News from the World of Software Development — March 2018

Welcome to this month’s edition of the software development news digest here at the Betica Blog. Hopefully, you are able to wean a few insights from the stories contained within. If you are interested in checking out last month’s digest, simply click on the following link.

 

Microsoft Meltdown Patch causing more Problems

If your development team still uses Windows 7 boxes, take heed. It appears a patch to fix the Meltdown chip flaw actually created a bigger hole on systems still running Windows 7 or Server 2008 R2. News about this new cybersecurity issue related to Meltdown/Spectre appeared this week in BleepingComputer.

In short, the Meltdown patch from Microsoft lets any user-level application to read or write data from the Windows 7 kernel memory. Oops! This raises an important question: how did this obviously flawed patch make it out of Redmond?

Ulf Frisk, an information security expert from Sweden, discovered the issue when using a device he created to perform I/O with protected memory. He noted that Microsoft’s January Meltdown patch (CVE-2017-5754) mistakenly flipped a bit used to control access to kernel memory.

Frisk explains: “In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”

Thankfully, Microsoft fixed the issue in their March “Patch Tuesday” release. If your shop runs either Windows 7 or Server 2008 R2, make sure the latest patches are installed on all potentially affected systems. Windows 10 and 8.1 boxes remained unaffected.

 

Research Study notes Developers have Short Attention Spans

Are you finding it difficult to stay focused on completing your latest sprint? Is keeping your development team engaged throughout a long project becoming harder? Maybe this is due to programmers suffering from short attention spans?

That is one of the findings of a recent survey of software engineers published in Medium. In fact, another finding noted the average attention span for a singular task only lasts for two minutes. Let’s dive into the survey details to see what other interesting discoveries can be found.

The survey, a cooperative effort from universities in Switzerland and Canada, leveraged a monitoring application installed on the developers’ desktops. It tracked the efforts of engineers working at four companies of different sizes for around two weeks. Notably, it discovered that devs only spend half of their working day actually active on their computer.

One-quarter of developer time involves coding activities, while another quarter is spent in collaborative efforts – likely design meetings, daily standups, code reviews, etc. However, some of Medium’s own development staff feel the data is unrealistic based on the methodology. For example, an engineer may work on a singular programming task while switching between two apps, which gets tracked as two separate tasks in the study.

Nonetheless, the study’s findings offer some valuable food for thought on how to track development efforts, especially in an era increasingly dominated by Agile and DevOps. Read the Medium article for additional insights. They did conclude that email and meetings do siphon the productivity from developers.

That’s all we have for this edition of the Betica Blog news digest. As always, thanks for reading!

 

 

 

News from the World of Software Development — February 2018

devnewsfeb

Welcome to this month’s edition of our regular software development news digest. We try to cover a few recent stories of interest to both software engineers and QA professionals. Hopefully, the insights within help foster some ideas to help your own team’s application development efforts.

If you are interested in checking out last month’s digest, simply click on the following link.

Apple actually slowing down its Software Development Process

Given that hardware – the iPhone, iPad, and even the new HomePod smart speaker – drives Apple’s enormous revenue, sometimes we forget they remain one of the largest software development companies in the world. Recently, Cupertino suffered a few highly publicized bugs in its iOS mobile operating system. Perhaps the company approaches the SDLC in a too “agile” fashion?

As such, Apple plans on slowing down the rate in which it releases iOS and macOS updates. The company hopes to increase its focus on stability and bug fixes as opposed to trying to fit a ton of new features into every release. News about Apple’s shifting development cycle appeared this month in ExtremeTech among other sources.

Major iOS version releases are now expected to take place every other year instead of on an annual basis. Given that the older iPhone battery slowdown “bug” attracted interest from the U.S. Government, it is a smart move for Apple to take a more measured approach to OS releases. It will be interesting to see how well they keep to a more deliberate schedule in a competitive computing industry.

If you want to read more on this topic, check out former Microsoft engineer Steven Sinofsky’s blog entry. Considering Sinofsky’s role in leading Windows OS and Microsoft Office development, his insights are worth your time.

Automated QA Tool Company gets Venture Capital

Giving software engineers the ability to test their code in an automated fashion remains a key part of any Agile or DevOps implementation. A Boston-based startup led by former Stackdriver principals is building an automated testing tool suitable for continuous delivery scenarios. Their nascent product shows promise as evidenced by the $10 million in venture capital awarded to their firm, named Mabl.

News about Mabl’s venture capital success appeared this week in Xconomy. The fact that Mabl’s chiefs, Dan Belcher and Izzy Azeri, sold Stackdriver – a Cloud management software company – to Google in 2014 likely helped attract funding for their new venture. In an era where continuous deployment is the Holy Grail for many companies, automated testing is vital.

At the core of Mabl’s tool is a service that operates like a virtual QA engineer. Dan Belcher described the approach of Mabl. “Think of Mabl as an extension to your QA team, like you hired a new QA person. Just as you’d train the person about your app, you train Mabl, and expect [it] to write new tests, new test cases, run tests automatically, and find defects based on an understanding of how the application works,” said Belcher.

The tool leverages machine learning routines to improve its ability to find bugs and even predict their existence. It integrates with Slack as well as other email and messaging tools. If Mabl looks like something your development team needs, explore the information on the company’s website.

That’s it for this edition of the Betica Blog News Digest. As always, thanks for reading!