SShortSingh.
Back to feed

How Pinned UI Strings in Smoke Tests Masked a Real Production Bug for a Week

0
·2 views

A software team at nlqdb discovered that their acceptance test walkers, which assert exact UI strings, all reported 0/9 failures for an entire week after a homepage redesign, a copy edit, and a catalog update simultaneously broke the tests. Two of the three failures turned out to be test drift — outdated string expectations — while one was an actual production issue, but the identical failure score made them indistinguishable without manual investigation. The team concluded that pinned literals are a valid regression tool, but only when failures are triaged quickly and test output clearly names the failing element and its expected value. A pre-existing rule requiring walkers to re-run on any PR touching a walked surface was skipped because it was a convention rather than an enforced gate. The key lessons are that unexplained test failures accumulate noise that can obscure real outages, and that unenforced testing conventions offer no real protection.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

ADT Confirms Data Breach After ShinyHunters Claims 10 Million Records Stolen

Home security giant ADT confirmed a data breach on April 24, 2026, after hacker group ShinyHunters posted what they claim are roughly 10 million customer records on a leak forum the previous day. The stolen data reportedly includes full names, email addresses, home addresses, phone numbers, and service plan details, though ADT stated that payment card numbers, Social Security numbers, and alarm credentials were not compromised. Multiple cybersecurity outlets independently verified records from the leaked sample, and several affected customers also confirmed their own information appeared in the data. ADT said its security team has contained the unauthorized access and is now notifying impacted customers while offering complimentary credit monitoring. The company has not disclosed how attackers gained entry, and no details have been shared about whether the breach involved an internal system, a customer-facing application, or a third-party service provider.

0
ProgrammingDEV Community ·

Developer Ditches Paid AI Coding Tools for Free Local Alternative MonkeyCode

A software developer with five years of experience has switched from paid AI coding assistants like Cursor, GitHub Copilot, and Windsurf to MonkeyCode, a free open-source platform that runs entirely on a local machine. The primary reasons cited were privacy concerns, since most commercial tools send code context to remote servers, and cumulative subscription costs that can reach hundreds of dollars per year per developer. MonkeyCode supports multiple AI models, including local options via Ollama, and integrates with popular editors such as VS Code and JetBrains IDEs. The developer reported using the tool daily for three weeks across tasks including code completion, refactoring, and code review, with no usage limits or account requirements. The project is self-hosted via Docker and has accumulated over 3,700 stars on GitHub, though the developer noted its UI and English documentation are less polished than commercial rivals.

0
ProgrammingDEV Community ·

Why Reading a JWT Is Not the Same as Verifying It

JSON Web Tokens (JWTs) consist of three dot-separated segments — header, payload, and signature — where the first two are merely Base64url-encoded JSON readable by anyone without a key. Because the payload is not encrypted, developers should never store sensitive data such as passwords or API keys inside a token, as it is effectively public. Security in JWTs comes entirely from the third segment, a keyed HMAC or digital signature computed using a server-held secret, which makes tokens tamper-evident but not confidential. A common and dangerous mistake is decoding the payload to read claims and acting on them without first verifying the signature, which leaves applications open to forgery attacks. Base64url encoding is used instead of standard Base64 to ensure tokens remain intact when placed in URLs, as standard Base64 characters like '+', '/', and '=' carry structural meaning in web addresses.

0
ProgrammingDEV Community ·

When and How to Move from Single AI Agents to Multi-Agent Orchestration

Single AI agents work well for simple tasks but struggle when a job requires multiple types of reasoning simultaneously, leading to issues like context pollution, tool overload, and lack of behavioral separation. Multi-agent orchestration addresses this by splitting complex tasks among a coordinator and specialized worker agents, each with a focused role and limited toolset. Four main orchestration patterns exist in production: sequential pipelines, concurrent fan-out, agent handoffs, and hierarchical coordinator-worker setups, with the last being most common. Frameworks such as LangGraph, CrewAI, and the OpenAI Agents SDK all implement these patterns differently but share the same underlying architecture. A working code example in Rust demonstrates a hierarchical setup where a coordinator decomposes a research request and dispatches sub-tasks to specialized workers concurrently before merging their outputs.