quarta-feira, 10 de agosto de 2016

Mr. Scrum wrote yet another book: "Scrum: The Art of Doing Twice the Work in Half the Time"

Jeff Sutherland (one of the inventors of Scrum) wrote one more book that looks interesting:



Quoting:
"We live in a world that is broken. For those who believe that there must be a more agile and efficient way for people to get things done, here from Scrum pioneer Jeff Sutherland is a brilliantly discursive, thought-provoking book about the leadership and management process that is changing the way we live.

In the future, historians may look back on human progress and draw a sharp line designating “before Scrum” and “after Scrum.” Scrum is that ground-breaking.  It already drives most of the world’s top technology companies. And now it’s starting to spread to every domain where leaders wrestle with complex projects.

If you’ve ever been startled by how fast the world is changing, Scrum is one of the reasons why. Productivity gains of as much as 1200% have been recorded, and there’s no more lucid – or compelling – explainer of Scrum and its bright promise than Jeff Sutherland, the man who put together the first Scrum team more than twenty years ago.

The thorny problem Jeff began tackling back then boils down to this: people are spectacularly bad at doing things with agility and efficiency. Best laid plans go up in smoke. Teams often work at cross purposes to each other. And when the pressure rises, unhappiness soars. Drawing on his experience as a West Point-educated fighter pilot, biometrics expert, early innovator of ATM technology, and V.P. of engineering or CTO at eleven different technology companies, Jeff began challenging those dysfunctional realities, looking  for solutions that would have global impact.

In this book you’ll journey to Scrum’s front lines where Jeff’s system of deep accountability, team interaction, and constant iterative improvement is, among other feats, bringing the FBI into the 21st century, perfecting the design of an affordable 140 mile per hour/100 mile per gallon car, helping NPR report fast-moving action in the Middle East, changing the way pharmacists interact with patients, reducing poverty in the Third World, and even helping people plan their weddings and accomplish weekend chores.

Woven with insights from martial arts, judicial decision making, advanced aerial combat, robotics, and many other disciplines, Scrum is consistently riveting. But the most important reason to read this book is that it may just help you achieve what others consider unachievable – whether it be inventing a trailblazing technology, devising a new system of education, pioneering a way to feed the hungry, or, closer to home, a building a foundation for your family to thrive and prosper."

http://www.barnesandnoble.com/w/scrum-jeff-sutherland/1117655162

Updated - 2018-02-16, Amazon link;

sexta-feira, 5 de agosto de 2016

Security: Magic Quadrants for MSS (remote monitoring or management of IT security functions)

According Gartner: "Managed security services (MSSs) [is defined] as "the remote monitoring or management of IT security functions delivered via shared services from remote security operations centers (SOCs), not through personnel on-site." Therefore, MSSs do not include staff augmentation, or any consulting or development and integration services."

Magic Quadrant reports:
MSS features (service) details:
"MSSs broadly include:

  • Monitored or managed intrusion detection systems (IDSs)
  • Distributed denial of service (DDoS) protection
  • Managed secure messaging gateways
  • Managed secure Web gateways
  • Security information and event management (SIEM)
  • Managed vulnerability scanning of networks, servers, databases or applications
  • Security vulnerability or threat notification services
  • Log management and analysis
  • Reporting associated with monitored/managed devices and incident response."


Portal informativo sobre a ISO27001 (Information Security)

Portal informativo sobre a ISO27001 (Information Security):


Citando:
"A norma ISO 27001 é o padrão e a referência Internacional para a gestão da Segurança da informação, assim como a ISO 9001 é a referência Internacional para a certificação de gestão em Qualidade.

A norma ISO 27001 tem vindo, de forma continuada, a ser melhorada ao longo dos anos e deriva de um conjunto anterior de normas, nomeadamente a ISO 27001 e a BS7799 (British Standards). A sua origem remota na realidade a um documento publicado em 1992 por um departamento do governo Britânico que estabelecia um código de práticas relativas à gestão da Segurança da Informação. "

Online training platforms for the "minimalist training strategy" (from the implementor's perspective)

New (and better) online training platforms are appearing every month, here are a few examples and how could you put them to work for your company (for the best ones, please not that [yearly] fees do apply):

A "minimalist training strategy" from the implementor's perspective - be it a Human Resources department or any other in a services company - could simply be the recommendation for every applicable worker to follow the next simple steps:

- Do your personal training plan (with your manager)
- Assist online (typically on your "extra" time, or you could have a cost centre for reporting effort spent on the individual training)
- Assess your acquired knowledge on those same platforms (online tests) or at external certifications sites (MS, Oracle, ...)
- Your manager should manage the execution of the plan. After all, he's your manager ;)

There are several online tools that streamline the implementation of this "minimalist training strategy". You just have to pay the yearly fee (and configure who has access to it):


This model is interesting to manage some delivery idle times that could be created between the end of a services project and the start of the next one (if you're a software service company), since it is individual and the training can start at any time, any place (no need to wait for the trainer).

Certifications Paths - Development (Examples)

Think "Development" (we could be talking of "Project Management" and related disciplines).

  1. First: Choose what language / platform you want to focus: .Net / MS Technologies? Java? Front-end development? Database? Backend development (including database and/or other persistence means)?
  2. Check the relevant entities providing certifications. 
  3. Choose/plan carefully your certification path,
  4. Start taking the courses (most of them are remote, or can be substitute / sped up by buying the right book)
  5. Propose yourself to the certification exams (so that you can add them to your CV and linkedin profiles). Most exams can now be taken online. There are exams fees (fees vary greatly, starting from a few hundred dollars to... - check if your current company helps you on this or not).
  6. After successful completion: Update your CVs and your professional profiles. 
  7. If you chose well, new job proposals will be coming under way. Do not miss them. 


Examples of certification roadmaps (for Enterprise Application Frameworks):



quinta-feira, 4 de agosto de 2016

3 articles involving NASA and NASA-SEL (software engineeering & process improvement)

3 interesting articles on NASA and the NASA Software Engineering Laboratory (NASA-SEL). Final links are 2 clicks away (sorry I am grouping this info here):
  1. Rise and fall of the NASA-SEL (about process improvement and some pitfalls during the implementation): http://silvaonsoftware.blogspot.pt/2016/08/ieee-xplore-abstract-lessons-learned.html
  2. The code of the Apollo 11 mission (man on the moon mission) was retyped, filled in and published on Github (!): http://everything-techie-under-the-sun.blogspot.pt/2016/07/the-code-that-took-america-to-moon-was.html (this one explains the BURN BABY BURN routine and much more).
  3. And some history on the alarms it raised during the mission: http://silvaonsoftware.blogspot.pt/2016/08/apollo-11-lunar-surface-journal-program.html
  4. A video of the emulator working: https://www.youtube.com/watch?v=hyhI85Rd1kI
Updated: 2018-04-03, emulator video.

IEEE Xplore Abstract - Lessons learned from 25 years of process improvement: the rise and fall of the NASA-SEL

Interesting article on NASA Software Engineering Laboratory (NASA-SEL):

IEEE Xplore Abstract - Lessons learned from 25 years of process improvement: the rise and fall of the NASA software enginee...

Abstract:

"Lessons learned from 25 years of process improvement: The Rise and Fall of the NASA Software Engineering Laboratory. For 25 years the NASA/GSFC Software Engineering Laboratory (SEL) has been a major resource in software process improvement activities. But due to a changing climate at NASA, agency reorganization, and budget cuts, the SEL has lost much of its impact. In this paper we describe the history of the SEL and give some lessons learned on what we did right, what we did wrong, and what others can learn from our experiences. We briefly describe the research that was conducted by the SEL, describe how we evolved our understanding of software process improvement, and provide a set of lessons learned and hypotheses that should enable future groups to learn from and improve on our quarter century of experiences."

PDF: https://www.cs.umd.edu/~basili/publications/proceedings/P94.pdf

Apollo 11 Lunar Surface Journal: Program Alarms (That Occurred During the Mission)

Interesting insights on the Apollo 11 Mission (that took the man to the moon, now that the code was published as it was pointed out), the computer architecture and the assembly programming language that was used with it and some program alarms that it raised during the mission:

quarta-feira, 3 de agosto de 2016

TOOLS: UML tools list

One extensive list of UML tools can be found here:



To check:

  • ArgoUML
  • UMLet


Other already referred here around include:

  • Enterprise Architect - Sparx Systems
  • MagicDraw

terça-feira, 2 de agosto de 2016

Code Review Target Values for Metrics: Example

Targets for code review activities could be set. One example could be (NEOSAT - Phase B example):

Target values for metrics:

MetricReference ValuesMin / Max Values
Defects corrected after document reviews100%Min
Number of tests failing before TRR0Max
Requirements covered by Validation100%Min
Structural analysis: Statement coverage100%Min
Structural analysis: Decision coverage100%Min
Nesting Level5Max
Cyclomatic complexity15Max
LOC per procedure100Max
Code comment frequency20%Min

The SUR (Subject under review) will then have to be scanned regarding whether it meets those requirements or not. Attributes like these could be mandated by international standards, customers, company internal coding standards and/or internal project coding standards / guidelines. 

TOOL: Mind maps online - Mindmup

A fully online (works with keyboard only) for creating (and exporting) mind maps. Integrates with Google Drive and exports to PDF, PNG and Freemind (*.mm) format:

https://www.mindmup.com/

Whenever Freemind or X-Mind is not installed but ideas break (and you have a browser and WWW access available).

(@2016-11-17: Added X-Mind link)

TOOL: Screen shot grabber - Shotty - Overview

Yet another screen shot grabber: Shotty - Overview

Shotty allows you to temporarily host the screen shots under http://images.devs-on.net/en/Default.aspx and a few more providers.

PS. Not to be used if you want to store evidences after the software development project closure (development phase, testing phase) but good enough for some projects where you merely want to attach a screen shot to an issue and you don't have a file server with a network share available to do it.