AUGUST 2017 • VOL. 2, ISSUE 2 • $9.95 • SDT02 Full Page Ads Layout 1 7/21/17 3:53 PM Page 2 SDT02 Page 3 Layout 1 7/21/17 3:18 PM Page 3

SDT02 cover_Layout 1 7/21/17 3:46 PM Page 1

AUGUST 2017 • VOL. 2, ISSUE 2 • $9.95 • www.sdtimes.com SDT02 Full Page Ads_Layout 1 7/21/17 3:53 PM Page 2 SDT02 page 3_Layout 1 7/21/17 3:18 PM Page 3

Contents VOLUME 2, ISSUE 2 • AUGUST 2017

NEWS FEATURES 6 News Watch What you want, when you want it. 8 Python gains popularity Key trends in modern UX design

How artificial intelligence will invoke new hack attacks page 10 page 23 12 The coming impact of GDPR on digital businesses 15 Red Hat reduces IoT tradeoffs Test Driven Development 16 From SCM to CI: How GitLab plans on automating is alive and well DevOps for its users 18 Avoid these mistakes when transitioning page 39 to an XaaS model 21 WhiteHat Security: Improving app security with DevSecOps 25 Delivering a flawless application Agile Showcase page 31 COLUMNS

48 GUEST VIEW by Scott Schaedle A designer’s approach to development

49 ANALYST VIEW by Dr. Arnal Dayaratna Graal: the grail of polyglot runtime?

50 INDUSTRY WATCH by David Rubinstein It’s a ‘Cognitive First’ world

33 HPE software enables agile business 35 Agile can’t succeed as an island

Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 225 Broadhollow Road, Suite 211, Melville, NY 11747. Periodicals postage paid at Hunting ton Station, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2017 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 225 Broadhollow Road, Suite 211, Melville, NY 11747. SD Times subscriber services may be reached at [email protected]. SDT02 page 4_Layout 1 7/20/17 3:25 PM Page 4

www.sdtimes.com Instantly Search EDITORIAL EDITOR-IN-CHIEF David Rubinstein Terabytes of Data 631-421-4154 [email protected] DFURVVDGHVNWRSQHWZRUN,QWHUQHWRU SOCIAL MEDIA AND ONLINE EDITORS Christina Cardoza ,QWUDQHWVLWHZLWKGW6HDUFKHQWHUSULVHDQG [email protected]

developer products Madison Moore [email protected]

SENIOR ART DIRECTOR Mara Leonardi [email protected]

CONTRIBUTING WRITERS Over 25 search features, with easy Lisa Morgan, Alexandra Weber Morales, Frank J. Ohlhorst

multicolor hit-highlighting options CONTRIBUTING ANALYSTS Rob Enderle, Michael Facemire, Mike Gualtieri, Peter Thorne

CUSTOMER SERVICE

SUBSCRIPTIONS dtSearch’s document filters support [email protected]

popular file types, emails with multilevel ADVERTISING TRAFFIC attachments, databases, web data Mara Leonardi [email protected]

LIST SERVICES Shauna Koehler [email protected]

Developers: REPRINTS $3,VIRU1(7-DYDDQG& [email protected] ACCOUNTING 6'.VIRU:LQGRZV8:3/LQX[ [email protected] 0DFDQG$QGURLG ADVERTISING SALES

6HHGW6HDUFKFRPIRUDUWLFOHVRQ PUBLISHER faceted search, advanced data David Lyman 978-465-2351 FODVVLILFDWLRQZRUNLQJZLWK64/ [email protected] 1R64/ RWKHU'%V06$]XUHHWF WESTERN U.S., WESTERN CANADA, EASTERN ASIA, AUSTRALIA, INDIA Paula F. Miller 925-831-3803 [email protected]

Visit dtSearch.com for

KXQGUHGVRIUHYLHZVDQGFDVHVWXGLHV PRESIDENT & CEO IXOO\IXQFWLRQDOHYDOXDWLRQV David Lyman CHIEF OPERATING OFFICER The Smart Choice for Text Retrieval® David Rubinstein since 1991 D2 EMERGE LLC 225 Broadhollow Road Suite 211 dtSearch.com 1-800-IT-FINDS Melville, NY 11747 www.d2emerge.com SDT02 Full Page Ads_Layout 1 7/21/17 1:08 PM Page 5 SDT02 page 6,7_Layout 1 7/21/17 3:18 PM Page 6

6 SD Times August 2017 www.sdtimes.com

NEWS WATCH

New open-source GitHub introduces code owners for code review Python library enables Determining who should reactive web apps review files for code review is not always clear, which is As interest in the Python pro- why GitHub is introducing gramming language increases, code owners, a new feature a new open-source project that automatically requests wants to help developers start reviews from the code own- building applications in the ers when a pull request language. Dash, created by changes any owned files. the online data analytics and This feature lets reposi- visualization solution provider tory maintainers define the Plotly, is a Python library for exact people and teams analytical, web-based applica- who need to review projects, according to GitHub. tions. Code owners work by creating a file named CODEOWNERS in the repository’s root directory “Explore data, tweak your (or in .github/ if you prefer). models, monitor your experi- Once that is complete, code owners will automatically be requested for review whenever pull ments, or roll your own busi- request touches the files they own. For extra security, GitHub has also added a new protected ness intelligence platform. branch option to make sure the right people get to review. If a user enables protected branches, Dash is the frontend to your a code owner for each owned file has to leave a review before someone can merge a pull request analytical Python backend,” to that protected branch, said GitHub. the company wrote on the project’s website. According to Plotly, Dash following best practices,” the mentation provides data-table dard for businesses, and open can be used for data analysis, team wrote on its GitHub page. functionality with and mdSort directives. are a key element in helping tion, modelling, instrument a new component dev kit and “These directives provide a UI the transition, and pushing for control and reporting. the data-table component. for pagination and sorting in- a more automated network” The project is lightweight The component dev kit is a line with the Material Design said Arpit Joshipura, general with just 40 lines of Python; standalone package that “will guidelines without being tight- manager of Networking and provides an interface for typ- be especially useful for proj- ly coupled to the data-table Orchestration at The Linux ing UI controls such as sliders, ects that want to take advan- itself,” according to the blog Foundation. dropdowns and graphs with tage of the features of Angu- post. According to the project’s code; and is completely cus- lar Material without adopting Going forward, the team website: “The Open Security tomizable. the Material Design visual lan- plans to add sticky headers, Controller (OSC) code base: guage,” according to a blog sticky columns, incremental ● is a software-defined security row rendering and more to the Angular Material beta post. The initial release fea- orchestration solution that tures accessibility, text direc- data-table. automates deployment of virtu- 8 announced with tionality, platform detection alized network security func- data-table component and dynamic component New Linux project tions, like next-generation fire- instantiation. wall, intrusion prevention The Angular team has protects software- announced Angular Material The data-table component systems and application deliv- beta 8. Angular Material is a will be available in two imple- defined networks ery controllers; ● project designed to help devel- mentations: @angular/materi- The Linux Foundation is enables East-West data cen- opers build apps with Angular, al and . According announcing a new open- ter security, is scalable and and reuse code and abilities to the team, According to the source project designed to reduces threats in software for web, mobile, native mobile team, the data-table was the bring automated protection to defined network environments; and native desktop apps. most requested feature for software-defined networks. ● simplifies and automates “Our goal is to build a set of the project. The Open Security Controller security management and high-quality UI components The implemen- (OSC) Project is a new soft- compliance; and built with Angular and Type- tation features a fully-tem- ware-defined security orches- ● because it is open, offers Script, following the Material plated API, dynamic tables tration solution with a focus organizations the flexibility to Design spec. These compo- and an accessible DOM struc- on multi-cloud environments. choose the security technolo- nents will serve as an example ture, according to the team. “Software-defined net- gy that is best suited to their of how to write Angular code The @angular/material imple- works are becoming a stan- needs.” SDT02 page 6,7_Layout 1 7/21/17 3:18 PM Page 7

www.sdtimes.com August 2017 SD Times 7

views/month); run API moni- ny decided to abstain from issues with the system. “JSR Postman Pro free toring calls (1000 calls/month); voting “because although we 376 is now set to move to a features available create and use mock servers think there has been positive Proposed Final Draft Specifica- (1000 server calls/month); and progress within the EG [Expert tion. There may be minor mod- Small projects and individual access Postman Collections via Group] to reach consensus ifications before it is declared a developers now have access the Postman API (1000 API since the last vote, we believe final specification, but the to API development tools with calls/month). that there are a number of process it has undergone Postman free of charge, since items within the current pro- demonstrates that the JCP the company’s latest version posal which will impact wider works to produce a powerful of the free Postman app will Java 9 moves forward community adoption that new language feature for Java. have limited-quantity access with Java Platform could have been addressed Credit to Oracle as the specifi- to many of the paid features within the 30-day extension cation leader and those in the of Postman Pro. Module System period for this release,” Red Expert Group who dedicated Postman is a provider of an The results are in. The Java Hat wrote in a comment. their time to reaching this mile- API development environ- Community Process executive “However, we do not want stone,” the company wrote in a ment, and version 5.0 of its committee (EC) has voted a to delay the Java 9 release statement. Postman app allows API devel- second time on the Java Plat- and are happy with the more Java 9 is expected to be opers to leverage the full pow- form Module System, known as aggressive schedule proposed generally available by the end er of Postman, with support at JSR 376, and it has been by the Specification Lead and of September. every stage of their workflow, approved. EG for subsequent versions of according to the company. The JSR 376 was first rejected Java because getting real app is free to all users and it’s in May with 13 EC members vot- world feedback on the modu- Mozilla introduces available on Mac, Windows, ing against it and 10 members larity system will be key to new solution for large and Linux native apps, as well voting for it. This time around understanding whether and as a Chrome app. all but one member voted for JavaScript projects where further changes need Developers will have access the system. Red Hat decided to Developers can easily docu- to occur,” according to the to these popular features of abstain from voting. ment large JavaScript projects comment. Postman Pro in Postman 5.0, Last month, Red Hat stated with sphinx-js, Mozilla’s newly IBM, the first to vote against but for free and in small-pro- that it did not believe the JSR introduced solution. According JSR 376 last month due to sim- ject quantities. For instance, 376 had made enough to the company, there hasn’t ilar concerns as Red Hat, voted users will be able to access progress to be successful been a tool able to handle large yes this round because the Postman’s private and public within the Java ecosystem. JavaScript documentation company felt the Expert Group documentation feature (1000 This time around, the compa- projects up until now. was able to address most of its The markup language JSDoc provides tags to The Go programming language heads towards 2.0 describe common structures It has been five years since the Go programming language reached version 1.0. and tooling to hook into those Since then, the team has been slowly making its way to 2.0, with version 1.8 tags, but Mozilla says all it of the language just released in February. Last month, at Gophercon 2017 in ends up doing is providing an Denver, Colorado, the team revealed its goals and vision for reaching 2.0. alphabetical list of projects. “Now we have five years of experience using Go to build “JSDoc scrambles up and large, production-quality systems. We have developed a flattens out your functions, sense of what works and what does not. Now it is time to leaving new users to infer begin the next step in Go’s evolution and growth, to plan the future of Go. I’m here their relationships and men- today to ask all of you in the Go community, whether you’re in the audience at tally sort them into compre- GopherCon or watching on video or reading the Go blog later today, to work with us as we plan hensible groups,” Erik Rose, and implement Go 2,” Russ Cox, tech lead for the Go project and the Go team at Google, said senior staff software architect during his talk at GopherCon. at Mozilla, wrote in a post. Cox explained, today’s goals mirror the same goals the team had as it set out to create the sphinx-js is based off the programming language in 2007, which was “to make programmers more effective at managing Sphinx mature documentation two kinds of scale.” That included production scale and development scale. For version 2.0, the tool. The Python world has goal focuses on finding ways to fix how the language fails to scale. become accustomed to using The number one constraint currently is existing Go usage, according to Cox. “We estimate Sphinx because it supports a that there are at least half a million Go developers worldwide, which means there are millions of variety of language and out- Go source files and at least a billion of lines of Go code. Those programmers and that source put formats. With sphinx-js, code represent Go’s success, but they are also the main constraint on Go 2,” he said. Mozilla brings JavaScript support to the tool. z SDT02 page 8,9_Layout 1 7/20/17 3:26 PM Page 8

8 SD Times August 2017 www.sdtimes.com

The new features of Python 3, the growth of AI, and new architectural a

BY CHRISTINA CARDOZA kinds of problems.” to address those issues. Python 3 added The Python programming language has Stack Overflow’s recently released a number of new features to the lan- come a long way since it was first Trends solution shows Python interest guage that made it easier to learn and released in 1991. Today, it is quickly has grown steadily over the last couple use such as the introduction of async.io becoming a first-class enterprise lan- of years. for io-bound applications. Python 3 also guage used in production. “Python is being used in a variety of introduced new features that were not “Python has been extensively used in ways. Many computer programming backward compatible with Python 2.x the industry for anything from building languages have a niche area that they and removed 2.x features that were Raspberry Pi applications to configura- serve. For example, Bash scripts focus maintained for backward compatibility, tion servers and using a scripting lan- on operating system tasks, while Ruby Thoughtworks explained. guage for large scale applications,” said focuses more on web development. It “Our experience using Python 3 in Zhamak Dehghani, principal consultant seems like Python is used in every domains such as machine learning and at Thoughtworks. “What we are seeing domain — system operations, web web application development shows today is the perfect storm of a few tech- development, deployment, scientific that both the language and most of its nologies coming together and giving modeling, etc etc. There is no other supporting libraries have matured for rise to Python again, and trying to get it language that is so versatile,” the adoption,” according to the Thought- in more enterprise environ- works Technology Radar. ments.” 9% The Python Software Founda-

According to Dehghani, this 8% tion is currently pushing develop-

perfect storm is made up of 7% ers to use Python 3+ because Python 3 maturing over time, new Python 2.7 will no longer be sup- 6% architectural approaches like ported as of 2020. microservices and containers, and 5% The next version of Python, 4.0, advancements in artificial intelli- 4% is already in the works, but is not

gence. “All of this coming togeth- 3% expected to be released until 2023.

er makes it much more possible 2% That is because the language is on for enterprises to use it through- a 18 month feature release cycle. 1%

out the development lifecycle, % of Stack Overflow questions that month According to Nick Coghlan, a core 0% and not just research,” she said. 2009 2010 2011 2012 2013 2014 2015 2016 2017 developer of the language, there In fact, Python recently aren’t any profound changes or popped up as one of Thought- Python interest has steadily increased over the last couple major backwards compatibility works’ Technology Radar of years based on developer questions asked. breaks expected with 4.0. “I’ve themes. The Technology Radar heard that question enough times provides insights into technology and Python Software Foundation (PSF) now (including the more concerned trends that are shaping the future. “The board of directors wrote in an email phrasing ‘You made a big backwards fact that it made one of our themes is interview with SD Times. compatibility break once, how do I actually more notable because very few Ford explains while developers don’t know you won’t do it again?’” he wrote. things do, and it was really because a lot often pick Python up as a primary lan- “Going from Python 3.9 to 4.0 should of the technology is popping up all guage, because it is so easy to learn and be as uneventful as going from Python over,” said Neal Ford, director and soft- can accomplish all sorts of tasks they 3.3 to 3.4 (or from 2.6 to 2.7).” ware architect at ThoughtWorks. are using it as a secondary or third lan- For Python 3.0, Coghlan explains “Python is a really good utilitarian language. there have been a number of changes guage; it is a very good general-purpose According to Thoughtworks "that make it less likely that such depre- language. It is not overly complex and Dehghani, performance and concur- cations will be needed" such as empha- doesn’t have a lot of bells and whistles, rency had always been an issue in the sis on the Python Package Index, the but it is very good at solving bigger past with Python, but Python 3 aimed provisional API, and stricter require- SDT02 page 8,9_Layout 1 7/20/17 3:26 PM Page 9

www.sdtimes.com August 2017 SD Times 9

l approaches is making Python a first-class language

ments for new additions. The PSF board of directors added that Python needs to expand its presence Most Popular Programming Languages on mobile platforms, and C-Python could do a better job of working with JavaScript 62.5% multiple cores for parallel processes. SQL 51.2% In addition to Python 3, the language has also seen uptake in the Java 39.7% machine learning domain with libraries C# 34.1% like Scikit-learn, TensorFlow, Keras and spaCy. “Data science and scientific Python 32.0% applications are an area of high growth. Python’s accessibility allows subject PHP 28.1% matter experts to focus on their relative C++ 22.3% subject matter areas in their research. This doesn’t seem like it will stop any C 19.0% time soon,” PSF board of directors TypeScript 9.5% wrote. The growth of microservices and Ruby 9.1% containers has made it easier to pack- Swift 6.5% age Python dependencies and execute the language in production environ- Objective-C 6.4% ments, according to Thoughtworks’ VB.NET 6.2% Ford. The PSF also says the growth of Assembly 5.0% Python can be seen through the language’s community gatherings. Accord- R 4.5% ing to the foundation, in 1992 the first Perl 4.3% workshop saw 20 attendees, then after a couple of years the community’s first VBA 4.3% For the fifth year in a row, annual conference — the International Matlab 4.3% JavaScript was the most Python Conference — saw about 300 attendees, and today the PSF’s annual Go 4.3% commonly used programming PyCon conference was sold out in Scala 3.6% language. And once again, March with more than 3,000 attendees SQL takes second place, and from around the world. Groovy 3.3% Java third. However, the use “One of [Python’s] major strengths is CoffeeScript 3.3% its accessibility to newcomers, because of Python overtook PHP for it is easier to develop a working piece of Visual Basic 6 2.9% the first time in five years. code in Python and iterate on it more quickly,” the PSF board of directors Lua 2.8% wrote. “Most of all, its community! For Haskell 1.8% the language itself, readability, concise- ness, and the completeness of its stan- 010203040506070 dard library, which we call ‘batteries included.’ ” z Source: Stack Overflow Trends, 2017 Developer Survey Results, 36,625 responses SDT02 page 10_Layout 1 7/20/17 3:26 PM Page 10

10 SD Times August 2017 www.sdtimes.com How artificial intelligence will invoke new hack attacks

BY CHRISTINA CARDOZA are nowhere near close to that,” he said. But, it is important to keep in mind As advancements in artificial intelli- Hong explained AI is getting a bad that artificial intelligence systems are gence begin to enrich technology and rap because people let their imagina- still created with humans in the loop. lives, there is a threat lurking behind tions run wild and ascribe behaviors to it Not many systems are completely auto- the innovation. What happens if hack- that the technology can’t really do. mated because the side effects to this ers use artificial intelligence to invoke Nonetheless, AI won’t always be used are still unknown, according to Hong. sophisticated attacks on our systems? for good, and we will need to be worried “In the future, AI in cybersecurity Derek Manky, global security strate- about those who choose to misuse it. will constantly adapt to the growing gist for Fortinet, a cybersecurity soft- According to Manky, this malware attack [surface]. Today, we are connect- ware provider, said, “In the coming year will use code that’s a precursor to AI. ing the dots, sharing data, and applying we expect to see malware designed with It will replace the traditional “if not that data to systems. However, we are adaptive, success-based learning to this, then that” code logic with more the ones telling the machines what to do. In the future, a mature AI system could be capable of making decisions on its own,” said Manky. “Humans are making these complex decisions, which require intelligent correlation through human intelligence. In the future, more complex decisions could be taken on via AI. What is not attainable is full automation. That is, passing 100% control to the machines to make all decisions at any time. Humans and machines must co-exist.” While there is a fear that AI can do more harm than good one day, Hong says that is way far out in the future, and improve the success and efficacy of complex decision-making logic. not something the industry needs to attacks. This new generation of malware “Autonomous malware operates much worry about right now. “There are big- will be situation-aware, meaning that it like branch prediction technology, ger things that security professionals will understand the environment it is in which is designed to guess which need to worry about. These AI tech- and make calculated decisions about branch of a decision tree a transaction niques only work with very sophisticat- what to do next. In many ways, it will will take before it is executed. A ed and narrow context. Once you go begin to behave like a human attacker: branch predictor keeps track of outside of that, they just won’t work that performing reconnaissance, identifying whether or not a branch is taken, so well anymore. Imagine the AI is playing targets, choosing methods of attack, and when it encounters a conditional jump a game of chess and then you change intelligently evading detection.” that it has seen before it makes a pre- the game to checkers; it is just not going But Jason Hong, associate professor diction so that over time the software to work as well,” Hong said. of the Human Computer Interaction becomes more efficient,” Manky said. Instead, Hong believes organiza- Institute at Carnegie Mellon School of Hong sees adversarial machine learn- tions should worry about security issues Computer Science, assures that these ing as an emerging field, where hackers such as data breaches, weak passwords, attacks aren’t as serious or scary as how try to reverse-engineer how software misconfigurations, and phishing AI is depicted in movies like “Termina- operations work. For example, they are attacks. “I would say focus on a lot more tor,” nor will they be as advanced as finding new ways to get past spam filters, of these really basic types of security HBO depicted in its series “Westworld.” or they are finding ways to poison data problems, and don’t worry about the “If you look at all the movies and TV specs so that the owner of the data starts really sophisticated ones yet. They will shows, they keep on showing all these training his machine learning systems on come eventually, but we will have lots different things of what people’s imagina- the bad data and the machine starts to of times to adapt and invest in these tions are on what these things can do. We make bad decisions. systems as well,” he said. z SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 11 SDT02 page 12_Layout 1 7/21/17 2:24 PM Page 12

12 SD Times August 2017 www.sdtimes.com The coming impact of GDPR on digital businesses

BY FRANK OHLHORST professional or public life. It can be Time is quickly running out for business- anything from a name, a home address, Build a comprehensive GDPR plan es not prepared for May 2018 introduc- a photo, an email address, bank details, The European Union’s (EU) General Data tion of the European Union’s General posts on social networking websites, Protection Regulation (GDPR) creates Data Protection Regulation (GDPR), medical information, or a computer’s IP additional security and privacy obligations for organizations to comply with. All which has the potential to impact any address.” organizations, including those outside of business that interacts with customers With that understanding of what the EU that hold data on European citi- that are members of the EU. personal data is, it becomes zens, need to review their obligations Preparing for compliance readily apparent that If under GDPR. The eSentire GDPR work- means that CISOs (or other you create, process, book details the framework requirements, IT professionals) will have store, or transmit enabling you to map your current to act quickly to prevent data about an EU approach and gain an understanding of their businesses from rack- resident, your oper- your areas of risk. ing up large fines, which ation will fall under Download the www.eugdr.org states as “orga- the auspices of GDPR. workbook at nizations in breach of GDPR can be In fact, research firm PWC www.esentire.com fined up to 4% of annual global states that 92% of US businesses list turnover or €20 Million (whichever is GDPR as a priority because they are greater). working internationally or have EU stu- With this workbook, you will: dents that visit. More simply put, • Understand the key requirements of Where to begin countless healthcare consortiums, GDPR; One of the first steps taken on that path financial institutions, and retail busi- • Determine how GDPR applies to your to GDPR compliance is to determine if nesses are among the organizations that company; the regulations will impact your opera- conduct business globally or store EU • Map your current approach to GDPR and evaluate your areas of risk. tion. That means, you must have a com- citizen data in their IT systems. More Source: eSentire plete understanding of the term per- simply put, compliance officers may sonal data, which lies at the heart of the need to ask: • Are any of our employees EU citizens? GDPR. According to the European • Do we collect or manage data about • Do we accept job applications from Commission, “Personal data is any EU citizens? EU citizens? information relating to an individual, • Do we offer products or services to If the answer to any of those queries is whether it relates to his or her private, EU citizens? yes, then GDPR compliance is a must. z

data subject’s request for personal data Recommendations for compliance in a commonly used format. Incorporate website intrusion to data O’Neill recommends that businesses, at a l Allow individuals to explicitly agree breach reporting process: minimum, should execute the following and/or refuse tracking l for all digital properties, including web- Understand how website/ app-generated The GDPR mandate for websites has sites (desktop & mobile) and mobile apps: data is acquired, used and stored been clearly laid out. l l InfoSec must work with internal risk Communicate privacy policy: Identify data: Registration, Cookies, IP and compliance professionals to ensure l Write a clear privacy policy explaining address, device ID l all data elements are documented, use of third-party code and data collec- Assess the legal basis to collect data assessed and controlled. tion activity and determine if consent is necessary, l Post policy banner on homepage e.g., Personally Identifiable Information While the above is only a brief outline l Deliver internal training (PII) vs. transaction functionality, etc. of what must be done, IT professionals l Provide easy-to-use opt in/ opt out Evaluate need for a specific policy should clearly see that a plan is needed mechanism: regarding data of minor activity (16 to meet the needs of GDPR and that plan l Explain need for tracking and how years old in GDPR; under 13 years old in must include several stakeholders, rang- cookies drive digital operations U.K. and U.S.) ing from those who create code to those l Share links to individual privacy poli- Support data portability: that manage data to those that execute l cies of all in-scope vendors on your site Provide mechanism to easily satisfy a on that data. —Frank Ohlhorst SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 13 SDT02 Full Page Ads_Layout 1 7/21/17 1:27 PM Page 14 SDT02 page 15_Layout 1 7/20/17 3:24 PM Page 15

www.sdtimes.com August 2017 SD Times 15

INDUSTRY SPOTLIGHT: INTERNET OF THINGS Red Hat reduces IoT tradeoffs BY LISA MORGAN IoT gateways monitor streaming IoT “Each of the layers has to be imple- Organizations rolling out the IoT usually data and then make intelligent deci- mented correctly.” aren’t prepared for the additional com- sions about what data the enterprise The low-end devices and sensors plexity. With the IoT, data volumes grow should receive. That way, an organiza- present the biggest security risks as exponentially, infrastructure manage- tion can monitor all the data while demonstrated by recent exploits includ- ment gets more complicated and the incurring the costs of storing only the ing the Mirai botnet. These network- security vulnerabilities increase dispro- most meaningful data. By reducing the capable devices lack the security imple- portionately. Nevertheless, IT depart- amount of data to be analyzed, deci- mentation of a typical enterprise ments are expected to handle all these sions can be made in near real time, a system. From design point of view, low changes competently without propor- key requirement for critical equipment. sensor costs may not justify the inclu- tional increases in budget or other resources. With Red Hat’s expert assistance, IT ‘It’s important to secure the end and software organizations can manage devices, but you also have to ensure IoT adoption with greater ease, so they that the gateway is secure. can spend more time delivering value People miss that.’ and less time recovering from common —Ishu Verma pitfalls that could have been avoided. “Enterprises sometimes manage enterprise systems one way and IoT IoT gateways can be designed and sion and maintenance of an operating another,” said Ishu Verma, IoT technol- implemented as hardware components system. An IoT gateway can provide a ogy evangelist at Red Hat. “If you’re or virtualized. Linux containers provide firewall to protect the low-end devices approaching those things differently, an elegant solution to manage IoT data and sensors so they can’t be accessed you’re not managing the data, security because they can be provisioned auto- directly from the internet. or your resources as well as you could.” matically to scale as the volume of data “It’s important to secure the end requires. Containers also provide secu- devices, but you also have to ensure Get IoT data under control rity capabilities to segregate critical and that the gateway is secure. People miss In today’s data-intensive business envi- non-critical data and devices. that,” said Verma. “An API manage- ronments, some organizations want to ment system should be part of your save all data because storage is cheap Keep IoT data secure security stack.” and they don’t want to discard some- Hackers increasingly target industrial thing that may be valuable. equipment because the security of the Rationalize IT and IoT IoT devices generate a lot of redun- devices has not been addressed ade- Resource constraints tend to worsen as dant data, however. In most cases, sta- quately. In many cases, the root cause the technology stack becomes more tus changes and other outliers are more of the vulnerabilities is the failure to complex, but getting proportionate valuable than 10,000 pieces of static, patch or otherwise update the operat- funding and resources is out of the repetitive data because the behavior ing system. By the time the vulnerabili- question. By aligning enterprise and outside the normal signals the need for ty has been identified, important sys- IoT efforts, businesses can better lever- action. Using a smart algorithm like tems have been compromised via a age the resources they have and be sliding window, most of this sensor data lateral or denial of service attack. more productive using modern can be summarized into a more man- “Security is a complex problem. You DevOps techniques. ageable size. need a multi-layered approach that “IoT adoption hits a wall when you “As more things get instrumented includes physically securing the sys- lack the skills you need,” said Verma. and you gather more data, you may find tems, pre-boot authentication and an “We recommend using an open-source that the volume of data is growing faster operating system with security capabili- solution built from cloud to the edge than you can manage it, so you want to ties like SELinux to limit access to sys- using the same tools and processes for make intelligent decisions about data tem resources and data, and data secu- both IT and IoT.” velocity at the edge,” said Verma. rity at rest and transit,” said Verma. Learn more at www.redhat.com. z

Content provided by SD Times and SDT02 page 16_Layout 1 7/21/17 3:47 PM Page 16

16 SD Times August 2017 www.sdtimes.com

With GitLab’s Auto DevOps vision, it will create a project automatically, and without any further action, start a CI/CD pipeline. From SCM to CI: How GitLab plans on automating DevOps for its users BY MADISON MOORE CI, Auto Deploy, Auto Code Quality, of their configuration, and how to opti- GitLab is transforming its offerings of and Auto Review Apps. GitLab’s Auto mize the flow once it is set up, he said. version control and continuous integra- Deploy feature has already been “Knowing how to do that becomes a tion with a new integrated and automat- shipped, and Code Quality was released learning curve that everyone needs to ic DevOps experience: Auto DevOps. in GitLab 9.3, but not for an auto ver- step through,” said Pundsack. “Automat- Auto DevOps, a concept that was sion, said Pundsack. GitLab has a CI ing your deployment once you have con- designed to help developers deliver feature but it’s not automated yet. The tinuous integration, that’s great, but now ideas to production faster, is GitLab’s significant difference with Auto CI is you need to deliver and automate that new collection of features for building, GitLab will be able to detect what lan- process and make it repeatable.” testing and deploying applications, as guage the developer is using and it will Developers will be able to access well as features for review apps and set- run tests for that specific language. This Auto DevOps features on GitLab’s site. ting up code quality. way, a developer doesn’t have to config- The core functionality for Auto These features are critical to ure anything, said Pundsack. DevOps will be available for GitLab’s DevOps, according to Mark Pundsack, Auto DevOps takes away the hassle free tier version, so developers can head of product at GitLab, and while of getting started with DevOps, said push their code and it will automatically they exist at some level within GitLab Pundsack. There are a series of steps go to test, deploy, and everything will already, the idea is to “level them up” developers need to take when configur- configure automatically, said Pundsack. and have the components enabled ing their continuous integration Specific features will be available at the automatically with no configuration pipeline, for instance, and they need to higher level tiers, and certain visualiza- from developers, he said. understand how to run tests in an auto- tions and functionality will not be avail- “We realize auto has some ambigui- matic way, how to set up various parts able at the free tier level. z ty, since much of DevOps is about automation,” said Pundsack. “What we really mean [by Auto DevOps] is it is just automatically enabled so you don't have to configure anything. It’s a zero- click installation or configuration idea.” Auto DevOps features, to be available through GitLab’s platform, will In addition to Auto Build and Auto CI, GitLab will run Auto code quality to make sure you are include Auto Create, Auto Build, Auto not introducing bad code practices in the merge request. SDT02 Full Page Ads_Layout 1 7/21/17 1:28 PM Page 17 SDT02 page 18-DR_Layout 1 7/20/17 3:32 PM Page 18

18 SD Times August 2017 www.sdtimes.com Avoid these mistakes when transitioning to an XaaS model BY MADISON MOORE Another mistake he highlights is notices that all their teams, their cus- Through cloud adoption, many compa- when companies move to an XaaS mod- tomer support, and their marketing nies are realizing the benefits of adopt- el and change to a subscription plan for teams are all disconnected from the rest ing Anything-as-a-Service (XaaS). There their customers, marketing continues to of the business. For Software-as-a-Ser- are real cost benefits to XaaS, but soft- drive monolithic campaigns. “They are vice products, for instance, these teams ware experts notice enterprises are run- paying for the service continuously so need to be much more integrated and ning into the same challenges and mak- you need to build a relationship,” said overlap. When moving to an XaaS, taking mistakes when trying to adopt these Palm. “Product management might be ing care of the customers and providing models. For these companies, it’s their more agile, but marketing is staying in a great experience is most important, management practices, their culture, their old tracks.” said Shinkle. and how they think about design and Another challenge is simply that “In a traditional model, where I development that ultimately keep them sometimes, “management doesn’t get might be selling large applications from bringing services to market. it,” said Palm. [and] spending hundreds of thousands Many companies are just now begin- “It’s common for big companies to not of dollars on software, that’s very much ning the process of becoming service get it, they make long-term plans, they different from a service model, which is providers, according to a survey from don’t think about consequences for the more subscription-based,” said Shinkle. Accenture. This report found that 68 whole business,” said Palm. “If I’m not delivering great service, percent of organizations wouldn’t be The three repeating challenges Chris they’re going to leave.” prepared to deliver their core process- Shinkle, director of innovation at Soft- Additionally, customer support plays es-as-a-service until 2020, which ulti- ware Engineering Professionals, has a huge role in both sales and XaaS mod- mately means companies are entering noticed stem from culture, design/devel- els. If there isn’t a great customer sup- the early phases of planning for XaaS. port system in place, and the company Companies are also beginning to look is not helping customers realize the val- into adopting XaaS models because the Customers can become ue they get from the product, then they market is demanding it, annoyed when aren’t going to renew their subscription said Patric Palm, CEO and when it comes time to sign up, said co-founder of Hansoft, their service Shinkle. which provides agile tools “Culturally, you need to think about and the Favro collabora- doesn’t how that organization operates and tion software. According to deliver value [working] closer together is key,” said Palm, the market is Shinkle. “Organizations think SaaS is demanding it because cus- just a technology change and it’s just tomers want to pay only opment and opera- software moving from a hard drive to for what they use and they tions. He said that a lot the web or cloud, and they don’t think want to derive value of companies think that about managing projects, and what sort immediately. XaaS is going to change of metrics or KPIs are important.” In order to be successful when everything, but they fail to realize they This is really where companies fall adopting XaaS, companies need to be need to change the way they think and short and struggle, said Shinkle. Often adaptable and agile, said Palm. This approach this model. times, the technical challenges of XaaS goes for all parts of the organization, The companies that want to truly are not the most difficult parts to solve; down to the developers and the up to take advantage of XaaS models and its it’s the people working to sell products the business leaders. This is where benefit need to change their mindsets, to consumers that is a challenge. He Palm sees companies making mistakes. and this includes developers and even recommends companies think about Enterprises need to not only change management, who need to change the these cultural changes internally and their business model to become flexible way they think about budgeting and recognize that if they get closer to their and agile, but they also need to contin- scheduling work. All of this impacts customers, they can learn from them ue to develop a product or service so how teams go about developing prod- and better provide a service or product. that in each release, it’s delivering ucts and shipping software, he said. “If [this] is overlooked, you are setting something valuable to the customer. In some large companies, Shinkle yourself up for failure,” said Shinkle. z SDT02 Full Page Ads_Layout 1 7/21/17 1:28 PM Page 19 SDT02 Full Page Ads_Layout 1 7/21/17 1:57 PM Page 20 SDT02 page 21_Layout 1 7/21/17 3:20 PM Page 21

www.sdtimes.com August 2017 SD Times 21

DEVOPS WATCH WhiteHat Security: Improving In other DevOps news… n Atlassian is giving teams new ways to break down silos and app security with DevSecOps accelerate their DevOps adoption with the announcement of the BY MADISON MOORE ing (DAST) results, static testing (SAST) Atlassian Stack and DevOps Mar- Does the DevSecOps approach make a results, and DAST/SAST applied in ketplace. These new solutions are difference when it comes to improving combination, along with mobile app secu- designed to help customers con- application security? According to this rity data provided by WhiteHat Security solidate their solutions and add year’s 12th annual WhiteHat Security partner, NowSecure. NowSecure provid- new ones to their DevOps lifecy- “Application Security Statistics Report,” ed data from the report’s mobile section, cle. The Atlassian Stack is it certainly does. which examines the top security issues and designed to connect teams and This year’s WhiteHat report includes a vulnerabilities by mobile application cate- provide an instance of each of the case study that details a large health orga- gory for the Android and iOS platforms. company’s Data Center and Serv- nization’s successful implementation of a Some statistics from the report show er products. The new marketplace DevSecOps approach. According to the the application security posture of the aver- gives developers more than 200 study, critical vulnerabilities in applica- age organization has improved, but only add-ons and integrations to cus- tions were resolved in a fraction of the marginally. According to the report, in tom-fit Atlassian into workflows. time it takes teams without a DevOps or 2015, the web applications analyzed had an n JFrog announced the acquisi- DevSecOps approach. Part of the organi- average of four vulnerabilities. This num- tion of CloudMunch, a universal zation’s DevSecOps solution included ber dropped to three in 2016. DevOps intelligence platform. training teams on secure coding tech- While there is some improvement, With CloudMunch, the company niques, dubbing trained employees almost half of all applications remain vul- hopes to expand its own DevOps “Security Heroes,” so they could foster nerable on every single day of the year. product offering for developers. positive collaboration and correct devel- WhiteHat found that most organizations CloudMunch is known for its full- oper mistakes. are not able to resolve all of the vulnerabil- stack intelligence solution, and “[The organization] created a sustain- ities found in their apps. In the Utilities, ability to integrate with key sys- able infrastructure for software develop- Education, Accommodations, Retail, and tems such as JIRA, GitHub, Bit- ment teams to be not only successful, but Manufacturing sectors, approximately 60 bucket, Jenkins, Kubernetes and self-sufficient,” reads the study. “The percent of applications are “always vulner- JFrog Artifactory. In addition, cybersecurity team understands its role is able,” according to WhiteHat. CloudMunch’s product provides to provide value, advice and expertise act- These vulnerabilities are easier to fix if end-to-end visibility across tools, ing as change agents and thought leaders in teams use both SAST and DAST testing, offers insight through dashboards, application security. In the process, it has which WhiteHat found to be essential for provides recommendations for proven to be a true center of excellence for application security program effective- further actions, and enables auto- application security.” ness. This year’s report found that many mated tasks. The organization highlighted in organizations are still not employing both n WhiteHat’s case study identified key cul- testing techniques. LogiGear released new continu- tural and technological differences and While there are still too many vulnera- ous delivery findings as part of its motivators across its security and devel- bilities left in applications, there are two software industry survey designed opment teams, and later implemented an things that O’Leary said gives WhiteHat to assess the state of software application security program that security “hope” for the future of AppSec. testing. This was the second sur- “bridged these differences, fostering col- For instance, the fact that application secu- vey in a four-part series, and laboration and a shared commitment to rity did improve by 25% is an overall sign focused on DevOps. According to application security,” writes Ryan that many organizations are starting to the survey, the most known pain O’Leary, vice president of the Threat mature, even if it is at a slow pace. points of transitioning to DevOps Research Center at WhiteHat Security. And as their case study indicates, involve getting groups that don’t DevSecOps isn’t just another buzzword; work together naturally to have Major findings on AppSec statistics it’s offering some “light at the end of the the same goals, financial commit- In addition to the case study, this year’s tunnel” for applications security teams ments, planning, training and cul- report comprises analysis of dynamic test- and development teams, too. z tural change. NOM2017AD.qxp_Layout 1 7/26/17 12:25 PM Page 1

Subscribe to SD Times News on Monday to get the latest news, news analysis and commentary delivered to your inbox.

• Reports on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data

• Insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more

• The latest news from the software providers, industry consortia, open source projects and research institutions

Subscribe today to keep up with everything happening in the software development industry.

CLICK HERE TO SUBSCRIBE Visual Studio Dev Essentials_SD TIMES_05.pdf 1 7/13/2017 8:09:07 PM

CMY

K SDT02 page 22,23,26-29_Layout 1 7/20/17 3:35 PM Page 22

22 SD Times August 2017 www.sdtimes.com What you want, when you Key trends in modern UX

Inclusive, sound and predictive design techniques are top t class of designer/developers realize the strategic importance

Jobs was deftly answering a man BY ALEXANDRA WEBER MORALES who had just accused him of abandon- ing a pet technology. The Apple he year was 1997. Steve Jobs fidgeted on a stool in front of founder went on to explain that his company’s mission was to discover the World Wide Developer Conference, chatting with the “What incredible benefits can we give audience: “You’ve got to start with the customer experience to the customer? Where can we take T the customer? Not, ‘Let’s sit down with and work backwards to the technology. You can’t start with the the engineers and figure out what awe- technology and try to figure where you’re going to sell it. some technology we have and then how I’ve made this mistake probably more than anybody else in this we’re going to market that.’ And I think room — and I’ve got the scar tissue to prove it.” that’s the right path to take.” As it happens, 1997 was also the year SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 23

www.sdtimes.com August 2017 SD Times 23

Silicon Valley design guru John Maeda motor impairment helps others who noted that design is now a top priority can’t use their touch screen because it’s for venture capitalists, consultancies inconvenient or dangerous. “It’s really and even stuffy enterprise software about designing for the widest possible want it. giants: “IBM design has been probably range of abilities within the widest pos- the largest corporate effort to amass sible range of situations,” Clary said. design energy. […] Google is cool. Who Android accessibility settings, APIs would have thought? The perception and long-running services are nifty on Google [has] definitely shifted.” developer tools for changing how users Google has indeed changed its tune. consume or interact with devices. For design Google Design has created “a visual lan- blind users, services include TalkBack guage for our users that synthesizes the and BrailleBack (which can activate a classic principles of good design with the refreshable braille display), while innovation and possibility of technology Switch Access and Voice Access are tar- and science,” according to the spec at geted to those with motor impairment Material.io. The Material tools and com- such as a tremor. ponents help developers build mobile- Meanwhile, Apple’s design aesthetic ready cross-platform experiences that continues to revolve around user expe- have touch, voice, mouse, and keyboard rience. At the 2017 WWDC, the com- as ﬁrst-class input methods. pany reminded attendees to develop In Maeda’s formulation, “computa- not for “users”, but for humans. It turns tional design” is a discipline that melds out this is a longstanding tenet for the artistry, business, engineering — and company: Apple’s evolving Human inclusion. Interface Guidelines actually date back “In my official title at Automattic, to 1987, which was also the year the I’m the global head of computational Macintosh II personal computer was design and inclusion. People ask me, launched. At this year’s WWDC, the ‘Why do you have the word ‘inclusion’ company maintained a forward view in your title?’ It’s because I believe that with its emphasis on humanity — and design and inclusion are inseparable,” not just what humans see and do, but he said. Creativity is intrinsic to inclu- what they hear. sion, according to Maeda, but that energy is lost when inclusion is relegated to Sound: the next frontier a human resources process rather than In 2003, Web usability expert Jakob seen as fueling beautiful user experi- Nielsen wrote, “Visual interfaces are ences. inherently superior to auditory inter- Inclusiveness is a common theme for faces for many tasks. The Star Trek fan- Google as well. Reaching “the next bil- tasy of speaking to your computer is not lion users” was a mantra at the Google the most fruitful path to usable sys- themes as the new I/O conference in May 2017. Google tems.” He was wrong. speakers noted that many of these With Siri, the first commercially of user experience future customers are now or will be dis- viable personal assistant, the 1970s futu- abled: one in five people will have a dis- rama had come to fruition. By 2020, Jony Ive became Apple’s senior vice ability of some sort in their lifetime. Gartner predicts that nearly a third of all president of industrial design. He went “This isn’t just for users with a dis- web browsing will be done without a on to determine the curves, gloss and ability or an accessibility need. I want to screen and 85% of customer interactions heft of the iMac, iPhone, iPad and get across that this helps all users,” said will be managed by bots. ComScore pre- more. Two years ago, the San Francis- Patrick Clary, a product manager on dicts that half of all searches will be via co-based Ive became Apple’s chief accessibility at Google who himself uses voice. Sound: the next frontier. design officer — a role that exemplifies a wheelchair, in his Google I/O ‘17 talk, According to Apple sound designer how strategic user experience has “What’s New in Android Accessibility.” Hugo Verweij, sound can transform become in the technology world. Why should accessibility interest user experience, but too often, app app developers? Blind or low-vision developers miss the opportunity to Inclusive design is strategic design products can help those who have their compose custom audio notifications to Unveiling his third annual “Design in eyes otherwise occupied, such as driv- distinguish their apps from others. In a Tech Report” in a March 12, 2017, talk, ers, he said. Designing for those with continued on page 26 > SDT02 Full Page Ads_Layout 1 7/21/17 1:30 PM Page 24

User Experience Isn’t Everything – It’s the Only Thing.

That’s our motto. It’s also the key to building apps that people love to use.

Apps that are delivered to market faster, perform better, informed by data, and work seamlessly across multiple platforms. We can help you achieve digital transformation and deliver next-generation, high-performance apps with our integrated tools that help you build it, monitor it, and continuously improve it. Welcome to Applandia. Where things don’t crash, defects get eliminated, batteries don’t drain – and user experience is king.

Visit saas.hpe.com/marketing/digital-user-experience SDT02 page 25_Layout 1 7/20/17 3:33 PM Page 25

www.sdtimes.com August 2017 SD Times 25

INDUSTRY SPOTLIGHT: USER EXPERIENCE Delivering a flawless application The right metrics can lead to great user experiences BY MADISON MOORE zon, a one-second delay in load time of a ings. Even the silent majority can go Creating a flawless application that website could result in $1.6 billion in lost onto the app store and give a poor app pleases all customers is much more com- sales annually for the company. This a one- or two-star rating, which not only plicated than traditional software, said example, according to Aymer, is linked stops other people from downloading Antoine Aymer, a mobile technologist at to performance efficiency, and for appli- the app, but it also decreases the com- HPE. This is because the concept of cations that fail to address this, it’s more pany’s rating on the app store. user experience (UX) goes beyond a than possible that their users will not “Your ranking will depend on your clean user interface and design. return. rating, but your rating depends on the Organizations need to address In a 2016 “DevOps, APM, and Digi- quality of the app, and the quality of your expectations of the user, like how tal User Experience” report from HPE, application depends on how you define usable is the application and is it fast problematic applications immediately UX and how successful you’ve been in enough. Companies should create a poor user experience. 80% of achieving your UX metrics,” said Aymer. define a set of UX metrics those surveyed stated they would It also benefits a company to do a that reveal something about sentiment analysis so they can see what the interaction, like some ‘If you want to understand their users think about their application. aspect of effectiveness, users, then have a look at Companies can consider analytics tools crash rate, conversion and that gives businesses insight into what is abandonment rate, as well as existing data.’ happening around the app. That time and taps to completion. —Antoine Aymer includes ranking, rating, interactions, Delivering a great UX downloads — everything that companies also means measuring only attempt to use an appli- want to understand about their users the main aspects of cation with issues three comes from existing data and analytics. a user experience. times or fewer. And, 15% “If you want to understand users, According to Aymer, would only retry an then have a look at existing data,” said the main aspects of application once, while Aymer. UX include: functionality, suitability, 6% said they wouldn’t give the applica- Mobile teams can also consider the performance efficiency, availability, tion a second chance. After reviewing in-app analytics from HPE’s AppPulse security, usability, and portability. how respondents would react to a prob- Mobile, which takes a piece of code and Aymer said there are a set of discovery lematic application, HPE determined injects it into an app or wraps around an questions that companies can answer that in order to deliver an excellent user app so it can capture the user’s experi- when they are trying to develop an appli- experience, organizations need to meas- ence from the app level, he said. Mobile cation that hits all the main aspects of ure the app’s ability to deliver value and teams can receive actionable data to pri- UX. For instance, “How do you make its capability to meet user’s expectations. oritize issues impacting users the most. sure your app performs as expected,” and Aymer said that HPE has done addi- “I’ve come to realize UX is actually a “how do you make sure your app is avail- tional research about users not return- full-blown experience that someone has able and reliable,” are both questions ing to an application that crashes, and when using a product, so UX needs to companies should consider if they want from this, he said that companies can be something that is measured,” said to measure the user experience. categorize users into two groups. The Aymer. “Not a lot of customers have first group of mobile users is what is implemented core UX metrics to meas- Poor UX directly affects the business called the “silent majority,” or people ure the success of their apps. [What How do you make sure your app per- who remove or delete the application they should do] is redefine the terms of forms as expected? According to HPE’s and have a bad memory of the brand or user experience, define key metrics to research, this is a question companies company. Then there is the “vocal measure the user experience, define must ask, since speed and latency mat- majority,” who are the users that take to the UX and define the attributes of UX, ter tremendously. the app store to “destroy the reputa- and have key metrics on each one of According to a calculation from Ama- tion” of the application with bad rat- these attributes.” z

Content provided by SD Times and SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 26

26 SD Times August 2017 www.sdtimes.com

< continued from page 23 compelling talk at WWDC 2017, Ver- weij offered important guidelines for using sound: “Will my app send fre- quent notifications? Can sound play a role in my app’s branding? Can the UI benefit from an audible component? How would I understand my app without a GUI?” “Don’t overdo it — silence is gold- en,” he said, displaying a hilarious cau- tionary example of the iOS maps app overdone with silly sound effects, as if the comedian Victor Borge, of the famous “Phonetic Punctuation” rou- tines, had commissioned it. “If you’re making a game, it makes sense to make a whole world of sound, but we don’t want every app to sound like a game,” he said, noting the importance of always giving users the option Knoa’s Error Analysis Dashboard simplifies error tracking during UI projects, throughout the to mute apps as well. design-build-deploy lifecycle, enabling development and QA teams to quickly identify emerging When it comes to sound, details issues, pinpoint where they occur, and confirm their resolution once fixes have been deployed. matter. It can be a tricky game of trial and error to synchronize sound to hap- Getting back to the Star Trek sce- tion and speech also holds the promise tics or animation — and getting it nario, a plethora of machine learning for predictive user experience. wrong can create illusions such as mak- APIs from Google (Cloud Speech API, ing buttons feel sluggish, or awkward- Cloud Natural Language API), IBM Predictive UX with AI and analytics ness when sound isn’t synchronized to (Watson Conversation), Oracle (Chat- One thing the design-focused Jobs video. When it comes to editing, while bots) and more make it easier than ever might not have foreseen is how much it’s advisable to work with an expert to harness voice interfaces for new user data we would be accumulating in sound designer or sound engineer, sim- apps. As it happens, that same combi- 2017 — and how rapidly we are learn- ple tools such as Garage Band can make nation of artificial intelligence and big ing to put it to good use. User experi- a huge improvement, Verweij advised. data that’s powering machine transla- ence is no exception. “In the UX world, AI and automation is transforming the role of the Design Education: Learn more designer. Traditionally, UX teams would Resources and educational programs for technology designer/developers turn to metrics and tools such as usability tests, usage data and heat maps, to If you want to learn design, there are a growing variety of options, starting with the understand how to improve the func- written word. In Make it New: The History of Silicon Valley Design (MIT Press, 2015) tionality and effectiveness of a system. Barry Katz spotlights how influential design has been since tech’s early days. However, in the age of AI, we now have John Maeda’s annual “Design in Tech” report, now in its third year, provides an invaluable snapshot of industry trends. Online resources for insights, education and empirical, actionable data that we’ve training include free and paid blogs and courses at MIT Media Lab, Design.blog, Wiz- never been privy to before, giving us eline, Lynda.com, Youtube and Pluralsight. greater granularity into optimizing the There are also brick-and-mortar schools: You can get an user experience,” said Rephael Sweary, MFA in interaction design from New York City’s School of cofounder of the San Francisco-based Visual Arts, attend the Center Centre (formerly the Unicorn digital adoption platform WalkMe. Institute) in downtown Chattanooga, TN, for its two-year user According to Sweary, AI helps con- experience design program, or get a BFA in UX from SCAD duct quantitative usability testing, easi- (Savannah College of Art and Design, in Savannah, GA). Final- ly extrapolating characteristics such as: ly, around the world, three Hasso Plattner Institutes of Design • Location, job title, device Thinking have sprung up thanks to SAP founder Plattner’s • Time of day and length of session philanthropy. These “d-schools” are sited at Stanford Univer- • User flow and drop rates within the sity, Potsdam University and the University of Cape Town. application —Alexandra Weber Morales • Behavior analysis based on screen SDT02 page 22,23,26-29_Layout 1 7/20/17 3:36 PM Page 27

www.sdtimes.com August 2017 SD Times 27

recordings of drops from user flows • Total number of users, unique visi- tors and sessions “What we do with AI is optimize adoption. We define a goal for the AI algorithm, like ‘increase users who use feature X.’ We run our AI algorithm across our entire data set and look for people who use this feature. Then we predict adoption based on the people who use this feature. For example, people who use the app more than three times at work uploading two or more photos are most likely to use the ‘share’ feature,” said Kobi Stok, director of mobile product and technology at WalkMe. The company calls the ideal time to make a request or introduce a feature the “happy moment” for user engagement. User experience metrics can also improve onboarding and training. “Typ- ically, training is done with a firehose approach. You take a group of users away from a productive line of work, you train them for a few days and then you send them back. Wouldn’t it be Michael Hoffer’s VRL-Studio is an intuitive visual IDE for rapid prototyping, learning, teaching nice to tailor training to only issues they and experimentation. It can be used for 3D printing, visual workflow management or as a have been experiencing while using the framework for automatic GUI generation, among other things. software?” asked Bogdan Nica, vice president of product and services for competes with consumer apps for more hybrid designers who have coding Knoa Software in New York City. employee attention, Nica notes. “There skills in JavaScript, PHP, or Ruby on Knoa Software specializes in SAP are different expectations of what good Rails. He emphasizes that computation- application performance management. software looks like now. You can no al design requires an ability to iterate Now, as SAP is consolidating around a longer force customers to use business based on UX metrics, understand algo- user interface revamp called Fiori, software that looks like it was designed rithms and embrace cutting-edge form Knoa’s UX metrics can help ease the in the 80s or 90s,” Nica said. But what factors such as self-driving cars and oth- migration and identify “adoption gaps”. about apps that are too immersive? As er connected devices. “A main pain point that SAP users design grows in importance, so does the And some hybrid designer/develop- have had is that there are so many dif- obligation to use it responsibly. ers, like Michael Hoffer, started on the ferent UI standards,” Nica said. “A Thinking about designing user expe- developer side. He’s a research scientist major migration takes a year. It makes rience responsibly should join security at Goethe University in Frankfurt, Ger- sense to start collecting data before the and privacy as a first-class concern — many, who created VRL Studio, a slick migration to establish a baseline. You and it has become a priority to limit, visual programming environment for continue collecting during the migra- say, texting and driving through driving Java. tion. Then, when it’s completed, you detection in mobile apps. Like security “There are many powerful textual take a look at metrics at the end of proj- and the other “-ilities,” it may still get programming languages out there that ect so you can do a before-and-after lost in the shuffle as developers strive already have a diverse and comprehen- analysis, but also to make sure it’s fully for faster releases. Unless… Could a sive ecosystem around them. Building a adopted — to identify adoption gaps, new class of hybrid UX/techie bring new visual programming language is because there’s always something that these issues to the fore? challenging, at least if it is supposed to goes wrong. Maybe everything works serve as a replacement for general pur- from technical point of view, but busi- The new designer/developers pose programming languages. For me, ness processes are out of whack.” As a profession, design is embracing it is very important to provide visual Enterprise software design is being software development technology, Mae- programming environments that do not forced to improve user experience as it da believes. His surveys find more and continued on page 29 > SDT02 page 22,23,26-29_Layout 1 7/20/17 3:37 PM Page 28

28 SD Times August 2017 www.sdtimes.com Failing Fast is Fatal 6 steps to usable product design that save time and money BY KATHRYN CAMPBELL if there’s actually demand for your product. Whatever became of that mantra encouraging software com- Guerrilla research methods such as quick surveys, focus panies to “Fail Fast” or “Fall Forward”? Most companies that groups and in situ research take only a couple of weeks and a followed a deliberate plan to release half-baked product ful- few thousand bucks. Whatever you learn will either help filled their destiny — they failed! prove your concept’s value or give you the chance to pivot “I’ve learned the “fail often” approach is unlikely to before investing time, money, and energy building a product improve an organization. I learned this because I failed that nobody wants. Pivoting isn’t something you do in reac- often when trying it.” tion to full-on failure. If you’ve done your due diligence, then — Jared M. Spool, Founder of User Interface Engineering the only reason to pivot is a change in your market. Don’t plan to fail, plan to succeed! 2 Trust the Process Failure is expensive. It costs millions in investment, reputa- My staff tells me I sound like Nick Saban, University of tion, confidence, and market opportunity. With any new Alabama football coach, who attributes his four national product or solution, the cards are already stacked against user championships in the past eight years to “The Process,” a phi- adoption. That is why we urge our clients to invest the neces- losophy that vehemently emphasizes preparation. I’m on sary time and resources on a plan geared for success. board with that! Don’t be tempted to charge ahead under the false belief Once you’ve got a solid product concept, design and refine that failing fast — and then pivoting on a dime — is a reason- a prototype. But don’t build yet! You have valuable things to able strategy. In doing so, you ignore simple, practical ways to learn during the entire product development process — minimize risk. throughout the stages of defining, designing, prototyping, My team has spent years tackling complex software design testing and building. projects. Experience has taught us that there are no viable You won’t save time or money if you jump straight into the shortcuts in product development. The reckless approach build phase. You can compress stages, but you can’t skip or wastes a lot more money and time than following a proven re-arrange them. If you do, you’ll pay a steep price later in the recipe for success — one that will allow you to work smarter form of rework, missed deadlines, and wasted resources. It’s without needlessly extending your launch timeline. almost always more expensive and time consuming to devel- I have experienced, over and over, how following 6 key op a “quick and cheap” product. steps can save you a lot of needless pain, mitigate risk, and “Shortcuts make long delays.” help ensure product success: — J.R.R. Tolkien, Pippin, The Fellowship of the Ring Are you solving a problem that matters? 3 Build the right team — in the right order 1 Can everyone on your team articulate the problem your If you were building your dream house, you’d develop product solves in the same one or two sentences? If not, it blueprints prior to breaking ground, right? Successful product could be that you haven’t identified your product’s true rea- design needs the same strategy. Most companies hire develop- son for being. ers, then product engineers, then a UX team. That’s back- Successful products do more than make things easier for wards. Don’t waste money building an unsound product con- the customer — they solve a fundamental problem no one cept, no matter how cheap your dev team is! Take time with else addressed. Don’t design lookalike products. And don’t proven professionals to flesh out and design a worthwhile spend all your time and energy tackling easy problems. Cre- product first. That requires people who understand user expe- ate something meaningful that meets a real, possibly neglect- rience and product design, not programmers. Then validate ed, customer need. your concept with a prototype, refine, then build. Speaking of customers, I can’t stress enough (I’m shouting By waiting to staff a development team until you actually from the rooftops here), how essential early user validation is, have a worthwhile product to build you will save money and especially if you are in the angel funding stage. Do your mar- avoid the urge to “feed the beast” — that crazy instinct to ket research. Spend the time (even a little time!) to figure out have your developers do something, anything, because you can’t stand paying them to just sit around! Remember, it costs Kathryn Campbell, partner, Primitive Spark, founder at least 20x more to fix or redesign a product feature after it’s of the User Experience Professionals Association of been built than to get it right during the concepting and Los Angeles. design phase. SDT02 page 22,23,26-29_Layout 1 7/20/17 3:37 PM Page 29

www.sdtimes.com August 2017 SD Times 29

4 Say it with me: It’s ALL about the user < continued from page 27 “When your business physically interacts with people in a way that can isolate developers from the ecosystem have a profound impact on their life, quality beats pace, every time.” of existing languages and platforms. — Richard Branson, founder of Virgin Group Therefore, I develop new interactive Agile product development often forgets the customer. It’s shocking how many visual representations for existing textu- companies are completely divorced from their end users. What’s the solution? al programming languages,” said Hoffer. Iterative usability testing. VRL is not only sleek and powerful, Very few startups leverage usability testing because they worry they’ll discov- it’s easy on the eyes — and Hoffer has er they’re on the wrong track, which will slow them down! Never turn a blind done this on purpose: “Aesthetic aspects eye when it comes to your product. Course correct ASAP! play a huge role. Actually, they are The single largest risk to a fledgling product or service is lack of user adop- important for textual programming lan- tion. Usability testing minimizes that risk quickly and inexpensively. Validate guages as well. Even though outsiders your ideas with users every step of the way to guarantee you’re not straying from do not usually understand the beauty of what they find useful and desirable. Never assume you know what’s best for your well-structured source code, developers user. I’ve conducted usability tests on countless product prototypes over the who have to look at and work with that years. I always learn something unexpected. code all day long do certainly develop a And remember to do usability testing the right way, meaning throughout the taste for beautiful code.” process, not at the end. Show early, cheap prototypes to realistic representative The same applies for IDEs, Hoffer product users. Remember, you can discover 85% of your product’s usability believes, and it can help developers problems by testing with just 5 users! That’s 1 - 2 days out of a sprint to correct find productive flow — and even rea- the majority of user experience issues that might otherwise tank your product. son more effectively about program structure: “Providing a good user expe- 5 Forget about being first rience for developers is highly impor- Don’t fear the competition’s speed to market. The traditional belief that hav- tant. Designing development environ- ing the “first mover advantage” will make you a new market winner is totally false. ments, especially visual programming Want proof? Apple Maps. Crystal Pepsi. Sony Betamax. Steve Blank of Business environments, that are aesthetically Insider maintains that originators tend to launch without understanding customer pleasing is very hard. Good user experi- problems or without the necessary product features to solve the problems. ence is correlated to finding the right “‘Does it better’ will always beat ‘Did it first.’” abstractions. For general purpose — Aaron Levie, CEO of Box development environments, this is Companies with innovative products or services often target Innovators or especially hard because any simplifica- Early Adopters only. That allows other companies to enter later and grab major- tion runs into the danger of limiting the ity market share from the Early Majority and Late Majority. possibilities of the IDE.” My point: once you have validated your product concept with some basic As software becomes ubiquitous, market research and user testing, stick to your vision and stay the course. Resist much of its arcana will be made acces- “shiny objects” such as replicating the new feature your competitor releases. sible to the masses via more beautiful, Resist going to market before the product delivers any meaningful value. These inclusive and usable designs — a fact clichés are true: 1) Better usually wins over first; and 2) You only get one oppor- that has motivated SAP founder Hasso tunity to make a first impression. Plattner to fund prestigious design schools around the world. 6 Finish the job “Hasso Plattner is a very systems-ori- Plan for support. This lesson may seem minor, but ignoring it can sink some ented guy. He’s the architect behind the beautiful ships. Your product’s learning curve will vary across different levels of HANA in-memory database technology, user sophistication. Integrate simple help guides, tooltips, and/or FAQs, within but in a lot of the recent events that he’s your product. Lack of available user help can cripple a small organization. had, he’s started to focus more and more Your help documentation needn’t be exhaustive, but you should provide on the UX side,” said Knoa Software’s enough information to ensure successful product use. And use a real writer/con- Nica. “They realize no matter how pow- tent specialist, don’t leave this critical step to your developers! It would be a shame erful SAP is on database or server side, to let your investment falter just as you are within yards of the goal line. Before none of that matters if users can’t use it. you celebrate launching your innovation, plan for success all the way through. That includes AI, moving to cloud — if A time-tested process will keep you sane and centered and thwart a fear-dri- that is not done with the ultimate objec- ven sense of urgency. As you develop digital products, commit to a sequenced tive of improving the user experience, set of activities and deliverables, and remember — Smart can still be fast! In none of that matters. It’s a validation fact, it’s the fastest route to success I know. that you cannot fail in software if you If you have found these ideas and best practices helpful, or if you have singlehandedly focus on the user. That’s thoughts about designing digital products, feel free to reach out. We’d love to your best course of action.” z hear you share your successes and failures. z SDT02 page 30_WirelessDC Ad.qxd 7/20/17 3:34 PM Page 1

DON’T MISS A SINGLE ISSUE! Renew your FREE subscription to SD Times!

Take a moment to visit sdtimes.com. Subscribing today means you won’t miss in-depth features on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data. SD Times offers insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more. Find the latest news from the software providers, industry consortia, open source projects and research institutions. Available in two formats — print or e-mail with a link to download the PDF. Subscribe today to keep up with everything happening in the software development industry!

Agile Showcase

he notion of Agile software develop- BY DAVID RUBINSTEIN you embrace Lean and Kanban? Is Scrum ment has been around for more than a enough? Have you adopted DevOps are Tdecade. The goals, of course, are to have developers part of your Agile strategy? work more efficiently, shorten time-to-market of business Beyond that, software development itself is changing, in deliverables, and respond to defects, market conditions or large part due to the broad acceptance of Agile. Microser- add new features more quickly. vices architectures could not flourish if not for an organiza- This is well understood. What is less well understood is how tion’s understanding of how to do small, quick releases in a organizations should implement Agile techniques. Some say tight cycle. it’s not enough for developers to be agile, but that businesses At this year’s Agile 2017 conference, of which must become agile. Marketers, for instance, must change how SD Times is a sponsor, more than 274 sessions are dedicat- they talk about releases, going from one-off announcements to ed to the topic, regardless of the size of your organization, a more engaged relationship with customers. and regardless of how far down the Agile path you’ve And even if your Agile practice is limited to the develop- already gone. If you’re not at the conference, we hope you’ll ment team, there are various ways to achieve those goals. Do find value in this showcase. z SDT02 Full Page Ads_Layout 1 7/21/17 1:35 PM Page 32

Is your business ready for the Agile Enterprise?

Agile portfolio management for the Enterprise. Agile Enterprise is having cross-portfolio visibility to make strategic decisions and track them across all teams - whether waterfall, agile or DevOps. Agile Enterprise is about hybrid development with lifecycle traceability across a complex application portfolio, for governance and compliance from business processes. As you rapidly deliver quality applications at scale today, what are you doing to be Agile Enterprise ready?

Learn more: saas.hpe.com/software/alm-octane saas.hpe.com/software/ppm-it-project-portfolio-management SDT02 page 33_Layout 1 7/21/17 3:50 PM Page 33

AGILE SHOWCASE 33 HPE Software Enables Agile Business any Agile and DevOps teams are successfully reducing track the status of their decisions and optimize them further.” software delivery cycle times and improving product Notably, HPE PPM with ALM Octane provides end-to- Mquality, but their work doesn’t always align with busi- end visibility and traceability across Agile, Waterfall and ness objectives because CIOs and IT portfolio managers lack hybrid projects to provide comprehensive and reliable enter- the visibility they need to ensure business and product align- prise-level views of software development activity. ment. Although modern software tools generate a lot of data and more of them are providing analytics capabilities, the Align Enterprise Development information needs to be available at different levels of As software teams become more Agile, it’s easy to lose control abstraction to be of strategic value to the organization. of the teams responsible for specific backlogs. Ultimately, “Companies don’t always appreciate the impact of Agile,” software development efforts have to strategically align with said Malcolm Isaacs, senior researcher at Hewlett Packard the organization’s goals, which is where large-scale agile Enterprise (HPE). “Agile and DevOps are increasingly frameworks come in. Portfolio managers can use them to bet- prevalent in enterprises, but management is having a difficult ter understand how to manage teams and release streams. time managing software products consistently.” HPE Application Lifecycle Management (ALM) ‘It’s really hard for an enterprise architect Octane with HPE Project and Portfolio Management to ensure compliance across the organi- (PPM) provide an integrated, open management plat- zation when every team is managing their form for all artifacts, so executives can make better own pipelines, using different tools, and decisions about bringing software to market. gathering different metrics.’ —Malcolm Isaacs Manage Risks More Effectively Continuous integration and continuous delivery are “The Scaled Agile Framework is probably the becoming more popular as enterprises attempt to use soft- most popular framework to ensure alignment at different lev- ware as a competitive weapon. Faster software delivery is a els,” said Isaacs. “At the program level, you have a number of good thing as long as it doesn’t add risk. teams that are working towards a common goal. At the large “Today’s portfolio managers have to oversee and synchronize solution level, you have many ‘teams of teams’ working on multiple development projects, which include both agile proj- larger, more complex goals. At the portfolio level you are con- ects and waterfall projects,” said Isaacs. “How do you do that cerned with alignment to business strategy.” while minimizing risk? How do enterprise architects enforce Some organizations are so large that different parts of the compliance with various standards across the organization?” organization implement their own portfolio layer. Executives In the past, we knew who was in charge of standards com- need enterprise-wide visibility to ensure that all their invest- pliance at the data access, business, service and presentation ments are being managed wisely. While historical views help, layers. However, when teams are organized around features, more businesses want predictive capabilities at application and it’s more difficult to identify the people who are responsible portfolio levels. That way, developers can avoid delays by antic- for enterprise-wide compliance. ipating what’s likely to cause them. Portfolio managers can do “It’s really hard for an enterprise architect to ensure com- what-if scenario planning for resource allocation and more. pliance across the organization when every team is managing “Today’s software development systems generate huge their own pipelines, using different tools, and gathering dif- quantities of data every day, and there’s a lot of dark data ferent metrics,” said Isaacs. “There’s no uniform way of eval- within those systems,” said Isaacs. “Big data and predictive uating teams’ performance across the organization.” analytics capabilities can be very helpful, so we can make bet- There’s no lack of data, but disparate data formats still pre- ter business decisions as we move forward.” vent tools from sharing information despite APIs and traditional Meanwhile, portfolio managers need a single place where ALM tools. HPE PPM together with ALM Octane overcomes they can aggregate information and track progress across proj- those limitations to provide complete portfolio-level views. ects using different methodologies, including both traditional They also provide drill-down capabilities so users can under- and agile lifecycle management systems. HPE PPM provides stand the current status of a release or a DevOps pipeline. those capabilities so that businesses can maximize the value of “We’re helping to enable enterprise agility,” said Isaacs. their software development efforts. “One of the ways we’re enabling this is by giving you a manage- “Most software development organizations today are ment system that integrates with application lifecycle manage- employing tools and techniques for continuous assessment,” ment and software development tools and makes sense of said Isaacs. “As they become more Agile, organizations must everything. Portfolio managers are using that information to extend those types of capabilities up to the executive levels.” make strategic decisions, allocate budget and resources, and Learn more at saas.hpe.com. z SDT02 Full Page Ads_Layout 1 7/21/17 1:35 PM Page 34 SDT02 page 35_Layout 1 7/20/17 3:30 PM Page 35

AGILE SHOWCASE 35 Agile Can’t Succeed as an Island

ore development teams have adopted agile and lean bled over from the previous year. The other half would bleed ways of working to deliver better quality products over into the next year. None of the projects would be com- Mfaster. Despite their efforts, they’re still missing dead- pleted that year. lines and churning out buggy software. Most of these teams “You might think that Kanban would solve the problem, if are expected to solve business problems, but their work does- you just prioritize work and finish it in order of priority,” said n’t align with business objectives. In fact, there’s a huge dis- Dockery. “That way, you’d have a steady stream of accom- connect between development teams and the organizations plishments. But what we find is those accomplishments don’t they serve. always align to businesses strategy.” “Agile software development alone can’t solve all your problems,” said Doug Dockery, global sales engineering The Importance of Agile Business Practices leader for CA Technologies (CA). “If you’re serious about Change is a constant that businesses have to master in competing in your markets, you have to change your defini- today’s fast-moving economy. Their very survival and rele- tion of ‘business as usual.’ Agile can’t succeed as an island.” ‘Agile software development alone can’t The inefficiencies result in budget misses and solve all your problems. If you’re serious stalled innovation. Agile ROI is falling short of about competing in your markets, you have expectations because it’s much more of a team sport to change your definition of ‘business as than organizations realize. usual.’ Agile can’t succeed as an island.’ “Agile teams and agile businesses are two differ- —Doug Dockery ent things,” said Dockery. “Development teams are being blamed for building the wrong things, but it’s vance depends on their ability to sense and not the team’s fault. Companies haven’t created an environ- respond to change. ment of alignment, autonomy and trust.” “Markets change and customer demands never stop,” said Alignment ensures that the teams build what matters most Dockery. “If you want to lead, you have to anticipate new to the business. Once the business and development teams business realities, including your customers’ shifting require- are aligned, the development teams have the autonomy to ments. You can’t do that if your strategy and execution don’t decide the best way to build the product. align.” Bilateral trust is also important. Without it, companies The best way to bridge the gap between the business and can’t deliver their best value to customers. The business must its development teams is to decompose initiatives into small- trust that developers will build what’s in the best interest of er parts so teams can adapt to changing priorities. Metrics the company. should drive continuous improvement. Conversely, developers need to trust that the business “The most successful companies meet quarterly to align knows what should be built. The result is products that deliv- strategy and execution,” said Dockery. “If you do this right, er better business value. you can ensure that software development aligns with busi- Scrum Isn’t a Silver Bullet ness strategy. Development teams need to understand what Agile development efforts often focus on team structure, they’re building, why they’re building it and the impact it will workflows and planning. Scrum teams stay busy adopting have on the business.” new technologies, creating user stories, refining processes and estimating the value and cadence of a sprint. Still, their Agile Culture Requires Commitment efforts lack positive business impact because the organization Truly agile businesses realize changes to both their strategy operates in an entirely different manner. and culture must occur to deliver maximum value. They’re “Companies are approaching agile myopically,” said Dock- focused on continuous improvement, training their employ- ery. “They think Scrum teams are going to solve all their ees, measuring performance, and learning from retrospec- problems and then they discover they’re worse off than when tives. they were doing waterfall.” “You can’t do agile, you have to be agile,” said Dockery. For example, one company’s annual plan included more “You have to think in terms of delivering customer value than 70 BI projects, all of which were active simply because instead of just creating process.” the managers needed “to see progress.” Half of the projects Learn more at cainc.to/how-agile-are-you. z SDT02 page 36_Layout 1 7/20/17 4:06 PM Page 1

Discover the Future – at the World’s Largest Commercial Drone Conference & Expo

• More than 120 classes, panels and keynotes September 6-8, 2017 • Visit with over 185 exhibitors Las Vegas

“If you want to see the state-of-the-art and expand www.InterDrone.com your knowledge about the drone industry, InterDrone is the place to be.” —George Gorrill, Structural Engineer, Thomas Engineering Group Register Early for the Biggest Discount! SDT02 page 37_Layout 1 7/21/17 3:46 PM Page 37

AGILE SHOWCASE 37 A guide to ALM suite offerings

developers to get started quickly to forge n FEATURED PROVIDERS n a combination of Watson cognitive services, blockchain, data, APIs, microservices n CA Technologies: CA Technologies provides a range of solutions to improve and other technologies into a reliable applications, manage portfolios and maximize business opportunities. CA Agile Cen- business advantage while integrating tral enables teams to collaborate, plan, prioritize, and track work through the entire high-performance cloud infrastructure lifecycle, as well as measures productivity, predictability, and performance. The CA and cutting-edge services into your IT Project & Portfolio Management solution ensures business strategy is on track with environment. insights into investment and project portfolios. n LeanKit: LeanKit makes enterprise n HPE ALM Software: HPE ALM Octane is its flagship modern platform for life- process and work management software cycle and quality management to deliver innovative applications with quality at that is purpose-built for Lean and unique- scale. HPE ALM Octane is designed specifically to help customers manage and accel- ly suited for Kanban. We help teams in all erate their software development life cycle, and supports DevOps, agile and tradi- areas of IT and across the organization to tional waterfall methodologies. The end-user experience of HPE ALM Octane is visualize work, optimize processes and designed from the ground up to be simple, responsive, and serve the platforms and practice continuous delivery. LeanKit is form factors that practitioners use: browsers, tablets or mobile devices. used by more than 500,000 users around the world at companies such as Adobe, n AgileCraft: AgileCraft delivers the receive greater business value from IT, Siemens, Rockwell Automation, Verizon most comprehensive software solution faster and more frequently, while dramat- and VMware. available for scaling agile to the enter- ically increasing the efficiency and confi- n Parasoft: Parasoft researches and prise. AgileCraft transforms the way dence of compliance. develops software solutions that help organizations enable and manage agile n cPrime: At cPrime, Software Services organizations deliver defect-free software productivity across their enterprise, port- efficiently. By integrating development folios, programs and teams by aligning Lifecycle Management (SSLM) addresses the fragmented way software and services testing, API testing, and service virtual- business strategy with technical execu- ization, we reduce the time, effort, and AgileCraft platform are used to support Agile, DevOps and ALM tion. The combines cost of delivering secure, reliable, and sophisticated planning, analysis, forecast- initiatives. It unifies the teams, processes and tools used to build applications compliant software. Parasoft's enterprise ing and visualization with robust, multi- and embedded development solutions are level collaboration and management. through a unified approach to software services that removes the cultural barriers the industry's most comprehensive — Designed to be open, the AgileCraft plat- including static analysis, unit testing, form compliments and extends existing that result in siloed operations and disconnected software delivery workflows. requirements traceability, coverage agile tools, methods and processes and analysis, functional and load testing, can be deployed through the cloud or on n Hindsight Software: Hindsight Soft- dev/test environment management, and premise. AgileCraft customers get the ware develops innovative tools and train- more. The majority of Fortune 500 com- best agile solution on the market and ben- ing to help companies integrate Behavior panies rely on Parasoft in order to pro- efit from a platform that is specifically Driven Development (BDD) into their soft- duce top-quality software consistently designed to scaling agile to the enterprise. ware development process. BDD is an and efficiently as they pursue agile, lean, n Blueprint: Blueprint provides industry- analysis technique for discovering and DevOps, compliance, and safety-critical leading solutions that accelerate and de- communicating user stories between development initiatives. business stakeholders and software risk the digital transformation of large n developers; a common failure point in VersionOne: VersionOne is the inde- organizations. With our products — Blue- pendent leader in agile lifecycle manage- print Storyteller for Agile, Blueprint many projects. Our award winning tool Behave Pro for JIRA is used by hundreds ment software and services. Our mission Automate for DevOps and Blueprint is to help companies envision and deliver RegTech for Compliance — organizations of companies to allow product owners, developers and testers to collaborate on great software. Today, more than 50,000 user stories using BDD. teams at 1,000 companies, including 33 of the Fortune 100, use our solutions to help n IBM: IBM provides agile tools for devel- scale their agile initiatives faster, easier opers building solutions in hybrid and smarter. Whether a small team just cloud environments whatever their starting out with agile or a global enter- process — Agile, Scrum, Kanban, prise scaling agile, VersionOne customers SAFe or waterfall. Automate build, test get the best solutions in the industry and deployment, and add availability backed by the pioneers in agile lifecycle monitoring and security testing for your management. VersionOne has offices in applications. IBM Cloud services enable Atlanta and in Amsterdam. z SDT02 Full Page Ads_Layout 1 7/21/17 1:36 PM Page 38 SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:48 PM Page 39

www.sdtimes.com August 2017 SD Times 39 Buyers Guide

Test Driven Development is alive and well

BY CHRISTINA CARDOZA code until it passes the test. I’ve seen is a consistent pattern of TDD David Heinemeier Hansson, creator working in a laboratory setting — devel- espite what you might have of Ruby on Rails, first declared TDD opers are quick to pick up the workflow heard around the industry and was dead on his website in 2014. Hans- and can create working code and tests Don the Internet, Test Driven son stated while the practice taught him during classes/exercises/katas — and Development (TDD) is not dead. The to think about testing at a deeper level, then failing in the real world,” he wrote. practice is still alive and well, especially he believed it was actually hurting his While the practice is not for every- in this new modern agile world. software designs. More recently, Micro- one, and it depends on the development TDD is a developer-focused prac- soft’s senior software design engineer team and team members, Kelly Emo, tice where developers, not testers, write Eric Gunnerson said that while he is director of life-cycle and quality product the test before they write their code, grateful for what TDD has taught him, it marketing at Hewlett Packard Enter- and then they keep refactoring their didn’t live up to his expectations. “What continued on page 41 > SDT02 Full Page Ads_Layout 1 7/21/17 1:36 PM Page 40 SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:48 PM Page 41

www.sdtimes.com August 2017 SD Times 41

< continued from page 39 is allowed to seep in and build up over ing the software in the way it will be prise (HPE), believes there is a misun- time,” HPE’s Emo added. used in the real world, and that is derstanding about what TDD can and TDD enables developers to create because more sophisticated tests are can’t do. “The Test Driven Development code that is always testable, and free expensive to write, and take a lot of time. is dead belief is often coupled with the from defects, instability, or rigidness “Developer’s don’t really want to write belief that testing as a practice is dead, overtime. “By reducing technical debt, them because they are not verifying fea- and if you just speed everything up fast code additions or changes can be includ- tures, they are proving the software is enough and operate lean enough, you ed in agile sprints and release trains reliable, has no security vulnerabilities, don’t really need to spend a lot of time in much more quickly,” Emo said. or other things that are not directly relat- pre-production testing because you are Writing the tests first also confirms ed to the features customers are asking continuously delivering, rolling back, the requirements that developers are for,” he said. Capitani said TDD and operating at such speed that the looking for, according to Rogue Wave’s approaches need to be coupled with impact is minimal,” she said. Capitani. “Sometimes if we start with the static code analysis solutions so it can Test Driven Development promotes feature, we make assumptions about verify the quality of the software such as the idea of understanding what you are requirements or we simply miss require- looking for memory leaks, security weak- trying to build before you start building ments because we are thinking about nesses, and reliability issues. “You have it, according to Walter Capitani, product designing something else,” he said. “By to ensure you are reproducing the real- manager for Klocwork at Rogue Wave. writing the tests first, you take a deeper world environment that your software is “It exposes weaknesses in requirements, dive into the requirements, which leads going to encounter, and not just testing in the architecture, and even in your test you to have a better understanding of that something works,” he said. infrastructure before you start trying to them once you start writing the actual Emo added the “fox guarding the build something. The counterpoint to feature itself.” hen house” can also be a risk of TDD. that is you start building something and By building things in right from the In TDD, the developer that is writing then realize you can’t properly test it. beginning and ensuring upfront the test is also writing the code to go Then you put yourself in a situation whether what they are building is right along with that test. According to Emo, where you are going to end up releasing or wrong, TDD allows development in an ideal world two individual devel- something that was never properly test- teams to achieve today’s necessary opers would be working together — ing,” he said. speed, according to Alex Martins, advi- one to write the test, and one to write When Test Driven Development is sor for continuous testing at CA Tech- the code. “Often in agile teams, roles done correctly, developers should actual- nologies. “The market is just moving may switch off during different sprints ly be developing better code, more effi- too fast. The users are changing what to expand experience across pure ciently, according to Jason Hammon, they want too fast. So instead of build- developers and dev/testers, but during director of product management at ing things the old way, TDD really a sprint, they should be two different TechExcel. “TDD is actually beneficial helps the developer focus on building people working on the sprint,” she said. to developers because the process of what is meaningful towards their cur- According to CA’s Martins, it isn’t writing the test will help establish clear rent scope right now,” he said. always feasible to have a two-developer requirements, the scope of what they are The speed in TDD also comes from approach because from a budgeting per- creating and perhaps what interdepen- incremental improvement in the actual spective, if it is increasing the workload dencies are involved with it,” he said. quality of the software, and the repeti- of another developer, it is not going to be tion of short cycles that are tuned to very well received. However, new tools How TDD enables speed and quality testing a very specific thing in greater and solutions are coming out that will Developers may be resistant to the deal to improve the cycle, according to help automatically generate the tests that approach because they feel like it is Thomas Hooker, vice president of mar- can be used by developers to drive their unnecessary work, according to Ham- keting for CollabNet. application development. “This is not mon, but down the line it actually necessarily increasing the workload, but results in a clearer understanding of the TDD not without challenges using better solutions and better technol- software, more accurate estimates, However, that doesn’t mean that Test ogy that wasn’t available before,” he said. more successful sprints, less chance of Driven Development is not without complications, and better quality code. challenges. In an ideal world of TDD, Measuring success “While at first, the practice of TDD developers verify functionality of their The biggest challenge for teams trying may feel to agile teams that it is adding software features, and verify the correct to adopt TDD is figuring out how to overhead and effort, it actually keeps behavior over time. They ensure long- measure that they are truly getting bet- the ongoing delivery more agile. With term reliability of their software, accord- ter, according to CA’s Martins. lean and continuous delivery practices, ing to Rogue Wave’s Capitani. If developers are running tests as part serious issues can build up that will stop Capitani explained that the reality of of an extra step in their development the agile release train if technical debt TDD is that developers are not exercis- continued on page 42 > SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:50 PM Page 42

42 SD Times August 2017 www.sdtimes.com

< continued from page 41 opers focus on just writing enough code the end of the day, a great user experi- process, getting feedback from QA that — not more, not less — so they can ence for the customer is being deliv- the code quality is higher or bug rates are move onto the next task on their list ered, Hooker explained. going down, and that it is making their knowing it will not come back to them A tester is responsible for creating cycles shorters, that is a good indication because from their perspective they automated test scripts or assets that go that they are on the right track, according have already embedded quality,” he said. beyond unit or functional testing; creat- to TechExcel’s Hammon. ing tests for load, performance, and “If it can be implemented, develop- TDD drives customer experience application security; and continually ers can do it, it is not making their work The reason why software development assessing the quality and the overall take a lot longer, and it is increasing the and delivery has to move so fast is experience, according to HPE’s Emo. quality of code, that is a sign that is is because customer expectations are CA’s Martins said it is important to beneficial,” he said. changing so quickly, and that makes Test note that while TDD tells you whether Martins says there are four pillars Driven Development so much more what you built was right or wrong, it that support software quality: Code important in a modern agile software doesn’t tell you if the application is doing quality, pipeline quality, application world, according to CollabNet’s Hooker. what it was supposed to do. To under- quality and customer experience. To Hooker explained users are not driv- stand if you built what was intended by visualize how they are performing en by brand loyalty, they are driven by the business and compare how the sys- throughout the lifecycle, teams should experience loyalty. “[Users] are driven tem is working against what the require- be value-stream mapping. That tech- by the experience, so when increasingly ment originally prescribed, Acceptance nique shows how much time is being the developer’s end work touches the Test Driven Development (ATDD) is spent on coding and testing, and the customer directly, developers have to necessary. cost from a effort perspective and tim- have high quality assurance that the The testing team helps provide those ing perspective, according to Martins. outcome is going to give the customer acceptance tests to the developers so “If you are able to showcase to the what they want,” he said. developers can better ensure their code developers that they are not spending Today, software drives how compa- is good. “Here, the testing team can help more time, but they just \ shifting the nies interact with customers, how cus- the developer early on because it is all amount of time spent upfront in defin- tomers interact with companies, and about preventing defects, catching them ing the tests, and they are just going to how companies drive their business. as early as possible and shifting every- do it once and move on, it will help Test Driven Development is an impor- thing left as much as possible,” said Mar- them to see why they are doing this and tant part of that, Hooker explained. tins. “Testers are starting to be seen more how they are getting better,” he said. “We have to find every little step in as enabler for more speed in the Successful TDD developers will not our process and optimize that step to pipeline, for better quality and not just as only write tests that pass, they will write deliver high quality software that meets an entity that works against the develop- tests that are comprehensive, according the needs of our customer. Once we get er.” to Rogue Wave’s Capitani. To do so, done doing it, we go back through the Testers can also use Business Driven they need to understand how software system and we find where is the next Development (BDD) to validate the is going to interact with the rest of the area to improve,” he said. “Test Driven business process and the code function, work around it and have the mental Development folds very nice into our and develop quality earlier, HPE’s Emo skill to look for weaknesses, he said. agile driven CI/CD DevOps world added. “BDD is designed to get people Developers need to sit in backlog because it is all focused on innovating thinking about the business process and grooming sessions and start thinking quickly, providing not just a high quality the behavior you want,” she said. “It about potential flaws or potential points product, but a high quality experience does a nice job of shrinking down the they have to validate before they know for the customer,” he said. gap between writing requirements, or think they know the code is accom- writing automated tests and writing plishing what was in scope, according to The tester’s role in TDD code because right upfront it because Martins. While Test Driven Development is very your documentation.” “There is a mindset change that much developer focused, that doesn’t A successful testing strategy needs needs to happen. Developers have to mean the software tester’s role is to look at the whole cycle of what you start thinking about what is it that this pushed to the side. “Test Driven Devel- are creating and releasing. Following a code is suppose to do, and how will they opment does not replace testing, it is an test-driven approach to make sure validate that it is actually doing what it is addition to improve quality of code and developers are checking in high-quality supposed to do. They need to write the speed,” said CollabNet’s Hooker. code is a good place to start and will tests for each of the methods they are There are still all sorts of things like ensure better results down the road, building, define the test, write the code integration testing and platform testing, but having a holistic approach is also for the test to pass, and then refactor and a number of different ways to test very important, according to TechEx- until it is good enough. This helps devel- that TDD does not address so that at cel’s Hammon. z SDT02 Full Page Ads_Layout 1 7/21/17 1:57 PM Page 43

Does balancing speed, quality and scale feel like rocket science?

Support test driven development and continuous testing with HPE ADM.

Deliver quality applications rapidly, and at enterprise scale. Manage tests with an integrated ALM toolchain built for waterfall and Agile application development. Grow from defining and managing work items tracking, to optimizing program and portfolio. Project Agile is not Enterprise Agile. Discover the New.

Visit saas.hpe.com/software/application-delivery-management SDT02 Full Page Ads_Layout 1 7/28/17 10:03 AM Page 44 SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:50 PM Page 45

www.sdtimes.com August 2017 SD Times 45 How do you support Test Driven Development?

BY CHRISTINA CARDOZA Kelly Emo, director of life- Alex Martins, advisor for cycle and quality product continuous testing at marketing at CA Technologies: Hewlett Packard The main differentiator for us Enterprise: is removing the barrier for We don’t offer a Test Driven Test Driven Development and Acceptance Development tool itself, but we offer sup- Test Driven Development. In TDD and port for Behavior Driven Development tests in addition to the specific tests you ATDD, teams typically need to think (BDD) as part of our ALM Octane manage- have written, it gives you a bigger bank of through the requirements they have to ment platform. We are also able to integrate tests for which you are going to develop write the code for and then think about with open-source and developer tools that against. the test, which usually is a barrier for adop- support TDD and bring up that information Where I think the TDD gap exists today tion. Our solution at CA is to remove that into the ALM Octane layer so your agile is between functionality and actual prop- barrier. We are able to automatically gen- team and your application owner or your er operation — reliable, secure operation. erate the acceptance tests for the devel- product owner continuously know the state There are many ways to achieve that, but opers to just start coding against as well of their quality and to know the state of many of them are expensive either from a as the unit level tests for them to start their team’s velocity. time or actual cost perspective for many coding against for TDD and ATDD. The other thing we are able to do is software vendors out there and that is There are three solutions that form the because Test Driven Development is the where I feel like there are tools that core of our TDD and ATDD solutions: CA practice, the tests are often written in unit instead of building it itself, you can use BlazeMeter API Test, CA Agile Require- frameworks like NUnit or JUnit, so we can tools such as static code analysis to help ments Designer, and CA Test Data Manager. utilize the output of those frameworks to bridge the gap. accelerate regression test and business Thomas Hooker, vice president process test. The whole flow, the whole Jason Hammon, director of marketing at CollabNet: business process you would automate of product management CollabNet views Test Driven using our Unified Functional Testing solu- at TechExcel: Development as a continual tion, is already there as part of that Test We do have tools in place that evolution in our overall Driven Development process. We can just allow you to do Test Driven industry’s goal and purpose to build bet- plug that right in. Think of it as building Development, or a process like that. What ter and better software. What we do is we blocks, the TDD functions that are done in we do is we allow requirements from our embrace different methodologies and dif- the open-source tools become building repository to be created as tasks for devel- ferent tools that enable our customers to blocks to the automated tests that are opers and one of those tasks that you can adequately test their software, and to created in our tools. certainly use is a test based on that have the testing components drive the requirement. It is really easy and light- software development life cycle if that is Walter Capitani, product weight for a developer to just grab the what the customer chooses to do. management for Klocwork requirements that are new, and put them We are an open platform and we allow at Rogue Wave: into their sprint or whatever sort of time you to construct test patterns that best The way we certainly support tracking they want to do along with those suit your enterprise. We fully support it is through the execution of tasks to ensure for each of those require- your efforts to move towards a CI/CD tests that you don’t have to write. In other ments they have run a test corresponding world where we do have continuous inte- words, you are going to do your TDD by with it. gration, continuous development and writing your own test for your own func- Our solution does about whatever devel- continuous deployment. What that really tionality, and then we are going to add to opment methodology you want to use, and does is that enables the developer and those tests with a series of quality and we are not going to limit you into one par- the development organization to take security tests that will generate the same ticular method; because we have an open much more responsibility for testing indi- kind of results in terms of finding places platform that integrates lots of third-party vidual items and features directly. After where your software is not behaving tools, you could even use our solution in that has taken place, you have your stan- properly, where it has crashed, or where it conjunction with other development tools dard test harnesses that your standard has security vulnerabilities, and enable to perform TDD so if you are using some- quality assurance organizations would be you to then develop solutions to those thing else for your CSM tool or another running and utilizing to ensure quality as issues which will then cause the tests to bug-tracking tool, you can integrate those you move downstream, but in a test driv- pass. Klocwork can find more than 500 with our requirements management tool en environment. defects in your code, so by running those and still have a process like that. z SDT02 page 39,31,42,45,46_Layout 1 7/21/17 2:51 PM Page 46

46 SD Times August 2017 www.sdtimes.com A guide to Test Driven Development solutions

n Applause: Applause ensures digital n n experience quality for websites, mobile FEATURED PROVIDERS apps, IoT products and in-store interac- n CA Technologies: CA’s comprehensive portfolio of continuous testing solutions, tions in a way no other approach can — which includes CA Agile Requirements Designer, CA Test Data Management and CA through its crowdtesting technology plat- BlazeMeter, provides the tools agile teams need to create the tests that will drive code form and managed global community of development, ensure test data is available on-demand, automatically generate test over 300,000 professional and on- scripts on business requirements and automatically execute test cases to build better, demand testers specializing in QA, usabil- higher quality apps, faster. ity, accessibility, security, automation, digital and more. n CollabNet: CollabNet helps enterprises and government organizations develop and deliver high-quality software at speed. CollabNet is a Best in Show winner in the appli- n Parasoft: Parasoft helps teams perfect cation lifecycle management and development tools category of the SD Times 100 for software by providing static analysis, unit 14 consecutive years. CollabNet offers innovative solutions, consulting, and Agile train- testing, functional testing, security testing services. The company proudly supports more than 10,000 customers with 6 million ing, and load/performance testing tools to users in 100 countries. ensure that code is secure, safe, reliable, and compliant. Parasoft's software solu- n HPE: HPE Software’s Functional Testing solutions help to deliver high-quality soft- tions combine end-to-end testing capabil- ware while reducing the cost and complexity of functional testing. HPE’s solutions ities with virtual test environments, address the challenges of testing in agile and Continuous Integration scenarios, as well automating time-consuming testing tasks as hybrid applications, cloud and mobile platforms. HPE ALM Octane provides insights and improving quality via intelligent ana- into software, speeds up delivery, and ensures quality user experiences. lytics/reporting. n Rogue Wave: The largest independent provider of cross-platform software develop- n QASymphony: QASymphony offers two ment tools, components, and platforms in the world. With Rogue Wave Klocwork, detect integrated solutions built for TDD that security, safety, and reliability issues in real-time by using this static code analysis toolkit help teams deliver high quality software that works alongside developers, finding issues as early as possible, and integrates with at a rapid pace. qTest Scenario is a JIRA teams, supporting continuous integration and actionable reporting. add-on with a Gherkin editor for collaboration around feature and scenario devel- n TechExcel: DevTest is a sophisticated quality-management solution used by development.. qTest Pulse is for enterprise opment and QA teams of all sizes to manage every aspect of their testing processes BDD, storing your features and scenarios from test case creation, planning and execution through defect submission and resolu- directly within your version control sys- tion. It aims to give teams control over product quality; enhance test standardization, tem (i.e. Git). reuse and revision; increase team productivity; and ensure ultimate accountability for all test phases. Other solutions the company offers include: DevSuite for ALM initia- n Sauce Labs: Sauce Labs provides the tives, DevSpec for requirements management, and DevTrack for task management. world’s largest cloud-based testing platform for automated and manual testing of desktop and mobile websites and applica- works, and out of the box integration “given-when-then” style. With Tricentis tions. Using open source frameworks with continuous integration tools. Visit: Tosca’s model-based test automation, you such as Selenium and Appium, TDD/BDD https://smartbear.com/product/testcom- can create a concrete model, automate tests can across hundreds of different plete/overview/ scenarios, scale test execution, and inte- browser and OS combinations on virtual grate testing into development—enabling machines, mobile emulators/simulators, n TestPlant: Testing used to be about you to deliver fast quality feedback. and real mobile devices (native, hybrid compliance but it's now about user satis- and mobile web). faction. TestPlant’s solutions help create n Zephyr: Zephyr is a leading provider of amazing digital experiences with true quality management solutions, powering n SmartBear: TestComplete allows QA end-to-end test automation and analytics quality for more than 11,000 global cus- teams to easily create stable, stable, and through the eyes of the user. We expand tomers across 100 countries. Project maintainable automated UI tests. An automation beyond test execution to teams and enterprises of all sizes use access to a cloud device lab within Test- increase time-to-market, productivity, Zephyr’s products to enable continuous Complete enables these teams to exe- user satisfaction, and match the pace of testing throughout their entire software cute tests in over 1,500 environments. DevOps. Our proven FastStart services delivery pipeline to release higher quality Other features of the tool include sup- ensure easy and fast adoption. software, faster. Zephyr's products port for modern scripting languages, include test management, automation recording automated UI tests without n Tricentis: Whether your methodology integration, predictive analytics and scripting knowledge, data-driven testing, calls for TDD, BDD, or ATDD, Tricentis DevOps insights. For more information, support for over 500 controls and frame- Tosca helps you represent scenarios in a please visit www.getzephyr.com. z SDT02 Full Page Ads_Layout 1 7/21/17 1:38 PM Page 47 SDT02 page 48.qxd_Layout 1 7/20/17 4:05 PM Page 48

48 SD Times August 2017 www.sdtimes.com Guest View BY SCOTT SCHAEDLE A designer’s approach to development

Scott Schaedle founded hen most software developers have a new or, then content. By taking this into account, Quore in 2012 to revolu- Widea they go straight to their computer, I designers can create products that are intuitive and tionize and streamline turn off my devices and break out the old-fash- easy to use. Start by first sketching the product, hotel operations. ioned notebook. In high school I liked to sketch then add color to bring the visual to life. and draw, and today I use the same markers and Great design takes a careful approach to color pens to kick off the development process. I prefer choices. Color invokes emotion and has the power this method because when it comes to pleasing the to affect behavior. When designing Quore, it was consumer, design always wins. important to incorporate features that thoughtfully Much to the chagrin of most development take color into consideration. One feature notifies heads I work with, I don’t start with a data model. employees with warm colors when they are going The first thing I do is craft sketches of the design into overtime, another when rooms are flagged for from a user’s point of view and work backward. maintenance. After the initial design I dive into functionality, then move to development and discuss what we Know your customer can realistically make. But in that discussion design A deep understanding of your customers and always wins. user’s industry will always lead to stronger I started Quore, a hospitality software solution, designs, implementations and tests. While recent- eight years ago using this design-first approach. ly creating a feature to increase the efficiency of Today, we have more than 30,000 housekeeping departments, we first identified the Using graphic design users, and the first thing most peo- most crucial tasks of the housekeeper role and rules, not software ple remark when they try Quore is built the design from those tasks. The outcome of its intuitive design. While I’m a this exercise yielded a feature that increased design rules, can ensure firm believer that there must be a adoption among users, increased the efficiency of balance of beauty and brains when the department, increased guest satisfaction by design always wins. it comes to software design, too ensuring a room is ready upon check-in, and often the end user takes a back saved money. seat. Here are four ways to approach new development with a design-first mentality to ensure the Bring in the team end user is top-of-mind. Once you’ve mapped out the entire process from a user’s point of view, it’s time to bring in the whole Go dark design team. Encouraging other designers to Going dark is a great way to expand your imagina- review your concepts allows you to gauge its feasi- tion. By turning off electronics, developers are bility from an engineer’s perspective. These people forced to get creative by drawing and discussing can help identify what may be frivolous and what ideas. I believe that distractions kill ideas, so when makes the most sense functionally. While the con- Quore needed to expand to a new office, I made cept may require some retooling, outside perspec- sure there was a dedicated “static-free” room in tives usually help narrow the design into the best the plans. The room is a place for all employees to solution. escape technology and face creativity. Clearing the When Quore entered the market in 2013, there static is one great way to vehemently pursue a solu- were other products with similar goals, but most tion to a problem. were basic spreadsheet programs. The look and functionality of Quore was a hit with our new cus- Throw out the rulebook tomers, and many dropped their existing software Using graphic design rules, not software design solutions and switched to Quore. Quore has always rules, developers can ensure design always wins. taken a user-first approach, and continues to As a rule, graphic designers start with what the end attract new customers with its intuitive design. user sees first. Graphic designers know that it’s all Focusing on design and user experience above all about perception: people first see shapes, then col- else will ensure successful, lasting products. z SDT02 page 49_Layout 1 7/20/17 4:03 PM Page 49

www.sdtimes.com August 2017 SD Times 49 Analyst View BY DR. ARNAL DAYARATNA Graal: the grail of polyglot runtime?

irtualization has proven its value to IT and to as a state of the art optimizing compiler. Dr. Arnal Dayaratna is Vdevelopers through technologies such as serv- Separate from its ability to accelerate compila- Research Director, er virtualization and the venerable JVM. Operating tion, GraalVM boasts the ability to allow program- Software Development at the technology analysis system virtualization is about providing protection ming languages to interoperate with one another by firm IDC and isolation/security from other operating systems means of the Truffle Object Storage Model. Interop- while maximizing system utilization. In the case of erability, here, means that GraalVM allows languages the JVM, the value is arguably more about provid- to access objects, classes and data structures from ing an insulation layer that abstracts the applica- other languages. For example, developers can enable tion code from the underlying architectural idio- Java code to access JavaScript, Ruby, R, or C/C++ syncrasies. Wouldn’t it be nice if more languages and vice versa. GraalVM’s ability to facilitate lan- had a virtualization layer? guage interoperability has the potential to give the Well, that may come to pass. An open-source programming world respite from the dizzying profu- project from the technologies of the Graal research sion of languages by providing a unified framework project is the basis for GraalVM, a JVM that bundles that empowers developers to integrate code from a Graal, Truffle and other select components. Graal is plurality of languages into one unified code-base. a new Just in Time (JIT) compiler that has been nur- One of the unanswered questions for the larger tured for the past several years primarily by Oracle GraalVM project, however, concerns its ability to Labs. Built in Java, GraalVM leverages the open- attract developers to its open-source community. source project Graal to accelerate compilation per- The project was initiated by, and formance and, in collaboration with a project called is still led by Oracle Labs and will In the case of GraalVM, deep Truffle, a polyglot language compiler, provides opti- need robust and transparent gov- and sustained support from mized compilation capabilities for any programming ernance to encourage contribu- language that supports the Truffle API. tions from the global community the developer community will GraalVM provides polyglot runtime functional- of developers as well as the sup- ity that brings the “write once, run anywhere” port of the enterprise and startup be critical to its success. attribute of Java to any language that can be com- community, alike. piled by Graal, thereby serving as a unified infra- Of particular concern is the lack of a diverse structure for compiling a plurality of programming community. Vendors that should have an interest in languages across a multitude of devices as well as this project but apparently do not — Microsoft, any SaaS application or data processing applica- IBM, Red Hat, and Intel come to mind — seem to tion. Moreover, GraalVM enables languages to indicate that either the project has been flying too interoperate with one another, thereby empower- low under their radar, or that there is some inherent ing developers to begin writing code in one lan- resistance for either technology reasons or for com- guage and subsequently leverage code written in petitive reasons. That said, there were substantial another language. As such, the GraalVM has the contributions from Red Hat (ARM back end), Intel potential to serve as a unified framework for com- (optimizations for the Intel platform), and Twitter pilation that facilitates enhanced portability and (bug fixes). Those were more along the lines of one- interoperability amongst programming languages. time contributions rather than an ongoing stream of GraalVM promises to bring the speed of pro- commits, though. In the case of GraalVM, deep and gram execution specific to compiled languages sustained support from the developer community such as C++ to interpreted languages by means of will be critical to its success. its support for the Truffle language-implementa- Overall, GraalVM promises to enhance the tion framework. The Truffle API creates an developer experience by way of its polyglot capa- Abstract Syntax Tree representation of source code bility to accelerate, improve and streamline appli- that it subsequently converts into a Graal Interme- cation runtime and performance. The key to its diate Representation (IR). Graal enters the picture success, however, will hinge on Oracle’s ability to by performing advanced optimization on the Graal win developer mindshare and create collaborative IR and transforming the result into machine code processes that support its evolution. z SDT02 page 50.qxd_Layout 1 7/21/17 3:21 PM Page 50

50 SD Times August 2017 www.sdtimes.com Industry Watch BY DAVID RUBINSTEIN It’s a ‘Cognitive First’ world orget ‘mobile first’ and ‘cloud first.’ Modern data showing in real-time how the machine is per- David Rubinstein is Fapplications being built today need to be ‘cog- forming, instead of doing maintenance on a time- editor-in-chief of SD Times. nitive first.’ line, when it might not be needed. That’s according to Progress CEO Yogesh Gup- To bring this world to life, Gupta said develop- ta, who said intelligent applications need the capa- ers will need tools in three categories to create an bilities to predict and to anticipate, and thereby app AI architecture: help businesses become more successful. 1 – Machine learning engines. For example, “a And he’s not the only one. I would say a solid six predicitve maintenance service can be trained to of 10 calls and pitches I get each day involve some learn about machines,” Gupta explained. aspect of artificial intelligence or machine learn- 2 – A rules engine. ‘Let’s say we have a predic- ing. I’m told that in the not-very-distant future of tion. What the are business rules that define the Internet of Things, back-end systems will have how to deal with it.” These, he said, or rules to understand data, because the stream will and business policies more than code writing. become too thick for humans to be able to handle 3 – Modern user experience. “The interface could the load. Machines will have to learn what data is be conversational, like a chatbot, or AR/VR, or critical to the business and what doesn’t have to be a mobile device... whatever,” he said. dealt with right away, what will make customers “All of this,” he added, “has to tie into a back- happy and what will drive them away. end platform to run your business. You need to run AI will be used more widely in the business apps in a scalable, secure environ- We’re even starting to see software testing, as systems learn ment, with data connectivity and front-end tooling. about themselves — and to catch We think that’s the architecture” for modern, smart cognitive services moving errors introduced during builds applications.” beyond language and speech that might break the software. Jeffreey Hammond, research analyst at For- Test automation with AI will rester, told me that “AI at its core is proactive, not recognition into empathy. enable the system to order tests reactive, inferring real-world connections based on according to what it learned from data patterns,” and triggering actions based on pre- prior defects, and suspect that something is wrong if dictions. So, for instance, a system monitoring that data appears again. water pipes in a city might detect a drop in flow Applications will have to become intelligent, to from one pipe, which could indicate a leak. It auto- understand which device I prefer to use to interact matically shuts down that section, reroutes if possi- with them, to know my preferences and deliver to ble, and sends an alert to the utility repair crew to me information that is has determined from my get out and fix it. This prevents those massive actions is most relevant. street floods we see from burst pipes, saving mon- We’re even now starting to see cognitive servic- ey for both the city and those that would be dam- es moving beyond language and speech recogni- aged by the huge water spill. tion into empathy, vocal tone analysis and senti- “In the cognitive era, we’ll see people development analysis. ing against cognitive capabilities and coupling that In this issue, we look at what it takes to create with data science. It will be a big responsibility of a fantastic user experience. Gupta pointed out that skilling folks, to articulate what’s being done and the user experience is much more than the user making use cases available” for developers to learn interface. “The experience goes beyond to cover from, said Willie Tejada, chief developer advocate the interaction itself,” he said. “The interfaces have for IBM Watson. “We need to create on-ramps for to understand context.” software assets, tool chains and code and show how He further noted that in a fairly short time, no- I design a retail chatbot or how do I do data sci- UI apps will become the norm. “Take the thermo- ence against a Twitter feed?” stat,” he said. “It should know how I want the When the role of a cognitive developer is better house when I’m home. Data drives that learning. defined, “well see cognitive really start to happen.” We see that in spades in industrial applications, As Progress’ Gupta said, “We still have a long which can do predictive maintenance” based on way to go.” z SDT02 Full Page Ads_Layout 1 7/21/17 1:38 PM Page 51 Data Quality Made Easy. Your Data, Your Way.

NAME

Melissa provides the full spectrum of data Our data quality solutions are available quality to ensure you have data you can trust. on-premises and in the Cloud – fast, easy to use, and powerful developer tools, We profile, standardize, verify, match and integrations and plugins for the Microsoft enrich global People Data – name, address, and Oracle Product Ecosystems. email, phone, and more.

Start Your Free Trial www.Melissa.com/sd-times

Melissa Data is now Melissa. See What’s New at www.Melissa.com 1-800-MELISSA SDT02 Full Page Ads_Layout 1 7/21/17 3:49 PM Page 52