Monday, November 13, 2017

Why do I (try, and sometimes manage to) speak at conferences?

In here, Maaret shared her reasons for speaking and attending conferences, and finished with a question - why do you?
So, I'm only starting my way in this area, and from where I stand, conferences are really fun. At every conference I find someone to wander with and have really interesting discussions. I get to hear ideas that open my eyes to other ways of working and I get a small peek at the challenges other people are facing. At this phase, at least - it's a marvel every time.
But, how did I get to the point where submitting a talk is something I even consider?
Well, that story starts with me watching a video - I was watching CAST-live in August 2015. Not ideal, as the hours were diving deep into the night with 7 hours time difference, but still, I enjoyed watching the talks. One of the talks I saw and stayed with me was Ioana Serban's talk: Taking control of your test environment, which is a really great talk to watch, especially for people at the start of their career. It was then that I really thought "hey, it could be nice to actually try and attend one of those in person" I did ask the place I work for to send me to cast that year(by some odd chance, cast was the first conference I heard about that looked interesting), but when they couldn't find the budget for it in the short notice I gave them ("hey, I found this conference, wanna pay ~3500$ to send me there?"), I just shrugged and moved on. Watching this talk put one thought in my head - there are cool ideas at conferences.
Then, lucky me, Maaret posted this, and I thought to myself - I really appreciate Maaret's ideas and writing, Romania is not expensive and is fairly close so the flight should be cheap as well, so if she's asking me to trust her to create a conference and in the by process I can also get a conference ticket in a price I can afford myself, I'm jumping on the opportunity.
I got to the conference, and the experience was amazing. People were very kind and I got a ton of new ideas and experiences. One funny thing I noticed was that with one single exception everyone with whom I had a conversation turned out to be a speaker. At the conference lean coffee session, I ended hearing from a developer about her experience in working with some doctors on a software for them and we had a nice chat that continued a bit into the break. The day after I attended her talk. I got a bit late to a workshop and started working with Gita Malinovska, who apparently was also a speaker. After hearing Emma Keaveny talk about dark patterns we had a talk that caused us all to be late to the closing keynote of the day. Later at the evening conference party I had a really nice talk with a friendly tester I then did not know by reputation (I was even less connected to the global community than I currently am), but Richard Bradshaw turned out to be a very interesting person to talk with. At a mobbing demo I got to work with some people including Abby Bangser that gave a talk I really enjoyed the day before, and somewhere in the conference I got to speak a bit with Franziska Sauerwein and Simon Schrijver  - both speakers at the conference. So, I figured, that's where all the cool kids are. I want in on that club.
It also really helped that in the conference slack channel (which I really liked) there was an open-space, and I got to talk a bit about my experience with threat modeling, and had a great time doing so.
But, then, sometime as the conference was coming to a close, Maaret said to me "I heard you spoke about software security, maybe you should try submitting a talk". That, probably, was the point where everything was decided - I had a string motivation (cool kids, remember?) a positive, safe, experience, and the little very needed nudge.
Next August, when I got my workplace to send me to CAST in Vancouver, the experience did repeat itself (though less strongly) and my resolution to start speaking got another confirmation.

So, next year I tried to submit a talk to ETC, and was rejected (Having attended the conference in Helsinki, I can attest that every talk there was at least as good as my submission, and most of them far better), but the rejection notice came with a suggestion (Nordic Testing Days are looking for speakers, why don't you try?), and they gave me the opportunity to speak there.
Talk's over, and at least for now - I'm hooked.

So, why did I start speaking?
I think that every reason we can find can probably be traced back to Maaret or something she'd done - Thank you.

Why do I speak?
 - As I mentioned, it's where there's a high concentration of cool people. This way I get in that circle and get to meet more of them.
- It's cool to share ideas that might help other people who face similar challenges.
- I can allow getting to more conferences, and, if that would be relevant, I have a good reason to ask my workplace to help financing me travelling (Quite happily, most conferences I'm interested in attending are covering expenses, which I see as ETC slowly achieving one of its goals of changing the conferences world, and for which I'm grateful).
- Preparing a presentation forces me to formulate my ideas and give people a chance to poke holes in them. It's challenging and fun at the same time.

You should too.
And, regardless of whether you speak or not, you should attend ETC. It's in Amsterdam this year, and I already regret not being able to be in three places at once to hear the talks I want to. Here, have a look.
(no Hebrew this time, at least not currently).

Monday, October 30, 2017

quick peek

So, I have not been here for a while. In fact, for too long.
This is because of... reasons.
One of those is that I'm working on the talk I'll be presenting at the European Testing Conference.
Speaking of which - you should be there. And if you do, I have a discount code to share with you a 15% discount code, just drop me a message (you can do so here on the left).
Also, If you hurry, the early bird registration is up until the end of the month.

Go and register, if you need a reminder why - here's what I have said.

Monday, September 18, 2017

I've fallen and I can't get up

A common theme around testing is answering the question "How did you fall into testing". Honestly? I cringe a bit every time I hear this question. It might be that English is not my native language, but when I hear "fallen" I get the impression of someone lying hopeless on their back, waiting for someone to come to the rescue.
Well, at a certain point, every tester chooses to become one - It might be after working as a tester for some time, or after a really crappy day at a different type of work, or, as is my case - after being exposed to testing as part of my CS degree. Sure, most people don't grow up dreaming of being a software tester,  but neither they want to become a project manager, or a financial analyst - those jobs are not visible to children as is driving a truck, being an astronaut or creating a piece of software. At some point, an opportunity presents itself, and a tester chooses it. People rarely wake up and say "whad'ya know? I've been testing for a decade, I must be a tester".

The Application Security PodCast is dealing with the same problem - most security expert have quite a versatile background and have chosen security as a career in a later phase. Whenever they interview someone, they don't ask "how did you fall into security?", they ask "What is your superhero origin story?"

Isn't that a bit more fun to hear?

Sunday, August 27, 2017

Early bird

הציפורים שרות לי בוקר טוב

Just in case you managed to miss this one - the Europen Testing Conference  has opened its gates and the early bird registration has started and will end soon (end of November, which, for those working in a corporate environment and wanting to use their training budget, is not a lot of time to get the bureaucracy sorted out).
Before I go on spilling some of the praises I have for this conference, do yourself a favor and go buy a ticket
Done? Great.

So, I didn't go to a lot of conferences so far, and I'm not about to start ranking those I attended - as they all great, each in its own unique way. Still, ETC is the conference I feel the most connected to. It might be because I was lucky enough to attend the first ever ETC in Romania a couple of years ago, or that this is the only conference (so far) I've been in more than once, or maybe it is just suits what I'm looking for in a conference. It also helps that this is a VERY good conference. 
So, what is it I really like about this conference? 
  1. It's a peer conference. No one is trying to sell me stuff I don't need, but rather people share what they are interested in. 
  2. The talk selection in the conferences so far has been superb. I still go back to the 2016 site in order to send people links to videos of the talks (Just a week ago I've sent Jesse Alford's talk about testers patching up gaps where needed, and I probably need to send Linda Rising's talk as well to someone else). If you have not done so yet, clear yourself some time and watch the talks.
    (By the way, if any of the organizers read this - I will probably ping you later about it, but just in case I forget - Those recorded talks are of significant value to me)
  3. The organizers Credo.
    The conference is stating very clear values, and their actions are true to their words. If I have to try to put my own words to the main principles that guide this conference (which I'm sure the organizers did in much better wording, so any faults here are mine), it would be something like this:
    1. This conference is about conferring. Meeting people who take interest in testing and getting a chance to talk with them. Yep, it's not only about the speakers, it's about listening to everyone who attends. 
    2. This conference is as diverse and inclusive as the organizers can make it, and this means there are a ton of different experiences around. And they can  do quite a lot. 
    3. They are here to change the conference world. In this case, it would be easier for me to point to what Maaret has written in 2016.
      The short version - They see speakers as partners and try to make sure speakers don't have to pay to speak. The really cool thing? They also help speakers who can't afford speaking in other conferences
  4. They Learn and experiment. I thought they had it all nailed down the first time - Everything was great, and so well organized. I was amazed. Next year, There were several new experiments - speed meeting was one of them (I didn't like it much, others did - quite a lot). I really want to know what they are planning for this year. 
  5. They listen - By the end of each conference day, they did a retrospective. They took the feedback in and worked to improve. For instance, following the feedback from last year, workshops will be given twice. They also go an extra mile to collect feedback - last year they had people with an app standing at the exits just asking for a good\bad\neutral feedback on the talk. 
  6. They stress audience participation. I mentioned it once already, but it is such a huge thing in the conference I think it deserves a bullet of its own. Even if you are not a speaker, there will be place for you to share your ideas and what excites or worries or interests you - we had lightning talks, lean coffee and open space - all dedicated to letting the participants to find their own voice. 
  7. They care. A lot. I can't really pinpoint this to one specific behavior, but every choice I could see shows great care for the people involved.

There are a million tiny things I like about this conference - from the fact they ask their speakers to attend the entire conference to help promote a discussion, to the way they select talks (They speak with anyone who has submitted a talk idea, and provide feedback. It is by far the most pleasant submission process I have seen in conferences). 

So, briefly, that was why I think you should attend - it is a great conference, and by attending you will be helping both yourselves and an organization with some causes and actions I think we should all support.


במקרה שהצלחתם להחמיץ את זה - ההרשמה המוקדמת לכנס הבדיקות האירופאי נפתחה. ואם אתם עובדים במקום גדול ועמוס בירוקרטיה ורוצים להשיג תקציב בשביל להיות שם, אז היא גם נגמרת בעוד שנייה וחצי (סוף נובמבר). 
לפני שאני מתחיל להשתפך, עצרו הכל ועשו לעצמכם טובה - לכו וקנו כרטיס לכנס

זהו? קניתם? 
אחלה. בואו נמשיך. 

בינינו, גם במחיר הנוכחי, זה לא בדיוק זול. למעשה, אם סופרים טיסה ומלון, אנחנו מדברים על סדר גודל של 6000 ש"ח בערך (אם מזמינים כרגע טיסה, אפשר למצוא דברים בסדר גודל של 200$ הלוך חזור). בכל זאת - לדעתי זה שווה כל שקל.
לא הייתי (עדיין) בהמון כנסים, אבל מבין אלו בהם הייתי, זה בהחלט הכנס שהותיר עלי את הרושם הכי טוב. בפעם הראשונה ביקרתי בכנס לפני שנתיים ברומניה, כי המארגנים החליטו להפריח בלון ניסוי באוויר ומכרו כרטיסים בחצי מחיר כדי לראות אם יש קונים. רומניה זה מקום זול יחסית, אני רציתי לדעת איך נראים כנסים מקצועיים, אז יאללה. חופשה. בסוף הכנס היה לי ברור לגמרי שבשנה הבאה, גם אם זה יעלה יותר, אני שם. בפברואר האחרון טסתי להלסינקי לכנס מצויין (במינוס עשרים מעלות). וכן, זה היה קצת יותר יקר (לא ביקשתי מהעבודה לממן לי את ההשתתפות, כי באוגוסט שלפני כן הטיסו אותו לCAST בקנדה) ושוב - זה היה שווה כל רגע. 

אז מה אני כל כך אוהב בכנס הזה?
קודם כל, יש את כל מה שאפשר לקרוא טיפה למעלה באנגלית, השתדלתי לנסח שם דברים בצורה סבירה. בעברית, אני מעדיף הפעם לא להישאר עם תרגום קרוב, אלא לדבר באופן טיפה יותר ממוקד - מבחינתי, יש כמה דברים שקנו אותי וגורמים לי לחזור לשם בכל שנה (בינתיים לפחות). 
מובן מאליו שהתוכן מצויין - נתקלתי שם במגוון רעיונות חדשים שאת חלקם הבאתי איתי הביתה ועזרו לי לא מעט. אבל, את זה יש גם בכנסים אחרים. 
שלושה דברים שהם עושים חשובים לי למדי - קודם כל,  הם דואגים להרחיב את הכנס כך שלא יהיה כנס לבודקי תוכנה אלא כנס על בדיקות תוכנה. ההבדל דק, אבל חשוב. שנית, הם שמים דגש חזק מאוד על להפגיש אנשים ולגרום להם לדבר אלה עם אלה. בינתיים זה עבד להם מצויין פעמיים. לסיום, מטרה מאוד משמעותית של הכנס הזה היא לשנות את העובדה שברוב הכנסים היום מרצים צריכים לשלם כדי להרצות - רוב הכנסים (שאינם כנסי מכירות) אמנם דואגים למרצה לכניסה חינמית לכנס, אבל טיסה ומלון זה סיפור לא זול. 

אה, ועוד משהו אחד - כל דבר שהם עושים שם בכנס, גם הדברים שאני פחות מסכים איתם, מראה כמה אכפת להם. לא רק מהכנס, אלא גם מהמשתתפים בו. 
לדעתי, אתם חייבים לעצמכם להשתתף בכנס הזה לפחות פעם אחת. 

Wednesday, August 23, 2017

סוסי בעד תיעוד!

My Horse for a document!

את הממלכה, אחרי הכל, כבר החלפנו בסוס. 
לאחרונה יצא לי לשחק לא מעט עם שלושה פרוייקטי קוד פתוח. ולמרות שמדובר במוצרים שונים לגמרי שעושים דברים אחרים ונמצאים ברמת בשלות אחרת, חוויה אחת הייתה משותפת עבורי בכולם: אני יודע מה אני רוצה לעשות, אני יודע שהכלי מאפשר את הפעולה שאני רוצה, אבל אני מבזבז שעות על גבי שעות בחיפוש דוגמאות, הסברים, הנחיות - משהו. כל דבר שיאפשר לי להתקדם לקראת המטרה שלי. בשני המקרים, קיים תיעוד נרחב, שאיכשהו בדיוק לא מכיל את מה שאני מחפש. כמה פעמים. בפרוייקט הקטן והפחות בשל מבין השלושה (Allure framework) הגעתי לנקודה בה הורדתי את קוד המקור והרצתי עליו חיפושים טקסטואליים כדי למצוא משהו שמזכיר את מה שחיפשתי.
כמה תובנות שעלו לי במהלך החיפושים - 
  • בדיקות יחידה הן דוגמאות סבירות למדי לשימוש בקוד. זה לא יעיל כמו מסמך שמסביר איך להפעיל דברים, אבל לפעמים אפשר לקרוא את זה וללמוד מה שצריך. 
  • בחייאת ראבאק, כתבו הערות. לא בכל מקום (כי אז זה סלט), אבל בראש קבצים שמבצעים משהו שהוא יותר מאשר לוגיקה טריוויאלית, כתבו משהו קצר שמסביר מה מטרת המחלקה\קובץ.  באופן דומה, אם כתבתם ממשק שאחרים יכולים לממש, כתבו שורה או שתיים על מה כל פונקציה צריכה לעשות. זה גם מקום נהדר להסביר לא רק "מה" עושה הקוד, אלא גם "למה". 
  • יכולת גילוי, או Discoverability  בלע"ז, זה חשוב לאללה. שימו לב לזה בקוד שלכם, ושל המתכנתים איתם אתם עובדים. 
  • תיעוד. תיעוד. תיעוד. טרם פגשתי מישהו שנהנה לכתוב אותו, טרם פגשתי מישהו שלא קיטר לפחות פעם בחייו "למה הם לא כתבו מדריך טוב יותר?". זה כואב, זה לא כיף, וזה נורא לתחזק, אבל לפעמים זה ההבדל בין מוצר שכיף לעבוד איתו לכזה שמתרחקים ממנו כמו מאש. 
אז אם למוצר שלכם יש API פומבי, או שאתם בכלל מספקים SDK ללקוחות - שימו לב לדברים האלה שבעתיים. זה יחסוך ללקוחות שלכם זמן וכאב ראש, לאנשי התמיכה שלכם שיחות טלפון נואשות, ויעשה נפלאות לקארמה שלכם. 
מה זה? המוצר שלכם סגור ומסוגר? אפשר אולי לעגל כמה פינות, אבל הלקוחות הכי חשובים - אתם בעוד חצי שנה - יודו לכם על פירורי הלחם הקטנים האלה שעוזרים להתמצא בקוד. 


The kingdom, after all, was already traded for that horse. 
Recently I had the opportunity of playing with several (three) open source(ish) projects. Trying to utilize them. Although the projects are very different in size, purpose, maturity level and community size, one experience was very similar - I knew what I wanted to do. I knew it could be done with the tool, but I spent a whole lot of time trying to figure out the "how" part. Despite the fact that in both cases there was some impressive effort invested into documentation, it just so happened that what I was trying to do somehow wasn't there. With the smaller, less mature project (Allure framework), I ended up cloning the repository and grepping through the source code looking for hints. 
Some insights that I came to while enjoying my wasted time: 
  • Unit tests are not really documentation, but they are a semi-decent examples of how to use code. If there isn't anything better, I can try to decipher what I need from them - as long as they are readable. 
  • For the love of G*d, write comments. I don't mean commenting the hell out of your code, but a header for every non-trivial class is nice. It's also a great place to write down the "why" part to supplement that "what" part that is in the code.
    Also, if you write an interface that others might implement, please do everyone a favour and write some javadoc above each public method, so that when I come to implement some of it, I can know what I should be doing there. 
  • Discoverability is key. It shouldn't be hard to find information about your code, so please pay attention to as many aspects of it as you can - Reasonable naming conventions, clear division of responsibilities, example code, manuals. Heck, even an active user forum might be nice.
  • Documentation, documentation, Documentation. I've yet to meet someone that enjoyed writing it, I've yet to meet someone who didn't mutter (or cry out in agony) at least once "why couldn't they write some clear instructions for this?" (Quite often, "they" will be the same team, 6 months ago). Maintaining it is hard, painful and not really fun, but it could be the difference between a product that is pleasant to work with, and something that everyone tries to avoid. 
So, if your team is exposing an API or releasing an SDK - pay double attention to those. You will be saving time to your customers, desperate phone calls to your support team, and you will gain a whole lot of good karma.
Everything is internal? are you building a perfect little closed garden? Cool. You can probably cut some corners. However, do keep in mind that the most important consumer of these discoverability services  - which is future you - will thank you for those little breadcrumbs you leave as you go. 

Or, you could take this approach: 

Your choice. 

Friday, August 11, 2017

תזכורת על חשיבות התזמון

Reminder about timely feedback

אחד הדברים שיוצא לשמוע לא מעט על בדיקות תוכנה הוא שמדובר בעסק של אספקת מידע - והדגש הוא תמיד על אספקת מידע מועיל בזמן. 
אבל, מה לעשות - זה לא תמיד מצליח. אתמול,ביום חמישי, למשל, עברתי על מסמך שנשלח אלי לסקירה, ובעקבות ההערות שלי אנחנו רוצים לשנות לגמרי את מבנה המסמך. אבל - המסמך הזה יוצג ביום ראשון לאוסף של אנשים שקשה למדי לכנס בחדר אחד, וחלק מהשינויים הדרושים ייקחו קצת יותר מאשר יום (זה לא מסמך קצר, ומי שכותב אותו הוא קצת כמוני - לוקח לנו נצח לכתוב משפט וחצי). אז מה עושים? "טוב, נו, חבל. אולי נתקן את זה אחר כך, אבל בינתיים נציג אותו כמו שהוא יחד עם כמה מהתיקונים הקטנים יותר שכן אפשר להכניס". שנינו מסכימים שהיה עדיף לשנות את הפורמט, שנינו מסכימים שעדיף להציג את המסמך הנוכחי מאשר לנסות לאסוף את כולם באותו חדר שוב, שנינו קצת מבואסים מזה. 
אילו הייתי מגיע לפני יומיים עם התובנות האלה (מה שהיה אפשרי, אילו הייתי מגיע לקרוא את המסמך קודם) - שנינו היינו מרוצים יותר. 
אבל, החלק שקצת חבל לי הוא שאני לא חושב שיש הרבה מה ללמוד מהמקרה הזה - בהינתן מצב דומה, כנראה שהייתי חוזר על ההתנהגות הנוכחית ומגיע לקרוא את המסמך יחסית מאוחר. למה? כי היו לי משימות דחופות יותר, וכי לא ציפיתי שיהיו לי הערות שינוי עד כדי כך מרחיקות לכת.  יכול להיות שברפרוף מהיר על המסמך יכולתי לתת משוב ראשוני, אבל במקרה הזה לקח לי בערך חצי שעה להבין שמשהו לא בסדר, אז לא בטוח עד כמה רפרוף היה עוזר. 
אבל נו, זה החלק העצוב של יוריסטיקות - הן נכשלות לפעמים. 

One of the things commonly said about software testing is that it is the business of providing information - focusing on timely & relevant information. 
However, this doesn't always work out well. Yesterday, in Thursday, I spent several hours reviewing a document sent to me by a colleague. One of my comments was "the scope of this document is wrong" and another one was "I'm missing some sections about this, this and that". Knowing that these changes mean quite a bit of work I hopped over to the room next door and had a little chat with the author. We both agreed that the changes would make the document better, but a review meeting is already set to Sunday, and it isn't easy to get the relevant people in one room, so moving the meeting is quite expensive, even ignoring the other stress factor that want this review done (some very pushy project managers and possibly a miscommunication with some customers). Making those changes would require a bit more than half a day (Weekend in Israel is Friday & Saturday)  and we both agree that presenting the document as is would be better to presenting a better version of it later. Still, now both of us are bummed because we know this could have been better had I come up with this feedback a couple of days earlier. 
The sad part is that I don't think there's much to learn here. It's a reminder of why timely feedback is important, but given a similar situation I would probably behave in a similar manner, postponing the review to deal with more urgent (and more important) tasks. Most of the times, my comments might be numerous and require some work to fix, but it is usually less than half a day.  Maybe, had I skimmed the document... but it took me about half an hour to realize that the structure of the document was wrong, so I think it wouldn't have helped. All in all, that's the meaning of risk - something might go wrong, and I have accepted this risk. 
Ah, well, that's the sad part about heuristics (I used "if it was urgent and important, someone would be nagging me" heuristic) - they sometime fail. 

Tuesday, August 1, 2017


No Hebrew this time, ranting once is more than enough.

Every now and then, there's a deluge of memes and semi witty remarks on what appears to be testers favorite subject - bugs. Usually, bugs created by the oh-so-incompetent developer.
Well, I have a request for you - If you are about to create, post, retweet, or in any other way share such a hilarious pun - please don't.
Yes, I'm sure that everything is done in good spirits, and it's only a harmless way of venting out.
And yet - Stop.
Besides creating and enforcing a useless barrier between testers and developers (which, I hope everyone posting such stuff is aware of this side effect), this unproportional focus on bugs also portrays testing in the very narrow aspect of bug-hunters. It diminishes every other aspect of testing - exploration, collaboration, risk-analysis, facilitation & acceleration of shipping stuff - and focuses on obvious bugs, probably the single most superficial thing there is to testing.  
So yes, sure, a joke. Sometimes it's even a funny one.  Just remember that humor is one very effective way to convey ideas and make them stick.
So i would appreciate it if you would stop doing that. Thank you.


Also, I have a challenge for you - Find some memes about testing that aren't about bugs or bashing developers, and share them the next time you encounter some of those.

Here's one I found: A bit of an internal testing joke, but still.