Skip to main content

Conspicuous in their absence

If you're a tester then you'll no doubt of heard phrases to the effect of "That's pretty unlikely", "Our users don't do that" or "Thats a fairly minor browser". Its been blogged about before, and elsewhere. The argument is many users are niche, novice, confused or from different backgrounds / viewpoints / languages. These are realistic and probably correct hypotheses, for many situations.

From my experience, thats often where the discussion ends, someone makes a judgement call, and the issue is fixed, mitigated or ignored. More often, than not, its ignored. That decision should probably be a business decision, its their money. But can they make such a decision safely? We are asking for consent to 'not operate' or 'operate' on their software. To come to the right decision, they need to be fully informed. i.e.: Are we sure that the issue is indeed rare? Are they making a properly informed decision?

For example what if the issue is: that a website has several serious issues when viewed in a particular web browser, but not in a more 'mainstream' browser. When this issue is presented to the decision maker - How could it be presented?

A) Users of Browser XYZ ... can't play/view the video
B) A browser used by < 1% of our users ... can't play/view the video

Option (B) appears to give more information. But we are also including a reporting bias here. The users maybe only make up 1% of our users - because - the video doesn't work. They tried to use the site but gave up in frustration or found a competitors site had fully working video - and so took their custom there.

Whenever we try to quantify a user's behaviour as it appears to us - we need to remember that we are not seeing the full picture. Rather we are glimpsing just the tip of the iceberg. The users probably haven't complained about how the system crashes, when you use that feature, because they've learned not to use that button "as it's flakey". They'd love to use that button - if only it worked.

This survivorship bias is endemic in the world around us, not just in software development. How many times have you seen adverts that read something like "90% of our customers would recommend us to a friend!". The adverts fail to mention that most of the customers ran screaming away to a competitor, or failed to even get through a tortuous ordering process - leaving the rest who love the -one- working feature. Now that those other 'disgruntled users' are out of the picture, the few remaining customers may generally be happy.

Many companies even make it harder still to get the feedback they need. Rather than a Help page or Help button having an easy to find web-form to submit problems or questions - they hide or remove this functionality altogether. Thats free testing - by real users - providing details of actual real world bugs and requirements - being ignored in the belief that they are saving the company money.

From a testing standpoint, we provide information, and its important not only to provide the facts, but maybe some context and explanation as to how the issue reports might relate to real world applications e.g. for the above there is an option (C): iPhone users won't be able to view the video. Or: these users make up 1% of users here, but Google/Microsoft etc has them at 10% of its users, Why don't we see all of those users?

Comments

  1. Splendid piece, as usual.

    A related bias is in thinking about the symptom as being the problem, when the problem is something poorly understood and potentially far bigger. (I wrote about that here.

    Mark Federman wrote a wonderful piece related to the your notes on survivorship bias. You can find that here .

    ---Michael B.

    ReplyDelete
  2. It's hard for some stakeholders to listen to testers when profits are louder than our concerns.

    ReplyDelete
  3. Second link in the first comment is giving 404 error because it has quote symbol at the end . I removed the quote and this seems to be correct link
    http://individual.utoronto.ca/markfederman/VoiceoftheCustomer.pdf

    ReplyDelete
  4. There was a time when we were just a bunch of students, it was long ago when the actual online writing services didn’t exist and https://rankmywriter.com/edusson-com-review we were facing the problem of writing the assignments ourselves, soon online services popped out but the prices were still not suitable for a student’s budget, that’s when we figured out it is an action time for making an affordable annotated bibliography writing service for students.

    ReplyDelete

Post a Comment

Popular posts from this blog

Betting in Testing

“I’ve completed my testing of this feature, and I think it's ready to ship” “Are you willing to bet on that?” No, Don't worry, I’m not going to list various ways you could test the feature better or things you might have forgotten. Instead, I recommend you to ask yourself that question next time you believe you are finished.  Why? It might cause you to analyse your belief more critically. We arrive at a decision usually by means of a mixture of emotion, convention and reason. Considering the question of whether the feature and the app are good enough as a bet is likely to make you use a more evidence-based approach. Testing is gambling with your time to find information about the app. Why do I think I am done here? Would I bet money/reputation on it? I have a checklist stuck to one of my screens, that I read and contemplate when I get to this point. When you have considered the options, you may decide to check some more things or ship the app

XSS and Open Redirect on Telegraph.co.uk Authentication pages

I recently found a couple of security issues with the Telegraph.co.uk website. The site contained an Open redirect as well as an XSS vulnerability. These issues were in the authentication section of the website, https://auth.telegraph.co.uk/ . The flaws could provide an easy means to phish customer details and passwords from unsuspecting users. I informed the telegraph's technical management, as part of a responsible disclosure process. The telegraph management forwarded the issue report and thanked me the same day. (12th May 2014) The fix went live between the 11th and 14th of July, 2 months after the issue was reported. The details: The code served via auth.telegraph.co.uk appeared to have 2 vulnerabilities, an open redirect and a reflected Cross Site Scripting (XSS) vulnerability. Both types of vulnerabilty are in the OWASP Top 10 and can be used to manipulate and phish users of a website. As well has potentially hijack a user's session. Compromised URLs, that exp

DevOps and Software Testing.

Most of my recent work has been with DevOps teams. While in one sense DevOps is another evolution in software development. It also introduces some new skill requirements and responsibilities into the daily routine of a tester. These diagrams tend to confuse people, hence the video... I've created a short video to highlight some of these changes and the opportunities they bring. It's not an exhaustive view of DevOps but it gives a highlight of what you could be working with. While DevOps isn't a panacea to our software development problems, I have found that empowering teams with the ability to build and use the tools they need, can rapidly improve team morale and productivity.