This document discusses code smells, which are surface indications in source code that typically correspond to deeper problems in the system. It defines several common code smells such as duplicate code, large methods, magic numbers, dead code, and speculative code. The document provides explanations of these smells and recommendations for addressing them, such as extracting duplicated code into methods, breaking large classes into smaller focused classes, and avoiding checking in experimental code. It notes that code smells often arise from issues like haste, apathy, and ignorance when developing code.
There's still a lot of discussion on whether testers should be able to code or not. While coding and understanding of code is a useful skill, this presentation sets out to remind us of the stuff that does not involve code but is definitely relevant in developing software.
The presentation takes on a case view of things I do as a single "testing specialist" with a product development team of developers. We look at examples of things of value contributed as realised activities towards a common goal.
While presented from a testers perspective, there will be a lot of aspects anyone interested in software development may find relevant and useful.
Architecting apps - Can we write better code by planning ahead?Paul Ardeleanu
Creating a successful app is like erecting a house. The building part can become laborious, boring and dangerous at times, especially if very little attention is paid to the planning process and no blueprints are to be found; in some cases it leads to disastrous outcomes, unhappy stakeholders and overrunning costs.
The initial phase of understanding the client’s idea and expectations is the most critical and yet the least talked about: translating requirements into a well structure document is what makes or breaks an app – similar to creating a good architecture document before commencing work on a building.
In this talk, Paul will talk about the things a team should implement before writing a single line of code (diagrams, sketches, prototypes, etc) and affix yet another acronym to the corporate bingo list: DDD (Documentation-Driven Design).
There's still a lot of discussion on whether testers should be able to code or not. While coding and understanding of code is a useful skill, this presentation sets out to remind us of the stuff that does not involve code but is definitely relevant in developing software.
The presentation takes on a case view of things I do as a single "testing specialist" with a product development team of developers. We look at examples of things of value contributed as realised activities towards a common goal.
While presented from a testers perspective, there will be a lot of aspects anyone interested in software development may find relevant and useful.
Architecting apps - Can we write better code by planning ahead?Paul Ardeleanu
Creating a successful app is like erecting a house. The building part can become laborious, boring and dangerous at times, especially if very little attention is paid to the planning process and no blueprints are to be found; in some cases it leads to disastrous outcomes, unhappy stakeholders and overrunning costs.
The initial phase of understanding the client’s idea and expectations is the most critical and yet the least talked about: translating requirements into a well structure document is what makes or breaks an app – similar to creating a good architecture document before commencing work on a building.
In this talk, Paul will talk about the things a team should implement before writing a single line of code (diagrams, sketches, prototypes, etc) and affix yet another acronym to the corporate bingo list: DDD (Documentation-Driven Design).
Basics of Computer Coding: Understanding Coding LanguagesBrian Pichman
In this webinar, we will cover the different types of environments one may want to code for; whether that is apps, websites, programs that run on Windows, scripting, and more. Are you interested in learning code and considering if Java, PHP, CSS, Python or another language help bring a project to life? If you have a high-level approach to coding or are working on teaching patrons how to code or providing guidance to others, this will be a great resource to have.
We will learn about coding, types of code, and your " building-block" languages that eventually get you (or patrons) to the end goal of being a wizard coder. Resources for further education will be discussed in this webinar so you will have excellent next steps to continue your journey in a world of 1's and 0's.
Hack It 'Til You Make It: Acing The Technical Interviewjaysonjphillips
This presentation is a /dev/color workshop delivered by engineers Kaanon MacFarlane, Jayson Phillips and Devaris Brown on the topic of technical interviews. Here we provide some tips, tricks, reminders and notes on how to prepare for on-site engineering-focused sessions as a candidate going through the process of obtaining a new role.
This presentation was given at Blavity's Afrotech Conference at Bespoke in San Francisco, California on November 12th, 2016.
About /dev/color
/dev/color is a non-profit organization working to maximize the impact of Black software engineers. You can find out more information at http://devcolor.org.
Learn why you should do internships, how to choose, and of course, how to get them!
This was originally presented on 2nd September 2016 during Friday Hacks #116 hosted by NUS Hackers.
Watch a video of the presentation here: https://engineers.sg/video/friday-hacks-116-internships-and-why-you-should-do-them-nus-hackers--1105
Interviewing for software engineering positions can sometimes be intimidating - the candidate has no idea what he is checked for, and the company is usually surprised that candidates don't care about things that they might consider important. In this talk, we’ll discuss which skills are essential for us at Wix, which we value the most, and which we think good engineers can pick up quickly. I will show how to interpret job ads and explain what is our standard hiring procedure at Wix. Hopefully, this will help people to better prepare for interviews such as those done at Wix backend engineering.
Coderetreat is a one day intense workshop for software developers for imporving their development skills by practicing. This is the material I presented at the beginning of coderetreat I facilitated on May 2014.
We extended the development team by adding six highly skilled developers to help build content around Windows Phone, Azure and Windows 8. The product was an innovative e-learning system for improving software development skills.
Are you responsible for developing satellite on-board software? Are you the Dutch government and you have to efficiently implement the public benefits law? Are you a healthcare startup, developing companion apps that help patients through a treatment? Are you an insurance company struggling to create new, and evolve existing products quickly to keep up with the market? These are all examples of organisations who have built their own domain-specific programming language to streamline the development of applications that have a non-trivial algorithmic core. All have built their languages with Jetbrains MPS, an open source language development tool optimized for ecosystems of collaborating languages with mixed graphical, textual, tabular and mathematical notations. This talk has four parts. I start by motivating the need for DSLs based on real-world examples, including the ones above. I will then present a few high-level design practices that guide our language development work. Third, I will develop a simple language extension to give you a feel for how MPS works. And finally, I will point you to things you can read to get you started with your own language development practice.
Worst practices for domain-specific modellingMikhail Barash
Course "Domain-specific programming languages" (http://dsl-course.org). Developed by Mikhail Barash.
These slides are based on S. Kelly, R. Pohjonen, "Worst practices for domain-specific modelling", IEEE Software 26:4 (2009)
Technical writing training for engineers, software developers, or technicians. We teach you how to write for a specific target group and create well-structured documents.
What is practice, Examples, Best practices that developers should follow. Useful tools that every developer should carry and useful GitHub repositories.
Basics of Computer Coding: Understanding Coding LanguagesBrian Pichman
In this webinar, we will cover the different types of environments one may want to code for; whether that is apps, websites, programs that run on Windows, scripting, and more. Are you interested in learning code and considering if Java, PHP, CSS, Python or another language help bring a project to life? If you have a high-level approach to coding or are working on teaching patrons how to code or providing guidance to others, this will be a great resource to have.
We will learn about coding, types of code, and your " building-block" languages that eventually get you (or patrons) to the end goal of being a wizard coder. Resources for further education will be discussed in this webinar so you will have excellent next steps to continue your journey in a world of 1's and 0's.
Hack It 'Til You Make It: Acing The Technical Interviewjaysonjphillips
This presentation is a /dev/color workshop delivered by engineers Kaanon MacFarlane, Jayson Phillips and Devaris Brown on the topic of technical interviews. Here we provide some tips, tricks, reminders and notes on how to prepare for on-site engineering-focused sessions as a candidate going through the process of obtaining a new role.
This presentation was given at Blavity's Afrotech Conference at Bespoke in San Francisco, California on November 12th, 2016.
About /dev/color
/dev/color is a non-profit organization working to maximize the impact of Black software engineers. You can find out more information at http://devcolor.org.
Learn why you should do internships, how to choose, and of course, how to get them!
This was originally presented on 2nd September 2016 during Friday Hacks #116 hosted by NUS Hackers.
Watch a video of the presentation here: https://engineers.sg/video/friday-hacks-116-internships-and-why-you-should-do-them-nus-hackers--1105
Interviewing for software engineering positions can sometimes be intimidating - the candidate has no idea what he is checked for, and the company is usually surprised that candidates don't care about things that they might consider important. In this talk, we’ll discuss which skills are essential for us at Wix, which we value the most, and which we think good engineers can pick up quickly. I will show how to interpret job ads and explain what is our standard hiring procedure at Wix. Hopefully, this will help people to better prepare for interviews such as those done at Wix backend engineering.
Coderetreat is a one day intense workshop for software developers for imporving their development skills by practicing. This is the material I presented at the beginning of coderetreat I facilitated on May 2014.
We extended the development team by adding six highly skilled developers to help build content around Windows Phone, Azure and Windows 8. The product was an innovative e-learning system for improving software development skills.
Are you responsible for developing satellite on-board software? Are you the Dutch government and you have to efficiently implement the public benefits law? Are you a healthcare startup, developing companion apps that help patients through a treatment? Are you an insurance company struggling to create new, and evolve existing products quickly to keep up with the market? These are all examples of organisations who have built their own domain-specific programming language to streamline the development of applications that have a non-trivial algorithmic core. All have built their languages with Jetbrains MPS, an open source language development tool optimized for ecosystems of collaborating languages with mixed graphical, textual, tabular and mathematical notations. This talk has four parts. I start by motivating the need for DSLs based on real-world examples, including the ones above. I will then present a few high-level design practices that guide our language development work. Third, I will develop a simple language extension to give you a feel for how MPS works. And finally, I will point you to things you can read to get you started with your own language development practice.
Worst practices for domain-specific modellingMikhail Barash
Course "Domain-specific programming languages" (http://dsl-course.org). Developed by Mikhail Barash.
These slides are based on S. Kelly, R. Pohjonen, "Worst practices for domain-specific modelling", IEEE Software 26:4 (2009)
Technical writing training for engineers, software developers, or technicians. We teach you how to write for a specific target group and create well-structured documents.
What is practice, Examples, Best practices that developers should follow. Useful tools that every developer should carry and useful GitHub repositories.
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
Dr. Fahim Arif who is the Director R&D at MCS, principal investigator and GHQ authorized consultant for Nexsource Pak (Pvt) Ltd) discussed the capability of building cyber defense in the Data Protection and Cyber Security event that was hosted recently by Maven Logix. In his session he gave the audience valuable information about the life cycle of a cyber-threat discussing what and how to take measures by performing formal code reviews, code inspections. He discussed essential elements of code review, paired programming and alternatives to treat and tackle cyber-threat
Writing code is easy but writing maintainable code is almost impossible. During this talk I will discuss some of the principles of coding that relates to WordPress but goes beyond that.
Developers spend up to 20% of their time writing repetitive code that machines could generate more reliably. This presentation explores the problem of duplicated source code that stems from manual implementation of patterns and reveals how to automate the boring side of programming and get a 19x ROI.
The presentation provides insight into:
- the problem of manual implementation of patterns, resulting in boilerplate code
- the cost of boilerplate for companies
- existing technologies for pattern automation
- the key reasons to consider pattern-aware compiler extensions
The white paper was written for CTOs, software architects and senior developers in software-driven organizations—specifically in financial, insurance, healthcare, energy and IT industries that typically write a lot of repetitive code.
How I Learned to Stop Worrying and Love Legacy Code.....Mike Harris
Legacy Code. I never wrote it; everybody else did!
How many times have you waded through an ageing, decaying, tangled forrest of code and wished it would just die?
How many times have you heard someone say that what really needs to happen is a complete rewrite?
I have heard this many times, and, have uttered that fatal sentence myself.
But shouldn’t we love our legacy code?
Doesn’t it represent our investment and the hard work of ourselves and our predecessors?
Throwing it away is dangerous, because, before we do, we’ll need to work out exactly what it does, and we’ll need to tweeze out that critical business logic nestled in a deeply entangled knot of IF statements. It could take us years to do, and we’ll have to maintain two systems whilst we do it, inevitably adding new features to them both. Yes we get to reimplement using the latest, coolest programming language, instead of an old behemoth, but how long will our new cool language be around, and who will maintain that code, when it itself inevitably turns to legacy?
We can throw our arms in the air, complaining and grumbling about how we didn’t write the code, how we would never have written it the way it is, how those that wrote it were lesser programmers, possibly lesser humans themselves, but the code still remains, staring us in the face and hanging around for longer that we could possibly imagine. We can sort it out, we can improve it, we can make it testable, and we can learn to love our legacy code.
Enroll for Android Certification in Mumbai at Asterix Solution to develop your career in Android. Make your own android app after Android Developer Training provides under the guidance of expert Trainers. For more details, visit : http://www.asterixsolution.com/android-development-training.html
Duration - 90 hrs
Sessions - 3 per week
Applications - 50+ practise
Project - 1
Students - 15 (per batch)
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at:
https://youtu.be/KcFCcCsn6mM
Some of the things I learned during the last years from the GURU of the AGILE manifesto.
Be a Clean Coder from Robert C. Martin
Be a Pragmatic Programmer from Andrew Hunt
Be a extreme Programmer from Kent Beck
Understand the Continuous Delivery from Jez Humble and David Farley.
Thanks to Bruno Bossola , Marcello Todori and Mario Romano for the good chats about this topics.
In a whiteboard interview, your goal should be to convince the manager that you will be a positive influence on the team and contribute to the team's success. This guide will help you set the right mindset, ask the right questions, and showcase your strengths.
Our C# expert Eric Lippert provides his take on the psychology of C# analysis, including the business case for C#, developer characteristics and analysis tools.
Similar to Code smells and Other Malodorous Software Odors (20)
There's never been a better time to create amazing technology solutions. In this hands on workshop, you will learn the fundamental skills and techniques necessary to transform a digital dream into a viable solution that your customers and users will love.
MICROSOFT BLAZOR - NEXT GENERATION WEB UI OR SILVERLIGHT ALL OVER AGAIN?Clint Edmonson
In this talk we'll take a look at Microsoft’s latest foray into web UI frameworks. We’ll look at how Blazor works, the unique features it brings to bear, what the code looks like and wrap up with a discussion of the pros, cons, and whether or not it can live up to its promises.
The world around us filled a myriad of high performing, large throughput systems that we can borrow ideas from to help our IT teams and organizations perform and higher levels. Join us for a thought experiment where we examine several examples from our everyday world that can help us achieve unprecedented levels of flow and scale within our organizations.
This presentation distills the best industry guidance into a hands-on approach to designing application architectures. Along the way, we'll examine the key decisions that must be made when choosing our architectural styles and designing our layers and show how those decisions turn into real shippable code on a project.
This summer the Agile Alliance gathered together the world’s greatest Agile thinkers and practioners to further the advancement of Lean and Agile principles. Agile Developers and Teams, Executives and Managers, Coaches and Consultants came to Atlanta, Georgia to collaborate and learn from experts and thought leaders sharing their passion.
Please join us as we present our key takeaways and insights from this gathering of Agile tribes.
Key Topics:
The continuing evolution of Agile
Agile culture change
Scaling Agile in the enterprise
Advances in Agile architecture and DevOps
Lean & Agile DevOps with VSTS and TFS 2015Clint Edmonson
Take a guided tour of the latest features in Visual Studio Team Services & Team Foundation Server 2015 to help your team adopt Agile and DevOps practices. We will show you how the products and services will shape your process and enable your teams to build amazing applications on any platform.
Key Experiences:
Agile work item flow
Builds and continuous integration
Infrastructure as code
Self-hosted package management
Release management
And much more…
This presentation distills the best industry guidance into a hands-on approach to designing application architectures. Along the way, we'll examine the key decisions that must be made when choosing our architectural styles and designing our layers and show how those decisions turn into real shippable code on a project.
When it comes to development methods, lean and agile have clearly taken the lead. In the spirit of Kaizen, this session will take a look at the measures we can glean from agile teams, why the are relevant and interesting, and how we can use them to help our teams get even better.
Ever heard of the Law of Demeter? How about the Liskov Substitution Principle? This talk introduces key object-oriented laws and principles currently used in our field and provides guidance for their use when building applications on the .NET platform.
This presentation distills the best industry guidance into a hands-on approach to designing application architectures. Along the way, we'll examine the key decisions that must be made when choosing our architectural styles and designing our layers and show how those decisions turn into real shippable code on a project.
With the release of Windows 8, Microsoft has delivered a rich client application platform that is both powerful and approachable. Apps on this platform install easily and uninstall cleanly. They run in a single window that fills the entire screen by default. They automatically work with a variety of input sources, including touch, pen, mouse, and keyboard. Instead of static icons, they use live tiles that can display notifications. Best of all, these apps can be written using HTML5, CSS, and JavaScript.
Windows Azure enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. With this past summer’s new feature release, you can build applications using any operating system, language or tooling. In this session, we’ll bring you up to speed on all the amazing services available to developers in Windows Azure including web sites, cloud services, and virtual machines.
Introduction to Windows Azure Virtual MachinesClint Edmonson
With Windows Azure’s Infrastructure as a Service (IaaS) offerings you can easily run customized Windows Server or Linux images in the cloud. You retain full control of your images and maintain them as your business requires. In this session, you’ll get an overview of the offerings and see first-hand how to build, configure, and run your own VMs on Windows Azure.
Peering through the Clouds - Cloud Architectures You Need to MasterClint Edmonson
Heard of elastic computing? Cloud-bursting? Off-line rendering? Join us in this session where we walk through the key cloud scenarios every developer should be familiar with and when and where each should be used. We’ll discuss how the architecture of each of these scenarios is realized using the Windows Azure cloud platform
Architecting Scalable Applications in the CloudClint Edmonson
There is an increasing importance to architect applications for both growth and optimal user experience. Modern development tools allow you to develop fantastic applications, but there are pitfalls with architecting the applications in the wrong way. This talk will discuss industry proven best practices for building highly scalable web sites and applications and how they might be implemented on Windows Azure.
Windows Azure enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any operating system, language or tool. This session provides you with a roadmap to all the amazing services available to developers including web sites, virtual machines, big data, and more. You will learn how to start building great cloud apps right away!
A Force of One - Agile and the Solo DeveloperClint Edmonson
Ever been invited to a project kickoff party only to find out that you’re flying solo? Congratulations, you’ve just become the ultimate co-located, self-organized, cross-functional, energized agile team of one. Join us for this session where we explore how the lone coder can take advantage of the best agile has to offer in this era of ever shrinking budgets.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
4. Code Smell
Code smell, also known as bad smell in computer programming
code, refers to any symptom in the source code of a program that
may contain an area of concern.
According to Martin Fowler, "a code smell is a surface indication
that usually corresponds to a deeper problem in the system".
https://en.wikipedia.org/wiki/Code_smell
5. Code Sleuth
• A smell is by definition something that's quick to spot - or sniffable
• Smells don't always indicate a problem
• The best smells are easy to spot and most of time lead you to really
interesting problems
• It's easy for inexperienced people to spot them, even if they don't
know enough to evaluate if there's a real problem or to correct them
Martin Fowler
https://www.martinfowler.com/bliki/CodeSmell.html
8. Low Value Comments
Comments that don’t enhance understanding of the code.
Comments add value when:
• They describe the purpose of the code (why), not the what or
how
• Explain the steps in an algorithm
9.
10. Dead Code
Large blocks of code commented out and/or methods and classes that
are left in the code but no longer used in favor of newer functionality.
Dead code makes it harder to understand and maintain the system.
Quick fix:
• DELETE IT!
• If we ever want to see it again, we can look it up in source control
history.
11.
12. Marathon Methods
If it’s more than a screenful, its too much!
Some guidance:
• A method should have AT MOST 10-12 steps
• Extract large blocks into their own methods
• You will OFTEN find duplicated code
• A good looking method should look like the steps in a recipe
book
13.
14. Magic Numbers & Strings
Hard coded numbers and string values inside methods.
Generally based on an assumption or implicit knowledge and frequently duplicated
in multiple places.
Very susceptible to fat-fingering errors.
Remedies:
• Refactor to enums and use implicit conversions to ints or strings when
absolutely needed
• Consolidate down to static and read-only class fields and properties
• Strive to make the application data driven through a config or settings component
15.
16. Duplicate/Triplicate Code
Code fragments that look almost identical.
Could occur when multiple work on a code base and are unware of existing code
that could be used or refactored to be re-used.
Also occurs in haste when trying to meet a deadline and unable to resist the
temptation to copy and tweak a working class or method.
Advice:
• Refactoring is NOT something you do later! You are making things worse.
• ALWAYS use the Red-Green-Refactor cycle when coding
• You are a professional developer - make sure the code you are checking in is the
BEST work you can do and you would be proud to show someone else.
17.
18. The Blob Class
Lots of methods and properties, making the code difficult to read,
understand, and troubleshoot.
Often indicates that the class contains too many responsibilities.
Remedies:
• Can the large class be restructured or broken into smaller
classes?
• Use the Class Responsibility Collaborator (CRC) card exercise
to discover a better OO model
19.
20. Speculative Code
Tutorial, experimental or research code checked into the production
code base.
Code semantics are frequently different from the problem being
solved.
Advice:
• If you are exploring a solution or learning a new technique, do it in a
blank project or private branch until you are satisfied that it solves
your design problem
• Re-implement it in the production code base using intent-driven
development
21.
22. Not Invented Here (NIH) Syndrome
Code that re-invents the wheel. Pursuit of an interesting problem
trumps the needs of the project.
The right thing to do:
• Leverage well known, documented frameworks
• Avoid creating your own Rube Goldberg machine
23. Stack Overflow
Programming
Trusting someone else’s code
to solve your problem without
truly understanding how
and/or why it works.
Solution:
• Practice intent-driven
development
• Code with intent and purpose
• Understand EVERY line of
code you write
24. And many, many more…
Wikipedia
• https://en.wikipedia.org/wiki/Code_smell
Sourcemaking online lessons
• https://sourcemaking.com/refactoring/smells
Smells to Refactorings
• http://www.industriallogic.com/wp-
content/uploads/2005/09/smellstorefactorings.pdf
27. Primal Forces
• Haste – sacrificing integrity for expedience
• Sloth – making poor decisions based on the “easy” answer
• Apathy – not caring about solving known problems
• Narrow-mindedness – refusal to practice widely-known solutions
• Avarice – putting own intellectual pursuits above the needs of the
problem at hand
• Ignorance – failing to seek understanding before solving a problem
• Pride – inventing new designs when existing solutions could readily
be applied (NIH syndrome)
A code smell, also known as bad smell in computer programming code, refers to any symptom in the source code of a program that possibly indicates a deeper problem. Join us in this lively session where we will get a whiff of some aromas encountered in the field and how we can neutralize them.
Credits:
Flickr Creative Commons
Nosy by Just Add Light
https://www.flickr.com/photos/gnas/4534576312/in/photolist-7UGTyd-251bvvD-9jfETJ-nXm53F-5N5JAz-dxpYxK-fPzjhG-9yiFZe-fzfuAF-9kdqAn-fPzjsf-fPzisj-fPziwU-7Ay8sM-fPziH3-fPziX7-c5R6cj-fPhKM8-fPhKKK-a73Jve-iXFT5e-aaJjr1-9n9YFz-72nBBj-7MNSqN-7U46yV-2zHyhh-9yePL7-cU59m-5yfUY6-P3V8cy-fPhLiF-bfaRjX-fPhKRF-8Vc4z4-9nq4nL-fPhM1V-fPhL8R-9jfEQG-fPhLcX-fPhLKv-fPhKXD-6Mo9gZ-fPzj2L-7ZTQ3e-fPhKYR-fPziF7-fPhLdp-6MqCTU-fPziWh/
7 Layer Cake – Deep class inheritance hierarchies, conventional wisdom says getting more than 6 or 7 levels deep is a result of over analysis, especially if there are intermediate classes in the tree that are never instantiate and could be collapsed.