Good Checklist for code audit

http://extreme-java.com/best-practices-list-in-java/

Neo4J and CMDB

Interesting insights on Neo4J but more so regarding what he is trying to accomplish as a CMDB: http://java.dzone.com/articles/why-i%E2%80%99m-pretty-excited-about

Continuous delivery Pattern

This is a must read article: http://www.infoq.com/articles/Continous-Delivery-Patterns

Must see video on UI Testing

Basically, does the page "look right?" http://www.softwaretestingmagazine.com/videos/web-consistency-testing/

3 questions on startup

Basic questions yet too often forgotten. Taken from http://feefighters.com/blog/3-questions-for-vetting-potential-startup-ideas/

1) Does it solve a real problem?
2) How does it make money?
3) Will you be passionate about it 5 years from now? 

Good post on Continuous Delivery

There is a good post on Continuous Delivery that can be found here.

 The point in continuous delivery practice, is that it enforces the development team, the QA team and the Managers, to invest heavily in automation. If each code change, is a potential production version, to keep up the speed, you have to automate everything. There is no time for manual regression testing, there is no time to write deployment manuals and there is no time to execute any of the steps needed to promote a software change to production, manually.

What I like about this post is that in a few line you know if CD is for you or not. It's definitely in our near future at Crowd Advisory

IntelliJ 11 and Groovy

Nice poste here on the features included in IntelliJ for Groovy Programmers. IntelliJ is already my go to IDE. It just got more compelling!

Nice post on BDD

Don't know the guy but this article points toward a nice post on using BDD with Jetty and Maven along with JBehave.

I'll try to follow along but by the way the post is constructed, it seem serious. Get the article here

Running QUnit JS tests in Maven

If this project is as good as it sounds, we need to get this running in our environment. If its not, we need to give the lead a hand 'cause that is absolutely something missing in our ecosystem.

jHiccup

This tool, jHiccup, seems like a very nice tool to had to the kit. You can read about it here

Reason to unit test

http://www.typemock.com/blog/2011/11/28/10-reasons-to-write-unit-tests gives 10 reasons on why doing TDD. It misses at least one reason: improved design.

Guava

Taken from: http://www.javaworld.com/community/?q=node/8230
Conclusion
File handling in Java is much easier and more convenient with Guava's Files class. Guava brings file-handling convenience to Java applications that cannot make use of Groovy's or Java SE 7's file handling conveniences.

Design Patterns in JavaScript

This is a nice compendium of patterns in JS. Quite easy and usefull when teaching that stuff with front end devs.
http://thoughtsonscripts.blogspot.com/2011/11/javascript-design-patterns.html

S#arp

Possibly something to evaluate: http://www.codeproject.com/KB/applications/SharpLiteTheBasics.aspx

Great post on .NET performance

Good pointer, good actionnable pointers!, can be found here.The reference section is good too!

Ten tests to add to the basic list when using cloud computing

Ten tests for software applications in the cloud list, well, 10 tests. I particularly like the tests under the "performance" umbrella:

• profile that is more challenging than the average performance profile
• Service provisioning/de-provisioning testing
• Distributed cloud testing
• Multi-tenancy testing 
• Graceful degradation testing
• Connected/disconnected operations testing
• Cloud portability testing 

Videos: HTML 5 and JavaScript

Very interesting videos: HTML5, JavaScript

Usefull tools

http://java.dzone.com/articles/unit-testing-spring-mockito-0 list a few tools I did not know about but seem worth exploring:

• Maven Enforcer
• Logback
• Mockito
• Powermock

REST with Spring

Nice collection of posts on using Spring: http://www.baeldung.com/rest-with-spring-series/

Google App Engine: cloud is not just hardware

More and more it becomes obvious that the cloud aspect of infrastructure will blur the distinction between what the application architecture has to take into account as a precondition and what it has to handle in its scope. This post from DZone is a great illustration on how taking the cloud into account is paramount to a successful project. You don't deal with it: you lose money; take it into account and you're as easily profitable.

Cloud Automation with Chef

I've stumbled on this Slideshare presentation on using Chef to automate cloud. This presentation is basically a how to guide that should be "required reading" before even considering using Cloud.

You can find it here

Geb: very groovy browser automation… web testing, screen scraping and more

Found this tool that allow for web browser automation via Groovy and WebDriver. It has a very good documentation for such a young project (0.6.1).  Andre Steingress makes as a nice PPT here

Garmr: tool to automate security testing

Garmr is a security testing tool produced by the Mozilla QA Team. Although still at an early stage, the tool seems to be a good base on which to build a security baseline. You can read about it here

Test Scribe for MTM 2010

http://talkabouttests.com/  talks about a power tools called Test Scribe to enhance Microsoft Test Manager 2010. Test Scribe needs to be installed on TFS:

Test Scribe is a documentation power tool designed to construct documents directly from the TFS for test plan and test run artifacts for the purpose of discussion, reporting etc.

Basically, it exports your test plan to Word, which is nice when you want to communicate them to the client or a 3rd party

This is scary: Cautionary tale: Do you know where your customer database is?

[...]not just one, but TWO customer database files — one 4 MB .txt file and one 13 MB .bak file that was also plain text — comprised of ~11,000 users, each containing varying amounts of confidential information as noted above. From http://www.zdnet.com/blog/btl/cautionary-tale-do-you-know-where-your-customer-database-is/61811

It is at once sad and scary that this kind of mistakes would still happen. Come on! Governance and professionalism anyone???

Google Advanced Search

Highly interesting article on how Google can be a better friend than it already is: http://www.zdnet.com/blog/seo/how-to-become-a-search-ninja-harnessing-the-true-power-of-google-part-1/1881

Manual penetration testing

Taken from: http://www.esecurityplanet.com/network-security/penetration-testing-shows-unlikely-vulnerabilities.html

Overall, the goal of Spider Labs penetration testing efforts weren't just about seeing how far they could get, it was aslo about seeing what organizations were able to detect. Linn stressed that persistence in penetration testing is key in order to dig deeper just like real criminals would do.
"These types of vulnerabilities are not the things that an automated scan will find," Percoco said. "The things we find commonly through the manual process ends up getting us awesome results in the end."

Agility Platform

ServiceMesh is now at 7.3 of its platform called Agility Platform. I missed a few... anyway, part of the platform is the Planner which is
Agility Planner leverages existing application and platform information sources including CMDBs, and combines this with service provider capabilities and SLA parameters, to analyze, classify, and score each workload according to a programmable criteria set. Agility Planner generates Cloud Readiness™ and Cloud Value™ scores and recommends which service providers are most appropriate for each workload by automatically comparing needs to current market offerings.http://www.servicemesh.com/agility-platform/agility-planner/

Testing in production

http://searchsoftwarequality.techtarget.com/answer/Release-management-Software-testing-in-production raise the question of whether it is okay to test in production. Some say "never", the author is more nuanced in his answer. So far, I've never had the chance to work in projects where the pre-production or QA environment were conform replicas to the production environment and therefor I've always seen the need to test in production.

A new vulnerability is discovered in a library on the application server or the database server or IT has to make a change in the production environment, etc. There are a large number of reasons why we not only can but must test in production. It does need to be bounded by processes and communication streams more stringent than in the development environment so that tests don't triggers alarms (DoS for exemple) or don't skew the stats but planning for test in production is a must if one does not want to have very unpleasant conversation with the CSO...

Add automatic test to your bug report

Selenium is a very nice tool: it's a huge benefit to the software community. A good idea is to use it during exploratory testing and, when a incident is found, register the selenium script in the report so that it is easy to recap the steps to reproduce the problem before and after the fix.

It apparently is easy to export a script in different format, such as RSpec for Ruby. Have a look here: http://www.techdarkside.com/generating-rspec-tests-with-selenium-ide

Insight into Silicon Valley

This blog (http://svstartup.com/w/Main_Page) is chuck full of information regarding the Silicon Valley, it's culture and values.

Tips for startups

 Good reminder about what needs to be done setting up shop: http://www.bytestart.co.uk/content/24/24_6/ten-top-tips-successful-startup.shtml

First tip is: write a business plan. I think a business plan is mostly for ourselves, just to figure things out in a systematic approach. Could be useful with banks, not for VC and certainly not as convincing as real customer, especially, real repeat customers. Anyway, a good pointer on the subject: http://www.bytestart.co.uk/content/businessplans/30_1/writing-your-business-plan.shtml

A Conversation with Fred Wilson and Carlota Perez

A great interview very well worth watching if you have any stakes in the web industry. As a background, have a look at this power point presentation

Agile: Where does QA fits in

QA, along with architecture, is getting back into the equation for agile development. Good Ol' pendulum is swinging back to balance. So, to this simple question of the role of QA, or testing for that matter, we get this fairly simple answer from All About Agile:

So, our answer is that good professional testers must be in the Scrum team.  Ideally that means 100% allocated to one team.  At a minimum, 50% allocated to one Scrum team.

Where does QA fit in?  Well, usually the testers are aka QA people.  Sometimes QA means truly "quality assurance" per se, in which case the QA people look at the Scrum team (and the process elsewhere as well) to see if sufficient quality is being baked in in the best possible way.

Pricing: irrational and rational mixing it up under the curve

I found this article title You're Pricing it Wrong: Software Princing Demystified

Being who I am, I never thought beyond the Demand Curve:

The sweet point is where the intersection forms the largest rectangle. This rectangle represents the calculation of sales × price, and the biggest rectangle represents the biggest revenue.

 The rest of the article allowed me to think a bit less rationally and find a bit of relevance for marketing.

The next-wave software architecture: DDD, DCI and Event Sourcing

http://jivejdon.blogspot.com/2011/09/ddd-dci-and-domain-events-example.html

As background reading:

• http://www.jdon.org/
• http://code.google.com/p/disruptor/
• http://martinfowler.com/articles/lmax.html

Release Management

This is a short article that needs to be read: http://searchsoftwarequality.techtarget.com/answer/What-tools-are-required-for-effective-release-management

What, then, are the must-haves in a technology-based, modern release management system?

• Visibility: We need to know real-time, what the status of the releases are. We need a release calendar that lets us see when things are happening so we can balance the release workload. 
• Control: Every stakeholder must be able to give their electronic signature to approve, and it needs to be reportable and auditable. 
• Reporting: We need to track our performance against our KPI’s and SLA’s, and we need early warning when we are out of range on these numbers. 
• Vault: This should contain the master code that is destined for production: no more developers each having their own path to production, no more developers with root access. 
• Deployment automation: We need a repeatable and predictable technology that consistently deploys our code and backs it out automatically if things go wrong.

Continuous Integration -->Continuous Deployment...

 http://searchsoftwarequality.techtarget.com/feature/Continuous-integration-Tools-and-trends

But, according to Paul Duvall, author of Continuous Integration: Improving Software Quality and Reducing Risk,continuous deployment can go a step further. “Simply said, continuous deployment implies that you’re deploying your software to some environment, but it doesn’t mean that you’re delivering software to users,” he explains. “Delivering software to users on a frequent basis is what continuous delivery is all about. Continuous deployment could be continually delivering software to just your testing environments. This is excellent, but you haven’t necessarily gotten it to production yet. Continuous delivery implies continuous deployment, while continuous deployment does not imply continuous delivery.”

Silverlight Future

When I first noticed Silverlight I thought: Finally! M$ has figured out the internet. But then, we had the executive blunder and everything went south for that Technology. Or so it looks like. This article from CIO present an argument as to why everything might not be over with Silverlight

MMM: Modularity Maturity Model

This article: http://www.infoq.com/news/2011/09/mmm-osgi is a summary of a presentation. The article contains a pointer to the presentation.Although still a work in progress, it is already worth a look:

• Level 1:Ad Hoc. Nothing is modular. Everything is a bunch of JARs, or worse, a bunch of classes. Typically results in a monolithic application.
• Level 2:Modules. Modules have a formal versioned identity, and dependencies are done against the module identity rather than the units themselves. Maven, Ivy, RPM and OSGi fall into this category.
• Level 3:Modularity. Modules are declared via module contracts, not via explicit module identifier/versions. The requirements might be abstract (e.g. Declarative Services is available) or might be specific packages (e.g. org.osgi.framework).
• Level 4:Loose coupling. Implementations are not found via factories or constructors; instead, they are queried dynamically from a registry or injected on demand.
• Level 5:Devolution. Artefact ownerships are devolved to modularity-aware repositories. They may support collaboration or governance for accessing the assets by relation to the capabilities required.
• Level 6:Dynamism. Modules participate in a dynamic life cycle which includes the ability to add, update and remove modules at runtime, whilst preserving the state in the system.

CI and code quality

Quick read, yet relevant: DevOp Zone

The purpose of this blog entry was to make explicit that little implied condition in CI -- that the integration must not decrease the quality of the code base. We've demonstrated how this condition can be used to derive the typical implementation of CI (the build and test loop) and Continuous Delivery.

Test Data Generation Framework

This might be worth a spike to evaluate: http://www.canoo.com/blog/2011/09/26/testdata-generation/

So how does it work? Simple, its entry point is a method interceptor that you can wrap around anything you want, it doesn’t even have to be an implementation. So that DAO you want to use, but the database is still empty, just let the framework step into place and all the methods return the data that you want.

Application Security Testing Techniques

This article is full of links to various articles ordered by topics. Very cool.

This learning guide breaks testing down into several categories, although there is inevitably some overlap. Use these papers, expert opinions, articles, news and tips to refine your application security testing strategy.

http://searchsoftwarequality.techtarget.com/tutorial/Learning-Guide-Application-security-testing-techniques

Tests in an Agile Context: Charters

Very interesting article about the Exploratory Texting ("ET") and its usage of the "Charter" concept:

See: http://searchsoftwarequality.techtarget.com/tip/Chartering-exploratory-test-efforts-in-Agile

ET is a skilled and disciplined approach to testing. And one of the skills exploratory testers master is the ability to manage the scope of testing so that the software is tested in a thorough and appropriate manner. Testers manage the scope of exploratory testing using a concept called a "charter."

Charters are statements of what aspects of the system are to be tested. Charters, unlike what are called "scripts" in scripted testing, do not specify how the system is to be tested, only that some aspect of the system is to be tested.

ALM Imperative

This is a great article on ALM: https://jazz.net/blog/index.php/2011/09/27/five-imperatives-for-application-lifecycle-management/

Application Lifecycle Management (ALM) is the discipline of overcoming organizational silos to realize a whole-team, whole-view approach to the software delivery cycle by coordinating lifecycle activities across requirements, design, project planning, change and configuration management, build, and quality management.

The five imperatives for an ALM according to this article are:

• Maximize product value with In-context Collaboration to create a collective intelligence
• Accelerate time to delivery with Real-time Planning by riding the waves of ever changing project demands
• Improve quality with Lifecycle Traceability by surfing the web of linked lifecycle artifacts
• Refine predictability with Development Intelligence that helps you steer teams to successful, ontime delivery
• Reduce costs with Continuous Improvement

The key to Application Lifecycle Management is collaboration and transparency among all of the stakeholders, which is supported by an open, extensible, integrated platform.

Identity lifecycle

Event without considering the philosophical issues associated with this topic, Identity management is surprizingly complex!
Taken from http://www.digitalidnews.com/2011/09/27/id-lifecycle-101-credential-management

Issuing a credential is only the start of the identity lifecycle. As an individual moves around an organization, controlling and adjusting the systems he can and cannot access is equally important to the initial identity vetting. Throughout the ID lifecycle, this identity and credential management function is essential.

Tasktop Sync

Taken from: http://www.infoq.com/news/2011/09/tasktop-sync

Sync allows IT organizations to synchronize existing ALM servers to connect different artifact types like tasks, work items, defects, requirements and tests that are created during the various phases of a software development lifecycle process. Organizations that have different ALM stacks like HP ALM, HP Quality Center, and IBM Rational Team Concert can achieve traceability across the tools using the Sync tool.

 Taken from: http://www.impacsystems.com/blogengine/post/PLM-is-still-not-Mainstream.aspx

The Aberdeen Group says that adoption of PLM is far from universal.  Maybe only 1 in 5 companies have fully implemented a PLM solution.[...]

Without a data management solution, engineers will spend about 25% of their time looking for information.  A PLM solution will give them back that time – time that can be used to engineer a better product, improve quality, etc. 

PLM Basics

Taken from: http://www.impacsystems.com/blogengine/post/PLM-Basics.aspx

When talking to companies about PLM, I end up doing a lot of educating.  I am constantly looking for ways to simplify the explanation.  My current thinking is that I can put the over 100 features in two buckets:  Control and Visibility.  What follows is overly abbreviated…

Effective Java Profiling With Open Source Tools

Taken from: http://www.infoq.com/articles/java-profiling-with-open-source

In this article I will be going through some of the open source tools that are available. Some of these tools come with the JVM itself, while some are third party tools. I will start out with the simplest of the tools, and gradually move on to more sophisticated tools as the article progresses. The main objective is to enable you to extend your diagnostic toolbox, something that will most definitely come in handy when you application starts to perform strange, slow or not at all.

JavaScript Unit Testing

Taken from: http://www.ibm.com/developerworks/java/library/os-jstesting/index.html?ca=drs-

Summary:  JavaScript code that runs on one browser does not necessarily mean it will work on others. Without unit testing this code, organizations pay money for testing and re-testing web applications when deciding to upgrade or support new browsers. In this article, learn how efficient unit testing of your JavaScript can reduce testing costs and make it easier for you to support more browsers.

Want to go mobile? Consider the following 8 questions

It's not that different from web development but mobile is still different enough to justify taking the time to step back and think about the following questions