The Developer/Non-Developer Impedance Mismatch

Most software developers have probably heard of and even had experiences with the
object-relational impedance mismatch (often addressed with
ORM tools), the
object-XML impedance mismatch (often addressed with
OXM tools), and even the
developer-DBA impedance mismatch. I don’t believe that these impedance mismatches are as difficult as they are
sometimes made out to be, but for those wishing to mitigate them, we have tools such as
Java Persistence API implementations and
JDO implementations for dealing with the object-relational mismatch (and some of the developer-DBA impedance mismatch) and similarly have approaches such as
JAXB,
XMLBeans,
JiBX and
Apache Commons Digester for dealing with the object-XML mismatch (and .NET’s
LINQ deals with both
ORM and
OXM mismatches). At this point in my career, I believe the developer/non-developer impedance mismatch is perhaps the most frustrating impedance mismatch I have run into.


Although there are numerous tools and approaches for dealing with these other types of impedance mismatches, it seems we’re woefully short on similarly powerful tools, approaches, and
proven practices (my new preferred term for what I think "
best practices" was originally intended to mean) for dealing with the developer/non-developer mismatch. In this post, I look at some of the most common areas of developer/non-developer mismatch and speculate as to why they occur and what can be done to address these specific areas of developer/non-developer impedance mismatch.

Sadly, we have much less control over the developer/non-developer impedance mismatch than we do over object-relational or object-XML impedance mismatches. Although in general things like improved communication and education can help, these answers are not as tangible as the ones we’re used to for dealing with other types of software development impedance mismatches. As difficult as it is to deal with the developer/non-developer impedance mismatch, we must do so because there are numerous significant stakeholders in the software development process that are not necessarily developers (managers, clients, testers, customers, business analysts, sales people, and more). 


DRY Principle / Modularity

Almost to a fault, developers have generally adopted (at least in a theory if not always in practice) the DRY (
Don’t Repeat Yourself) principles coined in the often-referenced book
The Pragmatic Programmer: From Journeyman to Master. Although the term was coined in this 1999 book, the practice had been one that developers for decades had understood to some degree. Regardless of native spoken language or favorite programming language, developers today widely recognize virtues of some degree of DRY-ness. There may be
some debate as to what level this should be taken (I’ve seen it taken past the point of common sense), but most of us agree with the perils of repeated documentation at different levels of the software product or of repeated code (
copy-and-paste development).

Benjamin Denckla, in the post "
Faith in DRY; no hope for software," writes, "Today we produce software through a laborious, undisciplined process that combines the low quality work of many with the heroic high quality work of a few. … Not enough people believe in DRY and other good practices like it." I believe this is especially true when one considers the non-developers involved in a software development project. In my experience, the developers generally do see the value in some significant degree of DRY, but non-developer stakeholders see little value in DRY principles.

For purposes of this discussion, I’m including modularity in what I’m calling DRY practices. Most developers know there are numerous reasons to not copy-and-paste the same code into multiple places. For many decades, developers have known to place reusable code in methods, functions, modules, or other constructs that allow the same code to be used in multiple contexts and situations. It doesn’t take long for this to become second nature to the experienced developer. Sadly, many non-developers seem to not acknowledge the risks and problems associated with redundant information copied from place to place or believe these risks and problems are more theoretical than real. Although it may not be code we’re talking about when we discuss non-developers (it may be documentation, requirements, specifications, test procedures, or a host of other non-code things), the principle still applies: reproducing anything in multiple places leads to problems down the road in terms of maintenance and keeping the many versions synchronized with the latest and greatest. Developers seem to almost intrinsically "get it," but I see it less well received from many non-developers.

Readable and Maintainable Code

Many new software developers and even more non-developers do not recognize the value of code that is more readable and more maintainable. Perhaps the best experience a young developer can have is to maintain and reuse someone else’s code. Doing so helps a young developer to recognize the value of writing code as cleanly as possible. Because non-developers never really get this experience, it is not surprising that they don’t value cleanness, maintainability, and readability to the same degree as the experienced developer. Many legitimate cries for time to refactor a code base to improve its future maintainability and readability are ignored or promptly dismissed because such efforts’ value is not obvious to those making the decisions.


Overbearing Processes and Management Decisions

I have occasionally seen non-developers in management roles trying to coerce developers into very narrow and specific behaviors that they (the managers) believe is best (or worse, that they perceive as giving them the power). These folks rarely have the experience to know the full ramifications of their decisions. Good managers listen to their developers (particularly those with significant experience and in technical leadership roles) before pushing out every "good idea" they have. Experienced developers usually know what it takes to write high-quality software, but it almost takes another experienced software developer to appreciate what they argue for. Alternatively, a manager lacking software development experience can sometimes make better decisions by choosing an experienced developer that he or she trusts with technical decisions. The best non-technical managers recognize their own lack of technical knowledge and work with a trusted technical expert to make good decisions. 


Bean Counting and Pencil Pushing

Most software development is done as part of a business venture and it is often inevitable that some degree of
bean counting and
pencil-pushing will be required.. Clients or consumers directly or indirectly finance the creation of software. It can be difficult for developers to recognize and appreciate the legitimate management and metrics collection that goes on during these business-oriented phases. It can be equally difficult for managers and other non-developers to understand that some things are more subtle than the apparent "bottom line." Non-developers may over-emphasize short-term "bottom line" considerations at the expense of long-term quality and maintainability of the product while developers may overly neglect bottom line considerations and create software products that require too much time and investment to justify their likely return on investment.

The bean counter wants nothing more than to be able to count things like beans. He or she wants to use
lines of code, number of defects in various states, number of requirements, and so forth to feel like he or she has a handle on the software development progress being made. It
doesn’t really matter that these are not created equally and should not be counted as if they are equal. 


Battle for Control

It seems to be human nature and common in many relationships between humans to have battles for control. Tension can increase in the relationship between developers and non-developers as each group tries to exert control. Many non-developers, especially if they don’t understand development or coding well, resent not being able to control what is added to the baseline. Many developers resent being told what they can put into the baseline, especially when they strongly believe that the non-developer is making arbitrary calls while lacking sufficient knowledge and background to make that call.

The battle for control can become very onerous when both sides are "know-it-alls." When either side is convinced of its superiority, it can be very difficult to get either to budge. Developers often feel their experience and skillset best qualifies them for making all software decisions while clients, managers, and others often feel their position does the same for them. 


Coding: Job for a Craftsman or for a Technician?

Good software development managers recognize that software development can be a highly creative and challenging effort and requires skilled people who take pride in their work. Other not-so-good software managers consider software development to be a technician’s job. To them, the software developer is not much more than a typist who speaks a programming language. To these managers, a good enough set of requirements and high-level design should and can be implemented by the lowest paid software developers. Some software development is easier than other software development, but the simple technician work has been largely replaced by automation and code generation at this point.

Perhaps the perceptions of technician versus craftsman explain why non-developers tend to be more likely to believe that all developers are plug-and-play while experienced developers realize that there can be a wide disparity in skillsets and knowledge between any two developers. 


Appreciation of Software Development Nuances and Subtleties

It usually does not take long for a developer to realize that relatively little in software development is cut and dry. Software development often has a large amount of creativity to it and there are numerous judgment calls to be made. We sometimes call these design decisions or architecture trade-offs. Unfortunately, many who are not software developers do not understand that there are nuances and subtleties and even large amounts of creativity involved in software development. Without lack of these subtle shades, it’s not surprising that many of these people without development experience can only think in extremes (technique "A" is good and must be be used by everyone all of the time or technique "A" is always wrong and should be absolutely avoided no matter what). New developers often exhibit this trait as well, but experience usually teaches them to be more willing to judge approaches and techniques against particular contexts and reduce the amount of generalization and assumptions. 


Developers Aren’t So Different from Others, But Then They Are

The Mythical Man-Month is one of the
most often-quoted books in the areas of software development and
software development management. One of its great quotes is made early in the work (first sentence of Preface to the First Edition): "In many ways, managing a large computer programming project is like managing any other large undertaking—in more ways than most programmers believe. But in many other ways it is different—in more ways than most professional managers expect." One of the key explanations of the impedance mismatch between developers and non-developer managers seems to lie in this profound statement. Developers, as a group, probably should be more willing to buy into certain proven "traditional" management approaches, but managers need to avoid falling into the trap of thinking that the tactics outlined in the latest business management book will be sufficient for managing software developers. 


Opinions on 
What Values Most

Software developers are people too. As such, they do exhibit the same behaviors as other people. However, there are gross stereotypes of software developers that are not completely without some basis because of the high frequency of those stereotyped traits among software developers. There is great diversity in the software development community in terms of political opinions, interests, and so forth, but the idea of what is most important (quality design and code, work to be proud of, etc.) are fairly common across the industry. On the other hand, software developers (similarly to engineers in various engineering disciplines) seem to overly trivialize the need to respect the bottom line. They often cannot understand when an arguably adequate but not "best" or "perfect" solution is chosen over a better technical solution for non-technical reasons. 


Conclusion

We in the software development community tend to deal with mismatches all the time. We often spend significant energy and time "gluing" things together that weren’t necessarily designed to go together. Despite all of this technical experience we have making incongruent pieces work together, we still seem to have difficulty resolving perhaps the most difficult and most important mismatch of all: the
mismatch between software developers and people who are not software developers. Although there are some positives that come from this (such as checks-and-balances on "science fair projects"), there is significant dysfunction, angst, resentment, and demoralization caused by this impedance mismatch.


Reference:
The Developer/Non-Developer Impedance Mismatch from our
JCG partner Dustin Marx at the
Inspired by Actual Events blog.

Source : http://www.javacodegeeks.com/2012/05/developernon-developer-impedance.html

Advertisements

Test Driven Development – A Win-Win strategy

Agile practitioners talk about
Test Driven Development(TDD), so do lot of developers who care about their code quality and workability. And I once upon a time, not so long ago managed to read about TDD. The crux of TDD as I have understood is:

  1. Write Test, and fail
  2. Code, make the tests succeed
  3. Automate the tests
  4. Refactor the code to improve the quality
  5. Repeat


Pretty easy to understand. A annoyed developer shouts- “A developer writing tests? How can you expect us to develop and test and yet finish the feature in time?”. After all developers dont want to do the boring testing work. I have been a developer for around 2 years know and there were times when I reacted that way, during those initial days. But with time, I have started to understand the crux of software development. And this time around I thought of trying out TDD.

My work involves wiring up the data in the db with the UI using an Java EE web framework- A typical web application work.

Let me explain my testing strategy before I adopted TDD:

  1. Write the complete code which includes- PLSQL procedures, Java code to invoke PLSQL procedures, Java code for the UI bindings and the JSP page itself.
  2. Manually test the functioning of the db layer and the UI layer code. It involves navigating to the page and then testing various operations. In this case both the UI issues and the Backend code issues would crop up.
  3. As I would play around with the UI further, I would unearth few bugs in the code, otherwise write a selenium test to automate testing of a few use-cases.

With the above 3 steps, I spent a lot of time-

  1. waiting for the backend code to compile and the restart the server for the UI to reflect the changes. Even if its a simple 1 word/1 statement change I had to wait for approximately upto 5 minutes and in some cases 8 minutes. While I would wait for this to restart, I would have lost focus to some other task and there by take sometime to come back to the main task.
  2. trying to debug and find out if the exception/bug is due to the UI code issue or the backend code issue.
  3. in waiting for the pages to load and navigate through the pages to the right page.

Ok, those were the pre-historic times. Now coming to the Modern Age. I thought TDD would not have been possible in the kind of work I do, it was because I wrote a badly coupled backend and UI code. I couldn’t think of ways to test my back end code independently and then move to the UI code and then test it via selenium tests. Keeping aside these notions, I gave it a shot. I know I wasn’t very close to the actual TDD, but I felt somewhat closer.

  1. I had a fair idea of how to implement the logic, created a basic implementation and let it compile successfully.
  2. Created a few data population tests to get the kind of data to be used for the testing.
  3. Created JUnits to tests the basic functionality. Mostly in terms of the correct execution of PLSQL procedure via the Java API.
  4. Updated the JUnits to add more tests to test out the actual functionality required and updated the code to implement those functionalities.
  5. Refactor the code to remove bad smells and then run JUnits to see to it that nothing is broken.

The reasons why I felt excited, why I felt it was a Win-Win strategy:

  • I began to think in terms for the user of the API more than its creator. This kept me away from adding hacks which could fix the issue but would be difficult to test. This tremendously improved the code structure then what I had written before.
  • No server restarts, no wasting of ~ 8 minutes per restart, no wasting of navigating to the pages. I just had to edit the code, run the junits and see the tests decide the fate. This is more useful for the backend code I have written.
  • No loss in focus as I am deeply involved in Code-Test cycles.
  • Sense of achievement as I see the tests show up green bars.
  • Possibility of creating a code with good unit tests to test the backend features, which also helps in refactoring the code more easily.

Now I just have to write the glue code for the UI and the backend and test the glue code via the selenium tests.

Anyone had any similar experiences when they started to use TDD?


Reference:
My First steps in Test Driven Development- A Win-Win strategy from our
JCG partner Mohamed Sanaulla at the
Experiences Unlimited blog.

Source : http://www.javacodegeeks.com/2012/05/test-driven-development-win-win.html

Building security into a development team

Getting application developers to understand and take responsibility for software security is difficult. Bootstrapping an Appsec program requires that you get the team up to speed quickly on security risks and what problems they need to look for, how to find and fix and prevent these problems, what tools to use, and convince them that they need to take security seriously. One way to do this is to train everyone on the development team on software security.

But at RSA 2011, Caleb Sima’s presentation
Don’t Teach Developers Security challenged the idea that training application developers on software security will make a meaningful difference. He points out (rightly) that you can’t teach most developers anything useful about secure software development in a few hours (which as much Appsec training as most developers will get anyways). At best training like this is a long-term investment that will only pay off with reinforcement and experience – the first step on a long road.

Most developers (he suggests as many as 90 out of 100) won’t take a strong interest in software security regardless. They are there to build stuff, that’s what they get paid for, that’s what they care about and that’s what they do best. Customers love them and managers (like me) love them too because they deliver, and that’s what we want them spending their time doing. We don’t want or need them to become AppSec experts. Only a few senior, experienced developers will “get” software security and understand or care about all of the details, and in most cases this is enough. The rest of the team can focus on
writing good defensive code and using the right frameworks and libraries properly.

Caleb Sima recommends starting an Appsec program by working with QA. Get an application security assessment: a pen test or a scan to identify security vulnerabilities in the app. Identify the top 2 security issues found. Then train the test team on these issues, what they look like, how to test for them, what tools to use. It’s not practical to expect a software tester to become a pen testing expert, but they can definitely learn how to effectively test for specific security issues. When they find security problems they enter them as bugs like any other bug, and then it’s up to development to fix the bugs.

Get some wins this way first. Then extend security into the development team. Assign one person as a security controller for each application: a senior developer who understands the code and who has the technical skills and experience to take on security problems. Give them extra Appsec training and the chance to play a leadership role. It’s their job to assess technical risks for security issues. They decide on what tools the team will use to test for security problems, recommend libraries and frameworks for the team to use, and help the rest of the team to write secure code.

What worked for us

Looking back on what worked for our Appsec program, we learned similar lessons and took some of the same steps.

While we were still in startup, I asked one of our senior developers to run an internal security assessment and make sure that our app was built in a secure way. I gave him extra time to learn about secure development and Appsec, and gave him a chance to take on a leadership role for the team. When we brought expert consultants in to do additional assessments (a secure design review and code review and pen testing) he took the lead on working with them and made sure that he understood what they were doing and what they found and what we needed to do about it. He selected a static analysis tool and got people to use it. He ensured that our framework code was secure and used properly, and he reviewed the rest of the team’s code for security and reliability problems. Security wasn’t his entire job, but it was an important part of what he did. When he eventually left the team, another senior developer took on this role.

Most development teams have at least 1 developer who the rest of the team respects and looks to for help on how to use the language and platform correctly. Someone who cares about how to write good code and who is willing to help others with tough coding problems and troubleshooting. Who handles the heavy lifting on frameworks or performance engineering work. This is the developer that you need to take on your core security work. Someone who likes to learn about technical stuff and who picks new things up quickly, who understands and likes hard technical stuff (like crypto and session management), who makes sure that things get done right.

Without knowing it we ended up following a model similar to Adobe’s “
security ninja” program, although on a micro-scale. Most developers on the team are white belts or yellow belts with some training in secure software development and defensive programming. Our security lead is the black belt, with deeper technical experience and extra training and responsibility for leading software security for the application. Although we depended on external consultants for the initial assessments and to help us lay out a secure development roadmap, we have been able to take responsibility for secure development into the development team. Security is a part of what they do and how they design and build software today.

This model works and it scales. If as a manager you look at security as an important and fundamental technical problem that needs to be solved (rather than a pain-in-the-ass that needs to be gotten over), then you will find that your senior technical people will take it seriously. And if your best technical people take security seriously, then the rest of the team will too.



Source : http://www.javacodegeeks.com/2012/05/building-security-into-development-team.html

Cloud SQL: pick the plan that fits your app

One of the most requested additions to the Google App Engine platform has been a SQL database, and more than 10,000 developers have signed up for the Google Cloud SQL service since the preview launch last October. Google Cloud SQL automatically provisions and maintains your databases, allowing you to focus on your applications and services.






Since launch, we’ve been busy working on improving the performance, and adding features like scheduled backups and multihoming to increase availability and improve performance. We are also now offering more powerful instances with up to 4GB of RAM. 



Today we are announcing our pricing, which will take effect on June 12th with two options to choose from:

  • For developers who want to try out the service, or who have lightweight applications – we offer a flexible “per use” pricing scheme. For example, you can get started with a cloud hosted MySQL database for around a dollar per month. You pay for just what you use.
  • For developers with more traffic, there are packages that offer a discount and help you predict your costs in advance.


Google Cloud SQL is currently in limited preview. If you want to give us a try, start here https://developers.google.com/cloud-sql/.

Posted by Joe Faith on behalf of the Google Cloud SQL team

Source : http://googleappengine.blogspot.ca/2012/05/cloud-sql-pick-plan-that-fits-your-app.html

JavaFX-Based SimpleDateFormat Demonstrator

One of the things that can be a little tricky for developers new to Java or even for experienced Java developers new to formatting with Java
Dates, is the specification of a date/time format using
SimpleDateFormat. The class-level Javadoc-based documentation for
SimpleDateFormat is pretty thorough in its coverage of patterns representing various components of a date/time.


However, unless one carefully reads and understands these various patterns, it can be tricky to remember the difference between lowercase ‘d’ for day in the month and uppercase ‘D’ for day in the year or to remember if it’s lowercase ‘m’ or uppercase ‘M’ used for months versus minutes. In this post, I look at a simple application written in JavaFX that allows a developer to quickly try arbitrary patterns to see how
SimpleDateFormat will render the current date/time given the arbitrary pattern. In theory, a developer could use this simple tool to quickly determine the effect of his or her date/time pattern, but it’s really more of an excuse to apply JavaFX.

The code listing below contains the complete JavaFX 2.x-based application.

package dustin.examples;

import java.text.SimpleDateFormat;
import java.util.Date;
import javafx.application.Application;
import javafx.event.EventHandler;
import javafx.geometry.Pos;
import javafx.scene.Group;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.control.TextField;
import javafx.scene.control.TextFieldBuilder;
import javafx.scene.input.MouseEvent;
import javafx.scene.layout.Pane;
import javafx.scene.layout.VBox;
import javafx.scene.paint.Color;
import javafx.stage.Stage;

/**
 * JavaFX application allowing for testing and demonstration of various String
 * formats for date/time.
 * 
 * @author Dustin
 */
public class DateTimeStringFormatDemonstrator extends Application
{
   /**
    * Generate the application's main pane.
    * 
    * @return Main pane for the application.
    */
   private Pane generateMainPane()
   {
      final VBox vbox = new VBox();
      final TextField dateTimeFormatField =
         TextFieldBuilder.create().prefWidth(350).alignment(Pos.CENTER)
                                  .promptText("Enter DateFormat")
                                  .build();
      vbox.getChildren().add(dateTimeFormatField);
      final TextField formattedDateField =
         TextFieldBuilder.create().prefWidth(350).alignment(Pos.BASELINE_CENTER)
                                  .promptText("Date Output Goes Here").build();
      formattedDateField.setEditable(false);
      final Button applyButton = new Button("Apply Format");
      applyButton.setPrefWidth(350);
      applyButton.setOnMousePressed(
         new EventHandler<MouseEvent>()
         {
            @Override
            public void handle(MouseEvent mouseEvent)
            {
               try
               {
                  final SimpleDateFormat sdf =
                     new SimpleDateFormat(dateTimeFormatField.getText());
                  formattedDateField.setText(sdf.format(new Date()));
                  formattedDateField.setAlignment(Pos.CENTER);
               }
               catch (Exception ex)
               {
                  formattedDateField.setText("ERROR");
                  formattedDateField.setAlignment(Pos.CENTER);
               }
               formattedDateField.setAlignment(Pos.BASELINE_CENTER);
            }
         });
      vbox.getChildren().add(applyButton);
      vbox.getChildren().add(formattedDateField);
      return vbox;
   }

   /**
    * The method overridden from Application for starting the application.
    * 
    * @param stage Primary stage.
    * @throws Exception Exceptions throwing during execution of JavaFX application.
    */
   @Override
   public void start(final Stage stage) throws Exception
   {
      stage.setTitle("JavaFX Date/Time String Format Presenter");
      final Group group = new Group();
      group.getChildren().add(generateMainPane());
      final Scene scene = new Scene(group, 350, 65, Color.DARKKHAKI);
      stage.setScene(scene);
      stage.show();
   }

   /**
    * Main function for running date/time format JavaFX application.
    * 
    * @param arguments Command-line arguments; none expected.
    */
   public static void main(final String[] arguments)
   {
      Application.launch(arguments);
   }
}
The simple JavaFX 2-based application shown above makes it easy to try out different date/time format patterns to see what
SimpleDateFormat will do with each. A series of these used on the evening of Tuesday, 8 May 2012, are shown next. These examples demonstrate several key aspects of using
SimpleDateFormat:
  • Uppercase ‘M’ is used for months while lowercase ‘m’ is used for minutes.
  • Number of ‘M’ characters represents month’s representation (example: 5, 05, or ‘May’ for May).
  • Uppercase ‘D’ is for the number of the day of the year (since January 1) while lowercase ‘d’ is the number of the day of the month (since May 1 in this case).
  • Two ‘y’ or ‘Y’ digits represent 2-digit year, but 3 or 4 ‘Y’ or ‘y’ digits can be used for a 4-digit year.

The simple example highlighted in this blog post demonstrates the simplicity of JavaFX and provides an example of how JavaFX can provide graphical interfaces to make Java applications more intuitive. As part of this, mouse event handling in JavaFX and the common
JavaFX idiom of using builders are both demonstrated. A practical use of this application is to quickly and easily determine the representation that is provided by
SimpleDateFormat for a given pattern.

Reference:
JavaFX-Based SimpleDateFormat Demonstrator from our
JCG partner Dustin Marx at the
Inspired by Actual Events blog.

Source : http://www.javacodegeeks.com/2012/05/javafx-based-simpledateformat.html

The Ultimate Java Resource Collection

Hello fellow Java Geeks!

Here at Java Code Geeks we are striving to create the ultimate Java to Java developers resource center. In that direction and during the past year we have made 
partnerships, we have set up a 
Java and Android tutorials page and introduced a brand new 
Java Examples & Code Snippets dedicated site. Last but not least we have created 
open source software as a reference implementation to various of our articles.

But we did not stop there. We are now proud to present the ultimate
Java Resource Collection on the Net!

In our
Resources section you will find useful resources for Java based open source projects. We categorize resources based on type. Although all of our articles include links to discussed technologies, tools and architectures, the
Resources section is an index, a quick reference point for all of you who would like to get their hands right on what Java Code Geeks are working on!

We hope that this effort will be a great aid to the community and we are really glad to have helped be created. Furthermore we are committed to maintain the list up to date.

We would be delighted if you helped spreading the word and allowing more and more developers to come in contact with our content. Don’t forget to share!

Happy coding everyone!

Cheers,

The Java Code Geeks team

Source : http://www.javacodegeeks.com/2012/05/ultimate-java-resource-collection.html