No. 29 • November 2014 • www.todaysoftmag.ro • www.todaysoftmag.com
TSM
T O D A Y S O F T WA R E MAG A Z I NE
Share Cluj - Technical Journal
Interview with Peter Lawrey
Ancient Advices for a Product Owner Client communication Puppet-based automation 5 greșeli frecvente în securizarea rețelelor windows What passwords do when no one is watching
Why Agile? Java FX Visual Components Bionic Bird Startup files: Foody Clean Code – Boundaries, Error Handling and Objects How an outsourcing company can become a trusted partner
6 Interview with Peter Lawrey Ovidiu Măţan
8 Bionic Bird Laurence Blestel
10 Startup files:Foody Radu Popovici
12 Communication in a startup Mircea Vădan
14 How to Web Startup Spotlight Irina Scarlat
17 Share Cluj Technical Journal Silvia Răusanu
20 How an outsourcing company can become a trusted partner Călin Lupo
22 What passwords do when no one is watching Teodor Olteanu
25 Client communication Bogdan Mureșan
28 Why Agile? Alexandru Bolboacă
31 Java FX Visual Components Silviu Dumitrescu and Diana Bălan
34 Puppet-based automation Claudiu Demian
36 Clean Code – Boundaries, Error Handling and Objects Radu Vunvulea
38 Ancient Advices for a Product Owner – “Sun Tzu’s Art of War” Liviu Ştefăniţă Baiu
40 Filling the gap between business and technology on automation testing Mădălin Ilie
editorial
I
Ovidiu Măţan
ovidiu.matan@todaysoftmag.com Editor-in-chief Today Software Magazine
t looks like education has increasingly become the focus of the business environment, which is aware of the necessity of some future employees who should be as well prepared and as competitive as possible. The meeting of the HR group of the Cluj IT Cluster, in which I took part this summer, also included, among other important subjects, the poor level of preparation of the students. This fact is generally established by those who are working in the domain. The answer of the universities’ representatives has justified this actuality by drawing the attention to the reduced amount of time dedicated by the students to study, since most of them are already employed from the 2nd year. A perfectly valid point of view if we think about the fact that, after eight hours of work, it is not likely even for a very good student to be able to also learn something for school. Beyond the rhetoric of explanations and justifications come from both directions, it is advisable that an understanding be reached, an agreement meant to dilute this crises situation a bit. Maybe now it is the time to take into consideration a unified approach of the companies in Cluj, which should only have an internship during the summer holidays, and the hiring should happen only after graduation. Moreover, the synchronization with a private scholarship system, I think, would offer the chance of developing some exceptional generations in this field. Two events that unfolded this month in Cluj and which I took part in, give us the hope that this gap between the expectancies of the business environment and the degree of preparation of the employees will be significantly reduced. I am talking about Academy+Plus, a program that enjoyed for its inauguration the presence of the Ambassador of France to Romania, Francois Saint-Paul, and of other local and national official people. The program of the Academy, taken up from the School 42, which is one of the biggest private school of Informatics in France, proposes a three year study program that would train programmers very well in respect to the team work. The second program is dedicated only to students. Called IT Brainiacs, held and organized by Telenav in collaboration with Apex Edu, this program will unfold as a mentorship on the period of one school year. We wish them good luck and we are glad to see more and more private initiatives in this domain! This month, the magazine has proposed the generic theme of communication. Articles such as: Client communication – A tough game to play, Communication within a start-up, ShareCluj – Technical journal or How can an outsourcing company become a trustworthy partner, all develop this vast theme. In the startup area, we present a first article of a series entitled Startup Files, the startups registered in the How To Web Startup Spotlight competition, the French project on the IndieGoGo – the Bionic Bird. The Agile concept is discussed by Alexandru Bolboaca in the article called “Why Agile?”. We offer a technical approach dedicated to programmers in the articles: Java vs. Objective-C, Puppet based Automation or JavaFX Visual Components. We hope we have aroused your interest and we invite you to read the Today Software Magazine online on weekly bases, as we are going to publish new articles within a few days of each other.
Ovidiu Măţan
Founder of Today Software Magazine
4
no. 29/2014 | www.todaysoftmag.com
Editorial Staf Editor-in-chief: Ovidiu Mățan ovidiu.matan@todaysoftmag.com Editor (startups & interviews): Mircea Vădan marius.mornea@todaysoftmag.com Graphic designer: Dan Hădărău dan.hadarau@todaysoftmag.com
Authors list Liviu Ştefăniţă Baiu
Mircea Vădan
Senior Business Consultant @ Endava
www.clujstartups.com
Claudiu Demian
Irina Scarlat
Systems Administrator @ Yardi
PR Manager @ How to Web & TechHub Bucharest
Bogdan-Alexandru Vlăduț
Mădălin Ilie
liviu.baiu@endava.com
claudiu.demian@yardi.com
Copyright/Proofreader: Emilia Toma emilia.toma@todaysoftmag.com Translator: Roxana Elena roxana.elena@todaysoftmag.com Reviewer: Tavi Bolog tavi.bolog@todaysoftmag.com Reviewer: Adrian Lupei adrian.lupei@todaysoftmag.com
Bogdan-Alexandru.Vladut@ msg-systems.com Java Developer @ msg systems România
Today Software Solutions SRL str. Plopilor, nr. 75/77 Cluj-Napoca, Cluj, Romania contact@todaysoftmag.com www.todaysoftmag.com www.facebook.com/todaysoftmag twitter.com/todaysoftmag
ISSN 2285 – 3502 ISSN-L 2284 – 8207
irina.scarlat@howtoweb.co
mădălin.ilie@endava.com Cluj Java Discipline Lead @ endava
Alexandru Bolboacă
Bogdan Mureșan
Agile Coach and Trainer, with a focus on technical practices @Mozaic Works
Director of Engineering @ 3Pillar Global
Silvia Răusanu
Călin Lupo
Senior Developer @ ISDC
Client Engagement Manager @ Endava
Radu Vunvulea
Silviu Dumitrescu
Senior Software Engineer @iQuest
Java Line Manager @ Accesa
Laurence Blestel
Radu Popovici
Relations presse @ XTIM
Associate @ Gemini Solutions Foundry
Teodor Olteanu
Diana Bălan
End User Computing Lead @ Betfair
Java developer @ Accesa
alex.bolboaca@mozaicworks.com
Silvia.Rausanu@isdc.eu
Made by
mircea.vadan@gmail.com
Radu.Vunvulea@iquestgroup.com
laurence@mybionicbird.com
Teodor.Olteanu@betfair.com
bogdan.muresan@3pillarglobal.com
calin.lupo@endava.com
silviu.dumitrescu@accesa.eu
radu.popovici@geminisols.com
Diana.Balan@accesa.eu
Copyright Today Software Magazine Any reproduction or total or partial reproduction of these trademarks or logos, alone or integrated with other elements without the express permission of the publisher is prohibited and engage the responsibility of the user as defined by Intellectual Property Code www.todaysoftmag.ro www.todaysoftmag.com
www.todaysoftmag.com | no. 29/november, 2014
5
interview
Interview with Peter Lawrey, special guest at Cluj IT Days 2014
P
Ovidiu Măţan
ovidiu.matan@todaysoftmag.com Editor-in-chief Today Software Magazine
6
no.29/2014 | www.todaysoftmag.com
eter Lawrey is a Java expert who appeared on the third position in the StackOverflow chart. We have the pleasure to have him as special guest to Cluj IT Days 2014, where he will deliver a technical presentation on “Hot topics in Java Performance Tuning”, as well as a presentation on his experience as an independent consultant: “What I have learnt by becoming an independent consultant”. Moreover, Peter is having a one day workshop on Java Performance (you can find more details on www.itdays.ro). Thus, I had the pleasure of inviting Peter to answer a few technical questions before the event. [Ovidiu Mățan] How do you see Java 8 from a performance perspective? [Peter] Perhaps the most significant performance improvement was the extension of Compressed Oops to 64 GB memory sizes. If you have a heap of between 32 GB and 64 GB you can get improved memory efficiency. You can use compressed oops for 128 GB heaps, but it is unlikely to help at this point. Often more important than CPU performance is developer performance. In this regard adding lambdas and the stream API could make a big difference if you can use them effectively. A developers usually cost more in a year than an expensive server, so saving development time is important, often more important than saving CPU.
Can we consider any classes that behave better from a memory usage point of view than in java 7 or 6? [Peter] The JSR 310 has an improved DateTime library, it is far better than Calendar for many reason, performance is one of them. Optimizing applications requires a proper and a repeatable way of testing. Do you usually use a framework or other mechanism in achieving this? Our clients use Chronicle Queue to record every input to a system for day(s) at a time. Replaying this persisted queue allows them to recreate obscure bugs and investigate difficult to find performance issues. Trying to re-create performance problems with a synthetic test is a good
TODAY SOFTWARE MAGAZINE
start but its hard to find more than half the performance issues that way. Instead it is better to use a day or a week of real work load. In the workshop agenda, we have this topic Low level Java programming, how to make using Unsafe safer? which sounds really interesting. Can you give a hint to our readers? [Peter] In short, you want a library which encourages you to use Unsafe, safely. We use a library we call Java-Lang which has a thread safe, 64-bit versions of ByteBuffer which allows you access shared memory mapped files, is a relatively safe manner. What should be more interesting is you can use data structures we built on this library to support queues, Maps and Sets which have simpler interfaces to work with. Both Queue and Map can persist and share data between processes on the same machine at rates of 30+ M operations per second. Something which would be impossible to do in pure Java any other way. e.g. You can write Map<String, String> map = ChronicleMapBuilder.of(String.class, String. class).createPersistedTo(file); // you can now use the map as // normal. map.put(“hello”, “world”); String s = map.get(“hello”);
What is magic about this is this entry is visible in less than a micro-second to all JVMs on your machine and persisted. It
makes a simple and fast way to store data. Note: as the map is persisted to disk, it is only limited by the size of your free disk space, not your heap size. As its off heap, it doesn’t contribute to your GC pause time, no matter how big it is. It also takes little time to reload on restart as it doesn’t need to be loaded into the heap. A 1000M entry map can take 10 ms to be ready to use.
your CPU caches with garbage every fraction of a milli-second and your threads work more effectively. The L1 cache is not only 10-20x faster than your L3 cache, but the L3 cache is a shared resource so your threads start getting in each others way the more you use the L3 cache and your program doesn’t scale ass well when using more cores.
In your latest blog article (link) Chronicle Map and Yahoo Cloud Service Benchmark your proposal was to use 100 bytes values for key -value pair in order to get better results. Still, you mention about garbage collector effect in the tests. How can we also minimise the intervention of the garbage collections in the high performance code.? I n t h e Ya h o o C l o u d S e r v i c e Benchmark, the garbage it produces eventually becomes a constraint. At about 3 million reads/writes per second the benchmark can be using 90% of CPU. The best place to start to reduce garbage is to run a realistic tests in a memory profiler. I use YourKit but there are other good commercial profiles. Once you can see where most of the garbage is being created you can replace these with alternatives which create little or no garbage e.g. use primitives, use plain objects instead of Maps, recycled mutable objects, or off heap data structures. The biggest benefit to reducing garbage is not just the GC pause times, but how fast your code runs between pauses. Reducing the allocation rate can improve throughput by 2-5x excluding GC pause times. Lower allocation rates mean you are not filling www.todaysoftmag.com | no. 29/november, 2014
7
startups
Bionic Bird
B
etter than a propeller driven drone, the Bionic Bird: the first lifelike bird, controllable by hand movement, is the object of a crowdfunding campaign on Indiegogo. Edwin Van Ruymbeke, chief executive of XTIM, aeronautical engineer and inventor of the Bionic Bird, is presenting an ornithopter that can fly with bird like agility. XTIM has been working on this extraordinary smartphone controlled bird for 3 years.
The different stages of this crowdfunding campaign
Launched on the 21st of October, the French company XTIM chose this international crowdfunding platform which is especially focused on technological innovations, to confront their bird to the approval of the public. The first step in our crowdfunding campaign ($ 25 000, have already been collected) is to create a number of limited edition birds in view of being a ‘collector’s item’. The 1000 early birds are offered at the price of $100, significantly cheaper than the future proposed retail price. They will be shipped for the holidays. The second step ($ 50,000 also reached), will enable the development of the Bionic Bird App, « the FlyingApp », on Android OS. Added to the originally scheduled IOS application, it has broadened its list of compatible smartphones to cover the vast majority of the existing devices on the market. It will take about 2 months for the development of the app, the adaptation of the UI to the numerous Android models and finally the delivery on Google Play. This holds the promise of availability of the app for users by the end of December. Today, we are moving on to the 3rd stage, a real technology gap to fill! Its goal will be reached as soon as the $200,000 funding is achieved: controlling the tail remotely. Through the use of bio-metal (shape memory alloy) the actuators will be able to control the tail angle remotely, which will open the way to new flight capabilities: aerial stunts like looping, super slow flights, inch-perfect trajectories. This new step is essential on the way to the final project of a full features drone Bionic Bird. The fourth step ($ 400,000) is to control the Bionic Bird hovering. It will be stable enough in this flight configuration
8
to shoot sharp movies, which leads to the final stage ($ 800,000): the insertion of a micro camera inside the body of Bionic Bird. While observing real birds, Edwin Van Ruymbeke has devised and patented a steering system using the wing distortion, allowing quick and immediate changes of direction. The adjustment of the tail incidence allows the bird to fly inside as well as outside. In the open air, its range is 100 yards, its speed 12mph. The Bionic Bird weighs only 9.3 grams, for a length of 6.7 inches and a wing span of 13 inches. It has 2 processors, 2 motors and a battery, as well as a patented mechanism similar to clockwork. Bionic Bird charges on its egg by a magnetic contact in less than 12 minutes.Using the egg as a nomad charger, Bionic Bird can manage 10 flights of up to 8 minutes. And what is more, the magic of mimicry, the flight of Bionic Bird is so real that the other birds think it is one of them. “Over many years, I have worked for the firm of my grandfather and my father, inventors of TIM, the well-known elastic propelled wing flapping bird. As part of my aeronautics engineering course I have studied a bird’s flight and dreamt of finding a way to replace the elastic propelling the bird by an electrical motor and a battery, so that it could be radio-controlled. It has become possible only with the arrival of newer mobile phones, which are lightweight and compact, as well as the development of micro-batteries (LiPo) and micro-motors (coreless).It was not possible beforehand to have an electric bird light enough to fly at slow speed with a such low wing span After years of research, the Bionic Bird has arrived! The first prototype flew beautifully, better than I had hoped...New doors have been opened.” - Edwin Van Ruymbeke, an engineer from a family of inventors.
no. 29/november, 2014 | www.todaysoftmag.com
In order for us to find out more details, I asked Edwin Van Ruymbeke a few questions: What is the biggest change between your Bionic Bird and the mechanical birds your dad und granddad built? Actually, the biggest change in term of functionality, is that it is able to fly a much longer time (8 minutes vs 8 seconds), to be remotely controlled (by a smartphone), and to have an adjustable flying speed that
allows to fly also indoors. Technically, the challenge was to replace a simple rubber band of 3 grams, by 2 motors, a battery, 2 gearboxes and a printed circuit board with 2 CPU for an even lower weight to wingspan ratio. Our Bionic Bird weighs 9 grams for 33 cm of wingspan. The original TIM weighted 16 grams for a 40 cm wingspan. This is achieved by a design without any concession to fight against weight, with ultra-miniaturized mechanics, the choice of the most advanced materials and components that can be found today. And a set of innovative solutions that have been patented. What’s the name of your grandfather or father who invented the first mechanical bird? Can you tell me a little bit more about their business? Did they sell them, was this your family business? My grandfather Gaston, and father Gérard Van Ruymbeke invented the first mechanical bird that could fly by flapping the wings and it was sold as an industrial product. They created a toy company together and have been manufacturing this
TODAY SOFTWARE MAGAZINE bird since 1969 until now. It was a great success worldwide in the 70’s, and it is still sold nowadays. I have been
working with them for 20 years. Now I created my own project and company, but my brother is still selling the original mechanical bird through the family company De Ruymbeke SARL. Is it proven that they were the first to invent a mechanical flying bird? Yes, it is proven and well known in the toy industry as a famous product, unique on the market. My father owns the patent. All other similar products you can find are copies that have never been allowed to be sold in western countries or Japan thanks to the patent protection. You can find them only in Asian countries. What was the biggest technical challenge you had to overcome to build the Bionic Bird?
As explained above, the challenge N°1 is to reduce the weight and size to its very minimum. The second is to improve drastically the efficiency of the wing flapping system. Compared to a propeller system, we have the disadvantage of being an alternative movement, which theoretically wastes a lot of energy only by inertia. You have to accelerate / stop / accelerate the wings in each cycle. A propeller just rotates and can forward all its power to the air. After months of study, our wings reached an efficiency close to those of propellers. With an identical motor, the vertical thrust of our bird is the same as a toy helicopter you can find on the market. In the video it looks like you control the bird by weaving your smartphone around what is the technic behind this? How is the bird exactly controlled by the app or gestures?
W
e
us e t he
sensor included in the smartphones. The G sensor, the magnet field sensor. An algorithm calculates the tilt angle of the phone, and converts it into an order to the bird steering system. When you tilt the phone on the left (and proportionally to the angle) the bird will turn left (resp. right). The sensitivity can be adjusted through the app settings to adapt to anybody’s “feeling”. These very natural gestures to control the bird flying direction makes the user to feel he directly interacts with the bird, and after some training, “forget” the controlling device. It becomes much more intuitive than a standard transmitter.
It s t a r t e d i n my mind w h i l e I was doing the mechanical bird. At that time the technology of motors a n d b a t teries wasn’t light enough to achieve it. But I was waiting the time it will become possible, and that time finally came with the Lipo batteries and coreless motors. I’ve never been a trend follower. And I’m quite proud not to be the number one thousand to make a multi-rotor drone, and have developed something unique.
Is there a specific bird the Bionic Bird is modeled after or its flight behaviour is modeled after? The shape of the body and the proportion between body length and wingspan is inspired from a raptor. It looks like a “micro” eagle. Concerning its flying behaviour, its flapping speed is higher, and it will be closer to a pigeon. But with its very good gliding performance, it comes back closer to a bird of prey. The result is a mix. But the ones that love it most when flying in the sky, and come to play with it, are the swallows! What is your background? How did you learn the skills to develop the Bionic Bird? I am an aeronautical engineer. That’s what I learned in my studies, and I graduated from a French engineer school. But also during the years I improved the mechanical bird, I went much further in my studies than necessary for that toy. I created various prototypes, made calculations, programs to study the wing flapping principle. I also think that being an inventor is a state of mind. You have it all your life long, and bring piece by piece all the ideas or thoughts that will result finally in something totally new. Why a bird? Everyone is working on drones these days, why did you decide to build a bird instead? When I decided to make a bird was a longtime ago. It’s a project of a life.
Laurence Blestel
laurence@mybionicbird.com Relations presse @ XTIM
www.todaysoftmag.com | no. 29/november, 2014
9
startups
Startup files Foody - First restaurants loyalty platform from Romania
I
met Iulian and Vlad almost a year ago, when they came at our doorstep with an idea of an application dedicated to mobile platforms, called Foody. Iulian brought in his experience in the HORECA domain, Vlad, his technical expertise and Gemini Solutions Foundry the knowledge acquired during the 10 years of working with startups. So, we sat down at the table and started to re-turn the idea on all sides and polish it in order to define an MVP as good as possible, which would later be released on the market. A MVP (Minimum Viable Product) is a product that contains a minimal set of key features which allow it to be released on the market in the shortest period of time possible, on minimum effort and costs. Following the feedback received, there will be a new iteration, refining the product according to the requirements of the market, thus avoiding the scenario when “the perfect product that no one is using” is developed. Another definition would be: “The minimum viable product is that version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least effort. For Foody, the MVP looked like this: • The existence of two applications for the most used mobile platforms in Romania: Android and iOS; • By means of the applications: • The user could discover the nearby restaurants; • The user could book a table in a restaurant; • In exchange of the booking, the user would get a discount on the check.
10
At the moment, the Made by Apes team (Foody is a product of the Made by Apes team) was joined with fresh forces by Edmond and Cristian. Edmond has a background of over 12 years of experience in sales in the HORECA area, and Cristian comes with the experience of a successful business on the Romanian market in the domain of fuels, which has allowed them to continue the project on their own resources. With their help, Foody has added more than 100 restaurants in Bucharest and has gathered over 2500 users who make reservations on daily bases through the application. Their path does not end here, but Iulian will tell us more about that.
can help them choose a restaurant in other cities or other countries. We want Foody to become your best friend when eating out, a friend that can reward you anytime you go out. Where has this idea come from? [Iulian] The idea that gave birth to Foody was a rather simple one. Following a discussion with Vlad, we realized that, even though he is from Bucharest and I moved to the capital more than 10 years ago and we eat out quite often, we knew but 10-15 restaurants and a few shaorma places. And thus, our journey has begun… The first customer retention platform: we put the ideas down on paper and we realized we could build a bridge between customers and restaurants; the current relation is a rather cold one, not because of the quality of the products (as one can eat very well in many places), but due to the services and lack of rewarding the people who are loyal to a brand.
[Radu Popovici] Iulian, what does Foody actually mean? [Iulian Geana] Foody is the first client retention platform in Romania, dedicated to restaurants, pubs and cafés, meant to facilitate people’s access to their retention programs (discounts, special menus, vip rewards, etc.), through a mobile application. Are the restaurants open to the offered Moreover, Foody is the application dedicated to all the people who wish to eat out or solution? [Iulian] Restaurants are beginning to those who travel and need a guide which
no. 29/november, 2014 | www.todaysoftmag.com
TODAY SOFTWARE MAGAZINE do this, we need an investor. Besides the new locations, what should we expect from Foody in the near future? [Iulian] Bonuses and a game full of surprises, next to a new concept which will make you go out for an extraordinary and accessible culinary experience.
understand more and more the importance of retaining EACH customer that comes by different methods to offer people an extra reason to come back and turn them into ambassadors of their brand. Those who were the first to understand this already have visible results. Restaurants can use Foody as a platform for retaining their already loyal customers and at the same time for attracting new clients. Unlike other promoting channels, the results that come through Foody are 100% counted, as compared to a banner or advertisement in a publication, where the return is not something exact, but a mere relation. And the advantages of an application such as Foody vs. “An application specific to a single restaurant” are obvious: the number of potential customers you are addressing can be hundreds or even thousands of times higher, the costs are ten times smaller and the list goes on. For a business such as yours, the first steps are usually the most difficult. It is difficult to attract users on the platform if you don’t have many things to offer, and it is difficult to attract restaurants if you don’t have many users. How did you overcome this deadlock? [Iulian] I think the most important things are the performance, the speed of response and the capacity to swivel according to the results. Sometimes, however, the shortest distance between two points is not a straight line, but a curved line which by-passes the obstacles and helps you reach your goal. The steps were pretty obvious for us: we build the platform; we go to restaurants to register them in Foody in order to have a minimum base of locations and offers to make it interesting for the users and then, we start presenting it to the clients. The idea was quite well received by the restaurants, with a conversion rate of over 95%. Our experience in
the HORECA industry has helped us a lot here. Moreover, the fact that we also have a niche application, and not something general, helps us a lot to keep our focus on what we are doing. I can see that on Play Store you have some negative ratings. What has happened? [Iulian] Competition. It is an extraordinary thing that we also get negative ratings, since they show us where we are wrong and they help us a lot to increase the quality of our product. I believe that an application having 100% 5 star ratings is as real as Romania having streets without any pot holes. Coming back to what happened to us, we admit the fault is ours, since, one way or another, several persons outside Bucharest found out about the application, installed it and, obviously, had an unpleasant experience seeing that the nearest restaurant was hundreds of km away from them. We are working on a plan to extend Foody to all the big cities of Romania. But first we wish to establish a close relation with the users in Bucharest and the local restaurants, and afterwards we are going to proceed with the extension. How soon will we see Foody in other cities of our country? [Iulian] Within the next 6 months we believe we will be able to start in cities such as: Constanta, Cluj, Timisoara, Sibiu, Brasov, Iasi. It depends a lot on the results and fine-tuning in Bucharest. We very much wish to come up with a solution for the entire country. Especially given the fact that we are nationalists and we love Romania! What about in other countries? [Iulian] We wish Foody would help users find restaurants in the entire world in the future and have access to all the benefits offered by them. However, in order to
Do you consider the collaboration with Gemini Solutions Foundry to be useful? [Iulian] The encounter with Gemini Solutions Foundry has represented a key moment for us. The help and motivation you offered have helped us go on, when we were hit by despair we all feel when we start building something new and we face the first difficult problems that seem to have no immediate solutions. Your optimism and professionalism have contributed quite a lot to the development of Foody and we hope they will do that in the future, too. So, would you recommend young entrepreneurs to contact us? [Iulian] Without some help such as that offered by GSF, I believe the chances for a startup to grind to a halt are maximal. And we consider ourselves rather experienced in the industry we have chosen. Personally, I sincerely recommend to any entrepreneur who is at the beginning of their journey to collaborate with your company, since the help you can provide is priceless for a newbie. Starting from the technical expertise, code analysis, the Legal and Finance advice, design and user experience are advantages that GSF brings along, offering real chances of success to any startup. And the contacts on the Venture Capital side represent a “goldmine” for any entrepreneur. If we have stirred your curiosity, you can download the Foody application from the Made by Apes, and if you wish to see your favorite restaurant on the platform as soon as possible, please send an email specifying this thing.
Radu Popovici
radu.popovici@geminisols.com Associate @ Gemini Solutions Foundry
www.todaysoftmag.com | no. 29/november, 2014
11
startups
Communication in a startup
I
s clear that, as in any other project or organization, „communication” forms the basic of teamwork and human interaction, both regarding founders and users, or other stakeholders. So, from this perspective, I asked myself if I had to start a new startup, how would I do it? What advice would I give myself based on the experience so far? And the answer you’ll find below. I got in touch with the startups world almost 3 years now and so far I have been involved in UseTogether (with its spin-off - Momly) and ZenQ. In the same time, I had the opportunity to talk with other startup founders in the local community, but also with others present in the two accelerators that I attended (Launchub and TechPeaks). Internal team communication actually starts before startup. Rarely it happens for a startup to take off with a team whose members know each other superficially. Co-founders are like brothers/sisters and their trust in each other should be extremely high. In addition to this factor, a team needs a match in mindset and attitude. I encountered cases where the co-founders worked well together, but didn’t try to understand each other more or to keep in touch as friends; when hard times came, they failed to overcome them, just because they lacked a stronger connection. The larger the team is, the thinner the connections between them get, simply because the time spent with one or two people is divided, for example to 4 or 5 people and inevitably becomes less, so it takes longer to grow roots in this case. At the beginning of a startup, I think the focus falls mainly on strengthening the team and not on product development. If the product changes, it’s not a tragedy, but changing a team or a member of it generates a much larger conflict.
12
no. 29/november, 2014 | www.todaysoftmag.com
To have full confidence from the beginning is like driving a car with your eyes closed. The first weeks/months are exploratory, as a couple learning to dance waltz, one should get to know and feel that partner. I think it takes some time for expectations to be clearly defined in founders minds and then to be spoken. A vesting contract (containing how the shares will be divided and under what conditions they will be given to founders or employees) is a mandatory things to do, maybe not at first, but as soon the collaboration becomes constant . It’s a difficult talk, you feel like talking about anything else than that, but if delayed beyond measure then there’s no turning back, because meanwhile everyone’s expectations grew and are harder to put aside. I went through this process three times and each time I felt anxious when I approached the topic. To have a vesting deal does not necessarily mean the company should be formed legally soon after, so there’s no legal complication (unless you want to make it binding by law), but it serves to clear waters and doubts so founders may breathe relieved as they’s over it. Be sure that each
TODAY SOFTWARE MAGAZINE of them has this topic in mind, but often they wait for the subject to be opened by someone else. As for online internal communication, I used so far simple solutions: Skype (chat + video), private group on Facebook, Google Hangouts - these are known, everyone uses them and meet basic needs. But once I tried new generation solutions (www.slack.com, www.kato.im, www.hipchat.com), created for team communication, I realized that there are so many useful features: tags, chat-rooms, screen sharing, integration with dozens of other tools on teamwork and team management, all included in the same product. Lately, the trend of location-scattered teams increases and, rightly, provides greater flexibility, but often we forget about one required condition: the cohesion of the team. It is a very big difference between a team that meets every day or every few days and a team that has sessions/meetings as often, but online. Only if a team is cohesive and already functions well, can maybe try working a scattered as location, for a longer period. Otherwise, over time, enthusiasm and dedication fall, not from ill will, but simply because it takes human connection and online is much more difficult to sustain. Regarding external communication, moderation in PR activities is a common symptom, especially because founders believe that the product is not quite presentable. Yes, people will judge (some will also give feedback), but it’s better than over-protection which tend to show for the startup. Though we can call it „our child”, it must go out into the world; the sooner, the better. One danger here is an unexpectedly strong association made in founders mind between self and the startup. Surely, criticizing the startup or product is not a personal criticism brought to founders, so it should not be taken personally. Of course, the founders are responsible for the startup, but should not identify with it; not only this harms the startup, but also affect founders’ morale. Regarding communication with users, which often means a lot of emails on various topics at various hours, sometimes seems a chore, but it’s necessary especially with the first few hundreds of users. I remember a few times when I gave attention to a product and started using it after receiving an email from one of the founders. Although I’m pretty sure it was an automated email, it was written so simple and friendly that it left me with the impression that he was writing to me specifically. If I would have received a newsletter, I would have opened it (maybe) and after two seconds probably deleted it. Among all these emails and newsletters, it’s much harder to get one’s attention through a standard format. Ah, one more thing: make it short, what is more than 3 paragraphs (7-10 rows) is already too long to be read carefully. Overall, an issue rarely identified related to internal communication and attitude seems to be a lack of focus, both in the product and in the go-to-market approach. So many excellent features can be added, so many niches can be attractive as customers, that the energy dissipates between them and makes the effect in each direction to be lower, so also lower results. A startup, by definition, has low resources and clarity in focus helps enormously to be successful at first, just because it allows addressing an issue or a problem with all possible energy. „Focus, focus, focus!” is the mantra that founders should communicate every day to each other and to their stakeholders.
Mircea Vădan
mircea.vadan@gmail.com www.clujstartups.com
www.todaysoftmag.com | no. 29/november, 2014
13
event
B
How to Web Startup Spotlight presents the 32 teams selected to attend the program
ucharest, October 30th 2014. How to Web Startup Spotlight, competition and orientation program for early stage tech startups in Central and Eastern Europe, will bring together 32 teams from 10 countries this November. They will attend dedicated workshops and mentoring sessions and will get the chance to pitch their products on the main stage of How to Web Conference 2014, and also compete for the cash prizes of 20.000 USD offered by IXIA, main partner of the program. The third edition of How to Web Startup Spotlight garnered applications from early stage tech startups that build products Axosuits (Romania): affordable and meetings in local venues; in the fields of wearable devices, Internet Fastrrr (Hungary): equipment that of things, mobile apps, medtech or easy to use exoskeletons for medical use; Bethall (Greece): social sports pre- allows sailors to measure their exact speed ecommerce. The participants have been selected by a professional jury by look- dictions marketplace that connects sports over water (SOW) and detect the smallest ing at the team fit & experience, market betting fans enabling them to find & differences in speed caused by a trimming session or changes in weather conditions; size & trend, market validation, traction, publish predictions and match previews; fittter (Romania): health and fitness Bitrise (Hungary): platform that autocustomer acquisition cost, scalability, and mates iOS development in the cloud from mobile and web app that connects frequent overall feasibility. business travelers with handpicked health building through testing to deployment; coaches to provide them the tools to incorBlushr (România): mobile app that Who are the How to Web Startup Spotporate healthy habits on the road; helps teenagers aged between 13 and 17 to light 2014 participants? Geostep (Montenegro): app that find out which of their friends like them; 32 startups building products with CloudPress (Romania): hosted plat- enables businesses to create interactive disruptive potential in software, hardware, Internet of Things, mobile, or medtech form for designers to create responsive treasure hunts to get people to discover from Romania, Poland, Greece, Hungary, WordPress sites visually and publish them attractions, landmarks and hidden beauties through gamification; Ukraine, Serbia, Montenegro, Bulgaria, with one click when theyâ&#x20AC;&#x2122;re done; Latio Inc (Ukraine): customizable DailyOne (Hungary): crowdfunding Slovenia, and Moldova will attend How software development kit that enables to Web Startup Spotlight in between application for nonprofit organizations; Devicehub (Romania): web platform developers & companies harness the November 19th and 22nd. Meet the teams: 3Deva (Romania): hardware adaptor that makes sense of the data spewed out by potential of iBeacon technology without that converts your mobile device into a billions of connected devices and helps the getting caught up in the details; Lifebox (Romania): Two-tap private user make smarter decisions; fully-fledged VR and video hub; Ecoisme (Ukraine / Poland): service photo sharing app that reminds you to Attensee (Poland): online eyetracking insights for website conversion and electronic device that allows people share at the right time & adds the right frimonitor their energy consumption, while ends & the right photos to the album; optimization; Marketizator (Romania): The 3 in 1 Av a n d o r C o n s u m e r P r o f i l i n g also helping utility providers to reduce conversion rate optimization platform for (Romania): Open C onsumer Data power peaks; Ekipa (Serbia): app that connects ecommerce websites; Platform available as SaaS to the entire Oblico (Romania): location based ecosystem (sites, advertisers, agencies, groups of three friends with other groups of three friends and facilitates their mobile app that uses your LinkedIn ecommerce); information to help you connect to the right professionals at events and conferences; P o c k e t o Young spirit ( R oman i a ) : pl at Mature organization form as a ser vice A shared vision and hardware development kit to build Join our journey! wearables and make them communicate; P P r i n t e e (Romania): miniwww.fortech.ro robot pocket printer that allows the user
14
no. 29/november, 2014 | www.todaysoftmag.com
TODAY SOFTWARE MAGAZINE to print on the go, on every paper format; Project Wipe (Romania): electronic glasses that help people with visual disabilities in orientation and obstacle avoidance; Shipros (Romania): platform that brings together clients who need to ship goods with transporters in search for business on terrestrial shipment markets; StudyMentors (Bulgaria): Platform that connects prospective students at foreign universities with current students or alumni, helping the first make a documented choice of study destination and program; Style Jukebox (Romania): application that allows you to instantly access your entire music collection and enjoy high fidelity sound quality, on all your devices; Susurrus (Greece): platform that helps brands find the appropriate blogs that can promote their products through their content (blogposts) and measure the effectiveness of this sponsored activity through data analytics; Traderion (Romania): the game based recruitment and evaluation service for the finance industry; TravelStarter (Slovenia): alternative way of travelling that helps you get free travel rewards for helping local entrepreneurs (for example you receive free accommodation in the hostel you helped open) ViewFlux (Romania): online collaboration platform for designers which helps them improve their workflow; Vintage (Romania / Moldova): platform that brings together businesses and artists that showcase their art; VisionBot (Romania): a manufacture line for turning prototypes into industrial products that are in medium-quantity; Wr1st (Bulgaria): Bracelet for cashless payments, access control and user recognition at events. Between November 19th and 22nd, the 32 teams attending How to Web Startup Spotlight will attend dedicated workshops and one-to-one mentoring sessions and will meet with well-known professionals in the global tech industry, as well as with representatives of some of the most appreciated acceleration programs and early stage investment funds from Europe and beyond. Moreover, the startups will get the chance to pitch their products in front of the entire audience of How to Web Conference 2014 and will compete for the cash prizes having a total value of 20.000 USD offered by IXIA, main partner of the program.
How to Web Startup Spotlight 2014 is a program developed in partnership with IXIA with the support of Telekom Romania, Bitdefender, Grapefruit, Av ang ate, S of t l aye r, Cy b e r Gho st , Hub:raum, Domain.me, The Canadian Embassy in Romania, and Reea, and it will start on Wednesday, November 19th, with a pitching session at the end of which an initial ranking will be made. The jury will choose the 8 finalist teams that are going to compete for all the available prizes, as well as the 16 semifinalists that are going to challenge the finalists in their quest for the Best Pitch Awards, respectively the IXIA Innovation Award. In the second part of the day, the Startup Spotlight participants will attend the dedicated workshops and the Startup Spotlight Office Hours that are going to take place at TechHub Bucharest. On November 20th and 21st, the teams will have access to all the How to Web Conference 2014 activities and will end each of the days with one-toone mentoring sessions with professionals and experts in their fields of interest. How to Web Startup Spotlight 2014 ends on Saturday, November 22nd, with a late brunch during which the participants will
get the chance to build valuable connections with key personalities in the global tech industry. Startup Spotlight 2014 takes place during How to Web Conference 2014, the most important event dedicated to innovation, technology and entrepreneurship in South Eastern Europe. The 5th international edition of How to Web marks a new beginning for the conference and proposes an enhanced, more mature format, that discusses in depth several specific subjects. Thus, the main stage of the conference will bring into discussion topics related to future trends & entrepreneurship, while the specialized tracks about product management, game development and angel investments will help specific target groups gain valuable know-how in their field on interest. Early Bird tickets are available online on the conference website http://howtoweb.co/tickets until Wednesday, Thursday, November 13th. Irina Scarlat
irina.scarlat@howtoweb.co PR Manager @ How to Web & TechHub Bucharest
www.todaysoftmag.com | no. 29/november, 2014
15
communities
IT Communities
3
. November is the only month of this year when we have recommended that you take part in all the events of our calendar. There are important conferences, such as: Microsoft Summit, How to Web 2014, MOBOS, OSOM, DefCamp and, of course, the annual event organized by Today Software Magazine: Cluj IT Days 2014. We invite you to participate to all of them!
Transylvania Java User Group Community dedicated to Java technology Website: www.transylvania-jug.org Since: 15.05.2008 / Members: 594 / Events: 47 TSM community Community built around Today Software Magazine Websites: www.facebook.com/todaysoftmag www.meetup.com/todaysoftmag www.issuu.com/todaysoftmag www.youtube.com/todaysoftmag Since: 06.02.2012 /Members: 1890/ Events: 25 Cluj Business Analysts Comunity dedicated to business analysts Website: www.meetup.com/Business-Analysts-Cluj Since: 10.07.2013 / Members: 91 / Events: 8 Cluj Mobile Developers Community dedicated to mobile developers Website: www.meetup.com/Cluj-Mobile-Developers Since: 05.08.2011 / Members: 264 / Events: 17 The Cluj Napoca Agile Software Meetup Group Community dedicated to Agile methodology Website: www.agileworks.ro Since: 04.10.2010 / Members: 437 / Events: 93 Cluj Semantic WEB Meetup Community dedicated to semantic technology. Website: www.meetup.com/Cluj-Semantic-WEB Since: 08.05.2010 / Members: 192/ Events: 29 Romanian Association for Better Software Community dedicated to experienced developers Website: www.rabs.ro Since: 10.02.2011 / Members: 251/ Events: 14 Testing camp Testers community from IT industry with monthly meetings Website: www.tabaradetestare.ro Since: 15.01.2012 / Members: 1243/ Events: 106
Calendar November 12 (Cluj) Launch of the issue 29 of Today Software Magazine www.todaysoftmag.ro November 12-13 (București) Microsoft Summit 2014 www.mssummit.ro November 14-16 (Cluj) 3 Day Startup Cluj cluj.3daystartup.org November 19 (Cluj) 4th BigData/DataScience meetup.com/Big-Data-Data-Science-Meetup-ClujNapoca/events/216156792 November 20-21 (București) How To Web 2014 - TSM recommandation 2014.howtoweb.co November 20-21 (Cluj) MobOS Conference romobos.com November 23 (Cluj) #15 PM Meetup - Monitoring & Controlling Process meetup.com/PMI-Romania-Cluj-Napoca-Project -Management-Meetup-Group/events/213993162/ November 24 (Cluj) OSOM – Open Source Open Mind osom.ro November 24 (Cluj) Workshop-urile Cluj IT Days 2014 www.itdays.ro November 25-26 (Cluj) Cluj IT Days - TSM recommandation itdays.ro November 28-29 (București) DefCamp 2014 defcamp.ro
16
no. 29/november, 2014 | www.todaysoftmag.com
concurs
programming
Share Cluj - Technical Journal
W
hen I first heard about Share Cluj, the project was yet an idea, the team was still discussing about the purpose of the project, thinking how to involve more people and how to put Cluj on the world map. Initially, my role in the project was to be an ambassador but, by participating to a team meeting having as main subject the technical part, I immediately became a member of the team. Silvia Răusanu
Silvia.Rausanu@isdc.eu Senior Developer @ ISDC
The technical side was to build a platform to support the contest within the project: any person, from Cluj or not, should promote Cluj while traveling for business or pleasure by sharing their stories about Cluj to those who don’t know the city yet, and then upload on the social networks the “proof ”: a photo with the message “#sharecluj” at the location. The technical challenge I saw was the aggregation of the Facebook, Twitter, Instagram feeds based on the “#sharecluj” hashtag, and then present them on the project site: www.sharecluj.com
The first solution
I wasn’t too thrilled when I discovered that there are already sites/platforms which can do the targeted aggregation, but at least I had the opportunity to study them and pick the most suitable to the project needs: one that exposes an API which contains the feed with the contestants’ photos from the social networks. I’ve analyzed the offerings of Rignite, Hashtagr, TINT, TagBord; none of these were exposing the API I wished for, nevertheless, being paid services, I assumed that I can discuss with the people maintaining the platforms and we can figure out a solution to integrate as fast as possible, and launch the project as soon as possible.
It was already June - we were aiming to start the contest by July. While waiting for answers from Rignite and TINT, I started doing tests for certain hashtags I kept on seeing in my Facebook feed. The things were not great at all, I was hardly finding anything of what I was expecting, and by no means could I find all the content - how could you organize a contest when some contestants are registered and others aren’t? Therefore, besides the questionable integration with the site sharecluj.com, another, more difficult problem arose: we couldn’t use any of the existent services, thus I had to make everything from ground zero!
The true solution
When the deadline was getting closer, and the technical side was far from being solved, you can imagine that I wasn’t too happy or too confident that I would be able to finish everything on such a short term. Sad as I was, I went to work, and distrustfully, I asked my colleagues, Călin, Dan, and Răzvan, if they cared to do some technical volunteering. I don’t know if my mood convinced them or if they saw the same challenge I saw initially, but in only 10 minutes we had setup a meeting at Dan’s place, with a glass of wine, to make a plan
www.todaysoftmag.com | no. 29/november, 2014
17
programming Share Cluj - Technical Journal
on how to implement sharecluj.com. By the end of the day we got also the functional specifications from Alina, who, from the project manager, has transformed instantly into a product owner. Although the temptation to experiment with new technologies is big when you have at hand a green field project, we quickly decided to use Java as base-technology, and known frameworks: Spring MVC, JDO. The cost of the project needed to be small, so it was off the table to rent a server, and we’ve decided to use something new: Google AppEngine; with a free quota big enough for data storage, database operations, instance-hours, indexes, deploys, etc., AppEngine proved to be the best for the project. The integration with the social networks was supposed to be done by writing clients for the APIs exposed by each of the networks to get the posts’ metadata and store them in a database.
The implementation
To make sure that we were going to finish everything that our product owner, Alina, had requested from us, we needed to move the deadline towards the beginning of August. The implementation of each point was done based on priority, according to the risk we thought it could represent. Web applications based on Java and Spring MVC were nothing new for the freshly-formed team, so the first step was to investigate the GraphAPI from Facebook - Facebook, being the most used social network in Romania (thus the most relevant), but also the least present platform while testing the hashtag aggregators, was presenting the biggest risk. While there was the possibility to search in the application by a hashtag, I had high expectations from GraphAPI, to offer me exactly what I wished for: the posts with the hashtag “#sharecluj” – no chance of that! I learnt about the alternative to use the search API for keywords by using the hashtag; the search was working by bizarre rules: some posts were showing up, others weren’t. I made experiments on my
18
no. 29/november, 2014 | www.todaysoftmag.com
personal account: I posted test messages containing #sharecity (I didn’t want to ruin the release); I’ve waited a day, a week, nothing; besides, in a short time the API was becoming obsolete and retired (it’s no longer available at the moment). While searching for explanations, I stumbled upon the FAQ section of TINT where it was explained that in order to have the entire feed from Facebook a workaround was required: either post on a Facebook page or tag a user on the photo. Not the most professional solution, but we all agree that it was the only one. The good news from Facebook was that for authentication they had implemented OAuth2 and it was also working offline, from a cron job - as we were planning. On top of GraphAPI, plenty of clients were written, from which we have chosen RestFB - easy to use and extensible. After the experience with Facebook, the general expectations towards any API were low; however, Twitter (the next one on the risk scale) had what we wished for: a simple API, based on hashtags. According to the description of the endpoint, Twitter was not guaranteeing that all the tweets with a certain hashtag will be returned as there is an automatic filtering based on popularity/relevancy; the alternative is to connect and listen to a public stream. In this case, another difficulty has appeared: if we were going with the stream, then another AppEngine instance was required - which would have passed the limits of the quota. Taking into account the costs, but also a possible consistency in procedure, we chose to use the mentions API (one user mentioned it in a tweet). Fortunately, the integration was simple: we used a Java client for the Twitter API: Twitter4j. Instagram was integrated later than the other networks, and the solutions did not require any concessions. I was happy to notice that Instagram has an API per hashtag, unfiltered, the only limitations being on the number of retrieved results - at each call, the newest results are retrieved, and the full state of the post is not held (through the API). For Instagram API, there aren’t too many clients, but the one picked, jInstagram, was good enough. About authentication, Instagram also implements OAuth2, but it cannot be used offline (for a cron job), but exact the used API (tags/{tag}/ media/recent) can be used only with a client_id. I very much enjoyed to get acquainted with the whole Java AppEngine ecosystem - I was able to use all the frameworks I wanted, without any issues. Firstly, I didn’t had to worry to have the code public before it was valuable - to each application there is a Git repo, you cannot clone it directly, but via the SDK. Then, for Maven integration, there is a management plugin, and also an archetype for web projects. For the database integration, you can JPA or JDO (I chose JDO). Also, the support for cron jobs is included, having as prerequisites the existence of a REST service
TODAY SOFTWARE MAGAZINE and of a configuration file. The web application built with Spring MVC exposes REST services both for getting data from the social networks, and also to make access to the data for the web interface. All the shown data is brought asynchronously, via Ajax calls.
The release
After all the bad surprises from unexpected places and the help from respectable tools, we got to the following design, which was released (successfully!) on the 4th of August, exactly on time. Immediately after the release, almost the entire development team went on holiday. Nothing bad happened; the application was stable (although no official tester was in the team). However, in time, Facebook hit again! While the project was getting more known, and photos with “#sharecluj” were uploaded in different manners, I’ve discovered more problems and lacunas in Facebook’s API: some photos, although they were following the entire (complicated) procedure, for no reason, weren’t retrieved by the service. I declared a bug in August which, only at the end of October, was solved, but not completely, there are still some contestants not registered - thus, I’ve declared a new bug.
Where are we now?
Three months after the project was released, the application is still stable. Of course, minor adjustments were done in order to correct some glitches or to add more information. It was, and it will continue to be until October 2015 a very interesting experience; I never thought I’ll get to know the social networks so well, or that I would declare defects at Facebook, or that I would do deployments to production from my couch at home. To sum up, I’m happy that I have contributed to the Share Cluj project and that we have managed to put Cluj on the map in 36 countries already, some really exotic: Senegal, Singapore, Puerto Rico, Australia. Let’s all continue to “Share Cluj”!
www.todaysoftmag.com | no. 29/november, 2014
19
management
How an outsourcing company can become a trusted partner
T
he first challenge of any outsourcing company is to get clients. Once (and if) you do, the pressure moves on to keeping the partnership going and growing. To keep things on an honest side, in the beginning of the relationship with your new client you are far from being partners (even further from trusted partners). You are considered a vendor and in the beginning there will be a normal and expected dose of scepticism. But the relationship can evolve and it may go through the following stages described in the lines below. I didn’t come up with and can’t take credit for them, but I find them to be very valid (source: www. trainingindustry.com).
Approved Vendor You have a good pricing model and a good (enough) reputation. Congratulations, you’re on their approved list. But you are not perceived as having any competitive edge over other vendors.
Preferred Supplier
do you develop the relationship with your clients? What is the journey from Approved Vendor to Trusted Partner? Looking back at the trust relationship you have with your vendors, you can identify some actions that got you to this point. I am sure that there are many ways to get to be a Trusted Partner, but here is my proposal, distilled from the experience Endava and myself had with clients and vendors.
You’re seen to be more efficient and get more work than the other guys on that list. You are now in a more select club. You are still just involved at the execution level. You just do more of it. The pre-requisites To get to be a trusted partner there is a set of pre-requisites. These are also the points that might get you the contract in the Solutions Consultant You add value to your client’s product and now you are seen as first place. I won’t insist much on these as they can be considered a technology thought leader. You are working and advising them as common sense but they are still worth mentioning. What gets you on the vendors list and on your way to becoming a trusted HOW to do the work partner are: • The quality of your service – under promise and over deliStrategic Contributor ver. Or at least deliver. You are sitting at the table working on the WHY, longer term • Price – if you can’t meet your clients budget you won’t get business issues. At this point, you have moved in the partnership the chance to prove yourself zone and you are helping your client deal with a broader range or • Capabilities – can you deliver what your client needs? Or challenges they are facing. can you build up your capabilities fast enough to meet your new client’s demand? Trusted Partner Senior management is asking for your advice as a sounding If you have all the pre-requisites you are at the starting line. board. You are viewed as a long-term partner and key to their To get further you would need to help your new client in various long term success. Let’s reverse the roles for a second and see a different perspec- ways. tive. As you have clients, I am sure you (as a person or a company) have some vendors. Let’s think about them for a second. Think What does your client need help with? about the relationship with your accountant, insurance guy, You need to understand your client’s needs and business chalmechanic or the cleaning company. There are 2 key points in your lenges. Once you do that you will need to adapt your offering to relationship with them. The start, when you chose them, mostly meet those needs. You might have the best product or service, but because you needed a vendor and you decided they have the best if your client does not need it or needs something else more, you cost or quality, they were recommended to you, or they just might might drop off the vendors list and your journey is over. Do you be the only ones at that point that can help you. So they became know your client’s needs? Great! an Approved Vendor. And the “Now” when they are your Trusted Partner. You respect them and trust their opinion and vice versa. Help set a common vision It’s a mutually beneficial relationship and they need you as much In the early stages, it’s important to get to know each other, as you need them. set the right expectations and set a common vision for this (early) relationship. How will you interact? What do you want to achieve So the question is, how do you become a trusted partner? together? Discuss everything you feel is needed to set the base How did you get to that point with your own vendors and how for further conversations and interactions. Get involved early and
20
no. 29/november, 2014 | www.todaysoftmag.com
diverse
TODAY SOFTWARE MAGAZINE
constantly in the business to understand Help them innovate. Challenge them. where the business is going and constantly Sometimes it may be difficult to say review your expectations. your opinion, ask some difficult questions or just say “no” to your client’s requests. But if you think that you have something Help them grow You know your client and you know valuable for your client, speak up. You what you want to achieve together. But might just have a very helpful perspechow can you (and your organization) help tive, insight, resource, tool or practice. them grow and become more successful? That could help make your client’s product Make sure you create win-win solutions better or be more efficient. Speak-up and and you work and learn together. Don’t show you care about your client, their projust sell your product or service. Create duct and that you want to contribute and add value wherever you can. Don’t worry, value and growth for your client as well! this is not improper or disrespectful. But do pay attention on how you deliver the Help them keep control on their systems Be transparent with your work. There message. Communication is the key. are various ways to do this and the more automated, the better. You need to show Help them trust you your skills and potential, so focus on qualEveryone makes mistakes sooner or ity and continuous delivery. If the client later. Especially in the early stages of your can see how the product is evolving, where relationship, this is normal as you are still the glitches are but can also see you have getting to know each other. Admit your the skills and knowledge to handle any- mistakes and take ownership for the soluthing being thrown at you, it will give them tion. Be honest with your clients and they confidence in working with you further. in turn will reward you with their trust. Also, follow through with your commitHelp them connect with you. Or do more to ments, don’t make promises you can’t keep and always strive to be better. Set connect with them. You need to care. Genuinely. And you short feedback loops so you can constantly need to care not only about the client as adjust and improve. an organization (and its needs and challenNow you know your client, understand ges) but also about the people you interact with and their needs and struggles. Part their needs and where they want to go. of our core purpose in Endava, our DNA You deliver a quality, competitive service sort to say, is to care for our customers as and help your client further develop their individuals. Trusted partners know their product. You have shown that you want to clients as people and don’t see the relation- contribute, that you are not afraid to ask ship just as one between two organizations. the tough questions and you are interesGet to know your clients by demonstrating ted in their success not only your gain. care and concern for them as individuals. Your client trusts you to be honest when asked for your opinion and they trust your
opinion because you have shown to be knowledgeable. You are transparent with your work and you managed to connect with your client as an individual. You are now a Trusted Partner. In the end, don’t expect do develop a trusted partner relationship with all your accounts and clients. The reasons and factors are plenty and can range from pricing, perceived quality, communication issues or simply you don’t click. And remember it’s not only about quality services, capabilities, prices and other things you might believe will ensure you a long lasting relationship. These are important, but to become a trusted partner you need more. You need focus on your client’s needs, communication and transparency.
Călin Lupo
calin.lupo@endava.com Client Engagement Manager @ Endava
www.todaysoftmag.com | no. 29/november, 2014
21
security
programare
What passwords do when no one is watching: 5 security mistakes Windows admins make about security
I
n this article, I will describe the typical mistakes that can lead to some serious security issues and also the proper solutions that allow us to defend against this kind of threats. If you care about security in Windows, this article is for you!
Teodor Olteanu
Teodor.Olteanu@betfair.com End User Computing Lead @ Betfair
22
no.29/2014 | www.todaysoftmag.com
Of course there are more than 5 common mistakes…but if you start to think about all of these shown in this article, your network will become significantly more secure! The reasons of these mistakes are very typical: lack of time, lack of monitoring systems, lack of knowledge. Often, common mistakes are very serious and can lead to some serious security breaches. Nobody likes when the passwords of your users are being cracked, right? Hackers keep trying new tricks, and the system administrators keep adding new technologies to the field so that it is barely possible to fight against cryptography and new operating system security mechanisms. But administrators are often very busy and security may not be their primary focus. Administrators’ mistakes and people’s misbehavior can be a great help to those who want access to a piece of information. Follow me as I try to tackle 5 of the most common mistakes system administrators make about security and find out how some small improvements can have a huge impact on your network’s security.
When asked why she had such a long password, she rolled her eyes and said: “Hey! IT said that it has to be at least 8 characters and include at least one capital.”
This is a joke, of course. But the reality is that a long and complicated password will not protect you in all the situations! A study made by BitDefender in 2010 shows that 75% of people use the same password for social media sites and the corporate email. Cases of important sites like Facebook, LinkedIn, Twiter and others that have been hacked and the passwords of thousands of users stolen are well known. So if a hacker has your user’s Facebook password it may have the password to his/ her corporate e-mail address and so to your company’s confidential data. Wherever and whenever you enter a password in the password field, there is at least one mechanism that must know it in order to use it later for the designed purpose - authentication. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM (Security Accounts Manager) or the ntds.dit database in Active Directory. But if your operating Mistake 1: Misunderstanding passsystem can re-use the password it means words A recent password audit, found that others can decrypt it! In many cases attackers don’t even an employee was using the following password: “MickeyMinniePlutoHueyLouie need to know the passwords and can use the “pass the hash” technique in order to DeweyDonaldGoofySacramento”.
programare run malicious code with elevated privileges. But recently more advanced tools have been developed that allow the decryption of the hashes that are stored into the memory. Mimikatz is an exploitation tool written by Benjamin Delpy (gentilkiwi) that pulls plain-text passwords out of WDigest (a DLL first added in Windows XP that is used to authenticate users against HTTP Digest authentication) interfaced through LSASS (Local Security Authority Subsystem Service). So if you logged in on one system with a domain administrator account and somebody has run Mimikatz on the system then practically your whole infrastructure is owned by the attacker. There is no single defense against this technique, so standard defense practices apply - for example the use of firewalls, intrusion prevention systems, 802.1x authentication, IPsec, antivirus software, full disk encryption, reducing the number of people with elevated privileges, proactive security patching etc. Preventing Windows from storing cached credentials may limit attackers to obtaining hashes from memory, which usually means that the target account must be logged into the machine when the attack is executed. The principle of least privilege suggests that a least user access approach should be taken, in that users should not use accounts with more privileges than necessary to complete the task at hand. Configuring systems not to use LM or NTLM can also strengthen security, but newer exploits are able to forward Kerberos tickets in a similar way. Also limiting the scope of debug privileges on system may block some attacks that inject
TODAY SOFTWARE MAGAZINE code or steal hashes from the memory of sensitive processes Other things to review are stored passwords used to run certain services. And the recommendation here is to never run a service on an Administrative account, use gMSA (Group Managed Service Accounts). Scheduled tasks that run on a specific account are also vulnerable, because as in the case of services – password can be revealed. If you want to know more on how Windows manages cached and stored credentials then this short technical overview will give you a clear picture of what happens with saved passwords: technet. microsoft.com/en-us/library/hh994565. aspx
Mistake 2: Ignoring Offline Access
technology but some of the antique operating system like Windows XP and Windows 2000 should be thrown on the scrapheap! Perform periodic revisions and plan to upgrade operating systems that are not supported anymore or for which the support will expire soon. Unpatched system and applications can leave open backdoors so have a monthly patching strategy and keep your systems up to date with the latest security patches. Well known points of attack are also Java and Adobe products so besides Microsoft products keep in mind that you’ll have to upgrade also these types of apps.
Mistake 4: Lack of Network and System Monitoring
In the case of the network there is one well known rule: do not allow traffic that you do not know. Also be aware that most of the protocols have space for data in them. For example many admins focus their network monitoring on TCP and UDP protocols. ICMP is often overlooked, but it is nearly as viable for data transfer. Why not put the sensitive information there and send it out? Data transfer through ICMP is possible but nobody monitors ICMP traffic. Do you allow pings outside your network? Another big threat is installing pirated content that can have malware attached to it. Keep your toolbox where you have installation kits for the apps you use internally up to date and keep the checksums in a different place. Malformed installation files are not necessarily recognized by antivirus software and injection of the file Mistake 3: Using Old Technology It is hard to be up to date with with malware can happen even before you
Offline access allows someone to have physical access to a system and thus use the methods described above to access confidential data. It doesn’t need to be necessarily the case of someone that has managed to penetrate your office building unseen. It can be a visitor, the cleaning man, a stolen laptop or someone that brings his laptop home and other people have access to it. In order to mitigate against data loss in this case, there are several steps of protection that we can implement: • Do not allow booting from USB / CD / DVD • Implement offline encryption • USB management • Security awareness
www.todaysoftmag.com | no. 29/november, 2014
23
security What passwords do when no one is watching get the file, so be careful from where you download your installation kits. Two questions to think about here are: Do you check for the files’ signatures before installation? Do you perform periodic security checks of your folder with installation files? It is recommended that you deploy a software inventory solution so that you can find out what software is installed in your network.
Mistake 5: Lack of Documentation & Training
Is this really the admin’s mistake? Yes, I believe this is one of the biggest mistakes made in an IT organization. Most companies are not prepared for the IT staff going on a vacation! Be proactive, split and rotate tasks between admins, organize trainings for your users and keep your internal wiki up to date. Perform periodical audits of your infrastructure and do not forget to audit permissions and ACLs. The cheapest and most effective attacks are often nontechnical. People tend to take shortcuts and it’s hard to control their intentions. Monitor them and show that you’re doing it. Default passwords can also create huge security holes. Blank the passwords in MSSQL can lead to full machine compromise. Default / blank passwords on web-based management interfaces lead to various levels of compromise. Use vulnerability scanners and scan the network for HTTP, FTP, Telnet, and SSH services. Also be sure to use different passwords for the local administrator account and the domain administrator account. If you are not convinced about the danger of default passwords then check out the shodan.io website. This site is a database of services that are exposed to the internet and which use default or blank
24
passwords. It’s amazing what you can find here – from webcams, to routers and file shares, all open to the internet. In conclusion, if you have to take one thing from this article, try to pick one of the mistakes I’ve described above and take it to your work place and think about it. Examine the way you currently work and do something before it’s not too late. If you feel I’ve opened your apethite for further reading on this subject, please check out Paula Januszkiewicz’s talks. She is my favourite security expert and has also insipred me to write this article. Also browse the Trustworthy Computing site at microsoft.com/twc. TwC is a longterm, collaborative effort to deliver more secure, private, and reliable computing experiences for everyone.
no. 29/november, 2014 | www.todaysoftmag.com
programare
management
Client communication
T
Bogdan Mureșan
bogdan.muresan@3pillarglobal.com Director of Engineering @ 3Pillar Global
heory says that 90 percent of a project manager’s work is communication and if theory says that, there must be some truth in it. The real important thing is the fact that communication is all over the place for the project manager and the theory makes him aware of this from its first chapters. What we often don’t realize is that polishing our communication skills starts much sooner and it is part of our job and our lives more that we knowingly realize. Referring to our work environment only, communication goes around among people with different communication skills and different backgrounds (e.g. developer, tester, administrator, hr). Through all this, I think that one of the most delicate communication channel is the one with the customer and this is the one which I want to take under the radar in this article. Especially now, with all the new Agile methodologies, the entire team is exposed to client interaction. This opens a complicated communication channel between technical people and business oriented people. If, for a project manager playing with this channel is part of his day to day activity, the technical people may find it a little harder to build that bridge which translates the message from technical language to a nontechnical one. When we want to deliver a message we need to take into account, besides others, a couple of important aspects: • The content value: First of all, if we want to make a point, we need to emphasize the value which we are adding through our idea, but in such a way that our interlocutor clearly understands it. So one important thing is to know how to explain the content value. • The content: Second, we need to bring the right arguments on the table to explain the idea. No matter how good it is, most of the time it won’t be explained by itself. Especially if it is a technical one and we are discussing with a non-technical person. So, another important thing is to be able to explain the content itself.
The Content Value: explaining it is not only a tough thing to do, but at the same time, it needs to be done totally differently depending on the targeted audience. In order to choose our communication strategy, we need to understand first what value it brings to the other parties involved. For technical people, the value will be given by cool words as extensibility, edge technology, latest frameworks etc. For the client, most of the stuff needs to be related to business value. In a free translation, it would be “Will this edge technology / latest framework which you are mumbling about bring me more clients / money?”. For the HR team, the value would translate in people’s happiness / retention. In order to exemplify this, let’s try to relate on a possible situation. Let’s say that a team wants to update a framework to the latest version for one of the project 3rd party controls which the team is using. Of course, there will be a research, there could be a prototype and finally, there will be tons of good arguments on why they need this. The benefits of this change will be explained in a totally different way. The implementation team discussions will go about the fact that the new version will allow easier integration
www.todaysoftmag.com | no. 29/november, 2014
25
management Client communication with the security module; they will go to the fact that it’s easier to be customized and that it has support for unit tests, which the current version doesn’t have. If we go in front of the client (or project sponsor) the things are getting a little complicated. We need to be prepared to motivate how long it will take, how many people will be involved, because this translates in costs to the client. There are a lot of ways to highlight the benefits in front of the client for such a move. Unit tests will ensure a higher stability; therefore will reduce the maintenance costs. They will also increase the velocity in development, so after a couple of implementation cycles, the time invested in the update will be amortized. We will not always have a winning case, but knowing what makes a good value for the client for sure will increase our chances a lot. And after long discussions between team members and between the team and the client, on a smoke break, somebody from HR will approach the project manager and will ask: “So, I heard you guys had some heated discussions lately … is everything ok?”; “Yes, we just wanted to update a framework version and it was very difficult to convince the client”; “But why did you want this change?”; “Because it keeps the team motivated”. Three different targeted audiences, three different ways of expressing the value for the very same thing: a trivial framework upgrade. The Content might be even harder to be delivered. This is at least as tough and we might need even more skills in order to cover this well. The language barrier is usually installed between the technical and nontechnical people. I participated
in enough discussions which should have taken ten minutes and ended up after more than an hour. During that time the mic was turned off many times in order for some of the members to cool off. I participated in some discussions where one party only thought that the mic was off when choosing to cool off. They didn’t end up well. One focus that might allow these discussions to be more relaxed is to be aware of the different backgrounds of the people involved. Once we acknowledge the problem, we can adapt our arguments to what the other party understands. What do you think it’s easier: for the nontechnical people to find technical arguments or vice-versa? I saw nontechnical people with good intentions using buzzwords in order to fit in the conversation. It’s pretty funny. You can spot somebody who doesn’t know exactly what he/she is talking about from miles away. I strongly believe that the easiest way is for technical people to find samples on what they are talking about which relate to real life experiences, something which everybody can understand. And because client discussions are almost every time a sell, we need to choose our words very well in order to make our point. Let’s go again through some samples. This is a sample that I heard, it’s not my personal idea, but I found it very trendy. Imagine that we have to explain the advantages of continuous testing during a sprint to a person who knows nothing about Agile and Scrum. We start talking about faster integration of testing and bug fixing in development process, we continue by talking about reduced number of bugs and we finish by talking about a more stable release at the end of
the sprint. The client will look at you very impressed, all are very good arguments, but I imagine the monologue in his mind during our pleading: “Sprints …. sprints ... I know …. Usain Bolt is good at sprints … “. He smiles satisfied, our belief is that “the client loved the idea” and, two days after that, we are having the same discussion again. Another way of doing it is to compare the sprint with cooking for example. And I’m not saying this just because I love food. Everybody knows more or less about how the food is prepared. Let’s say that a release is compared with the plan to cook for seven days. Each day will be a sprint. Each day, we will have to cook something else. Testing and bug fixing would be very similar to washing the dishes. If we don’t do it as we go, the kitchen might be full of dirty dishes, maybe from day five. And after the seventh day, for sure it will take at least one day to clean them all and we might miss our commitment. But if we clean the dishes as we go, while waiting for something to bake for example, at the end of each day we will have both our kitchen and our plan impeccable. I’m not saying that at the end of the seventh day we will achieve our goal. Of course, the dish from the first day will be close to be expired and we will want to do it again, better, with the new cooler stove which was released lately on the market but that’s another story. The previous sample is a simple one but we can think of other day to day samples which are more technical. Let’s explain to a client how a load balancer works or why we need composite indexes on a certain table. Now, a funny personal example comes to my mind: a couple of weeks ago, one of my teams had some issues with a Our core competencies include:
Product Strategy
3Pillar Global, a product development partner creating software that accelerates speed to market in a content rich world, increasingly connected world. Our offerings are business focused, they drive real, tangible value.
www.3pillarglobal.com
26
no. 29/november, 2014 | www.todaysoftmag.com
Product Development
Product Support
TODAY SOFTWARE MAGAZINE release. I asked what the problem was. The answer was short and precise: we had problems generating a bundle. I stood there for a second or two, looking like I knew what they were talking about, before deciding to go over my pride and ask what that was. Again the answer was short and concise and very to the point. The problem is that those words are even harder for me to remember than the word “bundle”. A long time ago I was a technical person (when a pointer was the coolest thing ever) but since then, slowly, I’ve got less and less in touch with technical terms. Even for me it was hard to catch it from first explanation. Imagine how hard it is for a client, who doesn’t have a technical background at all. In my case, one of the team members started to notice the awkwardness of the situation and started to give me an explanation like he would explain it to a small child: you know Bogdan, there are all these files, which are put together and they are looking like a single one. Then, there is a little cool good wizard (not one ‘working’ for the dark side) which makes them smaller in order for the browser to get them faster from the server. I stopped him and I said to him that he had me from “there are all these files which are put together”. And sometimes, this is exactly how a technical people should think, that they need to explain it to a child.
are talking to a client. This comes with experience, with work and with a proper mindset. And again, because of the evolution of the industry, because of the Agile methodologies which encourage a higher interaction between the technical people and the clients (especially in the outsourcing world), it is very important at least to get in touch with this mindset. First, we need to be aware of the current context and, after that, we need to adapt to what this context requires. Then, we have to be able to find the right words to explain the why and the what. And, for that, we need to be able to find the right correlations and analogies in order to play this game right. But once we have found the fine tuning on this, the game becomes really enjoyable.
I know that it is our nature, our genetic code, to act always in the conditions where we feel more comfortable. If we are discussing all day long in technical terms without restrictions, it is very hard for us to switch our mindset in that half an hour when we
www.todaysoftmag.com | no. 29/november, 2014
27
programming
Why Agile? “Real knowledge is to know the extent of one’s ignorance.” Confucius
I
have seen in my 15 years career as a developer, technical lead, project manager, freelancer, trainer, agile/lean/technical coach and again developer many failures of software development. I have also seen unexpected successes.
Alexandru Bolboacă
alex.bolboaca@mozaicworks.com Agile Coach and Trainer, with a focus on technical practices @Mozaic Works
From all industries, software development seems rather unpredictable. As a client, you can ask for a feature that looks simple and should take a day or two, (eg. Add Euro support to an accounting system designed for French Francs) and it takes two months. Or you can ask for a feature that looks awfully complex, and it takes one day. What should you expect? A 10 times budget increase for the feature set that you need, or to have the software earlier than expected?
More process
Being involved in the process, I learned a lot about CMMI. CMMI is not bad at core, but its requirements can be interpreted poorly. A company could easily go bankrupt by interpreting the requirements ad litteram. The easy way out of a CMMI appraisal is to take each requirement and add a document for it. This would create so much work that either the production has to halt or the company has to hire more people just to write the documents. Happily, the Quality Manager took a different route. She read the CMMI requirements and found the simplest ways to respond to them. To understand the context better, CMMI requires that you offer a proof for following certain practices, but it doesn’t specify what kind of proof. The proof can be a document, but often it’s enough to have a report from a tool, a photo or a checklist. The CMMI experience taught me two things: 1. Having a structured way of work is beneficial for software development 2. Checkpoints slow everything down
The initial human reaction to unpredictability is to add more check points, more process, more management. After all, factories can produce faster when they’re better managed, optimized and automated. Why not software development? I was working in an outsourcing company as a technical lead when the management decided to get a CMMI appraisal. CMMI, in case you’re not familiar with it, is a maturity model for software development. Level 3, the one that this company was appraised for, is I was at this point a software developer focused on having a standardized and measured process. Level 4 is about conti- interested in how to repeatedly execute successful projects. CMMI had some nuous improvement based on metrics.
28
no.29/2014 | www.todaysoftmag.com
programare potential, but it could easily turn into a heavyweight maintenance nightmare that didn’t ensure success.
Confusion
TODAY SOFTWARE MAGAZINE customer wants, faster than they need it 3. Improved Productivity – by removing impediments, reducing the process, making developers feel better at work
At this time in my career, I was looking around for any type The principles are stated in the Agile Manifesto; instead of of knowledge that might help. How were other companies developing software? Are there fundamental principles that we could quoting them, I will enumerate briefly my (certainly incomplete) follow to create high quality software while keeping the customers interpretation: • Manage the team, not the individuals happy? What are the ingredients for success? • Give the team autonomy and clear purpose, and let them do their work I started by reading books and articles about the topic. • Treat the development team as bright, motivated adults instead of children that need parenting Fred Brooks’ seminal works “The Mythical Man Month” • Continuously improve the way the team and company and “No silver bullet” opened my eyes to something I haven’t works. Continuously look at impediments and zealously acknowledged before: software development is different than remove them. other industries. After all, adding people to a construction project • Feedback is the single most important process control tool. that is late will make the project end faster. Not so when deveMake sure feedback is timely, has high quality and applies at loping software; adding more people to a software project that’s all levels of software development (from code, design, requirealready late will typically delay it even more (known as “Brooks’ ments to working features). Most agile/lean/technical practices law”). are about feedback. More interesting, Brooks’ law can sometimes be avoided. The • Your only purpose is to release successful software. This is reason the project is delivered later is that people joining the proalready a very difficult task, so eliminate every single distracject need to learn what the project is about. But if they are picked tion from the road (eg. Useless documents, meetings, approval so that they already have the knowledge, they might actually help processes, check points etc.). This doesn’t mean removing pracinstead of slowing everything down. tices that do help (useful documents, meetings, checks that Steve McConnel’s book “Software Estimation: Demystifying help improve quality or grow the developers’ skills). the Black Art” was yet another interesting read. The way I was doing estimates back then was basically guessing. CMMI had The practices are the things most people think define Agile: already exposed me to estimation methods, but the book offered more insight. The idea that we could take advantage of statistics daily meetings, retrospectives, continuous integration, Test and peer review to improve estimates was appealing and made Driven Development, to give only a few examples. In my 5 years of training and coaching, I’ve learned about sense from an engineering point of view. On the other hand, software development seemed to have agile, lean and technical practices one thing that might come as little to do with statistics. One of the things I’ve learned from my a surprise. readings (I’m afraid I don’t remember the source anymore) was that bugs were not distributed naturally throughout the code. My Agility is More Important than Agile expectation was that bugs would evenly distribute in a codebase. Whenever a company wants to do an agile transition, the first Strangely, they aren’t: they tend to cluster. This means that the question me and my colleagues from Mozaic Works ask is: “What areas where a bug is found should be more thoroughly checked do you hope to achieve with it?”. for other bugs. But then the normal distribution doesn’t apply to We get various answers to this question. “We just heard agile bugs in code; it’s worth wondering: would it apply to estimates? is cool”, “our competitors are doing it”, “our customers asked us While the books and articles were very interesting, there to do agile” are all answers that require more discussions. The wasn’t much I could conclude about successful software develop- best answer we’re hoping for is “we need to improve X”, where X ment. What would help: more process, better estimation, more is typically: reduce release cycle, quality, productivity (based on practices, better developers...? clear criteria) or innovation. By defining a clear business purpose, we can then agree on Nobody seemed to know. the principles and introduce the practices that make sense for the company. Sometimes, they need full Scrum implementations, It was at this point that I decided to move to a small product other times Kanban, while others just need to start with visual development company, to get involved in the Agile community in management and continuous improvement. 7 Romanian cities and gradually turn to agile, lean and technical Being agile is not important; having Business Agility is a comtraining and coaching. petitive advantage. But why would agile work? How is it useful? This question led me to another interesting conclusion. Agile … is unfortunately a very ambiguous, emotion-filled, marketing-bound term. Despite these challenges, I understood it as a Software is Knowledge set of principles, a set of practices and a list of potential benefits. I’ve learned this from a chat with Mike Beedle, one of the The benefits are on different levels: signatories of the Agile manifesto and co-author of one of the first 1. Business Agility – the ability to adapt fast as a company to books on Scrum. I felt like I’ve already come across this idea now the market and customer needs and then, but that’s when I finally got it. 2. Development Agility – the ability to produce the feature the www.todaysoftmag.com | no. 29/november, 2014
29
programming Why Agile? So, is agile the answer? I don’t think so. We still have a long way to go to obtain predictability in software development. I believe though that one of two things can happen. The industry will “Software is very precise, encoded knowledge” either: • find ways to minimize the amount of knowledge building Encoded, since it’s written in computer code. Precise, because through specialization or computers can’t deal with ambiguity. • find new ways to build precise, encoded knowledge by This simple statement has impact on every single aspect of embracing this paradigm software development. Here are some of the things I derived from it: There’s no telling yet which way we will go, but, to me, the • Software development means translating ambiguous requisecond direction sounds very exciting and worth exploring. rements into precise code • This is equivalent with building knowledge • When building knowledge, you need all the brainpower you can get. That’s why team planning and pair programming can be very efficient • How lossy the knowledge transfer is influences the quality of the result and the efficiency of the process. Best knowledge transfer is done through face-to-face communication because of instant, high quality feedback (body posture, face and hand gestures, eyes movement, voice inflexions etc). Documents provide no feedback to the reader; you need to talk to the author to understand it better. (That doesn’t mean documentation isn’t helpful in the long run) • People tend to underestimate the precision required. Continuous feedback is the only way to asymptotically move towards it. • A very high number of decisions are required to obtain precise knowledge. These decisions are split between the customer and the development team. Team needs a lot of context so that their decisions fit the customer’s needs. • Structuring the knowledge built is something we’re still struggling with in the industry. • Programmers need to have a special mind, able to turn ambiguous requirements into precise code • Continuous learning is built into software development. After all, learning is building knowledge. A more accurate statement would be:
Why Agile?
To wrap this up: why agile? Well, because: • Business Agility, Development Agility and Improved Productivity can be obtained by using the principles, values and practices of agile software development • Software development means building knowledge, and requires a fundamentally different approach than building nuts and bolts • Developers feel and perform better when they have autonomy, mastery and purpose (the key to intrinsic motivation according to Dan Pink) and work in an environment that favours flow (see Mihaly Csikszentmihalyi’s works on happiness and productivity) • When building knowledge, you need all the brain power you can get
When isn’t agile useful? There are situations, even in software development, when building knowledge doesn’t play such an important role; for example customizations for existing software. There are business models that work and don’t require agility; for example accountancy software. There are developers who are happier when they get the task and do it without making a lot of decisions; an agile environment will make them unhappy.
30
no. 29/november, 2014 | www.todaysoftmag.com
programare
programming
Java FX Visual Components
T
ables represent one of the most powerful tools used in JavaFX for displaying data, supporting the following actions: • Reordering the columns displayed by the user • Multiple sorting of the columns • Resizing • Cell factories for customizing cell content
Silviu Dumitrescu
silviu.dumitrescu@accesa.eu Java Line Manager @ Accesa
Diana Bălan
Diana.Balan@accesa.eu Java developer @ Accesa
Several classes of JavaFX SDK API are used for data representation in a tabular form. Among these, the most important are: TableView, TableColumn and TableCell. We can populate a table from a data model and then we can apply a cell factory to it. The facilities of TableView include: • The TableColumn API: • Cell factories support, which allows a customization of the cell content in both states: display and editing • Specification of mindWidth, prefWidth, maxWidth, as well as that of fixed size columns • Resizing by the user, on running • Column reordering by the user, on running • Support for column implantation • Different resizing policies which determine what happens when the user resizes the columns • Support for sorting on several columns by clicking on the column header (by pressing the Shift key while we are clicking on the header)
Table creation
Minimally, we need the following classes in order to create a table: • TableView<S>, where S is the type of the object containing the list of items from TableView • TableColumn<S, T>, where S is the type of the TableView generic type and T
is the type of the content of all the cells of this TableColumn TableView is built from a number of TableColumn instances. Each TableColumn is responsible for displaying and editing the content of a column. In addition, TableColumn contains properties for: • Resizing • Visibility • Header text display • The display of the implanted columns it may contain • The display of a context menu when the user clicks right on the column header area • Sorting possibilities When we create a TableColumn instance, probably the most important properties to set are: the text (that is, what we display in the header of the column) and the cell value factory (used for populating individual cells of the column). The TableCell<S, T> class represents the intersection of a line with a column in TableView. It contains the following properties: • tableColumn: the TableColumn instance behind TableCell • tableView, the TableView associated with TableCell • tableRow, the TableRow where the TableCell is placed
www.todaysoftmag.com | no. 29/november, 2014
31
programming Java FX Visual Components In order to identify the intersection, TableCell contains an index property. Cell<T> is used for an individual cell in a TableView. Each cell is associated to a single data item, represented by the item property. A cell is responsible with rendering the item residing in it, which is usually a text. A cell allows customization through a cell factory. The Cell API is used for the virtualization of controls such as ListView, TreeView and TableView. A cell is a labelled control, used for rendering a unit in one of the above mentioned controls. Cell is responsible both for the display as well as for the editing of the item. Besides the text, Cell can be represented by other controls such as CheckBox, ChoiceBox or any Node such as HBox, GridPane or even Rectangle. Since ListView, TreeView, TableView, as well as other such controls can be used for displaying a large amount of data, it is not practical to create a Cell for each item of the control. Each cell is reused; this is what this virtualized control does. Since Cell is a Control, it has a model behind. Its Skin is responsible for defining the look and layout, while the Behaviour is responsible for the manipulation of events and using this contained information to modify the state. Cell is edited through CSS, like any other control. In order to specialize a cell used for a TableView we should provide an implementation of the callback cellFactory () function defined on TableView. Cell factory is called by the platform any time a new cell has to be created. The implementation of a cell factory is responsible for the creation of a Cell instance and for the configuration necessary for that Cell to react to the changes of its state. Cell factory is responsible for the virtualization of container skins to render the predefined representation of a Cell item. For example, in a ListView it converts the items to a String and calls Labeled.setText (String). If we wish to specialize the cell used in ListView, we need to provide the implementation of the callback function defined on ListView. Cell factory is called by the platform any time it determines that a cell should be created. For instance, a ListView has 10 million items. The creation of all those 10 million is very costly. Thus, the implementation of the ListView skin will create only as many cells as to fill up the visual space. If the visual space is resized, the system will decide whether it is necessary to create other cells. In this case, it will call cellFactory() (if there is one) in order to create a Cell implementation. If none is provided, then the predefined implementation is used. ObservableList is the data model underlying TableView. A TableView instance is defined as: TableView<Person> table = new TableView<>();
model into one or several TableColumn instances. In order to create a two column TableView displaying firstName and lastName, we will use the following code: public class DataTable extends Application { TableView<Person> table = new TableView<>(); BorderPane root = new BorderPane(); VBox mainBox = new VBox(); // Container for content final ObservableList<Person> teamMembers = FXCollections.observableArrayList( new Person(„Ion”, „Tech”), new Person(„Petre”,”Petrescu”), new Person(„Doru”, „Dorescu”), new Person(„Vasile”, „Vasilescu”)); @Override public void init() { Label centerLbl = new Label(„Persons”); centerLbl. setStyle(„-fxfont-size:16pt; -fx-fontweight:bold;”); table.
setItems(teamMembers); TableColumn<Person, String> firstNameCol = new TableColumn<Person, String>(„First Name”);
firstNameCol.setCellValueFactory( new PropertyValueFactory<Person,String>(„firstName”)); TableColumn<Person, String> lastNameCol = new TableColumn<Person, String>(„Last Name”); lastNameCol.setCellValueFactory( new PropertyValueFactory<Person,String> („lastName”)); table.getColumns().setAll(firstNameCol, lastNameCol); mainBox.getChildren().add(centerLbl); mainBox.getChildren().add(table);
Thus, we have defined a primary table. The data model is created based on an ObservableList. We can set it directly in the } TableView. For example: ObservableList<Person> teamMembers = getTeamMembers();
@Override public void start(Stage primaryStage) { primaryStage.setTitle(„Data Table”);
table.setItems(teamMembers);
root.setCenter(mainBox); primaryStage.setScene(new Scene(root, 400, 300)); primaryStage.show();
Once the TableView item list is set, it is automatically updated any time the teamMembers list is modified. If the item list is avai- } lable before TableView is instanced, it is possible for us to send it public static void main(String[] args) { directly in the constructor. launch(args); What we also need to do is to divide the data contained in the }
32
no. 29/november, 2014 | www.todaysoftmag.com
programare
TODAY SOFTWARE MAGAZINE
}
By this, we have completely defined the minimal properties required in order to be able to create a TableView instance. No other properties of the Person class will be displayed, since there are no other defined TableColumns. The implementation of a cell factory is responsible not only with the creation of the Cell instance, but also with the configuration of that cell. In the following example, we have created a Callback class whose attributes are instances of the TextAlignment and Format classes, with the parameters: • S, the generic type of TableView • T, t h e c o n tent type in all the TableColumn cells. public class
super.setText(null); super.setGraphic(null); } else if (format != null) { super.setText(format.format(item)); } else if (item instanceof Node) { super.setText(null); super.setGraphic((Node) item); } else { super.setText(item.toString()); super.setGraphic(null); } } }; cell.setTextAlignment(alignment); switch (alignment) { case CENTER: cell.setAlignment(Pos.CENTER); break; case RIGHT: cell.setAlignment(Pos.CENTER_RIGHT); break; default: cell.setAlignment(Pos.CENTER_LEFT); break; } return cell; } }
Respectively: FormattedTableCellFactory<Person, String> xx = new FormattedTableCellFactory<>(); xx.setAlignment(TextAlignment.CENTER); firstNameCol.setCellFactory(xx);
The benefices of using CSSs in order to set the style of a table consist in time efficiency and memory efficiency, the easiness of using and building libraries for the cells, the easiness of customization of display formatting. We are using CSSs to set the colours of the cell: • Each cell can be edited right from the CSS. For instance, if we wish to change the predefined colour of the background of each cell in the TableView to white, we have to use the following CSS:
FormattedTableCellFactory<S, T> implements Callback<TableColumn<S, T>, TableCell<S, T>> { private TextAlignment alignment; private Format format; public TextAlignment getAlignment() { return alignment; } public void setAlignment(TextAlignment alignment) { this.alignment = alignment; } public Format getFormat() { return format; } public void setFormat(Format format) { this.format = format; } @Override public TableCell<S, T> call(TableColumn<S, T> p) { TableCell<S, T> cell = new TableCell() { @Override public void updateItem(Object item, boolean empty) { if (item == getItem()) return;
.table-cell { -fx-padding: 3 3 3 3; -fx-background-color: white; }
• In order to set the colours of some cells selected in a TableView to blue, we will use the following CSS: .table-cell:selected { -fx-background-color: blue; }
• In order for table-cell:selected to work, we have to set the cellSelectionEnabled to true.
Many cell implementations extend the IndexedCell instead of the Cell. This allows the adding of other two pseudo-classes: odd and even. With these we can get alternating colouring of the lines by means of a CSS such as: .table-row-cell:odd{ -fx-background-color:lightblue; }
Thank you for reading our article and we are looking forward, as usual, to discuss it further with you.
super.updateItem(item, empty); if (item == null) { www.todaysoftmag.com | no. 29/november, 2014
33
programming
Puppet-based automation
A
utomation represents a very important component in IT, whether it is used for software development (in continuous integration, for example) or for the administration of different systems and infrastructure. In the case of big, dynamic environments, implementing a form of automation represents one of the most basic needs in order to ensure the optimization of the resource management. Claudiu Demian
claudiu.demian@yardi.com Systems Administrator @ Yardi
34
no.29/2014 | www.todaysoftmag.com
Puppet is a configuration management system which allows its system administrators to assess the state of the IT infrastructure. Any change that has to be performed is translated into a change within the puppet configuration for the respective resource (file/package/nodes/ group of nodes etc.), which is automatically applied to all the servers (nodes) that are related to the change. The description of this state can be done using the puppet language, which is declarative. The general configuration can be found in the file /etc/puppet/manifests/ site.pp. Here we can find the modules, classes, and the resources that were defined in /etc/puppet/modules. Puppet works in a client-server type of architecture, as well as in a stand-alone scenario. In the first situation, the puppet server is called puppetmaster. The configuration of the infrastructure is defined on the puppetmaster machine, which is later retrieved by clients at regular time intervals (intervals which can be adjusted by the administrator). The following lines contain a very good example of how this language can be used:
/etc/puppet/modules/lighttpd/manifests/ init.pp: class lighttpd { package{‘lighttpd’: ensure => installed, } file{‘/etc/lighttpd/lighttpd.conf’: content => template(‘lighttpd/ lighttpd.conf.erb’), notify => Service[‘lighttpd’]; } service{‘lighttpd’: ensure => running, enable => true, } }
This class describes the state of an installation of the web server lighttpd, focusing on the description of each necessary component. Therefore, we can identify the first types of resources that puppet benefits from, which are, probably, also the most used. A module represents a set of classes, definitions, templates and files that, taken together, have only one goal. This also brings us to the first recommendation in writing a module: it has to perform only one functionality. For example: a LAMP server could be managed using only one
programare puppet module that deals with installing Apache, the MySQL server, the PHP and all the other related services from Linux (authentication, NTP etc.). One problem that may appear is the size of the module: it can become too big and therefore hard to manage. More than that, it loses portability. A more elegant solution would be to divide the configurations into 4 separate modules, reducing therefore their complexity. A class represents a block of code which can be instantiated. The main class of a module is defined in the manifests/init.pp file of each module. Instantiating a class for a node, so that the defined configurations can be applied, can be done using the include function. /etc/puppet/manifests/site.pp: node /web\d+/ { include lighttpd }
Classes allow for the use of inheritances and can be instantiated multiple times in the general puppet configuration, which can be found in the site.pp file. Parameters can also be applied to classes. Within a class, we define the desired state of the system using predefined or administrator-defined resources. In the last example, we can identify the following resources: the lighttpd package, the /etc/lighttpd/lighttpd.conf file and the lighttpd service. Each resource has a type (package, file and, respectively, service), a name and one or more attributes (ensure, content, notify etc.). Puppet disposes of a satisfactory number of predefined types for resources, very well covered in their official documentation. Another very useful functionality in puppet is template-ing. Using the ERB (Embedded Ruby) language, puppet offers the possibility of generating files according to the parameters introduced by the administrator when instancing the class or by the state of the system, using facts. Along with the puppet, a utility called facter is also installed. This utility gathers information about the system and displays it as facts (for example: ip_address, fqdn, operatingsystem etc.). This functionality can be extended with facts defined by the administrator which, in their own turn, can be used in templates. Due to the fact that the modules are independent and reusable, puppet offers the service PuppetForge, through which the
TODAY SOFTWARE MAGAZINE users can offer, for free, modules made by them and can download the modules of other users. Aside from the main functionality, that of describing the state of the system, puppet can be extended to gather statistical data about the infrastructure. This can be done by using the puppetdb service. This service is backed by a data base in which the facts belonging to all the systems in the infrastructure are aggregated. This information can later be used within the classes in order to generate resources in a dynamic way. One example of how to use puppetdb is represented by a management module of a Nagios instance. By using information about the systems from puppetdb (hostname, ip, the hostgroups being a part of that), it automatically generates a configuration file for each new host introduced in the infrastructure. The administrator’s only duty then is to define commands, checks and hostgroups. Another possibility to extend puppet is by using the puppetdashboard. This service offers a web interface through which we can access more information and statistics about the infrastructure. Each client sends a report about the last run of the user to the server on which the puppet-dashboard ran: if it was successful or not, if there have been any changes or if something failed. We can view these reports in the application, as well as in the statistics generated by these reports. Puppet-dashboard also offers us another service, called Inventory Service, through which we can query the state of the system, again according to facts. If by using puppetdb we can use this information inside classes, by using Inventory Service we have access to it from the outside. By using their API, we can put together tools/applications that can use this information. This article is meant to be an introduction to puppet for those who still haven’t added it in their environment. We only addressed this segment of the IT developers because, for those who have already adopted it, it is hard to imagine that they did not immediately fall in love with puppet’s power, flexibility and capacity to ease the sys admins’ work. We don’t claim that puppet represents a solution to all the problems or that it is the best configuration management system (there are other systems out there, such as chef, cfengine, and many other commercial systems), but we do claim that any system administrator should use such a system in the infrastructure that he or she is managing.
Objective C
jobs-cluj@yardi.com Yardi Romania
www.todaysoftmag.com | no. 29/november, 2014
35
programming
Clean Code – Boundaries, Error Handling and Objects
I
n the last 3 months I tried to talk about different subjects presented in Clean Code. Even if this is the 4th article about this topic, I have the feeling that there are so many things that we should talk about when we are talking about a clean and good written code. We could say that the ‘Clean Code’ book, written by Robert C. Martin, has set the standards in our industry from this perspective. It is the developers’ Bible and many times it is used as the ‘law’ of the code. I don’t want to go deeper into this subject, but I promise that one day I will talk in detail about why we should (not) use this book as THE Bible.
Today’s subject
In this article I will try to talk about Objects and Data Structure. I expect to go from the code format, to what the code should look like and how we should implement different features.
Objects and Data Structure
I think that all of us remember the University courses, when teachers tried to explain to us that we should only expose from a class the information that is needed by others. But, because current programing language gives us so easily the possibility to expose data outside a class, we often end up with a lot of private data exposed to the system. One of my colleagues called the getter and setter the tool of the devil. It is funny, but sometimes it is true. It is not so important if we are using a getter/setter of a method. The most important thing is to expose the data in an abstract way that doesn’t expose implementation details. For example, if we need to expose information related to the weight of a person, we can use a getter or a simple method. Both solutions are good as long as we don’t give any kind of implementation details. public class Person { public double WeightInKg { ... } // OR public double GetWeightInKg() { ... } }
36
Outside this class, you don’t know how the data look like and what its format is. If we add getters and setters everywhere, what would the value of encapsulation be? … NONE. Be aware that there is a big difference between data structures and objects. You should keep this in mind when you start to write code. The best thing that you can do is to keep a clear line between these two. Data Structure exposes only data, but without any kind of functionality, in contrast with objects, that expose only functionality. Of course, we need to keep in mind that the balance between these two is hard to keep. You will need a data structure that exposes functionality. You only need to keep in mind what data you want to expose and where the functionality implementation should be added. When you implement a functionality, you should talk only with friends and never with strangers (The Law of Demeter). This means a function should only access/call: • Methods from the class where it is implemented • Methods from objects created in the methods themselves • Methods from objects that are sent as arguments • Methods from objects that help as instances in the class where the method is implemented
functionality or data to them. This creates confusion because you don’t know what you should add there. It can indicate that the purpose of that entity is not clear, nor if data protection was needed.
Data Structure Object
They are used a lot when we need to store data somewhere (DB) or send data over the wire. They are called DTO and usually don’t have any kind of functionality. Their purpose is good, but we should keep in mind that we should use them only for the purpose they were created for. Otherwise a change in the data structure would trigger a lot of changes in our code. On top of DTO we have Active Records, that are similar to DTOs, but have methods used for navigation like Find, Save, Delete, Send and so on. This functionality is usually offered by DB for example. The problem with them is that developers usually use them like objects and other functionality is added to them. Because of this we end up with an Active Record that has business logic inside. What should we do? Create Active Records that store only the data structure and use separate objects to store the business rules.
Error Handling
Why do we need to talk about error handling? Because even if the main purpose of a code is not error handling, but the functionality that is implemented, Hybrids Hybrid structures are objects that con- we end up with code where only error tain also data structure. The problem with handling can be seen and it is almost them is that it is pretty hard to add new impossible for us to find the details about
no. 29/november, 2014 | www.todaysoftmag.com
programare
TODAY SOFTWARE MAGAZINE Nulls
You should never do two things. Pass a NULL to another function, because the function will need to check if it is null or not and to manage this situation. You basically pass the problem to another function, but without resolving it. And you should NEVER return a NULL. The caller will need to check the result if it is null or not and add a specific handler. You should better return an exception that can be cached and managed by the caller.
Conclusion
There are so many other things to say about the topics that were touched in this article. Here are 3 things that I would like you to remember from this article: • The difference between an object and a data structure • Never return a NULL, or forward a NULL to another method • An adapter for a boundary should expose the functionality that you need, not the one exposed by the 3rd party And YES, all of us should read ‘Clean Code’.
Boundaries
We are surrounded by boundaries. When we are using 3rd parties libraries, code implemented by another team, core API and so on. In all these situations, we have a boundary that is set and a set of functions that we can use to cross over it. It is important to know how to keep this boundaries clean and useful. The first thing that we should do when we need to use an external resource is to reserve time to learn and explore it. We need to discover the boundary, how we need to manage and use the functionality exposed by it.
the real functionality that is exposed there. To avoid these situations, there are small things that can be done at code level. First of all, avoid using error codes. This adds a lot of code to your methods and hides information behind the exception itself. Also, the caller needs to check every time the return code and implement a custom handler for different error codes. Exception can be used with success with try/catch blocks that can be seen as a ‘transaction’ block, where you expect exception and you are ready to handle The easiest way to learn is by writing them. Also, there is a clear separation between the functionality and the excep- tests that validate different scenarios. In this way we can be 100% sure that diffetion handling. rent flows will work and we know how to try handle them. Also, we will be able to vali{ // Functionality date that the 3rd party offers what we really } catch (FantaException nullEx) need. { ... When we have external 3 rd parties } catch (CokeException nullEx) that expose boundaries it is mandatory { ... to define an adapter that would isolate us } from the 3rd party library. We will have It is important to remember that the cases when we will need to fake the behafunction n that throws an expectation, vior or when 3rd party API will change. In should provide enough content about the this case we don’t want to create a domino source of the error. We should try to define effect in all our code. specific exceptions based on caller’s needs. The adapter should not expose 1:1 the Why? Because the main purpose of them functionality exposed by the 3rd party. It is to help the caller to find out the root of should expose the functionality what we the issues. need, not the one that is offered. All details implemented should be put in the adapter itself.
Radu Vunvulea
Radu.Vunvulea@iquestgroup.com Senior Software Engineer @iQuest
www.todaysoftmag.com | no. 29/november, 2014
37
management
Ancient Advices for a Product Owner – “Sun Tzu’s Art of War”
O
ne of the oldest military treatises and one of the most successful is “Sun Tzu’s Art of War”. The book was written around 500 BC by a general from the court of King of Wu, and presents a set of 13 chapters with precepts about tactics and strategies in warfare.
I’ve read the book for the first time some years ago, but looking at some trends in the communication techniques and management style determined me to read it again. And here I am, trying to write about some ancient advices for a modern position, the Product Owner one.
Argument
As we all know, Product Owner is a role specific to the Agile SCRUM. In this role there can be only one person, responsible for: • CLEARLY expressing product backlog items • P R IOR I T I Z I NG t h e pro du c t backlog items • OPTIMIZING the value delivered by the product backlog items • ENSURING that the product backlog (item) is visible, transparent, and clear to all, and • SHOWING what (product backlog items) the Scrum Team will work next. • The above are excerpts from the SCRUM Guide. A simple word switching - if we replace “product backlog item” with “order” we’ll have something like: • CLEARLY expressing orders • PRIORITIZING the orders • OPTIMIZING the value delivered by the orders • ENSURING that the order is visible, transparent, and clear to all, and • SHOWING what (orders) the Scrum Team will work next. • Going further with the word change, we can replace “Scrum Team” with “army” we will have the following responsibilities: • CLEARLY expressing orders
38
• PRIORITIZING the orders • OPTIMIZING the value delivered by the (execution of) orders • ENSURING that the order is visible, transparent, and clear to all, and • SHOWING what (orders) the army will fulfil next.
Questions
This is an interesting transformation which leads to the following questions: Is the PO a commander of an army? Is “Sun Tzu’s Art of War” a guidebook for a PO? If someone asks me, the answer is YES to both questions. And here’s why:
Product Owner - Commander of the Army
I will try to present the arguments for considering a Product Owner the “Commander of the Army”. The role of a Product Owner is to bring life to a vision of a product, a clear goal by defining small and clear requirements in a priority order, which have value in themselves, grouped in small iterations, each iteration with a clear deliverable. The key concepts are Clear, Goal and Requirements, Priority, Iteration, and Deliverable. The Product Owner is the sole person responsible of passing on his vision to the Team, and constantly making sure that there is a common understanding about the product amongst the stakeholders and the Team. A project is successful if the Product Owner manages to keep the people involved to be constantly focused on the product’s vision and delivering the most valuable features of it. The Product Owner is also responsible to constantly adjust the product backlog to the changes that occur in the market
no. 29/november, 2014 | www.todaysoftmag.com
(where the product will be placed), in the consumer behavior, in the technologies used. He must be able to prioritize the backlog items so that the product is delivered as soon as possible. Also, the Product Owner should be dedicated to ensuring the team has an appropriate work environment, thus creating the conditions that facilitate the delivery. This is an indirect responsibility shared with the Scrum Master and refers mainly to the alignment of the Scrum Team with the wider organizational environment and processes. All the above should be aligned with the delivery of the product in the most cost efficient manner. The Product Owner should always compare the value that the product features bring with the costs that the feature delivery involves. Actually this is one of the most important KPI, which influences the priority of any feature and also the project maturity and success (if all the important features are delivered and the product is mature, while the cost is lower than the initial estimates, then the project is a success). In Sun Tzu’s Art of War a general is responsible for achieving victory (Goal and Deliverable). This can be achieved through a Clear battle plan, maintaining the army’s morale and dedication, having a good logistics for the army, quality supplies, discipline and clear communication. The general is the only responsible for achieving victory. He is the only one who can give the orders (Requirements) and also the only one who can decide the army’s moves and steps (Priority and Iterations). Sun Tzu presents in detail the “factors” that should be taken into account when a general lays his battle plans: • Moral Influence, described by Sun Tzu as “…I mean that which causes
management
TODAY SOFTWARE MAGAZINE
people to be in harmony with their leaders…” • Weather “…I mean the interaction of natural forces… and the conduct of military operations in accordance with the seasons…” • Terrain “…I mean distances, whether the ground is traversed with ease or difficulty…” • Command “…I mean the general’s qualities of wisdom, sincerity, humanity, courage, and strictness…” • Doctrine “…I mean organization, control, assignment of appropriate ranks to officers, regulation of supply routes, and provision of principal items used by the army.” All of the above apply also to modern days Product Owner which has responsibilities to the team, as well as to the organization that will benefit from the product. Of course, none of the factors applies in the exact manner that is presented by Sun Tzu, but if the reader of his book makes an effort and widen the meaning of the concepts and definitions of Sun Tzu, he will reach to terms like “Leadership”, “Market conditions & trends”, “Consumer behavior”, “Methodology”, “Processes”, which definitely sound more familiar. And one more (very important for me) is the clarity measuring the velocity of a team and how and transparency, in other words sincerity, to improve it). that must be present both for the Product But the most important argument for Owner, as well as for a general. my answer is the fact that a general must be able to identify, measure, and evaluate Art of War - a guidebook for the Product the changes that occur in the war theater and respond quickly to these changes, by Owner Let’s remember the second question adjusting the initial plans. The constant evaluation of the external from above: “Is ‘Sun Tzu’s Art of War’ a guidebook for a PO?” and my answer - Yes. conditions (the enemy) is described by Sun Sun Tzu did more in his book than Tzu: “10. Therefore in laying plans compare to define the general’s role and responsibilities; he also offered details about how the following elements, appraising them to define a victory, what are the strategies with the utmost care. 11. If you say which ruler possesses and tactics, how to make the best use from different resources and military branches. moral influence, which commander is the Along with these he presented the impor- most able, which army obtains the advantance of intelligence for an army, and its tages of nature and the terrain, in which role in adjusting its own strategy to the [army] regulations and instructions are enemy’s, the ability to adjust, to change, better carried out, which troops are the stronger, that is. 12. Which [army] has the better trained The general must be able to maximize the effect of his moves by constantly mini- officers and men; 13. And which administers rewards and mizing the costs. And for this, he receives advice referring to the cost of army food punishments in a more enlightened manner; 14. I will be able to forecast which side that the state must support when the campaign stalls, the time that various branches will be victorious and which defeated.” of his army spend on marches and how to make that more efficient (somehow like
Nowadays the Product Owner should be in contact with the market where the product will be launched, dedicated to the methodology used, monitoring the processes, and constantly informed about the team’s morale and work environment. He also needs to communicate constantly with the team and the stakeholders so that both sides are in a good shape and happy with the work that is being done and with the deliverable. I think that the arguments above convinced you to try and find out more about Sun Tzu’s book and about the role of the Product Owner.
Liviu Ştefăniţă Baiu
liviu.baiu@endava.com Senior Business Consultant @ Endava
www.todaysoftmag.com | no. 29/november, 2014
39
testare
management
Filling the gap between business and technology on automation testing
O
ne of the main challenges that Agile teams are facing is the way it plans the testing activities so that: • the team is actually testing what the Product Owner thought of in the acceptance criteria • it copes with continuously changing requirements • it has a clear overview on how much of the acceptance criteria is being automated tested and finds the right balance between the effort invested in testing (both automated and manual) and the actual importance/impact/risk of the scenario being tested
Automated testing solves the second bit, by having a continuously evolving and repeatable set of tests that can be executed at any time in order to make sure you didn’t break any existing functionality when adding new features. BDD (Behavioral Driven Development) solves the first bit by creating a common language between the Product Owner and the team so that the Product Owner has a full visibility and clear mapping over his acceptance criteria with given-when-then test scenarios, which can be further automated or manually tested (with a very clear traceability at Selenium level by using JBehave). But in order to also solve the third bit, we need something that clearly presents to the PO in a easy to understand, non-technical manner what testing scenarios are being automated, enabling the PO to take risk based decisions on the testing side and better decide with the team what’s worth being automated. This allows a good alignment on the regression testing approach and optimizes the way the PO understands the regression packs by helping him reduce the manual UAT cycles for example.
How?
Spider is based on conventions. The acceptance criteria from the User Stories are transformed in given-when-then test scenarios (GWTs). These GWTs live in JIRA (the tool used for the Agile Project Management) in a testing task linked to the story. Each GWT has an id. The convention here is that this Id should uniquely identify a GWT test scenario for a particular story. Duplicates are not allowed. Using a Java annotation called @Covers we’ll mark the GWTs that are being covered by a particular Selenium test. Spider will generate a report like the following:
When?
Spider can be run at any moment for a particular Sprint. It will just consider stories that have the GWT scenarios created. But in order to actually produce usable results, the recommendation is to run it after the automated tests for the stories in a particular sprint are actually done.
Where?
What?
Spider is a Java tool that I wrote, which solves this third bit. It creates an automation testing coverage report with a clear mapping between the BDD style test scenarios and the actual automated tests (in our case - Selenium tests). Using this report the PO can further decide to raise the automated test coverage in the more risky areas, raise the flag if low impact stories are treated with too much importance or just be happy with what he/she sees :)
40
Spider also computes a Sprint coverage by using an average weight and considering only the Functional stories delivered inside a sprint, it ignores the technical ones. The weighted coverage is calculated taking in consideration the number for story points per each story. For example if we have: • 1 story with 5SP and a coverage of 50% • 1 story with 2SP and a coverage of 100% • 1 story of 8SP and a coverage of 60% The weighted coverage will be: (5*50+2*100+8*60)/(5+2+8)=62%. The second page is a mapping table between the GWT id and the actual Selenium tests that cover it.
Spider is not open source yet and it can only be used in Endava. There are plans to release it as an open source project at some point.
The generated report has a chart displaying how much of a user story is covered by Selenium tests. The green part tells you the actual percent of the coverage from the whole story (the total size of a bar represents the total number of story points).
no. 29/november, 2014 | www.todaysoftmag.com
Mădălin Ilie
mădălin.ilie@endava.com Cluj Java Discipline Lead @ endava
Innovation, entrepreneurship and technologies by
Venue: Cluj Arena, conference hall, 25-26 November 2014, Cluj-Napoca www.itdays.ro - 2 days access, 55 euro + TVA
The Conference Book
Book Sponsors
24th November
The Workshops
Java Performance
Workshop Main Partner
Partners Partners
Supporters
sponsors
powered by