Rob Smyth

Thursday, 10 August 2017

Grow up Java developers - there is space, it exists, and is empty

It seems every day I loose time inserting underscores for spaces and it seems every time to be a Java application .... what is the problem handling spaces?

This one is courtesy of Thoughtwork's GOCD. Come o.n guys ... give me a break ... spaces exist. Get over it.

Kinda related ... why do Java applications usually look and feel like Java applications? Is that an indication of a language/framework or culture attribute?

Thursday, 6 April 2017

Violet - A dog's life well lived and loved

Our 5th Airedale 'Violet'' died late last year. She was an awesome dog. From the start Violet had dignity and her own self-worth. An independent dog who, like most Airedales, obeyed when it suited her. But was always loving, if she got a pat!

When Rowan died, and she had a puppy 'Golley' to contend with, she finally to share her toys!

A wonderful dog with self-dignity. At 14 years her arthritis finally got to her (she never liked the cold).

A life well lived with dignity.

Tuesday, 21 February 2017

Magnetic buttons for magnetic persons

For the team status/task board you can create custom magnet buttons for team members on Zazzle. You an upload images whatever. I just created a few buttons for me ...


Zazzle's navigation is difficult. Look for keywords like 'round', 'magnet', 'custom'.

Team Pit Swarm Hub

Rather than mob programming or pair programming a team may setup a swam hub/desk in its pit for quick / ad-hock swarming. Not pair programming, not mob programming but a setup that allows for something in between.

In my case we have the classic corner desks. Nice for individuals but no so great for teamwork. So add a couple of TVs/monitors (so cheap now), a central team table, a wireless keyboard and mouse and you have a team pit swarm hub/portal.

To swarm a team member can slide to the central desk and remote desktop to their environment appears on the large team TVs/monitors. Now the whole team can discuss / collaborate / swarm. Quick, easy, ad-hock.

When done, close the remote desktop and the monitors return to their team status / virtual wall duties.

A way to turn up the volume on team collaboration? An ad-hock solution? A coaching crucible? An incremental step toward pair programming or mob programming .... dunno.

Tuesday, 9 August 2016

Magnetic custom team scrum sprint/story cards

A team's sprint board needs to radiate information about how the sprint is going. Fridge magnets for use on a team's magnetic sprint whiteboard can be custom printed. The trick is to print "business card fridge magnets" for only ~AU$10 for 10-20 cards. Vistaprint (I have no commercial benefit) provides a great service of uploading your card image (e.g PNG) and printing it.

I've found these magnetic card reusable using whiteboard markers. For magnetic tags like "BLOCKED" or team member names, create a card with many tiles and cutout the tiles when delivered (See example below).





Revitalizing Legacy Code - Properties returning concrete types

You have a legacy code base that has properties returning concrete types. This makes unit testing (UT) very difficult. To change the signature to use an interface requires lot or refactoring and therefore risk of an error refactoring. Here is an approach to incrementally refactor these properties out of the code base.

To provide an alternative add another property to the type with a suffix like "I" that returns the appropriate interface. This become the base property with the concrete property referencing this new property. This enables new or code being changed to migrate to the new property incrementally. Once the old property is no longer used it will be deleted.

Legacy code:

  public class WidgetA
     public WidgetB PropertyB
        // whatever stuff done here
        // does other stuff here

Testable (incrementally) legacy code:

  public class WidgetA
     [Obsolete("Use  PropertyBI instead")]
     public WidgetB PropertyB
      get { return (WidgetB)PropertyBI;  }
      set { PropertyBI = value; }

     public IWidgetB PropertyBI { get; set; }

The use of the ObsoletAttribute ensures that developers will see the property struck out in intellisense to promote useage of PropertyBI instead.

When the old, concrete type, property is no longer used it will be deleted and the "I" suffix property renamed to replace it.

Nice incremental refactoring of the code and allowing for incremental unit testing.

Wednesday, 25 May 2016

Automated application tests on active legacy applications - Team kickoff cost

How does a team get started with automated application tests on active legacy applications?

By that I mean tests for verification that the application does what it is supposed to do. Automated application regression tests. Like everything to do with software dev and testing teams there is the "change management". How does a team get the steam up to start running with automated application tests on an active legacy application.

By "legacy application" I mean any application that is out there, running, under on-going new feature development, but does not have any automated application tests. It may have developer unit and integration tests but no tests that assert the customer's required end behaviour (BDD?).

Such a team is under pressure to add new features and is experiencing "legacy" defects discovered during verification testing and, typically, the people on the dev team have changed so domain knowledge is not ideal (I do often think that a developer's domain knowledge is just poor code architecture migrator).

In these, common, scenarios to get automated application tests up and running to a point were a team can incorporate them into its culture is a big ask. There needs to be an investment in the framework, team training, and that means the business needs to understand the cost/benefits. So in the end it comes down to the tech/dev lead to identify and communicate the opportunity to the business.

Thursday, 12 March 2015

Galafry's UX guidelines for time lords

When a user is performing an operation like opening a document/project they require a prompt result. That is, the think they want X within Y seconds but they are wrong! What they really want is a good experience in which they know the best is being done for their needs and software developers have control here over the space-time continuum.

For example, a user want to save a document/project as a new name. A copy really. So their data is big, I mean big enough to be annoying, so if we do a copy of files it is going to take long enough for the user's eye lids to start to close. But ... we software developers have control over time, we provide feedback that we really, really, are doing good stuff so what would otherwise be an "oh-dear I'm wasting time" to gosh "I've kicked off a really big processes that is doing stuff" so I'm, by inference, doing stuff.

This is real evident in code that needs to copy lots of stuff. Sure, copy it in the simplest way as there really is not much time difference in how we do it .... or is there?

We time lords (software developers) can not only take control of a user's time line but our own. Write lots of lovely progress dialogs or plug into the Windows OS time line. Go outside of the .Net framework's native stuff and enter the Windows Shell C# interop. Checkout C# does shell and SHFileOperation.

Why? It means you can jump into the future (save time) and use the OS's native UI. Don't write your own "I'm really doing good  copying these file" dialog. Check out the dialogs you get in Windows 8 ... this is for free.

Do the crime do the time? Na, do the crime and leave the time to others, I'm going home. C# shell rocks.

Thursday, 20 November 2014

DITA's image

DITA is a publishing/authoring standard suited for technical documents. But it is interesting/perverse that DITA frameworks have such poor documentation.

I like the looks of DITA. I think it has a lot to offer to save time by the classic "the best way to save time is to not do it at all". But gosh I find it hard to penetrate.

Shameless dig: It seems the same as software developers who do not automate their processes ... if your profession is automation then it is perverse that you do not automate.

Friday, 1 August 2014

Keeping an Authenticode certificate secure for signing applications

Your working for a small/medium company and the boss wants you to secure the application with digital signing ... your not in control of IT security, how are you going to ensure that the private keys are secure?


Cyber security is becoming more important to software development as the risk of attack become better understood and more prevalent. Basic .Net application security requires both signing the application with an Authenticode digital certificate and strong name signing the assemblies.

Authenticode signing allows users to identify that the application came from "us" and has not been modified by somebody else since we signed it. Critical for user who download installers and is superior to MD5 checks.

Strong name signing is about ensuring that referenced assemblies have not been replaced.

Both Authenticode and strong name signing are based on the security of private keys. If an attacker obtains a copy of the private key they may impersonate your company without the end user knowing.

How build applications and keep certificates secure

  • You network's security is not "perfect".
  • You do not want to expose the key to all staff (principle of least privilege) ... they probably do not want to have access anyway.
  • You would like separation of duties (optional with the process here).
  • All encrypted storage is breakable.
  1. Obtain a computer with a new OS install that is normally stored, turned off, in a secure location. Purchase and download the Authenticode certificate onto this computer being careful to minimize network connection to placing the purchase and downloading the certificate only. Minimize the attack surface by keeping this secure PC normally off-line.
  2. Export the certificate's private keys to secure devices (e.g. IronKey). Such a device will self-destruct after N attempts making attacks near impossible.
  3. Delete the certificate from the PC.
Building a release:
  1. After testing binaries (testing application), sign assemblies and complete strong name signing on the secure PC with the Authenticode private key available on an inserted USB stick.
Note: Holders of the secure USB devices should only ever open the device on the secure PC.

Best practice is to use tested binaries from a build server (artifacts) such as TeamCity and use an installer build script that recognises key available on USB device.

Using this approach:
  • the private key is only vulnerable to the network during the installer build.
  • unsigned binaries can be testing without signing.
  • the PC used to perform the final installer build/signing is clean and normally off-line.

See also: Oracle security overview.