Sunday, 26 July 2009

Experiences with Mantis 1.2 - Part 2 – Setting up User Roles

I wanted to set up some basic roles so different users could have different permissions. The roles I wanted were:
  • Viewer
  • Client
  • Developer
  • Tester
  • Administrator

In config_inc.php I added:
    $g_access_levels_enum_string = '10:viewer, 20:client, 30:developer, 40:tester, 90:administrator';

Then I had to assign strings to these values. Seeing I only speak English I only edited the English strings files. In lang/strings_english.txt I edited it to read:
$s_access_levels_enum_string = '10:viewer,20:client,30:developer,40:tester,90:administrator';

And the roles have been created and you can now create new users who have those roles

Past Experiences with Mantis 1.2:

Saturday, 25 July 2009

The Great Firewall of New Zealand

Firstly need to say that child pornography is bad and should be stopped.

Secondly sorry for this not being on testing but felt I needed to say something.

Here in NZ the DIA is setting up a system akin to the Great Firewall of China. The DIA is setting a system up to screen out child pornography. There is nothing wrong with this as it should be stopped.

What I see wrong:
  • This is being implemented under the radar without any legislation governing it bounds and scope. With the infrastructure in place it is very easy just to add a new site in here or there
  • There is no formal tribunal and process to get sites unblocked
  • DIA are deciding what is in and out, not NZ's Chief Censor. This being the case there is nothing stopping the of blocking other sites.
  • It may slow sites down as if there is an IP hit the request goes via DIA'a infrastructure to decide if the URL is ok. I am guessing all Google's IPs will be placed in the check list as Google has their cached version service.
  • They are not publishing a list of blocked sites, as they clam it will be a list of sites to visit for people who are sick and want to have a look. As a NZ citizen I would like to know what sites my Government is blocking. Look at the Chief Censor they provide a list of everything they have rated along with their ratings and there is a process to get them re-evaluated.

Also I don't think it will work that well as from what I know about the Movie, TV and Music piracy scenes HTTP plays almost no role, as people don't download things from a HTTP server they all use other methods. Bittorrent for example generally uses HTTP for its trackers but can also use DHT. Then there is also Tor, Freenet and Onion Routing which can disguise and hide the traffic until it is somewhere else in the world. Then there is encryption and stenography. There is also old school basic things like NNTP which will store and distribute it al around the world.

This being the case it I feel this web filtering is giving the naïve some warm fussies that the government is trying to stamp Child Pornography out. When it really won't do all that much and places a internet filter in NZ's internet infrastructure that has not legislation governing it and can also be used by the government to stamp out free speech that it doesn't like. So NZ is now no better than China when it comes to the internet and one step closer to fasicit regime where the government controls everything and stamps out free speech and free choice.

More Info:
General FAQs
Technical FAQs

Sunday, 12 July 2009

Testing on the Bog - Testing Dates and Times

PDF version for placing in your office.

What is Testing on the Bog?

The handling of dates and times is one area that commonly has issues when to comes to testing. This Testing on the Bog will give you some ideas when it comes to testing dates and times in your application, this doesn't tell you how to do it, as you need to know what your application should be doing in these situations.

Date Formats - Most of the world uses Day then Month while the US for example uses Month then Day. Then there is also the ISO8601 format for dates. Does the application format correct, accept input correctly, store and convert correctly? Does it reject input when expected?

Two Digit Years - This was the whole issue around Y2k problem. When the application is faced with a two digit does it do something sensible with it? Does it store correct by adding 19 or 20 to the front or does it add 00? If you roll your clock forwards is it still adding the century correctly?

Daylight Saving - Does the application handle the short day and the long day correctly? In the long day can you tell the difference between the first hour and the second hour that is doubled up? For example ':' maybe used for the first hour and ';' is used for the second hour e.g. 02:59 is followed by 02;00.

Daylight Saving Dates - Does your application use the correct library for figuring out the start and end dates? This is particularly important if the local rules have been recently changed.

Time Zones - Are Time Zones stored? Does convert correctly? When no Time Zone is given does it correctly figure out what time zone it should be? Transitions in and out of Day Light Savings Time Zones. If you manually ask the system (e.g. via SQL) to convert the time zone will it? If you manually force a date to be inserted with a Time Zone which is different the the default does the application do the correct thing with it?

Leap Years - Firstly remember the rule is "Every year divisible by 4 expect those divisible by 100 unless it is also divisible by 400" 1900 was not a leap year yet 2000 was. Do things work as expected in this day? Date range calculations? Is 365 hard coded anywhere for calculations?

Leap Seconds - Leap seconds happen every so often and result in an extra second being added to the day (and in theory a second may also be removed). So the valid range of seconds in a minute is 59 - 61. A leap second minute goes x:59. x:60, y:00. Can the application display a minute with 61 seconds? What happens if you insert a time with 60 as the value of seconds? What happens with a transaction submitted at 61? Does the application assume there are always 86400 seconds in a day?

Intervals - With Leap Years, Leap Seconds and Daylight Savings do intervals take these into account correctly?

Year 2038 Problem - At 2038-01-19T03:14:07Z the 32bit counter which has been counting the number of seconds since 1970-01-01T00:00:00Z will roll over to a negative integer which may produce date/times in the past.

Introducing Testing on the Bog

I would like to introduce everyone to Testing on the Bog (TotB). TotB pays homage to Google's Testing on the Toilet. Seeing TotT isn't producing a new one each week and I am running out of past episodes to place the toilet doors, I thought I would have a go a writing some. My background is different so will of course approach Testing from a different angle. Hopefully you do find these interesting and useful. Do provide me with feedback on these and if you are using them at your company. Also I would like to say that if anyone would like to contribute one or maybe just a topic idea please do feel free to get in touch. I can't promise these will be produced weekly but I will try and publish as often as I can.

I will be posting the first installation very soon.

Saturday, 11 July 2009

Experiences with Mantis 1.2 - Part 1 - The Install

I have bee looking at different defect tracking systems and I am liking the look of Mantis Bugtracking System. I have experimented with the 1.1.x version and liked it. I have only used on virtual machine at home, so I have never used it in anger so to speak. Seeing 1.2 of Mantis is now at a Release Candidate stage I thought I would have another look at it. What I plan to is to write a series of blog posts as I get it set up in a demo form.

So Part 1 the install. Put Ubuntu on a a VM and made sure that Apache, mySQL and PHP were installed. Then just downloaded Mantis and placed it in /var/www/mantis and fired up a web browser to point at it. Comes up with a install page just type in the database connection details and is installed in a matter of seconds. Totally painless and simple.

What I plan to do:
  • Set up some different user roles
  • Set up some custom statuses
  • Set up a customer work flow
  • Set up multiple clients so internal people (I work at an IT vendor company) can see more than clients and clients can only see things related to them and not other clients.

Sunday, 5 July 2009

Full Risk Based SDLC

In the testing sphere there is a lot about Risk Based Testing and methods about how to go about it. I have had a quick look on Google (it may be that I am just blind) but there doesn't seem to be much in the way of a similar thing for development.

The development side does have different things like pair programming, code reviews, code coverage, etc which are expensive to run all the time but could using the same data coming out from the Risk Based Testing data gathering sessions to gear their development. They may also place a a higher weighting/bias to the ones with a higher development risk due to complexity for instance. An example could be:
  • Low Risk
    • Unit Tests with 95% branch and statement coverage
    • Static analysis using something like Sonar for complexity, copy and paste and coding standards
  • Medium Risk
    • Everything in Low Risk plus
    • A code review by a peer
  • High Risk
    • Everything in Low Risk plus
    • Pair Programming
    • A code review by the tech lead

That way with Risk Based Development (RBD) and Risk Based Testing (RBT) the whole SDLC can be Risk Based. With Development and Test both using the Risk Data gathered the time spent gathering the data would be easier to justify as it will be used twice and should develop a better end product as the riskier areas of the product are better developed and tested.