SD Times August 2021 by d2emerge

FC_SDT050.qxp_Layout 1 7/22/21 10:26 AM Page 1

AUGUST 2021 • VOL. 2, ISSUE 50 • $9.95 • www.sdtimes.com

IFC_SDT050.qxp_Layout 1 7/21/21 9:29 AM Page 2

Instantly Search Terabytes

www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Jenna Sargent jsargent@d2emerge.com

dtSearch’s document filters support: popular file types emails with multilevel attachments

MULTIMEDIA EDITOR Jakub Lewkowicz jlewkowicz@d2emerge.com SOCIAL MEDIA AND ONLINE EDITOR Katie Dee kdee@d2emerge.com

a wide variety of databases

ART DIRECTOR

web data

Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS

2YHU VHDUFK RSWLRQV LQFOXGLQJ efficient multithreaded search

Jacqueline Emigh, Lisa Morgan, George Tillmann CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx

HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ forensics options like credit card search

CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com

Developers: 6'.V IRU :LQGRZV /LQX[ PDF26

LIST SERVICES Jessica Carroll jcarroll@d2emerge.com

&URVV SODWIRUP $3,V IRU & -DYD DQG NET with NET Standard / 1(7 &RUH

)$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH

REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com

ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com

Visit dtSearch.com for KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations

SALES MANAGER Jon Sawyer 603-547-7695 jsawyer@d2emerge.com

The Smart Choice for Text Retrieval® since 1991

dtSearch.com 1-800-IT-FINDS

PRESIDENT & CEO David Lyman

D2 EMERGE LLC www.d2emerge.com

CHIEF OPERATING OFFICER David Rubinstein

003_SDT050.qxp_Layout 1 7/21/21 4:10 PM Page 3

Contents

VOLUME 2, ISSUE 50 • AUGUST 2021

FEATURES

NEWS 4

News Watch

Improve operational efficiency with value calculators

DevOps Institute announces SRE Practitioner certification

Hiring amid COVID-19

COLUMNS page 6

24 GUEST VIEW by Michael Azoff Why low code/no code is on the rise

Mobile Testing: So many devices, so many variables 25 ANALYST VIEW by Jason English Why hide testing from development?

26 INDUSTRY WATCH by David Rubinstein Value stream intelligence

page 14

BUYERS GUIDE Continuous delivery steps into the spotlight

page 18 Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2021 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.

004-5_SDT050.qxp_Layout 1 7/21/21 4:10 PM Page 4

SD Times

August 2021

www.sdtimes.com

NEWS WATCH GitHub Desktop 2.9 revamps commit history According to GitHub, commit history is often used by developers to tell a story about the progression of a project. As of GitHub Desktop 2.9, developers will be able to drag commits on top of each other to squash them together and add a new commit message to that grouping. When merging, they will be able to squash and rebase as part of the merge. In addition, developers will now be able to drag commits in the history to reorder them. Another new feature in GitHub Desktop 2.9 is the ability to make changes to or update the commit message of the previous commit. This is intended for small changes, as there is already an existing undo feature in GitHub Desktop that reverts things back to

the previous commit. GitHub Desktop 2.9 also features the ability to start a new branch from an earlier commit. This enables developers to view the state of a repository at a previous point in time without impacting the branch currently being worked on.

Android 12 Beta 3 adds APIs, SDK The Android development team has released the third beta for Android 12, which includes the final Android 12 APIs and official SDK. This will enable mobile developers to start testing and updating their apps prior to Platform Stability in Beta 4. Beta 3 introduces the ability to capture screenshots of scrolling content; platform support for AppSearch, which allows apps to index structured data and search through it; privacy indicators APIs to

People on the move

n Automation Anywhere has appointed Sumit Johar as its new chief information officer. As CIO he will provide IT leadership and direction to business units and streamline operations through the use of the company’s Automation 360 RPA platform. Previously Johar was the CIO of MobileIron, leader of Enterprise Applications at TIBCO Software, and a manager at Wipro Technologies and Infosys. n Prakash Sethuraman is joining CloudBees as its new chief information security officer. He will lead security strategy for the company, utilizing his previous experience of leading digital and security initiatives in highly regulated industries. Prior to joining CloudBees, Sethuraman led a cybersecurity team at HSBC where he helped institute new security processes as the bank accelerated its move toward cloud and container ecosystems. n Splunk has announced three new senior leadership positions at the company. Sendur Sellakumar will become the company’s first chief cloud officer, Claire Hockin will be the new chief marketing officer, and Garth Fort will become chief product officer. All three will also hold vice president titles.

WindowInsets; improvements to auto-rotation; support for camera and microphone toggle configurations for enterprises; and new permission for CDM-paired apps starting foreground services, and the Game Mode APIS.

IBM launches cloud database as a service IBM is launching a new offering, IBM Cloud Databases powered by IBM Cloud Satellite. The new solution will enable customers to leverage the benefits of cloud databases without needing to manage the systems themselves. Customers will be able to deploy production-grade databases on cloud service providers, their own data centers or in edge locations, according to IBM. Other benefits include the ability to bring databases closer to where applications live, high-availability, secure architecture, daily backups, 24×7 monitoring, and online scaling with pay-as-you-go billing.

Eclipse Foundation releases middleware for data IPC The Eclipse Foundation has announced the release of Eclipse iceoryx Almond, which is the platform’s 1.0 release. Eclipse iceoryx provides a middleware for inter-processcommunication (IPC) to allow for transmission of large amounts of data. According to the Eclipse Foundation, iceoryx is ideal for applications that need very low latency when transmitting data, such as automotive applications, robotics, gaming, and AI. Eclipse iceoryx has a laten-

cy of less than 1 microsecond to transfer a message, regardless of size. It sends the message from publisher to subscriber without creating a single copy, which is important when large amounts of data have to be processed in a short period of time, according to the company. It currently offers support for Linux, QNX, and macOS operating systems as well as C and C++. The team plans to add support for Windows and Rust in a future release.

Ambassador Labs launches Developer Control Plane 1.0 Ambassador Developer Control Plane 1.0 lets developers code, ship and run apps using Kubernetes faster. The control plane provides a new managed cloud UI and an integrated toolchain built entirely on top of Cloud Native Computing Foundation (CNCF) open-source projects. Developers can use the control plane to view and manage their organization’s apps and services across development, deployment, and production environments without needing to stitch together Kubernetes tools or needing to compromise productivity.

MongoDB releases updates for future-proofing MongoDB last month announced both the availability of MongoDB 5.0 and a preview for serverless databases in MongoDB Atlas. MongoDB 5.0 introduces new capabilities to allow organizations to more easily futureproof their applications. New features include: native time

004-5_SDT050.qxp_Layout 1 7/21/21 4:10 PM Page 5

www.sdtimes.com

series collections, live resharding, versioned API, and clientside field level encryption. Developers can also now preview serverless databases in MongoDB Atlas. This new capability will enable users to select a cloud region and then start building their applications. According to the company, the serverless databases feature will remove the need for developers to worry about backwards compatibility or upgrades.

GitHub Copilot write code for developers GitHub launched a technical preview of GitHub Copilot, a new AI pair programmer that helps developers write better code. The tool draws context from the code that’s being worked on and suggests whole lines or entire functions to suggest alternative ways to solve problems, write tests, and explore new APIs without having to search for answers on the internet. Users can simply write a comment describing the logic needed and GitHub Copilot will assemble the code for them. Also, users can import a unit test package, and let GitHub Copilot suggest tests that match their implementation code.

CData Connect 2021: Query federation, custom schemas CData announced the newest update to its data connectivity platform: CData Connect 2021. According to CData, the upgrades made to the platform include such new features as query federation, custom schemas, and derived

August 2021

SD Times

Accessibility improvements in Visual Studio The new improvements include: whitespace rendering, option collecting, Focus Mode, and audio cues. These are aimed at making the platform easier to use for those with disabilities and the neurodivergent community. According to Microsoft, whitespace rendering would allow for users to customize the number of character spaces filled by whitespace while indenting, regardless of whether they are using tabs or spaces. This works to make the platform more accessible for visually impaired users who may be using large font sizes. Option collecting provides users with the capability to only see options having to do with accessibility while viewing the displayed options. Reducing the number of options displayed to show just the pertinent ones results in a more easily customizable experience. According to Microsoft, Focus Mode would function like the “Do Not Disturb” feature on our cell phones. This feature allows the user to be in control of the notifications they are receiving while working. This works not only to reduce distractions but also to customize notifications to the user’s specific needs with the option to choose what they do and don’t want to be notified of. Audio cues would be particularly useful for the visually impaired community. This feature would offer more options for hooking up audio cues to events in Visual Studio, making the platform more user friendly for those with visual impairments. views. These added tools are designed to improve the ways organizations relate to and connect with data. Query federation rids the user of difficulty while working with related data stored in multiple sources. It allows users to easily join multiple different pieces of related data across any number of platforms in real-time, including cloud applications, RDBMS databases, data warehouses, NoSQL data stores, and flat files, according to the company. To experience the full range of this feature, the data sources must be configured within CData Connect as virtual databases. Derived views allows the user to define “virtual tables” or save complex SQL queries as ‘Derived Views’ that can be queried on-demand, the company said in its announcement. According to CData, this feature — combined with the addition of query federation — can help organizations break down how a wide range of data assets

are used across analytics and data management. The added Custom Schemas ability allows for more user personalization. This feature also provides a way to define custom data models for APIs with a number of different layers. This is easily done by defining your inputs to generate a custom view of your data which you have the ability to save and simply reuse as data model templates.

Windows 11 makes PC experience personal With Windows 11, users will have new ways to be productive and connect with people. The upgrade will start being available for eligible Windows 10 PCs late this year. Visually, it has redesigned the Start menu, added updated transitions, updated the design of Settings, and added new themes. The Start menu is now more personalized, making suggestions on what

to open, based on a user’s commonly used apps or recent files. Windows 11 will also come with Microsoft Teams preinstalled and pinned to the taskbar. Users will be able to treat it more like Apple’s Facetime and start video calls right from their desktop. It also redesigned the Microsoft Store and will be adding support for Android apps through an upcoming partnership with the Amazon Appstore and Intel Bridge. It is also making it easier for developers to bring their apps to the Microsoft Store. Developers will now be able to bring apps, whether they’re built as a Win32, Progressive Web App (PWA), Universal Windows App (UWP), or other app framework. Microsoft has changed its revenue share policy so that developers can bring their own commerce system into their apps and keep 100% of the revenue, where previously they only kept 85%. z

006-10_SDT050.qxp_Layout 1 7/21/21 9:30 AM Page 6

SD Times

August 2021

www.sdtimes.com

BY KATIE DEE rom mask mandates to seeing and associates coworkers through video calls rather than in person, the coronavirus has totally altered the way we work. The way we go about running a business is not exempt from this, as more and more companies transition from in-person workplaces to virtual formats. There are many benefits and disadvantages to this transformation, and one element of this change is the concept of a virtual interviewing and hiring process when onboarding new employees. The idea of interviews via video calls can seem daunting to both employers and employers alike, but the truth is that digital hiring is quickly becoming the new normal. Eric Riz, founder of verified data platform Empty Cubicle, says that while seeking out and hiring employees online is not necessarily a new concept, the push for all companies to adopt this practice is stronger now more than ever. “The expectations and the demands on the businesses have become a lot harder. Where organizations had a specific regimented process of how long it would take for an individual to get hired, that has now been modified,” explained Riz. This modification has been fast-tracked with in-person interviewing and hiring not being an option over the last year and a half. An interview process that may have taken two rounds in an in-person format could very well take three or even four while conducting interviews online, because it is harder to get a solid read on candidates while viewing them through a screen. On top of this, some companies that may have favored a more old-fashioned approach to hiring have had to make this shift rather quickly, making it challenging to navigate through this new hiring process.

Not knowing what to expect In the pre-pandemic world, employers and job seekers knew what to expect going into an interview. Dressing in

business casual attire and expecting a firm handshake at the start of the interview was a familiar approach to hiring, but today that is no longer the case. Not only do employers now have to be sure that the candidate being interviewed is right for the job, they also have to ensure that the interviewee is the right person to function effectively through digital means.

“An expectation that everyone knows and uses the technology appropriately, whether they’re using Teams or Hangouts or Zoom or anything else, it means that the hiring [expectation] on the employer’s side has been increased,” Riz said. This shouldn’t come as a surprise; employers expect to have to train new hires on the ins and outs of the business, but when they also

006-10_SDT050.qxp_Layout 1 7/21/21 9:34 AM Page 7

www.sdtimes.com

have to go through how to effectively use online platforms for everyday tasks, the length of that training process can be extended, making that candidate less desirable. Finding a candidate who is somewhat tech savvy is playing a more important role in the hiring process because businesses that used to use minimal tech to run their day-to-day operations are now becoming increas-

ingly reliant on it. Another aspect of online interviewing is that of verifying the credentials of the candidate. Before COVID, when interviews would take place in person, an employer could easily tell that the answers being given by the interviewee were their own words and experiences. However, when viewing someone through a screen, it is hard to tell what

August 2021

SD Times

information they have access to right in front of them. “As I’m sitting here in my home office I have four screens in front of me, and you’re on one of them,” he began, looking at me through the computer monitor. “If I put you on another screen and I had a bunch of technical details on the screen in front of me… and I literally continued on page 9 >

Full Page Ads_SDT050.qxp_Layout 1 7/21/21 9:27 AM Page 8

Bad Data Happens. We'll Help You Fix It.

TALK TO AN EXPERT

You can’t improve your business unless you know what’s wrong with it. Inaccurate customer data leads to poor business insight, lackluster communications, and inefficient operations. For over 35 years, Melissa has been one of the most trusted global experts in data quality, address verification and identity resolution. When bad data is holding your business back, we’ll help you find it, fix it, or flush it. Guaranteed.

Unify Data to Improve Customer Connections

PowerBad Business Prevent Data from Entering Your Database Intelligence

Increase Enrich Data ROI to Fuel Audience Insights & BI

Ask Melissa for a free troubleshooting & our 120-Day ROI Guarantee.

Melissa.com 1-800-MELISSA

006-10_SDT050.qxp_Layout 1 7/21/21 9:34 AM Page 9

www.sdtimes.com

August 2021

SD Times

< continued from page 7

read somebody else’s resume… and it looks like I’ve got all of the answers… but the reality is I’m none of that, I’m just sort of a good talker.”

Verification a challenge This is an important aspect of the new normal that people may have glossed over: verifying interviewee details. When interviewing via video call, employers run the risk of candidates telling them what they know they want to hear because they now have the option to look up answers to questions or reference somebody else’s experience during the interview. Back before the pandemic, when interviewing took place in person, this was not a huge concern. If for any reason the employer had a feeling the interviewee may be lying on their resume, asking them a question relating to a topic they claim to be proficient in will clear up any confusion. Unfortunately, in a digital setting, verifying this information is not an easy task and it is something employers today, particularly in the technology field, always have to consider when hiring a potential employee. Another way that COVID-19 has redefined the way companies hire is the added option of prompted video interviews. This is when a hiring manager will take a video asking multiple interview questions — or in the case of developers, to change some functionality in a code snippet in Java, as an example — and then a candidate will have a set amount of time to finish the test, or think of an answer and record a video in response. Verification of interviewee background becomes a problem as it is easier for the applicant to fabricate past professional experience. In an in-person interview setting, the interviewer can see that the applicant is not looking up answers during the interview; while in pre-recorded interviews, it is challenging to tell what are genuine answers and what is the result of a Google search done prior to answering. This can lead to an underqualified candidate making it past the first round of the interview process and thus wasting company time with a second interview. continued on page 10 >

Vaccine requirements A new issue facing employers a year and a half into the pandemic is the question of vaccines, especially while hiring new employees. While a company may not be able to require a vaccine to be hired, they can certainly place restrictions on who can and cannot enter the workplace. “Organizations are going to be able to say, ‘I’m sorry but people who have or haven’t had ABC [vaccine] can’t come on site because we can’t risk it,’” Eric Riz, founder of the verified data platform Empty Cubicle, stated. “As a business owner, you have to look out for your people.” This becomes a factor in the hiring process because of the added layer employers now have to struggle with. If the most qualified candidate opted not to get vaccinated against COVID-19, is hiring them and placing them in a remote setting, while the majority of other employees are in office, worth it? This also becomes an awkward new aspect to the interview process that has to be addressed. An employer bringing up the topic of vaccines in an interview may derail what could have been a positive conversation beforehand. The topic of vaccines affects potential employees as well. It has the power to limit the job prospects of those who chose not to get vaccinated, depending on whether or not they are comfortable with or even offered the option of working remotely. Ultimately, the decision falls to the employer of whether or not they want to allow unvaccinated employees into the office. The issue of vaccines rolling out in many places has also caused the number of people applying for jobs to increase back up to a manageable level. Joe Militello, chief people officer at PagerDuty, said that over the last six months since the vaccines have been introduced, the number of people applying for jobs has risen dramatically. “I would say the vaccinations are playing a huge part in it because that’s what is reducing the COVID rates in many parts of the world,” Militello said. However, because the vaccines are not accessible everywhere and there are still those who will opt not to get it, the fight for hiring managers is far from over. The effects of the pandemic will likely still be seen in the interviewing and hiring process for the foreseeable future. On top of vaccinations, Militello also attributed the recent spike in job applicants to the fact that resignations have been rising consistently and the fact that job seekers are looking for a change in their daily lives. Whatever the reason, the workforce is seeing an upward trend that will hopefully continue in the coming months. Riz also spoke about the technical process of onboarding new employees, both before and after the coronavirus pandemic. He said that while the process has been altered, the baseline of hiring still remains the same. “There’s a whole life cycle and process behind hiring and while that’s been disrupted, it hasn’t changed from a technical level,” said Riz. This is to say that everything that went into seeking out and interviewing new prospective employees hasn’t changed much at its core. Both before and after COVID, the deeper level of the hiring process involves setting a new employee up with a desk and the correct software and the knowledge needed to thrive within the company. Employers still deal with all of those same struggles, albeit in a different way and to a different degree amid the pandemic. In the midst of all the chaos surrounding interviewing and hiring under today’s circumstances, Riz’s main advice to job seekers today is to take a very well-thoughtout approach to the job hunt. “I would say right now… assess and analyze your situation and perspective much more and try to create a plan or path for yourself not with hard goals but with soft goals that can be modified based on the world’s conditions,” is his advice. z

006-10_SDT050.qxp_Layout 1 7/21/21 9:34 AM Page 10

SD Times

August 2021

www.sdtimes.com

Cultivating culture in a remote workforce One of the most important and yet overlooked aspects of hiring for remote work due to the pandemic is the issue of company unity and morale. According to Joe Militello, chief people officer at PagerDuty, it is without a doubt challenging to cultivate employee loyalty while operating in a remote format. He said, “That sense of belonging… it’s one thing to think ‘yeah I can operate independently because I have access to technology and I’m a responsible human being,’ but it’s also about that emotional connection to the company.” This connection can be difficult to manifest in a setting where all employees are not working together. This also affects the way an interviewee may feel about the company in the first place. Back when the majority of interviews took place in an in-person setting, when the applicant entered the workspace, they could feel the energy of the people around them. Oftentimes, they would be able to tell based on feeling alone if the environment was a good fit or not. With this no longer being an option in most workplaces, it can be nearly impossible to gauge the loyalty of current employees unless the applicant were to reach out to a member of the team personally. Not having this sense of team spirit and shared camaraderie among employees can prove to be difficult for both employers and prospective candidates. In terms of creating employee loyalty, employers can struggle and job candidates can find their issues in terms of feeling out the environment and people they will be working with if hired for the position. “They can do the job, but in six months if they don’t identify with the company and they don’t feel like they belong there, they’re going to leave,” Militello said. According to Militello, employers now have to work even harder to ensure that the work environment is positive and fosters employee connection, whether that happens remotely or otherwise. Shannon Hogue, global head of solutions engineering at Karat, pointed out that the elimination of geographic constraints that comes along with remote hiring gives potential employees

< continued from page 9

According to Riz, this kind of prerecorded prompted interviewing also poses a whole different set of obstacles on the interviewee’s side, “I think that you’re testing people… the whole idea of an interview is to have a conversation and create a rapport.” Taking away the personalization of a live interview can make the candidate feel trapped and trigger something similar to a fight-orflight response resulting in unnecessary

greater freedom. She believes that candidates who are interviewing and working remotely now have the option to go through many more job postings than what would have been available to them in a company that requires reporting to an office. This allows for them to then choose the one that speaks to them the most and not be limited by the locations of the company. “Work is hard, startups are hard, tech is tough especially for… under-represented communities. It’s a tough place to be and so if you don’t believe in the mission, if you don’t truly believe that you’re making a difference… it’s really easy to move on to the next thing,” She explained. Since the beginning of the pandemic and the shift towards remote hiring and working, doors have opened for job applicants to find positions that mean more to them because of the absence of a geographic requirement. She added, “If you want to retain folks, you need to make sure that they believe in your mission.” This may very likely be the key to developing employee loyalty in a remote working world. When an employee is working for a company they love in a position that makes them feel fulfilled, the issue of turnover and loyalty can become obsolete. This is one of the most positive impacts the pandemic has had on hiring and interviewing for both job seekers and employers. Hogue continued, “Do I think that they are going to get uncomfortable with having a lot of options? Absolutely not! In fact the more options the better. It means that we are going to start seeing the best diversity in thought and in talent with the best companies.” Here, she explained why this new universal remote hiring is beneficial on both sides of the spectrum. Employers are gaining more diverse and informed points of view to enrich their companies while employees are getting the opportunity to gain a more filled-out view of the job options and companies available to them nation and even worldwide. Having the access to these different companies and cultures provides access to a diversity pipeline that is fairly new to the hiring world, she said. z

panic, Riz said. The added time pressure this method of interviewing has can also cause the interviewee to speak too quickly out of fear that the allotted time will run out and, therefore, lead to miscommunication. “If I’m the candidate… and their rapid-firing questions at me that I have to answer in a specific period of time, it changes the whole dynamic,” Riz explained. This shift in dynamic will inevitably have an effect on the way

questions are answered. Therefore, it has the power to completely alter the trajectory of an interview. Riz continues, “I’m being tested which means I’m going to emotionally and psychologically respond differently… and you’re not going to get a true response that’s reflective of the individual.” When interviewees feel this kind of pressure, even the most well prepared and qualfied candidates may not be answering to the best of their ability. z

Full Page Ads_SDT050.qxp_Layout 1 7/21/21 9:27 AM Page 11

Full Page Ads_SDT050.qxp_Layout 1 7/22/21 9:36 AM Page 12

Collaborative Modeling

Keeping People Connected ®

Autodesk | Bugzilla

sparxsystems.com

| Salesforce | SharePoint | Polarion | Dropbox

| *Other Enterprise Architect Models

Modeling and Design Tools for Changing Worlds

013_SDT050.qxp_Layout 1 7/21/21 9:29 AM Page 13

www.sdtimes.com

August 2021

SD Times

DEVOPS WATCH

Improve operational efficiency with value calculators BY CINDY VAN EPPS

Image: projectandteam.com

One of the most powerful tools in helping people understand the value of changing the way they build and deploy systems is to quantify the benefit of making the change. While the math of quantification can be intimidating to many, we use calculators as a matter of course for many of the economics-based decisions in our lives: buying a car or house, or sending a child to college, for example. Why not create calculators for estimating the economic benefit of working in new ways? Why don’t we quantify the effect of “a bad system” in which people work? The burden of too much work juggling manifests as the thrashing of uncontrolled context-switching and ineffective meeting attendance. In the Agile parlance, this is called work in progress (WIP). The impact on the effectiveness and morale of our workforce should be considered with Cindy Van Epps is a SAFe program consultant trainer at Project & Team.

concern that includes the humanfocused culture rather than the “just the way it is” culture. The impact also extends well beyond the individuals and into the economics of value delivery for the organization. My experience in enterprises from large engineering, mil-

itary defense contractors, and medical device providers — even to pressure-cooker startups — indicate a pervasive tolerance and reinforce this economic burden on value delivery. We know that uncontrolled multitasking takes a heavy toll. Expressing the impact in the language of dollars is the most effective means for motivating a change. My simplest Value Calculator quantifies the cost of context-switching based on research and a few key parameters. Here is a screenshot, showing the use of the following parameters: • Uninterrupted Flow Time = 2 hours • Context-switching ramp-up time = 25 minutes • Planned Productive Days in a Week = 5 • Planned Productive Weeks in a Year = 48 • Number of People on a Project = 200 This is my most widely used and referenced calculator because of its simplicity and decisive impact. Use of this calculator is anonymous and free, at projectandteam.com. z

DevOps Institute announces SRE Practitioner certification BY JENNA SARGENT

A new certification will help DevOps professionals validate their skills in the practices, methods, and tools for advancing SRE within their organization. According to the DevOps Institute, the SRE Practitioner certification is designed for those who are focused on service scalability and reliability at a large scale, and who have an interest in modern approaches to IT leadership and organizational changes.

Upon completion of the certification, candidates should have gained the ability to implement SRE models that fit their organizational context, build advanced observability in distributed systems, build resiliency by design, and learn effective ways to respond to incidents using SRE best practices. “The volume of change is much higher in today’s complex IT environment, which leaves organizations vulnerable to outages and incidents,” said

Jayne Groll, CEO of DevOps Institute. “According to DevOps Institute's 2021 Upskilling report, nearly half of respondents voted SRE skills as must-have skills in the process and framework skills domain. DevOps Institute is pleased to offer an advanced SRE certification as a follow-on to the SRE Foundation certification. We’re excited to offer this certification, the first of its kind, to continue skills growth in the SRE area.” z

014-17_SDT050.qxp_Layout 1 7/21/21 9:36 AM Page 14

SD Times

August 2021

Mobile testing: So many devices, so many A

s organizations have shifted to a mobile-first approach, they’ve found that the main challenge is testing for the sheer variety of devices out there. Also, tests need to be run on various telecom providers in different parts of the world. This infinite web of possible combinations has prompted a need for automation and framework consolidation in mobile testing. Testing for Android devices is more challenging than iOS, according to Shawn Wallace, principal architect at Centric Consulting, a business consulting and technology solutions firm providing full-service management consulting services. Android sits at the top at 73% market share, and iOS is second at 26%, a report by statcounter.com showed. But, what makes testing for Android complex is that there are just so many more types of active devices that use it with various sizes and form factors — not to mention the many different versions of the Android operating system still in use. Because of this sheer number of devices, buying out all of the devices to manually test them by rote is no longer a feasible option for most organizations, explained Joachim Herschmann, a senior director analyst at Gartner. Buying everything is no longer the option for testing mobile web applications that run on a browser, or natively

BY JAKUB LEWKOWICZ on the phone. “Organizations no longer can afford to even, let’s say, buy the top 10 most relevant mobile devices. In the old days, if it’s an internal application for employees, they could then say, well, there are only two or three mobile devices that are admitted in our organization,” Herschmann said. “This will definitely not work if we’re talking about an application that’s rolled out to the public because you just don’t know what people are using.” According to Centric’s Wallace, the drastic form factor changes are not the most difficult to test for; they can be the subtle changes between devices, such as a bezel taking up a little more space on one device than another. Sometimes, these subtle changes are the ones that can have a drastic effect on the crucial functionalities of the app. “The classic example is that some elements are partly off-screen like a button or something you could potentially still hit it, or maybe not. But the point is that that is not a good user experience, and in an extreme case, it could prevent you from actually interacting with it. I actually had this yesterday with an app I installed where one of their buttons would settle low at the bottom. But every time I tried to hit it with my finger, I basically hit the return on an

Android device,” Herschmann said. One way around this is to develop flexible layouts in apps, and cross-browser testing on laptops and computers can help avoid compatibility and sizing issues during the testing process, according to Artem Minaev, the co-founder of the digital startup platform FirstSiteGuide, a service that provides tools and tutorials for bloggers, webmasters, online entrepreneurs, and more. Adding to the already crowded device market, IoT devices also factor into conversations around mobile testing. “There’s a reason why we see so much news about not only security issues, but simply just bugs, because there is very little thought given about what’s happening on that device,” Gartner’s Herschmann said.

Smart devices expanding With the expansion of smart devices, mobile testing even encompasses testing your car as a mobile device. “You could even consider the Tesla car itself as a mobile device because, at the end of the day, it’s at the end of this connectivity because it’s connected to the internet. You can set updates to your Tesla, so if you think about it that way, it becomes clear to ask yourself how are we testing the software on the Tesla,” Herschmann said. Another major challenge with

014-17_SDT050.qxp_Layout 1 7/21/21 9:36 AM Page 15

variables mobile app testing is how a mobile app renders while using specific telecom providers and whether that’s through 5G, 4G or 3G. “I mean ... if you have an iOS phone, how many times do you use Safari and it stops responding per week? It probably does it three or four times a week. Well, let’s do this at scale. Let’s run 10,000 tests or 5,000 tests. How many times is our app going to fail? Not because the app is broken too, because Safari just fails for whatever random reason,” Wallace said. The sizable mobile app testing providers offer the ability to, for example, access a device in the U.K. through 4G, or access it through an Indian operator with 3G, or to access the same device in the United States through AT&T using 5G, Herschmann explained. “So technically, three times I’m accessing exactly the same phone, but the difference is how I access it. And I bet you will see differences in the test results because latency is different; the apps may react differently to the kind of network connectivity with latency, jitter and that kind of stuff,” Herschmann said. Another tricky aspect of testing is how an application behaves when switching between different providers, a situation prevalent in Europe due to its numerous providers in various countries. Other things to consider are when

signal strength goes down or if the user goes into a room with thick walls. These scenarios are where crowdsourcing providers, in which people run software on their mobile phones to inspect for failures, come into play. Their input is then vital for regression testing, feature testing, usability testing, user story testing, cross-browser testing, accessibility testing, performance testing, routine sanity testing and more.

Solutions to device sprawl While manual testing is necessary for certain aspects, the difficulty with testing manually is that the number of tests needed to test the codebases increases exponentially whenever a feature is added. “If you’re adding a new feature, you need to test all of the old parts as well, which can slow you down,” Centric’s Wallace explained. “Two years ago, we were talking about ruthless automation, just automating everything. Now, it’s about let’s just automate what we need to automate,” said Diego Lo Giudice, vice president and principal analyst at Forrester. “You don’t want to automate something that just needs to run once. You want to automate things that are repetitive, but if you’re building Agile and DevOps, anything you build in continued on page 16 >

014-17_SDT050.qxp_Layout 1 7/21/21 9:37 AM Page 16

SD Times

August 2021

www.sdtimes.com

< continued from page 15

sprint one becomes kind of a regression test in sprint two. And so if you don’t want to manually rerun those tests, you’re better off automating them.” The goal is to minimize the number of tests that have to be run on the user interface on the mobile application and isolate some of the business logic into the APIs or server-side code where there are great patterns for testing at scale and testing in a continuous integration environment, according to Centric’s Wallace. Giudice said that automation tooling for mobile has reached the same level of maturity as it has for browsers. For browsers, the standard has been Selenium. Now, the standards that have grown around mobile testing include Appium, Cypress, and the ones maintained by Google and Apple for their applications on Android or iOS. Still, highly skilled test automation engineers are required to “write code” for automation test scripts, which has opened the need for low-code tooling for testing and new advancements in AI.

The future of AI in mobile testing can help teams know which tests to run in a complex environment and do it for them; however, this technology is still in its early stages, according to Herschmann. “The message I always give clients today is look, this AI stuff is not fully worked out, it’s the early days, but start looking at it today because you will take some time to understand and really comprehend it. And so you can’t just sit back for another year or two and wait until someone else has figured that out; by that time you’re lagging.” Herschmann said. While organizations should try to automate as much testing as possible, there is still no way to get away from manual testing completely. “I know of cases where literally, they have manual users that are in a car and they drive from Germany to the Netherlands, and they have to switch from their German network to their Dutch network as they’re driving and testing, how does my application react to this? So as you can imagine, that’s not something a

Popular open-source testing frameworks for mobile This partial listing of popular open-source testing frameworks for mobile was taken from a compilation by SmartBear, which also included commercial products. SmartBear is a provider of tools for application performance monitoring (APM), software development, software testing, API testing and API management. 1. Appium is an open-source test automation framework for use with native, hybrid and mobile web apps. It drives iOS, Android, and Windows apps using the WebDriver protocol. It supports cross-platform testing and code reuse, writing tests with multiple programming languages and offers many integrations. 2. Espresso is a native open-source testing framework for Android to write UI tests. The tool is a part of the Android SDK and is easy to use for native mobile development. It offers automatic synchronization of UI elements and test actions. 3. XCUITest is an open-source testing framework for iOS apps that is developed and maintained by Apple and is ideal for iOS-specific UI test automation. XCUITest enables developers or QA engineers to test the user interface of native iOS apps using the Swift or Objective C programming language. 4. Robot Framework is a generic open-source automation framework that can be used for test automation and robotic process automation (RPA). It has easy syntax, utilizing human-readable keywords. Its capabilities can be extended by libraries implemented with Python or Java. The framework was initially developed at Nokia Networks and open-sourced in 2008.

developer could test locally on their machine. You would actually have to do something like this,” Herschmann said. Another major trend around simplifying mobile testing is consolidating around a framework so that tests don’t need to be completely rewritten when dealing with new operating systems or devices. It can get quite expensive when an organization has to make the decision between native development or using a platform such as React Native. Testing can be much more simplified when using one of the major frameworks by doing a lot of the testing before getting to the device because testing on the device is what’s painful, Centric’s Wallace explained.

Employ virtual machines Another way to do manual testing is by buying virtual machines, putting the emulator on them, and letting testers use a VM rather than using a device. This is effective for testing offshore with people in other countries in instances where they’re not allowed to install the app on their device or can’t have the data in their network. Still, they can connect to a VM because there’s no data transfer, Wallace explained. “The paradigms of how I build an application have changed. There’s still native-app development, native in the sense that I write specifically with the widgets or elements that exist on iOS and those that exist on Android, but this becomes less frequent,” Gartner’s Herschmann said. “The more frequent approach is now to use one of the common frameworks that would take what you write in one abstract framework layer that gets sort of translated and compiled into the core platform that it’s actually rendered on.” Also, the shift to using a public device cloud, which contains a couple of thousand devices for anyone to test on, is pervasive now. Whenever the next person wants to run their test, the devices are basically reset so that there’s no interference with any data. To a much lesser extent, some organizations work within a private device cloud. Here the provisioning

014-17_SDT050.qxp_Layout 1 7/21/21 9:37 AM Page 17

www.sdtimes.com

and administration mechanisms work the same way as in a public cloud, but the devices are still reserved for that organization. The third and rarest option by far are the cases where there’s a device rack somewhere in a server room, but the way it’s accessed is also through the cloud, according to Gartner’s Herschmann. “Over the years, it has shifted to the public cloud because the private option was a lot more popular a couple of years back when people didn’t trust the cloud so much,” Herschmann said. “Let’s just say if you’re a consumer application or maybe a retail website. Well, you want to put it out in the open anyhow. So there is no reason why you would want to do it in your closet and not go out.” Cloud device providers often have contracts with various device and telecom providers to have day-one availability or even give developers access to the technology sometime before to run tests before launch day. Simulators and emulators can also be used for more operating system features, such as Google’s new API for COVID, which isn’t very hardware hungry. On the other hand, for nonstandard uses of the camera, LiDAR, or other features specific to the hardware, you have to test on the device itself.

In a mobile-first world, testing is vital Mobile app development has been integrated into mainstream development, which has increased the importance of diligent mobile testing. Now, the same testing scripts can basically be used for desktop or mobile, which has also prompted the need for consolidated testing. “We’ve gone from a world where people thought we were going to be mobile-first or mobile-only 5 or 6 years ago, but it ended up being mobile-first because mobile-only is not a reality,” Forrester’s Lo Giudice said. So mobile has to be integrated into a broader omnichannel strategy because these applications that run on mobile also have to run on a desktop or a tablet. The progress to mobile-only was mostly stifled by the pandemic, since

August 2021

SD Times

Real users for real testing results While automation is a vital tool in many aspects of mobile testing, it has to be coupled with manual testing when it comes to applications that rely heavily on location, as in the case of Bloc, a social events app that rewards people for attending venues. “We suggest venues that are local to someone and a lot of the functionality of the app relies on people being in the same area. This makes it extremely difficult to outsource the testing to a third party because their testers will be dotted around the world,” said Josh Wood, the founder and CEO of Bloc. The company at first set up simulators and faked people’s location but it still wasn’t a comprehensive enough strategy. Then, Bloc had to find and onboard its own testers, which became difficult when trying to scale to thousands of users, according to Wood. Now, the company relies on internal tests from real users who don’t necessarily know they’re testing the app. “The best feedback and log files we’ve got are from real users using it in real time and that’s how we’ve created a pretty decent app today that works well,” Wood added.

people worked in front of their computers at home. Before, companies tried to push as much as possible onto mobile phones. “I think the assumption that everything would go onto a mobile phone was just wrong,” Lo Giudice said. “I mean, the web is still well and healthy, but what changed is that if I have to design an application, I will think that design for the mobile phone, for the smaller screens and then scale it eventually to the bigger ones, rather than five years ago, the apps were thought for a large screen. And then we had to squeeze them onto the mobile phones.” This mobile-first approach has led organizations to hire out specialists that can test for omnichannel applications. Organizations are no longer just looking to hire specialists that only test for the current iOS version, but that tests against a standard so that new versions don’t require them to change the test code beyond some compatibility issues, Centric’s Wallace explained. “I think a lot about what the person that’s going to maintain this, what their

experience is going to be like, and what the shelf life of these tests are going to be because you maintain an app for a much longer time than you spend building it,” Wallace said. When establishing a testing strategy, organizations first have to think about the tech stack that they’ll be testing for and who will be doing the testing, whether that’s the developer, the technical side or the business side. There are solutions out there now that can tailor to each type of tester, according to Gartner’s Herschmann. “It’s no longer that hard to write a mobile app. Anybody can do it basically with no-code tools, but building the right app is all about building an app that is useful for potential consumers,” said Herschmann. “So you have to have a very compelling value proposition to even get people interested. And then don’t screw it by bringing up a choppy version of that app, because that will kill it immediately. I mean, that’s why I think testing quality is so important because honestly, you’ve only got one chance today.” z

SD Times

August 2021

www.sdtimes.com

Continuous delivery steps While organizations agree on the benefits of increasing the speed BY DAVID RUBINSTEIN Continuous delivery is stepping out from the shadow of its partner, continuous integration, and is having a moment as organizations look to increase the speed of application delivery while still delivering stable software. There is a problem, however. A recent “State of Continuous Delivery” report by the Continuous Delivery Foundation (CDF) found that adoption is low, and less than what was reported in earlier studies, according to Tracy Miranda, the foundation’s director. Continuous delivery grew out of the DevOps concepts as a way to make changes quickly and get them out to customers, to take advantage of market changes or to outmaneuver competitors. But today, CD (as it is known) has grown to encompass testing, security and governance — basically, all the steps software always has gone through before it is released into the wild.

Taking a step back As the twin notions of being able to make changes to software quickly and then

deliver it to users safely and securely were fleshed out, the terms CI and CD were seen as a pipeline for software production, and were lumped together as CI/CD. But even early on, there was confusion over the meanings of ‘delivery’ and ‘deployment.’ According to Miranda, “For a long time, people saw them as connected. And now we’re starting to get really fine-grained. So you can deploy something into production, but you haven’t delivered it to customers.” Viktor Benei, CTO and co-founder of mobile DevOps solution provider Bitrise, said continuous integration and delivery are intertwined. “I think it’s part of the same process and trend: automating as many of your processes as possible — anything that can be automated throughout the app development life cycle,” he said. “Reduce manual, errorprone steps via automation and save time for the things which can’t be automated.” Yet, Miranda believes the term CI/CD is a bit of a misnomer, because it makes you think there are only two things you have to do to deliver software: integration and deployment. She said one of the first things that got discussed

when the foundation was being created in 2019 was being able to agree on what is meant by those terms, so there would be a common language to build on. She said they now use the term continuous delivery to mean the set of practices teams need to use to deliver software safely, reliably and securely. “It’s pretty much in line with the “Accelerate” book Jez Humble and Nicole Forsgren (of the DevOps Research and Assessment team, or DORA) put together,” Miranda said. “We distinguish it from continuous deployment, which is that last stage of getting your code out into production and lots of people use continuous delivery and continuous deployment synonymously. But we prefer to use continuous delivery as the set of practices. So that includes continuous integration, continuous deployment, configuration management, security, and testing.” Senthil Nathan, product manager, HCL Software DevOps, defined things this way: “I would say the answer is continuous delivery is getting to the end customer, and continuous deployment is more of automating

018-22_SDT050.qxp_Layout 1 7/22/21 9:29 AM Page 19

www.sdtimes.com

August 2021

SD Times

Buyers Guide

into the spotlight of deployments, adoption of the DevOps practice remains low the deployment process.” CI, he said, can be viewed as a singlepipeline build/unit test environment. “Let’s say checking into master is your trigger. The moment that trigger happens, it goes through different things, but it all happens in, say, a span of minutes.” Organizations have done better with CI than CD, he opined, “because to

an extent, that is just live work. Developers pick it up, and they do it.” On the continuous deployment side, more than developers are involved — you have testers, security people, audit and governance people — and that makes the process more complex. And Nathan said automation is key to replace manual and scripted deployments, to

smooth out and speed up the process. A manual approach requires changing scripts when moving from, say, a development environment to a staging environment to the production environment. In those non-automated organizations, Nathan explained, “they have a script and they run it out and that does continued on page 21 >

DevOps for mobile applications Organizations building and delivering mobile applications using DevOps techniques and tooling will find their are important differences in how their processes are applied. Viktor Benei is CTO and co-founder of Bitrise, a company that offers solutions for mobile DevOps, and when asked if there were differences developing apps for mobile devices as opposed to on-premises servers or the cloud, he responded: “Lots of things — some big, some small.” “You can’t fully automate the continuous deployment process for mobile, as releases have to go through the app stores,” he said. This means organizations should still optimize how frequently they deploy their applications. As Benei noted, “Users also expect frequent updates, but not too frequent, so around once per week.” He went on to say that testing and monitoring also differ. For testing, for example, you have to run emulators for UI testing. You also inherently work with a “monolith” — you can’t just release parts of the app separately like you can with microservices. The app stores themselves inhibit continuous deployment,

Benei said. “You can employ some tricks like releasing only to certain countries, doing something like a canary release, but you can’t do full continuous deployment.” Benei suggested still having iterations ready for deployment frequently, “but things like feature flagging are even more important for code integration from multiple teams and so you can release every week or so,” he said. “You also have to double down on automated testing, running tests on a wide variety of virtual and physical devices.” Benei offered that automation is a key best practice for mobile DevOps. “Automate as much as possible — reduce manual steps and processes. Focus heavily on testing, as you can’t do rollbacks and you can’t just push a fix as quickly as you can for a web service. Also, benchmark your app as much as possible — for example, benchmark the size and the startup time of your app as you can lose a lot of customers if your app is too large or loads slowly. z — David Rubinstein

Full Page Ads_SDT050.qxp_Layout 1 7/22/21 9:46 AM Page 20

018-22_SDT050.qxp_Layout 1 7/21/21 5:02 PM Page 21

www.sdtimes.com

< continued from page 19

the deployment. But for every new environment that comes up, they change the script to adapt to that environment. So from there, we would like to move them to somewhere where they have a single process that they use to deploy in the dev environment to your production environment. And anything that is different from that environment is more of a configuration and not an actual script change for you to do that.” Nathan suggests that the first step companies need to take for continuous delivery is to write down their deployment process, which he said is more of a flow chart. “You drag and drop things and then configure it and say, ‘Okay, this is what I want to do as deployment.’ He

went on to say organizations should test their deployment processes across environments before the code reaches production. “Then,” he said, “that’s the same thing that you use across all your environments.”

Still, adoption lags Part of the reason that CD adoption lags is that many organizations believe what they’re doing today works for them. If scripted deployments work for them, they won’t feel an urgency to change. “It’s more of a denial mode at this point,” Nathan said. “Many of them really think that what they have today is good enough, and they don’t have to pick something new.” Another piece to the adoption lag is

August 2021

SD Times

that operations teams have trouble giving up control to the CD tools to do deployments, Nathan added. Where CI is mostly developer focused, CD involves more people, and thus requires more people to agree to doing it. “You need the test teams to come back here and say, I will do test. Like, once the deployment is over, the deployment tool will trigger the testing and all that you need, you need your operations teams to come and agree to whatever we are doing up here. And then you start talking about controlled environments like production and pre-production and things like that, then people say, like, ‘No, this works worked for us for decades, why change that.’ So that is the challenge.” z

How do your solutions help organizations deploy speedily, securely, and stably? Senthil Nathan, product manager, HCL Software DevOps HCL Launch is the continuous delivery tool within the powerful HCL DevOps tool chain, enabling modernization for complex enterprises. Continuous delivery is one of the most efficient ways to enable development teams to focus on delivering quality software. With HCL Launch’s “deploy from anywhere to anywhere” capabilities, enterprise DevOps teams are delighted to find they can automate deployments to a broad mix of environments such as mainframes, microservices, on-prem, public, private, and hybrid cloud. HCL Launch works wherever, with a massive plug-in site that includes more than 300 integrations and easily connects source configuration repositories, change management systems, or middleware. The rapidly expanding big data ecosystems of large organizations demand more from their IT departments. Knowing this challenge, successful IT departments rely on HCL Launch features like automated audit history and governance to set deployment checks and approvals specific to their organizations. In turn, team members are able to standardize processes and speed up deployments. The critical audit log provides a view and stores the history of “who, what, where, when, and how of those deployments.” HCL Launch also provides visibility by keeping track of where and when artifacts have been deployed. This allows organizations to easily glance at the state of all application environments and make decisions based on real time data. Developers can leverage HCL Launch templates to ensure that configurations and security settings are standardized for all like-applications, and the powerful property reference system lets users store correct configurations in secure and versioned locations. HCL Launch gives teams a powerful continuous delivery tool to rely on in their DevOps toolchain.

Viktor Benei, CTO and co-founder of Bitrise Building mobile apps is uniquely challenging. Years ago, the three founders of Bitrise experienced firsthand the day-to-day struggles of mobile engineering, due to the lack of a mobilespecific toolset, so they decided to build their own CI/CD solution — specifically designed for mobile development. Bitrise enables thousands of customers to iterate faster, deliver higher-quality apps, and consequently, achieve better app store ratings and increase their competitiveness on a crowded mobile marketplace. By providing hundreds of integrations for native and cross-platform development, their platform helps developers automate repetitive manual tasks, ensuring consistent results and freeing up engineering resources better used to create real business value. Besides their standard offerings, Bitrise also provides plans for customers to further optimize their build times. Their Velocity Plan unlocks speed by lifting concurrency limitations, while providing access to the best, fastest compute options available on our public MacOS and Linux cloud. Moreover, the company has recently introduced their brand new, second-generation — or Gen2 — Build Infrastructure running fully on macOS, with cloudscale orchestration and enterprise-level security, through which they enable enterprise-level clients to speed up builds by as much as 50%. Today, many of the world’s most sophisticated mobile teams, such as Transferwise (now “WISE”), Virgin Mobile, Grindr, Tonal, Compass, Mozilla, Philips Hue, Babbel and others rely on Bitrise to streamline their build-, test-, and deployment processes, and are outperforming competition as a result. By eliminating the need for manual tasks, fixing errors, and performance upgrades, their customers release with confidence and build apps that are used and loved by millions of users around the world. z

SD Times

August 2021

www.sdtimes.com

A guide to CI/CD tools n

FEATURED PROVIDERS n

n Bitrise is a cloud-based, secure, and scalable CI/CD solution, specifically designed for mobile app development. The company’s mission is to help their customers all around the world create better apps, faster. With customers ranging from centuries-old enterprises, to some of the youngest, most innovative new startups and mobile unicorns, applications built, tested, and deployed through Bitrise have made their way to billions of end users around the world. n HCL Software: Deploy anything, anywhere with HCL Launch, a versatile, enterprise-level continuous delivery solution. From mainframe to microservices and everything in-between, HCL Launch is engineered to handle the most complex deployment situations with push-button automation and controlled auditing needed in regulated and technically diverse enterprises. n Atlassian: Bitbucket Pipelines is a modern cloud-based continuous delivery service that’s built right into Atlassian’s version control system, Bitbucket Cloud. Bitbucket Pipelines automates the code from test to production. Bamboo is Atlassian’s onpremises option. n CA Technologies, A Broadcom Company: CA Technologies’ solutions address the wide range of capabilities necessary to minimize friction in the pipeline to achieve business agility and compete in today’s marketplace. These solutions include everything from application life cycle management to release automation to continuous testing to application monitoring — and much more. n Chef: Chef Automate provides a platform that enables you to build, deploy and manage your infrastructure and applications collaboratively. Chef Automate works with Chef’s three open-source projects; Chef for infrastructure automation, Habitat for application automation, and Inspec for compliance automation, as well as associated tools. n CloudBees: The CloudBees Suite builds on continuous integration and continuous delivery automation, adding a layer of governance, visibility and insights necessary to achieve optimum efficiency and control new risks. This automated software delivery system is becoming the most mission-critical business system in the modern enterprise. n Cloud Foundry is promoted for continuous delivery as it supports the full applica-

tion development lifecycle, from initial development through all testing stages to deployment. Cloud Foundry’s containerbased architecture runs apps in any programming language over a variety of cloud service providers. n Digital.ai: The company's Deploy product helps organizations automate and standardize complex, enterprise-scale application deployments to any environment — from mainframes and middleware to containers and the cloud. Speed up deployments with increased reliability. Enable selfservice deployment while maintaining governance and control. n Liquibase, formerly Datical, brings Agile and DevOps to the database to deliver the database release automation capabilities IT teams need to bring applications to market faster while eliminating the security vulnerabilities, costly errors and downtime often associated with today’s application release process. n GitLab allows Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab’s built-in continuous integration and continuous deployment offerings enable developers to easily monitor the progress of tests and build pipelines, then deploy with the confidence across multiple environments — with minimal human interaction. n IBM: UrbanCode Deploy accelerates delivery of software change to any platform — from containers on cloud to mainframe in data center. Manage build configurations

and build infrastructures at scale. Release interdependent applications with pipelines of pipelines, plan release events, orchestrate simultaneous deployments of multiple applications. n JetBrains: TeamCity is a continuous integration and continuous delivery server that integrates with all major development frameworks, version control systems, issue trackers, IDEs, and cloud services. n Microsoft’s Azure DevOps Services solution is a suite of DevOps tools that includes Azure Pipelines for CI/CD initiatives; Azure Boards for planning and tracking; Azure Artifacts for creating, hosting and sharing packages; Azure Repos for collaboration and Azure Test Plans for testing and shipping. n Puppet: Puppet Pipelines provides developers with easy-to-use, self-service workflows to build containers, push them to any local or remote registries, build and deploy Helm charts, and deploy containers to Kubernetes in under 15 minutes, while providing governance and visibility into the entire software delivery pipeline and the status of every deployment. n Octopus Deploy: Octopus Deploy is an automated release management tool for modern developers and DevOps teams. Features include the ability to promote releases between environments, repeatable and reliable deployments, ability to simplify the most complicated application deployments, an intuitive and easy to use dashboard, and first-class platform support. n Redgate Software: Including SQL Server databases in continuous integration and continuous delivery, and stopping them being the bottleneck in the process, is the mission at Redgate. Tools such as SQL Source Control, SQL Compare and SQL Change Automation integrate with Git or Team Foundation Server, Jenkins or TeamCity, Octopus Deploy or Bamboo, for example, allowing the database to be developed alongside the application. n VMware: With VMware Tanzu, you can make the most of these cloud native patterns, automate the delivery of containerized workloads, and proactively manage apps in production. z

Full Page Ads_SDT050.qxp_Layout 1 7/21/21 9:45 AM Page 23

024_SDT050.qxp_Layout 1 7/21/21 9:29 AM Page 24

SD Times

August 2021

www.sdtimes.com

Guest View BY MICHAEL AZOFF

Why low code/no code is on the rise Michael Azoff is chief analyst at Kisaco Research.

his is a brief history of UI development within the broader topic of software development and reflects my personal journey to build a chess variant application for fun. The UI matters a lot because it dominates the code in most professional/commercial applications. Typically, the code that controls how you interact with your application takes up most of the program. It is often called ‘plumbing’ and most programmers re-write this part repeatedly in every application, ideally with only small changes, whereas the part of the program concerned with the core application may be just 10% to 20% of the whole code. Picking up the story just before the internet (pre1994), it was quite simple then, Microsoft and its Windows OS dominated, and the user interface was for the PC. The World Wide Web brought in a major change in UI development. Post 1994, UIs had to contend with browsers and connecting to applications that were running on a remote server in the data center. Web applications had to deal with being offline and synchronizing when online. My interest and frustration with the UI came with my pastime desire to code a chess variant with a multi-player interface. I programmed in Java and hence the UI came in the form of Java applets that could run on any browser. The problem was that soon after I developed this application, running applets was considered a security risk and they needed a security certificate, and then they were banned altogether. Back to the drawing board for me. Then in 2007 Apple launched the first smartphone, the iPhone, and gave developers another UI to build for. In the wake of Apple’s success sprang a smartphone industry of copycats and we all watched with keen interest the fragmented mobile OS wars. Eventually out of that war emerged two winners: Apple’s iOS and Google’s Android. By this point UI development could be done relatively painlessly if you stuck to one platform (i.e., one OS and device form factor) but with the fragmentation of platforms, wishing to cover more than one meant re-writing your application. Writing once and deploying multiple times became desirable if you wanted an application with the broadest reach. Enter the RIA evolution (circa

UX has been the prime driver of change for the UI.

2010) that led to cross-browser/cross-platform UI engines targeting desktop and mobile, and there were three main contenders: Adobe Flash, Microsoft Silverlight, and Oracle JavaFX. However, Apple wanted a closed shop, and was against supporting any cross-platform engine. Security had a part to play in that policy; Flash was continually being updated with security patches. Oracle, the new owner of Java, was internally divided on whether to grow JavaFX or not, and eventually decided not to, giving it over to an open source community where it continues to have a life today. Circa 2016-2017, I had not appreciated how powerful Apple’s position was, as the mobile space was still fragmented. After considering the options, I decided my next step with my chess variant was to opt for Adobe Flash. Many months passed and Adobe announced it was abandoning Flash. The mobile wars were over, and Apple was a winner. Microsoft also abandoned its cross-platform engine. And back to the chess drawing board for me. Today we have JavaScript as the dominant browser UI scripting language with technology options such as node.js and Angular and others too many to mention. There is a separation today between programming core applications and programming the UI, as each has its own set of technologies. This fragmentation has also played nicely for the low code/no code (LCNC) players. LCNC will release a pent-up demand to build applications that line-of-business departments desire and which many central IT departments often have no capacity to satisfy. LCNC today can play the role of a cross-platform UI builder, but solutions vary as to which platforms are supported. UX has been the prime driver of change for the UI: the web browser gained adoption because it made navigating the internet easier, and the iPhone revolution was all about UX, it expanded the mobile phone into a handheld computer running multiple apps in an easy intuitive way. These technology waves made the UX better. At the same time, they created new barriers for any programmer wanting to create a cross-channel UI-rich application. So, it is no surprise to me to see the rise of LCNC, taking the burden out of crossplatform UI development is a great opportunity, I think this sector of appdev will continue to grow. z

025_SDT050.qxp_Layout 1 7/21/21 9:30 AM Page 25

www.sdtimes.com

August 2021

SD Times

Analyst View BY JASON ENGLISH

Why hide testing from development? T

he current meta-trend of hidden software testing — in which much of software testing gets pushed to shift-right, post-production validation — led me here. I’ve spent most of my life working with technology firms where testing was an unassailable virtue, and therefore, the concept of testing was constantly encouraged. Now, it seems like many companies are pushing QA upstream to customers. The stakes for quality are still high. So why has software testing gotten such short shrift lately?

Test teams have changed Remember when there used to be a QA team, separate from the development team in any decent-sized IT shop with a software delivery function? This QA team staffed as many as one tester for every 3 to 10 Dev and Ops people. Test-driven development encouraged earlier unit and regression testing burdens to be shared between teams. Unfortunately, first-to-market pressures truncated QA teams that faced ever-shortening test windows, and retained little authority to ‘stop the presses’ for quality issues. Many companies abandoned QA teams in favor of mingling testing and development. Who wants to be the buzz-kill that stopped the killer software release customers expected?

Test roles have changed The sunset of the QA team also means we don’t have a ‘Head of QA’ any more. Titles containing “QA Specialist” or “Tester” became scarce about a decade ago. In a DevOps world, the testing function is increasingly integrated into pair programming or small Agile team exercises. Some companies encouraged more coding on the part of testers, and more testing on the part of engineers, eventually leading to the rise of the ‘SDET’ (or software development engineer in test) cross-functional role. If developers must test their own code, and testers must become developers, who will independently validate that the software meets business requirements? Perhaps a magic testing box?

Test tools have changed The grand age of automated testing tools has subsided. Richer freemium tools, and then, opensource software took over for the huge enterprise licenses sold by the likes of Mercury and Rational and Segue from the Y2K testing days. At this point, software observability became a hot new space, and testing lost its shine. Gartner even discontinued Continuous Testing as a product category altogether.

Jason English (@bluefug) is a Principal Analyst and CMO of Intellyx.

Punting responsibility for testing “There’s a tricky balancing act between QA and development,” Chris Cardinal, principal at CarbonQA, told me. “If you say ‘we'll just let our customers test the software’ I hope that it doesn't come back to bite you royally. An entire brand can turn on bad app store reviews.” Today, testing must still find a home within your process, or total failure will certainly catch up with your organization. That leaves several options: • Offload it to a new QA team. Why not restart with a tiger team of expert testers? • Offload it back to development. Better make sure they are incentivized for quality, not just speed. • Offload it to a tool. Test automation tools keep getting better, but don’t believe 100% unattended claims. • Offload it to a services firm. Benefit from specialized test vendors with their own expert methodologies and tool stacks that work closely with your team. • Offload it to customer support. Everything’s gonna be alright. • Offload SOME testing to your customers. Establish a beta tester program or try A/B, feature flagging and canary testing to shift-right. It’s not best for all workflows, but it may be the best realworld test feedback you’ve ever had.

The stakes for quality are still high. So why has software testing gotten such short shrift lately?

The Intellyx Take This trend of hidden testing — and thinking we can hide testing — will pass. In the meantime, it’s kind of fascinating to watch how organizations can adapt and survive the change. z

026_SDT050.qxp_Layout 1 7/21/21 4:55 PM Page 26

SD Times

August 2021

www.sdtimes.com

Industry Watch BY DAVID RUBINSTEIN

Value stream intelligence David Rubinstein is editor-in-chief of SD Times.

etrics are great. They give you insight into how your systems are running, and help you see the results of what you’ve done. They help you derive value from your efforts. But what if you want to not merely play catch-up with what the metrics are telling you, but instead want to mitigate against how things are going to go? That, according to Adam Dahlgren, VP of product development at Allstacks, is where value stream intelligence comes in. He calls VSI the evolution of value stream management. Organizations (mostly) all believe they’re doing great work. But from a business level view, many are still flying blind. He explains: “There’s all these different value streams, for marketing, sales, customer success, product developers, and the like. But they’re all hinged on each other. Let’s say one of these value streams is developers building a feature, and that feature is driving later, and later. Well, the product marketing stream is relying on and reacting to the change in the developer stream. And all they can do right now is just react when I say, ‘Oh, it’s way crap, I gotta do something else.’ I’m scrambling, always playing catch-up. If instead, we can give the developers and the product marketers in this example the ability to communicate with each other on an ongoing basis on how things are changing, now we’ve restored power to each of the orgs to say, well, based on what’s transpiring, how do you want to change your behavior? Now you’ve connected those values. So this developer value stream that maybe is running late, has a cascading impact on the marketing value stream.” Dahlgren said the widely accepted DORA metrics provide organizations with snapshots of how they’re doing. Those metrics — deployment frequency (DF), mean lead time for changes (MLT), mean time to recover (MTTR) and change failure rate (CFR) — are considered the gold standard for organizations seeking the value that can be derived from moving quickly to add features and remove bugs from their software. The DORA metrics, Dahlgren said, “were a great starting point. But for the real business alignment, and core value capture for these big companies, those

This developer value stream that maybe is running late, has a cascading impact on the marketing value stream.

DORA metrics are tiny snippets of what’s really possible. Together, they are helpful, but but you can be nailing all four of your DORA metrics and building all the wrong stuff and not actually know what’s going on.” He gave an abstract example of a city dealing with traffic problems. “You’re looking at timings at traffic lights and some engineer somewhere has decided that the yellow light needs to be three seconds on all these different traffic lights, but there’s one yellow light that’s four seconds. Okay, if that’s out of the boundary, should we change it to three seconds? Did that accomplish anything? It got it into spec. But is there still traffic?” “But if you look at it another way, like, at this intersection, there’s a significant amount of traffic,” he continued. “We could fix the traffic at that one intersection. Well, it turns out that, you know, the left turn lane is actually just part of the left lane. And we need to actually create a dedicated left turn lane, that’ll solve the problem. That’s management by exception. That’s the intelligence to say, there’s something out of bounds here. It’s an unknown unknown. It’s not something you knew to monitor, but it’s something you need to direct your attention to.” Value stream intelligence, Dahlgren said, can show you where you’ve been historically successful, and the ways you deviate from those successful pathways that then cause delays. “So when these things manifest again, whether you’re monitoring them or not, we’re going to bring them to your attention. And all the value stream management stuff is your supporting documentation.” This is important when things go out of bounds in a way we’re not familiar with, he continued. So, in looking at related data, and now seeing some things in combination, you can determine what the next steps should be. “Turns out the four-second yellow light is beneficial, because it gives people one extra second to sneak in that extra left turn, which then smooths out the traffic flow. And some smart engineer had just realized that and set it up. When we brought it back into spec [of three seconds], we didn’t realize that that would actually have these cascading impacts [of slowing traffic]. That’s what we’re bringing to bear when you leverage this kind of intelligence.” z

IBC_SDT049.qxp_Layout 1 6/25/21 3:29 PM Page 2

Time to go with the flow! Organizations today are turning to value streams to gauge the effectiveness of their work, reduce wait times and eliminate bottlenecks in their processes. Most importantly, they want to know: Is our software delivering value to our customers, and to us? VSM Times is a new community resource portal from the editors of SD Times, providing guides, tutorials and more on the subject of Value Stream Management.

Full Page Ads_SDT016.qxp_Layout 1 9/21/18 4:14 PM Page 28

SD T Times imes News on Mond day The latest news, news analysis and commentary delivvered to your inbox!

• Reports on the newest technologies affecting enterprise deve developers elopers • Insights into the e practices and innovations reshaping softw ware development • News from softtware providers, industry consortia, open n source projects and more m

Read SD Times Ne ews On Monday to o keep up with everything happening in the software devvelopment industrry. SUB BSCRIBE TODA AY! Y!

SD Times August 2021

Articles inside

ANALYST VIEW by Jason English

GUEST VIEW by Michael Azoff

News Watch