Rapid Software Testing course with James Bach

In November 2017 I attended the Rapid Software Testing course held by James Bach. Now, this course has been renamed as Rapid Software Testing Explored.

When I was on the train, going to the training, I imagined what I would have written about the course in those days. But I did not do that. After the training, I decided not to write about it and wait for a good period of time, to see how it will influence me in real life. I think this is the most important thing in the end.

I think that the time to write about this course has arrived. I hope you will find it useful.

Premises

There were some things preceding the training which, I believe, are very important and worth mentioning:

– I knew about the work of James Bach and Michael Bolton. Before going to the training I have fully read their entire blogs, and also the book “Lessons Learned in Software Testing: A Context-Driven Approach” written by James Bach;

– I knew about the work of Jerry Weinberg and have read a dozen of his books, especially the book “Perfect Software: And Other Illusions about Testing” ;

– For 2 years, before going to this training, I tried to understand the testing envisioned by Jerry Weinberg, James Bach, Michael Bolton, Cem Kaner;

– I was a software developer and team lead;

– Going to this training involved also  personal money/cost contribution. I mention this because I am strongly influenced here by the “skin in the game” concept of Nicholas Taleb;

– I have read the rst.pdf file, which was the course support material..twice;

– I have searched the internet for testimonials regarding this course with enough details, but I did not found a lot of them.

Feelings

I remember the strange feeling I had when I entered the class room. James Bach was there at his desk, but I did not dare to say anything. I can say that I was overwhelmed. It was unreal for me to be there.

After the first 2 hours of course, I realized that I knew so little about testing…

Details about course

I will try to write about this course via 3 dimensions:

-structure: the flow of the course in those 3 days;

-key words: it’s interesting to describe a training via some keywords used in the course, which can be enumerated coherently in a minute or so. I think it can have a good impact;

-pearls of wisdom: these are insights from the training, words used by James Bach. You will see that each of the texts is within quotes and preceded and followed by “….”. This is because the text has a context(story, experience, people, time, history, feelings, exercise, place). Some of those phrases took even an hour or 30 minutes to be described by James Bach for us. So there is a risk, for the reader, not to decipher the real meaning/lesson/message, but I put them there in the hope that it will convince/entice you to go at his, and Michael’s, training and find out more;

Structure

The course was centered around exercises, experiments and interesting surprises. These exercises were not easy at all, it was hard stuff(even if at the beginning, sometimes, for us it felt easy, we found out that it needs to be analysed first and we needed to ask for more information). I saw damn good testers being tricked. But James warned us.

Since these exercises and challenges were hard, he spoke to us about mistakes, about his mistakes. He told us that we should not be scared of them and that we should learn from them.

These exercises were inspired from real life difficult situations that James Bach experienced.

Each exercise was followed by a lesson/message. This was the beauty. If someone would have told me in advance the same lesson, I would have not understood it as I should – I am sure of that 100%. But you know why? Because we struggled with it, because it had put us in a delicate situation…try to imagine social pressure or a hostile environment, it is not enough to read about it, you have to live it.

The explanations were full of metaphors, so the message can be easily understood.

The interaction with James was via the Socratic method.

James intention was to make us learn more rapidly the things he learned in a much slower way.

Although I have read in advance the pdf which  accompanied the course, I realized that I have missed A LOT of insights…

Key words

Initially, I was overwhelmed by all the details from the course and I did not knew how to describe it in a short and coherent way. But, shortly after, I realized that I can use some words used in the training. So here they are:

context based risk analysis, compatibility regression testing, sanity check, test strategy, business risk, normalization analysis(from therapy), leader and its attitude toward tester, thinking outside the box, parenting, biases, process of thinking, pattern(s) recognition, efficiency and relative efficiency, sense making, common sense questioning, interview for hiring, diminishing returns principle, fallacies, design tests, cope with complexity and uncertainty, scepticism, risk mitigation, quality, agile, think negatively, tacit test procedures, normalized test sessions, cognitive science, social dynamics, psychology, social skills, qualitative methods, social pressure, functional blindness, hostile environment, data types bugs, boundary testing, heuristics, perimeter assumptions, defocusing technique, factoring, randomness, heuristic test strategy model, professionalism in software testing, hazop, inattentional blindness, audit testing, penetration testing, anchoring bias, mental testing models, adversarial images(from AI) , statistical correlation, product coverage outline, oracles, lifeboat argument, explainability/confusion oracle, person whose opinion matters oracle, defocusing, diffusion limited aggregation, deep testing, exploratory and scripted testing.

Pearl’s of wisdom

As I have already said, it is important to mention that these phrases do not have context around them. This is intentional. It is an invitation, if you like or find it problematic or… to dig more, even to go to the course. So:

-“… Sanity checking means shallow test coverage not deep test coverage. For the purposes of identifying insanities. You are looking for, not just something that is a little bit wrong, you are looking for something that is totally broken. If it’s totally broken I want to know about it …”

-“… All testing problems have a context, and if you know that context you will be able to make a sensible decision about what to do next. And if you don’t know the critical context variables then you will suggest a ridiculous answer …”

-“…. Rapid Software Testing isn’t rapid because you are typing faster than other people. It’s about thinking: Do I really need to do this? Why do I need to do this? What things can I set aside? And what things do I really need to do?  …”

-“… What a good leader should say, knowing how delicate and emotional testing is: I want to know if there is a problem. Don’t worry about the ship date. We will slip it if you say we need to. That is not your concern. What your concern should be: Can I find problems in this?. Let me worry about …”

-“… When you teach a tester how to test you are teaching that person to see something, to see things that you have never seen before …”

-“… Testing is an exploration and experimentation  process …”

-“… A paradox of RST is that: RST tells you that you should do the right thing. Don’t do anything unnecessary, that will save you time. But how do you know what the right thing is? First you’re gonna have to do wrong things to find out what the right thing is…So the paradox is that in order to get rapid you usually have to start slow to climb the learning curve…”

-“… Testing is an intellectual activity …”

-“… Never say:I tested it and it works. That is always an untrue statement. The truth is you tested it and you haven’t seen it fail yet…I tested it and I know it can work… “

-“…Testing is not about assessing that the product is good enough, it’s about finding problems ….”

-“…Counting tests is pointless ….”

-“…Rapid Software Testing methodology which is a mindset and skillset, but it is not a set of rules, it’s not a set of templates….”

-“… New novice testers don’t need lists. They need experience. How do you give them experience? Sit with them down and test with them …”

-“… Here is what you never do: you never derive tests from requirements, just don’t say that…”

-“… It is not possible to write down a test …”

How it helped me

This course helped me realize/do a lot of things:

– I will do everything I can to have trainings with the best in the industry. With those people who create concepts. If this means paying from my own money, so be it. I prefer to wait a year or two, but to learn from the best out there;

– Online trainings are important and have their place, but they can never ever substitute a live training held by one of the top of the top of trainers;

– At least once per year I would do the Rapid Software Testing Applied training;

– As a programmer, this professional testing dimension influenced me a lot. I can no longer define myself as only a software developer and ignore the tester part in me;

– I understood how and why so much money is lost in IT with superficial testing and the “automation” trend which now is being marketed ;

– I understood how to be a better mentor;

– It helped me by giving me force to write about testing and to defend it;

– I realized that, now, in IT, a lot of concepts currently used are not understood: testing, agile, scrum, OOP, architecture…

– I was able to help/coordonate a student, an experienced developer, for a masters degree in IT regarding testing. It was the first time such a subject was presented in university and it really impressed. I was glad that, finally, the real face of testing was presented in an institution which prepares students for the IT industry. I hope that in the future I will be able to teach a course on testing, but I am not yet prepared, I need help. I think that if testing, the real one, would be taught in University it would help even more the spreading of what real testing is, which in the end will help the industry as well as the people in it.

Conclusion

I liked this training a lot. I never would have thought that it would influence me so much.

How testers can provide value for developers

On the Rapid Software Testing slack Channel(1), one month ago, an interesting  question was put by David Högberg:

Here is an interesting story and question from my friend in another Slack-group:

(translated from Swedish)

”Today was the last day of a sprint in one of the teams I coach at….

A backend developer has been very productive this sprint, he has pulled in more tickets than planned and finished those. Instead of pulling in another ticket on the last day he took the initiative to work on the unit test coverage and integration test coverage in our most important repository.

Now we have 100% code coverage for both unit and integration (API) and a branch coverage above 90%.

Besides this he always tests his own code, with both wide and deep understanding of the requirements. He always ask for feedback regarding his own testing, wants critical code reviews and practises risk-based exploratory testing.

This is what QA-coaches and testers will have to work with in the future. How do we create value for these future developers?”

….What are your thoughts regarding my friend’s question? How can testers provide value to developers who deeply care about code quality and at the same time are good at testing themselves?” (2)

The point raised by David Högberg is important and should not be ignored. Also, I saw that some testers were somehow speechless regarding this, like there was nothing to say/do/challenge/help.

There are lots of things testers can do. Testers must/can challenge things and there is a lot to challenge. So, for example:

1. The fact that what the developer does are unit checks , integration checks not tests.(3)

2. He said that he reached 100% code coverage for unit checks and integration checks. Actually code coverage is a measure and number for programers only. This is because it helps the developer to see areas not covered at all, not how well that area of code is covered. So, this number should not be exposed to management, because you can have 100% code coverage without code actually being covered. From the moment when you hear that code coverage number is exposed, there might be trouble – I know it sounds strange, but for me is a sign of exaggerated confidence. Maybe I am wrong, but for me is a heuristic for looking with care, because of the things which can’t be articulated in simple boolean confirmation statements.

I have to say that each time when I discuss with managers I try to do my best to convince them to ignore the code coverage number and the fact that it means nothing.

By the way, when I have the occasion I ask programers this simple question: So you are so confident with the unit checks?  If the answer yes, then I ask: Good, are you ready to bet you salary for 3 months that I’ll not find any problems? Usually, I perceive hesitation.

A good technique to verify the actual lines/conditions, in terms of coverage, is mutation checking(4). Even with this technique, I have in my mind the difference between testing and checking! (3)

3. As a tester you can help the developer with the sampling, the data she/he is choosing. And, as you know, this is not a skill which can be learned in a day or two. Sampling at the unit and at the integration level is important and I saw a lot of times unit checks and integration checks which repeat themselves.

I do not mention that testers, need to know very well about cognitive biases, critical thinking.

4. The developer said that he/she made unit checks? Perfect. Challenge that. Take a look at this brilliant article by James Coplien: Why Most Unit Testing is Waste . You’ll notice that this article is not so easy to digest, is deep – it speaks about the theory of information, also it does not follow the current dominant thinking about unit tests. I’m sure it will help you to make that developer think. Maybe negative reactions can take place, but is OK, we want fruitful disagreements.

5. The developer said he/she is doing TDD? TDD does not help at big architecture and OOP. It helps, maybe, at the micro level, but for sure not macro. This means architecture, OOP is fully exposed in a big and nasty ways. Maybe integration checks can help to see that the parts are fitting together, but are not helping to see that they are ok built. What this means? Well… nasty things are hidden at the integration boundaries. Developers don’t do OOP, but Class Oriented Programming. OOP would mean to reflect the mental model of users, which this does not happen. All the work is split between a lot of classes and functions. I think you can imagine the dangers.

Regarding TDD, I noticed that some persons begun to make some research about it and it is interesting: A Comparative Case Study on the Impact of Test-Driven Development on Program Design and Test Coverage or Does Test-Driven Development Improve the Program Code? Alarming Results from a Comparative Case Study

By the way, I also liked this post: TDD is dead. Long live testing

So, please, go and see the research, I doubt a lot of programmers do that…

6. Unit checks and integration checks is also code, this means that is prone affected by things like: bugs, maintenance, design, analysis, architecture.

7. I love the article of Max Boisot with the patterns(5). For example: for 10 dots there are 45 possible links and 3.5 trillion possible patterns. I’m sure in applications there are more than 10 connected dots. Is not possible for a developer, no matter how smart he/she is, to be sure he/she covered all the possible patterns and also to be aware which pattern is more important than other(s).

8. Regarding “A backend developer has been very productive this sprint, he has pulled in more tickets than planned and finished those.” Maybe I’m interpreting this in a wrong way, but sorry… I’m not interested in the productivity of the developer. This is a very nasty stuff. For me is important that the team and the whole work to be ok. When I read productivity of individual, I begun to doubt the good functioning of the team and this is bloody dangerous. Is like measuring tester for the bugs introduced, sorry, but no. Were there any other members actually working on stuff? If yes, why he did not took care to help finish that?  – I’m deducing this from the text, maybe I’m wrong. In Scrum the team works on a single PBI at a time.

Still the list is short. I would have added about cognitive dissonance, of how the team structure affects the code structure, but you got the idea…

Conclusion: So how testers might create value for these kind of developers? I think that when a tester will put this question then is a good sign because learning/helping continues.

(1) Michael Bolton, “RST Slack Channel”, https://www.developsense.com/blog/2017/10/rst-slack-channel/

(2) Text used with permission, thx David Högberg

(3) James Bach, Michael Bolton,”Testing and Checking Refined”, https://www.satisfice.com/blog/archives/856

(4) Robert C. Martin, “Mutation Testing”, https://blog.cleancoder.com/uncle-bob/2016/06/10/MutationTesting.html

(5) “The problem of connecting the dots”, https://sensing-ontologies.com/the-problem-of-connecting-the-dots/

Discussion on caring about teams and people

At the apparent level it seems it’s a vague discussion, but it is about Shu’s internal fight, on how to choose between people. People that are so important to Shu. And actually, even with all scenarios, Shu will lose on some level.

Ri: What is happening?

Shu: <<a sight>> I am not good in having a team.

Ri: In having a team?

Shu: Yes. You know..as Scrum master or ….whatever…. You choose the title…

Ri: Why?

Shu: It hurts a lot when the members of the team are no longer near me.

Ri: Hmmm. Why do you say that?

Shu: I can’t handle it when I loose a team, or members of a team. It hurts like hell. If I would know they are ok, then it would be ok – it’s hurting only because of my ,let’s call it, “selfishness” :(.

Ri: For those who are ok, you can’t and you shouldn’t  do anything… just to accept it…,but it’s ok to miss them.

Shu: Yes

Ri: And for the other ones, what are you going to do about them?

Shu: You know…if I wouldn’t have known that you care about me, I would have told you to f..k off with that question.

Ri: Hmm. I suppose you’ve heard it asked in pervert ways too many times.

Shu: Yes. Along with a lot of other questions/remarks…

Ri: So….?

Shu: I feel I should fight for them. But I will most probably lose.

Ri: Will it hurt?

Shu: Yes, it will hurt like hell. You cannot imagine, because there are other people, dear to me, who need me and I care about them a lot too.



Ri: Do you think you can do something which is correct also for the others and for the team, but not for you?

Shu: Yes, but I think, it will hurt me really bad and I will lose.

Ri: Hmmm. Then, I think, you know what you have to do. But you’ll suffer.

Shu: Hmmm. Yes.

Ri: Good then :)), at least you’ll have something to share, when you will be older. But you forgot something…

Shu: What?

Ri: What if you would have chosen the other people, who need you, and the result wouldn’t have been ok either? And by ok I mean that it wouldn’t turn out the way you desired it to?

Shu: <<is sad…he/she did not think about this>>

Ri: It seems it’s not about the fact that it’s easy to have a whatever team. It’s about the fact that it’s a big deal to have a team, a real one.

A discussion about code, data structure, objects

Shu: I need your opinion on something related to code. Maybe the other person, with which I discussed,  is right. But still something I feel is not ok.

Ri: Ok. Tell me more.

Shu: I need to pass to the UI a list of address types. For example address type of home, or address type of work,… My initial idea was to send a simple collection with key value pairs. Something like:

           new Dictionary<int, string>{{ 1, “Work” }, { 2, “Home” }}

           or

           new List<AddressType>{AddressType.Home, AddressType.Work}

           where AddressType is an enum type

And then the UI would know what to do.

Ri: Ok

Shu: My problem is that at a code review I was being told that I should return “a list of objects”. And each “object” should contain the same 2 data. Something like:

           List<AddresTypeData>{new AddresTypeData{Id= 1, Name=”Work”}, new AddresTypeData{Id=2, Name=”Home”}}

Why the latter is better than the first?

Ri: It’s not. Conceptually are the same thing. Ok, we can speak of some advantages regarding reading the code, or what happens at runtime. But, I think that something else needs to be clarified tough.

Shu: What?

Ri: The reviewer said “object”?

Shu: Yes

RI: What he proposed is an object?

Shu: Yes

Ri: Look …<<a sigh>>… is a big difference between a data structure and an object. Maybe what he wanted to say is that he wanted to represent the idea of Address type in a different data structure, this is a different thing.

Shu: I do not understand what you are trying to explain.

Ri: Look, objects are like biologic cells(1). Cells which communicates between them to do something. Those cells have a sense in an ensemble of connecting cells, ensemble which tries to do a certain thing. What cell send to another cell is a message. (For example, for neuro cells from the brain that message is an electrical signal. This electrical signal jumps from a cell to another, is not continuous. This message flows via synapses. ). Those messages can have their own structure, but there are still messages. A cell will not do the work of another cell, and the cell will know to whom to send the message. An object you’ll see it truly only in the connection with the other objects, which as a whole try to solve something.

Shu: What do you want to say?

Ri: Semantics matters, and for me it was a sign of confusion of what objects and OOP mean. And I wanted to underline this. You were speaking about data structure of a message not objects, which are a different thing.

(1) Alan Kay, “Dr. Alan Kay  on the meaning of “object-oriented programming””, https://userpage.fu-berlin.de/~ram/pub/pub_jf47ht81Ht/doc_kay_oop_de



Round Earth Test Strategy and earthquakes

Recently, James Bach published a nice analogy/model regarding test strategy, named “Round Earth Test Strategy“(1)

Early in 2018, in January, James Bach was kind enough to share this analogy on a special channel RST( this channel was created especially for RST alumni; it’s an active and very very very useful group to be in – another very good reason to take RST class(2)).

I liked it. But, in that moment, and days/months after, I felt that I still miss some aha moments, about those things, which confirm in a way that a certain subject is internalized in myself somehow.

Museum

In the image of this blog post is the Natural History Museum in London. It was here where I had the aha moments I knew I was missing. Suddenly, in my head, I remembered James Bach’s round earth model. In there is a section named “Volcanoes and Earthquakes”. When I began to read what was written, I was amazed how the things described there can be used as an analogy, as James thought, for testing, but maybe also for problems/risks/bugs/tools/approaches from the IT field:

● “Earthquakes can happen without warning, causing death and destruction on a massive scale. When they strike we feel a sudden, violent shaking of the ground, but they are caused by slowly moving plates on Earth surface. As these plates move, pressure builds up until it finally gives away”(3) → In reading this text I remembered bugs. How certain bugs can create a lot of mess (urgent calls, staying late in the night, missing important moments). How those bugs appear suddenly, without notice. But what stroke me is the fact of slowness and violence of earthquakes.

Slowness in:

– how functionality is written → It’s not like the functionality is developed instantly. There are meetings, mails, writing code, searching through code, testing, etc.

– execution of the program –  managed memory leak, usually, takes time to be observed. But when it reaches a critical point, entire system crashes not only the programs.

The idea of moving plates made me think of integration testing.

● “Preparing for the worst; living with earthquakes: Scientists can’t predict exactly where and when an earthquake will strike but they know roughly which area around the world are at risk. It is vital for the people living in these areas to prepare for what may come and know what to do when it does. Without adequate preparation, earthquakes can cause huge suffering and destruction”(3) → It describes perfectly the role of testers and why they are searching for the worst, why they should think negatively. Testers, like these scientists, should understand that they cannot predict and also can’t be sure that the software is ok (just a black swan among thousands and thousands of white swans was enough to proof that there were not just white swans). Although they can’t predict or prove the correctness of a software program, they will use models to identify possible areas with problems guided by risks (For example, by looking at the source control metadata, weak areas within the source code can be discovered. ). Since we’re talking about people, the risks also have a psychological and sociological dimension. It is sure, problems will occur and maybe we should guide our testing also by the possible suffering we create, for the ones using our software.

● “Impact scale: There are different ways of measuring earthquakes. Unlike Richter scale, which measures magnitude of the shaking, the Mercalli scale measures the amount of damage caused – the loss of life and the damage of buildings. Generally speaking, the higher earthquake magnitude the greater the devastation, especially when it strikes near populated areas. But you also have to factor the in depth of the earthquake, and how well people have prepared. A big earthquake can have a low Mercalli value if it happens deep underground or if buildings have been properly supported”(3) → When I saw measuring, I recalled the nonsense in counting the test cases – which is very susceptible to the reification error and this is very, very dangerous. But we have something which tries to avoid the reification error and is based on events/activities: it is called Session Based Test Management.

But there is more, the fact that a big earthquake can have a low Mercalli, made me think about complexity and the fact that the relation between cause and effect is not linear. Populated areas also indicates complexity, because social systems are inherently complex. This means, for testing, that the approach is more informal (it’s about trying/probing, then make sense of it, then respond/report the possible problems which might occur), not a formal one – when thinking of testing, and more specifically the checking dimension,  maybe here mutation checking makes sense.

There is also another implicit dimension here, which is the place where the earthquake happened. Even if it is a small earthquake but it happens in the ocean, it can generate a tsunami. If I relate this to testing, it makes me think of the different coverage areas like structure, platform, function, operations, data, time, interfaces(9), hazard.(thx Ionut Albescu)

● “Danger after the quake: The  danger doesn’t stop once the ground has stop shaking. Fires, landslides and even liquefaction can all cause damage and loss of life…Scientists and engineers have developed ways to deal with these dangers through defenses, warning systems and building design. But even with the best plans in place some communities can still be caught off guard”(3) → How many developers, testers, scrum masters,… think that maybe a person will be fired because he/she is not working fast enough with our software product? How will a developer sleep at night when his/her code caused, even indirectly a death, or a bankruptcy? There are consequences, but a lot of people don’t get the fact that they must assume also unintended consequences, which were triggered by what their product does. How will they deal with that?

They have developed defences, but it’s interesting that they speak about them with terms like: tools (4), models(5). We, in IT, use a lot the word  “automation”…

When they speak about plans it’s very serious because it’s about people’s lives. They are not using some tools/techniques  as a plan, they are guided by the reality of the situation. What a test plan means, for a lot of people: automation at the unit level, integration and maybe acceptance(BDD). And they add exploratory, although they are not able to articulate what it means and how to show/do it in a professional way → this is not a test plan.

What if aftershock are the equivalent of hotfixes? And we have a flow like this:

1. A bug appears

2.A quick hotfix is made, but in a hurry

3. As a result, that hotfix can cause undesired problems(maybe inadvertently), because of the chaos created by the initial bug.

The last sentence made me think at the japanese word “hansei”. Because even though those scientists built/are building, defense and warning mechanisms(kaizen), the things can still go wrong and this is sadness/regret.(6)

● “After the earthquake, responding to disaster: earthquakes and tsunamis can destroy home and buildings, transforming lives. The hours and days  that follow the disastrous events can be vital for saving anyone who has been trapped as a result….As people come to terms with the destruction they can start with the process of building resilience – changing the way they live and act to deal with the risk of an earthquake in the future. This can leave them better prepared for future earthquakes“(3) → The keyword here is resilience, but a lot of IT people want robustness. We, in IT, have chosen the wrong metaphor. Rapid Software Testing(a Context Driven methodology) is fully aware of that, that’s why it’s so different from “Factory Style” testing(7), because it sees the context as an ecology, not as a factory(8).

Conclusion: Read James Bach’s post, then read the text from the museum again. I hope you will find it as useful as it was for me.

(1) James Bach, “Round Earth Test Strategy”, http://www.satisfice.com/blog/archives/4947

(2) https://rapid-software-testing.com/

(3) London Natural History Museum, Earth Galleries, text used with permission under license Non-Commercial Government Licence, Copyright © The Trustees of the Natural History Museum, London

(4) “Tectonic hazards/Earthquake engineering“, https://en.m.wikiversity.org/wiki/Tectonic_hazards/Earthquake_engineering

(5) “Improving defence against earthquakes and tsunamis”, https://www.ucl.ac.uk/news/2017/mar/improving-defence-against-earthquakes-and-tsunamis

(6) James Coplien, Interview, www.infoq.com – in this interview he explained scrum and these 2 japanese words, among other things – I can’t find the text, as link, but I have it as text, tough, in my personal archive.

(7) James Bach, Michael Bolton, “RST Appendices”, http://www.satisfice.com/rst-appendices.pdf – pages 3-6

(8) Alicia Juarrero, “Safe-Fail, NOT Fail-Safe”, https://vimeo.com/95646156

(9) James Bach, Michael Bolton, SFDIPOT, http://www.satisfice.com/rst.pdf

Scrum master – a sad story

Shu: I want to become a Scrum Master.

Ri: Why?

Shu: Because it’s easy, look at them, at their daily work: organize some meetings, make some reports and that’s it. Oh I forgot about motivation, pardon, pseudo-motivation.

Ri: Do you think that’s what a Scrum Master has to do ?

Shu: I’m not saying that this is what they should be doing, but what I have seen them doing, in the companies that I worked for.

Ri: No Shu, if you want to be a Scrum Master, you need to be a good one. Why would you want to be like that?

Shu: Because it’s easier, and because this is what most companies want, good reports. You have to have good Excel skills(or other similar tools), to present the stats of the project, and you will be the best Scrum Master for that company.

Ri: It’s not like that…

Shu: I saw Scrum Masters who encourage the team members to put working hours on tasks, which look good on reports, no matter if those hours tell the truth about the work to be done. It’s all about a nice burndown graphic.

Ri: Really?

Shu: Yes. I can give you an example, something that happened to me once: in a daily meeting the Scrum Master asked me how long it takes to finish that user story. I told him that I need 16 hours to finish. Can you imagine what the answer was?

Ri: No…

Shu: He puts 8 hours down and told me: there are 8 hours until the sprint is done, you have to manage with that.

Ri: That’s strange.

Shu: Yes, it is, but they want to send nice reports to management. But in some cases the management is surprised to see that the project fails, even if they received good reports all along. Unfortunately, this kind of situations, don’t raise a flag and, that in my opinion is sad.

Ri : I understand what you are saying, but if you see this and don’t like it, and don’t agree with it, why do you want to be like them?

Shu: Anger

Ri: Hey… You said that you don’t agree with the image that those Scrum Masters have, about their work, right?

Shu: Yes….

Ri: So….?

Shu: I know…I don’t have to act like them, and this applies no matter the position you have in the team: scrum master, developer, tester…

Ri: And…?

Shu: If I want to be a Scrum Master, I’ll have to act based on what I know a great Scrum Master should do. I don’t have to do things that I don’t agree with, only to have that position. But this would also mean that, maybe, for that company, I am not a good Scrum Master.

Ri:….<<a sigh>>…

Shu: hmm…, to be a good Scrum Master is hard as hell. So, actually, the fact that a Scrum Master is acting as they should, might be the reason why she/he might not be a good fit for the company.

Ri: When you want to solve problems, things get messy, really messy. It’s not about fluffy bunnies. I hope you’ll not be that kind of Scrum Master who in retrospectives, or in talks with their managers, does not have the gut to call things by their name, and instead be full of platitudes.

Shu: ….<<a sigh>>…

About best practice

This idea of best practice continue to pop up. For me is disturbing, in the sense that some practices are being introduced just because near them appears the word “best”. And this is bloody dangerous. In the lines below, I try to decompress what I have just said because I realized that even though we speak about 2 words, is important to say what those 2 words might mean and all the thoughts regarding them.

As a premise, I have to say that language is very important because it can trigger different kind of thoughts( I thought is not true, but after reading some of Antonio Damasio work, I am sure now) . For example, I told to a Scrum Master that her role is like an attractor ( attractor idea from Lorenz attractor). I could have used a word which Scrum Masters are accustomed, but I might have failed to communicate what I wanted to say.

So, for me there are 2 things/directions to think about this topic, at least to try to clarify or see if is some coherence. First what some might really mean/think by “best practice” and second, see what exactly really is “best practice”.

So:

1. what some really might mean by “best practice” -> to really see what might they mean, I imagine there can be lot of inference.

Here I identified 2 directions also, there might be others:

1.1 some people want to say something else, but don’t have the words.

For example: We want to use a new JS framework, like Vue/React/Angular. No one knows the particulars. So someone might say: “What are the best practices for developing with Vue/React/Angular?” By saying this, in a way, is trying to see how to deal with uncertainty regarding that framework. For sure the official documentation/video trainings give a way to handle the work with Vue/React/Angular. This means that, by best practice that person might mean some common norm/recipes to tackle that UI framework. If that person will follow the patterns exposed by the documentation of others then he/she will be able to learn/do/search for the work – at least this might be his/her thoughts.

With this example I have noticed some things:

– Is one thing to learn a specific syntax. Then those, introductory, videos/documentation might help;

– Is a totally different story to structure/architect the code and not being biased by the UI framework. I have to say that I do not search for a Vue/React/Angular developer, I search for a craftsperson developer which is a totally different thing(1) – by the way this is becoming a serious problem, especially in outsourcing;

– Framework designers will not ask for my or yours permission to modify or retire a framework;

So, in this case, “best practice” might mean something like finding a way to deal with unknown. But, but, if by solving this unknown thing ( at least having the impression it can be solved) in the end might use the, so called, best practices. These best practices are like universal rules for that specific framework and might be  in the thoughts of a lot of people. And here, at least for programmatic stuff, trouble might begin.

Small conclusion of this point: Best practice, maybe, is used in two ways. First to tackle/understand the unknown in a tacit way and then as universal receipts, but with no context awareness. And maybe the person using it not being aware of this.

1.2 Mechanistic thinking, truly believing/hoping there exists this “best practice” applicable everywhere.

For example, an upper manager who has to handle multiple projects, new and existing, in an outsourcing regime.

This kind of person might look to see best practices in architecture, again as recipes. He/she will want this because once it has the list of the so called architectures, then the  architecture subject will no longer be a problem. He/she can really concentrate on hiring React/Vue/.Net/… developer, not a craftsperson developer.

With testing, he/she will ask the infamous ‘lets automate all’, and a common approach to all projects of what automation to be done, like using Gherkin and that’s it.

This kind of person, thinks that everything is the same. But he/she forgets that “God is in the details”(2).

These kind of persons will come with a checklist, to be sure that some practices, they already have in their head or imposed by others, pardon best practices, will be implemented. What is sad is that those practices are the same for each project, context is not considered at all. I have noticed that some use “good practice” , not “best practice”, but their dynamic of actions is the same, they only changed “best practice” with “good practice”.

Small conclusion of this point: Here “best practice” is much more dangerous than the one described in section 1.1, because it imposes a certain way of doing things no matter what. The dynamic of actions generated by this can and, I think, will generate lot of strange and unwanted things.

2. See what exactly really is “best practice”

Here I’m influenced by the book “Tools of Critical Thinking: Metathoughts for Psychology”, in the sense that is there a chapter which gives examples of a concept being true and wrong in the same moment – I hope I recall ok this.

Also I have to say that I’m influenced here by the work of Alicia Juarrero and Dave Snowden.

I like the idea of seeing context from the point of view of constraint and casualty. For contexts were best practice might be applicable the constraints are governing ones. They are very rigid. And regarding casualty it should imply that it can be identified very clear and without doubts that event B appeared because of event A and nothing else.(3)

So, the context must be very very rigid. But when we deal with human systems, generally speaking, if it will be constraint in such a way, it will crash or find hidden ways to do the work.

Small conclusion to this point: Even if best practice might mean and have a sense, for sure it has a bounded applicability and this is not understood by a lot of people.

Conclusion: When I hear the words “best practice”, for me is like a heuristic for sloppiness/anomally/something to raise the guard, which if is imposed, it might hurt a lot. For sure is a good indication to see the situated present and how analyze/see/make a sense of it .

(1) David Schmitz, “10 Tips for failing badly at Microservices”, https://www.youtube.com/watch?v=X0tjziAQfNQ

(2) James Coplien, “Lean Architecture: for Agile Software Development”, https://www.amazon.com/Lean-Architecture-Agile-Software-Development/dp/0470684208

(3) Dave Snowden and Mary E. Boone, “A Leader’s Framework for Decision Making“, https://hbr.org/2007/11/a-leaders-framework-for-decision-making

Testers, testing, automation, tool(s), continuous integration

Automation for a tester (a good one) should not be guided by the Continuous Integration(CI). I expect that tester to do the job regardless if he/she will use some tools. To do/use whatever ingenious tool( or approach with tool) he/she considers fit, and not to be limited by CI and Continuous Delivery(CD). For that tester, when he/she  thinks about automation (actually “tools” is the right word), he/she should not have in mind only gherkin/ranorex/ui automation….In fact, when the tester will notice that these kind of tools are promoted/enforced he/she should be skeptical. Yes, if the tester can make use of them because it’s applicable, then why not, but they should not be caught in a trap with these tools and see nothing else beyond them.

Regarding CI and “automated testing”(checking is the right word not testing, semantics matter(1)), just to be clear, they are useful but they are not “the path, the way and the truth”.

Let’s do a small exercise: Can you imagine a situation in your product/project where 12 things are related? By 12 I mean persons, requirements, things in source code. Regarding a person, from anthropology, we know that he/she has multiple identities and he/she shifts between them(2). If we have 12 dots, this means the number of possible links is 12(12-1)/2=66. But the number of possible patterns is: 2 at the power of 66=4,700 quadrillion patterns(3). At this level, we no longer speak about deduction, induction, but abduction.  Now think again at CI with the automated checks and number of test cases written and executed…something is not ok, right? Somehow I begin to see the cons of blindly believing in CI/CD.

(1) James Bach, Michael Bolton, “Testing and Checking Refined, https://www.satisfice.com/blog/archives/856

(2) Dave Snowden, “The landscape of management: Creating the context for understanding social complexity”, https://www.researchgate.net/publication/228449006_The_landscape_of_management_Creating_the_context_for_understanding_social_complexity

(3)”The problem of connecting the dots”, https://sensing-ontologies.com/the-problem-of-connecting-the-dots/

About testers owning the requirements or the product

In a way this blog post is related with the previous two( see here and here), regarding the problem of testers being underrated.

It’s related because a solution to the problem of unrated testers, is, for some, to encourage the idea that testers should own the requirements. But there’s more to this, it’s not enough for them to encourage the owning of requirements/product, but also the following two ideas are being enforced:

– to present the idea of “automation testing” as a holy grail of testing. And that this “automation testing” is a byproduct of Continuous Integration or Continuous Delivery(no, I am not against CI or CD, just to be clear);

– testers to be the right hand of Product Owner’s(PO) or a extension of the PO’s role.

So is this ok? I think not, I think there are some flaws in how things are being associated. Flaws which show a lack of understanding regarding what testing is.

The testers should not own the requirements. If they own the requirements they have to be the BA or PO or… . Testers must find relevant information regarding requirements, information that if it is not known at the proper time, will be problematic for the product/project/delivery/team. If the tester wants to own the requirements, then he/she is no longer a tester but a BA/PO/…The tester has that special mindset that is different from all team members, he/she must always be thinking where negative/unwanted/bad things can happen. If he/she owns the requirements then he/she will try to protect them; when actually the tester has to dissect and analyze them from all the angles, to challenge their status quo.

Just think about basic stuff regarding security testing, and the mindset to do it. The tester must use all models/techniques available to knock down/find bad stuff, not to own a thing which will never be complete. Why? Because “We always know more than we can say, and we will always say more than we can write down”(1) -And you want to limit the tester to owning the requirements? I hope not.

A tester has the same importance as a BA, PO, Programmer, PM, Team Lead,UX,etc. The tester must be the bridge between useful information and all members/colleagues/clients,  which need that information.

The testers do not drive the delivery, they are, as James Bach says, “light of the car in the night” – this is the correct metaphor – but this means those lights do not own the car….

I think (I could be wrong), a lot of testers want to be the gatekeeper because of a bad self image, but also of the bad image testing/testers have nowadays. I understand where that bad image is coming from, when their work is reduced to test cases, number of test cases and automation of test cases.

(1) Dave Snowden, “Rendering Knowledge”, http://cognitive-edge.com/blog/rendering-knowledge/

On the idea of testers being underrated – Part 2

In the first part Marius expressed his opinion regarding this subject, below I try to articulate my thoughts.

I came across the topic on linkedin, and I couldn’t resist to not comment on it. I personally don’t experience that people from other departments that work with me would underrate me as a tester (or maybe I just haven’t noticed yet), but I see it happening to other testers a lot. I want to discuss two main points that I kept thinking of as I was reading the original article(1) and that might have a lot in common with why that is happening.
 
I. The „test automation“ fallacy
Most of us testers often use the wrong terminology when we talk about the opportunities for using automation – especially when using it for build confirmation purposes.

In that case the tester often designs and encodes a suite of checks that he runs after each new build, to see if the results of the suite changed since the last time the suite had been run.
In certain situations, this is often an efficient way of how to save time. However, we can’t talk about that as „test automation“. Why not? This goes all the way down to the question „what is a test?“.

There are many definitions of testing. Since I believe testing is best thought of as a skilled social activity, I prefer the definition offered by James Bach and Michael Bolton. They define a test as an „instance of testing“, where testing stands for „the process of evaluating a product by learning about it through exploration and experimentation, which includes to some degree: questioning, study, modeling, observation, inference, etc.“(2)

So how do I myself approach the encoding of an automated check?

1. At first I have to get to know the product I’m testing; I have to learn about the product – for that I use exploration, studying, questioning, modeling, observation, inference, etc. I can’t set up a machine to do it for me.

2. Then I have to make some decisions about the tradeoffs:

a. Which features of the product are crucial to do regression testing on?
b. What specific checks will be valuable to automate for those features?
c. What tools will I use for the automation?

3. Next, I have to design and encode the check.

4. I have to tell the computer what the words „pass“ and „fail“ mean; I have to think of an oracle, which is self verifying – that means, that I will have to think of what is the anticipated result of the check and include it to the code (this is often called an assertion), so that the computer will be able to tell, if the check passed.

But that’s not all yet, is it? If the check fails, it doesn’t automatically have to mean that there’s a bug in the product – and not even that the feature, which I wrote the check for in the product has changed – maybe just the environment is down. Or the tool is badly configured. Or there’s a bug in my automation – so if I see a check fail, I have to go back to it and make sense of what had really happened. Machines by themselves can’t do that either.

The „it’s all just semantics“ argument

You can see that there’s a lot of human interaction happening while creating automation checks. If we talk about this complex activity as „test automation“, it leads to the belief that testing can be automated – especially by the managers who are not skilled in testing and want to save money where possible. Why would they appreciate testers if we project the illusion of replaceability?
Why wouldn’t they think that they can replace humans with machinery if all that testers do is talking about new ways of using „test automation“ or performing „automated testing“?
Testers like Michael Bolton and James Bach came up with the idea of using much more suitable term “checking”(2) years ago, yet most people in the testing industry still cling to the test automation nonsense. They choose to dismiss the difference between checking and testing with the argument that it’s just semantics and it’s not really that important – but it hurts us testers the most.

II. The obsession with bad certifications

A lot of testers fall into the ISTQB/TMap/<whatever else> certification trap: “I’m certified, therefore I’m a professional tester!”. They might get the feeling that since they already accomplished to get a piece of paper that certifies that they passed a bad exam, they don’t have to invest their resources to further education anymore.

The number one problem that I have with these certifications is that they don’t teach testers how to test. They teach testers to memorize a book and then pick 1 from 4 options as an answer on the exam. And you have to get only 65% of the answers right to pass it anyway. 😊 (3)

I’m talking mainly about ISTQB CTFL here; how can a tester with that certification be taken seriously, if it takes what – a day? – to memorize the “right” answers to the questions, which you know beforehand?

If you compare ISTQB CTFL certification to a different engineering certification such as Offensive Security Certified Professional (OSCP) (4) it’s like night and day. I see OSCP as the kind of certification that actually might be useful if you really feel the urge to measure the depth of skill of an individual with a certification; the student goes through 24 hour challenge in an unfamiliar lab environment to do actual tasks related to security and must show off his skills while doing that.
You might say that it’s silly to compare the advanced OSCP to the most basic ISTQB exam – but even the most basic programming certifications are from a large part built on examples of code that the students have to understand to be able to pass the exam, not on memorizing a book about programming theory. But nobody does ANY actual testing in ISTQB’s CTFL – yet people still buy their expensive courses and pay for the exams.

[Sidenote: I met people who took the ISTQB courses (not just the CTFL, but also the advanced level test manager course) and shared with me that all they did there was listening to the instructor reading the syllabus with two or three examples and it was a complete waste of money and time. I don’t understand how they (ISTQB) can charge money for this.

On the other hand, I also met people, who claimed they enjoyed the course only because their instructor was more open-minded and left out bunch of the syllabus nonsense, which he replaced with some useful examples. Good for those people – they managed to got at least some value out of it, but still – would you want to support such organization when they clearly don’t care about your experience with the courses, as long as you buy them?]

Some testers do their exams just because they think there’s no other option than bad factory school courses. That’s not true. It is not „a certification“ in the ISTQB sense of the word, but there are four awesome courses in a series called Black Box Software Testing (BBST) by Cem Kaner and they are as close to teaching real testing as you might currently get.(5)

Conclusion
Of course there’s more to the topic than just these two points. But even when considering just these two, I really can’t blame people outside of the testing space that they treat some of us testers like second class citizens at work. When we are done with taking ridiculous certifications (and then bragging about passing it on social media sites) and we stop talking about testing as the next-to-be-replaced-with-machinery department, then we can stand a chance of not being underrated.

[Thanks to Michael Bolton and James Bach for their helpful reviews.]

(1) Claire Goss, “ Testers – Is it our own fault we are Underrated?!”,  http://www.exactest.ie/blog-testers-underrated.html

(2) James Bach, “Testing and Checking Refined“, https://www.satisfice.com/blog/archives/856

(3) “CTFL2018”, https://www.istqb.org/about-as/faqs.html?view=category&id=79

(4) “Offensive Security Certified Professional”, https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

(5) “About the Black Box Software Testing Courses”, https://www.associationforsoftwaretesting.org/courses/