TSM_6_2012_en by Today Software Magazine

No. 6/ 2012 • www.todaysoftmag.com

TSM

T O D A Y S O F T WA R E MAG A Z I NE

Made in România The Cluj IT History (1957-2012) Architecture for Flexibility Internal SEO techniques (II) 10 design principles Interview with Scott Barber Writing beautiful code - not just for the aesthetic value All roads lead to SaaS: 7 challenges to get there Introduction to Grails (I) Windows Azure Service Bus Messaging patterns Can you be agile in fixed price projects? A journey through 2012 cyber-attacks and Romania’s position on cyber war Agile, Crash Course Gogu and the Big Picture How to Web 2012 connects South-Eastern Europe to web innovation Financing for Tech Startups through the Tech Angels network

6 How to Web 2012 connects South-Eastern Europe to web innovation Irina Scarlat

7 Financing for Tech Startups through the Tech Angels network Bogdan Iordache

8 Made in România Ovidiu Mățan

10 The Cluj IT History (1957-2012) Marius Mornea

12 Architecture for Flexibility Attila Antal

15 Internal SEO techniques

Mihai Nadăș

29 Introduction to Grails Tavi Bolog

32 Windows Azure Service Bus Messaging patterns Radu Vunvulea

34 Can you be agile in fixed price projects? Claudiu Anghel

36 A journey through 2012 cyber-attacks and Romania’s position on cyber war Andrei Avădănei

38 Agile, crash course

Radu Popescu

Florian Ivan, PMP

18 10 design principles

42 Gogu and the Big Picture

Stefan Baritchii

21 Interview with Scott Barber Mariu Mornea

24 Writing beautiful code - not just for the aesthetic value Attila-Mihaly Balazs

27 All roads lead to SaaS: 7 challenges to get there

Simona Bonghez, Ph.D.

editorial

Editorial

Ovidiu Măţan, PMP

ovidiu.matan@todaysoftmag.com Fondator și CEO al Today Software Magazine

We sometimes like to consider ourselves as being aggrieved; we say to ourselves that nothing happens in a country which promotes a negative image both internally and abroad. I remember that once reading a morning newspaper in Tokyo I was surprised to see a lot of positive news which made me start the morning with optimism an eagerness to work. The desire to enjoy the Romanian press in the same way has led us to start an overview of the most important events in the Romanian IT field. How To Web 2012, the most important conference on entrepreneurship and technology in Romania is held in Bucharest. There will be over 800 participants and important names in the field of successful startups. TSM will also attend the event and we will even have a small release. You can find details in the article dedicated to it, and in our next issue we will come back with more. Next 2012, a conference organized by Softvision Cluj, invited Scott Barber - a professional in performance testing. An interview with him is available in the current issue. Contractor vs. Investors, organized by the Business Days and having Robert Hisrich as a guest, took place mainly in Bucharest and Cluj. He presented to the audience the main names in the Romanian entrepreneurship. With Robert Hisrich I could attend a full day of debate on how to start a business or what you have to do as a business angel. Tech Angels www.techangels.ro is a group of Romanian business angels who wants to support local startups in the IT area. The first step in this matter can be done by applying online. I hope the information above will help you start your day with a note of optimism. To be more convincing, in this issue we started a column called Made in Romania, where you can read about successful products and Romanian software companies. My colleague, Marius Mornea, will begin to write a history of the IT field in Cluj, an effort that will last for several months, and those who would like to support this effort are welcome. We continue the series of technical articles with an Introduction to Grails and the wellknown Internal SEO techniques series. Architecture is the focus on Architecture for flexibility and Windows Azure Service Bus – Messaging patterns, whereas 10 design principles presents concepts in a different approach in the form of a fable. Project management is the focus on Can you be agile in fixed price projects? and Agile, crash course. An interesting article about 2012 and Romania’s position on cyber-attacks comes with an invitation to DefCamp, the only event of this kind in Romania. The balance between work and private life is a sequel of HR articles written by Andrea, and I finally recommend Gogu as a very useful lesson.

Ovidiu Măţan Founder & CEO of Today Software Magazine

nr. 6/2012 | www.todaysoftmag.com

TODAY SOFTWARE MAGAZINE Editorial Staf Founder / Editor in chief Ovidiu Mățan ovidiu.matan@todaysoftmag.com Editor (startups and interviews) Marius Mornea marius.mornea@todaysoftmag.com Graphic designer Dan Hădărău dan.hadarau@todaysoftmag.com

Authors list Irina Scarlat

Attila-Mihaly Balazs

Co-Founder of Akcees and Prove PR

Code Wrangler @ Udacity Trainer @ Tora Trading

Bogdan Iordache

Florian Ivan, PMP, ACP, CSM, MVP

irina.scarlat@howtoweb.co

bogdan.iordache@howtoweb.co Co-Founder of How to Web

Ovidiu Măţan, PMP

Colaborator marketing: Ioana Fane ioana.fane@todaysoftmag.com Reviewer Adrian Lupei adrian.lupei@todaysoftmag.com Reviewer Tavi Bolog tavi.bolog@todaysoftmag.com Translators Cintia Damian cintia.damian@todaysoftmag.com Made by

Today Software Solutions SRL str. Plopilor, nr. 75/77 Cluj-Napoca, Cluj, Romania contact@todaysoftmag.com www.todaysoftmag.com www.facebook.com/todaysoftmag twitter.com/todaysoftmag ISSN 2285 – 3502 ISSN-L 2284 – 8207

ovidiu.matan@todaysoftmag.com Founder & CEO Today Software Magazine

dify.ltd@gmail.com

florian.ivan@rolf-consulting.com Project MVP

Radu Vunvulea

Radu.Vunvulea@iquestgroup.com Senior Software Engineer @iQuest

Marius Mornea

Simona Bonghez, Ph.D.

Founder of Mintaka Research

Speaker, trainer and consultant in project management

marius.mornea@todaysoftmag.com

Simona.bonghez@confucius.ro

Owner of Confucius Consulting

Attila Antal

Attila.Antal@isdc.eu

Andrei Avădănei andrei@worldit.info

Software Arhitect @ ISDC

Founder of DefCamp and CEO of worldit.info

Tavi Bolog

Mihai Nadăș mihai.nadas@tss-yonder.com

tavi.bolog@nokia.com

CTO @ Yonder

Development lead @Nokia

Radu Popescu

rpopescu@smallfootprint.com

Claudiu Anghel

claudiu.anghel@iquestgroup.com Project Manager @iQuest

QA and Web designer @ Small Footprint

Stefan Baritchii

stefan.baritchii@3pillarglobal.com Technical Lead @ 3Pillar Global Romania

Any reproduction or total or partial reproduction of these trademarks or logos, alone or integrated with other elements without the express permission of the publisher is prohibited and engage the responsibility of the user as defined by Intellectual Property Code www.todaysoftmag.ro www.todaysoftmag.com

www.todaysoftmag.com | nr. 6/2012

events

How to Web 2012 connects South-Eastern Europe to web innovation

omania and the countries from the region are well-known for the pool of talented technical people. Despite this, the regional IT market is based on outsourcing activities, while innovation and product development have a negligible share. In this context, there are entrepreneurs that believe in the future of this industry. One of them is Bogdan Iordache, Co-Founder of How to Web – one of the most important tech and entrepreneurship conferences in Europe. From year to year, How to Web had a very interesting evolution, both quantitatively and qualitatively. The fourth edition of the event took place in November in Bucharest and brought together more than 800 participants that got the chance to network with 40 international speakers coming from 15 countries across the globe. Among the speakers that have attended this year’s edition, we have to mention Phil Libin (CEO Evernote), Bill Liao (VC SOS Ventures), Mark Pascarella (CEO UberVu), David Noel (VP Community SoundCloud), or Patrick DeLaive (Co-Founder The Next Web). How to Web brought into the spotlight themes like innovation in technology, mobile applications development, softwareas-a-service, and computer games, as well as the specifics of starting and financing a business in Eastern Europe, and the prospects for the global development of these businesses. The most important part of the event was definitely the networking part: the attendees could speak and ask questions to some of the most appreciated people in technology from all around the world. Moreover, How to Web significantly contributes to the creation and discovery of new business opportunities. The success stories registered so far confirm this thing and represent a recommendation for the event. For Cristian Andreica (Co-Founder Nexi.me), How to Web was the starting point to Rockstart accelerator (Amsterdam) that gave him the chance to head to Silicon Valley. A similar story is that

nr. 6/2012 | www.todaysoftmag.com

of Bobby Voicu (Co-Founder Mavenhut), that med Eoghan Jennings and How to Web and was then admitted to Startup Bootcamp Dublin. Moreover, this year the Mavenhut team obtained an investment of half a million dollars from Bill Liao (VC SOS Ventures). On the one hand, How to Web represented for some of the participants the passport to accelerators from all around the world. On the other hand, other startups found their angels at How to Web. It is the case of 123contactform, team that met Adrian Gheară (entrepreneur and investor) and obtained his support, as well as the case of Squirrly that received investments from Philip Kandal (CRO Skobbler) and Ibrahim Evsan. The success stories could go on. The sure thing is that How to Web has a significant impact over every person in the audience. If you obtain financing, you are admitted to one of the most important accelerators in the world, you decide to start up on your own, or you go home inspired and confident in the technical potential of the region, attending How to Web will definitely change your life! This year’s edition brought about other novelties. This time, there was a clear cut separation between the entrepreneurial area and the area of tech product development. On the main stage, the speakers talked about subjects related to innovation and tech product development at global scale, whereas the secondary stage will bring startups into the spotlight. This year, the best 32 teams from the region pitched

their product in front of the representatives of 12 of the most important web accelerators worldwide (out of these, we have to mention GrowLab, Springboard, HackFwd, Rockstart, or Blackbox). Startup Spotlight winners received cash prizes of $20,000. Moreover, some of the competing startups have already become success stories. One of them, Good Momming, has been admitted to GrowLab accelerator in Vancouver Canada, Gameleon the innovation winner is discussing a potential investment with Digital Catalyst Fund, whereas Incrediblue (the winners of the contest) received plenty of partnership proposals and meeting requests from VCs all around the world. As it can easily be noticed How to Web means a lot in the context of a small regional market; it is the main ambassador of a developing technological community. The actors on the regional market have a lot of things to learn, but the premises for the development of a sound entrepreneurial ecosystem have already been created. Until this goal will be met, How to Web continues to connect South Eastern Europe to the global web innovation. Irina Scarlat

irina.scarlat@howtoweb.co Irina Scarlat is Co-Founder of Akcees

startups

TODAY SOFTWARE MAGAZINE

Financing for Tech Startups through the Tech Angels network

he South-East European IT industry is emerging, and the potential and technical talent in the area is the starting point for the development of a sound entrepreneurial ecosystem. Not long time ago, the startups from the region had to look after investors outside the borders. Starting in September, the Tech Angels network of private investors facilitates the access to capital for the tech entrepreneurs. Tech Angels is Co-Founded by Radu Georgescu, Andrei Pitiş and Bogdan Iordache. Serial entrepreneur and investor in tech and internet companies, Founder of Gecad Group and Epayment companies (now PayU and Avangate), Radu Georgescu is the investor that made so far one of the most important exists on the Romanian tech market. “Facilitating the access to business angel financing is vital for the development of new technology companies in Romania. We want to support both the entrepreneurs (by offering access to capital and expertise), and the investors (by offering them access to startups” says Radu Georgescu, Founding Partner & Chairman GECAD Group. Having more than 22 years of experience in tech companies at all levels of development, Andrei Pitiş is an active investor and mentor for startups, president of ANIS (The Patronal Association of Software and Services Industry), and associated professor at the Polytechnics University in Bucharest. “Both my professional and investment experience tell me that we have very talented professionals with us, professionals that deserve to be supported”, motivated Andrei Pitiş his decision to found the first network of private investors in Romania. Bogdan Iordache is a serial entrepreneur and has started stagiipebune.ro (the most important platform for IT internships in Romania), and Conectoo (e-mail marketing platform). Moreover, Bogdan is the Co-Founder and CEO of How to Web, the most important conference about web and technology in South-East Europe, and mentor to several web accelerators throughout Europe such as Springboard London, HackFwd Berlin, or Rockstart Amsterdam. “In the last years, tech entrepreneurs were financed preponderantly by European investors, not by Romanian ones. Tech

Angels will facilitate the inclusion of local capital and expertise in global businesses”, told Bogdan Iordache, CEO of How to Web. The network was launched a couple of months ago and it already has 20 entrepreneurs and tech professionals that add expertise and relevant contact networks to the purely financial investments. Lucian Todea (CEO ITNT, Soft32.com), Laurent Asscher (CEO Airtek Capital Group), Adrian Gheară (serial entrepreneur, business angel, and consultant), or Paul Maravei (business angel and IT&C professional) are among the investors that are present on Tech Angels. TechAngels will intermediate investments ranging in between EUR10, 000 and EUR200, 000 corresponding to an initial evaluation of the business of a maximum of EUR1, 000,000. The network looks after teams that have a proven expertise and a relevant professional history, that have web, mobile, embedded software, hardware, or meditech projects. The projects that have at least a prototype or have already been validated by the market have priority. Tech Angels functions in a very simple manner. In the first phase, the interested entrepreneurs have to contact the Tech Angels team by completing the online form. After a complete analysis of the product and business, the TechAngels team helps the entrepreneur prepare a pitch that is sent in the network of investors. Further on, the entrepreneurs are put in contact with the investors that were interested in them and they will receive further support from Tech Angels for closing the round of investment. TechAngels is an important step for the development of the Romanian entrepreneurial ecosystem because it provides the innovative startups with the initial financing required for being able to focus on the development of an innovative

product, having disruptive potential at global level. Through the realized investments, TechAngels aims to productize the potential existing in the region, thus representing a starting point for the talented young entrepreneurs.

Bogdan Iordache

bogdan.iordache@howtoweb.co Bogdan Iordache is Co-Founder of How to Web

www.todaysoftmag.ro | nr. 6/2012

business

Made in România

e are starting a new column in the magazine, where we will present some of the successful applications of local companies. We will see companies which, in spite of their external popularity, are not locally famous; we will also see local initiatives to support the Romanian IT market or recent products of a very good quality.

www.exosyphen.com

Hacker Evolution Duality Q: Describe the newly launched product Robert: Inception is a DLC (a pack of 10 new levels) launched for our last game, Hacker Evolution Duality. The levels from the original game are Hacker Evolution (released in 2007), ported on the new game engine to provide a different experience to those who played the original game. It is currently available only on STEAM. Q: Describe the technologies used Robert: The game is developed on a 2D in-house developed engine, which is based on OpenGL , being available on Windows, Linux, MacOS and soon iOS. Q: Describe the main challenges that have appeared in product development and what solutions you found Robert: The main challenge was to rewrite the levels which were planned for a game engine based on console commands to be played on an engine that is intensively GUI oriented. The game flexibility allowed us to do a massive update to the game itself together with this porting, adding new functionalities.

Robert Mureșan

mrobert@exosyphen.com Technical Director, Exosyphen studios

Q: Tell us a few words about the company Robert: At the moment the company has 5 permanent employers. Our target is to become a compact very talented team. And there are the people whom we regularly work, depending on what we need (music, branding, etc.). Q: What is the next product that you want to launch? Robert: We are currently working on a 3D in-house developed engine to bring on the market a completely new game, in terms of and technology as well as gameplay. It’s the first project where I stopped working directly. At the same time, I am developing a 3D engine to test new technologies and integrate them into the current game. We are also going to publish some documents about the research we are doing here.

About Exosyphen

It is a game studio in Cluj-Napoca. About one million games have been sold so far and over ten million users have used their variants for free. Some of their main achievements: • In 2002 he released his first commercial Romanian game, this being the first version of Hacker Evolution simulator, • In early 2004 he released his first 3D game for mobile devices, a Quake porting on Windows Mobile • In 2010 Hacker Evolution game was released on Steam and reached the fourth place among sales at that time. In total, more than 200,000 copies were sold in this series.

nr. 6/2012 | www.todaysoftmag.com

noutăți

www.zonga.ro

TODAY SOFTWARE MAGAZINE

Zonga Music Service Q: Describe the newly launched product Calin: Zonga is the music service launched by Trilulilu, along with Vodafone Romania. It’s basically a subscription based service where you have access to official music from local and international record labels. There are over 16 million songs that you can listen from your browser, from a desktop application or iPhone, Android or Nokia smartphones. To use the service you need internet access but premium users have a special option to listen to created playlists offline. Vodafone offers two special subscription plans that offer you free traffic from mobile to Zonga. If you use Vodafone you can try the service for free for three months. More details can be found on http://www.zonga.ro/abonamente Q: Tell us a few words about the company Calin: The company that developed Zonga is in Cluj-Napoca, and the team is formed of 20 specialists. Q: What is the next product that you want to launch? Calin: We are currently focusing on Zonga and Trilulilu.

Călin Biriș

calin.biris@trilulilu.ro Călin Biriş is the Marketin Crocodile of Trilulilu and President of IAA Young

About Trilulilu

Trilulilu is the largest online community in Romania, where visitors can follow and help with video, audio and images. Trilulilu was launched in January 2007 and is currently the most visited entertainment Romanian site, according to SATI. At this point, trilulilu.ro has over 2.2 million unique visitors monthly.

Hacker Evolution Duality

Romanian music service Zonga www.todaysoftmag.com | nr. 6/2012

history

The Cluj IT History (1957-2012) It started simple, with a single question, which in the following days gave birth to whole series of questions, that stirred, not only my curiosity, but that of everybody I tested the new idea on. The initial question was voiced by Răzvan Florian, and it emerged in the following context: we were sitting next to each other at a regioNet meeting named “Clusters and networks – Engines of development for the growth of competitiveness and innovation capacity”. Right after the status update on the Cluj IT Cluster

Marius Mornea

marius.mornea@todaysoftmag.com Founder of Mintaka Research platform

nr. 6/2012 | www.todaysoftmag.com

(30 companies, totaling 3500 employees and a 8 million Euro turnover), came professor Sergiu Nedevschi turn. Before getting into his presentation on the activities and achievements of the research laboratory under his lead, he held a short history lesson starting with the establishment of a Cluj branch of the Romanian Academy in the fifties, continuing with the building of the first computers, of a pioneer Fortran compiler and so on until reaching the final conclusion that these were the determining factors for the current state of IT in Cluj. At this moment Răzvan turns to me and asks why don’t we write about something like this: What is the history of Cluj IT? My first reaction was similar to the one I feel each time I hear “Cluj - Romanian Silicon Valley”, a slight mistrust and a strong need for proofs and arguments to backup this comparison. I felt the need to measure the local accomplishments, against the national and international level, to justify the importance and the need of an article. The following day I realized that this measurement is irrelevant, but the evolution and comparison would make for an interesting subject. And so the questions started to build up: Who introduced IT in Cluj? With what purpose? In which circumstances? How did it grow to the current level? What is the current level? Is it true that, both the number and the contribution to the local budget of IT employees represents a majority? Who did entrepreneurs decide, right after the revolution, to start businesses in this field? Who was their mentor, their inspiration? Who trained the current generation of professionals? Who introduced IT in the universities curriculum? Why is there such a big percentage in Cluj and not the neighboring cities? How did each of us end up

working in IT? Then I started to test my idea on other people and instead of answers I got more and more questions: Who is Tiberiu Popoviciu ? And to my shame, as a graduate of the high school that bears his name, all I could say is that he was a mathematician, without being able to explain clearly what his connection to the IT field is; What were the demographics of previous generations in IT? What other fields were strongly influenced by the development of IT? Did the local IT create world firsts? Which are the appropriate metrics for the local community? Is Intellectual Property Production a significant metric? With those questions, the different perspectives of my interlocutors started to take shape: some were animated by curiosity and entertainment, looking for a pleasant read; others were interested in the economic aspects and opportunities raised by a in depth study of the current state; others entangled in melancholy and memories of passed times. I’ve decided to explore these perspectives and to answer the above questions in a new project titled: Cluj IT History – from 1957 until today. More precisely, a series of articles and eventually, special editions dedicated to the questions, interviews with current and historic figures, but also my personal perspective: I believe there is an IT community in Cluj that has proven on countless occasions that it reached a critical mass, which gives birth to the need of a common identity. And this identity is best defined by answering: Who we are? Where do we come from? And only then we can answer to: Where do we want to reach? And how? I’m looking forward for your help in answering the above questions.

arhitecturÄ&#x192;

TODAY SOFTWARE MAGAZINE

Local communities

he community section commits to keeping track of the relevant groups and communities from the local IT industry and to also offer an upcoming events calendar. We start with a short presentation of the main local initiatives, and we intend to grow this list until it contains all relevant communities, both from the local landscape and the national or international one with a solid presence in Cluj. The order is given by a function of number of members and number of activities reported to the lifespan, thus we are striving to achieve a hierarchy that reveals the involvement of both organizers and members.

Transylvania Java User Group Java technologies community. Website: http://www.transylvania-jug.org/ Started on: 15.05.2008 / Members: 504 / Events: 39 Romanian Testing Community Community dedicated to QA. Website: http://www.romaniatesting.ro Started on: 10.05.2011 / Members: 536 / Events: 1 Cluj.rb Ruby community. Website: http://www.meetup.com/cluj-rb/ Started on: 25.08.2010 / Members: 127 / Events: 30

Calendar Noiembrie 9

Artificial Intelligence, Computational Game Theory, and Decision Theory - Unifying paths Contact: workshop2012@rist.ro

Noiembrie 17

Open Agile Cluj 2012 Contact: http://cluj2012.openagile.ro/

Noiembrie 22

Lightning Talks Contact: http://www.transylvania-jug.org/

The Cluj Napoca Agile Software Meetup Group Community dedicated to Agile development. Website: http://www.agileworks.ro Started on: 04.10.2010 / Members: 249 / Events: 13

Decembrie 8

Cluj Semantic WEB Meetup Community dedicated to semantic technologies. Website: http://www.meetup.com/Cluj-Semantic-WEB/ Started on: 08.05.2010 / Members: 132/ Events: 19

Decembrie 11

Romanian Association for Better Software Community dedicated to IT professionals with extensive experience in any technology. Website: http://www.rabs.ro Started on: 10.02.2011 / Members: 181/ Events: 10 TSM community Community created around Today Software Magazine. Website: http://www.todaysoftmag.ro Started on: 06.02.2012 / Members: 263 / Events: 3 Tabara de testare QA dedicated community. Website: http://www.meetup.com/Tabara-de-Testare-Cluj/ Started on: 15.01.2012 / Members: 100 / Events: 7

Global Day of Coderetreat 2012 Contact: http://coderetreat.org/events/global-day-of-coderetreat-2012-cluj-napoca-romania Socialization Meetup Contact: http://www.meetup.com/Cluj-Semantic-WEB/ Google Technology User Group Cluj-Napoca Community dedicated to Google technologies. Website: http://cluj-napoca.gtug.ro/ Started on: 10.12.2011 / Members: 30 / Events: 7 Cluj Mobile Developers Community dedicated to mobile technologies. Website: http://www.meetup.com/Cluj-Mobile-Developers/ Started on: 08.05.2011 / Members: 54 / Events: 3 MenĹŁiuni: Cluj Perl Mongers (www.cluj.pm), GeekMeet (http://geekmeet.ro/), ITSpark (http://itspark.ro/default.aspx), CodeCamp (http://www.codecamp.ro/), CodExpert (http:// www.codexpert.ro/), PHPRomania (http://www.phpromania. net/), ARIES (http://www.aries.ro/)

www.todaysoftmag.com | nr. 6/2012

architecture

Architecture for Flexibility (Quality Attribute)

y definition, the flexibility – as quality attribute – represents the capacity of a system to be adapted for different environments and situations in order to face changes related to business environment policies and rules.

Attila Antal

Attila.Antal@isdc.eu Software Arhitect @ ISDC

Nowadays we can find this quality attribute in any type of business and this is why it is very probable present in the client’s requirements for their projects. In this article I will develop some ideas based on this issue – flexibility and its impact over the architecture and development processes.

to the company’s strategy in terms of various fields (development, operational, etc.) and processes (development, architecture, quality, and so on). The architect must see these strategies in terms of Quality Attributes and to consider them during the impact analysis.

Quality Attributes

Most software development companies are using agile methodologies. If we look at the definition of the methodology, we can see that it is exactly about flexibility in the development process. Now you can shout loudly: „What does that have to do with architecture?” Well, directly not much, but it has a strong influence because flexibility and the fast response to changes is possible only if the development environment, the project’s structure (modules), the infrastructure, the SCM, the release management are also flexible at their turn. All this is in relation with decisions made by software architect.

The Quality Attribute is a non-functional characteristic (in some cases functional, too) of a component or a system. The “ilities” is the shorten name of these attributes because in most of cases their names includes the “ility” suffix as maintainability, accessibility, etc. Unfortunately there are several standards for these attributes (IEEE 1061, ISO / IEC 9126-1) naming the same quality with different terms, creating different understandings and sometimes confusing. Our article will deal with the case where the client’s requirements are focusing on flexibility as quality.

The knife edge

In the project’s foundation phase, the software architect has various discussions with the stakeholders in order to better clarify their requirements for the project. Usually the requirements encounter various „ilities” without any argument. The architect must create an impact analysis in order to argue and in the same time, to filter the list of „ilities”. On the other hand, an important aspect to consider in the decision process is linked

nr. 6/2012 | www.todaysoftmag.com

Agile

Impact Analysis

Once the architect has a list of concepts, strategies, methodologies, etc. to be present in the project and they are related to flexibility, there follows an another analysis where the flexibility as quality will be put together with other qualities as shown in the table below (Table 1). (I used only those qualities that are most commonly used - taken from last ITABoK from IASA). Those attributes that will be favored by flexibility will receive a „+” sign and those that will be impacted will receive a „-” sign.

TODAY SOFTWARE MAGAZINE

control and orchestration.

Core architecture

Tabel 1 In our case we can see how qualities as system at conceptual level. We can see Performance and Extensibility are adver- that not all functionalities can extract to a sely affected by Flexibility. plugin and they will remain in core. Each There are enough measurements for plugin communicates with the core and performance impact that can explain the some are completely isolated from other risks and many times the client accepts systems. The core application must have them. a facade for each plugin. These facades In case of extensibility we must have may have interfaces that allow external documented (and delivered to the custo- (public) access to the plugin. After carefully mer) about the risk and the risk mitigation studying the figure, we can see that a plugin if the project’s structure and requirements allow this. Tables, as the one above, are very valuable assets in the impact analysis and in the negotiation process of qualities that must be present (or not) in the project.

Plugin as architectural pattern

The risk mitigation for the extensibility’s impact is possible by choosing a clever architectural pattern. The plugin-based systems allow extensibility exactly through their flexibility, by the method of grouping functionalities in plugins. In case we need an extended functionality we can easily change a plugin or add others. The figure (Figure 1) shows a non-flexible, monolithic or monolithic core system at conceptual level. A small change at any functionality brings retesting and re-launches the entire system. The figure (Figure 2) shows a flexible

The most important and the very first step in defining the architecture is to select the types of communication. The table (Table 2) below list the most common types of communication within a system. Rows highlighted in gray background are welcomed in any system. It should be noted that any type of communication has its positive and negative sides. Therefore it is not a smart decision to have in the system only one type of communication, the architect must decide what to choose for certain plugins, reinforcing other qualities as security, performance etc. To view well the core’s role and function, I created a diagram (Figure 3) in order to show a conceptual application and to highlight its tasks.

Utilities

It should be noted that the application context must have always core functions or utilities such as: • Handling properties files figure 1 • Central logging • Auditing various events can be completely isolated such as an enco• Persist data in the database der / decoder or can be used as an agent to • Handling transactions communicate and exchange messages with other systems. The core application in turn, is also a The advantage of this system is that consumer of these utilities. certain features, well placed in plugins, can be reused. This is the moment where the Orchestration architect should have influence on the proA very important functionality of the cess of development. core is to orchestrate the behavior of the The success of plugin-based systems is plugins. I mean by that the control of the to define clear communication between the startup or the shutdown of a plugin and core and plugins, use of reusable plugins, handling different types of events.

Communication

The core application should have implemented all types of communication that will be used in context. It is better if the architect investigates the application’s future and prepares the core. This way the core will know more than what the customer requires. Subsequent changes in the core entail the redeploy of the whole application, which affect the customer’s business. Figure 2

Plugin micro-architecture

In my opinion, a plugin should always be seen as a black box. It gets stimuli and www.todaysoftmag.com | nr. 6/2012

arhitecture

Architecture for Flexibility

creates response depending on the implemented function. Each plugin must have its architecture (see Figure 4). The plugin’s behavior is monitored by the core’s orchestration system; it has access to the all utilities of the application context. The plugin usually has only one commu-

Tabel 2

Figure 4 nication method to the core in order to maintain the integration simplicity.

Summary

My goal in this article was to guide you through the decision flow and arguments that can be synthesized by the software architect in order to create a solution based on quality attribute called flexibility. I started with the parallel between the customer requirements and the company’s strategies. It followed by the impact analysis by which we can see the impact of extensibility as the main argument for using the plugin pattern. Finally, I detailed the architecture of a system based on plugins. Figure 3

WE HIRE

IN GOOD COMPANY PROJECT MANAGER

.NET DEVELOPERS JAVA DEVELOPERS JAVA ARCHITECT .NET ARCHITECT

ISDC.EU/CAREERS

nr. 6/2012 | www.todaysoftmag.com

WE DO PROJECTS

OUR CUSTOMERS

ISDC

WITH IMPACT. WE

ARE IMPRESSED

ENGINEERS

DELIVER RESULTS,

BY OUR AWESOME

YOUR

NOT RESOURCES.

TECH TEAMS.

DREAMS!

RALUCA HIREME @ISDC.EU

SIMONA HELLO @ISDC.EU

programming

TODAY SOFTWARE MAGAZINE

Internal SEO techniques part II We are going to continue the last article where we talked about some of the most important internal SEO techniques. In this second article we are going to talk about how an HTML5 interface can help us, about blocking pages from indexation and internal links. We are hoping that these two articles will create a small SEO guide, for internal optimization, that any site owner can use to improve his results on search engines.

Robots.txt vs. Meta robots Radu Popescu

rpopescu@smallfootprint.com QA & Web designer @ Small Footprint

As we said in the last article, Google Panda update applies penalties to websites that have even a few pages with low content. In order to avoid this we will need to block from indexation the pages which don’t follow Google’s quality guidelines. To do this there are two possibilities, either by using Robots.txt file, where we add on each line a path to a folder/file or by adding the robots Meta tag in the head of an HTML file. The difference between these two options is that Robots.txt doesn’t really block the HTML files from indexation. The files don’t appear in searches at all but if you use the following syntax on Google “site: site. com” you will see the block files too. My recommendation is to use Robots.txt to block folder and robots Meta tag to block HTML pages. <meta name=”robots” content=”noindex, nofollow”>

To better understand why we need to block pages with low quality content, Johannes Beus created a study in which he presented a list of 25 websites affected by the fact that they had a lot of pages with low content. After panda update Exinearticles. com and FAQS.org had a drop of 30% in organic traffic which reflected on the revenue from online advertising. We can still say that “good content is king”.

HTML5 layout

We talked in the last issues about how search engines perceive certain HTML tags that we, humans, see as being the same (bold vs. strong). We said that the difference lies in the semantic value that they offer. HTML5 comes with a set of tags to organize content. The most used semantic tags when building interfaces are <header>, <nav> (menu navigation), <footer>, <section>, <article> and<aside>. To better understand how to use them, in Figure 1 we have an interface using only these tags. Semantic tags help in parsing faster the source code and provide useful information about the content to search engines. For example, in the<nav> or <footer>areas we are going to find internal links that help indexing pages and in the <aside> area we will have some banners or advertisements that are not very important as content. Some versions of browsers do not support these tags. There is one method by which

Figure 1 www.todaysoftmag.com | nr. 6/2012

programming Internal SEO techniques part II we can enjoy a HTML5 interface even Internet Explorer 6 for example, by using this script in the <head> section: <script> document.createElement(„header”); document.createElement(„footer”); document.createElement(„article”); document.createElement(„section”); document.createElement(„nav”); document.createElement(„aside”); </script>

Canonical address

A canonical address is the preferred URL over others who have identical content. To understand better this concept, let’s take an example: we have a page that shows some laptops (eg. www. site.com/laptops). The products on that page can be sorted by price, from the smallest to the largest (eg. www.site.com/ laptops?sort=price&type=asc). In the same time it can be sort by name (eg. www.site. com/laptops?sort=name&type=asc). All these URLs represent, in Google’s view different pages with the same content. To avoid indexing all pages (which can be seen as spam) and not share the benefits of link building between multiple URLs, you must have a unique address (canonical) specified like www.site.com/laptops. To declare a canonical address you can use the following code in the head section of your HTML page: <link rel=”canonical” href=”http://www.site.com/laptops”/>

Link anchors

First we must understand what is an anchor. Anchors are the clickable text of a link. It greatly influences the rate of click and provides valuable information to search engines about the topic that is on the other end of that link. It is better to avoid anchors such as „here”, „site” or „download” and use descriptive one. For example, if someone wants to add a link to a great article about neuromarketing, on his website, and use the anchor „here” (in the context of „an article on the subject can be found here „) will not generate as many clicks as when using a descriptive anchor such as „neuromaketing effects in advertising”. Another very important thing to know is that when we have two different anchors, with the same link in the same page, it counts only the first of them. In the example below (Figure 2), while the second anchor is more descriptive, it is not taken into account because only the first one is used by search engines.

nr. 6/2012 | www.todaysoftmag.com

SEOMoz.com conducted an experiment using three new domains to which they sent ten external links. The first domain had all the anchor links „click here „, the second had an exact-match anchor type (primary keyword) and the third had different partial-match anchors (secondary keywords). The results were surprising. In the first three days, the site that have links that used the anchor „click here” ranked first in searches. After the 3 days, it disappeared from the SERPS and the other two came on the first two positions.

them (link juice). We must ensure that there are no pages (which you want indexed) that cannot be accessed from the home page by successive links. To get the maximum power out of internal links should follow these tips: • Avoi d l i n k s ge n e r at e d f rom

Internal linking

Internal links have a huge role in SEO, not just those coming from external sources. They create a hierarchy of pages in the website and send some authority to

Figure 1

programare

• • •

JavaScript or Flash because in a lot of cases they can’t be parsed by search engines All the links that target a page which is blocked from indexation must have the rel=”nofollow” attribute Search engines can only access around 200 links on one page so we mustn’t exceed that number There shouldn’t be internal links to a page, only from internal search results as search engines don’t execute internal searches on our sites to discover new links

TODAY SOFTWARE MAGAZINE role of this attribute is that the value is displayed if the image cannot be displayed due to invalid paths or source code issues. Alt attribute is very useful for textbased browsers too, as they cannot display images. Adding a description of the image in the Alt attributes and not keywords will get the best results. In addition to this it is recommended that images will need to have a descriptive name and the words should be separated by a hyphen. A very good example, where alt tags improved traffic is a case study about Jeromes.com. The site sells furniture and it doesn’t have that much text content to optimize. On the other hand, it has a lot of images for its products. By adding descriptive alt tags, they managed to increase the traffic from Google Image by 1400%.

techniques. Often, some people use them in an abusive manner and search engine algorithms are adjusted to not stop giving the same benefits. Unfortunately, this means that we, the ones who use white hat SEO, are also are affected. Therefore, search engine optimization requires constant attention and hard work.

A good example on effective use of internal link building is the site NorthPole. com, currently 2nd in the search results for „Santa” query. The site managed to rank that well due to the large number of indexed pages in Google and internal links Conclusion between them. Each page contains dozens Internal SEO techniques are in the of links to other pages on the same domain, hands of site owners and therefore are often creating a complex network. overlooked. We must understand that in SEO every action, no matter how small, can Alt attribute influence ranking. It is impossible to influMany times web designer don’t add ence the external factors, such as domain the alt tag to images, not knowing that it’s age or trust factor. In the same it is very important for image SEO. The purpose of easy to use internal SEO techniques, on the tag is to offer search engines informa- which we have full control to increase our tion about the content of an image. Google position in SERPS. We must not forget that parses the source code but it can’t see or search engine algorithms are in a continuunderstand the images so by using Alt ous change. Google is watching our actions attribute we help a lot. Another important and sees how we use these optimization

www.todaysoftmag.com | nr. 6/2012

architecture

10 design principles

fter mankind got bored of playing with dinosaurs (and also because dinosaurs got killed at some point by a meteorite), some went hunting penguins, some downloaded the first StarCraft(because the latest hasn’t been finished yet - btw it NEVER IS), the rest of them went nuts into entertaining themselves with zebras. But they didn’t have one :-(. The zebras were NOT EVEN BEING INVENTED.

Stefan Baritchii

stefan.baritchii@3pillarglobal.com Technical Lead @ 3Pillar Global Romania

1. And because everyone wanted to understand what a zebra is, they checked with the village guru who told them that a FUNCTIONAL DOCUMENT is required in order to explain what a zebra is. (This describes how to write useful functional documents for explaining to what a zebra is, and why are they necessary) A guru knows everything. Think about

a guru as an improved version of Chuck Norris. He is the only one in the village which knows what a zebra looks like. He also knows before time things like how much grass a zebra is going to eat. Zebras are grass lovers therefore awesome grass eaters. The guru knows how many of them are allowed to see the daylight, which ones are going to be the first ones being created, and what’s most important in this chapter - HOW A ZEBRA SHOULD LOOK LIKE. Silence is wisdom and it is said that gurus possess a lot. Therefore in order to

nr. 6/2012 | www.todaysoftmag.com

speak, they usually have to be asked (the right questions - natural questions that help developing a true zebra). So in order to spec out a zebra you need to ask the guru:

“WHAT IS... a zebra?”

The guru will then say stuff to you like well it’s a black and white animal. For ones that don’t see life in colors that’s not enough. Even the others thought they should build a panda. When guru found out that reshaped his answer: No way. A panda is a panda and a zebra is a zebra. A zebra should look more like a... horse, a striped black and white horse. But that didn’t ring a bell also. WHAT is a stripe? WHAT is white? WHAT is black?... and for God sake WHAT IN THE WORLD IS A HORSE? Assuming that at that point in time Sumerian people (re?)-invented writing, all answers went into something that was called “functional document”. So the functional document contains all the answers to what all things mean in your project, and everyone inside your team should be able to understand them. And just when everyone thought that they have a functional design document... some dude woke up and asked:

“WHY DO WE NEED... a zebra?”

In case if you wonder - yes this is a very legitimate question that should have an answer in a functional design document. With this, zebra’s life have a purpose. It’ll know what pain solves, and how it fits into the wild (you’ll hear more often the “context” - enterprise word instead of wild).

management

Knowing what the problem (pain) is, in time you may be able to reuse the same solution in case a similar problem arises, or at least get inspired. And yet the document is not complete without some ideas of how zebras need to perform:

“HOW DO YOU WANT the zebra TO PERFORM?”

Before thinking that a zebra should have only one leg you should consider that it must escape from lions. So the question is how fast do you want it to run? What are the prerequisites in order to build your software so that it can achieve this performance? This is a thing which SHOULD BE in a functional design document, because in real life there are clients which sign SLAs and if not considered as part of the design may cost them a lot after things are developed and ready to be used. 2. And because they called it zebra, and because everyone loved the name so much figuring right away in their mind what others refer to, they decided that MEANINGFUL NAMES play an IMPORTANT ROLE (This section talks about variables, field names, class names, package names, service names, method name corresponds to behavior in regards to a zebra...) When thinking about a name you should think about who would you describe a thing with one word. It’s as simple as that. So if someone points to a striped animal and asks you:

TODAY SOFTWARE MAGAZINE

WHAT IS THIS?

You will answer: it’s a zebra. It’s so intuitive that only one word pops into your head. It’s so intuitive that the one that asked you this thought about the same word also without telling you. So when choosing a name to something play this game. Ask someone the question “what is this thing?” and think about a word that describes it. If it’s the same word you were thinking about (or if you feel that the one given to you is better, and cheat about telling the other that you thought about the same one), than that is the name you are looking for. This game relates to variables, field, class and package names. Things that correspond to behavior have another question related. A method name is an action therefore when talking about zebras you ask yourself. (just for reminding purposes a package may contain multiple classes, a class may contain multiple methods and/ or fields)

achieve fast what they wanted to. (This section talks about big methods, big classes, long parameter list which may consume you precious time if you want to help others with zebra stuff) Even though the ones who created zebras were thinking of themselves now as some kind of Gods, they weren’t immortals. Not to mention that they had wives at home. They had a limited life, therefore they couldn’t spend all their life in reading a big method or a one zillion lines class.

WHAT DO zebras DO?

They run. They eat. They play. They starve. They getBored. All italics verbs are valid method names. When thinking about services apply the same rules. A service has behind scenes a class. And it’s exposed actions are implemented as methods. So what questions do you think you should ask yourself when designing a service and its related actions?

So they decided to keep everything short and clear because they were not immortals. And also because if someone joined their team in building a zebra, it took less time to understand what they currently did, and where they were with the project. Well... but what happens if a thing got too big? Don’t hesitate to break it. When breaking it just consider re-using it somewhere else and also consider the 3. And because people were keen to help impact on the performance. in building up a zebra, they decided to KEEP things SHORT AND CLEAR in order to

www.todaysoftmag.com | nr. 6/2012

architecture 10 design principles

4. And then someone decided that they shouldn’t have DUPLICATES. Because this way they could tell one zebra from another. (this section talks about how to avoid duplicate functionality, duplicate code from design perspective) Knowing which your zebra is from a zebra flock is already a quite hard task to accomplish. Now imagine that someone tells you that YOUR ZEBRA has some kind of “not-so-marketed” virus and needs to be healed as soon as possible because that virus is spreading fast and affecting

the same virus. Scary image when zooming out a field with zebras huh? Due the fact that code is written by humans is error prone. By duplicating it you also duplicate errors. Having two or more things that look the same make them very hard to be kept healthy therefore maintenance is hard. Testing time also increases when you work on pieces that don’t share the same codebase. In order to avoid the nightmare - make reusable code; and of course reuse it whenever possible instead of duplicating it. This chapter has been written in the memory of Dolly the sheep. (5 July 1996 – 14 February 2003) 5. And because they thought at some point in time the zebra should play with everyone, they thought that they should avoid TIGHT COUPLING in regards to it. (This section talks about how to separate interface from implementation, to write code against a web/rest/jms/service where possible and of course what in the world does this have to do with a zebra) We all know how Rihanna sings. If one zebra will ever sing like Rihanna the rest of the flock will go deaf instantly. So if you really want this to happen and keep the

the whole flock. If wondering what a “notso-marketed” virus is, it’s just a virus from which pharmaceutical industry doesn’t take advantage when appears. So in case you haven’t realized, we’re under time pressure (because not even pharmaceutical industry is interested in, so you are on your own). But wait. It’s not only that it’s ill. All the zebras that looks the same have

nr. 6/2012 | www.todaysoftmag.com

flock healthy, let Rihanna do the singing and the zebra do the lip-synching. How this should be implemented? Now prepare yourself for some boring development literature. Consider having a Singer interface that has a sing() method. Rihanna is a class that implements the sing() method. Rihanna IS A Singer. Zebra will HAVE the Singer capability (HAS A relationship means that it contains a field of that type). For fun we’ll add method lipsync() to Zebra class that’ll call the singer.sing() method. In our case the singer who sings is Rihanna. As you can see zebra won’t sing at all. It’ll just delegate this to someone else which is skilled for that. But from someone who is watching the zebra it’ll see that the zebra sings. Wondering what advantages you might get with that? At some point in time Rihanna will just fall in love with some blog author some day and stop singing. So then your zebra may easily lipsync to Sepultura without anyone being affected. will continue

interview

TODAY SOFTWARE MAGAZINE

Interview with Scott Barber

EXT2012 conference, organized by Softvision, provided the opportunity and pleasure to meet and watch Scott Barber, also known as “the face of performance testing”. A self declared geek which upon a first Google-ing does not strike you through his publishing career or hit percentage in the returned results. This not only enhances the pleasure of the first encounter, but as you get to know him, turns out to be a very good portrait. Scott is a pragmatic fellow who chooses the hands on approach, over the academic one, having a predilection for learning from real world experiences and sharing that knowhow in practical articles (widely cited), as opposed to publishing books or scientific papers. His main approach is to help as many companies through consulting services and as many individuals through direct interaction (in his role of organizer or invitee of conferences and tester communities). Whatever role he is playing, he is always trying to quickly solve the problem by answering the following questions: what do we have? Where do we want to get? How do we get there? As quickly, cheaply and simple as possible. In the following paragraphs you can read some of the questions we asked and his answers to them. As an icebreaker, we asked hows his experience so far with Romania, the event hosted by Softvison and the local testers community. He answered: “if the group is representative, I think its a really excellent community”, adding another instance to his often pleasant surprise of „technology is a great equalizer. It doesn’t really matter whether your country is rich or poor, if you know technology, you can be successful, and thats a really great thing”, qualifying both the event and the attendees as professionals creating “a very pleasant experience”, „the people have been great and they’ve been great testers and I’m really impressed with their skills and knowledge [..] and I would absolutely in a heart beat come back, I’ve had a great time”. Related to the general atmosphere we were curious whether he could sense a cultural difference specific to the East-European landscape and more specifically to the NEXT conference. His first comment was not necessarily culture related, but more of a local curiosity: the relatively young age of the attendees, compared to other conferences, and the actively manifested will to

learn. The second NEXT specific attribute would be attendee involvement, as opposed to many other conferences where content and audience seem: “shallow and broad - not bad, but boring”, he finds “nothing shallow here - questions are deep and passionate”. Keeping to the NEXT context, we explored Scott’s next steps and his advice as to what ours should be. “If I take it literally, I go home, I do laundry and go to a wedding”, but in this context “I completely changed my Sydney presentation, this morning, based on what I’ve learned here” and “because I’m very passionate [..] my next step is to take from here and learn and teach more”. “If I’m going to run around the world and teach people I really want them to tell me how it goes”, so “my two next steps is to keep improving and get feedback”. As for us: “continue this format, with folks that have information and training thats relevant to your community. keep this community together”, because „the closest thing to a profession that we have as testers is community and I think community is the only way that we learn and that we grow. You have a very rich community.. give it a home, thats my challenge to you: don’t let it die!” Once the ice broke, questions started to flow and from now on I’ll just stick to reproducing them and the answers with minimal editing and context adaptations for the sake of brevity and clarity.

foto: Scott Barber times people consider blogs as personal opinions, in this tester land without a user manual or college degree [..] you can find the same information of the same authors blogs sooner than from specialized journals”. It’s important to “learn from them, but do it as a tester of the information: <<how do they think about that, and how do I apply it?>>”. Another very good approach is “trying to teach somebody else, makes you learn [..] so the number one thing I do is: teach others”. Q: On the topic of tools, could you please enumerate for our readers your most used performance tools? “Aaahh! The ones that I use most frequently, I have to be honest, are the ones that are either free, open source, or at least have a significant trial period. So I’m very found of JMeter, I’m very found of OpenSTA, currently I’m very fond of SOASTA, because they have a free version thats robust enough to do some real performance testing. That said some of the very expensive tools are very very powerful and I like them to, but I can’t afford them, so I have to depend on my client to have them. But they are fun to use when somebody else have purchased them”.

Q: Which tools do you consider better, books or software tools that automate work? „Wow! I’ll tell you I’m still fond of some traditional things whether they’d be books or what not, but I’m kind of a geek, I like software tools to, so it really depends on what I’m using them for [..], but what I like is Q: Getting back to processes: How do you having a choice” see performance testing running in an agile environment compared with older waterfall Q: Do you have any daily tools that you approach? What has changed? use to learn, maybe read some magazines? “When the agile manifesto came out, “ E v e n i f o f t e n I asked my team: isn’t this how everybody www.todaysoftmag.ro | nr. 6/2012

interview Interview with Scott Barber works? And they replied: well thats how we work. Years later, when I came into contact with companies that used waterfall I asked myself: how does anybody make this work? Performance testing is inherently agile, and what I mean by that is that you can’t really be effective in delivering, at least consistently, well performing applications, unless you are doing some performance testing from the very beginning. Now its not always the performance tester who is doing that testing and thats where it gets confusing, because theres tasks and then theres the role. But what has changed is: the more teams and organizations work to adopt agile principles, the easier it is for me to share the message that developers have a performance testing responsibility to, and so do the ops or IT support folks. It all has to fit together and if we’re not sharing info and working together, then your traditional waterfall style performance tester will provide you a lot of data with no time to fix it. And fixing performance problems is often very expensive, involving new hardware, re-architecting etc. I think the more we can integrate performance in our daily agile activities, the more consistently we will be able to deliver good performance and happier our users are going to be”. Q: Name top 3 tech buzzwords (related to testing) you’ve encountered in the last years?. “Wow! I almost wanna go do some crazy affinity search. Big major topics that get people all passionate and taking sides in testing over the last 4-5 years would be: certification, automation ... and probably agile, but only because many organizations try to transition to agile and thats a culture change and thats hard. After years of waterfall, culture change is very confusing and the testers get concerned, they don’t know where they fit any more and it causes them lots of stress. Many of the same testers once they get integrated they really like agile. Culture shock its what we call it. Automation has been a hot topic because a lot of folks believe that automation can replace human testers. Here’s the truth: automation can do a whole lot of things, and I like to automate things, but I’ve never met a piece of software that can make decisions and finds bugs as well as a trained human. So you can’t replace, you can augment, you can HELP A HUMAN TEST BETTER, FASTER, GET MORE COVERAGE, BUT YOU CAN’T REPLACE human beings with automation tools. The challenge with certifications is to understand what each

nr. 6/2012 | www.todaysoftmag.com

individual certifications stands for. Recruiters and hiring managers see certificates, but they don’t know what they mean”. Q: Can you give us some examples of your biggest accomplishments (wins)? “You know its very interesting.. a win is a.. most people would think that I’d be talking about running this great test, or finding this great bug, or stopping ship on something that was gonna cost people billions of dollars and.. yes, that’s a win, but that’s a one time, one off, maybe I got lucky, or maybe its because I’m good. It doesn’t matter, it just happened. A win, to me, is when I help a person or an organization to have that big light bulb, the idea, or they change a little bit the way they think and look at things that leads to them having more success long after I’m gone. That to me is a win and a lot of times I don’t know I’ve had a win until years after. Let me give you one example: once, less than 90 minutes at a client, I knew the problem: every 10 minutes a different VP came in and told them to do something else. To make things worse, VPs were not talking to each other. So I took my chair and set it in the doorway and every time a VP would try to enter the room I would take him and go get coffee or something. After three days they had great results and I didn’t touch one thing. [..Years later..] I met Tom, the team lead, and he told me that things went well for a while, but after some time got back to the initial work flow. But that it didn’t matter, since he is no longer working for them and now he has his own team and his chair sits in the doorway and everything goes great. I was so proud, what a silly little thing that has nothing to do with performance testing. You can make that much of a difference.” Q: How do you see differences of server vs. desktop vs. mobile application testing from a methodology point of view? “Here’s what I really learned: testing is something that just kinda becomes part of you, and if your good at testing it doesn’t matter what it is your testing. You will figure out how to do the bits and pieces, whether you need an automation tool, whether you have to do it manually, whether you need help from a developer, where you should be doing it earlier or later, in the middle... Because those are not the things that are

most important to you as a tester. What’s important to you is learning how it works, or how it might work, and then trying to find the ways in which it doesn’t work the way is supposed to. And you know what: … I test everything. (whispers: .. I test the fridge, I test the glasses, I was playing with the coke bottle cap, just now.) Why? Because I can’t help it. And some people say its just because I’m Scott. But I watch people that really have that tester instinct and they do it all the time, it’s not about methodology. So how does the methodology differ? it differs in implementation, not thought process.” Q: Did you ever get into real trouble for „going out there and breaking some stuff ” ? Can you give one example? “I was on my second project, six weeks after saying whats that? to performance, and eight weeks later I was named test lead on a project worth multiple millions dollars worth. It was early enough in “webtime” for 150 users over the course of an hour to be considered a lot. I was testing on premises, with 53 hops between two machines sitting right next to each other. So I moved to the home office across the street. Then I got an email saying I should crank it up to 500 users, and I said: That’s not a good idea! The reply was: I had to convince a big boss to spend a whole lot of money on a 500 users license, so you have to do it. My reply: I still think it’s not a good idea, but I got all this in email, so I cranked it up an went for a three hour lunch. When I got back there were sticky notes all over my monitor: Come see me! - from my manager; Come see me, please! - from the director; Come see me now! - from the CTO; Come to my office when you get back! - from the CEO. So I’m like: this isn’t good.. . So I did what any good tester would do: I took all the sticky notes off and started looking at the error messages on my screen trying to figure out what happened. Next thing I know they were all standing behind my desk and they said: ‚do you have any idea what you just did?’ and I said: ‚yes! I ran a 500, but I told them (the clients) that it was a bad idea, and they said: ok’. ‚Do you

TODAY SOFTWARE MAGAZINE have any idea what that did?’ and I said ‚no, that’s what I was trying to figure out, because I figured you were going to ask me that question and I’m still looking’. The CTO, normally very calm quiet guy: ‚Let me tell you what you did. You took down their entire external network and their lawyer is calling every 15 minutes saying that they just added another million dollars to their loss’. And I’m just like: ‚ahhhhh!’, so I figured I’m fired, if I’m lucky. And then they all ask me: ‚Why did you run a 500?’ and I said: ‚becauseitoldthemitwasabadideeaandshesentmeanemailandsaidihadto’, they said: ‚Do you have that email?’ and I said: ‚yes’, and they said: ‚cool!’, and gave me a hi5 and shook my hand and said that’s really neat and were just messing with me. But literally I cost that company (they were saying a million dollars every 15 minutes), their entire external network was down for a week. I generated a load so high, that physical devices got so hot, that they melted down and they had to order replacements. Now why did that happen? because their entire network was operating way above capacity before I even launched the test. Is that my fault? No. Really, if your network is operating at 95% capacity, you should upgrade it before this happens.” Q: How soon will the shift towards cloud and mobility impact the testing landscape and how? “The technological innovator companies, the ones where software is their business, not just users, or ‚we build because its cheaper than buying’, they are already there. At Facebook, the only thing that’s not in the cloud is the employees laptops. Google had, I’ll call it an internal cloud, ten years ago. You could’ve call it a virtual net, but it wasn’t. It was really build the way the cloud is today. At a lot of companies that I go to, that are high tech, everything except your personal machines are in the cloud. And a lot of developers these days, instead of getting the high end laptops, so they can develop on, they get relatively low end laptops, because they do all their development in the cloud. So we’re kind of already there, in the sense that there’s no turning back. So how soon, is more or less everything going there, is a little hard to say because some folks are worried about security. I took a tour of a cloud facility and let me tell you something: the physical security is far beyond anything I can imagine a regular company doing to their server room. It’s amazing. But the cloud service providers are not willing to sign the paper

that says: „we’ll take responsibility” and so, high security companies aren’t willing to go to the cloud. I don’t know when that balance is going to break, but for everybody that’s not high security I think it’s soon. My personal opinion, very few companies are going to make the next hardware upgrade in their server room and they are just going to go to the could instead.” Q: Preparing for the future, if you had the power to update the teaching material for computer science discipline in universities, what would you like to include? “Previous attempts of trying to inject testing courses [in the curricula] went a whole lot of nowhere. But the more I think about it, as much as I would love to have testing curriculum, not just in development, but in anything technology related, the truth is what I really want is for them to take courses in systems thinking. I want folks to learn how to think about systems. I was a civil engineer and I look at a bridge and I see force lines. It sound kind of crazy, but I just see that, because I’ve learned it. I look at a computer system, on a screen, and I think about where are the packets going and what are they doing, and that helps me more than any class or education I’ve had about testing or development. So I think that instead of being more specific in our training in the university we need to get back to some of the courses that were very very important, core courses in classical engineering, that weren’t about building anything. They were about how do we think about solving engineering problems. I’d like to see some more of that in our high tech fields. I think we take to many ‚how to program in Java’ courses and not enough ‚how do you solve real world problems’ classes.” Q: What do you think are the required skills to do performance testing? Can you give us five defining traits? “Only 5 !? That’s a joke, because I used to joke that you have to be a mid level everything, and later on I used to joke about “CSI Vegas” and the way they know everything. Thats the kind of breadth of knowledge that you need to be a performance tester. The number one trait is knowing how to approach problems. I want them to really understand how to solve problems, how to get to the root cause, whether it’s of a performance problem or a business challenge. I want them to know how to step back from the details, look at the big picture and then figure out where they need to

dive into the details again and come back. So I want a good problems solver. I want someone who is an excellent communicator. I know everybody says good oral and written communication skills, but what I want is a little different: I want somebody that can explain technical crazy odd ball stuff to people who don’t even want to care, in a way that matter. For example, I like to do with pictures and analogies. I want technically savvy. You don’t have to know anything about everything, but I want you to love technology and love to learn about technology. I want you to have some business skills. A little more than most technologists have, because if somebody needs a big performance test, that means there are going to be a lot of users. And if there are going to be a lot of users, it means there are a lot of money on the table. And if you can’t talk money to a manager it’s going to be very hard to help them make good decisions. I think that’s only 4, but I’m not coming up with a fabulous 5th and then I’d get into a whole lot of things that are kind of equivalent in my book. Sounds funny right? You thought I was going to say scripting and all that. Q: Lastly can you give your most concise definition of performance? “So when I tell people what I mean when I say performance, I mean anything related to the speed the scalability or the stability of the system of interest. There are a lot of different words that people use, but at the end of the day I use my mom as my role, my ‚persona’ (they call it at Microsoft). She is my persona, and mom doesn’t care how many people are on the website and she doesn’t care what’s down today. She doesn’t care about any of that. All she knows is, sometimes she goes and it works the way that it did yesterday and sometimes it doesn’t. I want my mom to have the same experience every time, and even better would be, if it’s a good experience every time. So when I think about my mom sitting down in front of her computer and her experience, assuming that functionality works, cause functionality is not performance, that’s what performance is to me, and the words I use are speed scalability and stability.”

Extra Q&A (offline answers)

Q: Traditionally books about performance and capacity planning have formal mathematical approaches like: the classic R.K. Jain’s „The Art of Computer Systems Performance Analysis: Techniques www.todaysoftmag.com | nr. 6/2012

for Experimental Design, Measurement, Simulation, and Modeling”, or even Neil Gunther’s „Guerrilla Capacity Planning”, is this still the best approach, or has this kind of knowledge been captured in tools and now the focus shifted towards process? These approaches are fantastically accurate when applied properly. I’d also add Connie Smith’s “Performance Solutions: A Practical Guide to Creating Responsive, Scalable Software” and any of Daniel Menasce’s capacity planning books (he publishes a new one approximately every other year). The problem is that you need several things to apply them properly that are uncommon in most commercial development teams: • Statistically significant volumes of empirical (production) data • Someone on the team that can develop the equations and *do* (or program) the math • The discipline and commitment to not change *anything* without updating the equations • The time to put these solutions to use Basically, the shorter your release cycle and the more Agile your team is, the less useful these techniques are. Having said that, it is important to note that all of the concepts by these System Performance thought leaders are both valid and valuable. I strongly recommend reading and understanding their work to anyone seeking to become a truly elite performance specialist. The key, of course, is the ability to apply relevant concepts from these works to your project in a way that adds value without turning the project into a “never shippable performance experiment”. Q: Performance testing is often seen as a separate unit that is doing its job and from time to time just rise a flag. How do you see this separation in a product development cycle? I see this as unfortunate, detrimental and common. There is an aspect of performance testing that, by it’s nature, almost necessarily works that way; the Production Simulation (a.k.a. Load Testing). The problem is that the Production Simulation is the *only* part of performance testing that most teams consider. While developing a software system, testing happens all the time. Every time a developer types some code and the little red squiggly line pops up under it to

nr. 6/2012 | www.todaysoftmag.com

indicate a syntax error, that’s a test. Every time a developer executes their code to see if it does what they expect, that’s a test. Every time a system’s administrator installs a patch on their system and “checks it out”, that’s a test. So why is it that the “average” development team doesn’t even consider testing anything related to performance prior to the Load Test? It seems to me that if performance actually mattered, teams would want to “check it out” as early and often as they check their code for syntax errors and accuracy, as they check their systems for installation and configuration issues, as they check any of their units of work for functionality. Q: Could you summarize for our readers a top 5 ranking of the main types of performance tests that must be considered? In my opinion? Sure. If performance *really* matters, the performance tests that I submit you should not neglect are: • Performance Testing at the Unit Level • Performance Testing as part of Story Acceptance • Performance Testing at the Build Level • Performance Testing at the Integration Level • Performance Testing Production Simulations Q: Do you ever fall in the rock-star trap and over-engineer? name the 3 biggest temptations/weaknesses? I fondly remember my father saying as we did wood working or home improvements projects together, he’d say “Anything worth engineering is worth over-engineering!” Today, as a man with a degree in engineering who is older than he was when I first recall him saying that to me, I can say that I agree with him. So in that sense, you’d think that my answer would be “Yes, I fall into that trap regularly,” but the truth is that I don’t. Why? Two reasons. Firstly because I’ve learned that when it comes to commercial software systems “fast, cheap and minimally effective” are paramount. Unlike when building a structure like a building or a bridge where you design once, build once and that’s pretty much it, when building a software system, you are continually designing, building, delivering, patching, updating, fixing, etc. In today’s world of software development, there’s almost always a chance to “improve

it more later,” but you almost never get a second chance to beat your competitor to market, or be online for the holiday rush. This reality makes engineering, let alone over-engineering, a luxury few have. Secondly, speaking of engineering, I realized quite some years ago that while software development is frequently *called* engineering… and even thought of by some *as* engineering… I think software development, especially commercial software development, can only be considered engineering by the loosest of definitions. Q: Can you give me 5 requirements that prove most often to be just „desirements”? I’d argue that all so-called “performance requirements” that don’t come from legally binding contracts, aren’t enforceable by law or auditing authority, or aren’t necessary to keep people from dying, are what I call “desirements”. More simply “if it won’t get you sued or cause loss of life, it’s not actually required.” When a product owner puts “Each page shall load in 3 seconds or less, 95% of the time, at up to 5000 active users” in a requirements document, this is nothing more than a goal or a target. I say this because I am absolutely certain that if the pages loaded in 3.1 seconds, 90% of the time, at up to 4900 active users on “go-live day”, that same product owner would say “Ship it!” So to answer your question more directly, the top 5 examples of performance goals posing as “requirements” (or what I call desirements) are: 1. Page load times 2. Number of supported “concurrent users” 3. “Five 9’s” of up time 4. Volume of data supported 5. Number of transactions per time period Q: You stated that in order to understand the mission you need to get at least two levels up, is that enough? can you give some pointers as to what level of overview we need to get without over doing it? Two levels up was something I learned when I was a US Army officer. In that context, two levels is enough, but the Army has a very hierarchical organizational structure. Corporations tend to have more of a matrix-style organizational structure, often making it difficult to even identify what level two levels up is. What matters is understanding the *real* mission of the

TODAY SOFTWARE MAGAZINE

project, the product line (where relevant), and the corporation as a whole. The best pointer I have for testers is to ask questions. Business questions. Questions about the target market, about how the product is supposed to generate revenue or reduce costs for the business. Questions about how the product is going to be positioned against the competition. If those questions don’t lead to useful information, do some research on your company as if you were a potential investor or competitor. It really is amazing what information is publicly available.

problem that I have no skill or training with is just plain silly. If I’m on a project, I have an entire team to help me solve the problem, and the team can’t solve the problem we each have dozens or hundreds of colleagues, friends, and others we’ve met along the way who are no further than a chat window or a text message away. We’re technologists. We know how to solve technical challenges already. It’s what we do. What virtually no one else is teaching folks is how to *think* about developing and delivering well-performing systems – and that is what I focus on in class.

Q: Most of your presentation dealt with mindset and mentality issues and not so much with technical details, while I agree with your approach I’m still curious if this is your usual approach? or it was a specific requirement for this session? if not why did you choose this strategy? Is mindset more important than skills + process + tools? Yes, this is my current approach. I spent the first 5 or so years of my career as a performance specialist focused on the technical details. I learned a *lot*. The technical skills I gained have been incredibly valuable to me and I’ve kept up with and continued to advance them. However, when I think back to that time, I can’t help but think about how many *months* I wasted to overcome some technical challenge, hack some tool into doing something it wasn’t designed to do, or learning some obscure technology that I’d not encountered before or since just so I could “prove” a point to a disbelieving developer or architect that… wasted because that time was spent to overcome challenges that I simply don’t encounter today *because* I learned how to prevent them almost entirely by “getting performance into the heads” of everyone on the team. I have dozens of stories from my own experiences, demonstrating how systems can be delivered with far better performance, without late lifecycle panic, without adding resources, or anything more than a shift in mindset and a few minutes, every day, from everyone. It is true, sometimes I still do encounter complex technical challenges on occasion. One reason I don’t teach about those during class is because each one is *so* different and unique, but that’s not the main reason. The main reason I don’t worry about technical details in class is because in about 2005, I realized that me sitting along in a cubical trying to solve some technical

Q: From the session I couldn’t help notice your favorite tools are mind-map + whiteboard + drawings + mnemonics, what else do you have in your daily toolkit? ( Tools, Software and hardware, Services, Cloud) anything else that would help best describe your daily working environment and routine? That’s just about it. The only things you are missing from my daily toolkit is my experience and an extensive network of people I can call on when I get stuck. I run a 2 person company. I literally can’t afford a box full of expensive tools. When it comes to software, hardware, services, cloud, etc. I use whatever my clients have on hand, are willing to pay for, or I can get my hands on for free. This means is that I work very hard to keep up with as many tools, services, companies and solutions as I possibly can. But more importantly, this means that I no longer find myself blindly providing the information that I know how to collect with the tools in my kit and hope that information correlates to value to someone. Rather, starting with a very basic toolkit forces me to also start by determining what information *is* valuable before running off to start collecting that information. It turns out, that forcing myself to start with “simple tools” ultimately also taught me to start with “simple solutions” – which, surprisingly, turn out to be good-enough a large portion of the time. When I say “simple solution” I’m talking about solutions that take hours instead of weeks. In other words, something that 8 years ago, I’d have automatically provided a generic estimate of 4 weeks to achieve a “comprehensive solution”, I now start with an estimate of 4 hours to achieve an “approximate solution” and/or a realistic estimate of the level of effort required to achieve a “comprehensive

solution.” Q: Do you use Big Data Visualization tools? since tests usually generate a lot of data and you are so fond of drawings and clear visuals. I like when I’m able to use Big Data Visualization tools, but again, I only get to do so when my clients have access to them. Besides, it’s been years since I’ve been on a single project for long enough to collect enough data to *really* make use of Big Data tools. Several of my recent clients, however, have Big Data Solutions in place. One of set up their development, test, and production environments to automatically feed performance test results from unit tests, build validation tests, production simulations and production monitoring data into Hadoop so that all they had to do was open a web page to see up to the minute performance trends in all of their environments. Very powerful. Very cool.

Marius Mornea

marius.mornea@todaysoftmag.com Founder of Mintaka research

www.todaysoftmag.com | nr. 6/2012

programming

Writing beautiful code not just for the aesthetic value

ost mainstream programming languages contain a large set of features and diverse standard libraries. Because of this it becomes important to know not only “how” you can achieve something (to which there are usually several answers) but also “what is the recommended way”.

Attila-Mihaly Balazs dify.ltd@gmail.com

Code Wrangler @ Udacity Trainer @ Tora Trading

In this article I will argue that knowing and following the recommended ways of coding doesn’t only yield shorter (easier to write), easier to read, understand and maintain code but also prevents programmers from introducing a lot of bugs. This particular article needs a drop of Java language knowledge to savor, but the fundamental idea can be generalized to any programming language: there is more to using a language efficiently than just knowing the syntax.

Example 1: Double Trouble

Let’s start with a snippet of code: what does it print out? Double d1 = (5.0d - 5.0d) * 1.0d; Double d2 = (5.0d - 5.0d) * -1.0d; System.out.println(d1.equals(d2));

What about the following one? double d1 = (5.0d - 5.0d) * 1.0d; double d2 = (5.0d - 5.0d) * -1.0d; System.out.println(d1 == d2);

The answer seems to be clear: in both cases we multiply zero with different values (plus and minus one respectively), thus the result should be zero which should compare as equal regardless of the comparison

nr. 6/2012 | www.todaysoftmag.com

method used (calling the equals method on objects or using the equality operator on the primitive values). If we run the code, the result might surprise us: the first one displays false while the second one displays true. What’s going on? On one level we can talk the technical reasons behind this result: floating point values are represented in Java (and many other programming languages) using the sign-and-magnitude notation defined in the IEEE Standard 754. Because of this technical detail both “plus zero” and “minus zero” can be represented by variables of this type. And the “equals” method on Double (and Float) objects in Java considers these values to be distinct. On another level however we could have avoided this problem entirely by using the primitive values as shown in the second code snippet and as suggested by Item 49 in the Effective Java book : Prefer primitive types to boxed primitives. Using primitive types is also more memory efficient and saves us from having to create special cases for the null value. Side note: we have a similar situation with the BigDecimal class where values scaled differently don’t compare as equal.

management

TODAY SOFTWARE MAGAZINE

For example the following snippet also later in summation or 1.0d if we use it in prints false: multiplication.) BigDecimal d1 = new BigDecimal(„1.2”); BigDecimal d2 = new BigDecimal(„1.20”); System.out.println(d1.equals(d2));

Example 3: We come up empty

What is the difference between the following two conditions?

The answer in this case (given that there is no primitive equivalent for this class) Collection<V> items; if (items.size() == 0) { ... } would be to use the compareTo method if (items.isEmpty()) { ... } and assert that it returns zero instead of using the equals method (a method which One could argue that they do exactly can also be used to solve the conundrum in the same thing as being empty is equivathe Double/Float case if we are not worried lent to having zero items. Still, the second about nulls). condition is easier to understand (we can almost read it out loud: “if items is empty Example 2: Where is my null at? then …”). But there is more: in some cases What does the following snippet of it can be much, much faster. Two examples code print out? from the Java standard libraries where the time needed to execute “size” grows linearly Double v = null; with the number of elements in the collecDouble d = true ? v : 0.0d; System.out.println(d); tion while “isEmpty” returns in constant At first glance we would say: null, since time: ConcurrentLinkedQueue and the the condition is true and v is null (and null view sets returned by TreeSet’s headSet/ can be assigned to a reference of any type, tailSet methods. And while the documenso we are allowed to use it). The actual tation for the first mentions this fact, it result is however a NullPointerException doesn’t for the second. at the second line. This is because the This is yet another example how nicer right-hand type of the assignment is actu- code is also faster. ally double (the primitive type) not Double (as we would expect) which is silently con- Example 4: Careful with that static, verted into Double (the boxed type). The Eugene! generated code looks like this: What will the following snippet of code print out? Double d = Double.valueOf(true ? v.doubleValue() : 0.0d);

Acest comportament este specificat în Java Language Specification :

public final class Test { private static final class Foo { static final Foo INSTANCE = new Foo(); // 2 static final String NAME = Foo.class.getName(); // 3

This behavior is described in the Java Foo() { System.err.println( Language Specification : „Hello, my name is „ + NAME); } “If one of the second and third operands } public static void main( is of primitive type T, and the type of the String[] args) { other is the result of applying boxing conSystem.err.println( “Your name is what?\n”+ version (§5.1.7) to T, then the type of the “Your name is who?\n”); conditional expression is T.” new Foo(); // 1 } I would venture to guess that not many } of us have read the JLS in its entirety and It will be even if we would have read it, we might Your name is what? not have realized the implications of each Your name is who? phrase. The recommendation from EJ2nd Hello, my name is null Hello, my name is Test$Foo mentioned at the previous example saves us again: we should use primitive types. The (probably) unexpected null value We can also draw a parallel with Item happens because we obtain a reference to 43: Return empty arrays or collections, a partially constructed object: not nulls. Would we have used a “neu• We start to create an instance of Foo tral element”, which is analogous to using at point 1 empty arrays/collections, the problem • This being the first reference to Foo, would not have appeared. (The neutral the JVM loads it and starts to initielement would be 0.0d if we use the value alize it

• •

•

Initializing Foo involves initializing all its static fields The initialization of the first static field contains a call to the constructor at point 2 which is dutifully executed At this point the NAME static field is not yet initialized, so the constructor will print out null

This code demonstrates that static fields can be confusing and we shouldn’t use them for things other than constants (but even then we should evaluate if the constant is not better declared as an Enum). By the same token we should also avoid singletons which make our code harder to test (thus avoiding them will make the code easier to test). We should however favor static member classes over non-static ones (Item 22 in EJ2nd). Static classes in Java are entirely distinct conceptually from static fields and it is unfortunate that the same word was used to describe them both. We should also run static analysis tools on our code and verify their output frequently (ideally at every commit). For example the bug presented is caught by Findbugs and tools incorporating Findbugs.

Example 5: Remove old cruft

Name four things wrong with the following snippet: // WRONG! DON’T DO THIS! Vector v1; ... if (!v1.contains(s)) { v1.add(s); }

They would be: The wrong container type is used. We clearly want to have each string present at most once which suggests using a Set<> which has the benefits of shorter and faster code (the above method gets linearly slower with the number of elements) • Doesn’t use generics • It unnecessarily synchronizes access to the structure if it is only used from a single thread • If the structure is actually used from multiple threads, the code is not thread safe, only “exception safe” (as in: no exceptions will be raised, but the data structure can be silently corrupted possibly creating a lot of headache downstream) •

www.todaysoftmag.com | nr. 6/2012

programming Writing beautiful code - not just for the aesthetic value

All of these can be avoided by dropping Vector and its siblings (Hashtable, StringBuffer) and using the Java Collection Framework (available for 14 years ) with generics (available for 8 years ).

Conclusion

There are many more examples one could give, but I think the point is well made that knowing a programming language means more than just knowing the syntax at a basic level. I’m urging you if you are using Java: get yourself a copy “Effective Java, 2nd edition” and “Java™

Puzzlers: Traps, Pitfalls, and Corner Cases” each and read through them if you haven’t done so already. Also, use static analysis on your code (Sonar is a good choice in this domain) and consider fixing the issues signaled by it, or at least read up on them. Again, the conclusions are similar for other languages: • Try reading up on best practices/ idiomatic ways to write code in the given language. For example for Perl the best book currently is “Modern Perl ” by chromatic • Look to see if there is a good quality

static analysis / lint program for your language. For Perl there is Perl::Critic , for Python there is pep8 and pylint , all of which are free and open source Being good a programmer (or an architect, or a business analyst, etc.) is process of lifelong learning and these are the tools which can help us truly learn a programming language.

Bibligraphy Joshua Bloch: Effective Java, Second Edition. ISBN: 0321356683 http://docs.oracle.com/javase/7/docs/api/java/math/BigDecimal.html http://docs.oracle.com/javase/specs/jls/se7/html/jls-15.html # JLS-15.25 http://docs.oracle.com/javase/7/docs/api/java/util/concurrent/ConcurrentLinkedQueue.html # Dimensiune () http://docs.oracle.com/javase/7/docs/api/java/util/TreeSet.html http://findbugs.sourceforge.net/bugDescriptions.html # SI_INSTANCE_BEFORE_FINALS_ASSIGNED http://en.wikipedia.org/wiki/Java_version_history # J2SE_1.2_.28December_8.2C_1998.29 http://en.wikipedia.org/wiki/Java_version_history # J2SE_5.0_.28September_30.2C_2004.29 http://www.sonarsource.org/ http://www.onyxneon.com/books/modern_perl/index.html http://search.cpan.org/ ~ thaljef/Perl-Critic-1.118/lib/Perl/Critic.pm http://pypi.python.org/pypi/pep8 http://pypi.python.org/pypi/pylint

nr. 6/2012 | www.todaysoftmag.com

management

TODAY SOFTWARE MAGAZINE

All roads lead to SaaS: 7 challenges to get there

orrester Research company indicates that by 2020 the global cloud computing market will reach USD 160 billion, 83% of which will consist of SaaS solutions. Regardless of the accuracy of predictions, one thing is certain – SaaS will have a major impact on the ISV companies whose revenues are based on license sales.

The world is changing Mihai Nadăș mihai.nadas@tss-yonder.com CTO @ Yonder

The monetization paradigms of software products are now changing. For the last couple of decades, the old paradigm, based on license sales, has helped companies like Microsoft reach the highest market value ever recorded by a public company, i.e. USD 618.9 billion, record registered on December 30, 1999. In this case we can essentially talk about a model according to which the software product is bought by the beneficiary, who pays its value multiplied by the number of purchased licenses. The convergence of the internet and the virtualization technology, and the decrease in the cost of computing power have given us what we now call, under one form or another, “cloud computing” – a new style of computational service consumption and data persistence. With it the concept of software leasing or Software as a Service (SaaS) was born, a model according to which the beneficiary pays the value of using the product as a service based on a subscription, whose value varies according to the number of final users. Obviously, nothing new under the sun, but, if we look at the graphs resulting from the Forrester study, we notice something interesting – the annual absolute growth

curve begins to take form in 2012, and culminates in 2014, when the market is to increase by USD 63.19 billion. In practical terms this can only mean one thing – the adoption of SaaS solutions will know its steepest increase within the next two years, and this correlates with the decline of the software licensing market, an aspect that should persuade the ISV companies to implement their SaaS strategy, provided they have one. In 2011, Exact Software, one of the largest ISVs in the Netherlands, recorded a 13% decrease in the revenue received from software sales in the Benelux, while the SaaS-based solution recorded a 46% increase, and brought revenue of EUR 11.6 million compared to 7.9 million in 2010. The case is similar for UNIT4, another Dutch ISV, which took on SaaS early and now receives revenue of more than USD 9 million from this solution.

Beyond statistics

The potential of targetting new markets, the advantage of revenue that is easier to plan, of low support and maintenance costs correlated with an opportunity to know more about the usage behaviour of own customers make SaaS a more than interesting www.todaysoftmag.com | nr. 6/2012

management All roads lead to SaaS: 7 challenges to get there

prospect for the ISV companies. Objectively speaking, the ISV companies have two reasons to adopt a SaaS strategy: growth and protection of current business. Google saw a growth opportunity when they introduced Google Apps, a SaaS solution that attacks Microsoft Office’s traditional market. Microsoft, on the other hand, reacted by introducing the Office 365 suite, an alternative to their own solution based on license sale. Considering the two reasons, the conclusion is that there are few arguments that could persuade the ISV companies to safely ignore SaaS. To make things even clearer, I would say that there actually is an extremely limited set of arguments based on which a young ISV would choose to practice the traditional model instead of SaaS.

The 7 challenges on an ISV’s road to SaaS

SaaS adoption in the context of the traditional licensing model constitutes a major change for the ISV companies. We practically identify two categories of challenges: the business and the technical challenges. Although the technical challenges are serious and involve major investment for the renovation of the existing solution, the set of business challenges is most of the times the key to success, since they involve decisions with direct impact on the company’s financial prospects. We can identify at least 7 challenges on an ISV’s road to a successful SaaS-based solution – 1. Identifying a target market for the new solution – choosing between approaching a new market or strengthening the existing market; 2. Establishing a pricing policy balance between offer accessibility and the risk of cannibalising the existing revenue; 3. Changing the sales and marketing style – the SaaS customers make the purchase decision differently from the traditional solution customers, because the decision factors themselves change; 4. Strengthening product robustness – with the traditional model product stability did not have a global impact on the entire customer base, while with SaaS any service error or

nr. 6/2012 | www.todaysoftmag.com

interruption is noticed by everyone; 5. Increasing the “agility” of the software development model – SaaS builds on a company’s ability to respond to change in an agile manner, and this involves, on one hand, changing the long-cycle development model, and also professionalising the model by introducing mature processes that lower the risk in many areas; 6. Restructuring the organisation – due to the large number of changes that occur in the SaaS approach, most of the times the organisation itself needs changing. Success stories usually begin with a new team, independent of the existing teams, or even with spin-offs; 7. Excelling in technical approach and performance – first of all SaaS involves interacting with a UI web, and this is usually the first of the technical challenges, since the traditional model is generally based on UI non-web applications. Besides, we should find answers to and adequate implementation of the following questions h. What cloud computing platform should we choose and under what form? IaaS or PaaS? Public or Private? AWS, Wi n d o w s A z u r e , G o o g l e App Engine, VMware Cloud Foundry, Heroku, CloudBees, AppFog, AppScale, Apprenda or something else? i. How do we handle the multitenancy aspect? j. How do we partition data and what architecture do we choose to isolate it? k. How do we ensure high scalability and availability (i.e. 99.95% uptime) of the solution? l. H o w d o w e d e s i g n t h e Onboarding, Feature Bundling, Subscription Management, Billing and Revenue Management processes? m. How do we implement authentication and authorisation, and what are the architectural aspects that answer security issues? n. How do we ensure a robust and flexible Release Management process?

Conclusions

We are facing a major change for the ISV companies. If today we still talk about SaaS in terms of innovation, most probably by the end of this decade, when the die will have already been cast, SaaS will constitute the normality of software consumption. According to predictions, now is the most appropriate time to implement a transition to SaaS strategy, and through my experience with Yonder so far I can say that success mainly comes from wise business decisions without compromising on technical performance, where complexity may be higher than it seems.

External links

1. innovation.tss-yonder.com 2. innovation.tss-yonder.com/ sizing-the-cloud 3. mihainadas.com

programming

TODAY SOFTWARE MAGAZINE

Introduction to Grails part I

rails este un framework web bazat pe Java și Groovy. Grails împrumută concepte din frameowork-uri precum Rails în dorința de a simplifica web development-ul în Java.

What is Grails?

Tavi Bolog tavi.bolog@nokia.com Development lead @ Nokia

Grails is a web development framework developed on top of Java and Groovy stacks. Grails borrows concepts from frameworks like Rails, and builds on these concepts to simplify web development in Java. At a glance, Grails uses: • Groovy language - to glue all stacks below together • Hibernate – for data modeling using GORM layer (Groovy Object Relational Model) • Groovy Server Pages – a dynamic tag based language used for building views • Spring – for building controllers, security, dependency injection, internationalization, etc. • Command scripting line written in Groovy • Embedded Tomcat servlet container used for hot re-deploy of the app (in most of the cases)

My current project (http://primeplace. nokia.com) is developed in Grails 2.0.4 and we transitioned the web part of the project from Apache Wicket (which most of us hate :)) to Grails in about 2 months of effort without no prior extensive knowledge of Grails and Groovy. In the same time we added new functionality on top of existing one, while still releasing updates of the Apache Wicket based release. Of course, we’re still learning new and amazing stuff to date coming from the Grails and Groovy world.

Setting up Grails

To use Grails you need the following: Download and install Java JDK from Oracle: http://www.oracle.com/technetwork/java/javase/downloads/ index.html. • For some operating systems you may need to set JAVA_HOME and add “java” executable to your PATH •

www.todaysoftmag.com | nr. 6/2012

programming

• •

Download Grails from http://grails. org/Download and extract it to the folder at will S et GR AILS_HOME to your installation folder and add “grails” executable to your PATH Run Grails by typing “grails” into a terminal/console This will load up Grails for you and will wait you command: grails >

Introduction to Grails - part I

•

Integration tests of the application web-app – contains images, js, css and other web app configuration, including the Spring context file

validate method available for each domain class), Grails will fill in the errors in the “errors” field to the User class. Then it’s up to the controllers how to handle this (will see in our sample application). Grails allows definition of custom validators for application specific cases, but will discuss these in the next article. Let’s add another domain for our application, called Message. This is to handle a message posted by a user. Using the Grails console, run: create-domain-class com. todaysoftmag.gsn.Message. This will generate the domain class and associated unit test class. Let’s add couple of attributes for the Message domain and 1 constraint:

You can start the app now, by running run-app command on the Grails console. This will start your app on http:// • localhost:8080/GrailsSocialNetwork . Of course the application is pretty much unusable, but you can see some Grails default There are 2 IDEs to date that handle page. You can change the port of your app Grails development pretty good: by running run-app -Dserver.port=80 (will • Intellij Idea start the app on port 80) • Eclipse (and Spring Tool Suite) and now Groovy & Grails Tool Suite, Creating the domain classes last 2 ones built by VMware on top Let’s now start creating the domain String message Date date = new Date() of Eclipse. classes for our application. First we need static constraints = { a User class. To create this will use Grails // mesajul nu poate fi gol si trebuie // să aibă lungimea între 5 și 100. I currently use STS 3.1.0 with the Grails console again: create-domain-class com. message size:5..100, blank:false and Groovy plugins on top of Eclipse 3.8.1. todaysoftmag.gsn.User. This will create 2 } I tried the same on top of Eclipse Juno files: In order to build the storage model for 4.2, but my laptop was barely responding the data of an application, Grails needs to running this version (even thou looking | Created file grails-app/domain/com/ know the relationships between objects. In todaysoftmag/gsn/User.groovy nicer) so I went back to the old and good our application we have two relationships: | Created file test/unit/com/todayEclipse Juno 3.8.1. softmag/gsn/UserTests.groovy A user may have many messages. The relationship will enrich the class User with Building a Web App in Grails First file is the domain class and another attribute: messages. Here is how to I was thinking that the easiest way to second is the unit test class associated with define the relation: introduce Grails is by building a small web the domain class. Let’s focus now on the static hasMany = [messages: Message] app. The example for this article would be domain class by using some Groovy synA message belongs to a user, meaning a Grails Social Network due to the rise of tax, very similar with Java, but supporting that it cannot exist without being associasocial networks in the past years. The users dynamic structures and not being strong ted to a user. The relationship will enrich of the web app can login, post messages typed. the class Message with another attribute: and see messages posted by other people. To add attributes to the User domain user. Here is how to define the relation: class, type this in the class: static belongsTo = [user: User] •

Creating the web application folder structure

Using the grails console, create-app command creates a new app. Syntax of the script is create-app GrailsSocialNetwork (if executed as described on the “Setting up Grails”). This command creates the Grails folder structure, which looks like (under GrailsSocialNetwork folder): • application.properties - used to keep some app information • grails-app - contains most of the grails related items like controllers, services, domains, internationalization files, utilities, configuration, taglibs, etc. • lib - contains the 3rd party libraries used by application • scripts - contains Gant scripts • src – contains the Groovy and Java classes used by the application logic • test - contains the Unit and

nr. 6/2012 | www.todaysoftmag.com

String String String String

firstName lastName userName password

Then we would like to add some constraints for these attributes. As you noticed, Grails already created for you a constraints closure: static constraints = { //atributul “firstName” nu poate fi //gol si trebuie să aibă lungimea //între 3 și 10 firstName size: 3..10, blank:false //atributul “lastName” nu poate fi //gol si trebuie să aibă lungimea //între 3 și 10 lastName size: 3..10, blank:false //atributul “username” nu poate fi //gol, trebuie să fie unic între toate //obiectele de tip User și trebuie să //aibă lungimea între 3 și 10 userName size: 3..10, blank:false, unique:true //atributul “password” trebuie să //aibă dimensiunea între 3 și 10 password size: 3..10

}

If any of these constraints fail to pass upon validation (this is done by calling the

Setting up test data

For the time being, we don’t have any data store setup and Grails in using by default an in-memory DB which doesn’t have persistence. But, we can create for ourselves a bit of testing data. To do this, we need to let Grails know to create and persist in memory some object for us. On startup, Grails calls the BootStrap.init closure. Locate the class and add the following code snippet in class: def init = {servletContext -> def user1 = new User(firstName: „John”, lastName: „Doe”, userName: „jdoe”, password: „passwd”) def user2 = new User(firstName: „Joanne”, lastName: „Doe”, userName: „jodoe”, password: „passwd”) user1.addToMessages(new Message(message: „Good morning!”)) user1.addToMessages(new Message(message: „Nice movie: Skyfall!”)) user2.addToMessages(new Message(message: „Waiting for the summer...”)) user1.save(failOnError:true)

TODAY SOFTWARE MAGAZINE

}

user2.save(failOnError:true)

You also noticed the “destroy” closure that is called when the application is shut down, so it can be used to do some last minute application cleanup, etc.

Creating controllers

Controllers are the ones managing the flows of the application. Since Grails uses extensively convention over configuration, the controller name for each domain needs to be <Domain>Controller, so we will create the UserController and MessageController. For creating controllers, Grails offers a script called create-controller. By running create-controller com. todaysoftmag.gsn.UserController, Grails will create for us the controller class, associated test and a folder for the view files which will be discussed on the next chapter: | Created file grails-app/controllers/ com/todaysoftmag/gsn/UserController. groovy | Created file grails-app/views/user | Created file test/unit/com/todaysoftmag/gsn/UserControllerTests. groovy

Now you can repeat the same exercise for the MessageController creation. For now the controllers are pretty much useless, but will start to add logic to them in the next chapters.

Handling authentication

One way of handling authentication in Grails is by using filter. To create a filter, run create-filters com.todaysoftmag.gsn. SecurityFilters console command. This will create the Groovy class and the associated test class. In the filter, we need to add a closure that will allow us to check for user session

on all controllers and actions before any request is being processed: def filters = { loginCheck(controller: ‚*’, action: ‚*’) { before = { if (!session.user && actionName != „login”) { redirect(controller: „user”, action: „login”) return true } } } }

In case there is no “user” object on the session, the application will redirect the user to the “user” controller and “login” action which will render the “login” view as we will see on “Creating views” chapter. Otherwise, the application logic will continue. On the UserController, we need to add the “login” action that will do the user authentication: def login() { if (request.get) { return } //this is for loading login view def u = User.findByUserName( params.username) if (u) { if (u.password == params.password) { session.user = u redirect( controller: „messages”, action: „list”) } } render(view: „login”, model: [message: „Wrong username or password!”]) }

This action will check the username and password for a match and will add the “user” object on the session to consider the session authenticated and redirect the user to his messages page. Otherwise the user will be prompted with an error message on the login view. Few things here: • Semicolon (;)is not mandatory in Groovy to end a line • Controllers already know about

• • •

•

specific Grails objects, like request, session, params, etc. and methods to help managing the views, like render, redirect, etc. No strong type check on Groovy code The statement if (u), evaluates to true in case the u is has a value, and false otherwise. GORM (Groovy Object Relational Mapping) offers handy methods to query the data. In this case we can check through all existing User object the one having the “userName” equals to the value supplied on the login form (params. username) “Render“ calls the specific view with the specific parameters and produces the final HTML output A construct like [“1”, “2”] is an array and [model: modelObj, user: userObj] is a map “Redirect” redirects the application to the specific controller and action. If controller is missing, the redirect will happen on the current controller on the specified action. There is no clear return from the Groovy methods (they could return nothing or different types on different execution paths, so one needs to pay attention especially because type check is not enforced and you can end up with runtime exception because of this. I’ve had seen “MissingMethodException” for example in our production logs at some point.)

www.todaysoftmag.com | nr. 6/2012

programming

Windows Azure Service Bus Messaging patterns

n this article we will discuss two design patterns you can use when you need to solve certain problems in an enterprise solution. The two solutions described here are based on Windows Azure Service Bus. This is a message delivery system offered by Microsoft. It is not necessary to install or configure any server in order to use it.

Radu Vunvulea

Radu.Vunvulea@iquestgroup.com Senior Software Engineer @iQuest

nr. 6/2012 | www.todaysoftmag.com

The whole infrastructure is based on cloud. This mechanism is mainly used when we need to deliver messages to one or more consumers. When messages are delivered to a single customer we can use Windows Azure Service Bus Queues. If we want the same message to reach more listeners, we can call Windows Azure Service Bus Topics. Through this mechanism we can distribute the same message to many consumers. Each consumer can filter the messages and accept only those that follow a particular rule. All issues related to data persistence, transactional operations or death locks are solved by Windows Azure Service Bus. Let us see which problems we can be solved with this service. Let’s imagine we have a client that deals with food distribution in the country. He distributes these products to various stores - both convenience stores and hypermarkets. Depending on the time of the year, the Leu-Euro exchange rates or the product expiry date, we want to provide an API to notify stores. Depending on the client, discounts may vary. Each store uses different applications, therefore providing an application to do so is out of the question. Our customer wishes data display and each store can implement this functionality into their own system. A solution to this problem is to use Content-Based Router Message Pattern. This pattern is based on the ability to send messages to each consumer according to the data that the message contains. Each offer added by our client will be represented by a message which besides the price details will contain the attributes that specify which shops the offer must reach. For example, we can specify that messages are only to be sent to Tip Top stores from

a particular region. Other offers are only to be sent to hypermarkets. This solution can easily be implemented using Windows Azure Service Bus Topics. All messages that will go in a certain topic are going to contain the attributes that specify the stores which are to be notified. Each store will have a unique subscription, where data such as name, region, address, store type will be specified. Subscriptions will only be created by our client, and shops will record these subscriptions only. When there is a message available, they will receive it automatically. Our client will be very happy because he is forced to send different notifications for every store individually. This will create a single message, specifying to whom it is addressed. The first step is to create a subscription for each topic and each store separately. I am going to create only two subscriptions in this example NamespaceManager namespaceManager = NamespaceManager.CreateFromConnectionString( CloudConfigurationManager.GetSett ing(“ServiceBusConnectionString”)); if (!namespaceManager.TopicExists(„di stributionTopic”)) { namespaceManager.CreateTopic(„dis tributionTopic”); } SqlFilter tipTop100Filter = new SqlFilter(„ region LIKE ‚%Banat%’ OR shopName = ‚Tip Top’ OR shopType = ‚family’”); namespaceManager.CreateSubscription( distributionTopic”, „TipTopShop100Subscription”, tipTop100Filter); SqlFilter stefan20Filter = new SqlFilter(„ region LIKE ‚%Moldova%’ OR shopName = ‚Stefan’ OR shopType = ‚minimarker’”); namespaceManager.CreateSubscription( „distributionTopic”, „stefan20Subscription”, stefan20Filter);

Once these subscriptions created, we can begin distributing messages. Each client will be notified when a new promotion

TODAY SOFTWARE MAGAZINE is available. We may add, modify or delete a subscription at any time without stopping the system or notifying customers. Each store is to be notified automatically. If the application is not started, the message is stored until it becomes active. Each message can contain an expiration date. Windows Azure Service Bus Topics will automatically delete messages that have expiration dates invalid. All you have to send to every shop, besides login data and the topic name is the name of the subscription. For them, we can create a component that handles this automatically. The code that can retrieve the message from the subscription would be as follows: SubscriptionClient subscriptionClient = SubscriptionClient.CreateFromConnectionString( CloudConfigurationManager.GetSetti ng(„ServiceBusConnectionString”), „distributionTopic”, „stefan20Subscription”); while(true) { BrokeredMessage offerMessage = subscriptionClient.Receive(); if (message != null) { try { ... offerMessage.Complete(); } catch (Exception) { offerMessage.Abandon(); } } } }

has greatly expanded lately, he has created regional managers dealing with processing orders that every store has. Because they do not know how the market will develop, our client needs to group several regions, then again can divide the regions with minimum cost. Furthermore, in order to supervise the work that they have, he wants to create an audit mechanism, and all orders sent by stores to be registered. To solve this requirement, we can turn to Dynamic Message Router pattern. This pattern allows us to define a list of rules for directing messages that can be changed at runtime without any problems. Our client will initially start with only two groups of regions and in time, depending on how the market changes, he will define the groups of smaller regions. Each group of regions will have one that accepts subscription orders for a list of regions. We will not show how to create a new topic (for further information, see the details below). SqlFilter groupFirstRegionFilter = new SqlFilter(„ region LIKE ‚%Moldova%’ OR region LIKE ‚%Banat%’”); namespaceManager.CreateSubscription( „commandTopic”, „groupFirstRegionSubscription”, groupFirstRegionFilter);

This first subscription will serve two regions. If our client decides that the two As you may notice, if the offer is not regions will be monitored by different peoprocessed successfully, the offer will not be ple he will need to modify this subscription lost but processed by the store again. and add another one. Once you have created subscriptions for each store separately, all we have to do For every subscription we can add or is add the message topic. It will reach all delete or add a rule at runtime. In this case the stores for which filter subscriptions will we can delete the already defined rule and return TRUE. add another one. So far we have just added TopicClient distributionTopicClient filters. Each filter may be accompanied by a = TopicClient.CreateFromConnectionString( name. However, instead of filtering we can CloudConfigurationManager.GetSetti ng(„ServiceBusConnectionString”), add rules and every rule can have a unique „distributionTopic”); name. A rule usually contains one filter. BrokeredMessage offerMessage = new BrokeredMessage(); offerMessage.Properties[„region”] = „Banat Moldova”;

offerMessage.Properties[„shopType”]= „family”; distributionTopicClient. Send(offerMessage);

Through this mechanism, we can dynamically change the regions monitored by a manager. If needed, we can add or delete a subscription or a rule without having to stop the system. Another requirement from our client was that all orders needed to be saved, in order to be checked later. This requirement is close as it can get to be implemented. We need to add a subscription that has no rule or no filter defining. It is as simple as that. namespaceManager.CreateSubscription( „commandTopic”, „allCommandsSubscription”);

Each store will have to create a message for each command, where ‚region’ will be automatically set together with the belonging region. In terms of cost, I should tell you that six million messages sent via the Windows Azure Service Bus cost us $ 6 and if 10 stores listen non-stop for 24 hours to a subscription, it will cost us about $ 7 per month. Prices may possibly fall in the future. In this article we have seen how easy it is to distribute messages using the infrastructure offered by Windows Azure. Patterns such as Content-Based Router Message Pattern and Dynamic Message Router Pattern may be easily implemented with minimum cost. Built-in scalability is offered by Windows Azure.

SubscriptionClient groupFirstRegionSubscription = SubscriptionClient. CreateFromConnectionString( CloudConfigurationManager. GetSetting( „ServiceBusConnectionString”), „commandTopic”, „groupFirstRegionSubscription”); SqlFilter groupFirstRegionFilter = new SqlFilter(„ region LIKE ‚%Moldova%’ OR region LIKE ‚%Banat%’”);

In the example above we saw how easy it is to distribute offers to several stores groupFirstRegionSubscription. AddRule(„ruleForMoldovaAndBanat”, without asking ourselves whether or not groupFirstRegionFilter); the store will receive the message. And the groupFirstRegionSubscription. RemoveRule( way we specify which stores should receive „ruleForMoldovaAndBanat”); SqlFilter banatRegionFilter = the offer is extremely simple. new SqlFilter(„ region LIKE ‚%Moldova%’”); In terms of scalability, a topic can groupFirstRegionSubscription. have up to 2,000 subscriptions. This does AddRule(„ruleForMoldovaAndBanat” ,banatRegionFilter); not mean that we are only limited to 2000 messages. It is extremely easy to include In the example above I added a filter another topic. that I have then deleted, and then I added Let’s further imagine our client came a new rule. These rules apply automatically with the following requirement. As he when they are added. www.todaysoftmag.com | nr. 6/2012

management

Can you be agile in fixed price projects?

The agile methodologies are more and more preferred by the software companies in a world where the functional requirements, driven by the dynamics of the market, are continuously changing and the reduced time to market has a significant importance in getting the desired final results. At the same time many companies in need of software products are not software development companies and operate in a market with time

Claudiu Anghel

claudiu.anghel@iquestgroup.com Project Manager @iQuest

nr. 6/2012 | www.todaysoftmag.com

and cost constraints; the vast majority of these companies require the delivery of the software products under a fixed price project. By a “fixed price project” we mean that we set from the start, together with the client, the following three elements: • Scope (functional and non-functional requirements) • Time • Price The article presents the experience we’ve had in a context of a fixed price software project in the telecom space where the agile elements helped us to deliver the required functionality on time and budget. Our client - a software company developing software products for telecom companies - was developing a solution consisting of more systems; the backend system did not have an administration GUI; the client required a partner to develop this Admin GUI under a fixed price project. Due to tight project timelines it was required to start the development of the Admin GUI in parallel with the backend system. As a result we had the following context upon project start: • Functional requirements not fully completed • External services not available for integration • A&D and technical details of integration in need of extensive clarifications

What did we do then? Initially, we involved colleagues with extensive technical experience and based on their analysis we made a fixed price offer. After our offer was accepted we created the project team and started the project. As a project manager, my first intention was to create a detailed project plan with granular tasks, with dependencies, task assignments, monitoring of potential critical paths etc. From the first days, discussing with the team, I realized that given the project context such a thing was not feasible. I thought then to the advantages of some of the key elements in agile methodologies: • Team commitment rather than imposed project plan • Empower Team • Self-organizing Team • Collaborate to clarify and solve • Detail requirements • Clarify external interfaces and integration I realized that I cannot impose a project plan that looks unfeasible and being clear we were facing a project with risks and challenges, it was essential that the team: • Believes step by step in intermediate commitments • Has not only the responsibility to deliver but also the possibility to influence the way we progress with the project

TODAY SOFTWARE MAGAZINE In the first days, the requirements being still under clarifications the team focused (in addition to requirement clarification) on engineering practices; we put in place a development process that included: • Task & bug tracking • Source control • Packaging • Continuous Integration (CI) • Unit testing & Mocking • Code coverage • Code review External services being unavailable, we put in place a way to use stubs. During the project, discussing continuously with the client, the team managed to clarify the requirements, to find the best alternatives to progress with the project. It was essential that we had specialized roles in the team: • Business Analyst • Software Architect • User Experience specialist These colleagues helped us a lot in requirement clarification, client interaction, promoting the most appropriate alternatives to advance. Making a parallel with SCRUM - they were for us the Product Owner and maybe even more. At the same time colleagues from our team were onsite at the client in various stages of the project but also part of a workshop in the premises of the 3rd party company developing the backed solution; the workshop was very helpful, many integration details were clarified, communication improved afterwards – from a cost perspective it was beneficial as remote clarifications tend to be time consuming and can introduce delays resulting in higher costs. Being in a fixed price project we had to ensure that we keep the initial agreement on time, scope and costs. For each of these there were some elements that helped: Time: we agreed with the client from the beginning to have two major delivery phases: soft launch and hard launch; each of these had sub-phases corresponding to

the testing phases required by the client (in a telecom context they are quite a few); to meet our deadlines we progressed different phases in parallel (e.g. testing phase for soft launch in parallel with development phase for hard launch) – here, the code review process and continuous exposure of team members to various code areas allowed flexibility for colleagues to take different tasks; communication within the team was continuous, independent of location (Skype group opened permanently was helpful); the process engineering elements already mentioned were essential, they helped us to have a good quality, we gained time through build automation, automated tests and less effort required for bug fixing. Scope: as already highlighted we discussed a lot with the client to clarify requirements: • In some cases we agreed with the client better alternatives that resulted in less development effort – overall the scope did not change: the need of the GUI to articulate all backend functionalities remained unchanged • In other cases we showed clearly to the client that the requested functionality was not defined in the initial requirements – here we had Change Requests (CRs) that resulted in additional budget • In other cases we adapted based on the early feedback provided by the intermediate releases (we had many releases, having more testing sub-phases for each of the two major delivery phases (soft and hard launch))

to the question of this article title is “yes” or “no”, 0 or 1, the answer can be “yes” in some conditions and “no” in others. In the case of our project was “yes” and my view is that we wouldn’t have succeeded otherwise – but we had the context presented above. My advice would be to invest as much as possible in: • Empowering the team • Interaction and communication • Engineering practices – enforce quality from the start • Possibility to have specialized roles in the team

Cost: given that we managed to keep the delivery timelines and to receive CRs (where the case), we managed to keep our cost under control and in the end to have a profitable project; of course, the fact that the team managed to understand what needs to be done, to find the appropriate solutions, to deliver on time was key here. To conclude, I don’t believe the answer

www.todaysoftmag.com | nr. 6/2012

technologies

A journey through 2012 cyber-attacks and Romania’s position on cyber war

012 was one of the most active years in the Internet history in terms of cyberattacks on large systems and infrastructure. This article touches on a sensitive issue in Romania – the foreign IT security interventions using a top 10 of the most important attacks in 2012.

Andrei Avădănei andrei@worldit.info Fondator si CEO DefCamp CEO worldit.info

The conclusions of the article try to highlight the risks faced by the Romanian infrastructure and how well we are prepared for serious cyber-attacks. The classification will be done in a descending order according to the complexity of the damage done. We developed a similar classification made by ThreatMatrix.

7. Yahoo! Voice A group entitled D33DS Company has obtained nearly 454,000 Y! Voice accounts with a simple SQL Injection; • Passwords were stored in plain text. •

6. Global Data Inc. (Visa & Master 10. GHOSTSHELL Card) • The anonymous group called • A breach in the system of card data GHOSTSHELL stole over 120,000 processing resulted in the loss of 1.5 records from the world’s top univermillion cards; sities injecting malware sites; • The breach has not led to the loss of • The list of universities inclubilling data or names. des Harvard, Johns Hopkins,The University of Michigan etc. 5. Microsoft Internet Explorer • A security issue discovered in 9. U.S Environmental Protection September allows hackers to install Agency malware on personal computers; • A security breach led to compro• 41% of users in North America are mising data of 8,000 employees and affected by vulnerability and over other bank accounts; 31% globally; • It is funny that it took four months • RCE Vulnerability (Remote Code until U.S. EPA announced the names Execution) can remotely run a script of the people affected. on IE 6, 7, 8, 9 but not on 10; • IE 10 does not escape because there 8. Go Daddy is vulnerability in Flash that is used • Anonymous has acquired numerous worldwide. DDoS attacks on Sept. 10; • Dozens of websites worldwide have 4. Android been affected for a period of time, • It was noticed this fall that nearly even email services; 200 million Android phones are in • G o D a d d y i n v a l i d a t e d t h e danger of being completely reset, hypothesis. losing absolutely all data on them, and possibly the destruction of SIM cards; • The phones produced by Samsung, HTC, Motorola, Sony Ericsson and most Android versions are affected.

nr. 6/2012 | www.todaysoftmag.com

UIX •

TODAY SOFTWARE MAGAZINE

Patch was released but so far only Although these attacks were highly the new mobile versions used it. publicized, these are just the icing on the cake, the apparent information. We must 3. Linkedin & eHarmony not forget the targeted attacks focused lately • in less than 24 hours 65 million both on Europe and the Middle East. We LinkedIn accounts were out of con- must not forget that even Google, among trol, 30,000 of them were broken; others, was aimed at highly complex, well • 1.5 million eHarmony passwords developed and numerous targeted cyberwere hacked and uploaded to a attacks. We must not forget the Sony, the website; Flame, Duqu a.s.o. • There have been various interpretations of the attack; the fact is that Where is Romania’s position at the LinkedIn has fallen in the eyes of moment? many people then. The simple answer is that we are on neutral ground, but unfortunately, from a 2. Wells Fargo virtual geographic perspective we are all in • The site was overloaded by a DDoS the middle. Worse than that, it seems that attack; at this time we are completely unprepa• Assessments say that more than red. I do not think we are able to manage 70 million potential customers cyber-attack on an important Romanian and over 8.5 million viewers were infrastructure, I do not think we are prepacompromised; red to analyze a complex computer attack. • The attack was presumably made Also, I think there is no counter-offensive by The Izz ad-Din al-Qassam Cyber program at least theoretically prepared. Fighters to protest against an anti- Likewise, I do not think and I’m pretty sure Islamic video appeared on YouTube that there are no intervention teams prepaMez - Innocence of Muslims, red to face this and to know exactly what to although further analysis revea- do in such a situation. led that the technology and the Indeed, at this point, in terms of techlist of suspects point to the Iranian nology, we are slightly lower than other government involvement; European countries, but soon most purcha• More banks were affected during ses, most bills and much more will be done the same campaign, including the online. The infrastructure is migrating to Bank of America, JPMorgan Chase, the Internet and we are not prepared for Citigroup, U.S. Bancorp. disasters. There are not specific promises to currently support some real initiatives 1. Zappos / Amazon Inc. for the internal development for cyber inci• One attack resulted in compromi- dents. If China, Iran, Israel, USA, Russia sing 24 million Zappos / Amazon and many other countries in Europe and Inc accounts.; beyond have made important investments • Names, e-mail addresses, phone in this direction and even have official numbers, credit cards and billing intervention teams, research, espionage, addresses were compromised; counter-offensive cyberspace, we are still • “The individual isn’t the value discussing cyber protection programs in here — it’s the list that’s the value”, general. said Rob Holmes, the CEO of We can look at neighbors, and one of IPCybercrime.com detective agency, them is Hungary. It has the highest secuafter the attack; rity information event in Eastern Europe • one of the biggest mistakes of for almost a decade, it opened Crysys, a Amazon is that after the time of malware research center that contributed purchase in 2009 from Zappos, they to the most complex and popular analysis were given a free hand in the mana- of our history as a tech planet - Stuxnet, gement and transfer of the credit did Flame, Duqu etc. It also has a much more what felt to them; developed CERT system and the list goes • Zappos sent an email to all its users on. and asked them to change passwords almost immediately.

What do we have? DefCamp - hacking & security conference!

The third edition of DefCamp 2012 @ Bucharest (http://defcamp.ro) is one of the most important initiatives of INFOSEC & hacking in Romania so far. Nearly 250 people are expected in the capital, who will attend over 20 presentations by speakers from five countries. The event is scheduled to take place between 30 November and 2 December at Bucharest’s Hotel Yesterday and promises a three-day conference held in best conditions, so that every participant can interact with a lot of people with extensive experience in INFOSEC. During the three days, participants will be able to watch many presentations made by people with experience in INFOSEC, can monitor the Wall of Sheep, can enter in DCTF competitions (DefCamp Capture the Flag) or will be able to have their site checked by the best team. The event touches more than 20 presentations topics such 0days, captcha breaking, mail security, digipass bypass, mobile security problems, DDOS, networking, P2P networks, D & D APT’s, social engineering, and the list goes on, presentations being supported both by specialists in Romania and abroad. During the event, the DCTF competition (DefCamp Capture the Flag) will be the online pre-qualification followed by a duel between the finalist teams. The competition topics are extremely varied and challenging - exploits, cryptography, steganography, programming, forensics, reverse engineering, these subjects being included in 30 items in the qualification stage. One of the news of DefCamp 2012 @ Bucharest is DHME (DefCamp Hack ME). Any participant can submit his website, application or project and the DHME team will handle the analysis and achievement of a security auditing for it. At the end of the event, those enrolled will receive one emailed report on the analysis made. So maybe there is a chance. :-)

www.todaysoftmag.com | nr. 6/2012

management

Agile, Crash Course

ny magazine we open or any conference we go, we’ll certainly come across an article or a presentation on Agile. Everyone talks about Agile and agility, and the experts came in huge quantities and any company, especially in software, claims to be Agile. Skeptics remain reserved and wishing the Agile fashion would disappear. However, the „fashion” not only does stay, but also there have been more than 10 years since it first appeared and it even seeks to develop if not explode.

Florian Ivan, PMP, ACP, CSM, MVP florian.ivan@rolf-consulting.com Project MVP

nr. 6/2012 | www.todaysoftmag.com

Nokia, Microsoft, Adobe, Google, Philips, Siemens, Yahoo are big names that bet on Agile. Given the huge stakes, we tend to follow them. Moreover, the „rigid” PMI (Project Management Institute) has even created special Agile certificate, named Agile Certified Practitioner (ACP). Though it was launched only a few months ago, ACP certificates are already over 1000 worldwide. So it seems a serious, growing and full of learning business. We can only give them due consideration. Agile is not a silver bullet. There are still many areas where the traditional waterfall approach, still gives a lot of results. Due to its iterative nature, Agile finds perfect application where the purpose of the project is not or cannot be defined in detail from the beginning and in environments subjected to frequent changes, whether a customer changes his mind every day or in a very dynamic market that involves successive changes in a short period of time. For most of us Agile means sprints, daily stand ups and backlog. This is right, but not complete. Agile is more of a movement, a trend or an attitude. I was just about to use the word „Philosophy” but this is a word that has so dull corners that it’s hard to discern what hides. Agile is a huge umbrella under which shelters more

concrete and more tangible things, such as those mentioned above: sprints, and retrospective reviews, product and sprint backlog. They constitute the more earthly part of the Agile philosophy namely the tools provided by some methodologies. Agile is not a methodology, it is a group of methodologies. Among the most famous are: Scrum (so famous that it is often confused even with Agile), XP (Extreme Programming), Kanban, Lean, FDD. The biggest problem with the methodology is that it does not work. Does it seem a strange statement? At least that’s what I keep hearing from many companies. Whatever methodology they’d use (although in 99% of cases it is Scrum), most of the people say it is really good but it must be adapted to a specific company. Because, right, each one of us is very special and we do not fit any methodology. The first question that comes to my mind in such situations is „while using Agile?” Followed invariably by the answer „it is just being implemented”. Beyond the perplexity that we can sometimes judge a methodology so hard, without having sufficient knowledge, we recommend to all those who are just starting out Alistair Cockburn’s ShuHaRi model (Agile Software Development: The

TODAY SOFTWARE MAGAZINE Cooperative Game, 2007 or simply Google it) in which one of the founders of the movement is just talking about it. Before making any judgment, we should use a methodology to discover its limits. Only then can we says that it has limitations. Suffice to think of the big names that have been given at the beginning of this article and think that if the Agile methods work for them but not for us, we probably do something wrong. And now let’s quickly look at each of the methodologies described above. Let’s start with the most overrated between them, namely Scrum. This methodology like all others is characterized by iterative and incremental production and of the final goal of the project. This means that we first make a skeleton on we keep coming back until it is similar to what the customer wants. Pay attention, the client does not often know what he wants and actually needs these functionality increments to find out. The typical roles of the Scrum project are: Product Owner (responsible with maximizing the value of what is delivered), the development team (responsible for delivering a potentially releasable functionality increment,) and Scrum Master (responsible with sharing the Scrum concepts to the team and following specific processes). The documents most commonly used in Scrum are: product backlog (a prioritized list of requirements depending on the customer value of each functionality), sprint backlog (a subset of product backlog which will go into production in the immediately following sprint), burndown / burnup charts (to illustrate the evolution of cumulative progress). The ceremonies in Scrum are: daily stand-ups (the daily team meeting in which each member says what he worked yesterday, what is working today and what potential obstacles or problems he faces), sprint planning meetings (in which the Product Owner and the team decide what will be delivered in the next sprint), sprint review (discussing what has been delivered in the prevoius sprint) and sprint retrospective (which considers how the team worked if they met all processes, and so on). The second methodology in order

of fame and spread is XP – Extreme Programming. No client would certainly like his project to be managed in a deal that includes the word „extreme”. It is therefore necessary to understand better what lies behind this methodology and, why not, even present it to a customer as the “insurance policy „for his project. The Values XP promotes are: communication, simplicity, courage, feedback and respect. When you read below about XP practices, you will surely piece those values together and you will understand what they are about. The roles in XP are (you may want to take a look above the roles of Scrum before reading on): coach (he is a mentor and a facilitator for the team), customer (he determines what will be developed and in what order), programmer (I think it is obvious what he does!), tester (we immediately see that XP has a great focus on testing). The XP practices mentioned above are those transforming the theory in something very practical and pragmatic. These are: small releases (remember the incremental?), whole team (XP is a kind of team of musketeers in which all work for the team), system metaphor (the functionality to be implemented must be described as clear), test-driven development (tests are established and still written before development), simple design (the customer must quickly see something functional), refactoring (cleaning the code without changing its effect), continuous integration (each member must offer his own contribution all the time), collective code ownership (the whole team working on code and whenever team members can rotate between them), planning games (Google „planning poker”!) coding Standards (without which you cannot have the code shared by the whole team), sustainable peace (everyone at the same pace throughout the project = no overtime), pair programming (two programmers on a computer working on the same code) and customer tests (the client, very involved in the project is part of the team and brings his contribution). It doesn’t seem so extreme, does it? Kanban is one of the newest Agile methodologies appeared in the landscape and comes, just as I suspected, from the Japanese. Kanban looks at all your flow

project, with all its stages and phases and focuses on the limits of what is called work in progress. Things are very simple and start from the principle that if you start several things at once, you will not probably finish any, and you won’t do a great job. The secret for you is to limit the work in progress after you know the limit to your best performance without making others wait for you. Lean is very fashionable along with Kanban, with which is also similar. Lean looks at all project flow and divides all activities in activities that bring value and residual activities (called waste). As you might have guessed, the entire secret is to minimize waste activities so that most of the work done in a project should be valuable. And using lean you can find out how much you spend on Facebook during a project. And yes, Facebook is considered waste! FDD (Feature Driven Development) is very popular especially in developing software applications. The process has five steps and aims: building a general model, building a list of feature sites to be developed, and planning depending on the features and then design and development of each feature. Those driven by curiosity will find that there are other methodologies noteworthy (Crystal and DSDM are only two of them) but those mentioned above are the core of the Agile movement. It seems quite simple, doesn’t it? Unfortunately, it is a big problem with their implementation. Just because everything seems so simple, the approach is often shallow, leading to rapid failure. I conclude by mentioning once again the ShuHaRi model with two recommendations: make sure you have someone that knows the chosen methodology and avoid criticizing a methodology in less than one year of implementation.

www.todaysoftmag.com | nr. 6/2012

misc

Gogu and the Big Picture

Simona Bonghez, Ph.D.

simona.bonghez@confucius.ro Speaker, trainer and consultant in project management Owner of Confucius Consulting

nr. 6/2012 | www.todaysoftmag.com

Gogu’s blood was boiling and he felt the pressure inside his head growing slowly but irreversibly. He suddenly became aware that he will explode and the feeling filled him with an awkward tranquility. All his emotions were erased, leaving him with just a bitter taste... It was time for a reaction, now or never. He interrupted Chief: - Come on, Chief, it’s just not fair ... You’re stuck on those two weeks of delay given that we managed to complete the project successfully, the client gave his acceptance, we gained profit , I made savings on the risk budget ... And the client asked us to work with him again... Really, it’s not fair! Gogu’s voice was calm and nobody said anything, all eyes that were previously fixed deep in the meeting room floor, now turned to Chief. It was clear that Gogu had stated their frustration too: they had really done a good job. And conditions hadn’t been quite ideal. Until this meeting with the Chief they had been very proud of what they were able to achieve, they had congratulated each other... - Hmm ... – Chief said, somewhat discouraged. „Don’t tell me he thinks I’m right”, Gogu thought slightly puzzled. He was already on track and wanted a clarifying discussion. And most of all he was ready „to fight”: „I really want a formal recognition of our merits”, he said to himself, decided not to drop out so easy. - Yeah ... – Chief continued with the echoism. It was clear he was processing intensely, which was somewhat new of him. Rarely someone managed to catch Chief on the wrong foot; he always had a reply, always the last word. Well, that’s why he was the Chief. - Hmm ... – Chief repeated. “Listen Chief, are you going to say something or not?” The question was not asked loudly, obviously, but it had almost dropped from Gogu’s mouth. Chief fixed his voice once more, looked incisively at Gogu, then at each one of them. It was one of those moments in which one could cut the silence

with a knife. - Yes. (Silence). I think ... (silence again). It seems Gogu is right this time. (And silence again). Gogu made desperate efforts not to show his triumphant smile but that didn’t seem to work very well: - Come on, Gogu, save that grin of satisfaction for later! You blew it with the timing but otherwise, the project was indeed completed successfully and you deserve a praise rather than observations. I’m surprised that those grudgers accepted the project but the truth is that you tried hard and you gave the customer what he wanted. Well, I have to admit, you deserve congratulations. Well done! How about we go out to celebrate? Chief ’s tone changed totally, as if it wasn’t him the one who doubted the results only a few minutes before. The team was in a fog and eyes were moving from Chief to Gogu, from Gogu to Chief. Even Gogu’s internal monologue was reduced to silence. - Well, if you have no objections we’ll make a reservation for six o’clock at the guys across the street, Chief smiled slickly. It’s on me... At home, Gogu was still wondering about the quick change of Chief ’s attitude. He was sunk in his favorite chair when his son came back from football. The vacation had just started and he was obviously quite happy. Knowing very well what would be the first question of his father, the young man appeared before him with the block. Ten, ten, nine, ten, SIX?!, Ten, nine, ten, nine ... - What’s with the six? How did it come to this average mark, what happened? - Come on, Dad, I’m almost the nerd of the class. Can’t you see what that average is for? Why does the six matter, when all the other grades are high? Do you really want me to be a genius at drawing? Gogu had a flash regarding the early episode from work. “Oh, God” - he thought – “I act just like Chief ”. I’m missing the big picture... But he recovered quickly. - Come on now, you’ve lost your sense of humor?...

sponsori