News from the World of Software Development — March 2018

Welcome to this month’s edition of the software development news digest here at the Betica Blog. Hopefully, you are able to wean a few insights from the stories contained within. If you are interested in checking out last month’s digest, simply click on the following link.


Microsoft Meltdown Patch causing more Problems

If your development team still uses Windows 7 boxes, take heed. It appears a patch to fix the Meltdown chip flaw actually created a bigger hole on systems still running Windows 7 or Server 2008 R2. News about this new cybersecurity issue related to Meltdown/Spectre appeared this week in BleepingComputer.

In short, the Meltdown patch from Microsoft lets any user-level application to read or write data from the Windows 7 kernel memory. Oops! This raises an important question: how did this obviously flawed patch make it out of Redmond?

Ulf Frisk, an information security expert from Sweden, discovered the issue when using a device he created to perform I/O with protected memory. He noted that Microsoft’s January Meltdown patch (CVE-2017-5754) mistakenly flipped a bit used to control access to kernel memory.

Frisk explains: “In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”

Thankfully, Microsoft fixed the issue in their March “Patch Tuesday” release. If your shop runs either Windows 7 or Server 2008 R2, make sure the latest patches are installed on all potentially affected systems. Windows 10 and 8.1 boxes remained unaffected.


Research Study notes Developers have Short Attention Spans

Are you finding it difficult to stay focused on completing your latest sprint? Is keeping your development team engaged throughout a long project becoming harder? Maybe this is due to programmers suffering from short attention spans?

That is one of the findings of a recent survey of software engineers published in Medium. In fact, another finding noted the average attention span for a singular task only lasts for two minutes. Let’s dive into the survey details to see what other interesting discoveries can be found.

The survey, a cooperative effort from universities in Switzerland and Canada, leveraged a monitoring application installed on the developers’ desktops. It tracked the efforts of engineers working at four companies of different sizes for around two weeks. Notably, it discovered that devs only spend half of their working day actually active on their computer.

One-quarter of developer time involves coding activities, while another quarter is spent in collaborative efforts – likely design meetings, daily standups, code reviews, etc. However, some of Medium’s own development staff feel the data is unrealistic based on the methodology. For example, an engineer may work on a singular programming task while switching between two apps, which gets tracked as two separate tasks in the study.

Nonetheless, the study’s findings offer some valuable food for thought on how to track development efforts, especially in an era increasingly dominated by Agile and DevOps. Read the Medium article for additional insights. They did conclude that email and meetings do siphon the productivity from developers.

That’s all we have for this edition of the Betica Blog news digest. As always, thanks for reading!




Java 10 is Released – a Look at the Latest Version


Java SE 10 hit the software development scene earlier this week: news that piqued the interest of many application engineers across the world. The venerable programming language is now in its third decade, but still sees wide use throughout the business community. It remains a leading choice for projects still leveraging the object-oriented design model.

Let’s take a closer look at version 10 of Java. Are the new features and functionality something your development team needs to help write better code? The truth lies in the details.

Java 10 is the First of Oracle’s New Release Cycle

Version 10 of Java is the first to be part of Oracle’s new six-month release cycle. Needless to say, expect at least two updates every year in March and September, which is something Java development teams need to consider as part of their own process. Hopefully, the enhanced language features outweigh any compatibility issues due to a new version.

If you are interested in downloading Java 10, simply click on the following link. News about the fresh version of Java appeared in JAXenter as well as other sources. George Saab, vice president of software development of the Java Platform Group at Oracle, commented on their new release schedule to SD Times:

“With JDK 10, we’ll deliver the first major release that was fully developed under the new model. I believe that the breadth of features, their high quality and the smaller scope overall of major releases under the new release model all make it easier for developers to find something exciting in each release, migrate and benefit from the faster cadence. As such, I think that this was a very positive change for the platform overall — it has been reinvigorating in many ways!”

What New Features are included with Java 10?

Arguably the biggest new Java 10 language feature for software engineers is the support for local variable type inference. This is something long held by other programming languages, including JavaScript. The compiler is able to infer the type, which leads to more concise code.

For example, a simple statement like var x = new ArrayList(); just isn’t possible in previous versions of Java. Less time spent typing is something any programmer needs in their professional life!

A variety of performance improvements make up the other major features of JDK 10. For instance, the G1 garbage collector is now able to be run in a fully parallel fashion. Application Class-Data sharing improves the start-up time of the JVM; Java 10 now lets you include the built-in system class loader, the built-in platform class loader, and custom class loaders in this shared archive.
Time-based release versioning allows dev teams to accurately stamp their software releases; this is especially valuable for emergency builds. Linux shops are now able to use the experimental Java-based JIT compiler, Graal to build applications. Thread-local handshakes let you kill individual threads without the extra overhead of invoking a global VM safepoint.

These highlights merely scratch the surface of what’s in the new Java SE 10. Improved performance and the ability to finally use “var” variable declarations appear to be the keys. Stay tuned for the next Java release in September.

As always, thanks for reading the Betica Blog. Keep coming back for additional news from the software development world.

Tracking the Speed of Software Development


The prime driver for many companies embracing DevOps remains the desire to make the software development process faster. We continually state the following: increased software engineering velocity is a must in today’s competitive business marketplace. Finding the right metrics to track application engineering speed is essential in determining the true return on investment.

What follows is an analysis of a few metrics to help you determine the speed and overall efficacy of your software development team. Perhaps these insights help support the value of your methodology to the executives at your company? Good luck!

Finding the Right Metrics for Software Development

When it comes to tracking software development, finding the right metrics is vital. The continuous integration platform company, CircleCI, published a study looking at some suitable options. An article about their efforts appeared last week in SD Times.

The company’s study leveraged the data from organizations using CircleCI’s platform. It tracked software development efforts from the first half of 2017. CircleCI discovered that three specific metrics reveal a software development team’s overall maturity as well the velocity of their SDLC.

Deploy Time, Deploy Frequency, and Mainline Branch Stability topped the company’s list of metrics. The first two appear to be easily tracked, but what about the third? Jim Rose, CEO of CircleCI, commented on the definition of Mainline Branch Stability.

“If you had to release the most recent version of your code right now, right this second, could you? Is your mainline green and can you deploy whenever you need to?” said Rose. The CircleCI report noted that 80 percent of the companies maintained a deployable codebase 90 percent of the time.

Ultimately, this metric provides a great way to track an organization’s progress towards the DevOps “Holy Grail” of continuous deployment. The top companies using Circle CI – in the 95th percentile – are essentially able to deploy all the time. However, the worst firms – in the 5th percentile – can do so only half the time.

What about Deploy Time and Deploy Frequency?

Deployment time and frequency are traditional metrics used in software development for decades. CircleCI feels they still provide value in a modern Agile or DevOps process. According to Rose, Deploy Time answers this question: “How long does it take between the time you make a commit until it gets into the data center?”

The top companies in their report are able to fully deploy code in less than three minutes. Those denizens of the 5th percentile on average spend a half-hour on each deployment. A smaller deployment time obviously indicates a more efficient and inexpensive process.

Obviously, Deploy Frequency then answers this question: “How often do you deploy and how quickly are you pushing changes?” The top organizations in their survey deploy 32 times a week, while the lowest only are able to deploy eight times each week.

Making Software Development Faster

It helps software development organizations when they understand where they stand compared to other companies in their field. Providing a goal to strive for is essential, especially when CIOs and other execs want to see ROI as quickly as possible. Rose commented on a few best practices for development teams to follow.

“You need to make sure you have a great code review process, pull review process, and a robust set of tests that are automated and constantly run every time someone is making a commit so that you know well before you merge into the mainline that the merge is going to work,” said Rose.

For additional information and advice, check out CircleCI’s report at the following link.

Thanks for reading this edition of the Betica Blog. Stay tuned for additional insights from the software development world.