A Developers Take On Pair Programming

16 03 2012

David Cooksey on Pair Programming

March 16th, 2012 | David Cooksey

A Developer’s Take on Pair Programming

Over the past few years at Thycotic I have spent a lot of time pair programming. Five days a week, eight plus hours a day adds up to thousands of hours. Through my experiences in pair programming I came to a few conclusions about the practice. These represent my take on pair programming, I make no claims as to their originality.

First: Pair programming makes programming social.

This sounds obvious, but it has by far the biggest impact on how you, as a developer, write code. You are effectively writing code as a committee of two, where each member has veto power. All the factors that developers typically do not have to deal with when working alone come into play. Do you like your pair? Does he/she like you? How about respect? Do you work in similar ways? Do you work similar hours? Will you argue incessantly over architecture? Did you or your pair have a rough night?

Second: Verbal communication is as important as technical ability.

Ideas have to be expressed clearly enough that your pair can understand them. The greatest idea in the world may never be attempted if it is not stated clearly. Equally important is the ability to offer clear reasoning when you disagree with an approach. “I don’t like that” is not sufficient.

Third: Two heads are still better than one. Usually.

The caveat to this one is the social aspect. While in most cases two people who are focused on the task can do a better job, the social aspects mean that particular people may be worse together than they are apart.

So, as a developer, what is the best way to pair program? With courtesy. Learn when to shut up and let your pair drive. Learn how often you can interject comments without causing undue irritation. Learn when to push and when to let it go. If you push for your point of view all the time, no one will want to work with you. If you always give in, no one will respect your opinion. Compromise.

What were your experiences with pair programming? If you have never tried it, what are your thoughts on the subject?

David Cooksey is a Senior .NET developer at LogicBoost, an agile software services and product development company based in Washington DC.


Comments : Leave a Comment »
Tags: ,
Categories : Pair Programming

Pro ASP.NET MVC 3 Framework

27 12 2011
December 27th, 2011 | Kevin Kershaw

Pro ASP.NET MVC 3 Framework

This is a brief review Pro ASP.NET MVC 3 Framework by Adam Freeman and Steven Sanderson. Now in its third edition this already good book continues to get better. This book provides thorough and comprehensive of MVC3 that functions well for both learning the subject and as a reference. This book includes a substantial example web site that is developed through the course of three chapters. This sample covers many aspects and issues that you would encounter developing a web site using MCV 3. Also within this sample are several interesting methods and techniques. I am selecting two that I found most interesting to explore below.

Using DI And Mock Objects To Replace DB And Repository Code

Many of the projects and features I have worked on have proceeded from the database first and then built code towards the UI. The technique below allows the UI to be developed earlier in the cycle and can facilitate prototyping the UI with a lower investment in backend code. First some infrastructure setup is needed. We will start by defining a controller factory that uses the Ninject dependency injector .

public class NinjectControllerFactory : DefaultControllerFactory
{
    private IKernel ninjectKernal;

    public NinjectControllerFactory()
    {
        ninjectKernal = new StandardKernel();
        AddBindings();
    }

    protected override IController GetControllerInstance(
        System.Web.Routing.RequestContext requestContext, Type controllerType)
    {
        return controllerType == null ? null :
             (IController)ninjectKernal.Get(controllerType);
    }
    ...
}

 

Wire this controller factory in by replacing the default controller factory in Global.asx

    protected void Application_Start()
    {
        ...
        ControllerBuilder.Current.SetControllerFactory(new NinjectControllerFactory());
        ...
    }

This infrastructure is desirable in the project by itself. Its existence will eliminate much trivial and annoying code. The fact that it also supports the technique we are discussing is just a bonus.

We will continue by defining a DTO that will be used by the front end.

public class Product
{
    public int ProductId { get; set; }
    public string Name { get; set; }
    public string Description { get; set; }
    public decimal Price { get; set; }
}

 

Next, define the repository interface that will be used by the controllers to access the data.

 

public interface IProductRepository
{
    IQueryable<Product> Products { get; }
}

Finally, we will setup a fake repository using Moq and wire it into the Ninject container. Add to the NinjectControllerFactory defined above the using the following function.

private void AddBindings()
{
    Mock<IProductRepository> mock = new Mock<IProductRepository>();
    mock.Setup(m => m.Products).Returns(new List<Product>{
        new Product{Name="Football", Price=25, Description="Standard issue ball"},
        new Product{Name="Surf board", Price=179, Description="A wave rider you will love"},
        new Product{Name="Running shoes", Price=95, Description="Move your fat butt!"}
        }.AsQueryable());
        ninjectKernal.Bind<IProductRepository>().ToConstant(mock.Object);
}

At this point you can start defining controllers and views and considering other front side issues leaving the database and repository definition for later. This allows the inverting of the more normal construction of the database and backend first, with the UI areas being developed second. Instead with a small amount of infrastructure in place, issues of UI design and actual data requirements of screens can be explored earlier.

I have used mock objects in tests, but it never occurred to me to use them as temporary filler in applications. This is a thought provoking technique in the sample code.

Using Model Binder To Access Session Data

This section of the sample code creates a model binder to allow access in the controller of data stored in the session. This has a twofold benefit, first it simplifies the controller code. Second it simplifies the testing of those controller methods.

The example application implements a shopping cart object that is stored in session. To access this shopping cart object a model binder is created. The effect is to decouple controller from session, since the controller accesses the cart via a parameter instead of directly through the session object of the http context.

First, starting with the Cart definition, the details are not important for our discussion here.

public class Cart
{
    ...
}

Next a model binder is defined .

public class CartModelBinder : IModelBinder
{
    private const string sessionKey = "Cart";

    public object BindModel(ControllerContext controllerContext,
        ModelBindingContext bindingContext)
    {
        var cart = (Cart)controllerContext.HttpContext.Session[sessionKey];
        if (cart == null)
            {
                cart = new Cart();
                controllerContext.HttpContext.Session[sessionKey] = cart;
            }
        return cart;
    }
}

Register this new binder in Global.asx.

    protected void Application_Start()
    {
        ...
        ModelBinders.Binders.Add(typeof(Cart), new CartModelBinder());
        ...
    }

 

Following is an example of a controller method that accesses the cart. Notice no references to http context and session.

[HttpPost]
public ViewResult Checkout(Cart cart, ShippingDetails shippingDetails)
{
    if (cart.Lines.Count() == 0)
    {
        ModelState.AddModelError("", "Sorry, your cart is empty!");
    }
    if (ModelState.IsValid)
    {
        processor.ProcessOrder(cart, shippingDetails);
        cart.Clear();
        return View("Completed");
    }
    return View(shippingDetails);
}

 

The implications for testability are great. For example, the following test.

[Test]
public void CannotCheckoutEmptyCart()
{
    var mock = new Mock<IOrderProcessor>();
    var cart = new Cart();
    var shippingDetails = new ShippingDetails();
    var controller = new CartController(null, mock.Object);

    var result = controller.Checkout(cart, shippingDetails);

    mock.Verify(m => m.ProcessOrder(It.IsAny<Cart>(), It.IsAny<ShippingDetails>()),
        Times.Never());
    Assert.AreEqual("", result.ViewName); //default view name
    Assert.AreEqual(false, result.ViewData.ModelState.IsValid);
}

 

Gone is the need to stub out the http context and session. I don’t want to even imagine the mocking setup that would be required to perform the above test if the Controller access the Cart object directly in Session. This is a big simplification.

Summary

Pro ASP.NET MVC 3 Framework is informative in the broad sense about the many aspects of MVC 3. I think the quality of the sample is indicative of the quality of the book. And in the details of that sample are many points of insight, two of which are discussed above.


Comments : Leave a Comment »
Tags: , ,
Categories : ASP.NET

TDD Teams Write Better Software

16 11 2011

November 16th, 2011 | Katie McCroskey

Pictures are worth a thousand words, so I’ll try to keep this brief – TDD teams write better software.

The chart above is based on a formal paper of four empirical case studies on teams using Test Driven Development. Test Driven Development has been used sporadically for decades, and has been tested in academic and controlled settings numerous times. But this paper is different because it’s not about controlled experiments; it involves real people, real projects and real customers – at IBM and Microsoft, really smart companies. Test Driven Development is when a developer writes a failing unit test to define a desired function. Then, code is written to pass the failing test. Finally, the code is refactored to meet acceptable coding standards. The developers are in control, constantly making small design and implementation decisions – and getting constant feedback.

A few details on the teams: at IBM the developers were working on developing device drivers, working on new and legacy code. It was a distributed team, working in Java and no one had any previous experience in TDD. The teams at Microsoft, on the other hand, were co-located, working in C# and C++ on three products you may have heard of: Windows, MSN and Visual Studio. None of these teams were Agile, but collectively decided to try out TDD.

Despite the differences in project size, type and environment – the results were conclusive. Test Driven Development drastically reduced the defect density (bugs, missed requirements, etc.), anywhere from 40 – 90%. In the end, the tests were considered assets so when the code is enhanced/modified it will be easier to find new bugs. Although all the teams did experience a slight increase in development time, 15 – 35%, the increased time is offset by the improved quality and reduced maintenance costs. If you are interested in learning more, check out the formal paper.

Katie McCroskey is the Marketing Manager at LogicBoost an Agile consulting firm based in Washington DC.


Comments : Leave a Comment »
Tags: ,
Categories : TDD, Uncategorized

The Art of Intrusion: What is a password worth?

6 05 2011

May 5, 2011 | Michael Millstein


What is a password worth? A lot…and here’s why you shouldn’t become too attached to just one.

When you think of passwords, what do you think of?

You probably think of your AOL account, gmail, computer log-on, bank account (either online log-on or pin number), online store account…the list goes on. Do you use the same password for every account you have? Chances are you have the same password for nearly every account you have—wait, except with your work account because they make you change your account password every 60 days or so. But, you definitely use a variation of your original password every 60 days, so it’s close enough.

Now, imagine you’re an IT system administrator at Joe’s bank, the largest bank in the nation. Along with the passwords you use on a daily basis for your personal accounts, you also have hundreds of passwords for your Service Accounts, Windows local admin accounts, Root accounts, network devices, etc. What would happen if you used the same practices for work accounts that you do at home? A skilled hacker comes along, figures out your password, and gets the keys to your entire kingdom! And here the stakes are much higher—instead of hacking just one individual’s bank account he could log into your infrastructure and get payroll, social security numbers, credit card numbers, bank account information…everything.

Passwords are among the most valuable information in the world.

The notion that passwords are sacred comes from the book “The Art of Intrusion” by Kevin Mitnick, one of the most famed hackers of all time. The book highlights some of the most memorable hacking attempts in history, some which were successful. One of the stories told could have cost Boeing millions in losses or reputation: two teenagers thought it would be cool to hack for fun. They hacked into Boeing as well as government websites, a credit union, and the DMV among others. They simply used common usernames and passwords. Once they were in they gathered any information they wanted, and browsed wherever they wanted to browse. These young men were just hacking for fun, there was no malice behind their acts but they encountered very sensitive information.

We make our users change their passwords every 60 days or so, but what about all of the privileged accounts mentioned above? Typically, IT pros store their passwords in an encrypted Excel file, use generic/default passwords, and do not change these passwords regularly. Why don’t we enforce the same user-level policies on privileged account passwords? These passwords literally hold the keys to the kingdom yet they are not adequately protected by IT pros. If the passwords are the same across multiple devices and accounts, a hacker can view all the sensitive information on your network without breaking a sweat.

Some companies believe that their strong external firewalls can keep out intruders.

Well think again. Once a hacker gets through that firewall he’ll head straight to your servers, databases and the other accounts containing sensitive information. Without strong internal password policies, or software to help manage passwords and rotate them to keep hackers guessing, your infrastructure is vulnerable. You may be just one hack away from learning a tough lesson. I learned at a recent military event that some of the system administrators for the military and their contractors use Microsoft Access—an unencrypted file—to store privileged account passwords. In addition to not being able to track who has which password, I could have logged on to their system, or hopped onto an unguarded computer, and viewed every sensitive password on the network. This can cause hours, even days in downtime, and millions in expenses. Plus, it can compromise sensitive information that could be devastating to the company concerned, or even the country. “Let’s wake up people. Changing default settings and using strong passwords might stop your business from being victimized” (Mitnick, 88). Don’t be the next victim. Take action and use the same password policies savvy IT administrators place on their end users.

Michael Millstein is an Account Manager at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product.


Comments : Leave a Comment »
Tags: ,
Categories : Security

The Agile Principles that impressed me most as a Software Developer

27 04 2011

April 27, 2011 | Jacob Stucky

The Agile Principles that impressed me most as a Software Developer

I spent the first several years of my career as a software developer in a non-agile environment. We didn’t purposefully follow any particular software design model, but we ended up getting fairly close to a waterfall approach. We would go through the motions of creating both requirements and design documents, but each phase would never seem to truly finish as we were forced to start later phases early due to time and budget constraints.

Without a clear development model, a developer might end up taking the mostly finished requirements document, a half-finished design document, and the memory of a conversation on how the system was supposed to work and spend a few months in development. The developer could easily spend months lost in the code without the support of another set of eyes to look at the code and assist with problems, or to keep him honest (i.e. not taking shortcuts, writing quality code).

Of course, developers always have deadlines, and in my experience in non-agile environments, it’s no surprise to have to put in long hours in order to meet the deadline and get the software released into a test environment. This was often the first time someone other than the developer would see the project; the extent of the testing being when the developer ‘tried it’ as a part of building the feature.

Hours of phone conferences, bug lists that are dozens of items long, and more months of hot fixes and changes would follow, and might continue well after the production installation. You hope to avoid, but are not surprised by arguments over budget, timeline, and what features were or were not included in the ‘approved’ requirements and design documents.

The result of projects such as these is that a single developer ends up ‘owning’ each project or large feature. If that developer ever leaves the company, there is a mad scramble to do a knowledge transfer to another developer for maintenance or new features. Heaven forbid the elusive ‘version 2’ ever gets approved and the new developer actually needs to have a full understanding of the system or feature.

When I joined Thycotic I was introduced to several agile principles. Here are the ones that made the most impact on me as a developer:

Test driven development

Test Driven Development, or TDD, was probably the largest and most difficult adjustment I had to make. This was not because I was ideologically against the goals or ideas of TDD, but because it requires an adjustment of how the developer thinks. For the eight years I had been writing software I’d always had a full plan in mind of how each piece of functionality would be implemented and would often stub out, or even fully write, methods that I would later need.

With TDD you do not work ahead in that way. You start with a single failing test and only write the code that is necessary for that test to pass. This is followed by another failing test, and the pattern continues, with a step to look for refactoring opportunities whenever you have full green tests. This refactoring is safe because you can simply rerun your test to confirm the code still works. The benefit of this process is threefold. One, you have not wasted time writing code that is not needed. Two, every bit of code is written in order to fix a failing test, giving you full test coverage and confidence that if the code breaks at any point, your tests will be able to inform you. Three, with properly named tests, by the time the feature is complete your tests serve as full code documentation for how the feature works and what results should be expected.

Pair Programming

Surprisingly, at least for me, the transition to programming with a pair was not a difficult adjustment at all. Even in my previous jobs there were times when someone was stuck working on a particularly difficult section of logic, and having two people look at the problem together helped solve the problem in much less time. Pair Programming gives you that benefit at all times. Not only does having a second developer working with you help when solving a complex issue, you and your pair also work together to keep the other focused. A pair working together is also more likely to follow best programming standards than an individual working alone due to the presence of peer accountability.

The Sprint

Working with smaller, manageable increments of time and a solidly defined amount of work is simply amazing. There really isn’t much more I can say about it. Instead of looking at a daunting project that will take months to finish, with no tangible goals in sight, everything is broken down into two-week increments.

The progress is tracked daily and it is easy to see with a glance how you are doing. There is rarely an impending sense of ‘This is never going to get done’ because you discuss and agree to what you can finish in the two week period. Everything else is outside the scope of the sprint, and thus outside the scope of concern for the time being. Of course, you revisit that additional work in the next planning meeting, but when you sit down to actually program, it is not hanging over your heads.

The sprint planning process is the most difficult part of a sprint because it means making sure that you can finish what you committed to, while at the same time not under committing. However, as teams gain experience, the process improves and as a result, so does the ability to plan accurately.

Verifies and QA process

For all but the simplest story there is a set of written “verifies.” For example, “Verify that there is an edit button on the page.” These verifies serve as a checklist for the QA process. The story isn’t considered complete until the entire list of verifies for that story are tested with a release build and signed off by the pair that performed the QA. Because of this guided and focused QA testing we have much more confidence in every story we complete, rather than if we had simply ‘tried it’ while developing, or after a fresh install did some ‘clicking around.’

Conclusion

I feel like I really hit the ground running at Thycotic. The agile techniques meshed well with my programming goals, and I immediately saw the benefit in this programming style. Moving entire teams to this style of programming would likely take effort, since it is a change in how programmers, management and clients interact, and it requires serious dedication from both programmers and all levels of management. But through this focus, I have also seen the benefit of more consistent results, better accountability, and a better quality product.

Jacob Stucky is a Senior .NET developer at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product.


Comments : Leave a Comment »

Categories : Agile

An Unusual Regex Application

21 04 2011

April 21, 2011 | David Cooksey

An Unusual Regex Application

As any student of regular expressions knows, the regular expression engine has no understanding of the meaning of the characters it matches. The engine can match “A” or “B” but it doesn’t understand the relationship between “A” and “B”. It can match 1 or 2 but it cannot tell you that 1 + 2 = 3.

However, regular expressions are very good at quickly matching text and this can be used to obtain some related information, such as how many instances of a capture group were found. A Regex can be created based on this which will tell you how many of each letter occurs in a string. Consider the following example.

Let’s say you have a string containing some letters, such as “wsaerdctfvygbhnjmhgdeswxdcfgvbhjnqwertyuioplkjhgfdsazxcvbnmwsae”
Against this, run the following code block with the string above as the content.

Each letter has its own named capture group allowing zero or more repetitions. The number of captures of each letter-specific group is equal to the number of letters in the string. This can be extended to count specific words, words starting or ending with specific letters, or any other pattern-based categories.

David Cooksey is a Senior .NET developer at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product.


Comments : Leave a Comment »
Tags: ,
Categories : Uncategorized

The Agile Virtue of Transparency

14 04 2011

David on Transparency and Agile Practices

April 14, 2011 | David Cooksey

The Agile Virtue of Transparency

Transparency runs contrary to human nature. We all want to look good, however, the greatest programmer in the world will still cause bugs. Few designs are so prescient that they never require updating. When mistakes or design flaws are discovered, it’s natural to downplay, hide, excuse, or otherwise mitigate the negative effect these mistakes have upon our reputation.

Unfortunately, this human tendency can cause many problems. Bugs can remain unfixed and architectural flaws unresolved. In order for our code and processes to be useful, our mistakes need to be brought to light and corrected. This is precisely why transparency is so valuable, and also so difficult. A team or organization must be structured in such a way that mistakes are corrected while simultaneously encouraging people to own up to their mistakes.

Naturally, common sense applies. There is no need for every developer to constantly inform the team every time they make a typo or cause a test to fail locally. Transparency does not mean that every individual detail should be published to everyone up and down the chain. No one can absorb all of that data, and the sheer mass of data would actually discourage transparency because it would be extremely hard to find the data points that are relevant. A problem or potential problem should be brought to the attention of the people who can resolve the problem, and those who should be notified of it as soon as possible.

A friend told me a story recently that does an excellent job of illustrating the value of transparency between levels. His company had decided that it was time to create a new website. Their website was functional, but could use a facelift. Also, there was a lot of business logic in the database which could possibly be pulled out into a services layer. The team was hired and they got to work. A year later, the new website had less functionality than the original website. Content management required business analysts to open and compile multiple Visual Studio solutions. A change to a stored procedure parameter required compiling more than 12 independent solutions—and no business logic had been pulled out of the database.

This occurred because the people asking for the new site had no view whatsoever into what it was going to be. There was no involved product owner. There were no intermediate demos that evaluated progress or architecture. There were no intermediate releases to gather feedback. As a result, a year’s worth of time and considerable funds were wasted.

This is an extreme example, but it shows very clearly why transparency is such a valuable virtue for an organization to have. Opaqueness makes it far too easy to hide flaws, which can dramatically increase cost to the company.

So, how do we encourage transparency within an organization? First, lead by example. If a manager never admits to a mistake, chances are the people working for that manager will never admit to mistakes either. Secondly, avoid mockery. Scorn, ridicule, and condescension train people to protect themselves emotionally by hiding their mistakes. Every developer will cause bugs and make poor design decisions from time to time. Third, extend a helping hand. The field of development is so large that no one is an expert in everything. Sometimes a bug or unusual design decision is caused by incomplete understanding of part of the specific system or the underlying programming concept. A team effort to fix the bug, if it is significant, can help create a sense of community and avoid the blame game.

There is no doubt that transparency is difficult to achieve and maintain. However, if you want to develop products that meet the needs of your users in a work environment where people can focus on their work instead of appearances, it is essential.

David Cooksey is a Senior .NET developer at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product.


Comments : 1 Comment »
Tags: , ,
Categories : Agile, Uncategorized

« Previous Entries


Follow

Get every new post delivered to your Inbox.