On Software Development (or "O Sr. SiIva disse..."): 2016-11

Mostrar mensagens com a etiqueta 2016-11. Mostrar todas as mensagens

terça-feira, 3 de abril de 2018

DIGEST: SW Licensing options

An interesting sum-up of some licensing options (http://www.codeproject.com/info/Licenses.aspx) that might be of interest as a first approach to a decision on what license can we apply (or are we obliged to use) when reusing and/or building upon.

Quoting (licenses valid for Code Project):
"

Microsoft Reciprocal License

A Microsoft open license and a free software license . Allows for distribution of derived code so long as the modified source files are included and retain the Ms-RL.

The Code Project Open License (CPOL)

The main points subject to the terms of the License are:

Source Code and Executable Files can be used in commercial applications;
Source Code and Executable Files can be redistributed; and
Source Code can be modified to create derivative works.
No claim of suitability, guarantee, or any warranty whatsoever is provided. The software is provided "as-is".

The Common Development and Distribution License (CDDL)

Based on the Mozilla Public License (MPL) that makes it more applicable for use outside the Mozilla Foundation.

The Microsoft Public License (Ms-PL)

Used by Microsoft. Compiled derived code can be distributed, for both commercial and non-commercial use. If the source code is to be redistributed then a complete copy of this license must be included in the redistribution.

The Mozilla Public License 1.1 (MPL 1.1)

Used by Mozilla and Firefox, among others. The patent clauses are not acceptable to some.

The Common Public License Version 1.0 (CPL)

Derived from the IBM Public License and influenced by the Mozilla Public License, and used by some Microsoft projects on SourceForge.

The Eclipse Public License 1.0

A newer version of the Common Public License that is in some cases more acceptable to business.

The MIT License

A very old license with essentially no restrictions on the use of the code. It also provides very little in the way of protection for authors or users. It is the same as the BSD license without the 'no endorsement' clause.

The BSD License

A very old license with essentially no restrictions on the use of the code. It also provides very little in the way of protection for authors or users. It is the same as the MIT license except that it includes a clause preventing the use of the author's name for endorsement.

The Apache License, Version 2.0

Slightly more restrictive (but still very open) version of the BSD or MIT license that adds patent clauses. Read carefully.

The Creative Commons Attribution-ShareAlike 2.5 License

A license that requires a link be visible on works that use this license. "Share alike" is what it sounds like, you can share this work as long as that work has a license similar to this one.

It is recommended that this license not be used for software.

The zlib/libpng License

A license with an emphasis on freedom of use and re-use, with a few restrictions.

A Public Domain dedication

Not a license, but a dedication to the public domain. All rights are given up and anyone can do anything they wish with the code. Please note this is not a license and provides no guarantees for the user and no indemnities for the author.

The Creative Commons Attribution 3.0 Unported License

This license lets others distribute, remix, tweak, and build upon your work, even commercially, as long as they credit you for the original creation. It is recommendedthat this license not be used for software.

The Creative Commons Attribution-Share Alike 3.0 Unported License

A license that requires a link be visible on works that use this license. "Share alike" is what it sounds like; you can share this work as long as that work has a license similar to this one. It is recommended that this license not be used for software.

The Creative Commons Attribution-NoDerivatives 3.0 Unported

A license which specifies that if you remix, transform, or build upon the material, you may not distribute the modified material. It is recommended that this license not be used for software.

The GNU Lesser General Public License (LGPLv3)

A derivative of the GPL that was intended to allow non-GPL code to work with, and call GPL code. The author of this license asks that you only use this license if you are licensing functionality already commonly available.

Example usage in your code

(Replace 'Foobar' with the name of your product)

This file is part of Foobar.
 
Foobar is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
 
Foobar is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser Public License for more details.
 
You should have received a copy of the GNU Lesser Public License
along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

The GNU General Public License (GPLv3)

A common but misunderstood license. This allows developers to freely use the software as long as they use the same (or an even less restrictive) license for parts of the program that they wrote themselves. Viral in nature. Read carefully and make sure you understand the implications of using this license. Unacceptable to many.

You can write commercial software using software licensed with the GPL, but you cannot write proprietary software (meaning software for which the code is not freely available). You can sell GPL code, even if it's already being given away, or you can sell services attached to the code such as support contracts.

Any software written using GPL'd code must itself be licensed using the GPL (or less restrictive license) meaning it cannot be proprietary. This means that developers writing commercial software may not be able to use GPL code if they do not wish to provide the code.

One important note (thanks to René Pfeiffer): The GPL doesn't require you to publish the source to the world. Only the recipient of the software needs to have the source. If you have a customer, write GPLed software for a specific purpose and only give the binary to this customer, then only this customer must have access to the source code, not everybody and not the public; just the recipient of the (binary) code. This is in full agreement to the GPL. The main advantage is to play with open cards and not create a "blackmail" situation.

At the Code Project we prefer that developers allow other developers to use their freely given code in whatever way they wish - commercial, proprietary, or free for anyone. Our preference is that our authors do not use a GPL-like license.

Example usage in your code

(Replace 'Foobar' with the name of your product)

This file is part of Foobar.
 
Foobar is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
 
Foobar is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

quarta-feira, 1 de novembro de 2017

Security: Cloud security?

Sure! How? Some considerations:
https://www.theregister.co.uk/2017/11/01/how_to_secure_a_softwaredriven_technology_stack_in_a_cloud_of_moving_parts/

Quoting:
"That makes securing the APIs important. Start by authenticating the client, and then enforce SSL encryption to ensure that the client is talking to an authenticated server.

Commercial identity and access management (IAM) tools can handle authentication, meaning that you don’t have to code it directly into the API. This has two advantages. The first is that you don’t have to maintain authentication code that has been implemented in duplicate across a range of applications and interfaces. The second is that you can fold the client/server authentication process into a broader user identification system.

Finally, on the API security side proper vulnerability management and patching of the infrastructure hosting the API is a crucial part of the security process. While APIs may be the major touchpoints for developers and operations staff in a cloud environment, it’s still important to understand and secure each of the layers on which they rely."
(...)
Hardening components at each layer of the technology stack is important. Virtual machines should be security hardened, as should containers.

Other aspects of the cloud stack that should be hardened include your servers, applications and underlying databases. Automate compliance by codifying the rules for hardening your system as configuration parameters into your software. This will be more efficient than imposing security rules as written policies that business departments can ignore.

The hardened configuration can be audited at set intervals to ensure that the system is taking the security measures it is supposed to. If there are any problems, you can use configuration management tools to correct things and ensure that your cloud-based infrastructure is compliant with the necessary rules. This automation concept underpins the DevOps discipline, and it is a crucial part of a cloud deployment.
(...)
"There are broad guidelines you can subscribe to and follow to help secure a cloud-based stack of moving parts. These include the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 that was released in July (...) for OpenStack, Microsoft’s Azure, and Amazon’s AWS.

A mixture of general best practice and platform-specific implementation will help you avoid becoming the next headline."

sexta-feira, 2 de dezembro de 2016

Coding: In C#?

Coding in C#? I've found a good overview (from a Microsoft person, so careful with The bias) that looks like a good summary of where this programming language is going including parallel projects Rosylin, Xamarin, Unity and more:

https://realm.io/news/goto-mads-torgersen-why-take-another-look-at-c-sharp/

segunda-feira, 21 de novembro de 2016

BOOK: Forms that Work - Caroline Jarret | Gerry Gaffney

Designing web pages with usability in mind?
The book "Forms that Work - Designing Web Forms for Usability" by Caroline Jarret and Gerry Gaffney might help.

FFR: https://www.amazon.com/Forms-that-Work-Interactive-Technologies/dp/1558607102

Quoting:
"Forms are everywhere on the web – for registration and communicating, for commerce and government. Good forms make for happier customers, better data, and reduced support costs. Bad forms fill your organization’s databases with inaccuracies and duplicates and can cause loss of potential consumers.

Designing good forms is trickier than people think. Jarrett and Gaffney come to the rescue with Designing Forms that Work, clearly explaining exactly how to design great forms for the web. Liberally illustrated with full-color examples, it guides readers on how to define requirements, how to write questions that users will understand and want to answer, and how to deal with instructions, progress indicators and errors.

Provides proven and practical advice that will help you avoid pitfalls, and produce forms that are aesthetically pleasing, efficient and cost-effective.
Features invaluable design methods, tips, and tricks to help ensure accurate data and satisfied customers.
Includes dozens of examples -- from nitty-gritty details (label alignment, mandatory fields) to visual designs (creating good grids, use of color).
Foreword by Steve Krug, author of the best selling Don't Make Me Think!"

Tools: Code Reviews and Support tools

Why (NOT) Code Reviews?

Code reviews is not the most beloved verification method for a developer (in the end of the day it makes you proof-read others code, and everyone knows that all code other than yours is not good enough - #irony). But remember that Code Reviews are one of the most cost-effective verification methods available: Fixing a bug in software while developing it is way much cheaper than fixing it after the formal testing phases begin (several studies on the subject can be found - just "google" for it).

Also, things that we should bear in mind before we start complaining about having to do code reviews are:

There are things that are much easier to verify looking at the code directly (e.g. correct use of RDBMS transactions) than by integration / system testing. "White box" rules here and saves us hours (as a team - because on some cases we are saving testers' time).
For some critical parts of your code it might be a good idea to have them being checked (read: code reviewed) prior to any deployment to production, e.g., code involved in authentication, authorization, money transfers, etc..

Code Reviews in your QMS/SDP

Your QMS/SDP might have a Verification Process defining a code review procedure on how to conduct code reviews (see "Further Reading"). And how metrics related to code reviews are to be collected (and when, and by whom). Examples are: code review speed, preferably per technology; number of defects detected, number of defects fixed, defect fix cost - e.g. in minutes, etc.

And What About Supporting Tools?

So in order to "reap the benefits" (read: improve SW Quality and save money), give the developer teams a help by supporting the procedure with tools. For instance: Crucible (a plugin to Atlassian JIRA). Or any other. Anything other than making people use printed code and / or word processor annotated documents.

DIGEST: Additional Info on SW Design / Architecture - Further Reading

About SW Design / Architecture (and security as well as performance, quality attributes of architectures):

The VAP info can be found online here (PDF).

Security topic and the embedded link to the Check List repository:

Additional info on Design Patterns, Code Smells, Refactoring (already shown but repeated here for reinforcement or whatever you would like me to call it):

Design patterns: "The index" in Wikipedia is here.
Several books to read, also called "bibles": The GOF book as well as Code Complete 2.
Another interesting resource is sourcemaking.com (Design Patterns, Anti-Patterns and Refactoring / Code Smells).

Performance (but not only) topic:

Performance (and architecture that drives/enables this performance): http://www.javaperformancetuning.com/

DIGEST: Requirements Analysis - Further Reading

Additional info on Requirements Analysis (and SW Requirements):

The requirements analysis "film": http://silvaonsoftware.blogspot.pt/2016/05/process-software-requirements-team.html
To learn some specifics: See your QMS "requirements standard" (INTERNAL; includes best practices and conventions).
Writing good requirements paper here (PDF)
Requirement types: http://silvaonsoftware.blogspot.pt/2016/11/requirements-requirements-types.html
For even further info: Read books on the subject and related subjects: Requirements analysis, requirements engineering, business process analysis (a broader topic), writing good requirements. "Google" and/or "Amazon" them.

(@2016-11-23: Fixed link of Req. Std.; 2017-06-08: fixed link)

terça-feira, 15 de novembro de 2016

TOOLS. Ditto clipboard manager (productivity tools; multi-PC)

Yest another free clipboard manager (see the ARS Clip link here)?
http://ditto-cp.sourceforge.net/

Quoting:

Interesting features:

Keep multiple computer's clipboards in sync (encrypted)
It has a portable installer.

TBC: how does it stack against ARS Clip?

DIGEST: And the fresh LAST links are...

And the last fresh links are indeed these ones:

The productivity Dept. (send me your suggestions, please):

http://silvaonsoftware.blogspot.pt/2016/11/tools-newfilego-productivity-tools-file.html
Search for TOOLS, Productivity here around. And remember to send me info on your suggestions.

Additional info on SW Requirements / Requirements Analysis:

http://silvaonsoftware.blogspot.pt/2016/05/process-software-requirements-team.html
See your QMS "requirements standard" (INTERNAL; includes best practices and conventions).
Read books on the subject and related subjects: Requirements analysis, requirements engineering, business process analysis (a broader topic), writing god requirements. "Google" and/or "Amazon" them.
Writing good requirements paper here (PDF)
Requirement types: http://silvaonsoftware.blogspot.pt/2016/11/requirements-requirements-types.html

About SW Design / Architecture (and security as well as performance, quality attributes of architectures):

The VAP info can be found online here (PDF).

Security topic and the embedded link to the Check List repository:

Additional info on Design Patterns, Code Smells, Refactoring (already shown but repeated here for reinforcement or whatever you would like me to call it):

Design patterns: "The index" in Wikipedia is here.
Several books, also called "bibles": The GOF book as well as Code Complete 2.
Another interesting resource is sourcemaking.com (Design Patterns, Anti-Patterns and Refactoring / Code Smells).

Performance (but not only) topic:

Performance (and architecture that drives/enables this performance): http://www.javaperformancetuning.com/

Additional resources for SW construction:

Additional resources for SW Testing:

http://silvaonsoftware.blogspot.pt/2016/11/sw-testing-list-of-105-software-testing.html

The Agile Dept.:
Agile additional info including the Agile state of scrum report, info on Product vision statements rationale and examples, and additional tools as well as books. You will not die without a pile of stuff to read if you follow these final links:

Digest 1: http://silvaonsoftware.blogspot.pt/2016/09/starting-learning-agile.html
Digest 2: http://silvaonsoftware.blogspot.pt/2016/07/index-agilescrum-index-of-useful-links.html
Digest 3 (ufff): http://silvaonsoftware.blogspot.pt/2016/10/digest-agilescrum-links.html
BOOK http://silvaonsoftware.blogspot.pt/2016/08/mr-scrum-wrote-yet-another-book-scrum.html
The Product Vision "art": http://silvaonsoftware.blogspot.pt/2016/06/about-product-vision.html

And so on. So they say. Happy reading!

(@2017-06-06: fixed req.std.url)

SW Testing: List of 105 Software Testing Tools to Meet Your Testing Objectives - DZone Web Dev

One huge list of software testing (but not only) related tools, FFR:

List of 105 Software Testing Tools to Meet Your Testing Objectives - DZone Web Dev

TOOLS: NewFileGo (productivity tools - File watcher task runner)

From the same supplier of ARS Clip (Clipboard Manager), the NewFileGo is another important productivity enhancer, allowing you to perform a task every time a file appears on a certain location.
For repetitive tasks it's the dream of everyone.

NewFileGo can be downloaded here:
http://www.joejoesoft.com/vcms/170/

FFR

TOOLS: ARS Clip cliboard manager (productivity tools)

ARS clip is THE free, open source (mainly windows-based) clipboard manager: http://www.joejoesoft.com/vcms/97/

Quoting:

Interesting features include:
- Shortcut to recent items as a context menu (Ctrl+Shift+Z)
- Permanent items
- Persistence between restarts
- Stripped down format paste (Ctrl+Shift+V)
- The global shared clipboard (not yet tested by me)

Cons:
- Some minor issues: Slight instability (Windows 8), initial error setting global keyboard hook and some minor problems with OneNote (copied values are always pasted as image in certain apps).

PS. Also from the same supplier, make sure to check a very interesting tool for automating file-based tasks. If you like it, think about making a donation.

TBC: How does is stack against Ditto?

quarta-feira, 9 de novembro de 2016

About long position / titles: Monty Python - Cosmetic Surgery sketch

Everytime I see a long job description like "Senior Security and Software Product Assurance Engineer", I reckon the Monty Python: Cosmetic Surgery sketch:

Quoting:
"(A man sitting behind a desk in a Harley Street consulting room. Close-up of the name plate on desk in front of him. Although the camera does not reveal this for a moment, this name plate, about two inches high, continues all along the desk, off the side of it at the same height and halfway round the room. We start to track along this name plate on which is written:

There is a knock on the door.)"

And this is the video (worthwhile seeing because the title won't fit in the room, so it "curves"):

Do you see what I mean?

segunda-feira, 7 de novembro de 2016

TOOLS: The #StartupStack

Interesting trend and article on the startup stack [software-related tools], i.e. the number of common tools that modern startups use to support them on the most common tasks (like: billing, electronic payments, managing technical work, hiring, etc.).
Modern startups now have these tools for a fraction of the cost it used to cost some years ago...

Details on the Startup Stack:

The #StartupStack (You'll need an account on SlideShare);
And a related article: https://www.techgig.com/tech-news/editors-pick/tools-that-help-startups-scale-effectively-74706.

Happy readings!

SW Construction: Clean Code vs Dirty Code? Good Code vs. Bad Code?

- Discussing the sex of angels.
Could it be the answer to what the question "What is clean code"? Guess not.

The "Clean Code" book author and SW Engineering guru Robert C. Martin asked some other software well-known and deeply experienced programmers what they thought about it. Who are those people?

- Bjarne Stroustrup: inventor of C++ and author of The C++ Programming Language.
- Grady Booch: author of Object Oriented Analysis and Design with Applications.
- Dave Thomas: founder of OTI, godfather of the Eclipse strategy.
- Mike Feathers: author of Working Effectively with Legacy Code.
- Ron Jeffries: author of Extreme Programming Installed and Extreme Programming in C#.
- Ward Cunningham: inventor of Wiki, Fit, coinventor of eXtreme Programming, Motive force behind Design Patterns, Smalltalk and OO thought Leader. The godfather of those who care about code.

If you don't know them [and are interested in building better/cleaner code] maybe it's time to start following them and/or reading to whatever books or initiatives they have been involved in (some of those are listed above).

If you want to know their answers and what the Robert C. Martin "school of thought" thinks about it (to the point of writing an entire +400 pg. book on the subject) maybe you should read the book (Amazon link here).

sexta-feira, 4 de novembro de 2016

TOOLS: SQL Clients AKA DB Tools

A SQL client is, as the name indicates, a client for a SQL Relational Database Management System (RDBMS). It can help you manage (create, read, modify/update, delete) DBs.
Some kind of administration tool is available with each RDBMS (you could have it installed on your computer or only on the server). But sometimes you'll have productivity gains if you use a multi-DB client because using the same SW user interface you will be managing several different DB engines / instances.

Examples of DB Tools include: Aqua Data Studio (Windows, proprietary - this one scripts data into DML SQL statements), Squirrel SQL Client (open source, java-based).

A comparison of DB tools can be found - where else? - in Wikipedia so choose one according to your requirements (and that might be shaped by your budget):
https://en.wikipedia.org/wiki/Comparison_of_database_tools

For SQL Server, as per 2016-11:
SQL Server Management Studio (SSMS)
https://msdn.microsoft.com/en-us/library/mt238290.aspx
SQL Server Management Studio Express

https://technet.microsoft.com/en-us/library/ms365247(v=sql.105).aspx
And a related download - SQL Server 2016 Express (the free DB engine):
https://www.microsoft.com/en-us/download/details.aspx?id=52679

(Updates: @2016-11-08: MS SQL Server example links)

Modelling: EA initial management tasks

Some common management tasks for EA (to be performed by the EA UML repository manager, which could be the Technical Manager of your project) include:

Activate Security - Turn on the option that allows you to define who alters what part of the model and who does not (lock, unlock):
http://www.sparxsystems.com/enterprise_architect_user_guide/8.0/projects_and_teams/usersecurity.html

Managing Users - Create profiles, users belonging to profiles and defining permissions for those:
http://www.sparxsystems.com/enterprise_architect_user_guide/8.0/projects_and_teams/managingusers.html

Import Users from Active Directory - Integrating existing (e.g. domain) users into EA
http://www.sparxsystems.com/enterprise_architect_user_guide/8.0/projects_and_teams/import_user_ids_from_active_di.html

Initial EA Scripts - The DB schema that has to be loaded into the SQL DB initially:
http://silvaonsoftware.blogspot.pt/2016/10/ea-initial-scripts.html

(@2017-06-23: Minor rephrases)

quinta-feira, 3 de novembro de 2016

RESOURCE: "How To Write Unmaintainable Code" (PDF)

Do you like learning while laughing? If so you'll like to read "How To Write Unmaintainable Code". Remember that this is irony and that you'll earn enemies for life if you follow this through.

PDF: https://www.se.rit.edu/~tabeec/RIT_441/Resources_files/How%20To%20Write%20Unmaintainable%20Code.pdf

https://github.com/Droogans/unmaintainable-code

quarta-feira, 2 de novembro de 2016

Stop and smell the... Code

Code Smells? Sometimes the code smells. So should we stop and smell the roses, or shall it be the code?

Quoting Martin Fowler:
"One of the nice things about smells is that it's easy for inexperienced people to spot them, even if they don't know enough to evaluate if there's a real problem or to correct them. I've heard of lead developers who will pick a "smell of the week" and ask people to look for the smell and bring it up with the senior members of the team. Doing it one smell at a time is a good way of gradually teaching people on the team to be better programmers." (Source: http://martinfowler.com/bliki/CodeSmell.html)

More info:
- https://en.wikipedia.org/wiki/Code_smell
- http://mikamantyla.eu/BadCodeSmellsTaxonomy.html
- https://blog.codinghorror.com/code-smells/

A good reference resource (and a company providing consulting services) here: https://sourcemaking.com/refactoring/smells