Continuous Inspection: Fight back the 7 deadly sins of a developer!
•
4 likes•37,010 views
This document discusses continuous inspection as a way for developers to fight against the seven deadly sins of development. It introduces each of the seven deadly sins - lust, gluttony, greed, sloth, wrath, envy, and pride - and provides examples of how they may manifest in code. It then discusses how tools like Sonar can help with continuous inspection by analyzing code for potential issues and tracking metrics over time to control technical debt.
Report
Share
Report
Share
Download to read offline
Recommended
Getting Started In Qa
This is a talk I gave at the FossCoach track of OSCON 2008. It's about getting started in QA in an open source project.
Transitioning to quality software
The document discusses the importance of measuring metrics related to code quality and health in order to transition from working software to high quality software. It provides examples of metrics that can be measured such as coding standard violations, duplicated code, dead code, code coverage by tests, number of open tasks, complexity of expressions, and modularity. It explains what different trends in these metrics may indicate and considerations for utilizing the metrics such as tools, policies, and developer skills. Regular measurement and response to trends helps avoid issues like increasing technical debt and the "Broken Window Syndrome."
Lecture 18: »Du mußt dein leben ändern«
Eighteenth lecture for my students in English 165EW, "Life After the End of the World," winter 2013 at UC Santa Barbara.
Course website: http://patrickbrianmooney.nfshost.com/~patrick/ta/w13/
Continuous Inspection - Uma abordagem efetiva para melhoria contínua da quali...
This document discusses approaches for continuous improvement of software quality, including metrics, inspections, static code analysis, and refactoring. It provides examples of specific metrics like cyclomatic complexity, duplicated code, long methods, and excessive dependencies that can be measured and improved through refactoring. Continuous inspection is suggested through integrating static code analysis into continuous integration to continuously measure and improve code quality.
Oryx and Crake
Margaret Atwood is a renowned Canadian author known for her feminist works. She began writing at a young age and studied literature in university. Atwood is highly accomplished, winning the Booker Prize and being nominated five times. Her novels often depict women struggling against patriarchal societies. In Oryx and Crake, she imagines a future world corrupted by genetic experimentation and unchecked capitalism. The story follows Jimmy from his childhood alongside his friend Crake, who grows up to be a mad scientist behind a viral outbreak that wipes out humanity.
CodeClub - Teaching the young generation programming
Code Club is all about connecting talented computer programmers with their local schools and providing them with the materials they need to help kids learn to code. It is a nationwide network of free volunteer-led after-school coding clubs for children aged 9-11. In this talk I will tell you what this is all about and how you can get involved and support this great initiative.
Keys To World-Class Retail Web Performance - Expert tips for holiday web read...
As Walmart.com’s former head of Performance and Reliability, Cliff Crocker knows large scale web performance. Now SOASTA’s VP of products, Cliff is pouring his passion and expertise into cloud testing to solve the biggest challenges in mobile and web performance.
The holiday rush of mobile and web traffic to your web site has the potential for unprecedented success or spectacular public failure. The world’s leading retailers have turned to the cloud to assure that no matter what load, mobile and web apps will delight customers and protect revenue.
Join us as Cliff explores the key criteria for holiday web performance readiness:
Closing the gap in front- and back-end web performance and reliability
Collecting real user data to define the most realistic test scenarios
Preparing properly for the virtual walls of traffic during peak events
Leveraging CloudTest technology, as have 6 of 10 leading retailers
DEVIntersection 2014 iOS and Android Development for C# Developers
As the mobile landscape continues to expand and evolve managing multiple code bases in different programming languages and development tools can become a nightmare fast. In this session you will learn how to leverage the awesome features of C# and combine them with Xamarin technology to design and develop beautiful native cross platform mobile apps for iOS, Android, and Windows from a shared C# code base with the tools that you love. We will even see how to share more code with Xamarin.Forms, which enables you to build native UIs for iOS, Android and Windows Phone from a single, shared C# codebase.
Recommended
Getting Started In Qa
This is a talk I gave at the FossCoach track of OSCON 2008. It's about getting started in QA in an open source project.
Transitioning to quality software
The document discusses the importance of measuring metrics related to code quality and health in order to transition from working software to high quality software. It provides examples of metrics that can be measured such as coding standard violations, duplicated code, dead code, code coverage by tests, number of open tasks, complexity of expressions, and modularity. It explains what different trends in these metrics may indicate and considerations for utilizing the metrics such as tools, policies, and developer skills. Regular measurement and response to trends helps avoid issues like increasing technical debt and the "Broken Window Syndrome."
Lecture 18: »Du mußt dein leben ändern«
Eighteenth lecture for my students in English 165EW, "Life After the End of the World," winter 2013 at UC Santa Barbara.
Course website: http://patrickbrianmooney.nfshost.com/~patrick/ta/w13/
Continuous Inspection - Uma abordagem efetiva para melhoria contínua da quali...
This document discusses approaches for continuous improvement of software quality, including metrics, inspections, static code analysis, and refactoring. It provides examples of specific metrics like cyclomatic complexity, duplicated code, long methods, and excessive dependencies that can be measured and improved through refactoring. Continuous inspection is suggested through integrating static code analysis into continuous integration to continuously measure and improve code quality.
Oryx and Crake
Margaret Atwood is a renowned Canadian author known for her feminist works. She began writing at a young age and studied literature in university. Atwood is highly accomplished, winning the Booker Prize and being nominated five times. Her novels often depict women struggling against patriarchal societies. In Oryx and Crake, she imagines a future world corrupted by genetic experimentation and unchecked capitalism. The story follows Jimmy from his childhood alongside his friend Crake, who grows up to be a mad scientist behind a viral outbreak that wipes out humanity.
CodeClub - Teaching the young generation programming
Code Club is all about connecting talented computer programmers with their local schools and providing them with the materials they need to help kids learn to code. It is a nationwide network of free volunteer-led after-school coding clubs for children aged 9-11. In this talk I will tell you what this is all about and how you can get involved and support this great initiative.
Keys To World-Class Retail Web Performance - Expert tips for holiday web read...
As Walmart.com’s former head of Performance and Reliability, Cliff Crocker knows large scale web performance. Now SOASTA’s VP of products, Cliff is pouring his passion and expertise into cloud testing to solve the biggest challenges in mobile and web performance.
The holiday rush of mobile and web traffic to your web site has the potential for unprecedented success or spectacular public failure. The world’s leading retailers have turned to the cloud to assure that no matter what load, mobile and web apps will delight customers and protect revenue.
Join us as Cliff explores the key criteria for holiday web performance readiness:
Closing the gap in front- and back-end web performance and reliability
Collecting real user data to define the most realistic test scenarios
Preparing properly for the virtual walls of traffic during peak events
Leveraging CloudTest technology, as have 6 of 10 leading retailers
DEVIntersection 2014 iOS and Android Development for C# Developers
As the mobile landscape continues to expand and evolve managing multiple code bases in different programming languages and development tools can become a nightmare fast. In this session you will learn how to leverage the awesome features of C# and combine them with Xamarin technology to design and develop beautiful native cross platform mobile apps for iOS, Android, and Windows from a shared C# code base with the tools that you love. We will even see how to share more code with Xamarin.Forms, which enables you to build native UIs for iOS, Android and Windows Phone from a single, shared C# codebase.
Continuous inspection with Sonar
This document summarizes a presentation about continuous inspection and reducing technical debt in software development. It discusses the "7 deadly sins" that can accumulate technical debt, such as duplications, lack of testing, and complexity. It introduces Sonar as a tool to help developers measure and reduce these sins by augmenting their ability to reduce, reuse and recycle source code. The presentation demonstrates Sonar and outlines its future roadmap to expand its rules, metrics, and language support to further help developers improve software quality.
LocWorld: Building an Internationalization Plan; October 2011
This document discusses creating a plan for ongoing internationalization and localization efforts. It recommends conducting an initial assessment of code and requirements to understand what is and isn't internationalized. It also suggests creating an actionable plan with tasks, schedule, staffing, and costs. For ongoing efforts, it advises measuring internationalization as part of regular development processes, leveraging tools to catch bugs early, and focusing on expertise through training and collaboration with specialists.
Why You Need to Stop Using "The" Staging Server
Old staging methodology is broken for modern development. In fact, the staging server is left over from when we built monolithic applications. Find out why microservice architectures are driving ephemeral testing environments & why every sized dev shop should deliver true continuous deployment.
Staging servers slow down development with merge conflicts, slow iteration loops, and manhour intensive processes. To build better software faster containers and infrastructure as code are key in 2017. Dev Ops professionals miss this talk at their own peril.
Javascript Unit Testing Tools
Javascript testing (Javascript unit test) is an essential part when your developer is using logic in his code. Like hundreds of other things in the world of JavaScript , there are many choices for how to unit test the code. Here we compare some best javascript testing unit tools like karma, jasmine, Qunit, Mocha etc.
Bug hunting through_reverse_engineering
The document discusses reverse engineering techniques for bug hunting and exploit development. It covers analyzing software, hardware, applications, operating systems and firmware through static and dynamic reverse engineering. Static techniques include disassembling and analyzing binary code while dynamic techniques involve emulating or debugging running programs. The document also discusses fuzzing techniques, common bug classes, challenges like obfuscated code, and tools like LLVM and LibFuzzer that can be used for reverse engineering and fuzzing. The overall goal of reverse engineering discussed is to develop exploits by finding and analyzing bugs, whether to develop without source code, bypass restrictions, or for malware analysis and curiosity.
Phonegap for Engineers
PhoneGap allows developers to build native mobile apps using web technologies like HTML, CSS, and JavaScript. It works by wrapping web content in a native container on each mobile platform, allowing developers to write code once and deploy it across iOS, Android, BlackBerry, and other platforms. PhoneGap uses a plugin architecture that enables accessing native device APIs like the camera, contacts, and geolocation from JavaScript. It supports many mobile browsers and platforms, while providing tools for compiling, debugging, and deploying apps.
A Simple 8-Step Guide to Setting Up a Dev Shop
This document outlines 8 steps for setting up a software development shop, along with a bonus 9th step. The 8 steps are: source control, code review, test automation, development environment, continuous integration, deployment, servers, and monitoring and alerting. The bonus 9th step emphasizes eliminating single points of failure to ensure system reliability. Various tools are listed under each step as options to consider.
Cloud tools
John McCaffrey gives a presentation on cloud tools for development. He discusses terminology related to hosting and deploying applications. Some hosting options he covers include self-hosting, Amazon Web Services, EngineYard, Heroku, and AppHarbor. John then demonstrates deploying applications to Heroku and monitoring tools. He finishes by discussing collaboration tools like email, chat, screen sharing, and code repositories on services like GitHub.
The Seven Deadly Coding Sins Slides
Gary Rattray presented on the 7 deadly coding sins to the Mobile Dev NJ Meetup. The 7 sins are: 1) duplication, 2) lack of unit tests, 3) complexity, 4) potential bugs, 5) coding standards, 6) design spaghetti, and 7) comments. Spaghetti code refers to source code with a complex, tangled structure using many unstructured branching constructs. Resources on coding guidelines and unit testing from Apple's developer sites are provided.
Clean Code Part III - Craftsmanship at SoCal Code Camp
When building a house, good architecture and craftsmanship together form the needed crucial elements for success. The same pattern applies to software development. As the previous sessions focused on the architectural part of software development, this session will strongly focus on often forgotten but very important areas of coding.
You will learn why naming is really difficult if done right, why coding and style guidelines are crucial, code structuring, exception handling and why other elements of coding often define the tipping point between success and failure of projects. Following the principles of software craftsmanship will allow you to end up with better maintainability and extensibility of your software and the success of the project in the end.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation.
Why writing Clean Code makes us more efficient
Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs. Writing clean code can significantly lower these costs. However, writing clean code also makes you more efficient during the initial development time and results in more stable code. You will be presented design patterns and best practices which will make you write better and more easily maintainable code, seeing code in a holistic way. You will learn how to apply them by using an existing implementation as the starting point of the presentation. Finally, patterns & practices benefits are explained.
This presentation is based on C# and Visual Studio 2010. However, the demonstrated patterns and practice can be applied to every other programming language too.
Badneedles
"Finding Bad Needles on a Worldwide Scale" - presentation on our experience of developing, testing and improving cross-site scripting scanners and the methods of more accurate web application security testing. See 2015.appsec.eu for more information.
DevOps Culture at Amazon
Learn about how Amazon enables its developers to rapidly release and iterate software while maintaining industry-leading standards on security, reliability, and performance. In this talk, we will discuss the culture of two pizza teams and how to maintain a culture of DevOps in a large enterprise.
Abusing bleeding edge web standards for appsec glory
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
DevOps Unleashed: Strategies that Speed Deployments
Modern identity management platforms must be agile and secure enough to respond to demanding business timelines. As a result, many organizations are seeking cloud-based approaches to digital security and need offerings that are optimized for environments including Cloud Foundry, Azure, GCE, AWS and OpenStack. Your dev-ops strategy could be the difference between hitting or missing business-critical deadlines. In this webinar, learn how we are enhancing the ForgeRock Identity Platform to enable developers to use container-oriented technologies such as Kubernetes and Docker to accelerate deployment.
Php|tek '12 It's More Than Just Style
Mention PHP CodeSniffer, and most will think it’s just for style. Add passing PHP CodeSniffer to your test suites, and hear the groans. Why are we wasting time on whitespace rules? Why does it matter that my lines are longer than X characters? The answer: PHP CodeSniffer is more than just style. In this talk we will discuss what sniffs can save you from runtime errors, sniffs that can help you upgrade your PHP install, and sniffs that can help you find the bits of code that are slowing down you and your team.
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
Cloud Foundry is an open platform as a service that provides choice for development frameworks, services, and deployment targets. It includes options for using Cloud Foundry on public and private clouds as well as for development on a local machine. Cloud Foundry aims to avoid lock-in by being open source and supporting multiple clouds and frameworks.
Ci of js and apex using jasmine, phantom js and drone io df14
This document discusses using continuous integration and continuous delivery for Salesforce development. It introduces the concepts of CI and CD and describes using Grunt, Drone.io, Jasmine, Istanbul and Ant together in an opinionated stack. Grunt is used to define tasks. Jasmine is used for JavaScript testing. Ant is used for Apex tests and deploying to orgs. Drone.io automates running builds and deploying code changes to development and QA orgs after code is committed.
Os Alrubaie
This document discusses various tools for debugging and testing the web tier, including:
- Firebug and Web Developer Toolbar which allow debugging of CSS, browser features, and JavaScript.
- JsUnit which provides a unit testing framework for JavaScript with capabilities like test functions, suites, and automated testing.
- Selenium which is a tool for acceptance testing that simulates user interactions and uses standard browser technologies.
- Other tools mentioned are Crosscheck for unit testing, and tracing for viewing test outputs. The document emphasizes the importance of testing and debugging for software quality.
Os Alrubaie
This document discusses various tools for debugging and testing the web tier, including:
- Firebug and Web Developer Toolbar which allow debugging of CSS, browser features, and JavaScript.
- JsUnit for unit testing JavaScript functions and pages. Tests can be run from a testRunner page.
- Selenium for acceptance testing by simulating user interactions in standard browsers.
- Other tools mentioned include Crosscheck for unit testing, and tracing for viewing test outputs. The importance of testing, isolation, customization and manageability of test environments is emphasized.
Flexing your Agile Muscle - Agile Technical Concepts Explained
Continuous integration, acceptance test driven development (ATDD), specification by example and continuous deployment: The list of have-to-know concepts is growing and you have this nagging feeling that you should really get started so you won’t miss out on the fun.
Learn what basic Agile technical concepts mean, understand how you can benefit from using them and get ideas for how you might get started. Also, you will be able to explain to your boss or project manager why Agile technical concepts are well worth the investment.
This session will keep things on a strictly conceptual level - so whether you’re a developer or an interested manager please come along.
The Journey Towards Continuous Integration
The document discusses the journey of implementing continuous integration (CI) practices. It describes initial frustrations with ad hoc builds and lack of standards. A council was formed including managers and developers to address threats, opportunities and plan implementation. Automation tools were adopted, including Cruisecontrol, PHPUnit, phpDocumentor, PHP_Codesniffer, and others to enable automated builds, testing, documentation and metrics. Jenkins was later adopted for its improved installation, configuration and support for multiple languages. SonarQube was also used for continuous analysis and quality management. Implementing a CI culture involved adopting development models, scaling the build process, code reviews and improving communication.
Praktyczne code reviews - PHPConPl
Wbrew powszechnym opiniom, nie tak prosto jest zrobić dobre Code Review. Robione w pośpiechu, tylko po to by je "odbębnić", często stwarza więcej szkody niż pożytku. Opowiem wam dlaczego code review jest ważne i jak wykorzystać ten proces aby upewnić się, że napisany kod jest najwyższej jakości. Będę nie tylko mówił o tym kto powinien robić code reviews, i dla kogo, jakie informacje są potrzebne do przeprowadzenia skutecznego code review, ale także jak zrobić dobre code review w najkrótszym możliwym czasie.
More Related Content
Similar to Continuous Inspection: Fight back the 7 deadly sins of a developer!
Continuous inspection with Sonar
This document summarizes a presentation about continuous inspection and reducing technical debt in software development. It discusses the "7 deadly sins" that can accumulate technical debt, such as duplications, lack of testing, and complexity. It introduces Sonar as a tool to help developers measure and reduce these sins by augmenting their ability to reduce, reuse and recycle source code. The presentation demonstrates Sonar and outlines its future roadmap to expand its rules, metrics, and language support to further help developers improve software quality.
LocWorld: Building an Internationalization Plan; October 2011
This document discusses creating a plan for ongoing internationalization and localization efforts. It recommends conducting an initial assessment of code and requirements to understand what is and isn't internationalized. It also suggests creating an actionable plan with tasks, schedule, staffing, and costs. For ongoing efforts, it advises measuring internationalization as part of regular development processes, leveraging tools to catch bugs early, and focusing on expertise through training and collaboration with specialists.
Why You Need to Stop Using "The" Staging Server
Old staging methodology is broken for modern development. In fact, the staging server is left over from when we built monolithic applications. Find out why microservice architectures are driving ephemeral testing environments & why every sized dev shop should deliver true continuous deployment.
Staging servers slow down development with merge conflicts, slow iteration loops, and manhour intensive processes. To build better software faster containers and infrastructure as code are key in 2017. Dev Ops professionals miss this talk at their own peril.
Javascript Unit Testing Tools
Javascript testing (Javascript unit test) is an essential part when your developer is using logic in his code. Like hundreds of other things in the world of JavaScript , there are many choices for how to unit test the code. Here we compare some best javascript testing unit tools like karma, jasmine, Qunit, Mocha etc.
Bug hunting through_reverse_engineering
The document discusses reverse engineering techniques for bug hunting and exploit development. It covers analyzing software, hardware, applications, operating systems and firmware through static and dynamic reverse engineering. Static techniques include disassembling and analyzing binary code while dynamic techniques involve emulating or debugging running programs. The document also discusses fuzzing techniques, common bug classes, challenges like obfuscated code, and tools like LLVM and LibFuzzer that can be used for reverse engineering and fuzzing. The overall goal of reverse engineering discussed is to develop exploits by finding and analyzing bugs, whether to develop without source code, bypass restrictions, or for malware analysis and curiosity.
Phonegap for Engineers
PhoneGap allows developers to build native mobile apps using web technologies like HTML, CSS, and JavaScript. It works by wrapping web content in a native container on each mobile platform, allowing developers to write code once and deploy it across iOS, Android, BlackBerry, and other platforms. PhoneGap uses a plugin architecture that enables accessing native device APIs like the camera, contacts, and geolocation from JavaScript. It supports many mobile browsers and platforms, while providing tools for compiling, debugging, and deploying apps.
A Simple 8-Step Guide to Setting Up a Dev Shop
This document outlines 8 steps for setting up a software development shop, along with a bonus 9th step. The 8 steps are: source control, code review, test automation, development environment, continuous integration, deployment, servers, and monitoring and alerting. The bonus 9th step emphasizes eliminating single points of failure to ensure system reliability. Various tools are listed under each step as options to consider.
Cloud tools
John McCaffrey gives a presentation on cloud tools for development. He discusses terminology related to hosting and deploying applications. Some hosting options he covers include self-hosting, Amazon Web Services, EngineYard, Heroku, and AppHarbor. John then demonstrates deploying applications to Heroku and monitoring tools. He finishes by discussing collaboration tools like email, chat, screen sharing, and code repositories on services like GitHub.
The Seven Deadly Coding Sins Slides
Gary Rattray presented on the 7 deadly coding sins to the Mobile Dev NJ Meetup. The 7 sins are: 1) duplication, 2) lack of unit tests, 3) complexity, 4) potential bugs, 5) coding standards, 6) design spaghetti, and 7) comments. Spaghetti code refers to source code with a complex, tangled structure using many unstructured branching constructs. Resources on coding guidelines and unit testing from Apple's developer sites are provided.
Clean Code Part III - Craftsmanship at SoCal Code Camp
When building a house, good architecture and craftsmanship together form the needed crucial elements for success. The same pattern applies to software development. As the previous sessions focused on the architectural part of software development, this session will strongly focus on often forgotten but very important areas of coding.
You will learn why naming is really difficult if done right, why coding and style guidelines are crucial, code structuring, exception handling and why other elements of coding often define the tipping point between success and failure of projects. Following the principles of software craftsmanship will allow you to end up with better maintainability and extensibility of your software and the success of the project in the end.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation.
Why writing Clean Code makes us more efficient
Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs. Writing clean code can significantly lower these costs. However, writing clean code also makes you more efficient during the initial development time and results in more stable code. You will be presented design patterns and best practices which will make you write better and more easily maintainable code, seeing code in a holistic way. You will learn how to apply them by using an existing implementation as the starting point of the presentation. Finally, patterns & practices benefits are explained.
This presentation is based on C# and Visual Studio 2010. However, the demonstrated patterns and practice can be applied to every other programming language too.
Badneedles
"Finding Bad Needles on a Worldwide Scale" - presentation on our experience of developing, testing and improving cross-site scripting scanners and the methods of more accurate web application security testing. See 2015.appsec.eu for more information.
DevOps Culture at Amazon
Learn about how Amazon enables its developers to rapidly release and iterate software while maintaining industry-leading standards on security, reliability, and performance. In this talk, we will discuss the culture of two pizza teams and how to maintain a culture of DevOps in a large enterprise.
Abusing bleeding edge web standards for appsec glory
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
DevOps Unleashed: Strategies that Speed Deployments
Modern identity management platforms must be agile and secure enough to respond to demanding business timelines. As a result, many organizations are seeking cloud-based approaches to digital security and need offerings that are optimized for environments including Cloud Foundry, Azure, GCE, AWS and OpenStack. Your dev-ops strategy could be the difference between hitting or missing business-critical deadlines. In this webinar, learn how we are enhancing the ForgeRock Identity Platform to enable developers to use container-oriented technologies such as Kubernetes and Docker to accelerate deployment.
Php|tek '12 It's More Than Just Style
Mention PHP CodeSniffer, and most will think it’s just for style. Add passing PHP CodeSniffer to your test suites, and hear the groans. Why are we wasting time on whitespace rules? Why does it matter that my lines are longer than X characters? The answer: PHP CodeSniffer is more than just style. In this talk we will discuss what sniffs can save you from runtime errors, sniffs that can help you upgrade your PHP install, and sniffs that can help you find the bits of code that are slowing down you and your team.
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
Cloud Foundry is an open platform as a service that provides choice for development frameworks, services, and deployment targets. It includes options for using Cloud Foundry on public and private clouds as well as for development on a local machine. Cloud Foundry aims to avoid lock-in by being open source and supporting multiple clouds and frameworks.
Ci of js and apex using jasmine, phantom js and drone io df14
This document discusses using continuous integration and continuous delivery for Salesforce development. It introduces the concepts of CI and CD and describes using Grunt, Drone.io, Jasmine, Istanbul and Ant together in an opinionated stack. Grunt is used to define tasks. Jasmine is used for JavaScript testing. Ant is used for Apex tests and deploying to orgs. Drone.io automates running builds and deploying code changes to development and QA orgs after code is committed.
Os Alrubaie
This document discusses various tools for debugging and testing the web tier, including:
- Firebug and Web Developer Toolbar which allow debugging of CSS, browser features, and JavaScript.
- JsUnit which provides a unit testing framework for JavaScript with capabilities like test functions, suites, and automated testing.
- Selenium which is a tool for acceptance testing that simulates user interactions and uses standard browser technologies.
- Other tools mentioned are Crosscheck for unit testing, and tracing for viewing test outputs. The document emphasizes the importance of testing and debugging for software quality.
Os Alrubaie
This document discusses various tools for debugging and testing the web tier, including:
- Firebug and Web Developer Toolbar which allow debugging of CSS, browser features, and JavaScript.
- JsUnit for unit testing JavaScript functions and pages. Tests can be run from a testRunner page.
- Selenium for acceptance testing by simulating user interactions in standard browsers.
- Other tools mentioned include Crosscheck for unit testing, and tracing for viewing test outputs. The importance of testing, isolation, customization and manageability of test environments is emphasized.
Flexing your Agile Muscle - Agile Technical Concepts Explained
Continuous integration, acceptance test driven development (ATDD), specification by example and continuous deployment: The list of have-to-know concepts is growing and you have this nagging feeling that you should really get started so you won’t miss out on the fun.
Learn what basic Agile technical concepts mean, understand how you can benefit from using them and get ideas for how you might get started. Also, you will be able to explain to your boss or project manager why Agile technical concepts are well worth the investment.
This session will keep things on a strictly conceptual level - so whether you’re a developer or an interested manager please come along.
Similar to Continuous Inspection: Fight back the 7 deadly sins of a developer! (20)
LocWorld: Building an Internationalization Plan; October 2011
LocWorld: Building an Internationalization Plan; October 2011
Clean Code Part III - Craftsmanship at SoCal Code Camp
Clean Code Part III - Craftsmanship at SoCal Code Camp
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
DevOps Unleashed: Strategies that Speed Deployments
DevOps Unleashed: Strategies that Speed Deployments
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
Ci of js and apex using jasmine, phantom js and drone io df14
Ci of js and apex using jasmine, phantom js and drone io df14
Flexing your Agile Muscle - Agile Technical Concepts Explained
Flexing your Agile Muscle - Agile Technical Concepts Explained
More from Sebastian Marek
The Journey Towards Continuous Integration
The document discusses the journey of implementing continuous integration (CI) practices. It describes initial frustrations with ad hoc builds and lack of standards. A council was formed including managers and developers to address threats, opportunities and plan implementation. Automation tools were adopted, including Cruisecontrol, PHPUnit, phpDocumentor, PHP_Codesniffer, and others to enable automated builds, testing, documentation and metrics. Jenkins was later adopted for its improved installation, configuration and support for multiple languages. SonarQube was also used for continuous analysis and quality management. Implementing a CI culture involved adopting development models, scaling the build process, code reviews and improving communication.
Praktyczne code reviews - PHPConPl
Wbrew powszechnym opiniom, nie tak prosto jest zrobić dobre Code Review. Robione w pośpiechu, tylko po to by je "odbębnić", często stwarza więcej szkody niż pożytku. Opowiem wam dlaczego code review jest ważne i jak wykorzystać ten proces aby upewnić się, że napisany kod jest najwyższej jakości. Będę nie tylko mówił o tym kto powinien robić code reviews, i dla kogo, jakie informacje są potrzebne do przeprowadzenia skutecznego code review, ale także jak zrobić dobre code review w najkrótszym możliwym czasie.
Managing and Monitoring Application Performance
Writing your application is one thing. Making the application to perform well is another. We usually forget there is somebody else on the other side of the screen, that becomes very frustrated and upset when he needs to wait until this one page finally loads. It requires a lot of experience to predict specific behaviour and to know what kind of things to avoid. And even with that there is so many different factors that can affect the end user experience. During this talk I will talk about tools and techniques you can use to measure and monitor your application performance.
Ten Commandments Of A Software Engineer
Software engineering is not an easy profession. You have to constantly learn new things to improve your coding skills and make sure you produce better and cleaner code over time. It’s not difficult, but you have to be aware of a few basic principles. With them in mind you will feel a better engineer and will gain respect from your fellow engineers. And the Lord said: “Thou shall always remember to write unit tests - no matter the deadline. Remember to keep the build green. Thou shall commit often and with meaningful messages (...)”
Test your code like a pro - PHPUnit in practice
The day you realised that you can’t really tell what your code does is the day you stop being an amateur programmer and you turn into a professional developer. During this workshop you will learn about the most famous unit testing framework – PHPUnit, how it can help you gain confidence in your code and what to do (and what to avoid) to make your code testable. We will discuss unit testing best practices and talk about tools that can help you automate the whole process, so it becomes more of a habit then a necessity.
Effective code reviews
It’s not easy to perform a good code review. Often done in a hurry just to get it done, it only makes things worse. People treat it as an obstacle, not a helpful thing. I am gonna tell you why code reviews are important and how they can help you maintain good quality code. I will not only tell who are the code reviews for, how to raise a useful code review, but also how to perform a good code review in the quickest time possible.
Effective code reviews
Code reviews are a powerful tool in ensuring and maintaining quality in your application, but they can be very difficult to get right. When they're misunderstood or poorly executed, they can even make a bad situation worse.
In this session I'll use my professional experience to give you some tactics for getting great benefit from code reviews. We'll talk about tools, about process and most importantly about attitude! Whether you're a developer or a technical lead, come along and find out how to perform a genuinely useful code review and provide constructive feedback in the quickest time possible.
PHP Forum Paris 2012: Magic behind the numbers. Software metrics in practice
We use static code analysis tools more often these days that create great reports and funky graphs. But do we understand what it all means?
Software metrics tends to be magic numbers for a lot of people, but they don’t really have to be. Seb will introduce you to a few basic, the most popular software metrics and tools. He will explain to you what they mean and how you can use them to produce better software.
Ten Commandments Of A Software Engineer
Software engineering is not an easy profession. You have to constantly learn new things to improve your coding skills and make sure you produce better and cleaner code over time. It's not difficult, but you have to be aware of a few basic principles. With them in mind you will feel a better engineer and will gain respect from your fellow engineers. And the Lord said: "Thou shall always remember to write unit tests - no matter the deadline. Remember to keep the build green. Thou shall commit often and with meaningful messages (...)"
PHP Benelux 2012: Magic behind the numbers. Software metrics in practice
Software metrics can provide useful insights into code quality and complexity. Code metrics like lines of code, cyclomatic complexity, and weighted method count measure characteristics like code size, logic complexity, and class complexity. Design metrics evaluate qualities like coupling and cohesion. Metrics are most effective when used to identify improvement opportunities rather than to judge the overall quality of code or designs. Calculating and tracking metrics over time can help optimize code and catch regressions during development.
Magic behind the numbers - software metrics in practice
We use static code analysis tools more often these days that create great reports and funky graphs. But do we understand what it all mean?
Software metrics tends to be magic numbers for a lot of people, but they don't really have to be. Let me introduce you to a few basic and
most popular software metric and tools and explain you what they mean and how you can use them to produce better software.
Back to basics - PHPUnit
Unit testing involves testing individual units of code to ensure they function as intended. Unit tests isolate and test each part of a program to show they are correct. Benefits of unit testing include finding problems early, facilitating change, simplifying integration, and serving as living documentation. PHPUnit is a popular unit testing framework for PHP, which can be installed via PEAR. Tests are written to make assertions and test exceptions, data, and dependencies. Results can be logged in verbose mode or testdox format.
Back to basics - PHP_Codesniffer
There are several tools out there that help to develop and maintain high quality PHP code. They allow you to identify the most fragile and messy parts of your codebase. PHP_CodeSniffer tokenises PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. Learn how it works, how you can use it and how can you bend it to meet your requirements!
Sonar - the ring to rule them all
Sonar is a platform for continuously inspecting code quality to detect issues, ensure technical debt is under control, and monitor code complexity, duplications, and potential bugs. It provides visual reporting across projects and allows tracking metrics over time. Sonar supports PHP projects using tools like PHP_Codesniffer, PHPUnit, PHP Depend, and PHP Mess Detector. It can be set up with Maven and integrated with Hudson via a plugin or phpUnderControl via Ant tasks to run analysis as part of the continuous integration build process.
vfsStream - effective filesystem mocking
The document discusses using vfsStream to mock the filesystem in unit tests. vfsStream provides a virtual filesystem that uses PHP streams, allowing tests to manipulate files and directories without interacting with the real filesystem. It describes how to set up vfsStream, create and interact with virtual files and directories, and a vfsStream PHPUnit helper that simplifies its integration with PHPUnit tests.
More from Sebastian Marek (15)
PHP Forum Paris 2012: Magic behind the numbers. Software metrics in practice
PHP Forum Paris 2012: Magic behind the numbers. Software metrics in practice
PHP Benelux 2012: Magic behind the numbers. Software metrics in practice
PHP Benelux 2012: Magic behind the numbers. Software metrics in practice
Magic behind the numbers - software metrics in practice
Magic behind the numbers - software metrics in practice
Recently uploaded
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Tomaz Bratanic
Graph ML and GenAI Expert - Neo4j
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfarePapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
AI & Electronic WarfareChoosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
JavaLand 2024: Application Development Green Masterplan
My presentation slides I used at JavaLand 2024
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Recently uploaded (20)
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Continuous Inspection: Fight back the 7 deadly sins of a developer!
- 1. Continuous Inspection Fight back the 7 deadly sins of a developer! Sebastian Marek
- 2. ✤ a Pole living in Sheffield ✤ over 12 years in development ✤ Pascal, C++, PHP, perl, python, Java ✤ co-author of 2 PHP Books ✤ big fan of process automation ✤ TDD and CI ✤ occasionally contributes to open-source projects ✤ wants to be a knight @proofek h"ps://joind.in/7802
- 3. PRIDE WRATH LUST ENVY 7 DEADLY SINS SLOTH GREED GLUTTONY © beartoons.com
- 4. 1. Lust ✤ Over-engineering ✤ Design patterns ✤ Abstraction © beartoons.com
- 5. 2. Gluttony ✤ Over-engineering ✤ Refactoring ✤ “Spaghetti code” ✤ Feature-rich ✤ Inefficiency © beartoons.com
- 6. 3. Greed ✤ Competing across teams ✤ (Don’t) Reinvent the wheel ✤ Power struggle © beartoons.com
- 7. 5. Wrath ✤ A vehement denial of the truth ✤ Documentation ✤ Coding standards ✤ Unit tests ✤ Commit messages © beartoons.com ✤ Rushing to production
- 8. 4. Sloth ✤ Input validation ✤ Duplications ✤ Coding standards ✤ Lazy coding © beartoons.com ✤ Self-development ✤ Configuration “out-of-the-box”
- 9. 6. Envy ✤ Not using version control ✤ Not needed features ✤ Contributions to open source projects © beartoons.com
- 10. 7. Pride ✤ (Don’t) Reinvent the wheel ✤ Unit tests ✤ Acceptance tests ✤ Software metrics ✤ Documentation © beartoons.com
- 11. Technical Debt under control ✤ drill down to source code ✤ coding rules ✤ unit tests ✤ standard metrics ✤ time machine ✤ plugins
- 12. Sonar plugins - languages
- 13. Sonar plugins - integration
- 14. C I vs C I
- 15. Continuous Integration vs C I
- 16. Continuous Integration vs Continuous Inspection
- 17. Running analysis ✤ Sonar runner ✤ Ant ✤ Maven
- 18. Dynamic vs static analysis
- 19. PHP Plugin ✤ PHPUnit ✤ PHP CodeSniffer ✤ PHP Depend ✤ PHP Mess Detector
- 21. Sonar widgets - Size metrics, Comments & Duplications, Unit tests coverage
- 22. Sonar widgets - Time machine, Rules compliance, Complexity
- 23. Sonar - Source code browser
- 24. Sonar - Source code violations
- 25. Sonar - Hotspots
- 26. Sonar - Hotspots
- 27. Sonar - Time machine
- 28. Sonar - Time machine
- 29. Sonar - Developers cockpit
- 30. Links ✤ http://www.sonarsource.org/ ✤ http://www.sonarsource.com/ ✤ Sonar Demo - http://nemo.sonarsource.org/ ✤ Sonar as a Service (SaaS) - http://www.cloudbees.com
- 31. Credits ✤ http://beartoons.com (the little devils) ✤ http://www.flickr.com/photos/e_tavares/3499009813/sizes/l/in/photostream/
- 32. Q &A Thank you! h"ps://joind.in/7802