by Osmosis (13 Aug 2012): Few of us get as many formal learning opportunities as we might like -- conferences, seminars, and so forth. If we pay attention to how we spend our time, we can try to take in a little learning and some new ideas every day.
- When Unencrypted USB Keys Go Missing (28 Aug 2012): Elections Ontario recently lost two unencrypted USB keys containing personal information on as many as four million electors. Good security policies alone won't prevent losses like this -- you also have to ensure they're actually followed.
In the last couple of months I've started a new writing gig with SQE -- the folks who publish Better Software magazine, run StickyMinds.com and TechWell, and have published several of my articles before.
They're calling it a curation gig. We'll be serving up frequent short pieces linking to other interesting opinions or resources from anywhere on the web. So far, I'm really liking this format -- not only do we get to highlight some of the most helpful and insightful things that are out there, it also gives us the chance to expand on them, put them in context, or compare different approaches to tackling a difficult problem.
At any rate, I hope you find these pieces useful and worthwhile! Here's a recap of mine for July 2012.
- Leaked Passwords and Better Security Practices (2 July 2012): Password security was in the news a great deal in June, with LinkedIn, eHarmony, and Last.fm all having their insecurely-stored password databases leaked onto the public internet. Here's a quick review of the very basics of secure password storage.
- The Independent Double-check (19 July 2012): Nobody is perfect. In my former job as an artillery soldier, the way we dealt with this was making sure every crucial thing was independently checked by at least two people. As testers, we need to do the same thing, even when someone with more authority than us insists the code is correct.
- Bug Chaining (31 July 2012): Bug chaining is an idea from the security world that hasn't gotten much traction in the wider QA/testing community yet. Assuming that all bugs are orthogonal to each other is a mistake -- sometimes two minors make a showstopper.
The predominant metaphor we use to describe software creation is an engineering or construction one -- writing a program is like building a bridge, or a house. I've long been unsatisfied by this view; to me, writing software has always seemed more similar to writing prose, or at least carving bespoke items out of wood. Chris McMahon, Marlena Compton, Zeger Van Hese, and many other folks have written up their own takes on what software creation has in common with art.
My latest article on StickyMinds wraps up the Philosophy & Testing series by exhorting individual testers to look to the arts, humanities, and social sciences and see what insights they can draw into their testing.
Getting started with creating your own Twitter app is not terribly hard thanks to all the solid libraries that are out there; it's just that there are a number of fiddly bits that all need to get lined up together. Hopefully this write-up helps. =)
I think it's a common misconception that only applications that are targetted at an international audience have to deal with the topics we usually think of as internationalization, such as non-ASCII character sets, handling time zones and international addresses correctly, and so forth.
But in this day and age, you can get most of these "international" data variations even from dealing with a strictly domestic audience. Most common word processors emit non-ASCII characters like directional quotes, and users are increasingly aware of how to make use of characters with dïacritics, symbols like ©, and so forth. Besides, if you're working on a web app that'll be going on the public internet, trust me when I say that you'll get all kinds of different data thrown at it from all over the world, whether you like it or not.
StickyMinds just posted my take on the subject as this week's weekly column: Bare Minimum i18n.
Audrey Tang is far and away the most awesome hacker I've ever had the privilege to have worked with. She's best known for creating Pugs, a perl6 implementation in Haskell. Though it's now semi-retired in favour of the newer implementations that it had a role in inspiring, it represented a huge leap forward and a quantum shift in Perl6 development at a time when enthusiasm around Perl6 was sorely flagging. She was the first CPAN contributor to have uploaded 100 modules. She's the key figure behind Perl 5's internationalization, as well as the i18n of many, many other individual pieces of software. She was part of the committee that designed the Haskell 2010 standard, and has made innumerable other contributions to the open source community.
I never got seriously involved with Pugs, but many of the things Audrey did with it shaped my thinking around open source, community, and how we should collaborate. First was the idea that a project should be optimized for fun (-Ofun1), not for control, or strict adherence to the founder's vision, or anything else. Second, whereas many open source projects keep a very tight rein on who has commit access and make getting a commit bit an arduous process, Audrey aggressively gave out commit bits to anybody who happened to wander by in the general vicinity of Pugs. Got a great idea? Here's a commit bit, go implement it. Notice something missing in the docs? Here's a commit bit; go add it. Ranting in IRC that something's not working? Here's a commit bit; go fix it. Extending this trust makes people feel welcome and want to contribute. It fosters an air of community instead of making prospective new participants feel as though they are looking at climbing (or worse, building) a pyramid.
Audrey would likely demur at my calling her brilliant, but it's a fitting descriptor for her. She has a unique and penetrating insight into code and an uncanny knack for encouraging the people who write it. I count myself as fortunate to have been able to work with her and to be part of a few of the communities she's had such a profound impact on.
1 -Ofun: -O is the compiler option that tells it how you want your code optimized. Audrey's presentation on -Ofun [pdf] talks more about how to maximize the amount of fun in your software project.
Ada Lovelace Day is an international day of blogging about women in science and technology. You can find more information at the Finding Ada website.
My latest StickyMinds column: Logic and Software testing.
As technologists, I think we often fail to consider that most everything we do has two sides to it: a technical side, and a human side. Similarly, the digital logic that underpins how computers work is first to mind when we mention logic in the context of software testing, but there's another equally important aspect of logic in software testing: using informal or persuasive logic to reason with other people. Dealing with zeroes and ones is part of our jobs, but so is arguing that a certain bug needs to be fixed, that one feature should have priority over over another, or that a proposed solution should be rejected as unsuitable.
I'm happy to note that my latest article has gone up on StickyMinds. This one's on Epistemology & Software Testing.
This one was actually a bit arduous to write, because it went off in a very different direction from where I initially thought it'd go. The pieces that do that can end up being the most illuminating ones, though.
As you may or may not have already heard, LinkedIn recently added a new "feature" that allows them to use your name and image in their advertising. It is turned on by default, with no direct notification to the user that it has been added and activated.
This is an abuse of your trust. It is wrong.
You have authorized LinkedIn to do a certain set of things with your data, but they have gone and done something else with it; something to which you haven't consented. It is as though someone had asked to borrow your car to go grocery shopping but then took it bar-hopping instead.
It would be bad enough for any website to do this, but LinkedIn isn't just any social networking site -- it's a professional networking forum. Your presence on it is a living résumé. LinkedIn is the custodian of your professional reputation. Shouldn't they be handling it a little more respectfully than this?
What they should have done is to ask first, with the default being 'no'. Presumably, they knew that most people would either answer no if presented with this choice, or not answer at all -- thus removing the majority of their user base from this program and largely eliminating the additional ad revenue it would bring. This is a move that smacks of desperation; of a company that is ruthlessly trying to wring every possible cent of ad revenue out of its subscriber base.
I'm participating in one event that's using LinkedIn to organize, but after it's done, so is my LinkedIn account.
Thanks for coming out, LinkedIn.