SW Testing: Introduction to Stateful Property Based Testing

Introduction to Stateful Property Based Testing - Lambda Days 2019



Quoting:

"Property-based testing (PBT) relies on properties which can be written in pseudocode as:

for all (x, y, ...)  
such as precondition(x, y, ...) holds  
property(x, y, ...) is true

Introductory examples usually illustrate the technique with testing a data structure or a function, by recording its inputs and outputs and checking that specified properties are all valid.

Few commonly known examples deal with stateful PBT applied to testing actual live systems. In his talk, Kowal gives such an example. The process involves the identification of properties, building a stateful model of the system under test (SUT), using that model to generate interesting test sequences, running the test sequences on the actual system, comparing at each step of the run the system behaviour and outputs to those predicted by the model, and shrinking failing test sequences to a minimal expression."

SW Testing: Print Screens?

Oh, did I ever tell you you need to take (efficiently) print screens while (manual) testing? Some ideas towards productivity:
https://www.pcmag.com/feature/370572/how-to-take-screenshots-in-windows-10

PS: Also do not forget the utility "mouse without borders" also crucial for testers (with 2 or more PCs and just one mouse).

Documentation: Tracked changes in Google Docs?

Yes. It's called suggestions. Share with Edit permissions. Uncheck the email notifications. Much like MS  Office, comments also exist in Google Docs as well as a Compare option in tools and a revision history (with human readable names that can be set by the user):
https://www.pcmag.com/article/330137/tip-how-to-use-track-changes-in-google-docs

Missing TBC: The Combine (with generated inline tracked changes) option, much useful to know what words changed between 2 revisions when someone forgot (or "forgot") to start tracking changes. If you have PDF versions attempt a conversion of PDF to docx and then combine (Office does it).

Documentation IS part of the configuration of a software so, do learn to use productivity tools. This is why it's called productivity tools.

BOOK: NASA Systems Engineering Handbook, NASA - Amazon.com

Rev1 of SEBoK from NASA (caution, there is a Rev2 and the PDF can be found at NASA sites):

NASA Systems Engineering Handbook, NASA - Amazon.com

Quoting:
"This handbook consists of six core chapters: (1) systems engineering fundamentals discussion, (2) the NASA program/project life cycles, (3) systems engineering processes to get from a concept to a design, (4) systems engineering processes to get from a design to a final product,(5) crosscutting management processes in systems engineering,and (6) special topics relative to systems engineering. These core chapters are supplemented by appendices that provide outlines, examples, and further information to illustrate topics in the core chapters. The handbook makes extensive use of boxes and figures to define, refine, illustrate, and extend concepts in the core chapters without diverting the reader from the main information. The handbook provides top-level guidelines for good systems engineering practices; it is not intended in any way to be a directive."


PDF version: https://www.nasa.gov/feature/release-of-revision-to-the-nasa-systems-engineering-handbook-sp-2016-6105-rev-2

SW Construction: Java 13

One of the most popular Enterprise Application Framework is being updated, again. Details here:

"Java 13 is released in less than a month. As usual I'm listing all the new performance features in the release, just as I now do every 6 months with each new Java version. The new features, the performance benefits from each feature, and how to use the feature.

Java 13 is pretty light on performance features, but one specifically is worth knowing about ... read on at ""

http://www.javaperformancetuning.com/news/news225.shtml

Metrics: Software Development Performance Index (SDPI)

Software Development Performance Index (SDPI) for measuring Agile Teams performance.
The concept and principle is described in this whitepaper of "The impact of Agile Quantified" (from the Software Engineering Institute, the organization managing the CMMI model:

• https://www.ca.com/content/dam/ca/us/files/white-paper/the-impact-of-agile-quantified.pdf
• https://www.agilealliance.org/resources/sessions/the-impact-of-agile-quantified-a-de-mystery-thriller/

BOOK: Software Testing Foundations, 4th Edition: A Study Guide for the Certified Tester Exam (Rocky Nook Computing): Andreas Spillner, Tilo Linz, Hans Schaefer: 9781937538422: Amazon.com: Books

A book about SW testing according to the International Software Testing Qualifications Board (ISTQB):

Software Testing Foundations, 4th Edition: A Study Guide for the Certified Tester Exam (Rocky Nook Computing): Andreas Spillner, Tilo Linz, Hans Schaefer: 9781937538422: Amazon.com: Books

Quoting:
"Professional testing of software is an essential task that requires a profound knowledge of testing techniques. The International Software Testing Qualifications Board (ISTQB) has developed a universally accepted, international qualification scheme aimed at software and system testing professionals, and has created the Syllabi and Tests for the Certified Tester. Today about 300,000 people have taken the ISTQB certification exams. The authors of Software Testing Foundations, 4th Edition, are among the creators of the Certified Tester Syllabus and are currently active in the ISTQB. This thoroughly revised and updated fourth edition covers the "Foundations Level" (entry level) and teaches the most important methods of software testing. It is designed for self-study and provides the information necessary to pass the Certified Tester-Foundations Level exam, version 2011, as defined by the ISTQB. Also in this new edition, technical terms have been precisely stated according to the recently revised and updated ISTQB glossary."

Agile: Crystal Methods

Crystal is one Agile methodology born in the mid-90s and still used today in some railway projects:

Crystal Methods - Wikiversity


Quoting:

"Crystal methods are a family of methodologies (the Crystal family) that were developed by Alistair Cockburn in the mid-1990s. The methods come from years of study and interviews of teams by Cockburn. Cockburn’s research showed that the teams he interviewed did not follow the formal methodologies yet they still delivered successful projects. The Crystal family is Cockburn’s way of cataloguing what they did that made the projects successful.

Crystal methods are considered and described as “lightweight methodologies”. The use of the word Crystal comes from the gemstone where, in software terms, the faces are a different view on the “underlying core” of principles and values. The faces are a representation of techniques, tools, standards, and roles.

Methodology, techniques, and policies are differentiated between by Cockburn:

• Methodology - set of elements (e.g. practices, tools)
• Techniques - skill areas (e.g. developing use cases)
• Policies - dictate organizational musts

Crystal methods are focused on:

1. People
2. Interaction
3. Community
4. Skills
5. Talents
6. Communications

Cockburn says that Process, while important, should be considered after the above as a secondary focus. The idea behind the Crystal Methods is that the teams involved in developing software would typically have varied skill and talent sets and so the Process element isn’t a major factor.

Since teams can go about similar tasks in different ways, the Crystal family of methodologies are very tolerant to this which makes the Crystal family one of the easiest agile methodologies to apply.

In his research, Cockburn [1999], he defines behaviour of people in teams:

• “People are communicating beings, doing best face-to-face, in person, with real-time question and answer.”
• “People have trouble acting consistently over time.”
• “People are highly variable, varying from day to day and place to place.”
• “People generally want to be good citizens, are good at looking around, taking initiative, and doing ‘whatever is needed’ to get the project to work.”

The points above are why Crystal methods are so flexible and why they avoid strict and rigid processes typically found in older methodologies."

There are several variants of the method and the set of methodologies is sometimes called "Crystal xx". For more details follow the lin k above.  

SW Development: Error budgets?

Just sharing this article with thoughts about conflicts with Devs, Ops /DevOps and about error budgets:

DevOps = Dev + ErrorBudget + Ops - Expedia Group Technology - Medium

Quoting:
"It wasn't until I learned about Error Budgets that I
realized exactly how dev and ops could merge into an effective
"devops", and I've written about that in my latest article https://medium.com/expedia-group-tech/devops-dev-errorbudget-ops-9441e94ff698 "
(...)
"There’s a lovely description in chapter 3, Embracing Risk of Google’s Site Reliability Engineering book which I will quote here:

For example, if product development wants to skimp on testing or increase push velocity and SRE is resistant, the error budget guides the decision. When the budget is large, the product developers can take more risks. When the budget is nearly drained, the product developers themselves will push for more testing or slower push velocity, as they don’t want to risk using up the budget and stall their launch. In effect, the product development team becomes self-policing. They know the budget and can manage their own risk. (Of course, this outcome relies on an SRE team having the authority to actually stop launches if the SLO is broken.)"

SAFETY-CRITICAL: Safety-Critical Computer Systems (BOOK)

For systems engineering, another "bible" (costing ~500USD new):
Amazon.com: Buying Choices: Safety Critical Computer Systems

PS: Look at the price, new! :)

Security: A proactive approach to more secure code (MSRC, article)

Security starts at the coding activity... See he quote:

A proactive approach to more secure code – Microsoft Security Response Center

Quoting:

"Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and with a CVE assigned are caused by developers inadvertently inserting memory corruption bugs into their C and C++ code. As Microsoft increases its code base and uses more Open Source Software in its code, this problem isn’t getting better, it’s getting worse. And Microsoft isn’t the only one exposed to memory corruption bugs—those are just the ones that come to MSRC."

The PDF presentation can be found here:

https://github.com/microsoft/MSRC-Security-Research/raw/master/presentations/2019_02_BlueHatIL/2019_01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf

FUN: eXtreme Go Horse (XGH) - GO HORSE PROCESS

Almost as fun as the POG (which is in Brasilian Portuguese, sorry guys)? Maybe so:

eXtreme Go Horse (XGH) - GO HORSE PROCESS

Quoting:

"1- Pensou, não é XGH.

XGH não pensa, faz a primeira coisa que vem à mente. Não existe segunda opção, a única opção é a mais rápida.

2- Existem 3 formas de se resolver um problema, a correta, a errada e a XGH, que é igual à errada, só que mais rápida.

XGH é mais rápido que qualquer metodologia de desenvolvimento de software que você conhece (Vide Axioma 14).

3- Quanto mais XGH você faz, mais precisará fazer.

Para cada problema resolvido usando XGH, mais uns 7 são criados. Mas todos eles serão resolvidos da forma XGH. XGH tende ao infinito.

4- XGH é totalmente reativo.

Os erros só existem quando aparecem.

5- XGH vale tudo, só não vale dar o toba.

Resolveu o problema? Compilou? Commit e era isso.

6- Commit sempre antes de update.

Se der merda, a sua parte estará sempre correta.. e seus colegas que se fodam.

7- XGH não tem prazo.

Os prazos passados pelo seu cliente são meros detalhes. Você SEMPRE conseguirá implementar TUDO no tempo necessário (nem que isso implique em acessar o BD por um script malaco).

8- Esteja preparado para pular fora quando o barco começar a afundar… ou coloque a culpa em alguém ou algo.

Pra quem usa XGH, um dia o barco afunda. Quanto mais o tempo passa, mais o sistema vira um monstro. O dia que a casa cair, é melhor seu curriculum estar cadastrado na APInfo, ou ter algo pra colocar a culpa.

9- Seja autêntico, XGH não respeita padrões.

Escreva o código como você bem entender, se resolver o problema, commit e era isso.

10- Não existe refactoring, apenas rework.

Se der merda, refaça um XGH rápido que solucione o problema. O dia que o rework implicar em reescrever a aplicação toda, pule fora, o barco irá afundar (Vide Axioma 8).

11- XGH é totalmente anárquico.

A figura de um gerente de projeto é totalmente descartável. Não tem dono, cada um faz o que quiser na hora que os problemas e requisitos vão surgindo (Vide Axioma 4).

12- Se iluda sempre com promessas de melhorias.

Colocar TODO no código como uma promessa de melhoria ajuda o desenvolvedor XGH a não sentir remorso ou culpa pela cagada que fez. É claro que o refactoring nunca será feito (Vide Axioma 10).

13- XGH é absoluto, não se prende à coisas relativas.

Prazo e custo são absolutos, qualidade é totalmente relativa. Jamais pense na qualidade e sim no menor tempo que a solução será implementada, aliás… não pense, faça!

14- XGH é atemporal.

Scrum, XP… tudo isso é modinha. O XGH não se prende às modinhas do momento, isso é coisa de viado. XGH sempre foi e sempre será usado por aqueles que desprezam a qualidade.

15- XGH nem sempre é POG.

Muitas POG’s exigem um raciocínio muito elevado, XGH não raciocina (Vide Axioma 1).

16- Não tente remar contra a maré.

Caso seus colegas de trabalho usam XGH para programar e você é um coxinha que gosta de fazer as coisas certinhas, esqueça! Pra cada Design Pattern que você usa corretamente, seus colegas gerarão 10 vezes mais código podre usando XGH.

17- O XGH não é perigoso até surgir um pouco de ordem.

Este axioma é muito complexo, mas sugere que o projeto utilizando XGH está em meio ao caos. Não tente por ordem no XGH (Vide Axioma 16), é inútil e você pode jogar um tempo precioso no lixo. Isto fará com que o projeto afunde mais rápido ainda (Vide Axioma 8). Não tente gerenciar o XGH, ele é auto suficiente (Vide Axioma 11), assim como o caos.

18- O XGH é seu brother, mas é vingativo.

Enquanto você quiser, o XGH sempre estará do seu lado. Mas cuidado, não o abandone. Se começar um sistema utilizando XGH e abandoná-lo para utilizar uma metodologia da moda, você estará fudido. O XGH não permite refactoring (vide axioma 10), e seu novo sistema cheio de frescurites entrará em colapso. E nessa hora, somente o XGH poderá salvá-lo.

19- Se tiver funcionando, não rela a mão.

Nunca altere, e muito menos questione um código funcionando. Isso é perda de tempo, mesmo porque refactoring não existe (Vide Axioma 10). Tempo é a engrenagem que move o XGH e qualidade é um detalhe desprezível.

20- Teste é para os fracos.

Se você meteu a mão num sistema XGH, é melhor saber o que está fazendo. E se você sabe o que está fazendo, vai testar pra que? Testes são desperdício de tempo, se o código compilar, é o suficiente.

21- Acostume-se ao sentimento de fracasso iminente.

O fracasso e o sucesso andam sempre de mãos dadas, e no XGH não é diferente. As pessoas costumam achar que as chances do projeto fracassar utilizando XGH são sempre maiores do que ele ser bem sucedido. Mas sucesso e fracasso são uma questão de ponto de vista. O projeto foi por água abaixo mas você aprendeu algo? Então pra você foi um sucesso!

22- O problema só é seu quando seu nome está no Doc da classe.

Nunca ponha a mão numa classe cujo autor não é você. Caso um membro da equipe morra ou fique doente por muito tempo, o barco irá afundar! Nesse caso, utilize o Axioma 8."

10 Common Concurrency Models (Video)

Quoting Java Performance Newsletter:
""The 10 Common Concurrency Models" from this month's Devoxx
https://www.youtube.com/watch?v=PNx9WqQ9QeA
is just a 15 minute whirlwind tour that explains why there are so many
of these models for you to choose from, yet without a clear winner."

Logging: Flogger

https://www.infoq.com/news/2019/04/java-logging-framework-flogger

Quoting:
"new open-source Java logging framework called Flogger. Acknowledging that "[t]he field of open-source Java logging APIs is already extremely crowded", Google asserts that Flogger offers "many benefits over existing logging APIs". These improvements include reducing the cost of disabled log statements, increasing overall readability, and allowing extensibility.

Flogger, a portmanteau of fluent and logger, argues that one of its main benefits is "[l]ogging at disabled levels is effectively free." Whereas other logging frameworks may generate bytecode for disabled logging statements, Flogger aims to completely avoid it.

More specifically, logging frameworks typically utilize varargs to accommodate the unknown number of parameters in a logging method call rather than having hundreds or even thousands of different and unpredictable method signatures. This use of varargs results in additional bytecode, particularly to allocate an Object[] for storing the varargs. While additional bytecode doesn’t typically warrant concern, it becomes particularly important in applications with very fine-grained logging statements or logging statements that occur in loops."

SW Development: WASI spec for all devices, computers, operating systems

Mozilla tries to do Java as it should have been – with a WASI spec for all devices, computers, operating systems • The Register


Quoting:

"Mozilla this week announced a project called WASI (WebAssembly System Interface) to standardize how WebAssembly code interacts with operating systems. If the project succeeds, it will do what Oracle's Java Virtual Machine does, but better and more broadly.

WebAssembly, or WASM, is a binary format for a virtual machine that can run across multiple hardware architectures. WASM code can be produced from various programming languages like C/C++, Go, and Rust as a compilation target.

WebAssembly has been adopted by all the major web browsers, but it doesn't yet have a standard way to run outside the browser. That's where WASI comes in.

"Code outside of a browser needs a way to talk to the system  –  a system interface," explains Mozilla software engineer Lin Clark in a blog post. "And the WebAssembly platform doesn’t have that yet."

What's up with WASM?

With WASI, WASM code will be able run in the browser or any compliant environment, allowing language agnostic, cross-platform application deployment. Where Portable Operating System Interface (POSIX) provides a way to make source code portable across Unix-like operating systems, WASI aims to make compiled binaries portable across devices and operating systems. It promises a universal runtime that runs at near-native speed.

The Java Virtual Machine (JVM) serves the same purpose but you can't run Java code in a browser without a plugin. And while the language flexibility offered by the WebAssembly platform may be achievable in Java via the GraalVM, the Java ecosystem, open though it may be, still stands in the shadow of Oracle and its claims on Java-related IP.

WASM, being memory safe and tuned for validation, also has security advantages over Java applets, though it still may be vulnerable to control flow hijacking. It also plays nicer with languages like C/C++ and Rust."

Security: WebAuthn what?

This:

https://www.w3.org/TR/webauthn/

Quoting:
"The below use case scenarios illustrate use of two very different types of authenticators, as well as outline further scenarios. Additional scenarios, including sample code, are given later in §12 Sample Scenarios.

1.2.1. Registration

On a phone:

User navigates to example.com in a browser and signs in to an existing account using whatever method they have been using (possibly a legacy method such as a password), or creates a new account.

The phone prompts, "Do you want to register this device with example.com?"

User agrees.

The phone prompts the user for a previously configured authorization gesture (PIN, biometric, etc.); the user provides this.

Website shows message, "Registration complete."

1.2.2. Authentication

On a laptop or desktop:

User pairs their phone with the laptop or desktop via Bluetooth.

User navigates to example.com in a browser and initiates signing in.

User gets a message from the browser, "Please complete this action on your phone."

Next, on their phone:

User sees a discrete prompt or notification, "Sign in to example.com."

User selects this prompt / notification.

User is shown a list of their example.com identities, e.g., "Sign in as Alice / Sign in as Bob."

User picks an identity, is prompted for an authorization gesture (PIN, biometric, etc.) and provides this.

Now, back on the laptop:

Web page shows that the selected user is signed in, and navigates to the signed-in page. (...)"

Security: Passwords and more...

... passwords. A list of the 100000 most common of them BTW:
https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere

Quoting:
"I'm a developer. What should I do with these files?

If your product is unlikely to have access to the internet when deployed (or you don't want to rely on an external service), you can include a check against one of these files in your authentication flow. It's up to you how you handle cases where the password matches one of these, but you should enable users to use tools such as password managers.

If you can make use of an external service, there are options such as Troy Hunt's Pwned Passwords API. Troy has written a really good blogcovering how different companies have implemented this feature, that may help you to design your own flow.

Alternatively, look at ways to reduce the load on your users by looking at alternative authentication flows (like supporting single sign-on), and by keeping an eye on upcoming standards such as WebAuthn - we'll have more on this in the future."

Security: What Are The Most Secure Programming Languages (State of Open Source Security Report)

A report on "security of programming languages" used in open source.

Quoting:
"Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another.
We decided to address this debate and put it to the test by researching WhiteSource’s comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why."

What Are The Most Secure Programming Languages

To download the report: https://resources.whitesourcesoftware.com/blog-whitesource/is-one-language-more-secure

Quoting:

"Language vulnerabilities

Let’s look at the list from the report and break it down.
Total reported open source vulnerabilities per language:

1. C (46.9%)
2. PHP (16.7%)
3. Java (11.4%)
4. JavaScript (10.2%)
5. Python (5.45%)
6. C++ (5.23%)
7. Ruby (4.25%)

WhiteSource pulled their info from their database which includes multiple sources including “the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source project issue trackers”."

Quote Source: https://jaxenter.com/security-vulnerabilities-languages-157038.html

Scrum: Technical Debt and Tetris?

An interesting analogy that involves... TETRIS!!!
The simple idea is that lines with holes in Tetris (that will not disappear) might eventually pile up until you're... dead!
Game over.
Just like technical debt in "scrappy" Scrum:

Technical Debt is like Tetris – Eric Higgins – Medium

Security: The "cheap" that might be expensive?

The "cheap" that might be expensive? Password security implemented by juniors "smells" bad?

Study shows programmers will take the easy way out and not implement proper password security | ZDNet

Quoting:
"Of the 260 developers, only 43 took up the job, which involved using technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component.

Of the 43, academics paid half of the group with €100, and the other half with €200, to determine if higher pay made a difference in the implementation of password security features.

Further, they divided the developer group a second time, prompting half of the developers to store passwords in a secure manner, and leaving the other half to store passwords in their preferred method --hence forming four quarters of developers paid €100 and prompted to use a secure password storage method (P100), developers paid €200 and prompted to use a secure password storage method (P200), devs paid €100 but not prompted for password security (N100), and those paid €200 but not prompted for password security (N200)."
(...)
"Of the secure password storage systems developers chose to implement for this study, only the last two, PBKDF2 and Bcrypt, are considered secure.

8 - Base64
10 - MD5
1 - SHA-1
3 - 3DES
3 - AES
5 - SHA-256
1 - HMAC/SHA1
5 - PBKDF2
7 - Bcrypt"

SW Construction: Good code?

Principles, books, tools for productivity and metrics and more:
https://www.dotnetcurry.com/patterns-practices/1358/code-quality-tools

SW Construction: The bots that help improving Facebook's Code - IEEE Spectrum

Meet the Bots That Review and Write Snippets of Facebook's Code - IEEE Spectrum



Quoting:

"A null pointer exception is like having the address to a house that was never built. It means a programmer has referred to an object that doesn’t actually exist because it was never described in the code. Null pointers are extremely common and relatively easy to fix—easy enough to be boring, in fact.

Unfortunately, the tedious work of finding and fixing errors like these still takes up much of a developer’s time and mental energy. A 2016 evaluation of 1,000 Android apps [PDF] found that null pointers caused more crashes than any other kind of error, including illegal arguments, array index out of bounds exceptions, and bad tokens.

To make its developers’ jobs more rewarding, Facebook is now using two automated tools called Sapienz and SapFix to find and repair low-level bugs in its mobile apps. Sapienz runs the apps through many tests to figure out which actions will cause it to crash. Then, SapFix recommends a fix to developers, who review it and decide whether to accept the fix, come up with their own, or ignore the problem. "
(...)
"Facebook’s developers make more than 100,000 commits every week, and the Facebook app for Android contains millions of lines of code. Sapienz runs hundreds of emulators around the clock to review code before and after it’s shipped, conducting tens of thousands of tests every day. "

SW Construction: Julia fastest-growing new programming language?

O "índice de macheza" da sua linguagem de programação, TIOBE Index, traz novidades:

Stats chart rapid rise in 2018 for Julia programming language
Is Julia fastest-growing new programming language? Stats chart rapid rise in 2018 | ZDNet

BOOK: Continuous Delivery Handbook: Non Programmer’s Guide to DevOps, Microservices and Kubernetes (Stephen Fleming)

Amazon.com: Continuous Delivery Handbook : Non Programmer’s Guide to DevOps, Microservices and Kubernetes eBook: Stephen Fleming: Kindle Store

Quoting;

"(...) after going through this guide you would be able to appreciate Continuous Delivery through DevOps, Microservices and other related concepts like Kanban, Scrum, Agile, SOA, Monolith Architecture, DevOps, Docker, Kubernetes etc.

-      This guide will clarify your conceptual queries with case studies, examples and diagrams.

-      You would also get to know about the leaders in DevOps and Microservices adoption and impact it had on the overall agility and hyper-growth of the adopters. This book covers the complete lifecycle for your understanding like Integrating, Testing, Deploying DevOps and Microservices architecture and the Security concerns while deploying it.

-      I am confident that after going through the book you would be able to navigate the discussion with any stakeholder and take your agenda ahead as per your role. Additionally, if you are new to the industry, and looking for an application development job, this book will help you to prepare with all the relevant information and understanding of the topic.

-      So, as Charles Darwin Said “It is not the strongest of the species that survive, or the most intelligent, but the one most responsive to change.” Be adaptive to the changes in the software Development Industry and ride ahead with Continuous Delivery."

GLS: A Glossary of Computer System Software Development Terminology (8/95) from... FDA

Inspection Guides > Glossary of Computer System Software Development Terminology (8/95)

...And a list of sources (standards and books) for those terms FFR, quoting:

"The terms are defined, as much as possible, using available standards. The source of such definitions appears immediately following the term or phrase in parenthesis, e.g. (NIST). The source documents are listed below.

The New IEEE Standard Dictionary of Electrical and Electronics Terms, IEEE Std. 100-1992.

IEEE Standards Collection, Software Engineering, 1994 Edition, published by the Institute of Electrical and Electronic Engineers Inc.

National Bureau of Standards [NBS] Special Publication 500-75 Validation, Verification, and Testing of Computer Software, 1981.

Federal Information Processing Standards [FIPS] Publication 101, Guideline For Lifecycle Validation, Verification, and Testing of Computer Software, 1983.

Federal Information Processing Standards [FIPS] Publication 105, Guideline for Software Documentation Management, 1984.

American National Standard for Information Systems, Dictionary for Information Systems, American National Standards Institute, 1991.

FDA Technical Report, Software Development Activities, July 1987.

FDA Guide to Inspection of Computerized Systems in Drug Processing, 1983.

FDA Guideline on General Principles of Process Validation, May 1987.

Reviewer Guidance for Computer Controlled Medical Devices Undergoing 510(k) Review, Office of Device Evaluation, CDRH, FDA, August 1991.

HHS Publication FDA 90-4236, Preproduction Quality Assurance Planning.

MIL-STD-882C, Military Standard System Safety Program Requirements, 19JAN1993.

International Electrotechnical Commission, International Standard 1025, Fault Tree Analysis.

International Electrotechnical Commission, International Standard 812, Analysis Techniques for System Reliability - Procedure for Failure Mode and Effects Analysis [FMEA].

FDA recommendations, Application of the Medical Device GMP to Computerized Devices and Manufacturing Processes, May 1992.

Pressman, R., Software Engineering, A Practitioner's Approach, Third Edition, McGraw-Hill, Inc., 1992.

Myers, G., The Art of Software Testing, Wiley Interscience, 1979.

Beizer, B., Software Testing Techniques, Second Edition, Van Nostrand Reinhold, 1990.

Additional general references used in developing some definitions are:

Bohl, M., Information Processing, Fourth Edition, Science Research Associates, Inc., 1984.

Freedman, A., The Computer Glossary, Sixth Edition, American Management Association, 1993.

McGraw-Hill Electronics Dictionary, Fifth Edition, 1994, McGraw-Hill Inc.

McGraw-Hill Dictionary of Scientific & Technical Terms, Fifth Edition, 1994, McGraw-Hill Inc..

Webster's New Universal Unabridged Dictionary, Deluxe Second Edition, 1979."

TOOL: Git Sparse Checkout

Git repos are cloned fully. And your disk space goes down the drain in this process (if you're working in a lot of complex projects). What if you need only a set of files from a repo? You can use a client (like the web-based bitbucket) to locate and download (one by one). Or enter Git Sparse Checkout:

Using Git Sparse Checkout

REUSE: Route Calculations with TomTom Maps APIs

Route Calculations with TomTom Maps APIs - CodeProject

Quoting:
"The TomTom route mapping engine is immensely powerful, and with the recent announcement that the TomTom APIs are available for developers to integrate into their applications, you can now harness the power of the routing engine and share it with your consumers.
In this article, I’m going to introduce you to the Routing API with a few examples. We’ll also discuss consumption models for gasoline and electric vehicles and use these models to plot the best route for your vehicle.
Finally, we’ll talk about the different route types which you can request from the API, and I’ll provide links to additional documentation and tools to help you learn more and take the next steps."

More of the kind: https://www.codeproject.com/Articles/1273831/Maximizing-Electric-Mobility-with-TomTom-Maps-AP-2

LIST: Top 5 JavaScript IDEs

For future reference:
Top 5 JavaScript IDEs - JAXenter

LIST: Top 5 IDEs and code editors for Python

For future reference:

Top 5 IDEs and code editors for Python - JAXenter

Maintainability: A promising new metric to track maintainability

A promising new metric to track maintainability - JAXenter

Quoting:
"[A] new metric to track maintainability.

A good metric to measure software maintainability is the holy grail of software metrics. What we would like to achieve with such a metric is that its values more or less conform with the developer’s own judgment of the maintainability of their software system. If that would succeed we could track that metric in our nightly builds and use it as the canary in the coal mine. If values deteriorate it is time for refactoring. We could also use it to compare the health of all the software systems within an organization. And it could help to make decisions about whether it is cheaper to rewrite a piece of software from scratch instead of trying to refactor it.

A good starting point for achieving our goals is to look at metrics for coupling and cyclic dependencies. High coupling will definitely affect maintainability in a negative way. The same is true for big cyclic group of packages/namespaces or classes. Growing cyclic coupling is a good indicator for structural erosion. (...)"
(...)
"Try it yourself

Now you might wonder what this metric would say about the software you are working on. You can use our free tool Sonargraph-Explorer to compute the metric for your system written in Java, C# or Python. 

 is currently only considered for Java and C#. For systems written in C or C++ you would need our commercial tool Sonargraph-Architect."

BOOK: Algorithms, 4th Edition by Robert Sedgewick and Kevin Wayne

A book on algorithms. Remember to explore this Princeton university site for more information will you?



This is the online version: Algorithms, 4th Edition by Robert Sedgewick and Kevin Wayne



Quoting:

"Textbook. 

 The textbook Algorithms, 4th Edition by Robert Sedgewick and Kevin Wayne [ Amazon · Pearson · InformIT ] surveys the most important algorithms and data structures in use today. We motivate each algorithm that we address by examining its impact on applications to science, engineering, and industry. The textbook is organized into six chapters:

• Chapter 1: Fundamentals introduces a scientific and engineering basis for comparing algorithms and making predictions. It also includes our programming model.
• Chapter 2: Sorting considers several classic sorting algorithms, including insertion sort, mergesort, and quicksort. It also features a binary heap implementation of a priority queue.
• Chapter 3: Searching describes several classic symbol-table implementations, including binary search trees, red–black trees, and hash tables.
• Chapter 4: Graphs surveys the most important graph-processing problems, including depth-first search, breadth-first search, minimum spanning trees, and shortest paths.
• Chapter 5: Strings investigates specialized algorithms for string processing, including radix sorting, substring search, tries, regular expressions, and data compression.
• Chapter 6: Context highlights connections to systems programming, scientific computing, commercial applications, operations research, and intractability.

Booksite. 

 Reading a book and surfing the web are two different activities: This booksite is intended for your use while online (for example, while programming and while browsing the web); the textbook is for your use when initially learning new material and when reinforcing your understanding of that material (for example, when reviewing for an exam). The booksite consists of the following elements:

• Excerpts. A condensed version of the text narrative, for reference while online.
• Java code. The algorithms and clients [ algs4 · github ] in this textbook.
• Exercise solutions. Solutions to selected exercises.

For students:

• Java. Here are instructions for setting up an IntelliJ-based Java programming environment for Mac OS X, Windows, and Linux.
• Lecture videos. The deluxe edition includes professionally produced lecture videos.
• Online course. You can take our free Coursera MOOCs Algorithms, Part I andAlgorithms, Part II.

For instructors:

• To adopt. You can request an examination copy or ask the authors for more information. Here is the preface. ACM/IEEE cites COS 226 as a course exemplar in CS2013.
• Course materials. Lecture slides (in Keynote format) are available by request for instructors who adopt the textbook.

"

BOOK: Optimizing Java

An interview with the authors can be found here:

https://www.infoq.com/articles/book-review-optimizing-java

Quoting:
"Key Takeaways

Performance tuning in Java is an experimental science.

There are no magic “go faster” command-line switches for the JVM.

There are no “tips and tricks” to make Java run faster.

The execution speed of Java code is highly dynamic and fundamentally depends on the underlying JVM.

The behavior of JIT-compiled code is significantly more important than the interpreter itself.

This book offers both theory and practice on how to performance tune in Java.

This is a comprehensive book that represents a tutorial for beginners and a reference for experienced Java performance tuning practitioners."

See also: JITwatch