One of the biggest problems of software projects is that, while the practice of software development is commonly thought of as engineering, it is inherently a creative discipline; hence, many things about it are hard to measure. While simple yardsticks like test coverage and cyclomatic complexity are important for code quality, what other metrics can we apply to answer questions about our code? What coding conventions or development practices can we implement to make our code easier to measure? We'll take a tour through some processes and tools you can implement to begin improving code quality in your team or organization, and see what a difference it makes to long-term project maintainability. More importantly, we'll look at how we can move beyond today's tools to answer higher-level questions of code quality. Can 'good code' be quantified?
The PVS-Studio developers' team has carried out comparison of the own static code analyzer PVS-Studio with the open-source Cppcheck static code analyzer. As a material for comparison, the source codes of the three open-source projects by id Software were chosen: Doom 3, Quake 3: Arena, Wolfenstein: Enemy Territory. The article describes the comparison methodology and lists of detected errors. The conclusions section at the end of the article contains "non-conclusions" actually, as we consciously avoid drawing any conclusions: you can reproduce our comparison and draw your own ones.
Search for Vulnerabilities Using Static Code AnalysisAndrey Karpov
Vulnerabilities are the same things as common errors. Why do we distinguish them? Do this, if you want to earn more money. CWE - Common Weakness Enumeration. CVE - Common Vulnerabilities and Exposures. Now using Valgrind you're searching not for a memory leak, but for a denial of service.
In this presentation, we try to teach programmers how to avoid security flaws in the code.
The presentation is of the format of problem->solution->problem....
Given a piece of code the attendees have to identify the security bugs in it and the suggest a fix. Now, the attendees have to find security bugs in the fix. The exercise goes on and the attendees become secure code aware.
-- KnowBigData.com
The Rust compiler's borrow checker is critical for ensuring safe Rust code. Even more critical, however, is how the borrow checker provides useful, automated guidance on how to write safe code when the check fails. Early in your Rust journey it may feel like you are fighting the borrow checker. Come to this talk to learn how you can transition from fighting the borrow checker to using its guidance to write safer and more powerful code at any experience level. Walk away not only understanding the what and the how of the borrow checker - but why it works the way it does - and why it is so critical to both the technical functionality and philosophy of Rust.
The PVS-Studio developers' team has carried out comparison of the own static code analyzer PVS-Studio with the open-source Cppcheck static code analyzer. As a material for comparison, the source codes of the three open-source projects by id Software were chosen: Doom 3, Quake 3: Arena, Wolfenstein: Enemy Territory. The article describes the comparison methodology and lists of detected errors. The conclusions section at the end of the article contains "non-conclusions" actually, as we consciously avoid drawing any conclusions: you can reproduce our comparison and draw your own ones.
Search for Vulnerabilities Using Static Code AnalysisAndrey Karpov
Vulnerabilities are the same things as common errors. Why do we distinguish them? Do this, if you want to earn more money. CWE - Common Weakness Enumeration. CVE - Common Vulnerabilities and Exposures. Now using Valgrind you're searching not for a memory leak, but for a denial of service.
In this presentation, we try to teach programmers how to avoid security flaws in the code.
The presentation is of the format of problem->solution->problem....
Given a piece of code the attendees have to identify the security bugs in it and the suggest a fix. Now, the attendees have to find security bugs in the fix. The exercise goes on and the attendees become secure code aware.
-- KnowBigData.com
The Rust compiler's borrow checker is critical for ensuring safe Rust code. Even more critical, however, is how the borrow checker provides useful, automated guidance on how to write safe code when the check fails. Early in your Rust journey it may feel like you are fighting the borrow checker. Come to this talk to learn how you can transition from fighting the borrow checker to using its guidance to write safer and more powerful code at any experience level. Walk away not only understanding the what and the how of the borrow checker - but why it works the way it does - and why it is so critical to both the technical functionality and philosophy of Rust.
A brief overview about writing clean code. Presentation made for the Multimedia Languages and Environments course at Politecnico di Torino (academic year 2012/2013).
One of the biggest problems of software projects is that, while the practice of software development is commonly thought of as engineering, it is inherently a creative discipline; hence, many things about it are hard to measure. While simple yardsticks like test coverage and cyclomatic complexity are important for code quality, what other metrics can we apply to answer questions about our code? What coding conventions or development practices can we implement to make our code easier to measure? We'll take a tour through some processes and tools you can implement to begin improving code quality in your team or organization, and see what a difference it makes to long-term project maintainability. More importantly, we'll look at how we can move beyond today's tools to answer higher-level questions of code quality. Can 'good code' be quantified?
Building Lithium Apps (Like a Boss) was a workshop presented on the structure and philosophy of the Lithium framework and its applications, and how best to take advantage of them.
PHP 5.3 has many new features that allow very different paradigms of software development, that may be unfamiliar to many PHP developers. If you want to learn more about functional or aspect-oriented programming, or how to organize your PHP libraries according to the new de facto PHP namespacing standard, don't miss this talk.
Relational databases are central to web applications, but they have also been the primary source of pain when it comes to scale and performance. Recently, non-relational databases (also referred to as NoSQL) have arrived on the scene. This session explains not only what MongoDB is and how it works, but when and how to gain the most benefit.
The SQALE method: Meaningful insights into your Technical DebtJean-Louis LETOUZEY
This is the presentation I made at the Agile 2012 conference (August in Dallas). It explains:
- Why Technical Debt is a powerful new paradigm
- What Managing Technical Debt means
- How SQALE helps to manage your Technical Debt
- The 3 remediation strategies supported by SQALE
Examines some of the fundamental problems with the way the industry thinks about software "engineering", and breaks some notions in order to find useful ways of improving your code quality, and your skills and discipline as a developer.
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
This workshop is a hands-on training where a real Zend Framework application is used as an example to start improving QA using tools to test, document and perform software metric calculations to indicate where the software can be improved. I also explain the reports produced by a CI system.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
An important event has taken place in the PVS-Studio analyzer's life: support of C#-code analysis was added in the latest version. As one of its developers, I couldn't but try it on some project. Reading about scanning small and little-known projects is not much interesting of course, so it had to be something popular, and I picked MonoDevelop.
Efficient Rails Test-Driven Development Week #1. A class by Wolfram Arnold of rubyfocus.biz, in collaboration with Sarah Allen of blazingcloud.net and marakana.com
A brief overview about writing clean code. Presentation made for the Multimedia Languages and Environments course at Politecnico di Torino (academic year 2012/2013).
One of the biggest problems of software projects is that, while the practice of software development is commonly thought of as engineering, it is inherently a creative discipline; hence, many things about it are hard to measure. While simple yardsticks like test coverage and cyclomatic complexity are important for code quality, what other metrics can we apply to answer questions about our code? What coding conventions or development practices can we implement to make our code easier to measure? We'll take a tour through some processes and tools you can implement to begin improving code quality in your team or organization, and see what a difference it makes to long-term project maintainability. More importantly, we'll look at how we can move beyond today's tools to answer higher-level questions of code quality. Can 'good code' be quantified?
Building Lithium Apps (Like a Boss) was a workshop presented on the structure and philosophy of the Lithium framework and its applications, and how best to take advantage of them.
PHP 5.3 has many new features that allow very different paradigms of software development, that may be unfamiliar to many PHP developers. If you want to learn more about functional or aspect-oriented programming, or how to organize your PHP libraries according to the new de facto PHP namespacing standard, don't miss this talk.
Relational databases are central to web applications, but they have also been the primary source of pain when it comes to scale and performance. Recently, non-relational databases (also referred to as NoSQL) have arrived on the scene. This session explains not only what MongoDB is and how it works, but when and how to gain the most benefit.
The SQALE method: Meaningful insights into your Technical DebtJean-Louis LETOUZEY
This is the presentation I made at the Agile 2012 conference (August in Dallas). It explains:
- Why Technical Debt is a powerful new paradigm
- What Managing Technical Debt means
- How SQALE helps to manage your Technical Debt
- The 3 remediation strategies supported by SQALE
Examines some of the fundamental problems with the way the industry thinks about software "engineering", and breaks some notions in order to find useful ways of improving your code quality, and your skills and discipline as a developer.
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
This workshop is a hands-on training where a real Zend Framework application is used as an example to start improving QA using tools to test, document and perform software metric calculations to indicate where the software can be improved. I also explain the reports produced by a CI system.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
An important event has taken place in the PVS-Studio analyzer's life: support of C#-code analysis was added in the latest version. As one of its developers, I couldn't but try it on some project. Reading about scanning small and little-known projects is not much interesting of course, so it had to be something popular, and I picked MonoDevelop.
Efficient Rails Test-Driven Development Week #1. A class by Wolfram Arnold of rubyfocus.biz, in collaboration with Sarah Allen of blazingcloud.net and marakana.com
QA Fest 2019. Дмитрий Собко. Testing Big Data solutions fast and furiouslyQAFest
Нам хорошо известно, как тестировать REST API с N эндпоинтами, с реляционными и нереляционными (NonSQL) базами данных.
То же самое и с тестированием UI. Такие фреймворки как Selenium, Selenide, Selenoid ни для кого не загадка. Более того, создать с нуля надежный, расширяемый и действительно крутой автоматизированный тестовый фреймворк для таких приложений не составляет труда.
Но как же насчет BigData проектов, которые не имеют ни back-end ни front-end в классическом понимании? Как их тестировать? Какие части покрыть тестами в первую очередь? И, кроме того, как внедрить автоматизацию и сделать ее эффективным способом для таких проектов.
Я покажу вам, как с этим жить. Как создать тестовый фреймворк для Cloud Big Data проектов с нуля. И разработать его самым оптимальным способом с использованием самых интересных технологий.
DMYTRO SOBKO, Lead automation QA engineer @EPAM.
We are well aware of how to test the REST API with N endpoints, with relational and non-relational (NonSQL) databases. Same thing with UI testing. Frameworks like Selenium, Selenide, Selenoid are not a mystery to anyone. Moreover, creating a reliable, extensible and really cool automated test framework for such applications from scratch is not difficult. But what about BigData projects that have no back-end or front-end in the classical sense? How can we test them? What parts should we cover with tests in the first place? And, besides, how do we introduce automation and make it an effective way for such projects?
Dmytro will show you how to create a test framework for Cloud Big Data projects from scratch and to develop it in the most optimal way using the most interesting technologies.
NDC Sydney 2019 - Microservices for building an IDE – The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider.
We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
Improperly architected applications may work, may perform well, and may meet the acceptance criteria, but the ability to maintain them degrades over time. This presentation will show some of the common mistakes made when building large web applications, how to be aware of them, correct them, and hopefully prevent them.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
10. What people usually think
Estimating costs
Projecting deadlines
Managerial BS!
11. Client Spec Sheet some paraphrased)
(actual bullet points,
Flash intro with no load time
User account logins, password optional
Ajax chat
“Like Google”
17. Cognitive Dissonance *
Engineers deal with tangible, immutable
constraints, like gravity
The practice of developing software is
an inherently creative discipline
* Thank you, Jones
18. Cognitive Dissonance
Developer constraints (scope, schedule,
budget) potentially / often in flux
Software is inter-related; working on one
part changes the others
No project is exactly the same as another
19. Conclusion
It’s not useful to measure high-level,
intangible things like whole projects
This is where scrum comes in handy
Instead, we can use lower-level, more
concrete measurements
24. Backing up...
What is a metric?
Measurement assigns numbers based on well-
defined meaning
- Sometimes the environment must be
modified
- Special development procedures that track
various activities - Wikipedia (paraphrased)
You can cheat and use booleans, too
25. Notes on continuous integration
A build system
Runs on every code commit
Runs tests
Reports
27. PHP Code Sniffer
PEAR Package:
http://pear.php.net/package/PHP_CodeSniffer
Checks conformance of a set of files against
a series of classes called “sniffs”
31. Measuring code complexity
Cyclomatic complexity
Directly measures the number of linearly
independent paths through a program's
source code.
a.k.a. 1 + the number of times it branches
32. Measuring code complexity
public function render() {
$code = null;
if (isset($this->headers['location']) && $this->status['code'] === 200) {
$code = 302;
}
if (!$status = $this->status($code)) {
throw new Exception('Invalid status code');
}
$this->_writeHeader($status);
foreach ($this->headers as $name => $value) {
$key = strtolower($name);
if ($key == 'location') {
$this->_writeHeader("Location: {$value}", $this->status['code']);
} elseif ($key == 'download') {
$this->_writeHeader('Content-Disposition: attachment; filename="' . $val
} elseif (is_array($value)) {
$this->_writeHeader(
array_map(function($v) use ($name) { return "{$name}: {$v}"; }, $val
);
} elseif (!is_numeric($name)) {
$this->_writeHeader("{$name}: {$value}");
}
}
}
35. Measuring documentation coverage
Check it out:
http://thechaw.com/api_generator
A series of rules
Assigns weights based on docblock content
and various docblock tags
36. Measuring documentation coverage
Basic checks:
Do doc tags exist?
Incomplete @param tags?
Do @param tags match actual params?
Does it have a @link to the man page?
38. Profiling
Get timing / memory usage on every test run
Granular, get statistics per test method
Using continuous integration, code is profiled
on each commit, all on a granular level
44. Finding things to measure
Lithium Inspector class
Lithium Parser class
Based on the awesome work of Sean Coates
http://github.com/scoates/tokalizer