News from the World of Software Development – May 2018

git desktopp

Welcome to the May edition of the software development news digest here at the Betica Blog. We regularly take a look at some interesting stories influencing the application engineering world. Hopefully, they provide a measure of insight to help your own coding projects.

If you are interested in checking out last month’s digest, simply click on the following link. We cover an AI routine that knows how to code. As always, thanks for reading!

GitHub imagining the Future of Collaborative Software Development

The ubiquitous source code repository giant, GitHub, naturally lies at the center of most software development shops’ workflow. This gives the organization a unique ability to influence the overall engineering process across the industry. Collaborative development is one such natural area given the organization’s distributed source control system. An article about GitHub’s importance appeared this week at The Next Web.

A collaborative spirit existed at GitHub from the beginning. The company released a public API for its source control application soon after going live. The software teams behind Ruby on Rails and Bitcoin leveraged it for source control as well as an example of the power of team development.

Ultimately, these two facts highlight the reason the open source movement is so influential throughout the tech industry. Since GitHub is essentially the standard for source code control, it played a large role in transitioning coding from a solitary task to something more social and interactive.  Aaron Upright noted as much in his article for The Next Web.

“Contrasted with alternatives like GitLab and BitBucket, GitHub has taken a best-of-breed approach. It’s essentially created a platform from which it’s possible integrate the products and tools that are better than what it feels it can create. It’s not building chat tools or CI functionality or project management on its own; instead, it makes it easy to integrate Slack, or Circle CI, or whatever else you might want,” commented Upright.

In short, GitHub makes it easy to collaborate when coding; setting an example for – as well as influencing – the rest of the industry.

Oracle finally to remove Java Serialization Security Hole

Serialization is one of the most important functions in software development, allowing data objects to be easily distributed as byte streams. Unfortunately, Java’s serialization routines, in place for decades, create a security hole easily exploited by nefarious agents. Oracle recently announced they plan to remove serialization from future versions of Java. News about the change appeared this week in InfoWorld.

The company plans on an approach allowing developers to use their own serialization engine. It interacts with a small framework included in a future version of the “platform once records” – Java’s nomenclature for data classes. It is expected to support JSON and XML as well as other formats.

Oracle feels they made a massive mistake with the current version of serialization implemented in 1997. They noted that nearly one-half of all Java security vulnerabilities are because of this engine. The company recently added a way to filter the classes being serialized as one way to mitigate the risk before the new serialization framework gets introduced.

Oracle provided no information on which upcoming version of Java is slated to include the reengineered serialization framework. Stay tuned!

That’s it for this month’s news digest. Keep coming back for additional software development insights from the Betica Blog.   

Are Developers finally starting to Understand DevOps?

devops-blog

Software developers remain a curious and opinionated bunch. Over the last few decades they tend to adapt slowly to new methodologies, with DevOps offering little exception to this golden rule. A recent survey reveals things are finally beginning to change, as it shows application engineers beginning to actually “get” DevOps.

Of course, we recently wrote about network administrators feeling DevOps is all about the “Dev” in the first place. What follows is an analysis of the survey to see what these changing opinions mean for the process of software engineering. Perhaps you might gain an insight or two to help your own team’s project work?

Survey says DevOps makes Software Development Faster

Most organizations implementing DevOps do so in the hopes of making their software development process faster and more efficient. A survey of software engineers, CTOs, and IT pros by application maker, GitLab, notes that these wishes appear to be coming true. News about the survey appeared last month on the Developer Tech website.

According to the GitLab study, two-thirds of those polled feel DevOps greatly improves the speed of the software development process. This 65 percent moves upwards to 81 percent when only taking into account the opinion of managers. 29 percent of those surveyed plan new DevOps investments in the current year.

The best shops using the methodology are able to spend at least half of their workday actually writing code. Changes get deployed on demand. In short, these top organizations are twice as productive as those whose DevOps implementation is either immature or nonexistent.

Challenges to Efficient Application Engineering Remain

In their survey, GitLab highlighted a few challenges to the software development process. Two-thirds of the respondents noted the lack of clear direction on application engineering projects. Slightly over half mentioned the need for rework and unexpected scope creep, while 31 percent felt unrealistic expectations hampered their efforts.

Leveraging automated processes to improve efficiency is a high priority at 60 percent of the surveyed organizations. Around 90 percent of those companies are currently using Agile, DevOps, or a mixture of both. 16 percent are still using the venerable Waterfall methodology for some or all of their development work.

Continuous testing also plays an important role in the ultimate success of any company’s DevOps adoption, a concept highlighted by Razi Siddiqui, SVP and CIO at GCi Technologies. “It’s a key indicator that your DevOps/agile practice is mature, and your QA strategy must take into account that 100% test automation is not practical – nor is it possible,” said Siddiqui.

Sid Sijbrandij, CEO and co-founder of GitLab, commented on their survey conclusions. “The survey reveals software professionals finally see the need for DevOps in their workflow and are beginning to adapt their workstyle in order to make this a reality. Despite the progress in the shift in mindset, current DevOps practices are not cutting it. Instead of a single application that accomplishes the goals of both Dev and Ops, many glue together the tools for the two departments, which has proven to be an ineffective means for collaboration,” said Sijbrandij.

It definitely appears that any enterprise software development not using DevOps runs the risk of being left behind in today’s business landscape. Thanks for reading this edition of the Betica Blog. Keep returning for additional insights on the wide world of software development.

News from the World of Software Development — March 2018

Welcome to this month’s edition of the software development news digest here at the Betica Blog. Hopefully, you are able to wean a few insights from the stories contained within. If you are interested in checking out last month’s digest, simply click on the following link.

 

Microsoft Meltdown Patch causing more Problems

If your development team still uses Windows 7 boxes, take heed. It appears a patch to fix the Meltdown chip flaw actually created a bigger hole on systems still running Windows 7 or Server 2008 R2. News about this new cybersecurity issue related to Meltdown/Spectre appeared this week in BleepingComputer.

In short, the Meltdown patch from Microsoft lets any user-level application to read or write data from the Windows 7 kernel memory. Oops! This raises an important question: how did this obviously flawed patch make it out of Redmond?

Ulf Frisk, an information security expert from Sweden, discovered the issue when using a device he created to perform I/O with protected memory. He noted that Microsoft’s January Meltdown patch (CVE-2017-5754) mistakenly flipped a bit used to control access to kernel memory.

Frisk explains: “In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”

Thankfully, Microsoft fixed the issue in their March “Patch Tuesday” release. If your shop runs either Windows 7 or Server 2008 R2, make sure the latest patches are installed on all potentially affected systems. Windows 10 and 8.1 boxes remained unaffected.

 

Research Study notes Developers have Short Attention Spans

Are you finding it difficult to stay focused on completing your latest sprint? Is keeping your development team engaged throughout a long project becoming harder? Maybe this is due to programmers suffering from short attention spans?

That is one of the findings of a recent survey of software engineers published in Medium. In fact, another finding noted the average attention span for a singular task only lasts for two minutes. Let’s dive into the survey details to see what other interesting discoveries can be found.

The survey, a cooperative effort from universities in Switzerland and Canada, leveraged a monitoring application installed on the developers’ desktops. It tracked the efforts of engineers working at four companies of different sizes for around two weeks. Notably, it discovered that devs only spend half of their working day actually active on their computer.

One-quarter of developer time involves coding activities, while another quarter is spent in collaborative efforts – likely design meetings, daily standups, code reviews, etc. However, some of Medium’s own development staff feel the data is unrealistic based on the methodology. For example, an engineer may work on a singular programming task while switching between two apps, which gets tracked as two separate tasks in the study.

Nonetheless, the study’s findings offer some valuable food for thought on how to track development efforts, especially in an era increasingly dominated by Agile and DevOps. Read the Medium article for additional insights. They did conclude that email and meetings do siphon the productivity from developers.

That’s all we have for this edition of the Betica Blog news digest. As always, thanks for reading!