Ask HN: How common is it to work on projects with no testing?

115 points by reese_john ↗ HN
I have been working in an investment bank for the past months(my first job), and I was surprised to find out out that my team doesn't write any tests at all.

There is also no code reviews, you are responsible for your own code. There seems to exist a "hustle" mentality, where you need to ship at all costs, the engineers frequently work from 9am-9pm and then some weekends. Is this common practice in the industry?

112 comments

[ 4.4 ms ] story [ 58.3 ms ] thread
I have been in some, with disastrous results. I think it happen in startups so often than I mostly blame the downfall of them to not testing culture.
This is a very developer-y thing to say.

I read a book written by a brand marketer a couple years ago. He dissected about two dozen big companies that failed and, guess what, every one was due to poor brand marketing.

People tend to see flaws within their area of expertise, for better or worse. A developer is likely to say the problem is due to how software is made, while a brand marketer is likely going to mention poor brand marketing.
Indeed, we're paid to be experts in our area of expertise (by definition), so we should see more flaws there. The key is not to go overboard by declaring that our area of focus is all that matters.
depends on the culture and on the goals of the company. Testing is an important best practice, but all "best practices" exist to enable the company to be successful. In your case it sounds like the work is focused on prototype projects, so "ship at all costs" sort of makes sense.
Quite common in early-stage startups, 2-5 people including founders. As soon as the MVP is ready (first 3-6 months usually), they start around organizing things and prioritize stability, robustness over speed of delivery.

If the early engineers were experienced guys, a basic test suite and deployment pipeline would have been the first priority at the onset. It makes releasing frequent commits a breeze. Or else, they learn from subsequent hires to organize code, write tests and add extra processes. If they fail to hire such talent, they learn the hard way, frequent downtimes leading to user frustration and failing to retain them. It's crucial they realize this early on though, otherwise, this could lead to things blowing up pretty quickly leading to the death of the product.

Although I'd say, it sounds unusual for an investment bank. Doesn't sound like a company anyone would stick around for long. Sounds like inexperienced engineering leadership. If you're early in your career, I'd suggest looking for better companies.

Quite common. And it's even more common to have lots of tests that test nothing.
This is a bit of a pet peeve of mine.

Good unit tests mock out all external dependencies. But, that sometimes means there's little or nothing left to test. Some methods are essentially glorified database calls.

I've worked in places where "write tests" is so heavily cargo culted that those kinds of tests get written. The cost is whatever time it takes to write the test, plus the amount of time it takes to execute the test, every time it's run. You also have to maintain that "test" code, and all these things have costs, which could be avoided by simply thinking about whether to write the test in the first place.

> The engineers frequently work from 9am-9pm and then some weekends. Is this common practice in the industry?

Yes, quite common. I've been a software engineer in the Investment bank industry for about 15 years, worked at various hedge funds, brokerages and asset management firms in Boston, NY and recently in San Francisco.

Just 1 out of 6 firms I worked at had any kind of test driven development. In my experience, the lack of testing is not from a "hustle" mentality. It has more to do with the fact that the Fintech space in general, and investment banking in particular always lags behind in technology and processes. In companies that I tried to incorporate some sort of unit tests and TDD, the push back always was "We don't have time in the project timeline for writing tests. There is a QA team that will do that." Either the benefits of tests in software development process hasn't been "sold" to the IT Managers, or they are completely unaware of it, coming from a traditional waterfall methodology.

Another thing that's been the driven of this workflow is that traders and portfolio manager routine so some sort of un-scalable automation for their workflow. I once worked with a Bonds trader who had an enormous spreadsheet with over 80 tabs, links to bloomberg realtime pricing, a bunch of macros and such. The work that my team used to get was to take that spreadsheet and turn it into a database driven application that wouldn't "Freeze" or "choke" periodically as it used to in Excel.

In such situations, which is also very common and you'll likely run into it, your manager will ask you to work with said trader or portfolio manager and do the conversion. In these type of projects also I wasn't allocated any time to write tests. As soon as a portion of the application is ready, the traders or PMs would themselves run tests against a QA instance. In order to keep my sanity, I would write tests that wouldn't be in source control and wouldn't tell my manager about it.

If you're starting with TDD and unit tests, then you're doing it wrong.

You have to start with integration tests, then go down the stack if you have time and resources.

Generally, I agree with this statement, but my experience shows me that there's a very important exception here: if a code implements any kind of parser or compiler, unit tests are a must for that part.
In the compiler I'm working on at work the integration tests have been the most useful.
> If you're starting with TDD and unit tests, then you're doing it wrong

Source?

Please. This is just plain wrong. Integration tests also belong to TDD.

Unit tests are very focused, individual, component level tests. Suppose, I want to test my mortgage calculator logic, without bothering about caching, data storage, network IO etc. Then, unit tests are the way to go. But, if I want to test the functionality, just like an end user then Integration Tests are the way to go.

You might also use Integration tests to get your stories approved.

One might say Integration tests belong to BDD. I'll say that is just a lower level categorization. At the top, it's just TDD.

In a world of no tests, a handful of high level tests on "critical path" functionality can make a huge difference. They can also demonstrate visible wins to unconvinced stakeholders.

I don't know the OP's world, but I can vouch for starting with high level tests being a good strategy in some cases.

(comment deleted)
If there are no parameters on what needs to be shipped at all costs, ship some output from /dev/random and go home.

If you need to ship some functionality in particular, you need a way to check whether what you've written is that functionality.

If you're only releasing once, then maybe a manual/interactive session with the artifact is good enough. But if you're making and releasing frequent changes, then automating the process saves time.

> "We don't have time in the project timeline for writing tests. There is a QA team that will do that."

What they are really saying is, "Currently if a bug makes it to production I can shift blame onto QA for missing it during testing, but if we start writing tests now I have to completely own it."

What do you care if it is common for? Just start improving the situation. Set up Continuous Integration, add high-level smoke checks to catch the simple silly things, then make sure to always create a reasonable set of automated tests for whatever new you build. Does not have to be TDD to give benefits.
Yes, this is all sadly common. And those traits you mention all go together!

Let’s be clear, most of the software empires of the present day were built on this style. It is possible to ship software like this!

But if you do neither testing nor code review, you almost certainly have a team that thinks downtime is for losers and heroes are coding 24/7. I believe they get addicted to the twin dopamine hits of cranking out code and saving the company from disasters that their code causes.

Let's be clear about something: Their CODE doesn't cause the disaster. The continued performance of known bad practices cause the disaster.
Their code because of bad practices can indeed cause a disaster. Misplacing a decimal in finance can mean millions lost. It doesn't mean they are less capable coders, it means that like the rest of us, they're human.
Is this common practice in the industry?

Yes, and so are burnout, abusive interpersonal behavior and the physical / mental problems that inevitably go along with such working environments.

But there's no reason you need to put up with it any longer than absolutely necessary. Do yourself a favor and find another job as soon as you feel you've had enough.

Conversely, there are plenty of organizations who rely only on unit tests and no QA team of any kind. This is bullshit. Plenty of bugs slip into production and we have thousands upon thousands of unit tests.

I for one believe unit tests are not the be-all, end-all that most of the industry has swallowed hook, line & sinker.

unit tests without integration tests are no good, and people generally don't test their UIs at all. You can have 100% test coverage of your code and still wind up with a broken system if it composes differently in production than it does in testing.
Engineers just end up performing the tests manually and with each release. Or they don't and it blows up somewhere down the road.

Some open source projects I've seen don't have too many tests. IIRC the source for uBlock Origin doesn't have too many tests in it. But it's small enough that a motivated maintainer can keep the quality high.

For what it's worth, I worked at a Fintech company that built trading systems for the FX marketplace. They had automated tests out the wazoo and a super thorough and on-the-ball QA team. YMMV.

I'm curious, for the projects you worked on in the Fintech space, how much money could be lost due to software glitches? At this firm I worked for they were responsible for the gain/loss if a bug caused a trade to go into an error state. So it could easily cost ten to hundreds of thousands of dollars in a few minutes during market volatility. A friend of mine had a bug slip into prod and it cost the company $90k.

It's pretty common outside of startups and Big Tech. My boss at my first job told me specifically to "not waste time" writing tests, which I thought was insane and I ignored him since the were having me write a system for charging subscriptions.

I'm fine with not writing tests so long as I'm not held responsible when something unexpected happens. Unfortunately for you, they are making you responsible for your own code and have no form of code review.

If you can, you ought to write tests anyway as a part of your work, even if it's just a handful of end-to-end tests to ensure you don't cause anything catastrophic. And if they ask you for an explanation, just tell them that having those tests in place helps you get more work done and not waste time.

There's a chance they're going to be irrational and opt to run their own software into the ground long-term. If they tell you not to write tests, I'd suggest continue working there until you've held your position for a year and, in the meantime, keep looking out for better opportunities. The reason I say that is because if you adopt their cowboy-coding culture long enough, it will sink in with you and it will be harder for you to adopt best practices at your next employer.

The truth is that you will be blamed for the mistakes made by that manager. So it’s worth taking that extra risk anyway and lying to the manager that you don’t really do testing. Those who are against it are also usually unable to read code anyway :)
Whether it's common or not, is this the right place for you? Stepping into a tire fire for your first job runs the risk of burning you out early and cementing lots of bad habits.

If you do want to stay there, there's a vast happy medium between "no tests at all" and "test driven development". Check out the "git effort" command for a list of the most-changed files in the codebase. (If it's not installed, try looking for a "git-extras" package for your operating system.)

The files changed most frequently are often also the ones most in need of refactoring and tests. If nothing else, you can cobble together a little test suite of your own and be the guy that finds bugs faster and introduces fewer new bugs.

Unless you burn yourself out once you have a hard time recognizing in the future so as to avoid it. Not saying it's healthy or correct, but there's a reason these jobs tend to attract the best and brightest. Money is a good motivator when you don't have it. When you have it you realize there are other things that can be important to you, but you've got to get the money first.
We've open sourced our integration tests for our API: https://github.com/serpapi

However we've really little unit tests.

There is balance between what tests are useful and which are not. Testing for sake of testing can be counterproductive. However in your case, it seems there is no reason to skip some form of testing or code reviews. Some companies have just bad practices.

One problem I've found with integration tests exclusively is that you end up having very little incentive to write modular code.
DevOps? Fix it on the production line mentality.
I've also experienced this in many companies. It has led me to question if tests are actually a good thing. The goal is never to write perfect code, the goal is to ship a product and many companies does this fine without testing.

Are we actually doing things too complicated and too good for the business case?

I think the key is, how bad is it if a defect gets through? And what kinds of measures (unit tests, functional tests by QA, etc.) will best prevent it? If you're making software that is fairly low-stakes, maybe it's not necessary to have any tests. If you can quickly see if there's a problem, and easily roll back, maybe tests are not necessary. If it's hard (or impossible) to really test the things that are most likely to break, maybe tests are just a placebo in that case and you shouldn't bother.

But the OP's description of his job doesn't seem to fall into any of those cases. Quite the opposite, I'd guess.

One of my interview questions when interviewing with a potential employer is: "describe your test infrastructure" and then ask them to dig into how they test different facets of their product. I will not work at a company that does not write and value tests. It's not worth the headaches.
I’ve seen this before. It’s not common practice as far as I can see but it does happen. I blogged about it here as ‘discounting the future to zero’

https://riskfirst.org/Evaluating-Risk#discounting-the-future...

Although it’s sometimes reasonable to not write tests, this kind of thing usually happens when everyone is being threatened with the sack on a daily basis, rather than lacking engineering skills

The problem is not about the tests but the long working hours. Do not give your time for free, the company just gets used to it and they will fire you the same when they do not need you anymore, or you get personal responsibility that don't allow you to work for so long.

When you get a better job then think about tests. Your health is first.

best situation I was in, we had a conference/group communications tool. Had a 'bot army' where each bot jumped around in the group space, turning mic on and off and texting. Wouldn't release until 100 bots could go all night and neither the client, server nor media node had problems.

That was a solid product!

I've been in this kind of place once, but it wasn't web dev. I was writing calibration and test software for fiber optic switches. In that particular case, you really can't mock out the real world behavior of a specialized piece of hardware that doesn't exist anywhere else.

Granted, there were theoretically some bits that could have been tested using automation, but those weren't the bits that ever caused any trouble.

Do you mean that there was literally only one instance of the hardware in existence? No physical duplicates of it for development/testing?
At one point, there was only one instance. We got it pretty much as soon as the hardware engineers were finished with it. It didn't work very well, so that made things a little more difficult for us (i.e. if something happened we didn't expect, it was difficult to decide whether to blame hardware or software).
It’s worth remembering that engineers don’t get paid to write tests, they get paid to produce software that supports some business need. In most circumstances, some amount of automated testing makes it faster to reliably meet those business needs.

If you’re building a lot of small, one-off tools for internal use, it may well be the case that some limited manual QA or UAT is sufficient to ensure that your work is good enough.

If you’re working on larger, more complex projects that are frequently updated, the shorter feedback loop that some amount of automated tests provide will probably save time and money by catching problems earlier, avoiding regressions, and reducing the need for repetitive, time-intensive manual testing.

But in any case, your testing needs will always be highly specific to the actual nature and needs of the project.

> It’s worth remembering that engineers don’t get paid to write tests, they get paid to produce software that supports some business need.

I view it differently.

We get paid to solve business problems, most often -- but not always -- with software.

Software that's broken in preventable ways doesn't solve business problems, it just creates new ones.

Outcomes, not output.

> Software that's broken in preventable ways doesn't solve business problems, it just creates new ones.

I think you may be missing OPs point. Software "that's broken in preventable ways" very frequently does solve business problems. And solves them well. That's why the industry works the way it does w.r.t. testing.

6 months to deliver 2 applications that each work 80% often provides more business value than 6 months to provide one application that works 100%. More functionality almost always is more valuable to a business - including warts and all.

I wasn't defining "broken" as "the engineers find it distasteful". I was defining it as "broken".

I agree with this:

> 6 months to deliver 2 applications that each work 80% often provides more business value than 6 months to provide one application that works 100%.

Though this is a question of product management prioritisation, not engineering practice. "It's faster to not write tests" depends entirely on a definition of completion that ignores the cost of repairing defects and coping with faults and failures in production.

> I wasn't defining "broken" as "the engineers find it distasteful". I was defining it as "broken".

If a piece of software literally will not launch period, then it is broken. If it can do pretty much anything more than that, then it "works to some degree", and just has some number of scenarios that are broken. And my point is that if it has 80% of scenarios that work and 20% of scenarios that are completely functionally broken (ie do not work at all for the customer) that still provides business value. That's the point I'm making. It's not ideal, but in the real world half broken software is immensely valuable.

> Software that's broken in preventable ways doesn't solve business problems, it just creates new ones.

So software that is broken in preventable ways, absolutely does solve business problems. And just about the entire software industry is proof of this.

To expand on the internal tool case from the GP:

If your software is designed to support, augment, or automate some sort of internal need for non-IT teams, there's a significant chance that there's already an inefficient, error-prone process in place as-is. Because even without your software, they still have to get their job done. And they're used to having a "good enough" mindset because they're used to making due with whatever tools/capabilities they have, regardless of fit.

As long as your software addresses their needs[1] and isn't any more error prone than whatever they're currently doing, they'll be happy. That said, whenever possible you do want to code your failure conditions or edge cases to fail hard and visibly or expose visible checks for the user. If it covers 80% of their needs, but they have to fall back to their old process for the other 20% of their needs, business users are generally happy with that. But if it pretends to work 100% of the time, but subtly and silently causes problems 20% of the time (and they don't know what 20%), then they'll be distrustful of it and resist (or resent) adopting it.

For externally-exposed software, I'd be a bit more wary of not having any tests at all. But for internal tools, I've seen far more systems without tests than with them.

> engineers don’t get paid to write tests, they get paid to produce software

I've heard this double-standard before, and it sounds plausible at first glance, but is quite demonstrably nonsense.

1) Automated tests are software

2) Engineers aren't paid to produce software (nobody would pay me to auto-generate a billion "hello world" programs per second). Engineers are paid to solve problems and/or create value. Tests solve problems (finding bugs, demonstrate usage, clarify thinking, document intent, etc.).

3) Software is a liability, not an asset. We should produce as little as needed, and delete it if possible.

4) Engineers aren't paid to perform manual testing (running commands over and over, clicking around web forms to see what happens, etc.)

I find #4, exploratory testing far more bang for buck than automated testing. I would argue engineers are paid to make services (software is a service) and exploratory testing is far more valuable towards that goal than automated tests.

a) users do crazy things. b) eating your own dogfood is worth it.

If by "exploratory testing" you mean things like clicking around on a site manually, then sure it can be useful to spend a couple of minutes looking for anything dodgy.

That doesn't mean engineers are paid to go through a list of regressions and edge-cases, look for broken links, double-check calculations with pen-and-paper, etc. All of that can be done across an entire site automatically in seconds; there's no excuse not to.

> a) users do crazy things

Again, thinking we can check such things better than a computer is misguided. Test frameworks like QuickCheck can stress-test a system with far more strange inputs/transitions than I could hope to think of.

Totally agree, any repeatable action can/should be automated. It hurts to see software engineers clicking login to test it still works.... Every day
If it's repeatable it isn't exploratory testing. The point of exploratory testing is to explore, not repeat ovee and over.
QuickCheck is a wonderful tool. Unfortunately most engineers go and write manual unit tests. But even with QuickCheck it is dumb to to test at the function level. Better to blackbox fuzz test.
I am dumb -- I test at the function level. I have a theory that the likelihood of catching a bug depends on the number of lines being tested, if each can be assumed to do its job. This implies that if a line calls a function that I wrote, I need to test that function. There is some work based on Kolmogorov complexity that seems to support this but didn't go very far (I did not see any follow up papers). Maybe it's all wrong. I am biased: I wrote quickcheck for R. (by the way, fuzz testing and randomized testing are two separate things).
> 1) Automated tests are software

Which is assumed to be free of defects because people are suckers for circular reasoning.

What are you talking about? The whole point of automated testing is to confront the empirical fact that all software tends to have bugs, so we shouldn't have much confidence that we got it right.

We can increase our confidence by trying a few examples, but only a little, since the scope for failure is so huge.

Hammering a system with thousands of edge-cases, interleavings, previous regressions, etc. can give us a bit more confidence; but takes a huge amount of time for a person to do manually. It's pretty easy to automate though, and there are a load of libraries and frameworks that make it even easier.

If we want even more confidence in a system, we can verify it against a machine-checkable specification. That's still too hard to automate in most cases.

In any particular situation we need to find an appropriate balance between the cost of increasing our confidence in the system (i.e. how much effort we're willing to spend on prove ourselves wrong) versus the cost of failure.

Automated tests (especially property checks) are so low-cost and high-yield that I find them always worth doing, unless the consequence of failure is near-zero.

What logically follows from the two statements below:

1. "Automated tests are software" 2. "all software tends to have bugs"

It follows that automated tests tend to have bugs. So what? That doesn't at all imply that we shouldn't use them.

You're presumably using a whole heap of software to post your comments, all of which will tend to have bugs; yet you still find it useful.

Boolean logic rarely captures the nuances of real-world situations, and the "rounding errors" accumulate at each step of such arguments, which can lead to some silly (but logically consistent) outcomes. I think you've fallen victim to this here.

In a similar way, it's a false dichotomy to think of software as being either buggy xor perfect; of testing (or any other QA) as proving brokenness xor correctness; or to consider bugginess as implying uselessness.

Notice that I framed things in terms of confidence (in a Bayesian sense) and costs; not absolutes.

Oh I am so tired of clicking around web forms to see what happens...

Seems most of my days are made of this lately.

Tests are a great way to take away tedious, boring, uninteresting essential tasks that can and will wear down a team.

It is very common. But the money is good, isn't it? :) If it isn't then you are missing out on the only real benefit of working in the finance industry.
I think the hustle mentality is a different issue, and I would be very hesitant to conflate the two or to entangle them in some way. It is unfortunately common, in my experience, however I hope you are looking for something else.

In my experience (20+ years of writing software professionally) I've never built an automated test. I've never used an automated test.

My preference is to write code and push it straight to production without even debugging it. tested afterwards, certainly, but if you're in such severe doubt that you're going to ruin the system, you need some serious code review.

My strong belief is that you cannot test your code into goodness, that is something that only a person can evaluate. By making myself better at coding, by not relying upon something else to make my code good for me, I am way more efficient than I could be otherwise. Given, this may limit the types of projects that I engage in, and certainly changes the project flow. However, when I look at my productivity as compared to others, I don't find any problems in my method.

Only human eyeballs can find some problems, despite how many cases you throw at something with automated testing.

If you've taken the view that testing adds no value, based on no personal experience, it will be hard to convince you otherwise.

But it's pretty well understood that tests are not a substitute for code reviews and vice versa. If that's your impression of TDD advocacy, I'm glad I could update it.

> In my experience (20+ years of writing software professionally) I've never built an automated test. I've never used an automated test.

That has to be quite an outlier. How do you find teams and managers that accept working like that? What's the failure rate of bugs found in production, and how much value at risk are we talking here?

I've written plenty of systems where automated testing was infeasible or useless .. but we always did manual testing before shipping.

(At the other end I've done IC design where if a mistake isn't found it's another £25k at least plus staff time to do a re-spin, so obviously we had automated tests with near 100% coverage)