Skip to main content

Heurism

I'm watching my son, a toddler, at play. He picks up his toy train, a hefty piece of wind-up fisher-price-esque technology, and hurls it at the water bottle. I'll not pass judgement - but suffice to say - the bottle is still standing - several other objects in the room are not. He reaches down with both arms and picks up the train again. He steps a bit further away, turns his back on the bottle, and slings it back over his shoulder. A few more similar attempts end in much the same result, Until finally the killer-move is identified: You stand point-blank over the bottle and drop/throw the train down onto the bottle.

A chip off the old block. I'm glad my son is having fun. But I'm interested - What's he thinking? No, that's not it... How is he thinking? What he's doing has strong parallels with what his father does for a living. I spend much of my time learning how [for example] a tool works or, maybe more often, how they don't work. If that takes the application of a 'surprise' heavy load well that just adds to the fun.

I think back to my recent reading and Rapid Software Testing course. If there's one word that sticks in my mind from both it's: 'Heuristic'. So is he applying heuristics? and if so which ones? He needs to know if he's hit the bottle with the train - that's more of a matter of observation. He clearly has a hypothesis that lobbing the train can 'take-down' that evian bottle (Which he generally disproves - clearly a fan of Popper) - but again thats not really a heuristic.

It's simpler than that. I looked up Heuristic in the dictionary and didn't find much clarification. However, I did notice the word: Heurism. "The educational practice or principle of training pupils to discover things for themselves." - Oxford English Dictionary. My son was learning for himself, he was gaining evidence for himself, empirically. He was building-up his first-hand experience. That's what I do! I can't give you much information until I actually use your system. Let me hurl a few keystrokes at the command line, and I'll give you back some real fact based information. Let me do it a few times, and I'll give you back even more information.

In fact that reminded me of a real technique I use when testing: Bug-compression. If I find a bug - lets say a user-path that has many commands or clicks, I spend a little time 'compressing' the steps - reducing the number of operations or clicks too just a few. This can be valuable in demonstrating that users could reach this 'failure state' more easily than it might at first appear. E.g.: The 'unlikely event' is now only three key presses away from the happy path.

This makes sense, My son's building the store of knowledge that firstly: he can use to generate his own heuristics and secondly: maybe apply the heuristics he's already learned. As testers we need to get into one of those feedback loops, where our actions are giving us more information that helps us find out even more. Get your hands & eyes on the controls, the logs, the database. There's a heuristic right there, built from hands-on experience: "Check the log files for error messages." It's fallible, but none the less, it's been a good way to find oddness and bugs so far.

Labels:

Comments

Post a Comment

Popular posts from this blog

Betting in Testing

“I’ve completed my testing of this feature, and I think it's ready to ship” “Are you willing to bet on that?” No, Don't worry, I’m not going to list various ways you could test the feature better or things you might have forgotten. Instead, I recommend you to ask yourself that question next time you believe you are finished.  Why? It might cause you to analyse your belief more critically. We arrive at a decision usually by means of a mixture of emotion, convention and reason. Considering the question of whether the feature and the app are good enough as a bet is likely to make you use a more evidence-based approach. Testing is gambling with your time to find information about the app. Why do I think I am done here? Would I bet money/reputation on it? I have a checklist stuck to one of my screens, that I read and contemplate when I get to this point. When you have considered the options, you may decide to check some more things or ship the app
2 comments
Read more

Test Engineers, counsel for... all of the above!

Sometimes people discuss test engineers and QA as if they were a sort of police force, patrolling the streets of code looking for offences and offenders. While I can see the parallels, the investigation, checking the veracity of claims and a belief that we are making things safer. The simile soon falls down. But testers are not on the other side of the problem, we work alongside core developers, we often write code and follow all the same procedures (pull requests, planning, requirements analysis etc) they do. We also have the same goals, the delivery of working software that fulfills the team’s/company's goals and avoids harm. "A few good men" a great courtroom drama, all about finding the truth. Software quality, whatever that means for you and your company is helped by Test Engineers. Test Engineers approach the problem from another vantage point. We are the lawyers (& their investigators) in the court-room, sifting the evidence, questioning the facts and viewing t
2 comments
Read more

XSS and Open Redirect on Telegraph.co.uk Authentication pages

I recently found a couple of security issues with the Telegraph.co.uk website. The site contained an Open redirect as well as an XSS vulnerability. These issues were in the authentication section of the website, https://auth.telegraph.co.uk/ . The flaws could provide an easy means to phish customer details and passwords from unsuspecting users. I informed the telegraph's technical management, as part of a responsible disclosure process. The telegraph management forwarded the issue report and thanked me the same day. (12th May 2014) The fix went live between the 11th and 14th of July, 2 months after the issue was reported. The details: The code served via auth.telegraph.co.uk appeared to have 2 vulnerabilities, an open redirect and a reflected Cross Site Scripting (XSS) vulnerability. Both types of vulnerabilty are in the OWASP Top 10 and can be used to manipulate and phish users of a website. As well has potentially hijack a user's session. Compromised URLs, that exp
Post a Comment
Read more