News from the World of Software Development — March 2018

devnewsmarch

Welcome to this month’s edition of the software development news digest here at the Betica Blog. Hopefully, you are able to wean a few insights from the stories contained within. If you are interested in checking out last month’s digest, simply click on the following link.

 

Microsoft Meltdown Patch causing more Problems

If your development team still uses Windows 7 boxes, take heed. It appears a patch to fix the Meltdown chip flaw actually created a bigger hole on systems still running Windows 7 or Server 2008 R2. News about this new cybersecurity issue related to Meltdown/Spectre appeared this week in BleepingComputer.

In short, the Meltdown patch from Microsoft lets any user-level application to read or write data from the Windows 7 kernel memory. Oops! This raises an important question: how did this obviously flawed patch make it out of Redmond?

Ulf Frisk, an information security expert from Sweden, discovered the issue when using a device he created to perform I/O with protected memory. He noted that Microsoft’s January Meltdown patch (CVE-2017-5754) mistakenly flipped a bit used to control access to kernel memory.

Frisk explains: “In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”

Thankfully, Microsoft fixed the issue in their March “Patch Tuesday” release. If your shop runs either Windows 7 or Server 2008 R2, make sure the latest patches are installed on all potentially affected systems. Windows 10 and 8.1 boxes remained unaffected.

 

Research Study notes Developers have Short Attention Spans

Are you finding it difficult to stay focused on completing your latest sprint? Is keeping your development team engaged throughout a long project becoming harder? Maybe this is due to programmers suffering from short attention spans?

That is one of the findings of a recent survey of software engineers published in Medium. In fact, another finding noted the average attention span for a singular task only lasts for two minutes. Let’s dive into the survey details to see what other interesting discoveries can be found.

The survey, a cooperative effort from universities in Switzerland and Canada, leveraged a monitoring application installed on the developers’ desktops. It tracked the efforts of engineers working at four companies of different sizes for around two weeks. Notably, it discovered that devs only spend half of their working day actually active on their computer.

One-quarter of developer time involves coding activities, while another quarter is spent in collaborative efforts – likely design meetings, daily standups, code reviews, etc. However, some of Medium’s own development staff feel the data is unrealistic based on the methodology. For example, an engineer may work on a singular programming task while switching between two apps, which gets tracked as two separate tasks in the study.

Nonetheless, the study’s findings offer some valuable food for thought on how to track development efforts, especially in an era increasingly dominated by Agile and DevOps. Read the Medium article for additional insights. They did conclude that email and meetings do siphon the productivity from developers.

That’s all we have for this edition of the Betica Blog news digest. As always, thanks for reading!