[TIP] Web Application Testing Code of Ethics?
noah.gift at gmail.com
Thu Nov 20 07:25:14 PST 2008
On Thu, Nov 20, 2008 at 9:52 AM, C. Titus Brown <ctb at msu.edu> wrote:
> On Thu, Nov 20, 2008 at 01:37:56AM -0500, Noah Gift wrote:
> -> The web is a weird world, because of the mixture of technologies, like
> -> dirty functions in a couple of files. I have a friend that has to
> -> applications quickly for many of these languages, it isn't me I promise
> -> and he often finds that a developer tells him. Oh, it works, don't
> -> just update the production site...and do it NOW!
> -> About 50% of the time, things break, when he goes to deploy, and it
> -> out to be a hardcoded database password that is wrong, absolute paths,
> -> more. Other than telling this guy to get another job, which is probably
> -> wise move, is there a commonly accepted minimum level of testing that a
> -> developer should ethically subscribe to across all languages?
> -> If I was in his position, I would tell the developer(s) that routinely
> -> him broken web apps that they were poor developers for not including at
> -> least some basic tests. These could even be minimal, like a script that
> -> connects to the database and tests a couple of URL parameters for
> -> Is there anything I could point him to that could help convince the CTO
> -> developers at this company that testing is just ethical?
> Layering additional requirements on people (whether or not you tell them
> that they suck first)
generally doesn't work unless you're in a position
> of power, and even then they often find a way around your requirements.
> So I think it's unlikely to work well.
I agree, yet, this is a behavioral issue remains an issue for web
> Why don't you tell your friend to build some simple smoke tests --
> using Selenium or twill, for example -- that exercise the deployed
> site(s)? Then he can figure out quickly and easily if things are
That is pretty much what I told him a while ago, that he needs to use CYA
techniques like writing tests for the developers that don't write their own
tests, and also monitoring website status codes covertly in case a rogue
developer does an svn update using the root account which is publicly
available, and breaks everything. One issue is that a lot of these sites
are flash, too, which do "fancy stuff", but maybe make one call to a
database to pull something out. See this is the kind of stuff I want you
and Grig to cover in a book, covert, black ops testing. There is already a
ninja that can test ANYTHING, even code he didn't write.
> Another strategy might be for him to set up a simple staging environment
> on his own and deploy things there first; that would let him break
> something other than the production site. If he automates the
> deployment from staging -> production and also automates the test
> running, then he'll be just as fast when it all works but he won't
> deploy broken stuff.
This is a pretty useful technique as well, if you are in an environment that
lets someone have that much discipline. I think people have the ability to
walk in and say, this site goes live in 5 minutes. It also brings up an
important issue. Python doesn't have a deployment tool, that is widely used
and easy to use, like Ruby does with Capistrano, or Puppet, that I am aware
of. I was talking to Kevin Dangoor about this during his Paver talk at
PyWorks, http://www.blueskyonmars.com/projects/paver/. I could make the
argument that web testing and deployment are closely related tasks, and
perhaps deployment even falls under the umbrella of testing.
> Both of these strategies duck the systemic problem (developers not
> testing) but make it easier for your "friend" to do a good job.
I still think there is a minimal level of testing, in any language, that
should come with a web app, and that it could be summarized in an elegant
way that wasn't too condescending. Where is our generations Nancy Reagan,
"just say no" to untested web apps?
> C. Titus Brown, ctb at msu.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the testing-in-python