10 reasons your software sucks 2014 - tax day edition!

Development

Experience

Object Orientation

SOLID + Patterns + Simple Design

Secure Coding

Infrastructure

Automated Tests

Source Control

Automated Builds

Team Process

Agile, Lean, XP

Team Dynamics

Continuous Learning

Bui ld ing teams that engineer better software

Development ∙ Infrastructure ∙ Team Process

developingUX.comspeakermix.com/calebjenkins

@calebjenkins#ctcc14

developingUX.comspeakermix.com/calebjenkins

@calebjenkins#ctcc14

Bui ld ing teams that engineer better software

Development

Development

Testable

Repeatable

Maintainable Reliable-able

ScalableExtensible

Deliverable

Workable

(User) Experience Matters!

Experience is Reality

User Experienc

e(UX)

Developer Experience

(API’s & SDK’s)

Reality is Perception

Perception is the Product

uiuxiauxdvisual design

Experience is the Product ui

backend

ux

securityperformance

scalabilityuxiauxdvisual design

Experience is the Product

(Code) Quality Matters!

DevelopmentObject Orientation

It’s amazing how many people write procedural code in an OO environment

OO

Procedural

Functional

Use Right Tool for the Right Job

It’s amazing how many people write procedural code in an OO environment

EncapsulationInheritance

Polymorphism

Commitment is

more

than a date!

“The single greatest thing that you can do to make your code more testable and healthy is to start taking a Dependency Injection approach to writing software”

“The single greatest thing that you can do to make your code more testable and healthy is to start taking a Dependency Injection approach to writing software”

- Real World .NET, C# and SilverlightWrox Press 2012

Caleb Jenkins

- Real World .NET, C# and SilverlightWrox Press 2012

Caleb Jenkins

Note:Dependency InjectionNote:Dependency Injection

will turn you in to a complete coding Ninja, however the full scope of DI with any of the many DI frameworks is beyond the scope of this talk

will turn you in to a complete coding Ninja, however the full scope of DI with any of the many DI frameworks is beyond the scope of this talk

http://developingUX.com/di/

DevelopmentExperience

Object Orientation

SOLID + Patterns + Simple Design

DevelopmentExperience

Object Orientation

SOLID + Patterns + Simple Design

VocabularycommonScenarioscommon

Answersproven

SOLID + Patterns + Simple Design

Patterns

MVCUI MVP

UI

MVVMUI

RepositoryData

FactoryCompone

nt

StrategyCompone

nt

Patterns

MVCUI MVP

UI

MVVMUI

RepositoryData

FactoryCompone

nt

StrategyCompone

ntDecoratorFacade

Visitor

Chain of Responsibility

Abstract Factory

State

Patterns

MVCUI MVP

UI

MVVMUI

RepositoryData

FactoryCompone

nt

StrategyCompone

ntDecoratorFacade

Visitor

Chain of Responsibility

Abstract Factory

More

More

MoreState

MoreMore

More

Patterns

MVCUI MVP

UI

MVVMUI

RepositoryData

FactoryCompone

nt

StrategyCompone

ntDecoratorFacade

Visitor

Chain of Responsibility

Abstract Factory

More

More

MoreState

MoreMore

MoreMore

MoreMore

MoreMore

More

MoreMoreMoreMore

More

More

More

More

More

More

Beware the

anti-pattern pattern!Gotta try ‘em all!

MVCUI

RepositoryData

Abstract Factoryor Strategy

Compone

nt

SOLID + Patterns + Simple DesignSOLID + Patterns + Simple Design

“Any intelligent fool can make things Bigger, more complex and more violent It takes a touch of

Genius – and a lot of courage – to move in the opposite direction”

– Albert Einstein

SOLID + Patterns + Simple Design

DevelopmentExperience

Object Orientation

SOLID + Patterns + Simple Design

Development

Secure Coding

Experience

Object Orientation

SOLID + Patterns + Simple Design

Secure Coding

http://developingux.com/2010/02/10/secure-coding-101/

Secure Coding

Play in a Sandbox Don’t Use

Passwords

Input is Evil

runtime

memory

least privilege

“safe” libraries

http://xkcd.com/327/

Defense in Depth (MS03-007)Windows Server 2003 Unaffected

The underlying DLL (NTDLL.DLL) not vulnerable

Code made more conservative during Security Push

Even if it was running IIS 6.0 doesn’t have WebDAV enabled by default

Even if it did have WebDAV enabled

Maximum URL length in IIS 6.0 is 16kb by default (>64kb needed)

Even if it was vulnerable IIS 6.0 not running by default on Windows Server 2003

Even if it there was an exploitable buffer overrun

Would have occurred in w3wp.exe which is now running as ‘network service’

Even if the buffer was large enough

Process halts rather than executes malicious code, due to buffer-overrun detection code (-GS)

Defense in Depth (MS03-007)Windows Server 2003 Unaffected

““Multiple redundant safety systems. Nuclear

plants are designed according to a "defense in depth" philosophy that requires redundant, diverse, reliable safety systems. Two or more safety systems perform key functions independently, such that, if one fails, there is always another to back it up, providing continuous protection.

- Nuclear Energy Institute

System Failures can be Bad

System Failures can be Bad

Secure Coding

http://msdn.microsoft.com/security/

DevelopmentObject Orientation

SOLID

Patterns

Secure Coding

Team Work

Team Work Friction

Communication

Silos

Coordination

Toe Stepping

Throughput

DoTestcode

you

Your ?

UnitDo

Testcode

you

Your ?

UnitDo

Testcode

automatedyou

Your ?

what’s the difference?

Traditional Test

Unit Test

Automated Test

TDD / BDD

“They have a great brand, an awesome

business model… but their technical debt is

killing them”- Carl Sparks

CEO Travelocitytalking about another company

“Automated unit tests make up one of the core staples in reducing technical debt, and improving a team’s overall code quality”

“Automated unit tests make up one of the core staples in reducing technical debt, and improving a team’s overall code quality”

- Real World .NET, C# and SilverlightWrox Press 2012

Caleb Jenkins

- Real World .NET, C# and SilverlightWrox Press 2012

Caleb Jenkins

of Testing

of Testing

I test my app

I test units of workin my app

I run automated

unit tests

I test first

I write executable

specs to test my app

It compiled didn’t it?

DI + Mock are my best

friends

CI FTW!

Red, Green,

Refactor Rinse + Repeat!

given <><> whenthen<>

of Source Control

of Source Control

I back up my code

File Share

VSS was free

Branch +

Merge ReleaseStrategy

Automated

Builds CI, Automated Deploy

Thumb drives are awesome!

Network Share is +1 from

thumb drive So was herpes

Freedom to code!

“worked on my machine”

take THAT auditors!

TFS, SVN, GIT

// svn// trunk

// r1

// dev1

// dev 2

// dev 3

// r2 // r3

// r1.1

// trunk

//

// svn

?

consider: branch early vs branch late strategy

Developer Operations

Source Control Production

Common Deployment Scenario

Retrieve Source

compile + send

binariesconfigure +

deploy binaries

Developer Operations

Source Control Production

Common Deployment Scenario

Retrieve Source

compile + send

binariesconfigure +

deploy binaries

Developer Operations

Source Control Production

Improved Deployment Scenario

Updates Source

send .build script

runscript getsource buildbin

configure + deploy

binaries

Developer Operations

Source Control Production

Improved Deployment Scenario

Updates Source

send .build script

runscript getsource buildbin

configure + deploy

binaries

of Automated Builds

of Automated Builds

IDEBuild

CI Multi-Environment

Builds

Build from script

Hands

Off Deployment

F5 is How I Roll

Included in TFS, Cruise Control,

Team City,Jenkins CI

Dev, Test, Stage,

Production

Source? Yes, run

this .build

Disaster Recovery Plan

+Auditor Compliance

done

Process

Plan

DoPlan

DoPlan

DP DP DP

-vs-

DoPlan

DP DP DP

-vs-

Agile, Lean, XP

Scrum Kanban

Push Pull

Learn by doing

Daily Stand UpsSize Units of

WorkProductBacklog

SprintBacklog

?WAIT! What about …Task boards, Information Radiators Reducing Work In Progress, Time Boxing Self Organization, Pull vs Push, Empowerment, Continuous Learning, Planning Poker, Story Sizing, Velocity, Team Swarming… etc, etc, etc..

Scrum is Simplenot to be confused with easy

Team Dynamics

Pairing colocation

colocationmentality (virtual)

ownershipInformation Broadcasting

self organizing

silos

cross-functional

http://www.youtube.com/watch?v=Q6jMgmPIxmk

A.B.L.Always Be Learning

Continuous Learning

How do you learn?

Sources?

Blogs

Podcasts

Conferences

Books

Continuous Learning

http://dimecasts.net/

What are we saying here?

BePASSIONATE

about what you do

Development Infrastructure Team Process

1 Experience

2Object Orientation

3 SOLID + Patterns + Simple Design

4 Secure Coding

Bui ld ing teams that engineer better software

5 Automated Tests

6 Source Control

7 Automated Builds

8 Agile, Lean, XP

9 Team Dynamics

Continuous Learning

10

http://www.flickr.com/photos/robbie_ewing/4407711326/

http://www.flickr.com/photos/phill_dvsn/2999253384/sizes/l/

http://www.flickr.com/photos/nikophoto33/3153621333/

http://www.flickr.com/photos/houseofsims/3121970656/

http://www.flickr.com/photos/houseofsims/3121146677/

Photo Credits© Michael Cummings - http://dreaminpictures.com

http://www.flickr.com/photos/planetpixel/1450985177/

http://www.flickr.com/photos/trinhanhtuan/3292319375/

http://www.flickr.com/photos/pagedooley/2760837590/

http://www.flickr.com/photos/pagedooley/3049370253/

http://www.flickr.com/photos/bruceberrien/4262228892/

http://www.flickr.com/photos/8363028@N08/3050922569/

http://www.flickr.com/photos/houseofsims/3121979028/

http://www.flickr.com/photos/pagedooley/1856663523/

http://www.flickr.com/photos/joelogon/3161771573/

http://www.flickr.com/photos/carbonnyc/2294144289/

http://www.flickr.com/photos/shadowgate/4515454160/

http://www.flickr.com/photos/grahamcrewe/396400543/

http://www.lostechies.com/blogs/derickbailey/archive/2009/02/11/solid-development-principles-in-motivational-pictures.aspx

Copyright © 2011 – Buddy Lindsey – Used with Permission

developingUX.comspeakermix.com/calebjenkins

@calebjenkins