This document discusses various programming anti-patterns organized into three sections: programming anti-patterns, methodological anti-patterns, and configuration management anti-patterns. Some of the programming anti-patterns discussed include accidental complexity, blind faith, boat anchor, cargo cult programming, coding by exception, error hiding, hard coding, magic numbers, spaghetti code, and incorrect exceptions usage. Some methodological anti-patterns discussed include copy and paste programming, golden hammer, improbability factor, premature optimization, and premature pessimization.
This talk covers the process of using Coverity to carry out a static analysis of open source projects in order to find bugs. and improve the code base.
Release software is no less important than activities that precede it.
The Continuous Delivery is a set of practices and methodologies that build an ecosystem for the software development lifecycle.
We will see how to build this ecosystem around the applications developed, for which this release activities becomes a low-risk, inexpensive, fast and predictable.
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
Dr. Fahim Arif who is the Director R&D at MCS, principal investigator and GHQ authorized consultant for Nexsource Pak (Pvt) Ltd) discussed the capability of building cyber defense in the Data Protection and Cyber Security event that was hosted recently by Maven Logix. In his session he gave the audience valuable information about the life cycle of a cyber-threat discussing what and how to take measures by performing formal code reviews, code inspections. He discussed essential elements of code review, paired programming and alternatives to treat and tackle cyber-threat
The Continuous delivery Value @ codemotion 2014David Funaro
System Crash, failure data migration, partial update: issues that no one would ever want to meet during the deploy and ... hoping for the best is not enough.
The deployment activity is important as those that precede it. The Continuous Delivery will give you low risk, cheap, fast, predictable delivery and ... soundly.
This talk covers the process of using Coverity to carry out a static analysis of open source projects in order to find bugs. and improve the code base.
Release software is no less important than activities that precede it.
The Continuous Delivery is a set of practices and methodologies that build an ecosystem for the software development lifecycle.
We will see how to build this ecosystem around the applications developed, for which this release activities becomes a low-risk, inexpensive, fast and predictable.
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
Dr. Fahim Arif who is the Director R&D at MCS, principal investigator and GHQ authorized consultant for Nexsource Pak (Pvt) Ltd) discussed the capability of building cyber defense in the Data Protection and Cyber Security event that was hosted recently by Maven Logix. In his session he gave the audience valuable information about the life cycle of a cyber-threat discussing what and how to take measures by performing formal code reviews, code inspections. He discussed essential elements of code review, paired programming and alternatives to treat and tackle cyber-threat
The Continuous delivery Value @ codemotion 2014David Funaro
System Crash, failure data migration, partial update: issues that no one would ever want to meet during the deploy and ... hoping for the best is not enough.
The deployment activity is important as those that precede it. The Continuous Delivery will give you low risk, cheap, fast, predictable delivery and ... soundly.
Static Analysis Techniques For Testing Application Security - Houston Tech FestDenim Group
Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FXCop and the beta version of Microsoft’s XSSDetect tool. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
This presentation looks at the problem of selecting the best programming language and tools to ensure IoT software is secure, robust, and safe. By taking a look at industry best practices and decades of knowledge from other industries (such as automotive and aerospace), you will learn the criteria necessary to choose the right language, how to overcome gaps in developers’ skills, and techniques to ensure your team delivers bulletproof IoT applications.
La charla está enfocada en una herramienta de análisis de código estático, la cuál se encuentra en desarrollo actualmente, enfocada específicamente en la búsqueda de vulnerabilidades, en vez de centrarse en errores típicos de programación como las más populares herramientas de análisis de código tales como Coverity o Klockwork. Durante el transcurso de la misma se irá dando toda la base necesaria para entender el funcionamiento de estas herramientas, la diferencia entre herramientas para buscar bugs y vulnerabilidades así como la parte que el ponente considera fundamental de dar interactividad a este tipo de herramientas.
Al final de la charla se mostrará una pequeña demo de la herramienta actual y algunos fallos/vulnerabilidades encontrados gracias a la misma.
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
Growing as a software craftsperson (part 1) From Pune Software Craftsmanship.Dattatray Kale
Presentation on Saturday, April 13, 2019, From Pune Software Craftsmanship.
https://www.meetup.com/punesoftwarecraftsmancommunity/events/260255336/
Introduced Software Craftsmanship manifesto, professionalism for developers, Software engineering code of ethics, boys scout rule, Broken windows theory, Poka-yoke, and Cyclomatic Complexity.
Developers spend up to 20% of their time writing repetitive code that machines could generate more reliably. This presentation explores the problem of duplicated source code that stems from manual implementation of patterns and reveals how to automate the boring side of programming and get a 19x ROI.
The presentation provides insight into:
- the problem of manual implementation of patterns, resulting in boilerplate code
- the cost of boilerplate for companies
- existing technologies for pattern automation
- the key reasons to consider pattern-aware compiler extensions
The white paper was written for CTOs, software architects and senior developers in software-driven organizations—specifically in financial, insurance, healthcare, energy and IT industries that typically write a lot of repetitive code.
Grails has great performance characteristics but as with all full stack frameworks, attention must be paid to optimize performance. In this talk Lari will discuss common missteps that can easily be avoided and share tips and tricks which help profile and tune Grails applications.
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Zhen Huang
There is often a considerable delay between the discovery of a vulnerability and the issue of a patch. One mitigation strategy for this window of vulnerability is to use a configuration workaround, which prevents the vulnerable code from being executed at the cost of some lost functionality -- but if one is available. Since application configurations are not specifically designed to mitigate software vulnerabilities, we find that they only cover 25.2% of vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of configuration workarounds, we propose Security Workarounds for Rapid Response (SWRRs), which are designed to neutralize security vulnerabilities in a timely, secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs neutralize vulnerabilities by preventing vulnerable code from being executed at the cost of some lost functionality. However, the key difference is that SWRRs use existing error-handling code within applications, which enables them to be mechanically inserted with minimal knowledge of the application and minimal developer effort. This allows SWRRs to achieve high coverage while still being fast and easy to deploy.
We designed and implemented Talos, a system that mechanically instrument SWRRs into a given application, and evaluate it on five popular Linux server applications. We run exploits against 11 real-world software vulnerabilities and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can neutralize 75.1% of all potential vulnerabilities and incur a loss of functionality similar to configuration workarounds in 71.3% of those cases. Our overall conclusion is that automatically generated SWRRs can safely mitigate 2.1x times more vulnerabilities, while only incurring a loss of functionality comparable to that of traditional configuration workarounds.
Static Analysis Techniques For Testing Application Security - Houston Tech FestDenim Group
Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FXCop and the beta version of Microsoft’s XSSDetect tool. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
This presentation looks at the problem of selecting the best programming language and tools to ensure IoT software is secure, robust, and safe. By taking a look at industry best practices and decades of knowledge from other industries (such as automotive and aerospace), you will learn the criteria necessary to choose the right language, how to overcome gaps in developers’ skills, and techniques to ensure your team delivers bulletproof IoT applications.
La charla está enfocada en una herramienta de análisis de código estático, la cuál se encuentra en desarrollo actualmente, enfocada específicamente en la búsqueda de vulnerabilidades, en vez de centrarse en errores típicos de programación como las más populares herramientas de análisis de código tales como Coverity o Klockwork. Durante el transcurso de la misma se irá dando toda la base necesaria para entender el funcionamiento de estas herramientas, la diferencia entre herramientas para buscar bugs y vulnerabilidades así como la parte que el ponente considera fundamental de dar interactividad a este tipo de herramientas.
Al final de la charla se mostrará una pequeña demo de la herramienta actual y algunos fallos/vulnerabilidades encontrados gracias a la misma.
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
Growing as a software craftsperson (part 1) From Pune Software Craftsmanship.Dattatray Kale
Presentation on Saturday, April 13, 2019, From Pune Software Craftsmanship.
https://www.meetup.com/punesoftwarecraftsmancommunity/events/260255336/
Introduced Software Craftsmanship manifesto, professionalism for developers, Software engineering code of ethics, boys scout rule, Broken windows theory, Poka-yoke, and Cyclomatic Complexity.
Developers spend up to 20% of their time writing repetitive code that machines could generate more reliably. This presentation explores the problem of duplicated source code that stems from manual implementation of patterns and reveals how to automate the boring side of programming and get a 19x ROI.
The presentation provides insight into:
- the problem of manual implementation of patterns, resulting in boilerplate code
- the cost of boilerplate for companies
- existing technologies for pattern automation
- the key reasons to consider pattern-aware compiler extensions
The white paper was written for CTOs, software architects and senior developers in software-driven organizations—specifically in financial, insurance, healthcare, energy and IT industries that typically write a lot of repetitive code.
Grails has great performance characteristics but as with all full stack frameworks, attention must be paid to optimize performance. In this talk Lari will discuss common missteps that can easily be avoided and share tips and tricks which help profile and tune Grails applications.
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Zhen Huang
There is often a considerable delay between the discovery of a vulnerability and the issue of a patch. One mitigation strategy for this window of vulnerability is to use a configuration workaround, which prevents the vulnerable code from being executed at the cost of some lost functionality -- but if one is available. Since application configurations are not specifically designed to mitigate software vulnerabilities, we find that they only cover 25.2% of vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of configuration workarounds, we propose Security Workarounds for Rapid Response (SWRRs), which are designed to neutralize security vulnerabilities in a timely, secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs neutralize vulnerabilities by preventing vulnerable code from being executed at the cost of some lost functionality. However, the key difference is that SWRRs use existing error-handling code within applications, which enables them to be mechanically inserted with minimal knowledge of the application and minimal developer effort. This allows SWRRs to achieve high coverage while still being fast and easy to deploy.
We designed and implemented Talos, a system that mechanically instrument SWRRs into a given application, and evaluate it on five popular Linux server applications. We run exploits against 11 real-world software vulnerabilities and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can neutralize 75.1% of all potential vulnerabilities and incur a loss of functionality similar to configuration workarounds in 71.3% of those cases. Our overall conclusion is that automatically generated SWRRs can safely mitigate 2.1x times more vulnerabilities, while only incurring a loss of functionality comparable to that of traditional configuration workarounds.
Performance is a key aspect when developing an application, but for developers, production performance usually is a black box. When production problems arise, a lack of insight into log files and performance metrics forces us to reproduce issues locally before we can start to tackle the root cause. Using real world examples, we show how a unified performance management platform helps teams across the lifecycle to monitor applications, detect problems early on, and collect data that enables developers to efficiently solve problems.
Dopo aver annunciato la nuova partnership commerciale con DBMaestro, Emerasoft ha realizzato un webinar volto ad illustrare le principali caratteristiche di questo nuovo strumento innovativo: DBMaestro TeamWork.
Scopri DBmaestro Teamwork: la soluzione DevOps per il Database, che permette l’Agile Database Development, la Continuous Integration e la Continuous Delivery.
Guarda il video del webinar: https://www.youtube.com/watch?v=YzPB9Y6Y8tA
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
4. Accidental complexity
• Accidental complexity: Introducing unnecessary complexity
4 www.ExigenServices.com
into a solution
• While essential complexity is inherent and unavoidable,
accidental complexity is caused by the approach chosen to
solve the problem
– essential complexity: we have a hard problem
– accidental complexity: we have made a problem hard
– KISS principle
4
5. Accidental complexity
– Focus on the essential complexity
– Avoid “tricky code”
– After implementation check if your solution follow business problem
5 www.ExigenServices.com
• Solution:
5
7. 7 www.ExigenServices.com
Blind faith
• Blind faith (or blind programming): programmer develops a
solution or fixes a computer bug and deploys it without
testing
• The programmer has blind faith in his abilities
• Another form of blind faith is when a programmer calls a
subroutine without checking the result (e.g. for null)
7
8. 8 www.ExigenServices.com
Boat anchor
• Boat anchor refers to an unused piece of code that is left in
code, typically for the reason "In case we need it later”
• Problem:
– hard to differentiate between obsolete code and working code
– later it usually easier to rewrite method
– uncommenting code can cause bugs
• Use VCS to get old version if needed
8
9. Cargo cult programming
• Cargo cult originally referred to aboriginal religions which
9 www.ExigenServices.com
grew up in the South Pacific after World War II
• Cargo cult programming: Using patterns, technologies,
frameworks without understanding why
9
11. Coding by exception
• Coding by exception: Adding new code to handle each special
11 www.ExigenServices.com
case when it appears
• Typically happens due to covering new requirements
• 'One-off' solutions decrease performance and maintainability
• Try to generalize the special case first
• Well designed software projects contain
very few corner cases
11
12. • Error hiding: catching an error message before it can be shown
to the user and either showing nothing or showing a
meaningless message
• Cause: desire to hide complexity from the user
• Solution: Raise an exception to the user with simplified error
message, and save the full error message to an error log
• User should understand what to do from error message,
12 www.ExigenServices.com
Error hiding
provide possible solutions
12
13. • Hard coding: storing configuration data in source code rather
• Program could work correctly only in certain environment (on
• Every new environment (including build servers) should be tuned
13 www.ExigenServices.com
Hard coding
than configuration files
– configuration file path
– mail server name
– remote hosts
– … other system environment variables
developer machine)
to comply with hardcoded (predefined) structure
13
14. 14 www.ExigenServices.com
Hard coding
• Solution:
– obtain data from external sources
– generate data
– take it from user input
– pass data through command line or system property
14
15. • Soft coding: storing business logic in external resources rather
• Example: storing business rules in DB
• Reason: fear that the code we write will have to be changed as a
15 www.ExigenServices.com
Soft coding
than in source code
result of a business rule change
• Solution: avoid Hard Coding and Soft Coding
15
16. Magic numbers
• Magic numbers: Including unexplained numbers in algorithms
16 www.ExigenServices.com
• Replace them with constants:
• it is easier to read and understand
• it is easier to alter the value of the number, as it is
not duplicated
• it helps detect typos
16
17. Spaghetti code
• Spaghetti code: code that has a complex and tangled control
structure, especially one using many GOTOs, exceptions, threads,
or other "unstructured" branching constructs
17 www.ExigenServices.com
• Now term is used to describe any
code with tangled and twisted
logic, lots of branching,
polymorphic behavior etc
17
18. Spaghetti code
18 www.ExigenServices.com
Un-structured code
is a liability
18
Well-structured code
is an investment
19. Spaghetti code
• Structured programming greatly decreased the
incidence of spaghetti code: extensive use of
subroutines, block structures and for and while loops
19 www.ExigenServices.com
• Functions not more than 10-20 rows
• Use metrics to find spaghetti methods, e.g.
cyclomatic complexity, method length.
19
20. Spaghetti code: Other related
• Ravioli code: program structure is characterized by a number of
• While generally desirable from a coupling and cohesion
perspective, overzealous separation and encapsulation of code
can bloat call stacks and make navigation through the code more
difficult
20 www.ExigenServices.com
terms
small and (ideally) loosely-coupled components
20
21. Shotgun surgery
21 www.ExigenServices.com
• Shotgun surgery: features are added to several
places simultaneously, usually by copy-pasting
with slight variations
• Solution: Aspect oriented programming (AOP)
21
22. Shot in the Dark
• Shot in the Dark: production (or test) environment poor track
record leads to developers are guessing possible problems
• “We can’t reproduce the problem in QA but I think it is caused
22 www.ExigenServices.com
by feature “X””
• Solution: Measure, Don’t Guess
– local bug reproducing
– error stack trace
– profiler
22
23. Incorrect exceptions usage
• Incorrect exceptions usage: normal program flow
• Using exceptions to control program flow adds ambiguity
• Solution: use exception only to inform program about
errors. Checked – for recoverable errors, unchecked – for
unrecoverable errors
23 www.ExigenServices.com
implemented using exceptions
– exit from block using exception
– similar to goto statement
23
24. Incorrect data
• Incorrect data: could cause errors anytime during program
• In contrast to program flow errors data errors are hardly
exposed because data could be corrupted any stage earlier
– check data as early as possible
– check input data of methods (design by contract and firewalls)
24 www.ExigenServices.com
execution
• Solution:
24
25. • Lava flow: Retaining undesirable (redundant or low-quality)
code because removing it is too expensive or has
unpredictable consequences
25 www.ExigenServices.com
Lava flow
• If you leave tricky code –
describe your solution in
javadoc or comments
• Write tests – then you will
be confident in refactoring
25
27. Other programming anti-patterns
• Busy waiting: consuming CPU while waiting for something
to happen, usually by repeated checking instead of
messaging
• Negative cache is a cache that also stores "negative"
responses (result indicating error).
– e.g. when network was unavailable – cache error result, and
27 www.ExigenServices.com
return it even after network is back up.
27
29. Copy and paste programming
• Copy-paste programming: describe highly repetitive code
apparently produced by copy and paste operations
29 www.ExigenServices.com
• Use extract method refactoring
29
30. Copy and paste programming
• modification of any element does not require a changes in
30 www.ExigenServices.com
• Follow Don't Repeat Yourself (DRY) principle
other logically-unrelated elements
30
31. Golden hammer
instrument): assuming that a favorite solution is universally
applicable
• “If all you have is a hammer, everything looks like a nail"
31 www.ExigenServices.com
• Golden hammer (Maslow's hammer, law of the
31
Abraham Maslow, 1966
32. Golden hammer
– look at the problem from different points of view
– choose technology (concept, framework or tool) that better suits
– previous means you have o know at least on more solution to
– There are 191 fundamental software patterns (23 Gamma
Patterns + 17 Buschmann Patterns + 72 Analysis Patterns + 38
CORBA Design Patterns + 42 AntiPatterns)
32 www.ExigenServices.com
• Solution:
to solve the problem
problem (learn it if needed)
– [4] describes 140 antipatterns
32
33. Improbability factor
• Improbability factor: assuming that known error is improbable
to occur
– programmers are aware of the problem
– they are not allowed to fix the problem
– because the chances of the problem ever appearing are supposedly
negligible compared to other problems that could be solved with the
programmers' time and money
33 www.ExigenServices.com
33
34. Improbability factor
• As a result, the problem may still occur and do heavy damage due
34 www.ExigenServices.com
to Murphy's law
• Murphy's law typically stated as:
"Anything that can go wrong, will go wrong”
34
35. Premature optimization
• Premature optimization: Coding early-on for perceived efficiency,
sacrificing good design, maintainability, and sometimes even real-world
efficiency
• "We should forget about small efficiencies, say about 97% of the time:
35 www.ExigenServices.com
premature optimization is the root of all evil"
35
Donald Knuth, 1974
• A simple and elegant design is often easier to optimize
• In practice, it is often necessary to keep performance goals in mind when
first designing software, but the programmer balances the goals of design
and optimization
36. Premature pessimization
• Premature pessimization: Coding early-on for good design, leaving
36 www.ExigenServices.com
performance intentionally low
– multiple copying heavyweight container
– recalculating rather than caching
– etc
• Solution should be optimal (not optimized) for task
36
37. Programming by permutation
• Programming by permutation (or "programming by accident"):
trying to find a solution by making small changes (permutations)
to see if it works
– programmer does not fully understand the code or even don’t want to
37 www.ExigenServices.com
• Programmer trying to guess:
– calls and order of procedures
– parameters' values
– etc.
• Reason:
understand it
– external module API is insufficiently documented
37
38. Programming by permutation
– new bugs can be introduced, leading to a "solution" that is even less
– it’s usually impossible to tell whether the solution will work for all cases
– programming by permutation gives little or no assurance about the
38 www.ExigenServices.com
• Problems:
correct than the starting point
quality of the code produced
38
39. Reinventing the square wheel
• Reinventing the square wheel: Failing to adopt an existing,
adequate solution and instead creating a custom solution
(reinventing the wheel) which performs much worse than the
existing one (a square wheel).
39 www.ExigenServices.com
• Reason:
– engineer doesn’t know the standard solution
– engineer doesn’t like the standard solution
– second-system effect
39
40. Reinventing the square wheel
40 www.ExigenServices.com
• Problems:
– anyone starting from scratch, ignoring
the prior art, will naturally face same
old problems again
– wasted development time, delaying a
task
– developers will have to support their
solution, fixing bugs and adding new
features
40
42. Dependency hell
• Dependency hell (DLL hell, JAR hell): problems with versions of
42 www.ExigenServices.com
required products
• Problems:
– many dependencies
• high coupling
– long chains of dependencies
– conflicting dependencies
• if different versions of lib
cannot be simultaneously
installed
– circular dependencies
• you can’t separate units
by level of abstraction
42
43. Dependency hell
– software appliances (encapsulate dependencies in a one unit)
– portable applications
43 www.ExigenServices.com
• Solutions:
– version numbering (major and minor versions)
– smart package management (e.g. in Linux)
• repository-based package management systems
43
44. THANKS FOR COMING!!!
44 www.ExigenServices.com
• My contacts:
– e-mail: dmitriy.kochergin@exigenservices.com
– Skype: dmitry.kochergin
44
46. 46 www.ExigenServices.com
Links
Nr. Document Author, Date, Location
[1] Anti-patterns wiki •http://en.wikipedia.org/wiki/Anti-patterns
[2] AnemicDomainModel •http://www.martinfowler.com/bliki/AnemicDomainModel.html
[3] AntiPatterns •http://www.antipatterns.com/briefing/sld001.htm
[4] AntiPatterns catalog •http://c2.com/cgi-bin/wiki?AntiPatternsCatalog
[5] Supported by the Antipattern template •http://c2.com/cgi-bin/wiki?AntiPatternTemplate
[6] AntiPatterns: Refactoring Software,
Architectures, and
Projects in Crisis by William J. Brown
et.al. (Wiley)
[7] AntiPatterns •http://sourcemaking.com/antipatterns
46