SDT02 cover_Layout 1 7/21/17 3:46 PM Page 1
AUGUST 2017 • VOL. 2, ISSUE 2 • $9.95 • www.sdtimes.com
SDT02 Full Page Ads_Layout 1 7/21/17 3:53 PM Page 2
SDT02 page 3_Layout 1 7/21/17 3:18 PM Page 3
Contents
VOLUME 2, ISSUE 2 • AUGUST 2017
FEATURES
NEWS 6
News Watch
8
Python gains popularity
How artificial intelligence will invoke new hack attacks
What you want, when you want it. Key trends in modern UX design
page 10
12
The coming impact of GDPR on digital businesses
15
Red Hat reduces IoT tradeoffs
16
From SCM to CI: How GitLab plans on automating DevOps for its users
18
Avoid these mistakes when transitioning to an XaaS model
21
WhiteHat Security: Improving app security with DevSecOps
25
Delivering a flawless application
page 23
Test Driven Development is alive and well page 39
Agile Showcase
page 31
COLUMNS 48
GUEST VIEW by Scott Schaedle A designer’s approach to development
49
ANALYST VIEW by Dr. Arnal Dayaratna Graal: the grail of polyglot runtime?
50
INDUSTRY WATCH by David Rubinstein It’s a ‘Cognitive First’ world
33
HPE software enables agile business
35
Agile can’t succeed as an island
Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 225 Broadhollow Road, Suite 211, Melville, NY 11747. Periodicals postage paid at Huntington Station, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2017 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 225 Broadhollow Road, Suite 211, Melville, NY 11747. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
SDT02 page 4_Layout 1 7/20/17 3:25 PM Page 4
®
www.sdtimes.com
Instantly Search Terabytes of Data DFURVV D GHVNWRS QHWZRUN ,QWHUQHW RU ,QWUDQHW VLWH ZLWK GW6HDUFK HQWHUSULVH DQG developer products
EDITORIAL EDITOR-IN-CHIEF David Rubinstein 631-421-4154 drubinstein@d2emerge.com SOCIAL MEDIA AND ONLINE EDITORS Christina Cardoza ccardoza@d2emerge.com Madison Moore mmoore@d2emerge.com SENIOR ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com
Over 25 search features, with easy multicolor hit-highlighting options
CONTRIBUTING WRITERS Lisa Morgan, Alexandra Weber Morales, Frank J. Ohlhorst CONTRIBUTING ANALYSTS Rob Enderle, Michael Facemire, Mike Gualtieri, Peter Thorne CUSTOMER SERVICE
dtSearch’s document filters support popular file types, emails with multilevel attachments, databases, web data
SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi adtraffic@d2emerge.com LIST SERVICES Shauna Koehler skoehler@d2emerge.com
Developers: ‡ $3,V IRU 1(7 -DYD DQG & ‡ 6'.V IRU :LQGRZV 8:3 /LQX[ 0DF DQG $QGURLG ‡ 6HH GW6HDUFK FRP IRU DUWLFOHV RQ faceted search, advanced data FODVVLILFDWLRQ ZRUNLQJ ZLWK 64/ 1R64/ RWKHU '%V 06 $]XUH HWF
Visit dtSearch.com for ‡ KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV ‡ IXOO\ IXQFWLRQDO HYDOXDWLRQV
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com WESTERN U.S., WESTERN CANADA, EASTERN ASIA, AUSTRALIA, INDIA Paula F. Miller 925-831-3803 pmiller@d2emerge.com
PRESIDENT & CEO David Lyman CHIEF OPERATING OFFICER David Rubinstein D2 EMERGE LLC 225 Broadhollow Road Suite 211 Melville, NY 11747 www.d2emerge.com
SDT02 Full Page Ads_Layout 1 7/21/17 1:08 PM Page 5
SDT02 page 6,7_Layout 1 7/21/17 3:18 PM Page 6
6
SD Times
August 2017
www.sdtimes.com
NEWS WATCH New open-source Python library enables reactive web apps As interest in the Python programming language increases, a new open-source project wants to help developers start building applications in the language. Dash, created by the online data analytics and visualization solution provider Plotly, is a Python library for analytical, web-based applications. “Explore data, tweak your models, monitor your experiments, or roll your own business intelligence platform. Dash is the frontend to your analytical Python backend,” the company wrote on the project’s website. According to Plotly, Dash can be used for data analysis, data exploration, visualization, modelling, instrument control and reporting. The project is lightweight with just 40 lines of Python; provides an interface for typing UI controls such as sliders, dropdowns and graphs with code; and is completely customizable.
Angular Material beta 8 announced with data-table component The Angular team has announced Angular Material beta 8. Angular Material is a project designed to help developers build apps with Angular, and reuse code and abilities for web, mobile, native mobile and native desktop apps. “Our goal is to build a set of high-quality UI components built with Angular and TypeScript, following the Material Design spec. These components will serve as an example of how to write Angular code
GitHub introduces code owners for code review Determining who should review files for code review is not always clear, which is why GitHub is introducing code owners, a new feature that automatically requests reviews from the code owners when a pull request changes any owned files. This feature lets repository maintainers define the exact people and teams who need to review projects, according to GitHub. Code owners work by creating a file named CODEOWNERS in the repository’s root directory (or in .github/ if you prefer). Once that is complete, code owners will automatically be requested for review whenever pull request touches the files they own. For extra security, GitHub has also added a new protected branch option to make sure the right people get to review. If a user enables protected branches, a code owner for each owned file has to leave a review before someone can merge a pull request to that protected branch, said GitHub. following best practices,” the team wrote on its GitHub page. The latest update features a new component dev kit and the data-table component. The component dev kit is a standalone package that “will be especially useful for projects that want to take advantage of the features of Angular Material without adopting the Material Design visual language,” according to a blog post. The initial release features accessibility, text directionality, platform detection and dynamic component instantiation. The data-table component will be available in two implementations: @angular/material and <cdk-table>. According to the team, According to the team, the data-table was the most requested feature for the project. The <cdk-table> implementation features a fully-templated API, dynamic tables and an accessible DOM structure, according to the team. The @angular/material imple-
mentation provides data-table functionality with <md-paginator> and mdSort directives. “These directives provide a UI for pagination and sorting inline with the Material Design guidelines without being tightly coupled to the data-table itself,” according to the blog post. Going forward, the team plans to add sticky headers, sticky columns, incremental row rendering and more to the data-table.
New Linux project protects softwaredefined networks The Linux Foundation is announcing a new opensource project designed to bring automated protection to software-defined networks. The Open Security Controller (OSC) Project is a new software-defined security orchestration solution with a focus on multi-cloud environments. “Software-defined networks are becoming a stan-
dard for businesses, and open source networking projects are a key element in helping the transition, and pushing for a more automated network” said Arpit Joshipura, general manager of Networking and Orchestration at The Linux Foundation. According to the project’s website: “The Open Security Controller (OSC) code base: ● is a software-defined security orchestration solution that automates deployment of virtualized network security functions, like next-generation firewall, intrusion prevention systems and application delivery controllers; ● enables East-West data center security, is scalable and reduces threats in software defined network environments; ● simplifies and automates security management and compliance; and ● because it is open, offers organizations the flexibility to choose the security technology that is best suited to their needs.”
SDT02 page 6,7_Layout 1 7/21/17 3:18 PM Page 7
www.sdtimes.com
Postman Pro free features available Small projects and individual developers now have access to API development tools with Postman free of charge, since the company’s latest version of the free Postman app will have limited-quantity access to many of the paid features of Postman Pro. Postman is a provider of an API development environment, and version 5.0 of its Postman app allows API developers to leverage the full power of Postman, with support at every stage of their workflow, according to the company. The app is free to all users and it’s available on Mac, Windows, and Linux native apps, as well as a Chrome app. Developers will have access to these popular features of Postman Pro in Postman 5.0, but for free and in small-project quantities. For instance, users will be able to access Postman’s private and public documentation feature (1000
views/month); run API monitoring calls (1000 calls/month); create and use mock servers (1000 server calls/month); and access Postman Collections via the Postman API (1000 API calls/month).
Java 9 moves forward with Java Platform Module System The results are in. The Java Community Process executive committee (EC) has voted a second time on the Java Platform Module System, known as JSR 376, and it has been approved. JSR 376 was first rejected in May with 13 EC members voting against it and 10 members voting for it. This time around all but one member voted for the system. Red Hat decided to abstain from voting. Last month, Red Hat stated that it did not believe the JSR 376 had made enough progress to be successful within the Java ecosystem. This time around, the compa-
ny decided to abstain from voting “because although we think there has been positive progress within the EG [Expert Group] to reach consensus since the last vote, we believe that there are a number of items within the current proposal which will impact wider community adoption that could have been addressed within the 30-day extension period for this release,” Red Hat wrote in a comment. “However, we do not want to delay the Java 9 release and are happy with the more aggressive schedule proposed by the Specification Lead and EG for subsequent versions of Java because getting real world feedback on the modularity system will be key to understanding whether and where further changes need to occur,” according to the comment. IBM, the first to vote against JSR 376 last month due to similar concerns as Red Hat, voted yes this round because the company felt the Expert Group was able to address most of its
The Go programming language heads towards 2.0 It has been five years since the Go programming language reached version 1.0. Since then, the team has been slowly making its way to 2.0, with version 1.8 of the language just released in February. Last month, at Gophercon 2017 in Denver, Colorado, the team revealed its goals and vision for reaching 2.0. “Now we have five years of experience using Go to build large, production-quality systems. We have developed a sense of what works and what does not. Now it is time to begin the next step in Go’s evolution and growth, to plan the future of Go. I’m here today to ask all of you in the Go community, whether you’re in the audience at GopherCon or watching on video or reading the Go blog later today, to work with us as we plan and implement Go 2,” Russ Cox, tech lead for the Go project and the Go team at Google, said during his talk at GopherCon. Cox explained, today’s goals mirror the same goals the team had as it set out to create the programming language in 2007, which was “to make programmers more effective at managing two kinds of scale.” That included production scale and development scale. For version 2.0, the goal focuses on finding ways to fix how the language fails to scale. The number one constraint currently is existing Go usage, according to Cox. “We estimate that there are at least half a million Go developers worldwide, which means there are millions of Go source files and at least a billion of lines of Go code. Those programmers and that source code represent Go’s success, but they are also the main constraint on Go 2,” he said.
August 2017
SD Times
issues with the system. “JSR 376 is now set to move to a Proposed Final Draft Specification. There may be minor modifications before it is declared a final specification, but the process it has undergone demonstrates that the JCP works to produce a powerful new language feature for Java. Credit to Oracle as the specification leader and those in the Expert Group who dedicated their time to reaching this milestone,” the company wrote in a statement. Java 9 is expected to be generally available by the end of September.
Mozilla introduces new solution for large JavaScript projects Developers can easily document large JavaScript projects with sphinx-js, Mozilla’s newly introduced solution. According to the company, there hasn’t been a tool able to handle large JavaScript documentation projects up until now. The markup language JSDoc provides tags to describe common structures and tooling to hook into those tags, but Mozilla says all it ends up doing is providing an alphabetical list of projects. “JSDoc scrambles up and flattens out your functions, leaving new users to infer their relationships and mentally sort them into comprehensible groups,” Erik Rose, senior staff software architect at Mozilla, wrote in a post. sphinx-js is based off the Sphinx mature documentation tool. The Python world has become accustomed to using Sphinx because it supports a variety of language and output formats. With sphinx-js, Mozilla brings JavaScript support to the tool. z
7
SDT02 page 8,9_Layout 1 7/20/17 3:26 PM Page 8
SD Times
August 2017
www.sdtimes.com
The new features of Python 3, the growth of AI, and new architectural a to address those issues. Python 3 added a number of new features to the lanThe Python programming language has guage that made it easier to learn and come a long way since it was first use such as the introduction of async.io released in 1991. Today, it is quickly for io-bound applications. Python 3 also becoming a first-class enterprise lanintroduced new features that were not guage used in production. backward compatible with Python 2.x “Python has been extensively used in and removed 2.x features that were the industry for anything from building maintained for backward compatibility, Raspberry Pi applications to configuraThoughtworks explained. tion servers and using a scripting lan“Our experience using Python 3 in guage for large scale applications,” said domains such as machine learning and Zhamak Dehghani, principal consultant web application development shows at Thoughtworks. “What we are seeing that both the language and most of its today is the perfect storm of a few techsupporting libraries have matured for nologies coming together and giving adoption,” according to the Thoughtrise to Python again, and trying to get it works Technology Radar. in more enterprise environ9% The Python Software Foundaments.” tion is currently pushing developAccording to Dehghani, this 8% ers to use Python 3+ because perfect storm is made up of 7% Python 2.7 will no longer be supPython 3 maturing over time, new 6% ported as of 2020. architectural approaches like 5% The next version of Python, 4.0, microservices and containers, and 4% is already in the works, but is not advancements in artificial intelliexpected to be released until 2023. gence. “All of this coming togeth3% That is because the language is on er makes it much more possible 2% a 18 month feature release cycle. for enterprises to use it through1% According to Nick Coghlan, a core out the development lifecycle, 0% developer of the language, there and not just research,” she said. 2015 2016 2017 2009 2010 2011 2012 2013 2014 aren’t any profound changes or In fact, Python recently popped up as one of Thought- Python interest has steadily increased over the last couple major backwards compatibility breaks expected with 4.0. “I’ve works’ Technology Radar of years based on developer questions asked. heard that question enough times themes. The Technology Radar provides insights into technology and Python Software Foundation (PSF) now (including the more concerned trends that are shaping the future. “The board of directors wrote in an email phrasing ‘You made a big backwards compatibility break once, how do I fact that it made one of our themes is interview with SD Times. Ford explains while developers don’t know you won’t do it again?’” he wrote. actually more notable because very few things do, and it was really because a lot often pick Python up as a primary lan- “Going from Python 3.9 to 4.0 should of the technology is popping up all guage, because it is so easy to learn and be as uneventful as going from Python over,” said Neal Ford, director and soft- can accomplish all sorts of tasks they 3.3 to 3.4 (or from 2.6 to 2.7).” For Python 3.0, Coghlan explains ware architect at ThoughtWorks. are using it as a secondary or third lanthere have been a number of changes “Python is a really good utilitarian lan- guage. According to Thoughtworks "that make it less likely that such depreguage; it is a very good general-purpose language. It is not overly complex and Dehghani, performance and concur- cations will be needed" such as emphadoesn’t have a lot of bells and whistles, rency had always been an issue in the sis on the Python Package Index, the but it is very good at solving bigger past with Python, but Python 3 aimed provisional API, and stricter requirekinds of problems.” Stack Overflow’s recently released Trends solution shows Python interest has grown steadily over the last couple of years. “Python is being used in a variety of ways. Many computer programming languages have a niche area that they serve. For example, Bash scripts focus on operating system tasks, while Ruby focuses more on web development. It seems like Python is used in every domain — system operations, web development, deployment, scientific modeling, etc etc. There is no other language that is so versatile,” the
BY CHRISTINA CARDOZA
% of Stack Overflow questions that month
8
SDT02 page 8,9_Layout 1 7/20/17 3:26 PM Page 9
www.sdtimes.com
August 2017
SD Times
l approaches is making Python a first-class language ments for new additions. The PSF board of directors added that Python needs to expand its presence on mobile platforms, and C-Python could do a better job of working with multiple cores for parallel processes. In addition to Python 3, the language has also seen uptake in the machine learning domain with libraries like Scikit-learn, TensorFlow, Keras and spaCy. “Data science and scientific applications are an area of high growth. Python’s accessibility allows subject matter experts to focus on their relative subject matter areas in their research. This doesn’t seem like it will stop any time soon,” PSF board of directors wrote. The growth of microservices and containers has made it easier to package Python dependencies and execute the language in production environments, according to Thoughtworks’ Ford. The PSF also says the growth of Python can be seen through the language’s community gatherings. According to the foundation, in 1992 the first workshop saw 20 attendees, then after a couple of years the community’s first annual conference — the International Python Conference — saw about 300 attendees, and today the PSF’s annual PyCon conference was sold out in March with more than 3,000 attendees from around the world. “One of [Python’s] major strengths is its accessibility to newcomers, because it is easier to develop a working piece of code in Python and iterate on it more quickly,” the PSF board of directors wrote. “Most of all, its community! For the language itself, readability, conciseness, and the completeness of its standard library, which we call ‘batteries included.’ ” z
Most Popular Programming Languages JavaScript
62.5%
SQL
51.2%
Java
39.7%
C#
34.1%
Python
32.0%
PHP
28.1%
C++
22.3%
C
19.0%
TypeScript
9.5%
Ruby
9.1%
Swift
6.5%
Objective-C
6.4%
VB.NET
6.2%
Assembly
5.0%
R
4.5%
Perl
4.3%
VBA
4.3%
Matlab
4.3%
Go
4.3%
Scala
3.6%
Groovy
3.3%
CoffeeScript
3.3%
Visual Basic 6
2.9%
Lua
2.8%
Haskell
1.8% 0
10
For the fifth year in a row, JavaScript was the most commonly used programming language. And once again, SQL takes second place, and Java third. However, the use of Python overtook PHP for the first time in five years.
20
30
40
50
60
70
Source: Stack Overflow Trends, 2017 Developer Survey Results, 36,625 responses
9
SDT02 page 10_Layout 1 7/20/17 3:26 PM Page 10
10
SD Times
August 2017
www.sdtimes.com
How artificial intelligence will invoke new hack attacks As advancements in artificial intelligence begin to enrich technology and lives, there is a threat lurking behind the innovation. What happens if hackers use artificial intelligence to invoke sophisticated attacks on our systems? Derek Manky, global security strategist for Fortinet, a cybersecurity software provider, said, “In the coming year we expect to see malware designed with adaptive, success-based learning to
are nowhere near close to that,” he said. Hong explained AI is getting a bad rap because people let their imaginations run wild and ascribe behaviors to it that the technology can’t really do. Nonetheless, AI won’t always be used for good, and we will need to be worried about those who choose to misuse it. According to Manky, this malware will use code that’s a precursor to AI. It will replace the traditional “if not this, then that” code logic with more
improve the success and efficacy of attacks. This new generation of malware will be situation-aware, meaning that it will understand the environment it is in and make calculated decisions about what to do next. In many ways, it will begin to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.” But Jason Hong, associate professor of the Human Computer Interaction Institute at Carnegie Mellon School of Computer Science, assures that these attacks aren’t as serious or scary as how AI is depicted in movies like “Terminator,” nor will they be as advanced as HBO depicted in its series “Westworld.” “If you look at all the movies and TV shows, they keep on showing all these different things of what people’s imaginations are on what these things can do. We
complex decision-making logic. “Autonomous malware operates much like branch prediction technology, which is designed to guess which branch of a decision tree a transaction will take before it is executed. A branch predictor keeps track of whether or not a branch is taken, so when it encounters a conditional jump that it has seen before it makes a prediction so that over time the software becomes more efficient,” Manky said. Hong sees adversarial machine learning as an emerging field, where hackers try to reverse-engineer how software operations work. For example, they are finding new ways to get past spam filters, or they are finding ways to poison data specs so that the owner of the data starts training his machine learning systems on the bad data and the machine starts to make bad decisions.
BY CHRISTINA CARDOZA
But, it is important to keep in mind that artificial intelligence systems are still created with humans in the loop. Not many systems are completely automated because the side effects to this are still unknown, according to Hong. “In the future, AI in cybersecurity will constantly adapt to the growing attack [surface]. Today, we are connecting the dots, sharing data, and applying that data to systems. However, we are the ones telling the machines what to do. In the future, a mature AI system could be capable of making decisions on its own,” said Manky. “Humans are making these complex decisions, which require intelligent correlation through human intelligence. In the future, more complex decisions could be taken on via AI. What is not attainable is full automation. That is, passing 100% control to the machines to make all decisions at any time. Humans and machines must co-exist.” While there is a fear that AI can do more harm than good one day, Hong says that is way far out in the future, and not something the industry needs to worry about right now. “There are bigger things that security professionals need to worry about. These AI techniques only work with very sophisticated and narrow context. Once you go outside of that, they just won’t work that well anymore. Imagine the AI is playing a game of chess and then you change the game to checkers; it is just not going to work as well,” Hong said. Instead, Hong believes organizations should worry about security issues such as data breaches, weak passwords, misconfigurations, and phishing attacks. “I would say focus on a lot more of these really basic types of security problems, and don’t worry about the really sophisticated ones yet. They will come eventually, but we will have lots of times to adapt and invest in these systems as well,” he said. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 11
SDT02 page 12_Layout 1 7/21/17 2:24 PM Page 12
12
SD Times
August 2017
www.sdtimes.com
The coming impact of GDPR on digital businesses BY FRANK OHLHORST
Time is quickly running out for businesses not prepared for May 2018 introduction of the European Union’s General Data Protection Regulation (GDPR), which has the potential to impact any business that interacts with customers that are members of the EU. Preparing for compliance means that CISOs (or other IT professionals) will have to act quickly to prevent their businesses from racking up large fines, which www.eugdr.org states as “organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
Where to begin One of the first steps taken on that path to GDPR compliance is to determine if the regulations will impact your operation. That means, you must have a complete understanding of the term personal data, which lies at the heart of the GDPR. According to the European Commission, “Personal data is any information relating to an individual, whether it relates to his or her private,
professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” With that understanding of what personal data is, it becomes readily apparent that If you create, process, store, or transmit data about an EU resident, your operation will fall under the auspices of GDPR. In fact, research firm PWC states that 92% of US businesses list GDPR as a priority because they are working internationally or have EU students that visit. More simply put, countless healthcare consortiums, financial institutions, and retail businesses are among the organizations that conduct business globally or store EU citizen data in their IT systems. More simply put, compliance officers may need to ask: • Do we collect or manage data about EU citizens? • Do we offer products or services to EU citizens?
Recommendations for compliance O’Neill recommends that businesses, at a minimum, should execute the following for all digital properties, including websites (desktop & mobile) and mobile apps: Communicate privacy policy: l Write a clear privacy policy explaining use of third-party code and data collection activity l Post policy banner on homepage l Deliver internal training Provide easy-to-use opt in/ opt out mechanism: l Explain need for tracking and how cookies drive digital operations l Share links to individual privacy policies of all in-scope vendors on your site
l Allow
individuals to explicitly agree and/or refuse tracking Understand how website/ app-generated data is acquired, used and stored l Identify data: Registration, Cookies, IP address, device ID l Assess the legal basis to collect data and determine if consent is necessary, e.g., Personally Identifiable Information (PII) vs. transaction functionality, etc. l Evaluate need for a specific policy regarding data of minor activity (16 years old in GDPR; under 13 years old in U.K. and U.S.) Support data portability: l Provide mechanism to easily satisfy a
Build a comprehensive GDPR plan The European Union’s (EU) General Data Protection Regulation (GDPR) creates additional security and privacy obligations for organizations to comply with. All organizations, including those outside of the EU that hold data on European citizens, need to review their obligations under GDPR. The eSentire GDPR workbook details the framework requirements, enabling you to map your current approach and gain an understanding of your areas of risk.
Download the workbook at www.esentire.com
With this workbook, you will: • Understand the key requirements of GDPR; • Determine how GDPR applies to your company; • Map your current approach to GDPR and evaluate your areas of risk. Source: eSentire
• Are any of our employees EU citizens? • Do we accept job applications from EU citizens? If the answer to any of those queries is yes, then GDPR compliance is a must. z data subject’s request for personal data in a commonly used format. Incorporate website intrusion to data breach reporting process: l The GDPR mandate for websites has been clearly laid out. l InfoSec must work with internal risk and compliance professionals to ensure all data elements are documented, assessed and controlled. While the above is only a brief outline of what must be done, IT professionals should clearly see that a plan is needed to meet the needs of GDPR and that plan must include several stakeholders, ranging from those who create code to those that manage data to those that execute on that data. —Frank Ohlhorst
SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 13
SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 14
SDT02 page 15_Layout 1 7/20/17 3:24 PM Page 15
www.sdtimes.com
August 2017
SD Times
INDUSTRY SPOTLIGHT: INTERNET OF THINGS
Red Hat reduces IoT tradeoffs BY LISA MORGAN
Organizations rolling out the IoT usually aren’t prepared for the additional complexity. With the IoT, data volumes grow exponentially, infrastructure management gets more complicated and the security vulnerabilities increase disproportionately. Nevertheless, IT departments are expected to handle all these changes competently without proportional increases in budget or other resources. With Red Hat’s expert assistance, IT and software organizations can manage IoT adoption with greater ease, so they can spend more time delivering value and less time recovering from common pitfalls that could have been avoided. “Enterprises sometimes manage enterprise systems one way and IoT another,” said Ishu Verma, IoT technology evangelist at Red Hat. “If you’re approaching those things differently, you’re not managing the data, security or your resources as well as you could.”
Get IoT data under control In today’s data-intensive business environments, some organizations want to save all data because storage is cheap and they don’t want to discard something that may be valuable. IoT devices generate a lot of redundant data, however. In most cases, status changes and other outliers are more valuable than 10,000 pieces of static, repetitive data because the behavior outside the normal signals the need for action. Using a smart algorithm like sliding window, most of this sensor data can be summarized into a more manageable size. “As more things get instrumented and you gather more data, you may find that the volume of data is growing faster than you can manage it, so you want to make intelligent decisions about data velocity at the edge,” said Verma. Content provided by SD Times and
IoT gateways monitor streaming IoT data and then make intelligent decisions about what data the enterprise should receive. That way, an organization can monitor all the data while incurring the costs of storing only the most meaningful data. By reducing the amount of data to be analyzed, decisions can be made in near real time, a key requirement for critical equipment.
“Each of the layers has to be implemented correctly.” The low-end devices and sensors present the biggest security risks as demonstrated by recent exploits including the Mirai botnet. These networkcapable devices lack the security implementation of a typical enterprise system. From design point of view, low sensor costs may not justify the inclu-
‘It’s important to secure the end devices, but you also have to ensure that the gateway is secure. People miss that.’ —Ishu Verma
IoT gateways can be designed and implemented as hardware components or virtualized. Linux containers provide an elegant solution to manage IoT data because they can be provisioned automatically to scale as the volume of data requires. Containers also provide security capabilities to segregate critical and non-critical data and devices.
Keep IoT data secure Hackers increasingly target industrial equipment because the security of the devices has not been addressed adequately. In many cases, the root cause of the vulnerabilities is the failure to patch or otherwise update the operating system. By the time the vulnerability has been identified, important systems have been compromised via a lateral or denial of service attack. “Security is a complex problem. You need a multi-layered approach that includes physically securing the systems, pre-boot authentication and an operating system with security capabilities like SELinux to limit access to system resources and data, and data security at rest and transit,” said Verma.
sion and maintenance of an operating system. An IoT gateway can provide a firewall to protect the low-end devices and sensors so they can’t be accessed directly from the internet. “It’s important to secure the end devices, but you also have to ensure that the gateway is secure. People miss that,” said Verma. “An API management system should be part of your security stack.”
Rationalize IT and IoT Resource constraints tend to worsen as the technology stack becomes more complex, but getting proportionate funding and resources is out of the question. By aligning enterprise and IoT efforts, businesses can better leverage the resources they have and be more productive using modern DevOps techniques. “IoT adoption hits a wall when you lack the skills you need,” said Verma. “We recommend using an open-source solution built from cloud to the edge using the same tools and processes for both IT and IoT.” Learn more at www.redhat.com. z
15
SDT02 page 16_Layout 1 7/21/17 3:47 PM Page 16
16
SD Times
August 2017
www.sdtimes.com
With GitLab’s Auto DevOps vision, it will create a project automatically, and without any further action, start a CI/CD pipeline.
From SCM to CI: How GitLab plans on automating DevOps for its users BY MADISON MOORE
GitLab is transforming its offerings of version control and continuous integration with a new integrated and automatic DevOps experience: Auto DevOps. Auto DevOps, a concept that was designed to help developers deliver ideas to production faster, is GitLab’s new collection of features for building, testing and deploying applications, as well as features for review apps and setting up code quality. These features are critical to DevOps, according to Mark Pundsack, head of product at GitLab, and while they exist at some level within GitLab already, the idea is to “level them up” and have the components enabled automatically with no configuration from developers, he said. “We realize auto has some ambiguity, since much of DevOps is about automation,” said Pundsack. “What we really mean [by Auto DevOps] is it is just automatically enabled so you don't have to configure anything. It’s a zeroclick installation or configuration idea.” Auto DevOps features, to be available through GitLab’s platform, will include Auto Create, Auto Build, Auto
CI, Auto Deploy, Auto Code Quality, and Auto Review Apps. GitLab’s Auto Deploy feature has already been shipped, and Code Quality was released in GitLab 9.3, but not for an auto version, said Pundsack. GitLab has a CI feature but it’s not automated yet. The significant difference with Auto CI is GitLab will be able to detect what language the developer is using and it will run tests for that specific language. This way, a developer doesn’t have to configure anything, said Pundsack. Auto DevOps takes away the hassle of getting started with DevOps, said Pundsack. There are a series of steps developers need to take when configuring their continuous integration pipeline, for instance, and they need to understand how to run tests in an automatic way, how to set up various parts
of their configuration, and how to optimize the flow once it is set up, he said. “Knowing how to do that becomes a learning curve that everyone needs to step through,” said Pundsack. “Automating your deployment once you have continuous integration, that’s great, but now you need to deliver and automate that process and make it repeatable.” Developers will be able to access Auto DevOps features on GitLab’s site. The core functionality for Auto DevOps will be available for GitLab’s free tier version, so developers can push their code and it will automatically go to test, deploy, and everything will configure automatically, said Pundsack. Specific features will be available at the higher level tiers, and certain visualizations and functionality will not be available at the free tier level. z
In addition to Auto Build and Auto CI, GitLab will run Auto code quality to make sure you are not introducing bad code practices in the merge request.
SDT02 Full Page Ads_Layout 1 7/21/17 1:28 PM Page 17
SDT02 page 18-DR_Layout 1 7/20/17 3:32 PM Page 18
18
SD Times
August 2017
www.sdtimes.com
Avoid these mistakes when transitioning to an XaaS model BY MADISON MOORE
Through cloud adoption, many companies are realizing the benefits of adopting Anything-as-a-Service (XaaS). There are real cost benefits to XaaS, but software experts notice enterprises are running into the same challenges and making mistakes when trying to adopt these models. For these companies, it’s their management practices, their culture, and how they think about design and development that ultimately keep them from bringing services to market. Many companies are just now beginning the process of becoming service providers, according to a survey from Accenture. This report found that 68 percent of organizations wouldn’t be prepared to deliver their core processes-as-a-service until 2020, which ultimately means companies are entering the early phases of planning for XaaS. Companies are also beginning to look into adopting XaaS models because the market is demanding it, said Patric Palm, CEO and co-founder of Hansoft, which provides agile tools and the Favro collaboration software. According to Palm, the market is demanding it because customers want to pay only for what they use and they want to derive value immediately. In order to be successful when adopting XaaS, companies need to be adaptable and agile, said Palm. This goes for all parts of the organization, down to the developers and the up to the business leaders. This is where Palm sees companies making mistakes. Enterprises need to not only change their business model to become flexible and agile, but they also need to continue to develop a product or service so that in each release, it’s delivering something valuable to the customer.
Another mistake he highlights is when companies move to an XaaS model and change to a subscription plan for their customers, marketing continues to drive monolithic campaigns. “They are paying for the service continuously so you need to build a relationship,” said Palm. “Product management might be more agile, but marketing is staying in their old tracks.” Another challenge is simply that sometimes, “management doesn’t get it,” said Palm. “It’s common for big companies to not get it, they make long-term plans, they don’t think about consequences for the whole business,” said Palm. The three repeating challenges Chris Shinkle, director of innovation at Software Engineering Professionals, has noticed stem from culture, design/devel-
Customers can become annoyed when their service doesn’t deliver value opment and operations. He said that a lot of companies think that XaaS is going to change everything, but they fail to realize they need to change the way they think and approach this model. The companies that want to truly take advantage of XaaS models and its benefit need to change their mindsets, and this includes developers and even management, who need to change the way they think about budgeting and scheduling work. All of this impacts how teams go about developing products and shipping software, he said. In some large companies, Shinkle
notices that all their teams, their customer support, and their marketing teams are all disconnected from the rest of the business. For Software-as-a-Service products, for instance, these teams need to be much more integrated and overlap. When moving to an XaaS, taking care of the customers and providing a great experience is most important, said Shinkle. “In a traditional model, where I might be selling large applications [and] spending hundreds of thousands of dollars on software, that’s very much different from a service model, which is more subscription-based,” said Shinkle. “If I’m not delivering great service, they’re going to leave.” Additionally, customer support plays a huge role in both sales and XaaS models. If there isn’t a great customer support system in place, and the company is not helping customers realize the value they get from the product, then they aren’t going to renew their subscription when it comes time to sign up, said Shinkle. “Culturally, you need to think about how that organization operates and [working] closer together is key,” said Shinkle. “Organizations think SaaS is just a technology change and it’s just software moving from a hard drive to the web or cloud, and they don’t think about managing projects, and what sort of metrics or KPIs are important.” This is really where companies fall short and struggle, said Shinkle. Often times, the technical challenges of XaaS are not the most difficult parts to solve; it’s the people working to sell products to consumers that is a challenge. He recommends companies think about these cultural changes internally and recognize that if they get closer to their customers, they can learn from them and better provide a service or product. “If [this] is overlooked, you are setting yourself up for failure,” said Shinkle. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:28 PM Page 19
SDT02 Full Page Ads_Layout 1 7/21/17 1:57 PM Page 20
SDT02 page 21_Layout 1 7/21/17 3:20 PM Page 21
www.sdtimes.com
August 2017
SD Times
DEVOPS WATCH
WhiteHat Security: Improving app security with DevSecOps BY MADISON MOORE
Does the DevSecOps approach make a difference when it comes to improving application security? According to this year’s 12th annual WhiteHat Security “Application Security Statistics Report,” it certainly does. This year’s WhiteHat report includes a case study that details a large health organization’s successful implementation of a DevSecOps approach. According to the study, critical vulnerabilities in applications were resolved in a fraction of the time it takes teams without a DevOps or DevSecOps approach. Part of the organization’s DevSecOps solution included training teams on secure coding techniques, dubbing trained employees “Security Heroes,” so they could foster positive collaboration and correct developer mistakes. “[The organization] created a sustainable infrastructure for software development teams to be not only successful, but self-sufficient,” reads the study. “The cybersecurity team understands its role is to provide value, advice and expertise acting as change agents and thought leaders in application security. In the process, it has proven to be a true center of excellence for application security.” The organization highlighted in WhiteHat’s case study identified key cultural and technological differences and motivators across its security and development teams, and later implemented an application security program that “bridged these differences, fostering collaboration and a shared commitment to application security,” writes Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security.
Major findings on AppSec statistics In addition to the case study, this year’s report comprises analysis of dynamic test-
ing (DAST) results, static testing (SAST) results, and DAST/SAST applied in combination, along with mobile app security data provided by WhiteHat Security partner, NowSecure. NowSecure provided data from the report’s mobile section, which examines the top security issues and vulnerabilities by mobile application category for the Android and iOS platforms. Some statistics from the report show the application security posture of the average organization has improved, but only marginally. According to the report, in 2015, the web applications analyzed had an average of four vulnerabilities. This number dropped to three in 2016. While there is some improvement, almost half of all applications remain vulnerable on every single day of the year. WhiteHat found that most organizations are not able to resolve all of the vulnerabilities found in their apps. In the Utilities, Education, Accommodations, Retail, and Manufacturing sectors, approximately 60 percent of applications are “always vulnerable,” according to WhiteHat. These vulnerabilities are easier to fix if teams use both SAST and DAST testing, which WhiteHat found to be essential for application security program effectiveness. This year’s report found that many organizations are still not employing both testing techniques. While there are still too many vulnerabilities left in applications, there are two things that O’Leary said gives WhiteHat security “hope” for the future of AppSec. For instance, the fact that application security did improve by 25% is an overall sign that many organizations are starting to mature, even if it is at a slow pace. And as their case study indicates, DevSecOps isn’t just another buzzword; it’s offering some “light at the end of the tunnel” for applications security teams and development teams, too. z
In other DevOps news… n Atlassian is giving teams new ways to break down silos and accelerate their DevOps adoption with the announcement of the Atlassian Stack and DevOps Marketplace. These new solutions are designed to help customers consolidate their solutions and add new ones to their DevOps lifecycle. The Atlassian Stack is designed to connect teams and provide an instance of each of the company’s Data Center and Server products. The new marketplace gives developers more than 200 add-ons and integrations to custom-fit Atlassian into workflows. n JFrog announced the acquisition of CloudMunch, a universal DevOps intelligence platform. With CloudMunch, the company hopes to expand its own DevOps product offering for developers. CloudMunch is known for its fullstack intelligence solution, and ability to integrate with key systems such as JIRA, GitHub, Bitbucket, Jenkins, Kubernetes and JFrog Artifactory. In addition, CloudMunch’s product provides end-to-end visibility across tools, offers insight through dashboards, provides recommendations for further actions, and enables automated tasks. n LogiGear released new continuous delivery findings as part of its software industry survey designed to assess the state of software testing. This was the second survey in a four-part series, and focused on DevOps. According to the survey, the most known pain points of transitioning to DevOps involve getting groups that don’t work together naturally to have the same goals, financial commitments, planning, training and cultural change.
21
NOM2017AD.qxp_Layout 1 7/26/17 12:25 PM Page 1
Subscribe to SD Times News on Monday to get the latest news, news analysis and commentary delivered to your inbox.
• Reports on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data • Insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more • The latest news from the software providers, industry consortia, open source projects and research institutions
Subscribe today to keep up with everything happening in the software development industry.
CLICK HERE TO SUBSCRIBE
Visual Studio Dev Essentials_SD TIMES_05.pdf 1 7/13/2017 8:09:07 PM
C
M
Y
CM
MY
CY
CMY
K
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:35 PM Page 22
22
SD Times
August 2017
www.sdtimes.com
What you want, when you Key trends in modern UX
Inclusive, sound and predictive design techniques are top t class of designer/developers realize the strategic importance BY ALEXANDRA WEBER MORALES
T
he year was 1997. Steve Jobs fidgeted on a stool in front of the World Wide Developer Conference, chatting with the audience: “You’ve got to start with the customer experience and work backwards to the technology. You can’t start with the technology and try to figure where you’re going to sell it. I’ve made this mistake probably more than anybody else in this room — and I’ve got the scar tissue to prove it.”
Jobs was deftly answering a man who had just accused him of abandoning a pet technology. The Apple founder went on to explain that his company’s mission was to discover “What incredible benefits can we give to the customer? Where can we take the customer? Not, ‘Let’s sit down with the engineers and figure out what awesome technology we have and then how we’re going to market that.’ And I think that’s the right path to take.” As it happens, 1997 was also the year
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 23
www.sdtimes.com
want it. design
themes as the new of user experience Jony Ive became Apple’s senior vice president of industrial design. He went on to determine the curves, gloss and heft of the iMac, iPhone, iPad and more. Two years ago, the San Francisco-based Ive became Apple’s chief design officer — a role that exemplifies how strategic user experience has become in the technology world.
Inclusive design is strategic design Unveiling his third annual “Design in Tech Report” in a March 12, 2017, talk,
Silicon Valley design guru John Maeda noted that design is now a top priority for venture capitalists, consultancies and even stuffy enterprise software giants: “IBM design has been probably the largest corporate effort to amass design energy. […] Google is cool. Who would have thought? The perception on Google [has] definitely shifted.” Google has indeed changed its tune. Google Design has created “a visual language for our users that synthesizes the classic principles of good design with the innovation and possibility of technology and science,” according to the spec at Material.io. The Material tools and components help developers build mobileready cross-platform experiences that have touch, voice, mouse, and keyboard as first-class input methods. In Maeda’s formulation, “computational design” is a discipline that melds artistry, business, engineering — and inclusion. “In my official title at Automattic, I’m the global head of computational design and inclusion. People ask me, ‘Why do you have the word ‘inclusion’ in your title?’ It’s because I believe that design and inclusion are inseparable,” he said. Creativity is intrinsic to inclusion, according to Maeda, but that energy is lost when inclusion is relegated to a human resources process rather than seen as fueling beautiful user experiences. Inclusiveness is a common theme for Google as well. Reaching “the next billion users” was a mantra at the Google I/O conference in May 2017. Google speakers noted that many of these future customers are now or will be disabled: one in five people will have a disability of some sort in their lifetime. “This isn’t just for users with a disability or an accessibility need. I want to get across that this helps all users,” said Patrick Clary, a product manager on accessibility at Google who himself uses a wheelchair, in his Google I/O ‘17 talk, “What’s New in Android Accessibility.” Why should accessibility interest app developers? Blind or low-vision products can help those who have their eyes otherwise occupied, such as drivers, he said. Designing for those with
August 2017
SD Times
motor impairment helps others who can’t use their touch screen because it’s inconvenient or dangerous. “It’s really about designing for the widest possible range of abilities within the widest possible range of situations,” Clary said. Android accessibility settings, APIs and long-running services are nifty developer tools for changing how users consume or interact with devices. For blind users, services include TalkBack and BrailleBack (which can activate a refreshable braille display), while Switch Access and Voice Access are targeted to those with motor impairment such as a tremor. Meanwhile, Apple’s design aesthetic continues to revolve around user experience. At the 2017 WWDC, the company reminded attendees to develop not for “users”, but for humans. It turns out this is a longstanding tenet for the company: Apple’s evolving Human Interface Guidelines actually date back to 1987, which was also the year the Macintosh II personal computer was launched. At this year’s WWDC, the company maintained a forward view with its emphasis on humanity — and not just what humans see and do, but what they hear.
Sound: the next frontier In 2003, Web usability expert Jakob Nielsen wrote, “Visual interfaces are inherently superior to auditory interfaces for many tasks. The Star Trek fantasy of speaking to your computer is not the most fruitful path to usable systems.” He was wrong. With Siri, the first commercially viable personal assistant, the 1970s futurama had come to fruition. By 2020, Gartner predicts that nearly a third of all web browsing will be done without a screen and 85% of customer interactions will be managed by bots. ComScore predicts that half of all searches will be via voice. Sound: the next frontier. According to Apple sound designer Hugo Verweij, sound can transform user experience, but too often, app developers miss the opportunity to compose custom audio notifications to distinguish their apps from others. In a continued on page 26 >
23
SDT02 Full Page Ads_Layout 1 7/21/17 1:30 PM Page 24
User Experience Isn’t Everything – It’s the Only Thing.
That’s our motto. It’s also the key to building apps that people love to use. Apps that are delivered to market faster, perform better, informed by data, and work seamlessly across multiple platforms. We can help you achieve digital transformation and deliver next-generation, high-performance apps with our integrated tools that help you build it, monitor it, and continuously improve it. Welcome to Applandia. Where things don’t crash, defects get eliminated, batteries don’t drain – and user experience is king. Visit saas.hpe.com/marketing/digital-user-experience
SDT02 page 25_Layout 1 7/20/17 3:33 PM Page 25
www.sdtimes.com
August 2017
SD Times
INDUSTRY SPOTLIGHT: USER EXPERIENCE
Delivering a flawless application The right metrics can lead to great user experiences BY MADISON MOORE
Creating a flawless application that pleases all customers is much more complicated than traditional software, said Antoine Aymer, a mobile technologist at HPE. This is because the concept of user experience (UX) goes beyond a clean user interface and design. Organizations need to address expectations of the user, like how usable is the application and is it fast enough. Companies should define a set of UX metrics that reveal something about the interaction, like some aspect of effectiveness, crash rate, conversion and abandonment rate, as well as time and taps to completion. Delivering a great UX also means measuring the main aspects of a user experience. According to Aymer, the main aspects of UX include: functionality, suitability, performance efficiency, availability, security, usability, and portability. Aymer said there are a set of discovery questions that companies can answer when they are trying to develop an application that hits all the main aspects of UX. For instance, “How do you make sure your app performs as expected,” and “how do you make sure your app is available and reliable,” are both questions companies should consider if they want to measure the user experience.
Poor UX directly affects the business How do you make sure your app performs as expected? According to HPE’s research, this is a question companies must ask, since speed and latency matter tremendously. According to a calculation from AmaContent provided by SD Times and
zon, a one-second delay in load time of a website could result in $1.6 billion in lost sales annually for the company. This example, according to Aymer, is linked to performance efficiency, and for applications that fail to address this, it’s more than possible that their users will not return. In a 2016 “DevOps, APM, and Digital User Experience” report from HPE, problematic applications immediately create a poor user experience. 80% of those surveyed stated they would
‘If you want to understand users, then have a look at existing data.’ —Antoine Aymer
only attempt to use an application with issues three times or fewer. And, 15% would only retry an application once, while 6% said they wouldn’t give the application a second chance. After reviewing how respondents would react to a problematic application, HPE determined that in order to deliver an excellent user experience, organizations need to measure the app’s ability to deliver value and its capability to meet user’s expectations. Aymer said that HPE has done additional research about users not returning to an application that crashes, and from this, he said that companies can categorize users into two groups. The first group of mobile users is what is called the “silent majority,” or people who remove or delete the application and have a bad memory of the brand or company. Then there is the “vocal majority,” who are the users that take to the app store to “destroy the reputation” of the application with bad rat-
ings. Even the silent majority can go onto the app store and give a poor app a one- or two-star rating, which not only stops other people from downloading the app, but it also decreases the company’s rating on the app store. “Your ranking will depend on your rating, but your rating depends on the quality of the app, and the quality of your application depends on how you define UX and how successful you’ve been in achieving your UX metrics,” said Aymer. It also benefits a company to do a sentiment analysis so they can see what their users think about their application. Companies can consider analytics tools that gives businesses insight into what is happening around the app. That includes ranking, rating, interactions, downloads — everything that companies want to understand about their users comes from existing data and analytics. “If you want to understand users, then have a look at existing data,” said Aymer. Mobile teams can also consider the in-app analytics from HPE’s AppPulse Mobile, which takes a piece of code and injects it into an app or wraps around an app so it can capture the user’s experience from the app level, he said. Mobile teams can receive actionable data to prioritize issues impacting users the most. “I’ve come to realize UX is actually a full-blown experience that someone has when using a product, so UX needs to be something that is measured,” said Aymer. “Not a lot of customers have implemented core UX metrics to measure the success of their apps. [What they should do] is redefine the terms of user experience, define key metrics to measure the user experience, define the UX and define the attributes of UX, and have key metrics on each one of these attributes.” z
25
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 26
26
SD Times
August 2017
www.sdtimes.com
< continued from page 23
compelling talk at WWDC 2017, Verweij offered important guidelines for using sound: “Will my app send frequent notifications? Can sound play a role in my app’s branding? Can the UI benefit from an audible component? How would I understand my app without a GUI?” “Don’t overdo it — silence is golden,” he said, displaying a hilarious cautionary example of the iOS maps app overdone with silly sound effects, as if the comedian Victor Borge, of the famous “Phonetic Punctuation” routines, had commissioned it. “If you’re making a game, it makes sense to make a whole world of sound, but we don’t want every app to sound like a game,” he said, noting the importance of always giving users the option to mute apps as well. When it comes to sound, details matter. It can be a tricky game of trial and error to synchronize sound to haptics or animation — and getting it wrong can create illusions such as making buttons feel sluggish, or awkwardness when sound isn’t synchronized to video. When it comes to editing, while it’s advisable to work with an expert sound designer or sound engineer, simple tools such as Garage Band can make a huge improvement, Verweij advised.
Knoa’s Error Analysis Dashboard simplifies error tracking during UI projects, throughout the design-build-deploy lifecycle, enabling development and QA teams to quickly identify emerging issues, pinpoint where they occur, and confirm their resolution once fixes have been deployed.
Getting back to the Star Trek scenario, a plethora of machine learning APIs from Google (Cloud Speech API, Cloud Natural Language API), IBM (Watson Conversation), Oracle (Chatbots) and more make it easier than ever to harness voice interfaces for new apps. As it happens, that same combination of artificial intelligence and big data that’s powering machine transla-
Design Education: Learn more Resources and educational programs for technology designer/developers If you want to learn design, there are a growing variety of options, starting with the written word. In Make it New: The History of Silicon Valley Design (MIT Press, 2015) Barry Katz spotlights how influential design has been since tech’s early days. John Maeda’s annual “Design in Tech” report, now in its third year, provides an invaluable snapshot of industry trends. Online resources for insights, education and training include free and paid blogs and courses at MIT Media Lab, Design.blog, Wizeline, Lynda.com, Youtube and Pluralsight. There are also brick-and-mortar schools: You can get an MFA in interaction design from New York City’s School of Visual Arts, attend the Center Centre (formerly the Unicorn Institute) in downtown Chattanooga, TN, for its two-year user experience design program, or get a BFA in UX from SCAD (Savannah College of Art and Design, in Savannah, GA). Finally, around the world, three Hasso Plattner Institutes of Design Thinking have sprung up thanks to SAP founder Plattner’s philanthropy. These “d-schools” are sited at Stanford University, Potsdam University and the University of Cape Town. —Alexandra Weber Morales
tion and speech also holds the promise for predictive user experience.
Predictive UX with AI and analytics One thing the design-focused Jobs might not have foreseen is how much user data we would be accumulating in 2017 — and how rapidly we are learning to put it to good use. User experience is no exception. “In the UX world, AI and automation is transforming the role of the designer. Traditionally, UX teams would turn to metrics and tools such as usability tests, usage data and heat maps, to understand how to improve the functionality and effectiveness of a system. However, in the age of AI, we now have empirical, actionable data that we’ve never been privy to before, giving us greater granularity into optimizing the user experience,” said Rephael Sweary, cofounder of the San Francisco-based digital adoption platform WalkMe. According to Sweary, AI helps conduct quantitative usability testing, easily extrapolating characteristics such as: • Location, job title, device • Time of day and length of session • User flow and drop rates within the application • Behavior analysis based on screen
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 27
www.sdtimes.com
recordings of drops from user flows • Total number of users, unique visitors and sessions “What we do with AI is optimize adoption. We define a goal for the AI algorithm, like ‘increase users who use feature X.’ We run our AI algorithm across our entire data set and look for people who use this feature. Then we predict adoption based on the people who use this feature. For example, people who use the app more than three times at work uploading two or more photos are most likely to use the ‘share’ feature,” said Kobi Stok, director of mobile product and technology at WalkMe. The company calls the ideal time to make a request or introduce a feature the “happy moment” for user engagement. User experience metrics can also improve onboarding and training. “Typically, training is done with a firehose approach. You take a group of users away from a productive line of work, you train them for a few days and then you send them back. Wouldn’t it be nice to tailor training to only issues they have been experiencing while using the software?” asked Bogdan Nica, vice president of product and services for Knoa Software in New York City. Knoa Software specializes in SAP application performance management. Now, as SAP is consolidating around a user interface revamp called Fiori, Knoa’s UX metrics can help ease the migration and identify “adoption gaps”. “A main pain point that SAP users have had is that there are so many different UI standards,” Nica said. “A major migration takes a year. It makes sense to start collecting data before the migration to establish a baseline. You continue collecting during the migration. Then, when it’s completed, you take a look at metrics at the end of project so you can do a before-and-after analysis, but also to make sure it’s fully adopted — to identify adoption gaps, because there’s always something that goes wrong. Maybe everything works from technical point of view, but business processes are out of whack.” Enterprise software design is being forced to improve user experience as it
August 2017
SD Times
Michael Hoffer’s VRL-Studio is an intuitive visual IDE for rapid prototyping, learning, teaching and experimentation. It can be used for 3D printing, visual workflow management or as a framework for automatic GUI generation, among other things.
competes with consumer apps for employee attention, Nica notes. “There are different expectations of what good software looks like now. You can no longer force customers to use business software that looks like it was designed in the 80s or 90s,” Nica said. But what about apps that are too immersive? As design grows in importance, so does the obligation to use it responsibly. Thinking about designing user experience responsibly should join security and privacy as a first-class concern — and it has become a priority to limit, say, texting and driving through driving detection in mobile apps. Like security and the other “-ilities,” it may still get lost in the shuffle as developers strive for faster releases. Unless… Could a new class of hybrid UX/techie bring these issues to the fore?
The new designer/developers As a profession, design is embracing software development technology, Maeda believes. His surveys find more and
more hybrid designers who have coding skills in JavaScript, PHP, or Ruby on Rails. He emphasizes that computational design requires an ability to iterate based on UX metrics, understand algorithms and embrace cutting-edge form factors such as self-driving cars and other connected devices. And some hybrid designer/developers, like Michael Hoffer, started on the developer side. He’s a research scientist at Goethe University in Frankfurt, Germany, who created VRL Studio, a slick visual programming environment for Java. “There are many powerful textual programming languages out there that already have a diverse and comprehensive ecosystem around them. Building a new visual programming language is challenging, at least if it is supposed to serve as a replacement for general purpose programming languages. For me, it is very important to provide visual programming environments that do not continued on page 29 >
27
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:37 PM Page 28
28
SD Times
August 2017
www.sdtimes.com
Failing Fast is Fatal 6 steps to usable product design that save time and money BY KATHRYN CAMPBELL
Whatever became of that mantra encouraging software companies to “Fail Fast” or “Fall Forward”? Most companies that followed a deliberate plan to release half-baked product fulfilled their destiny — they failed! “I’ve learned the “fail often” approach is unlikely to improve an organization. I learned this because I failed often when trying it.” — Jared M. Spool, Founder of User Interface Engineering
Don’t plan to fail, plan to succeed! Failure is expensive. It costs millions in investment, reputation, confidence, and market opportunity. With any new product or solution, the cards are already stacked against user adoption. That is why we urge our clients to invest the necessary time and resources on a plan geared for success. Don’t be tempted to charge ahead under the false belief that failing fast — and then pivoting on a dime — is a reasonable strategy. In doing so, you ignore simple, practical ways to minimize risk. My team has spent years tackling complex software design projects. Experience has taught us that there are no viable shortcuts in product development. The reckless approach wastes a lot more money and time than following a proven recipe for success — one that will allow you to work smarter without needlessly extending your launch timeline. I have experienced, over and over, how following 6 key steps can save you a lot of needless pain, mitigate risk, and help ensure product success:
1
Are you solving a problem that matters?
Can everyone on your team articulate the problem your product solves in the same one or two sentences? If not, it could be that you haven’t identified your product’s true reason for being. Successful products do more than make things easier for the customer — they solve a fundamental problem no one else addressed. Don’t design lookalike products. And don’t spend all your time and energy tackling easy problems. Create something meaningful that meets a real, possibly neglected, customer need. Speaking of customers, I can’t stress enough (I’m shouting from the rooftops here), how essential early user validation is, especially if you are in the angel funding stage. Do your market research. Spend the time (even a little time!) to figure out Kathryn Campbell, partner, Primitive Spark, founder of the User Experience Professionals Association of Los Angeles.
if there’s actually demand for your product. Guerrilla research methods such as quick surveys, focus groups and in situ research take only a couple of weeks and a few thousand bucks. Whatever you learn will either help prove your concept’s value or give you the chance to pivot before investing time, money, and energy building a product that nobody wants. Pivoting isn’t something you do in reaction to full-on failure. If you’ve done your due diligence, then the only reason to pivot is a change in your market.
2
Trust the Process
My staff tells me I sound like Nick Saban, University of Alabama football coach, who attributes his four national championships in the past eight years to “The Process,” a philosophy that vehemently emphasizes preparation. I’m on board with that! Once you’ve got a solid product concept, design and refine a prototype. But don’t build yet! You have valuable things to learn during the entire product development process — throughout the stages of defining, designing, prototyping, testing and building. You won’t save time or money if you jump straight into the build phase. You can compress stages, but you can’t skip or re-arrange them. If you do, you’ll pay a steep price later in the form of rework, missed deadlines, and wasted resources. It’s almost always more expensive and time consuming to develop a “quick and cheap” product. “Shortcuts make long delays.” — J.R.R. Tolkien, Pippin, The Fellowship of the Ring
3
Build the right team — in the right order
If you were building your dream house, you’d develop blueprints prior to breaking ground, right? Successful product design needs the same strategy. Most companies hire developers, then product engineers, then a UX team. That’s backwards. Don’t waste money building an unsound product concept, no matter how cheap your dev team is! Take time with proven professionals to flesh out and design a worthwhile product first. That requires people who understand user experience and product design, not programmers. Then validate your concept with a prototype, refine, then build. By waiting to staff a development team until you actually have a worthwhile product to build you will save money and avoid the urge to “feed the beast” — that crazy instinct to have your developers do something, anything, because you can’t stand paying them to just sit around! Remember, it costs at least 20x more to fix or redesign a product feature after it’s been built than to get it right during the concepting and design phase.
SDT02 page 22,23,26-29_Layout 1 7/20/17 3:37 PM Page 29
www.sdtimes.com
4
Say it with me: It’s ALL about the user — Richard Branson, founder of Virgin Group
Forget about being first
Don’t fear the competition’s speed to market. The traditional belief that having the “first mover advantage” will make you a new market winner is totally false. Want proof? Apple Maps. Crystal Pepsi. Sony Betamax. Steve Blank of Business Insider maintains that originators tend to launch without understanding customer problems or without the necessary product features to solve the problems. “‘Does it better’ will always beat ‘Did it first.’” — Aaron Levie, CEO of Box
Companies with innovative products or services often target Innovators or Early Adopters only. That allows other companies to enter later and grab majority market share from the Early Majority and Late Majority. My point: once you have validated your product concept with some basic market research and user testing, stick to your vision and stay the course. Resist “shiny objects” such as replicating the new feature your competitor releases. Resist going to market before the product delivers any meaningful value. These clichés are true: 1) Better usually wins over first; and 2) You only get one opportunity to make a first impression.
6
SD Times
< continued from page 27
“When your business physically interacts with people in a way that can have a profound impact on their life, quality beats pace, every time.”
Agile product development often forgets the customer. It’s shocking how many companies are completely divorced from their end users. What’s the solution? Iterative usability testing. Very few startups leverage usability testing because they worry they’ll discover they’re on the wrong track, which will slow them down! Never turn a blind eye when it comes to your product. Course correct ASAP! The single largest risk to a fledgling product or service is lack of user adoption. Usability testing minimizes that risk quickly and inexpensively. Validate your ideas with users every step of the way to guarantee you’re not straying from what they find useful and desirable. Never assume you know what’s best for your user. I’ve conducted usability tests on countless product prototypes over the years. I always learn something unexpected. And remember to do usability testing the right way, meaning throughout the process, not at the end. Show early, cheap prototypes to realistic representative product users. Remember, you can discover 85% of your product’s usability problems by testing with just 5 users! That’s 1 - 2 days out of a sprint to correct the majority of user experience issues that might otherwise tank your product.
5
August 2017
Finish the job
Plan for support. This lesson may seem minor, but ignoring it can sink some beautiful ships. Your product’s learning curve will vary across different levels of user sophistication. Integrate simple help guides, tooltips, and/or FAQs, within your product. Lack of available user help can cripple a small organization. Your help documentation needn’t be exhaustive, but you should provide enough information to ensure successful product use. And use a real writer/content specialist, don’t leave this critical step to your developers! It would be a shame to let your investment falter just as you are within yards of the goal line. Before you celebrate launching your innovation, plan for success all the way through. A time-tested process will keep you sane and centered and thwart a fear-driven sense of urgency. As you develop digital products, commit to a sequenced set of activities and deliverables, and remember — Smart can still be fast! In fact, it’s the fastest route to success I know. If you have found these ideas and best practices helpful, or if you have thoughts about designing digital products, feel free to reach out. We’d love to hear you share your successes and failures. z
isolate developers from the ecosystem of existing languages and platforms. Therefore, I develop new interactive visual representations for existing textual programming languages,” said Hoffer. VRL is not only sleek and powerful, it’s easy on the eyes — and Hoffer has done this on purpose: “Aesthetic aspects play a huge role. Actually, they are important for textual programming languages as well. Even though outsiders do not usually understand the beauty of well-structured source code, developers who have to look at and work with that code all day long do certainly develop a taste for beautiful code.” The same applies for IDEs, Hoffer believes, and it can help developers find productive flow — and even reason more effectively about program structure: “Providing a good user experience for developers is highly important. Designing development environments, especially visual programming environments, that are aesthetically pleasing is very hard. Good user experience is correlated to finding the right abstractions. For general purpose development environments, this is especially hard because any simplification runs into the danger of limiting the possibilities of the IDE.” As software becomes ubiquitous, much of its arcana will be made accessible to the masses via more beautiful, inclusive and usable designs — a fact that has motivated SAP founder Hasso Plattner to fund prestigious design schools around the world. “Hasso Plattner is a very systems-oriented guy. He’s the architect behind the HANA in-memory database technology, but in a lot of the recent events that he’s had, he’s started to focus more and more on the UX side,” said Knoa Software’s Nica. “They realize no matter how powerful SAP is on database or server side, none of that matters if users can’t use it. That includes AI, moving to cloud — if that is not done with the ultimate objective of improving the user experience, none of that matters. It’s a validation that you cannot fail in software if you singlehandedly focus on the user. That’s your best course of action.” z
29
SDT02 page 30_WirelessDC Ad.qxd 7/20/17 3:34 PM Page 1
DON’T MISS A SINGLE ISSUE! Renew your FREE subscription to SD Times!
Take a moment to visit sdtimes.com. Subscribing today means you won’t miss in-depth features on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data. SD Times offers insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more. Find the latest news from the software providers, industry consortia, open source projects and research institutions. Available in two formats — print or e-mail with a link to download the PDF. Subscribe today to keep up with everything happening in the software development industry!
Sign up for FREE today at www.sdtimes.com.
SDT02 page 31_Layout 1 7/21/17 3:17 PM Page 31
31
Agile Showcase he notion of Agile software develop- BY DAVID RUBINSTEIN you embrace Lean and Kanban? Is Scrum ment has been around for more than a enough? Have you adopted DevOps are decade. The goals, of course, are to have developers part of your Agile strategy? work more efficiently, shorten time-to-market of business Beyond that, software development itself is changing, in deliverables, and respond to defects, market conditions or large part due to the broad acceptance of Agile. Microseradd new features more quickly. vices architectures could not flourish if not for an organizaThis is well understood. What is less well understood is how tion’s understanding of how to do small, quick releases in a organizations should implement Agile techniques. Some say tight cycle. it’s not enough for developers to be agile, but that businesses At this year’s Agile 2017 conference, of which must become agile. Marketers, for instance, must change how SD Times is a sponsor, more than 274 sessions are dedicatthey talk about releases, going from one-off announcements to ed to the topic, regardless of the size of your organization, a more engaged relationship with customers. and regardless of how far down the Agile path you’ve And even if your Agile practice is limited to the develop- already gone. If you’re not at the conference, we hope you’ll ment team, there are various ways to achieve those goals. Do find value in this showcase. z
T
SDT02 Full Page Ads_Layout 1 7/21/17 1:35 PM Page 32
Is your business ready for the Agile Enterprise?
Agile portfolio management for the Enterprise. Agile Enterprise is having cross-portfolio visibility to make strategic decisions and track them across all teams whether waterfall, agile or DevOps. Agile Enterprise is about hybrid development with lifecycle traceability across a complex application portfolio, for governance and compliance from business processes. As you rapidly deliver quality applications at scale today, what are you doing to be Agile Enterprise ready? Learn more: saas.hpe.com/software/alm-octane
saas.hpe.com/software/ppm-it-project-portfolio-management
SDT02 page 33_Layout 1 7/21/17 3:50 PM Page 33
AGILE SHOWCASE
33
HPE Software Enables Agile Business M any Agile and DevOps teams are successfully reducing software delivery cycle times and improving product quality, but their work doesn’t always align with business objectives because CIOs and IT portfolio managers lack the visibility they need to ensure business and product alignment. Although modern software tools generate a lot of data and more of them are providing analytics capabilities, the information needs to be available at different levels of abstraction to be of strategic value to the organization. “Companies don’t always appreciate the impact of Agile,” said Malcolm Isaacs, senior researcher at Hewlett Packard Enterprise (HPE). “Agile and DevOps are increasingly prevalent in enterprises, but management is having a difficult time managing software products consistently.” HPE Application Lifecycle Management (ALM) Octane with HPE Project and Portfolio Management (PPM) provide an integrated, open management platform for all artifacts, so executives can make better decisions about bringing software to market.
Manage Risks More Effectively Continuous integration and continuous delivery are becoming more popular as enterprises attempt to use software as a competitive weapon. Faster software delivery is a good thing as long as it doesn’t add risk. “Today’s portfolio managers have to oversee and synchronize multiple development projects, which include both agile projects and waterfall projects,” said Isaacs. “How do you do that while minimizing risk? How do enterprise architects enforce compliance with various standards across the organization?” In the past, we knew who was in charge of standards compliance at the data access, business, service and presentation layers. However, when teams are organized around features, it’s more difficult to identify the people who are responsible for enterprise-wide compliance. “It’s really hard for an enterprise architect to ensure compliance across the organization when every team is managing their own pipelines, using different tools, and gathering different metrics,” said Isaacs. “There’s no uniform way of evaluating teams’ performance across the organization.” There’s no lack of data, but disparate data formats still prevent tools from sharing information despite APIs and traditional ALM tools. HPE PPM together with ALM Octane overcomes those limitations to provide complete portfolio-level views. They also provide drill-down capabilities so users can understand the current status of a release or a DevOps pipeline. “We’re helping to enable enterprise agility,” said Isaacs. “One of the ways we’re enabling this is by giving you a management system that integrates with application lifecycle management and software development tools and makes sense of everything. Portfolio managers are using that information to make strategic decisions, allocate budget and resources, and
track the status of their decisions and optimize them further.” Notably, HPE PPM with ALM Octane provides end-toend visibility and traceability across Agile, Waterfall and hybrid projects to provide comprehensive and reliable enterprise-level views of software development activity.
Align Enterprise Development As software teams become more Agile, it’s easy to lose control of the teams responsible for specific backlogs. Ultimately, software development efforts have to strategically align with the organization’s goals, which is where large-scale agile frameworks come in. Portfolio managers can use them to better understand how to manage teams and release streams.
‘It’s really hard for an enterprise architect to ensure compliance across the organization when every team is managing their own pipelines, using different tools, and gathering different metrics.’ —Malcolm Isaacs
“The Scaled Agile Framework is probably the most popular framework to ensure alignment at different levels,” said Isaacs. “At the program level, you have a number of teams that are working towards a common goal. At the large solution level, you have many ‘teams of teams’ working on larger, more complex goals. At the portfolio level you are concerned with alignment to business strategy.” Some organizations are so large that different parts of the organization implement their own portfolio layer. Executives need enterprise-wide visibility to ensure that all their investments are being managed wisely. While historical views help, more businesses want predictive capabilities at application and portfolio levels. That way, developers can avoid delays by anticipating what’s likely to cause them. Portfolio managers can do what-if scenario planning for resource allocation and more. “Today’s software development systems generate huge quantities of data every day, and there’s a lot of dark data within those systems,” said Isaacs. “Big data and predictive analytics capabilities can be very helpful, so we can make better business decisions as we move forward.” Meanwhile, portfolio managers need a single place where they can aggregate information and track progress across projects using different methodologies, including both traditional and agile lifecycle management systems. HPE PPM provides those capabilities so that businesses can maximize the value of their software development efforts. “Most software development organizations today are employing tools and techniques for continuous assessment,” said Isaacs. “As they become more Agile, organizations must extend those types of capabilities up to the executive levels.” Learn more at saas.hpe.com. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:35 PM Page 34
SDT02 page 35_Layout 1 7/20/17 3:30 PM Page 35
AGILE SHOWCASE
35
Agile Can’t Succeed as an Island ore development teams have adopted agile and lean ways of working to deliver better quality products faster. Despite their efforts, they’re still missing deadlines and churning out buggy software. Most of these teams are expected to solve business problems, but their work doesn’t align with business objectives. In fact, there’s a huge disconnect between development teams and the organizations they serve. “Agile software development alone can’t solve all your problems,” said Doug Dockery, global sales engineering leader for CA Technologies (CA). “If you’re serious about competing in your markets, you have to change your definition of ‘business as usual.’ Agile can’t succeed as an island.” The inefficiencies result in budget misses and stalled innovation. Agile ROI is falling short of expectations because it’s much more of a team sport than organizations realize. “Agile teams and agile businesses are two different things,” said Dockery. “Development teams are being blamed for building the wrong things, but it’s not the team’s fault. Companies haven’t created an environment of alignment, autonomy and trust.” Alignment ensures that the teams build what matters most to the business. Once the business and development teams are aligned, the development teams have the autonomy to decide the best way to build the product. Bilateral trust is also important. Without it, companies can’t deliver their best value to customers. The business must trust that developers will build what’s in the best interest of the company. Conversely, developers need to trust that the business knows what should be built. The result is products that deliver better business value.
M
Scrum Isn’t a Silver Bullet Agile development efforts often focus on team structure, workflows and planning. Scrum teams stay busy adopting new technologies, creating user stories, refining processes and estimating the value and cadence of a sprint. Still, their efforts lack positive business impact because the organization operates in an entirely different manner. “Companies are approaching agile myopically,” said Dockery. “They think Scrum teams are going to solve all their problems and then they discover they’re worse off than when they were doing waterfall.” For example, one company’s annual plan included more than 70 BI projects, all of which were active simply because the managers needed “to see progress.” Half of the projects
bled over from the previous year. The other half would bleed over into the next year. None of the projects would be completed that year. “You might think that Kanban would solve the problem, if you just prioritize work and finish it in order of priority,” said Dockery. “That way, you’d have a steady stream of accomplishments. But what we find is those accomplishments don’t always align to businesses strategy.”
The Importance of Agile Business Practices Change is a constant that businesses have to master in today’s fast-moving economy. Their very survival and rele-
‘Agile software development alone can’t solve all your problems. If you’re serious about competing in your markets, you have to change your definition of ‘business as usual.’ Agile can’t succeed as an island.’ —Doug Dockery
vance depends on their ability to sense and respond to change. “Markets change and customer demands never stop,” said Dockery. “If you want to lead, you have to anticipate new business realities, including your customers’ shifting requirements. You can’t do that if your strategy and execution don’t align.” The best way to bridge the gap between the business and its development teams is to decompose initiatives into smaller parts so teams can adapt to changing priorities. Metrics should drive continuous improvement. “The most successful companies meet quarterly to align strategy and execution,” said Dockery. “If you do this right, you can ensure that software development aligns with business strategy. Development teams need to understand what they’re building, why they’re building it and the impact it will have on the business.”
Agile Culture Requires Commitment Truly agile businesses realize changes to both their strategy and culture must occur to deliver maximum value. They’re focused on continuous improvement, training their employees, measuring performance, and learning from retrospectives. “You can’t do agile, you have to be agile,” said Dockery. “You have to think in terms of delivering customer value instead of just creating process.” Learn more at cainc.to/how-agile-are-you. z
SDT02 page 36_Layout 1 7/20/17 4:06 PM Page 1
Discover the Future – at the World’s Largest Commercial Drone Conference & Expo
• More than 120 classes, panels and keynotes
September 6-8, 2017
• Visit with over 185 exhibitors
Las Vegas
“If you want to see the state-of-the-art and expand your knowledge about the drone industry, InterDrone is the place to be.”
www.InterDrone.com
—George Gorrill, Structural Engineer, Thomas Engineering Group
Register Early for the Biggest Discount!
SDT02 page 37_Layout 1 7/21/17 3:46 PM Page 37
AGILE SHOWCASE
37
A guide to ALM suite offerings n
FEATURED PROVIDERS n
n CA Technologies: CA Technologies provides a range of solutions to improve applications, manage portfolios and maximize business opportunities. CA Agile Central enables teams to collaborate, plan, prioritize, and track work through the entire lifecycle, as well as measures productivity, predictability, and performance. The CA Project & Portfolio Management solution ensures business strategy is on track with insights into investment and project portfolios. n HPE ALM Software: HPE ALM Octane is its flagship modern platform for lifecycle and quality management to deliver innovative applications with quality at scale. HPE ALM Octane is designed specifically to help customers manage and accelerate their software development life cycle, and supports DevOps, agile and traditional waterfall methodologies. The end-user experience of HPE ALM Octane is designed from the ground up to be simple, responsive, and serve the platforms and form factors that practitioners use: browsers, tablets or mobile devices.
n AgileCraft: AgileCraft delivers the most comprehensive software solution available for scaling agile to the enterprise. AgileCraft transforms the way organizations enable and manage agile productivity across their enterprise, portfolios, programs and teams by aligning business strategy with technical execution. The AgileCraft platform combines sophisticated planning, analysis, forecasting and visualization with robust, multilevel collaboration and management. Designed to be open, the AgileCraft platform compliments and extends existing agile tools, methods and processes and can be deployed through the cloud or on premise. AgileCraft customers get the best agile solution on the market and benefit from a platform that is specifically designed to scaling agile to the enterprise. n Blueprint: Blueprint provides industryleading solutions that accelerate and derisk the digital transformation of large organizations. With our products — Blueprint Storyteller for Agile, Blueprint Automate for DevOps and Blueprint RegTech for Compliance — organizations
receive greater business value from IT, faster and more frequently, while dramatically increasing the efficiency and confidence of compliance. n cPrime: At cPrime, Software Services Lifecycle Management (SSLM) addresses the fragmented way software and services are used to support Agile, DevOps and ALM initiatives. It unifies the teams, processes and tools used to build applications through a unified approach to software services that removes the cultural barriers that result in siloed operations and disconnected software delivery workflows. n Hindsight Software: Hindsight Software develops innovative tools and training to help companies integrate Behavior Driven Development (BDD) into their software development process. BDD is an analysis technique for discovering and communicating user stories between business stakeholders and software developers; a common failure point in many projects. Our award winning tool Behave Pro for JIRA is used by hundreds of companies to allow product owners, developers and testers to collaborate on user stories using BDD. n IBM: IBM provides agile tools for developers building solutions in hybrid cloud environments whatever their process — Agile, Scrum, Kanban, SAFe or waterfall. Automate build, test and deployment, and add availability monitoring and security testing for your applications. IBM Cloud services enable
developers to get started quickly to forge a combination of Watson cognitive services, blockchain, data, APIs, microservices and other technologies into a reliable business advantage while integrating high-performance cloud infrastructure and cutting-edge services into your IT environment. n LeanKit: LeanKit makes enterprise process and work management software that is purpose-built for Lean and uniquely suited for Kanban. We help teams in all areas of IT and across the organization to visualize work, optimize processes and practice continuous delivery. LeanKit is used by more than 500,000 users around the world at companies such as Adobe, Siemens, Rockwell Automation, Verizon and VMware. n Parasoft: Parasoft researches and develops software solutions that help organizations deliver defect-free software efficiently. By integrating development testing, API testing, and service virtualization, we reduce the time, effort, and cost of delivering secure, reliable, and compliant software. Parasoft's enterprise and embedded development solutions are the industry's most comprehensive — including static analysis, unit testing, requirements traceability, coverage analysis, functional and load testing, dev/test environment management, and more. The majority of Fortune 500 companies rely on Parasoft in order to produce top-quality software consistently and efficiently as they pursue agile, lean, DevOps, compliance, and safety-critical development initiatives. n VersionOne: VersionOne is the independent leader in agile lifecycle management software and services. Our mission is to help companies envision and deliver great software. Today, more than 50,000 teams at 1,000 companies, including 33 of the Fortune 100, use our solutions to help scale their agile initiatives faster, easier and smarter. Whether a small team just starting out with agile or a global enterprise scaling agile, VersionOne customers get the best solutions in the industry backed by the pioneers in agile lifecycle management. VersionOne has offices in Atlanta and in Amsterdam. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:36 PM Page 38
SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:48 PM Page 39
www.sdtimes.com
August 2017
SD Times
Buyers Guide
Test Driven Development is alive and well BY CHRISTINA CARDOZA
D
espite what you might have heard around the industry and on the Internet, Test Driven Development (TDD) is not dead. The practice is still alive and well, especially in this new modern agile world. TDD is a developer-focused practice where developers, not testers, write the test before they write their code, and then they keep refactoring their
code until it passes the test. David Heinemeier Hansson, creator of Ruby on Rails, first declared TDD was dead on his website in 2014. Hansson stated while the practice taught him to think about testing at a deeper level, he believed it was actually hurting his software designs. More recently, Microsoft’s senior software design engineer Eric Gunnerson said that while he is grateful for what TDD has taught him, it didn’t live up to his expectations. “What
I’ve seen is a consistent pattern of TDD working in a laboratory setting — developers are quick to pick up the workflow and can create working code and tests during classes/exercises/katas — and then failing in the real world,” he wrote. While the practice is not for everyone, and it depends on the development team and team members, Kelly Emo, director of life-cycle and quality product marketing at Hewlett Packard Entercontinued on page 41 >
39
SDT02 Full Page Ads_Layout 1 7/21/17 1:36 PM Page 40
SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:48 PM Page 41
www.sdtimes.com
< continued from page 39
prise (HPE), believes there is a misunderstanding about what TDD can and can’t do. “The Test Driven Development is dead belief is often coupled with the belief that testing as a practice is dead, and if you just speed everything up fast enough and operate lean enough, you don’t really need to spend a lot of time in pre-production testing because you are continuously delivering, rolling back, and operating at such speed that the impact is minimal,” she said. Test Driven Development promotes the idea of understanding what you are trying to build before you start building it, according to Walter Capitani, product manager for Klocwork at Rogue Wave. “It exposes weaknesses in requirements, in the architecture, and even in your test infrastructure before you start trying to build something. The counterpoint to that is you start building something and then realize you can’t properly test it. Then you put yourself in a situation where you are going to end up releasing something that was never properly testing,” he said. When Test Driven Development is done correctly, developers should actually be developing better code, more efficiently, according to Jason Hammon, director of product management at TechExcel. “TDD is actually beneficial to developers because the process of writing the test will help establish clear requirements, the scope of what they are creating and perhaps what interdependencies are involved with it,” he said.
How TDD enables speed and quality Developers may be resistant to the approach because they feel like it is unnecessary work, according to Hammon, but down the line it actually results in a clearer understanding of the software, more accurate estimates, more successful sprints, less chance of complications, and better quality code. “While at first, the practice of TDD may feel to agile teams that it is adding overhead and effort, it actually keeps the ongoing delivery more agile. With lean and continuous delivery practices, serious issues can build up that will stop the agile release train if technical debt
is allowed to seep in and build up over time,” HPE’s Emo added. TDD enables developers to create code that is always testable, and free from defects, instability, or rigidness overtime. “By reducing technical debt, code additions or changes can be included in agile sprints and release trains much more quickly,” Emo said. Writing the tests first also confirms the requirements that developers are looking for, according to Rogue Wave’s Capitani. “Sometimes if we start with the feature, we make assumptions about requirements or we simply miss requirements because we are thinking about designing something else,” he said. “By writing the tests first, you take a deeper dive into the requirements, which leads you to have a better understanding of them once you start writing the actual feature itself.” By building things in right from the beginning and ensuring upfront whether what they are building is right or wrong, TDD allows development teams to achieve today’s necessary speed, according to Alex Martins, advisor for continuous testing at CA Technologies. “The market is just moving too fast. The users are changing what they want too fast. So instead of building things the old way, TDD really helps the developer focus on building what is meaningful towards their current scope right now,” he said. The speed in TDD also comes from incremental improvement in the actual quality of the software, and the repetition of short cycles that are tuned to testing a very specific thing in greater deal to improve the cycle, according to Thomas Hooker, vice president of marketing for CollabNet.
TDD not without challenges However, that doesn’t mean that Test Driven Development is not without challenges. In an ideal world of TDD, developers verify functionality of their software features, and verify the correct behavior over time. They ensure longterm reliability of their software, according to Rogue Wave’s Capitani. Capitani explained that the reality of TDD is that developers are not exercis-
August 2017
SD Times
ing the software in the way it will be used in the real world, and that is because more sophisticated tests are expensive to write, and take a lot of time. “Developer’s don’t really want to write them because they are not verifying features, they are proving the software is reliable, has no security vulnerabilities, or other things that are not directly related to the features customers are asking for,” he said. Capitani said TDD approaches need to be coupled with static code analysis solutions so it can verify the quality of the software such as looking for memory leaks, security weaknesses, and reliability issues. “You have to ensure you are reproducing the realworld environment that your software is going to encounter, and not just testing that something works,” he said. Emo added the “fox guarding the hen house” can also be a risk of TDD. In TDD, the developer that is writing the test is also writing the code to go along with that test. According to Emo, in an ideal world two individual developers would be working together — one to write the test, and one to write the code. “Often in agile teams, roles may switch off during different sprints to expand experience across pure developers and dev/testers, but during a sprint, they should be two different people working on the sprint,” she said. According to CA’s Martins, it isn’t always feasible to have a two-developer approach because from a budgeting perspective, if it is increasing the workload of another developer, it is not going to be very well received. However, new tools and solutions are coming out that will help automatically generate the tests that can be used by developers to drive their application development. “This is not necessarily increasing the workload, but using better solutions and better technology that wasn’t available before,” he said.
Measuring success The biggest challenge for teams trying to adopt TDD is figuring out how to measure that they are truly getting better, according to CA’s Martins. If developers are running tests as part of an extra step in their development continued on page 42 >
41
SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:50 PM Page 42
42
SD Times
August 2017
www.sdtimes.com
< continued from page 41
process, getting feedback from QA that the code quality is higher or bug rates are going down, and that it is making their cycles shorters, that is a good indication that they are on the right track, according to TechExcel’s Hammon. “If it can be implemented, developers can do it, it is not making their work take a lot longer, and it is increasing the quality of code, that is a sign that is is beneficial,” he said. Martins says there are four pillars that support software quality: Code quality, pipeline quality, application quality and customer experience. To visualize how they are performing throughout the lifecycle, teams should be value-stream mapping. That technique shows how much time is being spent on coding and testing, and the cost from a effort perspective and timing perspective, according to Martins. “If you are able to showcase to the developers that they are not spending more time, but they just \ shifting the amount of time spent upfront in defining the tests, and they are just going to do it once and move on, it will help them to see why they are doing this and how they are getting better,” he said. Successful TDD developers will not only write tests that pass, they will write tests that are comprehensive, according to Rogue Wave’s Capitani. To do so, they need to understand how software is going to interact with the rest of the work around it and have the mental skill to look for weaknesses, he said. Developers need to sit in backlog grooming sessions and start thinking about potential flaws or potential points they have to validate before they know or think they know the code is accomplishing what was in scope, according to Martins. “There is a mindset change that needs to happen. Developers have to start thinking about what is it that this code is suppose to do, and how will they validate that it is actually doing what it is supposed to do. They need to write the tests for each of the methods they are building, define the test, write the code for the test to pass, and then refactor until it is good enough. This helps devel-
opers focus on just writing enough code — not more, not less — so they can move onto the next task on their list knowing it will not come back to them because from their perspective they have already embedded quality,” he said.
TDD drives customer experience The reason why software development and delivery has to move so fast is because customer expectations are changing so quickly, and that makes Test Driven Development so much more important in a modern agile software world, according to CollabNet’s Hooker. Hooker explained users are not driven by brand loyalty, they are driven by experience loyalty. “[Users] are driven by the experience, so when increasingly the developer’s end work touches the customer directly, developers have to have high quality assurance that the outcome is going to give the customer what they want,” he said. Today, software drives how companies interact with customers, how customers interact with companies, and how companies drive their business. Test Driven Development is an important part of that, Hooker explained. “We have to find every little step in our process and optimize that step to deliver high quality software that meets the needs of our customer. Once we get done doing it, we go back through the system and we find where is the next area to improve,” he said. “Test Driven Development folds very nice into our agile driven CI/CD DevOps world because it is all focused on innovating quickly, providing not just a high quality product, but a high quality experience for the customer,” he said.
The tester’s role in TDD While Test Driven Development is very much developer focused, that doesn’t mean the software tester’s role is pushed to the side. “Test Driven Development does not replace testing, it is an addition to improve quality of code and speed,” said CollabNet’s Hooker. There are still all sorts of things like integration testing and platform testing, and a number of different ways to test that TDD does not address so that at
the end of the day, a great user experience for the customer is being delivered, Hooker explained. A tester is responsible for creating automated test scripts or assets that go beyond unit or functional testing; creating tests for load, performance, and application security; and continually assessing the quality and the overall experience, according to HPE’s Emo. CA’s Martins said it is important to note that while TDD tells you whether what you built was right or wrong, it doesn’t tell you if the application is doing what it was supposed to do. To understand if you built what was intended by the business and compare how the system is working against what the requirement originally prescribed, Acceptance Test Driven Development (ATDD) is necessary. The testing team helps provide those acceptance tests to the developers so developers can better ensure their code is good. “Here, the testing team can help the developer early on because it is all about preventing defects, catching them as early as possible and shifting everything left as much as possible,” said Martins. “Testers are starting to be seen more as enabler for more speed in the pipeline, for better quality and not just as an entity that works against the developer.” Testers can also use Business Driven Development (BDD) to validate the business process and the code function, and develop quality earlier, HPE’s Emo added. “BDD is designed to get people thinking about the business process and the behavior you want,” she said. “It does a nice job of shrinking down the gap between writing requirements, writing automated tests and writing code because right upfront it because your documentation.” A successful testing strategy needs to look at the whole cycle of what you are creating and releasing. Following a test-driven approach to make sure developers are checking in high-quality code is a good place to start and will ensure better results down the road, but having a holistic approach is also very important, according to TechExcel’s Hammon. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:57 PM Page 43
Does balancing speed, quality and scale feel like rocket science?
Support test driven development and continuous testing with HPE ADM. Deliver quality applications rapidly, and at enterprise scale. Manage tests with an integrated ALM toolchain built for waterfall and Agile application development. Grow from defining and managing work items tracking, to optimizing program and portfolio. Project Agile is not Enterprise Agile. Discover the New. Visit saas.hpe.com/software/application-delivery-management
SDT02 Full Page Ads_Layout 1 7/28/17 10:03 AM Page 44
SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:50 PM Page 45
www.sdtimes.com
August 2017
SD Times
How do you support Test Driven Development? BY CHRISTINA CARDOZA
Alex Martins, advisor for continuous testing at CA Technologies: The main differentiator for us is removing the barrier for Test Driven Development and Acceptance Test Driven Development. In TDD and ATDD, teams typically need to think through the requirements they have to write the code for and then think about the test, which usually is a barrier for adoption. Our solution at CA is to remove that barrier. We are able to automatically generate the acceptance tests for the developers to just start coding against as well as the unit level tests for them to start coding against for TDD and ATDD. There are three solutions that form the core of our TDD and ATDD solutions: CA BlazeMeter API Test, CA Agile Requirements Designer, and CA Test Data Manager. Thomas Hooker, vice president of marketing at CollabNet: CollabNet views Test Driven Development as a continual evolution in our overall industry’s goal and purpose to build better and better software. What we do is we embrace different methodologies and different tools that enable our customers to adequately test their software, and to have the testing components drive the software development life cycle if that is what the customer chooses to do. We are an open platform and we allow you to construct test patterns that best suit your enterprise. We fully support your efforts to move towards a CI/CD world where we do have continuous integration, continuous development and continuous deployment. What that really does is that enables the developer and the development organization to take much more responsibility for testing individual items and features directly. After that has taken place, you have your standard test harnesses that your standard quality assurance organizations would be running and utilizing to ensure quality as you move downstream, but in a test driven environment.
Kelly Emo, director of lifecycle and quality product marketing at Hewlett Packard Enterprise: We don’t offer a Test Driven Development tool itself, but we offer support for Behavior Driven Development (BDD) as part of our ALM Octane management platform. We are also able to integrate with open-source and developer tools that support TDD and bring up that information into the ALM Octane layer so your agile team and your application owner or your product owner continuously know the state of their quality and to know the state of their team’s velocity. The other thing we are able to do is because Test Driven Development is the practice, the tests are often written in unit frameworks like NUnit or JUnit, so we can utilize the output of those frameworks to accelerate regression test and business process test. The whole flow, the whole business process you would automate using our Unified Functional Testing solution, is already there as part of that Test Driven Development process. We can just plug that right in. Think of it as building blocks, the TDD functions that are done in the open-source tools become building blocks to the automated tests that are created in our tools. Walter Capitani, product management for Klocwork at Rogue Wave: The way we certainly support it is through the execution of tests that you don’t have to write. In other words, you are going to do your TDD by writing your own test for your own functionality, and then we are going to add to those tests with a series of quality and security tests that will generate the same kind of results in terms of finding places where your software is not behaving properly, where it has crashed, or where it has security vulnerabilities, and enable you to then develop solutions to those issues which will then cause the tests to pass. Klocwork can find more than 500 defects in your code, so by running those
tests in addition to the specific tests you have written, it gives you a bigger bank of tests for which you are going to develop against. Where I think the TDD gap exists today is between functionality and actual proper operation — reliable, secure operation. There are many ways to achieve that, but many of them are expensive either from a time or actual cost perspective for many software vendors out there and that is where I feel like there are tools that instead of building it itself, you can use tools such as static code analysis to help bridge the gap. Jason Hammon, director of product management at TechExcel: We do have tools in place that allow you to do Test Driven Development, or a process like that. What we do is we allow requirements from our repository to be created as tasks for developers and one of those tasks that you can certainly use is a test based on that requirement. It is really easy and lightweight for a developer to just grab the requirements that are new, and put them into their sprint or whatever sort of time tracking they want to do along with those tasks to ensure for each of those requirements they have run a test corresponding with it. Our solution does about whatever development methodology you want to use, and we are not going to limit you into one particular method; because we have an open platform that integrates lots of third-party tools, you could even use our solution in conjunction with other development tools to perform TDD so if you are using something else for your CSM tool or another bug-tracking tool, you can integrate those with our requirements management tool and still have a process like that. z
45
SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:51 PM Page 46
46
SD Times
August 2017
www.sdtimes.com
A guide to Test Driven Development solutions n Applause: Applause ensures digital experience quality for websites, mobile apps, IoT products and in-store interactions in a way no other approach can — through its crowdtesting technology platform and managed global community of over 300,000 professional and ondemand testers specializing in QA, usability, accessibility, security, automation, digital and more. n Parasoft: Parasoft helps teams perfect software by providing static analysis, unit testing, functional testing, security testing, and load/performance testing tools to ensure that code is secure, safe, reliable, and compliant. Parasoft's software solutions combine end-to-end testing capabilities with virtual test environments, automating time-consuming testing tasks and improving quality via intelligent analytics/reporting. n QASymphony: QASymphony offers two integrated solutions built for TDD that help teams deliver high quality software at a rapid pace. qTest Scenario is a JIRA add-on with a Gherkin editor for collaboration around feature and scenario development.. qTest Pulse is for enterprise BDD, storing your features and scenarios directly within your version control system (i.e. Git). n Sauce Labs: Sauce Labs provides the world’s largest cloud-based testing platform for automated and manual testing of desktop and mobile websites and applications. Using open source frameworks such as Selenium and Appium, TDD/BDD tests can across hundreds of different browser and OS combinations on virtual machines, mobile emulators/simulators, and real mobile devices (native, hybrid and mobile web). n SmartBear: TestComplete allows QA teams to easily create stable, stable, and maintainable automated UI tests. An access to a cloud device lab within TestComplete enables these teams to execute tests in over 1,500 environments. Other features of the tool include support for modern scripting languages, recording automated UI tests without scripting knowledge, data-driven testing, support for over 500 controls and frame-
n
FEATURED PROVIDERS n
n CA Technologies: CA’s comprehensive portfolio of continuous testing solutions, which includes CA Agile Requirements Designer, CA Test Data Management and CA BlazeMeter, provides the tools agile teams need to create the tests that will drive code development, ensure test data is available on-demand, automatically generate test scripts on business requirements and automatically execute test cases to build better, higher quality apps, faster. n CollabNet: CollabNet helps enterprises and government organizations develop and deliver high-quality software at speed. CollabNet is a Best in Show winner in the application lifecycle management and development tools category of the SD Times 100 for 14 consecutive years. CollabNet offers innovative solutions, consulting, and Agile training services. The company proudly supports more than 10,000 customers with 6 million users in 100 countries. n HPE: HPE Software’s Functional Testing solutions help to deliver high-quality software while reducing the cost and complexity of functional testing. HPE’s solutions address the challenges of testing in agile and Continuous Integration scenarios, as well as hybrid applications, cloud and mobile platforms. HPE ALM Octane provides insights into software, speeds up delivery, and ensures quality user experiences. n Rogue Wave: The largest independent provider of cross-platform software development tools, components, and platforms in the world. With Rogue Wave Klocwork, detect security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting. n TechExcel: DevTest is a sophisticated quality-management solution used by development and QA teams of all sizes to manage every aspect of their testing processes from test case creation, planning and execution through defect submission and resolution. It aims to give teams control over product quality; enhance test standardization, reuse and revision; increase team productivity; and ensure ultimate accountability for all test phases. Other solutions the company offers include: DevSuite for ALM initiatives, DevSpec for requirements management, and DevTrack for task management.
works, and out of the box integration with continuous integration tools. Visit: https://smartbear.com/product/testcomplete/overview/ n TestPlant: Testing used to be about compliance but it's now about user satisfaction. TestPlant’s solutions help create amazing digital experiences with true end-to-end test automation and analytics through the eyes of the user. We expand automation beyond test execution to increase time-to-market, productivity, user satisfaction, and match the pace of DevOps. Our proven FastStart services ensure easy and fast adoption. n Tricentis: Whether your methodology calls for TDD, BDD, or ATDD, Tricentis Tosca helps you represent scenarios in a
“given-when-then” style. With Tricentis Tosca’s model-based test automation, you can create a concrete model, automate scenarios, scale test execution, and integrate testing into development—enabling you to deliver fast quality feedback. n Zephyr: Zephyr is a leading provider of quality management solutions, powering quality for more than 11,000 global customers across 100 countries. Project teams and enterprises of all sizes use Zephyr’s products to enable continuous testing throughout their entire software delivery pipeline to release higher quality software, faster. Zephyr's products include test management, automation integration, predictive analytics and DevOps insights. For more information, please visit www.getzephyr.com. z
SDT02 Full Page Ads_Layout 1 7/21/17 1:38 PM Page 47
SDT02 page 48.qxd_Layout 1 7/20/17 4:05 PM Page 48
48
SD Times
August 2017
www.sdtimes.com
Guest View BY SCOTT SCHAEDLE
A designer’s approach to development Scott Schaedle founded Quore in 2012 to revolutionize and streamline hotel operations.
W
hen most software developers have a new idea they go straight to their computer, I turn off my devices and break out the old-fashioned notebook. In high school I liked to sketch and draw, and today I use the same markers and pens to kick off the development process. I prefer this method because when it comes to pleasing the consumer, design always wins. Much to the chagrin of most development heads I work with, I don’t start with a data model. The first thing I do is craft sketches of the design from a user’s point of view and work backward. After the initial design I dive into functionality, then move to development and discuss what we can realistically make. But in that discussion design always wins. I started Quore, a hospitality software solution, eight years ago using this design-first approach. Today, we have more than 30,000 users, and the first thing most people remark when they try Quore is its intuitive design. While I’m a firm believer that there must be a balance of beauty and brains when it comes to software design, too often the end user takes a back seat. Here are four ways to approach new development with a design-first mentality to ensure the end user is top-of-mind.
Using graphic design rules, not software design rules, can ensure design always wins.
Go dark Going dark is a great way to expand your imagination. By turning off electronics, developers are forced to get creative by drawing and discussing ideas. I believe that distractions kill ideas, so when Quore needed to expand to a new office, I made sure there was a dedicated “static-free” room in the plans. The room is a place for all employees to escape technology and face creativity. Clearing the static is one great way to vehemently pursue a solution to a problem.
Throw out the rulebook Using graphic design rules, not software design rules, developers can ensure design always wins. As a rule, graphic designers start with what the end user sees first. Graphic designers know that it’s all about perception: people first see shapes, then col-
or, then content. By taking this into account, designers can create products that are intuitive and easy to use. Start by first sketching the product, then add color to bring the visual to life. Great design takes a careful approach to color choices. Color invokes emotion and has the power to affect behavior. When designing Quore, it was important to incorporate features that thoughtfully take color into consideration. One feature notifies employees with warm colors when they are going into overtime, another when rooms are flagged for maintenance.
Know your customer A deep understanding of your customers and user’s industry will always lead to stronger designs, implementations and tests. While recently creating a feature to increase the efficiency of housekeeping departments, we first identified the most crucial tasks of the housekeeper role and built the design from those tasks. The outcome of this exercise yielded a feature that increased adoption among users, increased the efficiency of the department, increased guest satisfaction by ensuring a room is ready upon check-in, and saved money.
Bring in the team Once you’ve mapped out the entire process from a user’s point of view, it’s time to bring in the whole design team. Encouraging other designers to review your concepts allows you to gauge its feasibility from an engineer’s perspective. These people can help identify what may be frivolous and what makes the most sense functionally. While the concept may require some retooling, outside perspectives usually help narrow the design into the best solution. When Quore entered the market in 2013, there were other products with similar goals, but most were basic spreadsheet programs. The look and functionality of Quore was a hit with our new customers, and many dropped their existing software solutions and switched to Quore. Quore has always taken a user-first approach, and continues to attract new customers with its intuitive design. Focusing on design and user experience above all else will ensure successful, lasting products. z
SDT02 page 49_Layout 1 7/20/17 4:03 PM Page 49
www.sdtimes.com
August 2017
SD Times
Analyst View BY DR. ARNAL DAYARATNA
Graal: the grail of polyglot runtime? V
irtualization has proven its value to IT and to developers through technologies such as server virtualization and the venerable JVM. Operating system virtualization is about providing protection and isolation/security from other operating systems while maximizing system utilization. In the case of the JVM, the value is arguably more about providing an insulation layer that abstracts the application code from the underlying architectural idiosyncrasies. Wouldn’t it be nice if more languages had a virtualization layer? Well, that may come to pass. An open-source project from the technologies of the Graal research project is the basis for GraalVM, a JVM that bundles Graal, Truffle and other select components. Graal is a new Just in Time (JIT) compiler that has been nurtured for the past several years primarily by Oracle Labs. Built in Java, GraalVM leverages the opensource project Graal to accelerate compilation performance and, in collaboration with a project called Truffle, a polyglot language compiler, provides optimized compilation capabilities for any programming language that supports the Truffle API. GraalVM provides polyglot runtime functionality that brings the “write once, run anywhere” attribute of Java to any language that can be compiled by Graal, thereby serving as a unified infrastructure for compiling a plurality of programming languages across a multitude of devices as well as any SaaS application or data processing application. Moreover, GraalVM enables languages to interoperate with one another, thereby empowering developers to begin writing code in one language and subsequently leverage code written in another language. As such, the GraalVM has the potential to serve as a unified framework for compilation that facilitates enhanced portability and interoperability amongst programming languages. GraalVM promises to bring the speed of program execution specific to compiled languages such as C++ to interpreted languages by means of its support for the Truffle language-implementation framework. The Truffle API creates an Abstract Syntax Tree representation of source code that it subsequently converts into a Graal Intermediate Representation (IR). Graal enters the picture by performing advanced optimization on the Graal IR and transforming the result into machine code
as a state of the art optimizing compiler. Separate from its ability to accelerate compilation, GraalVM boasts the ability to allow programming languages to interoperate with one another by means of the Truffle Object Storage Model. Interoperability, here, means that GraalVM allows languages to access objects, classes and data structures from other languages. For example, developers can enable Java code to access JavaScript, Ruby, R, or C/C++ and vice versa. GraalVM’s ability to facilitate language interoperability has the potential to give the programming world respite from the dizzying profusion of languages by providing a unified framework that empowers developers to integrate code from a plurality of languages into one unified code-base. One of the unanswered questions for the larger GraalVM project, however, concerns its ability to attract developers to its open-source community. The project was initiated by, and is still led by Oracle Labs and will need robust and transparent governance to encourage contributions from the global community of developers as well as the support of the enterprise and startup community, alike. Of particular concern is the lack of a diverse community. Vendors that should have an interest in this project but apparently do not — Microsoft, IBM, Red Hat, and Intel come to mind — seem to indicate that either the project has been flying too low under their radar, or that there is some inherent resistance for either technology reasons or for competitive reasons. That said, there were substantial contributions from Red Hat (ARM back end), Intel (optimizations for the Intel platform), and Twitter (bug fixes). Those were more along the lines of onetime contributions rather than an ongoing stream of commits, though. In the case of GraalVM, deep and sustained support from the developer community will be critical to its success. Overall, GraalVM promises to enhance the developer experience by way of its polyglot capability to accelerate, improve and streamline application runtime and performance. The key to its success, however, will hinge on Oracle’s ability to win developer mindshare and create collaborative processes that support its evolution. z
Dr. Arnal Dayaratna is Research Director, Software Development at the technology analysis firm IDC
In the case of GraalVM, deep and sustained support from the developer community will be critical to its success.
49
SDT02 page 50.qxd_Layout 1 7/21/17 3:21 PM Page 50
50
SD Times
August 2017
www.sdtimes.com
Industry Watch BY DAVID RUBINSTEIN
It’s a ‘Cognitive First’ world David Rubinstein is editor-in-chief of SD Times.
F
orget ‘mobile first’ and ‘cloud first.’ Modern applications being built today need to be ‘cognitive first.’ That’s according to Progress CEO Yogesh Gupta, who said intelligent applications need the capabilities to predict and to anticipate, and thereby help businesses become more successful. And he’s not the only one. I would say a solid six of 10 calls and pitches I get each day involve some aspect of artificial intelligence or machine learning. I’m told that in the not-very-distant future of the Internet of Things, back-end systems will have to understand data, because the stream will become too thick for humans to be able to handle the load. Machines will have to learn what data is critical to the business and what doesn’t have to be dealt with right away, what will make customers happy and what will drive them away. AI will be used more widely in software testing, as systems learn about themselves — and to catch errors introduced during builds that might break the software. Test automation with AI will enable the system to order tests according to what it learned from prior defects, and suspect that something is wrong if that data appears again. Applications will have to become intelligent, to understand which device I prefer to use to interact with them, to know my preferences and deliver to me information that is has determined from my actions is most relevant. We’re even now starting to see cognitive services moving beyond language and speech recognition into empathy, vocal tone analysis and sentiment analysis. In this issue, we look at what it takes to create a fantastic user experience. Gupta pointed out that the user experience is much more than the user interface. “The experience goes beyond to cover the interaction itself,” he said. “The interfaces have to understand context.” He further noted that in a fairly short time, noUI apps will become the norm. “Take the thermostat,” he said. “It should know how I want the house when I’m home. Data drives that learning. We see that in spades in industrial applications, which can do predictive maintenance” based on
We’re even starting to see cognitive services moving beyond language and speech recognition into empathy.
data showing in real-time how the machine is performing, instead of doing maintenance on a timeline, when it might not be needed. To bring this world to life, Gupta said developers will need tools in three categories to create an app AI architecture: 1 – Machine learning engines. For example, “a predicitve maintenance service can be trained to learn about machines,” Gupta explained. 2 – A rules engine. ‘Let’s say we have a prediction. What the are business rules that define how to deal with it.” These, he said, or rules and business policies more than code writing. 3 – Modern user experience. “The interface could be conversational, like a chatbot, or AR/VR, or a mobile device... whatever,” he said. “All of this,” he added, “has to tie into a backend platform to run your business. You need to run the business apps in a scalable, secure environment, with data connectivity and front-end tooling. We think that’s the architecture” for modern, smart applications.” Jeffreey Hammond, research analyst at Forrester, told me that “AI at its core is proactive, not reactive, inferring real-world connections based on data patterns,” and triggering actions based on predictions. So, for instance, a system monitoring water pipes in a city might detect a drop in flow from one pipe, which could indicate a leak. It automatically shuts down that section, reroutes if possible, and sends an alert to the utility repair crew to get out and fix it. This prevents those massive street floods we see from burst pipes, saving money for both the city and those that would be damaged by the huge water spill. “In the cognitive era, we’ll see people developing against cognitive capabilities and coupling that with data science. It will be a big responsibility of skilling folks, to articulate what’s being done and making use cases available” for developers to learn from, said Willie Tejada, chief developer advocate for IBM Watson. “We need to create on-ramps for software assets, tool chains and code and show how I design a retail chatbot or how do I do data science against a Twitter feed?” When the role of a cognitive developer is better defined, “well see cognitive really start to happen.” As Progress’ Gupta said, “We still have a long way to go.” z
SDT02 Full Page Ads_Layout 1 7/21/17 1:38 PM Page 51
Data Quality Made Easy. Your Data, Your Way. NAME
@ Melissa provides the full spectrum of data
Our data quality solutions are available
quality to ensure you have data you can trust.
on-premises and in the Cloud – fast, easy
We profile, standardize, verify, match and enrich global People Data – name, address, email, phone, and more.
to use, and powerful developer tools, integrations and plugins for the Microsoft and Oracle Product Ecosystems.
Start Your Free Trial www.Melissa.com/sd-times
Melissa Data is now Melissa. See What’s New at www.Melissa.com
1-800-MELISSA
SDT02 Full Page Ads_Layout 1 7/21/17 3:49 PM Page 52