SDT324 Cover Tip_Layout 1 3/17/16 3:24 PM Page 1

A BZ Media Publication

APRIL 2016 • ISSUE NO. 324 • $9.95 • www.sdtimes.com SDT324 Cover Tip_Layout 1 3/17/16 3:24 PM Page 2

Progress.com/SDTimes SDT324 cover_Layout 1 3/18/16 1:23 PM Page 1

A BZ Media Publication

APRIL 2016 • ISSUEISSUE NO.NO. 324 324 • $9.95 • www.sdtimes.com SDT324 Full Page Ads_Layout 1 3/17/16 3:46 PM Page 2 SDT324 Full Page Ads_Layout 1 3/17/16 3:47 PM Page 3

Data entry errors. Consolidation headaches. Quality data shouldn’t be a pain.

Try a little Vitamin Q.

We supply Vitamin Q – “quality” – in data quality management solutions that profile, clean, enrich, and match your customer data – and keep it healthy over time. Add Vitamin Q to your data integration, business intelligence, Big Data, and CRM initiatives to ensure accurate data for greater insight and business value.

ACT Get a FREE 30-day trial! NOW www.MelissaData.com/vitaminQ

Solutions for 10,000+ Customers 30+ Years Data Quality & Cloud • On-Premise 240+ Countries Worldwide Strong Mailing Solutions • Services

Germany India www.MelissaData.de www.MelissaData.in United Kingdom Australia www.MelissaData.co.uk www.MelissaData.com.au www.MelissaData.com 1-800-MELISSA SDT324 Full Page Ads_Layout 1 3/18/16 9:49 AM Page 4

DOMAINS | MAIL | HOSTING | eCOMMERCE | SERVERS

WINNER Jan. 2016 Best price/performance ratio

APPS 1&1 CLOUD SERVER READY FOR THE CLOUD! TRY IT * With the 1&1 Cloud App Center you can get your applications up and running in no time. Choose from more than TODAY! 100 cutting-edge apps and combine them with the superior speed and performance of the best value cloud server around.

Secure and powerful platform No prior server knowledge necessary Billing by-the-minute ®

TRIAL MONTH CALL TRY FOR FLEXIBLE PAYMENT SPEAK WITH AN 130 DAYS 1OPTIONS 1EXPERT 24/7 1 (877) 461-2631

* 1&1 Cloud Server is free for one month, after which the regular pricing starts from $4.99/month. One-time setup fee of $9.99 applies. 1&1 Cloud Server comes with a 30-day money back guarantee. If your package is not canceled within the fi rst 30 days, you will be charged in accordance with your agreed billing cycle. Visit 1and1.com 1and1.com for full offer details, terms and conditions. Intel, the Intel Logo are trademarks of Intel Corporation in the U.S. and/or other countries. 1&1 and the 1&1 logo are trademarks of 1&1 Internet, all other trademarks are property of their respective owners. ©2016 1&1 Internet. All rights reserved. SDT324 page 5_Layout 1 3/18/16 1:58 PM Page 5

Contents ISSUE 324 • APRIL 2016

NEWS FEATURES 11 SD Times on the Web 14 News Watch 16 Are you a hireable developer? Evolving ALM brings all hands on deck 20

Etsy engineer Katherine Daniels on a culture of ‘genuine inclusivity’ 21 Developers are still questioning OpenStack 22 FTC chief technologist says it’s time page 39 to rethink mandatory password changes The state of mobile: 24 When focus is functionality, security takes Exciting times, exploding choices a back seat 27 Aspose updates Java and .NET products 35 Why SQL still dominates business intelligence COLUMNS 59 CODE WATCH by Larry O’Brien Those who can, code

60 GUEST VIEW by Andrew Phillips Increasing software deployments page 50

61 ANALYST VIEW by Al Hilwa Microsoft and the new market realities

62 INDUSTRY WATCH by David Rubinstein Are you paying too much for software? What’s your mobile device testing strategy? The building blocks of SQL

page 30 page 56

Software Development Times (ISSN 1528-1965) is published 12 times per year by BZ Media LLC, 225 Broadhollow Road, Suite 211, Melville, NY 11747. Periodicals postage paid at Hunting ton Station, NY, and additional offices. SD Times is a registered trademark of BZ Media LLC. All contents © 2016 BZ Media LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 225 Broadhollow Road, Suite 211, Melville, NY 11747. SD Times subscriber services may be reached at [email protected]. SDT324 page 6,7_Layout 1 3/17/16 4:01 PM Page 1

Sharpen your Android skills at

World’s Largest BOSTON August 1-4, 2016 Sheraton Boston

“Simply the best Android developer Get the best Android conference out there! A must-go if you do Android development.” developer training anywhere! —Florian Krauthan, Software Developer, • Meet Google and Google Development Experts Hyperwallet • Network with speakers and other Android developers • Check out more than 50 third-party vendors • Women in Android Luncheon • Panels and keynotes • Receptions, ice cream, prizes and more!

A BZ Media Event AnDevCon™ is a trademark of BZ Media LLC. Android™ is a trademark of Google Inc. Google’s Android Robot is used under terms of the Creative Commons 3.0 Attribution License. SDT324 page 6,7_Layout 1 3/17/16 4:02 PM Page 2

Register by April 22 SAVE $550! Go to AnDevCon.com for details!

Choose from more than 75 classes and in-depth tutorials! Offering mobile app development training, embedded Android secrets, and Android app development tutorials and classes, AnDevCon is the most practical Android conference for developers.

TAKE YOUR SKILLS TO THE NEXT LEVEL WITH THESE CLASSES: Android (in)Security Easy Secure Internet Access GO IN-DEPTH WITH Jonathan Levin in Android THESE TUTORIALS: Mark Murphy FULL-DAY SESSIONS Android Graphics Android Bootcamp 101 Jonathan Levin IoT for Everyone Using Proximal Context and the Google Cloud James Harmon Android Platform Debugging Nick DiPatri Embedded Android with and Development Marshmallow Karim Yaghmour Kotlin and Android: Better Together, Parts I and II Karim Yaghmour Android Push Messaging C.L. Kim HALF-DAY SESSIONS Mark Wickham ART/Dalvik Persisting Data with SQLite Reverse Engineering Android TV: Building Apps with Database and Content Provider Jonathan Levin Google’s Leanback Library Margaret Maynard-Reid Joe Birch Prototyping Wearable Project Ara: Redefining Handset Devices Using Android Enterprise Mobility Management and Android Architecture Lance Gleason with Android for Work, Parts I & II Karim Yaghmour Rim Khazhin ShadowOS: Modifying the Android Firebase and Android: A Real-Time OS for Mobile Application Testing MORE CLASSES Match Synced in Heaven Ray Kelly Adrián Catalán AND TUTORIALS Think About Async: Understanding BEING ADDED! Test-Driven Development the Complexity of Multi-Threading Godfrey Nolan Check Ave Kabizon and Amichai Nitsan www.AnDevCon.com High-Performance Android Material Design implementation for updates! Networking for Android Developers Clay Smith Yash Prabhu

In a Bind: Untangling Android’s Inter MVC, MVP and MVVM Process Communication Design Patterns Jonathan Levin Godfrey Nolan Brillo/Weave Internals Karim Yaghmour SDT323 page 8_Layout 1 3/17/16 3:26 PM Page 8

®

Instantly Search EDITORIAL EDITOR-IN-CHIEF David Rubinstein Terabytes of Text 631-421-4158 x105 • [email protected] SENIOR EDITOR Alex Handy • [email protected]

SOCIAL MEDIA AND Christina Mulligan • [email protected] ONLINE EDITORS Madison Moore • [email protected] COPY EDITOR Adam LoBelia • [email protected]

SENIOR ART DIRECTOR Mara Leonardi • [email protected]

dtSearch’s document filters COLUMNIST Larry O’Brien

support popular file types, emails CONTRIBUTING WRITERS Lisa Morgan, Alexandra Weber Morales

with multilevel attachments, CONTRIBUTING ANALYSTS Rob Enderle, Michael Facemire, Mike Gilpin, databases, web data Mike Gualtieri, Jeffrey Hammond, Al Hilwa

CUSTOMER SERVICE

SUBSCRIPTIONS [email protected]

ADVERTISING TRAFFIC Mara Leonardi 631-421-4158 x109 • [email protected] Highlights hits in all data types; LIST SERVICES Shauna Koehler 25+ search options 631-421-4158 x112 • [email protected]

REPRINTS Stacy Burris 631-421-4158 x108 • [email protected]

ACCOUNTING Viena Ludewig 631-421-4158 x110 • [email protected] :LWK$3,VIRU1(7-DYDDQG&£ OTHER QUESTIONS 631-421-4158 • [email protected] 6'.VIRUPXOWLSOHSODWIRUPV£ (See site for articles on faceted ADVERTISING SALES search, SQL, MS Azure, etc.) PUBLISHER David Lyman 978-465-2351 • [email protected]

WESTERN U.S., WESTERN CANADA, EASTERN ASIA, AUSTRALIA, INDIA Paula F. Miller 925-831-3803 • [email protected]

EASTERN U.S., EASTERN CANADA, EUROPE, MIDDLE EAST, WESTERN ASIA Visit dtSearch.com for Jonathan Sawyer 603-924-4489 • [email protected]

‡KXQGUHGVRIUHYLHZVDQG PUBLISHING DIRECTOR Ted Bahr case studies 631-421-4158 x101 • [email protected] ‡IXOO\IXQFWLRQDOHQWHUSULVHDQG developer evaluations PRESIDENT Ted Bahr FOUNDING EDITOR Alan Zeichick

BZ MEDIA LLC 225 Broadhollow Road, Suite 211 The Smart Choice for Text Retrieval® Melville, NY 11747 TEL 631-421-4158 since 1991 FAX 631-421-4130 www.bzmedia.com dtSearch.com 1-800-IT-FINDS [email protected] SDT324 Full Page Ads_Layout 1 3/17/16 3:53 PM Page 9 Realize your Vision

Award winning modeling & design tools for Software, Business & Systems

Model Design Simulate Build Manage

Collaborative modeling & design environment $QDO\]HGHVLJQ EXLOGZLWKH[FHSWLRQDOTXDOLW\ HIÀFLHQF\ ® UML based core, plus many standards based extensions BPMN™, SysML, SoaML™, BPEL™ & many others ALM and Simulation, coding, debugging & visualization tools Development Performance, price & precision Tools Full lifecycle support with end-to-end traceability

Join the community www.community.sparxsystems.com www.sparxsystems.com

UML | BPMN | DDS™ | BPEL | SysML | TOGAF® | C++ | .NET | Java™ | ASP | PHP | Delphi | SoaML™ | ArcGIS™ | SOMF™ | XML™ | XSD | XMI® | WSDL | *More SDT324 Full Page Ads_Layout 1 3/17/16 3:54 PM Page 10 SDT324 page 11_Layout 1 3/17/16 3:31 PM Page 11

www.sdtimes.com April 2016 SD Times 11

Keep your MVPs to a minimum Everyone thinks they know how to create a minimum viable prod- uct, until they start thinking of ways to expand it beyond its origi- nal scope. That’s when things get out of hand. Fortunately, Amadeus Consulting’s John Basso has words of advice for keeping your MVPs minimal: “This approach will force the conversation to be about priorities, which is essential. This allows the organization to build the most important, simplest versions of the features first.” You can read more at bit.ly/1UenfE5.

Pre-built testing Where the binge comes of age watching happens QASymphony’s Kevin Dunne is keeping Netflix’s blog has started a series about how the an eye on test-driven development. company makes its software. The first entry is “Software testing is changing for the about how they pre-deploy code to their better with the rise of agile and Continuous Delivery platform, Spinnaker. DevOps. Instead of testing occurring at Future installments will cover the end of the development cycle, the other tools and processes modern methods integrate testing into that they use, but if you ever every step of the process,” he says wanted to know where before going in-depth about what TDD “House of Cards” comes has accomplished so far. You can read from, you can start at it all at bit.ly/21u3fwA. bit.ly/1pmE82z.

All the cool kids do polyglot persistence! What have we learned from this Polyglot persistence means using different year’s International Day of Women? database technologies to handle specific needs for your organization. Businesses have Every year it’s the same: We need more women in tech, we need more moved beyond having only one kind of data- women programmers, etc. Why does it seem we’re not making progress base, while polyglot persistence “means free- with this? It may be that the problem in getting girls to stick with coding emerges in middle school: “Girls Who Code wrote that in middle school, dom for developers who should not be forced 74% of girls express interest in to use a single corporate-approved database STEM, but when choosing a for all their data-management tasks,” writes major in college, only 0.4% go Tesora CEO Ken Rugg. If you don’t want into computer science,” reports your databases to be left behind, you should Madison Moore. Fortunately, read the rest of his article at bit.ly/1YGiPp5. she outlines some organiza- tions that are helping to change things for the better, which you can read about at bit.ly/1pcZO19.

SD Times wants to hear from you. Join us on LinkedIn and Facebook. SDT324 Full Page Ads_Layout 1 3/17/16 3:55 PM Page 12 SDT324 Full Page Ads_Layout 1 3/17/16 3:55 PM Page 13 SDT324 page 14,15_Layout 1 3/18/16 9:27 AM Page 14

14 SD Times April 2016 www.sdtimes.com

NEWS WATCH

Protoship aims to Developer Workforce simplify Web app Initiative looks to development A new code generator wants empower developers to make it easier for design- The software developer fills a vital role ers and front-end program- across all industries, and the Applica- mers to create Web applica- tion Developers Alliance wants to make tions. Protoship is a code sure developers have the tools and generator designed to create knowledge necessary to succeed. The HTML, React and SASS com- organization has announced the Devel- ponents from design, without oper Workforce Initiative designed to having to write CSS and HTML increase the size, expertise and under- manually. standing of the workforce. “Unlike the output from The global effort looks to engage, typical code-generation tools, educate and support software develop- Protoship will produce good ers across all platforms, technologies and industries. code indistinguishable from According to the alliance, as businesses take on a digital transformation, there is a growing what a developer would demand across all industries to hire software developers. The workforce will provide plans and painstakingly craft them- programs to help meet that demand. selves,” wrote Jasim Basheer, Initial supporters of the Developer Workforce Initiative include Apcera, AT&T, Built.io, Erics- cofounder of Protoship, in a son, Facebook, Ford, Google, Intel, MapR and other Alliance members. blog post. “It eliminates mun- dane work like exporting and The MapR Platform also and frameworks in the indus- As for the languages and assembling assets, measuring introduces Apache Myriad, an try. This is why Toptal—a com- frameworks that didn’t make margins and paddings, tweak- open-source project designed pany that connects enterpris- the top of the list, Oliveira was ing positions to achieve pixel- to remove barriers between es and startups with freelance surprised to see Python down perfection, DRY-ing up the resources managed by software engineers and at the bottom with only 120% CSS using mixins, and similar Hadoop YARN and Apache designers—has released its growth. tediums of front-end program- Mesos. findings on what coding lan- ming.” Other features include guages and frameworks are in In addition to Protoship, new security, data gover- highest demand for 2016. Tasktop goes the company has introduced nance and performance According to the report, DevOps with Sync, Protoship Teleport, a tool that enhancements; database and Swift, HTML and C++ rank at Data updates allows users to convert an messaging/streaming capa- the top for coding languages. Integrations across the devel- existing website into a Sketch bilities that many container- For the list of developer opment tool chain have been design and use it to build ized operational apps frameworks and technolo- Tasktop’s domain since the something new. require; the new MapR POSIX gies, Drupal, Elasticsearch Eclipse Mylyn project kicked Client to provide a fully dis- and Unity made the top three off way back in 2005. Since tributed, secure, reliable, spots of the list. This data is then, Tasktop has carved out a MapR Converged Data read-write file system to based on the requests that niche in offering robust, scala- Platform provides Docker containers; and a new Toptal has received from ble integrations on the devel- modern data architecture thousands of companies new advances for oper side of the ALM equa- that provides enterprises seeking employees. It also tion. The company introduced containers with flexibility and scale to shows the percent growth of further integrations on the MapR Technologies wants to deploy an interoperating net- employers looking for a giv- operations end of the spec- further Big Data containeriza- work of computing technolo- en language or framework in trum. tion in the enterprise. The gies. the last year. Tasktop Sync and Tasktop company has announced an HTML came in second with Data both added support with updated version of its MapR 267% growth. He said seeing new releases that added a Converged Data Platform that Swift, HTML and C++ C++ at the top of the list could Gateway capability. This adds, provides new advances for in high demand be because of embedded soft- for the first time, integrations containers such as persistent ware and the Internet of Developers and companies for the popular IT service storage and integrated Things. C++ came in third at seeking talent should be keep- management, project portfo- resource management. 244% growth. ing up on the latest languages lio management and IT SDT324 page 14,15_Layout 1 3/18/16 9:27 AM Page 15

www.sdtimes.com April 2016 SD Times 15

process automation toolsets. Brains Toolbox—specifically, all ers, will see continuous releas- ties to protect data at rest, in Tasktop Sync can now its IDEs as well as its .NET es throughout the years, motion, and in memory; in- bridge the gaps between tools. JetBrains is also intro- enabling the supporting memory database support; development tools and opera- ducing a new versioning Hadoop projects to mature and improved data-warehousing tions platforms. That means, scheme that will follow the grow while the core remains performance; business intelli- said Mik Kersten, CEO of Task- “YYYY.R” format where YYYY solid for enterprise use. gence for employees and new top and creator of the Mylyn represents the year and R the mobile BI support for Android, Project, “Tasktop Sync flows release within that year. iOS and Windows Phone information so DevOps and This change aligns the Microsoft to bring devices; advanced analytics development can collaborate. company’s releases, meaning SQL Server to Linux using R support to provide Tasktop Sync gives you is the that all products in the Jet- real-time predictive analytics ability to flow, in real time, Brains Toolbox will have the Microsoft has announced on operational and analytic information across any agile, same number of releases plans to bring SQL Server to data; and cloud capabilities DevOps and ALM tool. Tasktop throughout the year and will Linux in order to deliver a that allow users to deploy Data is a bit more interesting be released within a certain consistent data platform hybrid architectures across because you can gather met- timeframe from each other. across Windows Server, Linux, on-premises and cloud-based rics across the DevOps on-premise platforms and in systems. pipelines. You can see how the cloud. The company is According to Guthrie, SQL many defects are fixed, and Hortonworks releasing a preview of SQL Server on Linux is just one Server on Linux, with general how many features are deliv- collaborates with HP way the company is trying to ered across projects.” availability expected in mid- make tools more accessible. Tasktop Sync 4.5 and Task- to improve Spark 2017. The company recently SQL Server 2016 features top Data 4.5 are available now. Hortonworks, one of the three acquired Xamarin, and an - security encryption capabili- Tasktop does not publicly dis- major Hadoop vendors, nounced Microsoft R Server. close pricing. announced that it has been collaborating with HP to improve Apache Spark. The JetBrains Toolbox work has already yielded introduces new tools faster sort and in-memory computation for the project, and release changes as well as improved perform- JetBrains provides a variety ance and usage for scalability. of tools for every developer, Hortonworks also an - including IDEs for Java, nounced the inclusion of JavaScript, Ruby and others. Apache Kafka and Storm in its Now, with its shift to sub- Hortonworks DataFlow prod- scriptions, one of its new uct. These inclusions allow goals is to move away from Hortonworks’ Hadoop plat- Thunkable turns programming one major release per year form to better ingest and and focus on continuously process streams of data flow- into a drag-and-drop solution delivering value independent- ing through enterprise data A new programming solution wants to make it easy for any- ly of versioning. centers. one to build native mobile apps. Thunkable is a drag-and-drop With this new model, Jet- Hortonworks is also plan- programming solution that aims to bring simple design and Brains has noticed a few ning on solidifying its core code techniques to everyone. issues that it wanted to Hadoop distribution, accord- Thunkable is built on top of the open-source MIT App Inven- address. To start, some ques- ing to the company. Core ele- tor project. According to Arun Saigal, cofounder and CEO of tions that JetBrains’ users ments of the platform, such as Thunkable, MIT App Inventor was largely designed for the edu- have are what exactly a ver- HDFS, MapReduce, YARN and cation community, and Thunkable is designed to expand that. sion number represents, what Apache ZooKeeper, will only The solution is a cloud-based tool that features real-time the tools provide, how they see updates once a year from testing, built-in app templates that can be customized, and impact a developer’s work, Hortonworks, ensuring stabili- the ability to upload apps directly. Professional developers and their availability to the ty between point releases. can contribute to the open-source MIT App Inventor project, developer. The extended services with- according to Saigal. JetBrains is moving to a in the Hortonworks Data Plat- Moving forward, Thunkable plans to provide a market single versioning scheme for form, such as Apache Spark, where developers can share, collaborate, and/or sell new fea- all its products under the Jet- Hive, HBase, Ambari and oth- tures and functionality. SDT324 page 16-18_Layout 1 3/17/16 3:36 PM Page 16

16 SD Times April 2016 www.sdtimes.com Are you a hireable developer? Know the newer languages, contribute to open source, and work well with others

BY MADISON MOORE Whether it’s a soon-to-be STEM col- lege graduate or an experienced devel- oper looking for a change in scenery, the information age is upon us, and there is a large demand to fill these technical roles. because of how long they have existed. product and partner marketing for Last year, 38,175 computer science But, there are plenty of languages that HPE application development and students graduated into a workforce are on the rise like the Go, Swift, Julia management, said that languages all where 604,689 jobs existed, according to and Rust, and some of the more innova- depend on what the position entails. Code.org. The Bureau of Labor predicts tive and fast-moving companies are She said employees need to look at the that there will be 1 million jobs in com- picking them up. type of organization they are applying puting available by 2024. And even in According to a TIOBE Programming to, because the kind of developer the 2016, these positions in computing and Community Index report for February company is looking for depends on software engineering remain unfilled. 2016, some of the most popular lan- what languages are emphasized. An Initiatives to change these statistics guages include Java, Python, C++ and enterprise developer might look for increased this past year: from President C#. Java even made it as the report’s more traditional languages like Java or Obama signing the STEM Education programming language for 2015. .NET, while a startup might be looking Act of 2015, to the annual Hour of Code, Point being, there are plenty of lan- for languages that support modern to Fullstack’s all-women coding school. guages out there waiting for those lines technologies, like Go. The will to get more people into coding of code. But what language will set one Murphy said it’s not enough to just and programming seems unanimous. coder apart from another? Red Hat’s mention that you have experience in a Experts in the industry and hiring Chief People Officer, DeLisa Alexander, particular language. She said to look at managers highlight skills and experi- said that her company is looking for the architecture of the industry and know ences that can be emphasized to fill strong fundamentals in coding and a that there are different development these jobs to become a hireable next- variety of languages. She said that they technologies and approaches. Having an generation developer. look for new languages and old, and with understanding of what other developers the industry continuing to change, she are doing with those languages matters as Learn the language(s) suspects there will be plenty of lan- much as the languages themselves. There are hundreds of programming guages emerging in the next year. Some “Yes, you want people who have got languages in the world, but languages languages Red Hat looks for on a resume skills in Ruby, like Python, like Perl and like Java, JavaScript or PHP continue to are Python, Java, Ruby, C++ and Go. Java, but you also want to look at the be supported by some developers Genefa Murphy, vice president of developers who have an understanding SDT324 page 16-18_Layout 1 3/17/16 3:36 PM Page 17

www.sdtimes.com April 2016 SD Times 17

their contributions to the open-source 6,700 in 2014 to roughly 16,000 in 2015. community might have been, she said. Participation for boot camps has been Murphy said one of the things a higher, and according to Murphy, large developer or programmer can do while companies are even using them as applying for a job is to show where they recruitment tools, getting teams togeth- have applied their skills outside of a job. er to work on projects, or using them as She said employers will look for contri- a way to garner new ideas. butions on Git or Stack Overflow, and it “Immersive coding schools prepare shows a company that the developer is people for jobs in a few ways,” said keeping up with technologies and trends, Mayo-Malasky. “One is by focusing cur- and is remaining an active member of the riculum on the skills and knowledge dev and open-source communities. areas that companies seek in job candi- “These are all things that we look for, dates.” so it’s not just what is [on] your official The idea is that these sometimes resume, but what you do in your spare intense, multiple-month-long programs time? How are you contributing back to teach individuals the skills they need to the dev community?” said Murphy. become coders or developers, without “The portfolio of a developer looks at having to go to a four-year institution. the actual deliverables and their work Boot camps often have a tough pro- outside of their job.” gram, and not everyone is accepted into Button’s Mardell also recommends them. One Fullstack graduate, James contributing to an open-source project. Nissenbaum, said that you have to be She said producing high-quality, pub- dedicated, no matter what kind of stu- licly accessible code is “a great way to dent you are, because everything is show off and there are so many [sites] “jam packed” into three months (or to choose from.” however long the program lasts). She said if she sees a developer writ- Nissenbaum now has a job as an asso- ing and opens-sourcing cod, it gives ciate Web developer for an e-commerce them some credibility and respect. company called Media Hive. He said it or acknowledgement/appreciation of “The beauty of software develop- took him about two months to secure the things like PaaS, microservices and con- ment is so many companies and so position, but other friends of his found tainerization,” said Murphy. many teams are using open-source soft- jobs “instantly” after leaving Fullstack. Most companies are working across ware today,” said Mardell. “I don’t know App Academy recently announced a wide variety of languages, according of any company—or I’d be surprised to that it is running a boot camp prep pro- to Stephanie Mardell, head of human see a company—not using an open- gram, guaranteeing participants accept- resources at Button, a mobile startup. source tool.” ance into a coding boot camp or their She said that getting exposure to a few Red Hat’s Alexander said that open- money back. It won’t just give an intro- different languages is “key to getting source contribution is a way for candi- duction to programming, but instead hired.” dates to differentiate them- “One of the things I look for is to see selves, especially if they are ‘The portfolio of a if someone has dabbled across a couple well-known in a particular developer looks at the different languages,” she said. “It shows community for their contri- that they are curious and versatile and butions. actual deliverables and adaptable, and I think any great engi- “We are looking for peo- work outside of their job.’ neer can code across a wide variety of ple who produce value; we —Genefa Murphy, HPE languages.” aren’t looking for titles,” she said. “We are looking for contribution.” help students put together an application Emphasize contribution in a portfolio for whatever boot camp they choose. According to Murphy, developer design- Go to boot camps Gregg Pollack, CEO and founder of ers aren’t the only ones that need to have Coding boot camps seem to be popping Code School, said that immersive boot a portfolio to showcase their work. Hav- up all over the place, but they’ve actual- camps are a way to learn enough to get a ing a portfolio can be an easy way to ly been a part of the technology boom junior programming job, and they are demonstrate where a developer has for some time. According to director of great for experienced programmers look- applied his or her skills, what projects he admissions at Fullstack Academy, Hunt- ing to switch to using a new technology. or she might have worked on at previous ly Mayo-Malasky, the total number of “What these boot camps do better companies, and most importantly, what boot camp graduates has increased from continued on page 18 > SDT324 page 16-18_Layout 1 3/17/16 3:30 PM Page 18

18 SD Times April 2016 www.sdtimes.com How to become a hireable next-gen developer < continued from page 17 97% of Fullstack graduates found having authority can affect other coders than most colleges is simulate the real- employment within three months of or contributors, and this is something world environment,” said Pollack. “One finishing the program. Red Hat in particular looks for in way they do this is by having them build Red Hat’s Alexander hopes that boot potential candidates. lots of projects in groups, so by the time camps will be developed to help people Mayo-Malasky agrees, adding that they graduate, they have a portfolio shift their careers, especially for those companies hire based on culture fit as they can point to.” who might not have had prior coding or well as technical ability. Most developer Code School is like other boot programming experience. She thinks positions require working with program- camps, except it is an online hub where that these boot camps are a great way to mers as well as managers and designers, developers can learn new content. It learn basic skills or how to use a new he said. Doing well in the behavioral and provides self-guided experiences, com- language. communication aspects of an interview is bined with videos, coding challenges “[It helps them] start to make their important for today’s developers. first contributions,” said “Agile and other environments ‘Agile requires strong Alexander. “It takes a first require strong communication between communication between step.” developers, and also with management and other teams,” said Mayo-Malasky. developers, and also with Basic skills “Communicating well via e-mail and in management.’ Besides knowing the fun- person is key for success.” —Huntly Mayo-Malasky, Fullstack damentals of coding and He also said that software documen- having a wide variety of tation is important, especially for open- and gamification principles. Plus, languages in their arsenal, coders and source projects. As more individuals try everything is done in the comfort of a programmers are also expected to have to learn code, and as more companies browser, which could be ideal for expe- basic skills like communication, writing begin sharing their software, developers rienced developers who might not have and grammar. Developers are being will need to write better documentation. the time to go to class for a few months. called out of their cubicles and having Some other basic skills for a resume Pollack said that they do hear suc- to speak at conferences, and they’re include having a technology element or cess stories of people who started learn- actually doing some of the presenta- familiarity on modern development ing their skills on Code School, but a tions, according to HPE’s Murphy. technologies. Familiarity with DevOps majority of its customers are experi- “Devs don’t just need to have the and agile can make a difference, enced developers who want to pick up a tech skills, but have that ability of inter- according to HPE’s Murphy. She also new technology, which reflects the personal communication skills,” she said that there should be another layer company’s stated goal. said. “Also, because of the rise of to a resume, which can include larger Pollack added that boot camps put DevOps, it means it’s more important ecosystem knowledge of the app world. developers in groups where they have for developers to be able to understand “The developers have to not just to build projects “mimicking the real and interact with other members of the understand how to build high-perform- world.” He said that when he graduated application delivery cycle.” ing, good user experience [apps], but with a computer engineering degree, Alexander said that coders are not they also need to understand how to the four-year institution he attended always coding, and one of the most test that, how you are going to look at didn’t prepare him to get the job he important things they can be doing is performance, or leverage for example, wanted. But he believes if boot camps communicating. assets which might be used in testing,” were around during that time, it would “Coders are out representing Red said Murphy. have prepared him. Hat in evangelist roles, they are repre- Button’s Mardell said that simply At Fullstack, some of the preparation senting Red Hat at different meetups emphasizing that a developer is curious helps individuals become working pro- and conferences, so they need to be and being able to back that up on a fessionals. Beyond writing code, Mayo- able to do presentations and be advo- resume or portfolio is one way to get Malasky said that students at Fullstack cates for open source,” she said. noticed. Whether you’re a developer in practice pair programming, use agile to Alexander also said that working well your 20s or someone who has been in the manage their development workflow, across all cultures and communities is industry for years, showing that you and get feedback in formalized code- important to emphasize. Many organi- understand that the industry is changing review sessions. zations have people that contribute to and new technologies are being intro- He also said that skills learned from open-source communities, and many duced will get you one step closer to Fullstack will help during the job come from all over the world. Being being the final candidate in a round of search process. In today’s job market, able to influence without necessarily job interviews. z SDT324 Full Page Ads_Layout 1 3/17/16 3:56 PM Page 19 SDT324 page 20,21_Layout 1 3/17/16 3:06 PM Page 20

20 SD Times April 2016 www.sdtimes.com A culture of ‘genuine inclusivity’ Katherine Daniels’ work at Etsy shows how to change perceptions of women

BY MADISON MOORE From Linux to Etsy It might be a surprise to hear that Daniels started her career doing Katherine Daniels, senior operations research and development and engineer at Etsy, studied art and cre- systems engineering on worksta- ative writing before she switched to tions, with a focus on Linux stor- computer science. age and Windows graphic solu- Feeling “burned out” in the liberal tions. She then made a big move from According to Daniels, Etsy has 1.6 arts program, Daniels instead went on Colorado to New York, where she land- million active sellers and 24 million to obtain a degree in computer science ed a job as a system administrator for active buyers as of Dec. 31, 2015. The from Colorado State University. She Livestream, a video livestreaming plat- architecture is “straightforward,” using appreciated how her computer science form. Linux, Apache, MySQL and PHP for classes required some creativity, and Daniels loved tackling the problems the site itself; Solr and Elasticsearch for they lacked the subjective grading that in operations but never felt like she had search; and Hadoop and Vertica for is found in creative disciplines. Simply a lot of time to go in-depth in an area, data management. put, it was clear in computer science, “Engineers deploy code, whether whether you were getting something that be for the site, for configuration, right or not. or for any of our other stacks, She does very little programming in upwards of 30 times a day on aver- her spare time, but she has written a age,” said Daniels. “Different engi- script to crawl a subset of Wikipedia neering teams collaborate a fair pages looking for metal bands with vio- amount to make sure everything is lins in them. Most of her free time is since she was working in a “one-person working as it should be.” spent rock climbing and taking cello ops team,” as she puts it. Daniels said that the Etsy culture is lessons, and she’s helped write an After a few years, she happily landed far different from other stereotypical eBook on effective DevOps. a job at Etsy, but during that time she tech companies that everyone seems to While the cello is one of the hardest said she dealt with a lot of challenges love (Daniels says to picture the instruments to pick up as an adult, that came with being the only woman on beer/pizza/ping-pong idea culture). The Daniels has seen more challenges in the engineering teams. In the past, Daniels culture is one of “genuine inclusivity,” software industry. She’s watched it has dealt with unwelcome advances and and she said that in the workplace, peo- come to terms with ideas like DevOps, sexual harassment at professional events, ple are much more mindful and consid- discussed how principles can be and was told she was everything from erate than what she has seen at other expanded to benefit more roles in the “too aggressive,” “too money-focused,” organizations. Recently, the company modern software development worlds, and that she needed to be “more even placed gender-neutral bathrooms and seen barriers rise between engi- assertive” to get her ideas heard. in its headquarters. neers and non-engineers. Daniels also said she is the only out “[Etsy] thinks about how their deci- The biggest challenge she’s seen— queer person in the organization, which sions will impact other people both one that she has experienced herself— “led men to thinking that I will be on technically and interpersonally,” said is working in what’s still considered a board with their objectifying or harass- Daniels. decisively male-populated industry. ing other women in front of me. She has been able to push past her Given where she is right now, it’s safe to “It was incredibly frustrating, and I own barriers that she faced in the say she knows that women can—and gave serious consideration to leaving the industry. For others, she suggests get- will—thrive in programming and other industry in the past, and probably would ting women into technology and soft- technology careers. have by now had I not joined Etsy.” ware, but with more of a focus on SDT324 page 20,21_Layout 1 3/17/16 3:06 PM Page 21

www.sdtimes.com April 2016 SD Times 21

retaining the women that are already in the industry. She said there are few sen- ior women in either engineering or Developers are still management positions, which is caused by women leaving the industry entirely early in their careers. questioning OpenStack “This leads to things like fewer women being involved in the types of BY MADISON MOORE OpenStack will support such a wide organizational decisions that can affect OpenStack has come a long way since range of workloads across various IT other women’s experiences in the work- NASA and Rackspace first launched it environments, and that the data shows place,” said Daniels. “This also means in 2010. Even with recent successes, support for the direction of the Open- less guidance and fewer role models for technology professionals and those who Stack community. women just entering the industry, so use OpenStack still have a few questions “Companies considering adopting they might not have people to talk to and concerns surrounding the system. OpenStack should understand that there about these gender-specific challenges Talligent, a provider of cost- and are still challenges with regards to com- or someone who has been there and capacity-management solutions for plexity and deployment,” said Meadows. can advocate for them.” OpenStack and hybrid clouds, released “A successful OpenStack deployment Daniels has taken matters into her its 2016 State of OpenStack Report. In will include some mix of technical own hand, and when she’s away from the report, it identified some concerns expertise, operational tools, and the sup- her computer, she tries to help the New of OpenStack, its use cases, barriers, port of a solid OpenStack partner.” York City feminist community grow. and what’s currently driving OpenStack. Additionally, the shift to an on- She has volunteered with “Lesbians The report was commissioned by demand cloud for IT service delivery Who Tech” and has spoken at five Talligent through CloudCow and requires a new approach to tracking, O’Reilly Velocity DevOps conferences. VMblog, and it surveyed 647 virtualiza- managing and comparing IT resources, She also cofounded MergeSort, a femi- tion and cloud IT professionals and said Meadows. Management tools nist hackerspace in the city, which she executives around the globe. should be designed to support automa- recently had to step down from as co- The survey found respondents in tion and deliver real-time insight for organizer due to time constraints. The varying states of familiarity with Open- OpenStack adoption. events that the group has put together Stack. Thirty percent said they current- Other key findings from the Open- have all been “hack nights,” where peo- ly use it to support projects or produc- Stack survey include: ple bring their projects to work on tion workloads. Thirty-six percent said ● Sixty-one percent of respondents are together. they are familiar with OpenStack, but adopting OpenStack to combat the Recently, she has been helping have not yet implemented it. expense of public cloud alternatives organize events for Ladies Who Linux Once OpenStack is in place, respon- ● Challenges of OpenStack adoption NYC, where the meetups generally dents said they expect to quickly include its security model (26% of involve talks followed by some hand-on expand beyond development environ- respondents) and lack of operational coding around related topics, said ments, with lab growth moving from tools (23%) Daniels. 43% to 89% and QA/Test to grow from ● Private clouds will not be replaced At Etsy, Daniels has been thankful 47% to 91%, both within the next 12 by public clouds; 54% of respon- to have an ops team that has the time months, according to the report. dents still expected their cloud use and ability to take the “tools from good John Meadows, vice president of to be all or mostly private within the to great,” she said, which she finds business development at Talligent, said next five years “incredibly rewarding.” She has worked that businesses should have confidence ● Fourteen percent of respondents to provide operational support, per- in the path that OpenStack is taking. expected a balance of private and formance and availability for both the He said that at Talligent, they were sur- public cloud over that same time customer-facing site and internal tools prised to see the expectations that period. z for the company. Some big projects she’s worked on have included helping the data platform team to install a new Hadoop cluster, as well as moving their existing cluster between datacenters. She has also built and maintained mul- tiple ELK (Elasticsearch, Logstash, Kibana) clusters, along with managing multiple hardware upgrades and creat- ing tools to make maintenance easier. z SDT324 page 22_Layout 1 3/17/16 3:30 PM Page 22

22 SD Times April 2016 www.sdtimes.com FTC chief technologist says it’s time to rethink mandatory password changes Research shows changing them often may make them less secure BY MADISON MOORE predictable ways that attackers can file, most likely because they stole it. There’s a lot of emphasis nowadays on guess easily. She said unless there is a This hacker can then go on to carry out having secure passwords, as well as need to change the password—like an offline attack. changing passwords often to keep your there is evidence that the password has “These results suggest that after a information and accounts safe from been compromised or shared—chang- mandated password change, attackers hackers. Despite what some IT profes- ing passwords frequently could actually who have previously learned a user’s sionals have said in the past, one woman do more harm than password may be able to with the Federal Trade Commission has good. guess the user’s new pass- suggested that changing passwords less Cranor cited the word fairly easily,” Cranor will actually keep systems safer. results of a 2009-2010 wrote. Lorrie Cranor, chief technologist study of password his- with the FTC, recently shared her case tories from defunct To change or not to change study and the FTC’s advice to compa- accounts from the Where does that leave a nies who wish for stronger data security. University of North user or a company that She said that the FTC’s advice in the Carolina at Chapel wants to make sure its pass- past has been to conduct risk assess- Hill. Those words are safe? Cranor said ments, taking into account factors like researchers obtained that if you have reason to the sensitivity of information they col- the passwords to believe your password has lect and the availability of low-cost 10,000 defunct been stolen, you should measures to mitigate risks. The FTC accounts of individuals who had to change it and make sure you change it— has also advised companies to keep up change the password for them every including for the accounts that have the with security research. Cranor said that three months. The researchers then used same password. what might have been reasonable in password-cracking tools to crack the “If you shared your password with a 2006 is no longer reasonable in 2016, hashed passwords—meaning the pass- friend, change it,” she said. “If you saw and she also emphasized why keeping words themselves were scrambled using someone looking over your shoulder as up with security advice is important. a mathematical function called a hash. you were typing your password, change Cranor conducted research on mak- Offline attackers aren’t limited to it. If you think you might have just giv- ing passwords more usable and secure, guesses before being locked out. These en your password to a phishing website, and she wrote that this always prompts attackers gain access to a system and change it. If your current password is a lot of interesting comments and ques- steal the hashed password file, and take weak, change it. If it will make you feel tions. it to another location to make as many better or if you just feel like it’s time for “People complain about having so guesses as they want. When the a change, then by all means go ahead many passwords to remember and hav- researchers tried to hack into the and change your password.” ing to change them all so frequently,” accounts, they used a password crack- Cranor said that depending on a she wrote. “Often, they tell me their ing system that ran for several months company’s situation, there may be good passwords (please, don’t!) and ask me until it eventually cracked at least one reasons as to why it would require users how strong they are. But my favorite password that was not the last password to change their passwords. Before question about passwords is: ‘How the user created for that account. doing so, she suggested assessing the often should people change their pass- Cranor wrote that the bottom-line risks and benefits for the organization, words?’ My answer usually surprises results of this long study “are striking.” as well as alternative ways of increasing the audience: ‘Not as often as you She said that the UNC researchers security. might think.’ ” found that for 17% of the accounts they “Organizations should weigh the Cranor said that there is a lot of evi- studied, knowing a user’s previous pass- costs and benefits of mandatory pass- dence to suggest that users who are word allowed them to guess their next word expiration and consider making required to change their passwords fre- password in fewer than five guesses. An other changes to their password poli- quently select weaker passwords to attacker who knew the previous pass- cies rather than forcing all users to keep begin with and then change them in word has access to the hashed password changing their passwords,” she said. z SDT324 Full Page Ads_Layout 1 3/17/16 3:56 PM Page 23 SDT324 page 24_Layout 1 3/18/16 9:27 AM Page 24

24 SD Times April 2016 www.sdtimes.com When focus is functionality, security takes a back seat RSA chief architect laments changes in development life cycle

BY ALEX HANDY firewalling, proxying, networking, and It’s no secret that computer security is a encryption. Some even sold custom difficult area of expertise. At the annual hardware to solve these problems. RSA Conference in San Francisco last Still, there were some software month, attendees were treated to a host development solutions on hand, such as of solutions to solve their security woes. those from Veracode. The company As usual, however, software develop- demonstrated its SaaS vulnerability ment was not the focus. scanner, which, over the past year, has Robert Griffin, chief security archi- irritated Oracle, which has asked cus- tect at RSA, agreed that developing tomers not to pass Oracle binaries secure software is difficult, and said through Veracode and other binary that typically features trump security in scanners. Oracle claimed these devices the software development life cycle. bring up false positives for vulnerable “The pressures I felt in the ’80s and code in their binaries, specifically. ’90s looking for when code would cause RSA’s Bob Griffin is calling for a new develop- Rogue Wave was at RSA to show off problems; that pressure doesn’t seem to ment methodology that incorporates security. Klocwork 2016. This new version be there at the moment,” he said. “The enables security testing within the build model built by Google and Microsoft “It is very tough to deal with security process, alongside Jenkins. This Con- has supplanted so much that it’s hard to issues when the focus is on the func- tinuous Integration-enabled version of think about security. There needs to be tionality,” said Griffin. “For the refer- the popular in-IDE secure code-devel- a new methodology that reinserts secu- ence implementation around key man- opment monitoring tool will bring secu- rity models into the rapid development agement (for OpenSSL), it was much rity testing into the nightly cycle, sup- life cycle.” harder to drive security properties of plementing a reliance on developers to Griffin, who has been promoted to that, even though it was a security pro- be compliant as they are writing code. the point where he no longer has to tocol. I think there was a shift in the Palamida demonstrated its code write software, said that back in his days OpenSSL community after the RSA scanner, which detects open-source of being a coder, his team used three patents. Due to the sense that this sup- code. While this may not have been tools to ensure software security. planted [those] patents, there was a important to folks outside the legal “One was code review,” he said. rush to move to that software without department, with the current state of “Clearly we did that as a way of looking the level of inspection needed. Cus- OpenSSL and with vulnerabilities pop- for obvious and less obvious errors. tomers did rigorous reviews of our SSL ping up in other open-source codebas- Second was vulnerability scanners. In code. I don’t know of customers who es, it could help developers control the early days in the ’90s especially, did that with OpenSSL.” their teams’ urges to crib code snippets. they searched for known coding errors. While many, many companies on the Third—although it was the hardest goal New tools, old problems show floor were talking about how they for us—was to find errors in the design The conference offered hundreds of use machine learning to filter packets phase. That was the hardest thing. You security tools for attendees to evaluate, or monitor logs, there was only one could find some errors in terms of but only a few that were focused on soft- company on the floor that seemed to assumptions, in terms of approach. The ware development. It has grown consid- have the infrastructure software to be real errors occur as you were getting to erably over time, showing proof positive able to support such a system. X15 Soft- the coding. It was so difficult to really that enterprises are looking for security ware has been working in the Hadoop identify vulnerabilities and significant solutions—and many different types, as world for five years, and it offers a set of issues at the design phase.” well. At the show, vendors displayed tools for building security-monitoring When asked about the current state tools, platforms and services for identity systems within Hadoop. Customers run of OpenSSL, Griffin stated that he felt management, device management, their own instance of Hadoop, then lay- it was difficult to build secure software threat detection, threat assessment, er the X15 software on top to help them through an open-source process. threat elimination, penetration testing, aggregate and analyze log files. z SDT324 Full Page Ads_Layout 1 3/17/16 3:56 PM Page 25 SDT324 Full Page Ads_Layout 1 3/17/16 3:56 PM Page 26 SDT324 page 27_Layout 1 3/18/16 9:53 AM Page 27

www.sdtimes.com April 2016 SD Times 27

WINDOWS DEVELOPER WATCH

In other component news… Aspose updates Java, .NET ■ Accusoft’s Document View and Sign module has been made available for Sug- ar 7. The document and imaging solutions solutions for email, PDF provider announced users can now redact, search and sign attachments BY CHRISTINA MULLIGAN tures include converting XML files to within SugarCRM’s SugarExchange. The Aspose is adding features and improve- PDF, adding transparent text in module also features the ability to view ments to its .NET and Java products. PDFs, and drawing with transparent dozens of document and image file types The file-management solution provider color. within browsers, and the ability to view recently announced the release of The .NET character and optical any document within Sugar. Aspose.Email for Java 6.3.0, Aspose.Pdf mark recognition component was ■ Dynamsoft has improved its barcode for Java 11.2.0, Aspose.OCR for .NET updated to include the ability to per- reader and PDF rasterizer in the latest 3.4.0 and Aspose.Diagram for Java form OCR operation on images with version of Dynamic Web TWAIN, its Web- 6.1.0. transparent backgrounds. In addition, based TWAIN scanning and imaging SDK. Aspose.Email for Java is a Java class Aspose.OCR for .NET 3.4.0 intro- Dynamic Web TWAIN 11.3 features added library that lets Java applications read duces an “OMR template is busy” support for reading binary barcode; an and write e-mails in a variety of for- indicator while processing images in updated barcode reader library that mats without relying on Microsoft the OMR template editor. Other improves its positioning algorithm; added Outlook. In its latest release, enhancements include improved IsTextBased PDF API to the PDF rasteriz- Aspose.Email for Java 6.3.0 features exception handling processes while er in order to determine whether a PDF is the ability to detect input file format, performing OCR operation on bar- text-based; improved event OnPostLoad; enhances its ability to convert e-mail codes, and save preprocessed bina- and improved AcquireImage API. messages to HTML output by also rized image process improvements. ■ Developer productivity solutions exporting message headers to HTML Aspose.Diagram for Java is an API provider GrapeCity has announced a output; and resolves issues using its that lets developers load existing dia- collaboration with Microsoft. Microsoft detached signature option. grams, create them from scratch, save has incorporated Wijmo’s line of HTML5 Aspose.Pdf for Java is a PDF docu- them in any supported file format, and and JavaScript products into the 2016 ment development component that manipulate Microsoft Visio drawings update of Microsoft Dynamics CRM allows developers to build Java apps within a Java app without using Online. Wijmo is a collection of HTML that read, write and manipulate PDFs Microsoft Visio. According to Aspose, and JavaScript UI controls. According to without requiring Adobe Acrobat. the 6.1.0 release has four noteworthy Microsoft, Wijmo 5 provided the compa- Version 11.2.0 introduces a new fea- upgrades: It allows developers to set ny with touch support, mobile-friendly user interactions, broad device support, ture that allows users to change a PDF the orientation of the Visio page; pro- a clean and highly customizable design, document color space from RGB to tects shape-ID attributes in SVG; support for more than 40 cultures, and grayscale in order to print PDF files manages image quality by setting its flexible input and gauges control. faster. The company noted that when brightness level; and gives users the a file is converted to grayscale, the ability to comment in Visio diagrams ■ Telerik has announced the first major size of the document decreaces, but in order to give additional or more release of Kendo UI for 2016. Kendo UI R1 the quality may also drop. Other fea- detailed information. z 2016 features documentation improve- ments; a new dashboard template; spreadsheet and grid enhancements; the ability to disable dates in calendar pick- ers; new VS app templates; and an update on ASP.NET Core 1. In addition, the com- pany announced it is currently building a new version of Kendo UI from the ground up as a set of React and Angular 2 com- ponents. Telerik will continue to manage Aspose.PDF for Java allows users to transform a variety of file formats into PDFs, and to add the jQuery version of Kendo UI with new PDF capabilities to their applications. features and widgets. z SDT324 page 28,29_Layout 1 3/21/16 10:21 AM Page 1

Registration Open!

September 7-9, 2016 Paris Hotel, Las Vegas www.InterDrone.com

The Largest Commercial Drone Show in the World!

125+ exhibitors • Demos • Keynotes • 110+ Classes and Panels • InterDrone SDT324 page 28,29_Layout 1 3/21/16 10:22 AM Page 2

“It looks like the drone industry has chosen their go-to event!” —Robert Rodriquez, President of the Society of Aerial Cinematography

InterDrone is Three Awesome Conferences:

For Drone Builders For Flyers, Buyers and For Flyers Engaged in Aerial Content will focus on advanced Drone Service Businesses Photography and Videography flying dynamics, chips and Classes focus on enterprise applications Class content includes drone use for boards, airframe considerations, such as precision agriculture, surveying, real estate and resort marketing, action hardware/software integration, mapping, infrastructure inspection, sports and movie filming, newsgathering sensors, power issues, and law enforcement, package delivery, — any professional activity where the software development. and search and rescue. quality of the image is paramount.

Film Festival • Women In Drones Luncheon • 100+ Industry Expert Speakers

A BZ Media Event SDT324 page 30-33.qxd_Layout 1 3/17/16 3:27 PM Page 30

30 SD Times April 2016 www.sdtimes.com

The future of the standard

BY ALEX HANDY QL is the prime building block of ated at IBM’s San Jose Research Laborato- Sthe modern enterprise. All those ry. Originally dubbed SEQUEL, which exciting applications, nifty mobile stood for the Structured English Query apps and massive back-end projects are, Language, it was designed as a tool to help essentially, useless without the data access the data in these newfangled things behind them. That data may not be so IBM was playing with: relational databases. important at runtime if the application is By 1979, the original SEQUEL ideas just saving logs or form information, but at (by then shortened to SQL due to trade- the end of the day, that data has to live mark concerns) had percolated within somewhere. Relational Software, the company that Today, wherever that data ends up, it’s would become Oracle. By the end of 1979, highly likely it will be accessed with SQL Relational offered the first commercial (or at the very least a SQL offshoot, be it implementation of SQL with its Oracle V2 Oracle’s PL/SQL or Micro soft’s Transact- database for VAX. SQL). At their cores, even the modified It would take another seven years versions of SQL all aim for the same goal: before ANSI would standardize SQL. The making data stores accessible to analysts SQL-87 standard would lay the founda- and business people. tions for modern software development In the beginning, Edgar F. Codd, Don- and data management by ensuring that ald Chamberlin and Raymond F. Boyce different database vendors would be able laid out the basics for relational databases to run the same queries. This made knowl- in their work at IBM between 1970 and edge workers vastly more valuable, as they 1974. That work would form the founda- could move from company to company tion for databases for decades to come, and and not require retraining to use a differ- included the invention of not only SQL, ent database. but also the schema model for storing and Two revisions later, SQL-92 saw the organizing data into tables. first sweeping changes to the language. The SQL we use today bears little The actual spec itself grew exponentially resemblance to the original language, cre- in this release, though new features only SDT324 page 30-33.qxd_Layout 1 3/17/16 3:28 PM Page 31

www.sdtimes.com April 2016 SD Times 31

is use beyond the enterprise

accounted for double the size of the stan- features Time Travel Queries. dard. The primary goal for SQL-92 was to This, perhaps, all points to the future be much more specific about how things for the SQL standard. As SQL has should be done, thus lowering the amount evolved over the past 40 years, it’s consis- of divergence between the various rela- tently taken on the common data chal- tional database platforms in the market. lenges of the day with an approach that SQL has continued to grow over the comes close to making everyone happy. years, gaining recursive queries in 1999, adding XML support in 2003, and taking The Big Data connection in XQuery support in 2006. Which brings One place where the future of SQL is evi- us to today, when the SQL 2011 standard dent is in the world of Big Data. When rules the roost. Apache Hadoop burst onto the scene in SQL:2011, as it is called, was primarily 2010, there were no SQL tools in sight. about temporal support. This version of But as of 2014, SQL on Hadoop has the standard brought in more handlers for become essential. doing work related to time series inside A major reason for the continuing pop- More data analytics will be needed with the databases. This means most SQL databas- ularity of SQL, said Vicky Harp, corporate growth of SQL, says Idera’s Vicky Harp. es (such as PostgreSQL, Oracle and DB2) strategist at Idera, is that open source has can now treat time as a top-level function democratized the language, opening it to had a large data accumulation phase, and across SQL, and there are new temporal more than simply enterprise users. people are seeing that you can get things predicates, such as overlaps, equals and “For a long time, [SQL] was something out of that. When you’re asking, ‘What do precedes. This means time-series database people saw as [for the] big enterprise, but we do with all these marketing visits to work should be easier to sync up across now we have other open-source alterna- our website?’ it winds up being more data different vendors. tives, so people don’t have to make the big than you could point Crystal Reports at.” Oracle, for example, supports investment that they did before. You have Because all of this data is being saved, SQL:2011 in 12c, but versions 10g and a lot more developers who know SQL the natural business instinct is to do 11g use Oracle’s Flashback queries to ask now,” she said. something with it. The trick is to actually time-based questions to their databases. “I think the analytics platforms are get information out of the data, a task that IBM, on the other hand, calls its temporal coming along with access to data. We’ve continued on page 32 > SDT324 page 30-33.qxd_Layout 1 3/17/16 3:28 PM Page 32

32 SD Times April 2016 www.sdtimes.com

< continued from page 31 requires highly skilled workers—and more often than not—SQL. Unfortunately, said Harp, the mar- The Calcite layer: ket has realized this as well, and has essentially flooded customers with choices. That means there’s a lot of tur- bulence and no clear market leader Key to SQLs future when it comes to SQL on Hadoop, or ’ even analytics on Hadoop. “You need to have more data science BY ALEX HANDY anymore. People were choosing their and actual analytics capabilities,” said SQL’s big contribution to humanity is own storage formats and algorithms. Harp. “The space is a place where providing a singular way to access data, “Federating the data across a cluster there’s a need. We’re seeing there’s a lot regardless of the underlying storage (or several clusters) and a query opti- of jostling in the Gartner Magic Quad- medium or vendor. The various com- mizer were going to be key to keeping rant on that in 2015 and 2016. We saw promises currently required by cloud those all together and keep your sanity. a lot of people drop in terms of their infrastructure, however, are beginning I thought to liberate the query optimiz- ability to execute, which I thought was to cause divergence once again, as er from the inside of the database so interesting. It’s a space to continue to numerous data stores compete in the people could integrate disparate com- watch. We’re also seeing vendors move cloud. Many have their own little SQL ponents. in and out of that magic quadrant. It’s quirks or oversights. “There is a diverse community of not like they’re having trouble finding That’s why the Apache Calcite proj- users, but not everyone wants to write vendors. In the 2016 version, even Ora- ect is so important to the future of SQL Scala, not everyone wants to write SQL, cle fell off. and to the future of Big not everyone wants to write “There is demand in the market for Data. The project was cre- R. But all those communi- people to do what they’re comfortable ated three years ago by ties exist, and they need to with, and at the same time, it’s the Julian Hyde, a data archi- be served. It was fairly clear relational database providers who are tect at Hortonworks The to a lot of us that a SQL seeing what their users want. It goal of the project was to interface to Hadoop was depends on what you’re looking at it. Is clean up the mess around going to come along, and this relational on top of Hadoop ver- how SQL is run across Big two years ago about 10 sus...Hadoop working with SQL Server Data. Essentially, Calcite is came along at once. There’s or some other platform where you are a generic query optimizer not a single paradigm that mixing the two types of data?” that is compatible with any- Calcite builds the mundane will win, but the SQL com- Indeed, Hadoop has muddied the thing for which developers aspects of databases, says munity is very strong and waters around big enterprise data ana- desire to write a plug-in. creator Julian Hyde. doesn’t show signs of going lytics, thanks to hundreds of vendors “I’m a database guy. I’ve away. Tableau is still the now offering compatible products to been building databases for most of my way the majority of users get to their analyze the mountains of data that career: SQL databases, open-source data.” come from a modern enterprise. and otherwise,” said Hyde. “I wrote the Calcite brings some coherence to Monte Zweben, cofounder and Mondrian 11 engine, the leading open- this multiple-language world. Instead of CEO of Splice Machine, has built a source LDAP engine. I’d done query implementing its own database, Calcite company to deliver ACID transactions optimizers before. What I saw was— is, essentially, the building blocks for a on top of Hadoop. That means SQL and the Hadoop revolution was one big database. Calcite includes the frame- users can use their Hadoop cluster as part of it—was the fact that the databas- work for managing data, but does not they would typically use a relational es was no longer a monolithic entity include traditional database capabili- data store. “I don’t think it’s the language [SQL] that I would argue is the new innovation; analytics. This is where the Hadoop If you have all three of those, you have it’s the workload using the language that’s world has gone. All SQL on Hadoop is what’s typically remarked as a dual going to be unique,” he said. “I see the focused on that: big batch analytics. workload. The magic of this next gener- world bifurcating. What I mean by that “The one piece of the pie nobody ation of architectures is supporting the is, there was this heavy push to do rapid addressed was powering concurrent dual workload, where those workloads ingestion of data. The NoSQL guys applications. That’s where you need are isolated from each other, and don’t glommed onto that. Then there’s this ACID semantics. That’s what relational interfere with each other. other world of people doing big batch databases had done for years and years. “Think of a database that’s trying to SDT324 page 30-33.qxd_Layout 1 3/17/16 3:28 PM Page 33

www.sdtimes.com April 2016 SD Times 33

ties, such as managing storage loca- tions, hosting a repository for metada- Apache Calcite ta, or including algorithms for process- ing data. Perhaps the best way to describe Apache Calcite is to let the project describe “What I think is interesting about itself. According to the Apache site: SQL is the declarative approach to “Apache Calcite is a dynamic data-management framework. “It contains many of the pieces that comprise a typical database-management data, where you have a query planner,” system, but omits some key functions: storage of data, algorithms to process said Hyde. “You say ‘Here’s what I data, and a repository for storing metadata. want to get,’ and the system goes and “Calcite intentionally stays out of the business of storing and processing data. gets it. That isn’t limited to SQL: Pig As we shall see, this makes it an excellent choice for mediating between applica- has an optimizer in it, Storm has an tions and one or more data-storage locations and data-processing engines. It is optimizer in it. The general approach also a perfect foundation for building a database: Just add data.” z extends beyond SQL. —Alex Handy “Another part of our mission is inte- grating together data federation. That’s all the data. Calcite has the features for tiny subset of that in Hive is usually why an open-source project is a good defining these materialized views.” less than adequate,” he said. way of solving it: We have various peo- Enterprises are addicted to those “Calcite is just sitting out there ple who are solving these individual highly important data queries, and Cal- waiting to be used. Drill helped open problems that find that Calcite is the cite can help to eliminate some of the that one up. When it comes down to it, way they can pool their resources. Just headaches associated with them. “On look at the history of SQL on Hadoop last week someone contributed an the mundane level, we are using Calcite technologies. Apache Hive was a great Apache Cassandra adapter. They also to build really high-quality cost-based entry into expressing SQL at scale. recognize that there is some basic stuff optimizers for some really high-perfor- Apache Impala came along and took a that query optimizers do that applies to mance systems,” said Hyde. “Horton- step forward and said, ‘We need to Cassandra, just as it applies to MySQL works is investing in Apache Hive very make this faster.’ They didn’t necessar- or Apache Drill.” strongly, and we’re building a world- ily fix the problems. They just made Calcite, said Hyde, allows database class cost-based optimizer in Hive. It’s a something run faster, so it has a com- engineers “to start 80% up the moun- massive ongoing engineering effort. plete dependency on Hive.” tain and climb the interesting 20%.” Oracle, Microsoft and IBM have spent Scott predicted change will come to That means all the mundane things a lot of effort building their cost-based the SQL-on-Hadoop market, mainly databases must do to handle queries optimizers for their systems. because existing solutions are not opti- can be handled by Calcite, while the “My prediction is that people will mum. “I think what it comes down to is more important differentiation fea- want a SQL interface on top of stream- the logical model these platforms have tures, such as storage medium, built-in ing data for the same reason they want- been built on are not the easiest to algorithms and a metadata store, are ed SQL on top of Hadoop. Not adapt to the complexity of SQL will handled by the engineers. because SQL is the ideal language, but support,” he said. “Another thing this particular con- because of its interoperability. Existing “Idealistically, people are going to tributor wanted from was Calcite’s sup- skill sets can use them, and the system put their hands on a tool like Apache port for materialized views,” said can self optimize.” Drill [and] say, ‘I can start with this on Hyde. “That’s a table whose contents Jim Scott, director of enterprise my laptop and can query every data are defined by a query. This table strategy and architecture at MapR, store in my enterprise.’ Drill supports always contains the highest salary of said that SQL still drives the needs of utilizing the Hive metastore, but does each department, so if someone writes many enterprises. “When it comes not require Hive to use it. There has a query, they can go to this table down to it, most people need the rudi- been a competitive landscape of SQL instead. That avoids actually scanning mentary basics of ANSI SQL, and the on Hadoop.” z

do both analytics and transactions. ditional databases struggle with: And that is, perhaps, the biggest draw What typically happens is you run ana- resource isolation. to Big Data for SQL Read this story on lytics on a single-lane highway, blocking “In the new architectures, you can users: the potential to sdtimes.com all these little cars behind them. Those use different Big Data compute unlock massive troves of cars are the transactions. If someone engines for different purposes. We have data without the poten- kicks off a report to summarize the last one lane for transactions powered by tial to lock up the entire six months of sales, and all of a sudden HBase, and one lane for analysis pow- dataset with a single your resources are shot, that’s what tra- ered by Spark.” miswritten query. z SDT324 Cover Tip_Layout 1 3/17/16 3:24 PM Page 2

Progress.com/SDTimes SDT324 page 35,36_Layout 1 3/18/16 2:11 PM Page 35

www.sdtimes.com April 2016 SD Times 35

INDUSTRY SPOTLIGHT: DATA ANALYTICS Why SQL still dominates business intelligence Business intelligence is all about actionable information, and the fastest, most economical and powerful way to extract it just happens to be SQL

BY ALEXANDRA WEBER MORALES incredibly strong demand in the market Cloud and Marketo, which are now With all the hype about NoSQL docu- for SQL. providing SQL through our DataDirect ment stores and other types of semi- What’s happened is the explosion of Connectors. structured and unstructured data being data and data store systems have creat- NetSuite, ServiceNow and Plex ERP the way of the future, it’s important ed a lot of data silos, and these silos have built their own SQL connectors. to remember that structured query contain information that’s all related. Looking toward NoSQL vendors, Mon- language (SQL) is still the dominant You need to query various silos and goDB built their own SQL connector. currency for data transformation. We withdraw key information. SQL is VoltDB provides a SQL connector, spoke with Brody Messmer, Principal Software Architect and Head of Prod- uct Innovation in charge of DataDirect ODBC and JDBC connectivity solu- tions for Progress Software in Raleigh, N.C.

SD Times: Are rumors of SQL’s demise greatly exaggerated? Messmer: Yes. Ultimately, SQL is every- where, and we really don’t see it going away anytime soon. Banks, govern- ments, hospitals, businesses use it... it’s even on phones and embedded devices. How old is SQL? ingrained in all of our uses of querying which they built themselves using tech- The standard itself actually turns 30 this data. nology from Progress. year. It’s been around a long time, How has SQL evolved? In the Big Data industry, Hive, which is surprising in the tech industry. If you look at SQL itself, the standard is Spark, Impala, Presto and others are all Its popularity is readily visible. A 2015 not changing all that much. The most working to provide SQL access to Stack Overflow survey found SQL was popular standard was released in 1992. Hadoop. the second most popular software tech- There have been a few revisions since, What are the technical challenges of nology, after JavaScript. but the majority of developers base providing SQL access to these different But isn’t there a sense that SQL is dat- their usage all around that SQL-92. So types of data stores? ed, compared to NoSQL? while the data that people interact with Many of the systems are object-based. Some have opinions that SQL isn’t all is changing in shape and size, SQL That’s one of the common complaints that great, but it has a very low learning remains the most common standard to about SQL, that it expects a flat struc- curve, and the query language is very enable access to all those data formats, ture, a table with a set number of English-like. But what’s really interest- anywhere, anytime—especially when columns and rows—it always expects ing is that if you look at the market five using analytics tools for business intelli- data in a rectangle format. Objects years ago, the number of data storage gence (BI). aren’t necessarily rectangular. One systems started to explode. You had Although the standard hasn’t individual might have a single phone SaaS, NoSQL, New SQL. And when changed much, there’s been an enor- and address; another might have mul- NoSQL first came out, the definition mous amount of activity throughout the tiple. That ability to represent a person was no SQL—not going to support tech industry to bring SQL to SaaS, Big as an object with information nested in SQL, never will. And now it means “not Data and other semi-structured and them is how newer systems tend to only SQL.” What we see now is data unstructured sources in a variety of operate. Being able to use SQL when storage companies realizing there’s an ways. For SaaS, there’s Oracle Service continued on page 36 >

This article is sponsored by SDT324 page 35,36_Layout 1 3/18/16 2:12 PM Page 36

36 SD Times April 2016 www.sdtimes.com

INDUSTRY SPOTLIGHT: DATA ANALYTICS Why SQL still dominates business intelligence < continued from page 35 has Siri, Microsoft has that—it’s based (“MongoDB and SQL: Bridging the accessing these object-oriented data- on a Halo character—oh yes, Cortana. divide”), our Chief Data Evangelist base systems is a challenge for the con- Amazon has similar technology. They Sumit Sarkar talked about how we nor- nector. That object base problem is all have the ability to respond to a sim- malize unstructured data, which allows really present in all of these sources, ple question and scour a variety of you to use SQL the way it’s meant to be but most applicable to NoSQL data sources to answer it. There’s a used. The methods present in SQL sources. small number of very large companies Server today are not as powerful and What about SaaS sources? focusing on that. But on a daily basis, easy to use. Now, there are some data- The service provider needs to limit there’s a very large number of regular- bases, such as Postgres, that have how taxing you are to their system, sized companies that are looking to implemented some proprietary SQL which is serving multiple customers. If run relatively simple BI, relying on commands that are powerful, but they you attempt to execute a SQL state- SQL. are far from intuitive. ment that’s going to bring the relational Ultimately, I feel like any project I What BI tools are most in use right database to a halt, that’s a problem. look at that relies on data relies prima- now? Their APIs impose limitations to pre- rily on ODBC or JDBC interfaces to Sometimes it’s easy to overlook the vent this from happening. Some SaaS execute SQL. most popular BI tool: Excel. [Laughs] sources provide multiple APIs to help What about NoSQL displacing SQL on But there’s also Tableau, Qlik, MicroS- address different querying needs. mobile? trategy and Jaspersoft, among others. Being able to provide easy SQL access A lot of things on mobile interact with Why is hybrid data connectivity impor- that works within these confines is Web services. Aside from SQL, the tant? pretty challenging. standard that we’re invested in signifi- I talked to a guy from a major bank at We’ve helped quite a few of our larg- cantly is OData, the Web-friendly MongoDB World. He explained that er customers overcome this problem (REST) query language. OData may they had adopted new technologies, via our connectors—and it is always a not be widely adopted today, but I pre- stored data in them, and it was working rewarding experience. dict that in the future it will play a great. But they suddenly found the So why is BI so dependent on SQL? much larger role in the mobile space. requirements of the project expanded Business intelligence is our most com- As for SQL, every smartphone has to include the need to run analytics on mon use case. There are a bunch of BI some sort of database internally and the this data. apps that are able to use standard APIs phone is interacting with that in SQL. At that point, his organization is to execute SQL statements. Native Microsoft SQL Server 2016 is finally backed into an unpleasant corner interfaces will be custom SOAP or adding support for JavaScript Object where they either have to buy a brand REST APIs—BI systems either Notation (JSON) due to massive devel- new BI tool that supports a NoSQL straight up do not support or have oper demand. What does that mean? database, or they have to write it—and poor support. That’s definitely them attempting to support it—themselves. Connectors Similarly, implementing proprietary combat the NoSQL revolution. SQL provide a more cost-efficient solution. connectivity to query the data; it’s just has been enhanced to support JSON In SaaS data sources, the use case is not feasible to build quality connectivi- methods and query within JSON doc- even stronger. You’ve got Salesforce, ty into the application for all the data uments. What’s interesting there is, Marketo or Google Analytics with all silos that exist today. That’s what’s driv- the ways in which we provide a con- your sales and marketing info—it’s all ing the need for all these vendors to nection to a NoSQL database like about your leads. Without SQL connec- revisit these solutions, so people can at MongoDB right now are generally tivity, you’re unable to query that data least report on the data. more powerful than the methods avail- and really understand the health of that Wasn’t machine learning and Big Data able via SQL Server. database. going to revolutionize BI with things like The BI vendors see that changes in When you look at it that way, SQL IBM Watson? the SQL space are just now being truly is the power behind the BI analyt- From a straight-up reporting point of adopted by relational vendors. I don’t ics and hybrid data connectivity scene. view, I think it’s probably exaggerated. think it’s going to quite support the The fact of the matter is that, at 30 Watson just wants to ingest data. The needs of end users to dive into JSON years old, SQL is still an important stan- easiest way to ingest that data from docs. dard that no organization who wants to any source is going to be SQL. Apple In our previous SD Times Spotlight fully leverage BI can afford to ignore. z SDT324 page 37_Layout 1 3/17/16 3:27 PM Page 37

Register Early and SAVE! All-Access Pass ONLY $695 Register before May 13, 2016

“This is an excellent conference to attend to get an understanding from both a business and technical sense of Wearables and IOT.” —Kevin Jones, Electrical Engineer, Dept. of Defense

Come to the Largest Wearable-IoT OEM Expo of 2016! Go under the hood of the hottest wearable devices!

A BZ Media Event

PLUS! July 18-20, 2016 San Jose Convention Center The Heart of Silicon Valley Learn how to design, build and develop apps for the wearable technology revolution at Wearables TechCon 2016! More than 60 Tech Sessions and Panels • Product Design • Embedded System Development • Software Design • Application Development • Leading SDKs • Electronic Engineering for Wearables Devices ...and more tricks and techniques that will set your wearable project apart! www.WearablesTechCon.com SDT324 Full Page Ads_Layout 1 3/17/16 3:57 PM Page 38 SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:55 PM Page 39

www.sdtimes.com April 2016 SD Times 39 Buyers Guide Evolving ALM brings all hands on deck Continuous Delivery, DevOps and Big Data are pulling more people into the process than ever before

BY MADISON MOORE include capabilities around collaborat- Before agile, there were a variety of ing, getting feedback from customers, these barriers. The siloed teams were efore the shift in software and having some sort of strategic plan in certainly part of the problem, but most methodologies, the application place. It’s hard to imagine doing of the roadblocks of ALM were cultur- Blife cycle was fairly simple—or DevOps or agile without ALM, but per- al. Removing these barriers has allowed at least straightforward. Now, contextual haps with this shock to the system, it’s software development to become a elements of ALM have changed drasti- time to rethink the application life cycle. cohesive unit with other parts of the cally because of the evolving nature of organization. the industry. Where the old ALM Embrace the culture shock “I personally think the best thing process was all about managing applica- Waterfall culture is in the past for ALM that ever happened to the ALM was tion development, today’s faster pace of processes. Large organizations that agile and the DevOps movement,” said delivery and more complex applications were siloed experienced many prob- Paula Rome, senior product manager at are forcing companies to create a new lems that could have been solved by Seapine Software. “That really brought model that works with current practices. tapping into the right tools. Often, into focus [that] it’s not the tool, it’s the ALM started in the “waterfall” age, teams in different silos would blame process and the people and how you are but now it has a close relationship with others when things went wrong, and working with each other.” Continuous Delivery, DevOps and that’s when big projects would fail. Organizations realized there were agile. Releases that used to take weeks “In many cases this became part of best practices that could get their teams or months now only take a few days. the enterprise ALM culture,” said Flint to collaborate together. The variety of The entire software development Brenton, CEO of CollabNet. “Howev- tools helped with consistency and industry has experienced a huge shift in er, in healthy collaborating organiza- allowed ALM to overcome process, culture, and the role of developers tions, this was never part of ALM prac- technology and functional barriers, and (along with their tools) has modernized. tice. [But] I have heard war stories of ALM really gave opportunities to ALM’s value is that it gives insight to badly behaving organizations that organizations to communicate effec- testing and develpment teams, and the played this out in the context of a tively, according to Tye Davis, senior scope of ALM has been broadened to painful ALM experience.” continued on page 41 > SDT324 Full Page Ads_Layout 1 3/17/16 3:58 PM Page 40

Join Over 100,000 Developers )_o$;v|omঞm†o†vѴ‹

Quickly orchestrate and run massively scalable performance tests against all of your apps, from classic web and mobile, to microservices and APIs, using leading open source tools.

TM

Selenium

SIGN UP FOR A FREE 14-day PRO Trial _‚rĹņņbm=oĺ0Ѵ-Œ;l;|;uĺ1olņ=u;; SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:20 PM Page 41

www.sdtimes.com April 2016 SD Times 41

< continued from page 39 product marketing manager at Hewlett Microservices with ALM Packard Enterprise (HPE). Microservices are applicable in the modern ALM world as they are helping teams The integration of things such as agile deliver products faster. Microservices introduce some challenges, and yet simplify the and DevOps, QA, development and life cycle at the same time. product management has resulted in a “Microservices do introduce challenges as integrated testing and deployment wider team responsible for delivering become more complex and require automation,” said Flint Brenton, CEO of CollabNet. software. The challenge is that the old “Poorly designed microservices can shift what were previously monolithic applications tools can’t handle the scale of collabora- into the network, but the problem still exists in the form of data marshaling, load bal- tion and visibility needed, said Brenton. ancing and latency issues, and availability and fault tolerance of those services.” Companies must use a comprehensive ALM can solve this complexity problem by making it easier to find the DevOps platform that provides a way to show dif- pipeline, said Kelly Emo, director of life-cycle and quality product marketing at ferent stakeholders the big picture, Hewlett Packard Enterprise. She said that when you have a microservice that is con- while also allowing the flexibility of dif- tained, it’s really focusing on a specific function or user story. ferent source-control systems, DevOps Instead of having a monolithic application with multiple requirements, there are tools, and tracking systems that the indi- now pipelines that can manage these specific services to give you clear visibility on vidual teams are currently using, he said. how it’s progressing. While some define agile as a culture “You’re going to have a lot more data points going into the sys- and some call it a movement, the tem, and you’re going to have all these pipelines managing these different services,” said Emo. change the industry has been experi- There will be so many data points that the team won’t be able encing has been brought about by new to absorb them all, she said. This is where ALM is really aggregat- principles and procedures, not by a ing that data. It’s been integrated with development, build and Con- strict set of rules. tinuous Integration tools, and all that data is flowing into ALM, she said. “This means that every organization Emo said that ALM solutions could start to apply analytics to that data, and that adopts agile at its own pace and with its there’s a lot of innovation in the industry around analytics already. own twists, and so the application life- “I think it’s exactly what the industry needs to support microservices,” she said. cycle management also must be adopt- “So yes, in the beginning it could make things more complex. But I think we as the ed to each individual organization,” said industry have the opportunity to use analytics to simplify that, and then it becomes Alex Haiut, vice president of R&D at much more seamless in terms of Continuous Delivery.” z —Madison Moore BlazeMeter. “I do not see any solution that gets closer to a one-size-fits-all. If more roadblocks. they change the way they operate,” said someone looks at ALM in a few differ- “As organizations embrace DevOps, Brenton. ent organizations, the steps and stages code becomes everyone’s problem, and It’s no longer a world where a devel- might be the same or similar, but the so developers are starting to care more oper throws code over the wall to some- flow and tools are different.” about ensuring that what they are con- one to deploy it. Now, the world devel- tributing to the business and that the opers live in is one where they invest in Developers and ALM application is going to give them amaz- deployment channels and deployment The new development world has ing user experiences and have that pipelines themselves. changed ALM, but it’s also changed the great quality,” said Emo. As a developer writes code, they are role of the developer. The environment ALM was never intended to be static thinking about where the code is going looks and feels different, and for some- or inflexible, said Brenton, so developers to run and how it’s going to be main- one who has been coding for a long need to start thinking about ALM as tained or supported. According to time, this new way of working can come building “more collaboration”—not sim- Aaron Bjork, principal group program as a struggle. ply with other developers, engineers and manager at Microsoft, developers need Kelly Emo, director of life-cycle and project team members, but with teams to invest in deployment and understand quality product marketing at HPE, said working on corporate plans, broader it because it’s their job now. that developers want to become more portfolios and business owners. Visibility “Developers are very interested in successful and do their jobs better, but and transparency are two key buzzwords technologies that allow them to write they don’t want additional overhead. that will help organizations that want once and target many platforms, so Developers want to focus on the tools truly fast-moving ALM teams. that’s what many developers are paying they want to work in, and focus on their “When they are partnering in the attention to these days,” he said. “We code. ALM can help developers ensure selection of an ALM solution, [develop- want code reusability and we want to that what they are developing is better, ers] should insist on a platform that make sure the investments we are mak- but if additional steps are being creat- allows them to use their tool set as it ing from a tech standpoint are going to ed for them before they can even code, exists today or that allows the to migrate stand the test of time across a breadth she said this is considered to be just to different tools, or adopt new tools as continued on page 45 > SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:21 PM Page 42

42 SD Times April 2016 www.sdtimes.com Is it time to rethink ‘ALM’?

BY MADISON MOORE feel different from the approach of the Flint Brenton, CEO of CollabNet The traditional application life cycle is past. If they don’t, I’d argue that an “Yes. ALM is a technology no more. Past ALM processes were cre- organization isn’t progressing.” category that dates back ated in the waterfall age, where large more than three decades. organizations relied on silos to deliver Alex Haiut, vice president of It is time to rethink it software in a slower fashion. This way engineering at Blazemeter because major contextual of delivering software will no longer “Yes, definitely. I am elements that shaped our understand- work, as there is an emphasis on fast developing commercial ing of ALM have changed considerably delivery and less time to market. With software for over 20 years, in the last 10 years. Material changes this evolution, we asked some ALM and I have to admit that have taken root in the operational envi- experts what ALM looks like in the the user expectations for ronment, development tools, engineer- modern software development world, application stability, richness and per- ing best practices, and application and if it might be time to rethink the formance are at their highest level development methodologies. definition of ALM. these days. So is competition between So, whether we realize it or not, we the software vendors. are always rethinking ALM. The tools Aaron Bjork, principal group pro- Agile Development, Continuous shape the daily activities, the activities gram manager at Microsoft Delivery and other methodologies are shape the culture, the culture shapes the “Yes, it’s absolutely time to here to help. But methodologies and practices and force the previously estab- rethink ALM. Why? Sim- practices don’t work well without tools lished processes to find a new model ply because the applica- supporting them. As anyone adopting that works to explain, support or inspire tions we ship today, and these methodologies quickly realizes, practices and promote more collabora- the environments in which there’s no ‘one size fits all’ in these tion with the extended team members. we ship them, look substantially differ- things. Each process and methodology But some organizational structures are ent from the era in which traditional must be carefully adjusted to fit the supporting a specific ALM practice as a ALM practices were first established. team skills and culture. So are the ALM static model, and they may have forgot- We ship more frequently: What used to tools; they should be carefully selected ten about the original roots of ALM and take months, if not years, now happens (or crafted) to match the company, the adaptive ‘change’ nature of software continually. We ship to new environ- team, procedures and culture again. development practices. ments: Instead of printed media, we’re Experience shows there’s rare The art of creating great software has often cloud-first. And we ship to a new chance one tool will satisfy all organi- always relied on a number of subjective customer: a customer who demands vis- zational ALM needs, most of us will decision-making and collaborative activ- ibility into the road map and plan for the end up with tool chain containing mul- ities relative to the constraints, chal- software they’re using or buying. tiple tools, each one helping specific lenges and requirements of any individ- I don’t believe however that rethink- parts of the process or team. There- ual project. Successful teams leveraging ing ALM means that we should aban- fore, if I should pick one criterion to a legacy ALM platform have always don ALM. Instead, it means adjusting pick the tools, I’d go with integration understood this. But the efficiencies our approach to accommodate the capabilities. And if we are going to add gained by a past generation’s centralized, needs of this new landscape. Every another one, it’d be reporting capabil- inflexible and monolithic ALM platform organization building software, regard- ities. that was optimized for a waterfall-only less of size and shape, still has a need to Smart, well-developed APIs and methodology, cannot cope with increas- gather requirements, plan for what’s other integration features will make ingly fragile and complex data centers, next, write and share code efficiently, multiple tools play well together. the emergence of global development and release with confidence. Our Reporting will make the process clear teams, and limiting variables that com- approach to these activities (which are and transparent to all stakeholders, plicate projects that we see today.” encompassed in ALM) should look and which is an essential part of its success.” continued on page 45 > SDT324 Full Page Ads_Layout 1 3/17/16 3:58 PM Page 43 SDT324 Full Page Ads_Layout 1 3/17/16 4:15 PM Page 44 SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:22 PM Page 45

www.sdtimes.com April 2016 SD Times 45

< continued from page 41 of platforms.” Is it time to rethink ‘ALM’? While organizations are becoming more agile, developers still need to make < continued from page 42 gration, and interpret and deliver data sure that they are keeping track of their Jason Hammon, director of from those tools with data created within deliverables and making sure that they product management at TechExcel the life cycle itself, to deliver insights to match what customers’ expectations are, “I think it actually is time users in ways that enable app develop- according to Jason Hammon, director of to reexamine ALM. ment and test teams to predict outcomes, product management at TechExcel. Specifically, it’s time to optimize resources and remove latency He said that with agile development, reassess the benefits of from key decision making. ALM is rapidly some people moved away from ALM ALM and why we use it. becoming a Big Data challenge, but when and had gotten less formal in their Only then can the decision be made as leveraged to deliver life-cycle insights, requirements tracking or test manage- to whether these benefits still apply for ALM will become pivotal to increase over- ment. This, he says, is great because of software development today. all quality, reduce rework and grow trust the flexibility. But, in the end, you The primary benefit of application and interaction between Dev and Ops. aren’t tracking what you are supposed life-cycle management is to ensure that to be doing and validating what you’ve the software delivered matches what Paula Rome, senior product actually done. was intended. By linking requirements, manager at Seapine Software development tasks and test cases we “Companies should re - Speed of delivery can increase the chances that all of the think ALM in terms of Fast delivery is a driver because that’s stakeholders are on the same page. what they want versus what users demand, and it’s how compa- With the increase in the speed of what they actually need— nies remain competitive. But Continuous delivery and the complexity of software, both now and as they Delivery requires better and more timely it’s more important than ever to closely grow. Too often, companies only focus visibility into the engineering team’s track and validate software deliverables. on the now. They find a low-cost ALM efforts, not only for operations but also The challenge is to find a process and/or tool that is actually one part of the tool for other stakeholders in the organization solution that allows teams to manage chain—issue management, for exam- so they can understand what the business the software life cycle efficiently.” ple. It meets their core needs, even is delivering and when. This allows them though it has a weak workflow, no trig- to coordinate on time to market, sell it, Kelly Emo, director of life-cycle gering capabilities, no traceability, can’t and support it, said CollabNet’s Brenton. and quality product marketing at merge defects, etc. “This requires your ALM platform Hewlett Packard Enterprise At this point, most companies start to handle the speed of delivery, provide “ALM as a process and as adding on other tools to fill in the gaps. visibility into every step of development reflected in software tool- It seems cost-effective, because they’re for quick escalation, impact assessment, ing is evolving to support only paying for what they need when and problem resolution, and provide the aim of high-quality they need it, right? The problem with traceability and accountability for com- delivery at high velocity. As this a la carte approach is that it creates pliance and security practices—all more organizations adopt agile develop- a patchwork ALM solution with multi- across an increasingly heterogeneous ment and DevOps delivery methodology, ple points of failure, multiple versions and quickly changing toolset,” he said. the patterns and way that their ALM of the same information, and no one to “In the old ALM world, we celebrat- processes and tools interpret their activi- help when the system breaks. ed your birthday, and in the new ALM ty and the data that results from the Additionally, patchwork ALM solu- world we celebrate every day,” said delivery of software will evolve. tions, by their nature, lack end-to-end Microsoft’s Bjork. “It’s a mindset shift; First, we will see more ALM tools artifact linking and traceability. Without when you have a practice like Continu- evolving their user experience and archi- these capabilities, real-time access to ous Delivery or Continuous Deploy- tecture to deliver functionality to manage critical relationship information is ment, you’re thinking about incremen- Continuous Integration, Continuous unavailable, and quality-specific analy- tally getting to the finish line instead of Testing and Continuous Delivery, the sis techniques, such as impact analysis, getting there in big jumps.” key elements of an integrated DevOps are tedious, time consuming, and often It’s more important than ever to find pipeline. In addition, ALM software will inaccurate. an ALM process or solution that is light- make use of the data that is created in the In the end, they wind up paying weight and easy to use, according to life-cycle process as well. more for all the disparate tools they had Hammon. He said that because of the ALM tools, looking forward, will inte- to cobble together than they would faster release cycles, if people feel that grate tools widely used by developers and have paid for a single, flexible tool that documenting or validating those testers such as Git for source-code man- covers their application life cycle from continued on page 48 > agement and Jenkins for Continuous Inte- end to end.” z SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:22 PM Page 46

46 SD Times April 2016 www.sdtimes.com

n Atlassian: Teams use Atlassian tools to work and collaborate throughout the soft- A guide to ALM suites ware development life cycle: JIRA for track- ing issues and planning work; Confluence for collaborating on requirements; HipChat n FEATURED PROVIDERS n for chat; Bitbucket for collaborating on code; Stash for code collaboration and Git n BlazeMeter: BlazeMeter ensures delivery of high-performance software by repository management; and Bamboo for enabling DevOps teams to quickly and easily run open-source-based performance continuous integration and delivery. tests against any mobile app, website or API at massive scale to validate perform- ance at every stage of software delivery. The rapidly growing BlazeMeter community n Borland: Products such as Caliber, has more than 100,000 developers, and includes prominent global brands such as StarTeam, AccuRev and Silk make up a Adobe, Atlassian, Gap, NBC Universal, Pfizer and Walmart as customers. Founded in comprehensive ALM suite that provide 2011, the company is headquartered in Mountain View, Calif. and Research & Devel- precision, control and validation across opment in Tel Aviv. the software development life cycle, and are unique in their ability to integrate with n CollabNet: CollabNet offers enterprises and government organizations of all each other—and with existing third-party sizes the platform to accelerate development and delivery of quality software at tools—at an asset level. speed with its flagship product TeamForge. CollabNet is a pioneer in open-source, agile and collaborative solutions for large, distributed software environments. It pro- n IBM: IBM’s Rational Collaborative Life- vides innovative development tools at enterprise scale and agile consulting and cycle Management is designed to deliver training services. CollabNet services more than 10,000 customers, supporting 6 mil- effective ALM to agile, hybrid and tradi- lion users in more than 100 countries. It has been recognized for the past 12 years tional teams. It brings together change as a SD Times 100 industry innovator in the ALM & Dev Tools category. and configuration management, quality management, requirements manage- n HPE ALM Software: HPE ALM, HPE Agile Manager and HPE Quality Center pro- ment, tracking, and project planning in a vide a software platform and open integration hub to accelerate delivery of high- common unified platform. quality software at scale. Manage requirements and user stories, developer changes, builds, tests and effects and share and reuse asset libraries and workflows across n Inflectra: SpiraTeam is an integrated projects. Support scaled agile with insight and visibility from Scrum team to enter- ALM suite that provides everything you prise agile release. Deploy flexibly on premise or as a service in the cloud. need to manage your software projects. It includes features for managing your n Microsoft: Visual Studio Online (VSO), Microsoft’s cloud-hosted ALM service, requirements, testing and development offers Git repositories; agile planning; build automation for Windows, Linux and Mac; activities all hosted either in our secure cloud load testing; DevOps features like Continuous Deployment to Windows, Linux and cloud environment or available for cus- Microsoft Azure; application analytics; and integration with third-party ALM tools. VSO tomers to install on-premise. is based on Team Foundation Server, and it integrates with Visual Studio and other pop- ular code editors. VSO is free to the first five users on a team or with MSDN. n JetBrains: JetBrains offers tools for both individual developers and teams. TeamCity n Seapine: Seapine Software’s integrated hybrid-agile ALM suite enables product provides Continuous Integration and development and IT organizations to ensure the consistent release of high-quality Deployment, while YouTrack provides agile products, while providing traceability, reporting and compliance. Featuring Test- project and bug management, and Track for requirements, issue and test management; Surround SCM for configura- Upsource facilitates code review and repos- tion management; and QA Wizard Pro for automated functional testing and load itory browsing. Tools for individual develop- testing, Seapine’s tools provide a single source of truth for project development arti- ers include IDEs for the most popular pro- facts, statuses and quality to reduce risks inherent in complex product development. gramming languages on the market, as well as .NET tools for boosting one's productivi- n TechExcel: TechExcel DevSuite is a product development life-cycle platform that ty, profiling apps and more. automates and streamlines requirements, development and QA processes for faster, more frequent release of high-quality products. Whether your process is agile, tradition- n Kovair: Kovair software specializes in al or hybrid, DevSuite ensures your most current requirements are built and tested. With the domain of integrated application life- dynamic linking of requirements to all development artifacts, DevSuite enables full bidi- cycle management. Our objective is to rectional requirements traceability from product design through development, testing, make the software development process bug fixing and release. DevSuite also allows you to completely customize development better, faster and collaborative in a syn- environments to increase the speed and efficiency of your teams, including custom chronized tools environment. Kovair pro- workflows and rules, personalized page layouts, tailored workspaces with defined vides multiple solutions to the market access control, specification reports for instant project status, and more. DevSuite also such as the Kovair ALM Studio, Kovair enables you to leverage TechExcel strengths and plug it into third-party applications Omnibus Integration, Kovair iTM—the using RESTful APIs. With DevSuite, you’ll more quickly deliver products that are bug- Integrated Test Management Solution, and free and include the features, functionality and user experience customers require. continued on page 48 > SDT324 Full Page Ads_Layout 1 3/17/16 3:58 PM Page 47 SDT324 page 39,41,42,44,45,46,48_Layout 1 3/18/16 1:25 PM Page 48

48 SD Times April 2016 www.sdtimes.com

< continued from page 45 team, but what can also provide trans- A guide to requirements are a burden, then they’re parency, he said. not going to do it. There is a need to One principle to follow is to define a keep a close connection between what cadence that fits the culture that’s been ALM suites the desired project is and what is actu- established, and have it fit into the deliv- < continued from page 46 ally being created, and ALM provides a ery pipeline, said Bjork. “If you want to most recently Kovair QuickSync for data mean of doing that, he said. move quicker, you’ve got to be able to migration between multi-vendor tools “That’s still a very important project deploy quicker, and you’ve got to be able when legacy data must be migrated. in terms of connecting what the business to deploy with confidence,” he said. analysts and the marketing folks are And while companies might have n Orasi: Orasi is a leading provider of soft- expecting to see in the product and what their Dev and Ops teams working clos- ware testing services, utilizing test man- actually shows up when it’s released,” er, the modern software development agement, test automation, enterprise test- ing, Continuous Delivery, monitoring, and said Hammon. “With the shorter cycles, world allows companies to constantly mobile testing technology. The company is it’s more important to get it right.” stay engaged with its customers. Cus- laser-focused on helping customers deliver tomers are the people that will give high-quality applications, no matter the Tools, methodologies and rules of ALM feedback on what you are and are not type of application they’re working on and Rethinking ALM in this modern soft- doing well, said Bjork, so it’s healthy to no matter the development methods or ware development world means keep- have a channel to talk to customers. delivery processes they’ve adopted. In ing those same steps and building on addition to its end-to-end software testing, top of them as the company moves What’s in the future for ALM? Orasi provides professional services toward a more agile way of operating. Tools are more flexible and can add val- around testing, processes and practices, as Hammon said that there are examples ue to ALM, but with the new pace of well as software quality-assurance tools of people losing their way in the some- technology and innovation, the industry and solutions to support those practices. times chaotic world of shorter release is rapidly approaching the point where cycles. Formally documenting require- the amount of information that gets n Rommana ALM: Rommana ALM is a fully ments and having a validation step to generated through ALM is both valu- integrated set of tools and methodologies that provides full traceability among them is one rule companies should be able and a problem, said Emo. She said requirements, user stories, scenarios, test concerned about. that because of this, there are going to cases, issue reports, use cases, timelines, While there are many rules or best be Big Data problems and solutions for change requests, estimates and practices of ALM, there are a few cru- ALM, sparking a huge jump in efficien- resources; one common repository for all cial components that testers or project cy and effectiveness. project artifacts and documentation; and managers should follow. Emo said com- ALM will also need to become more full collaboration for all team members. panies must maintain visibility as they strategic as teams leverage the flexibili- progress through the life cycle, ensur- ty to securely adapt and adopt what is n Serena Software: Serena provides ing consistent continuous quality. She best for their team, said Brenton. It will secure, collaborative and process-based said that one of the ways to get contin- have to work best for the team so they ALM solutions. Dimensions RM improves uous quality, security and performance can deliver quality at speed, and the the definition, management and reuse of is by making sure you have those ALM ability to deliver working software requirements, increasing visibility and col- capabilities built into the DevOps products rapidly is a “critical weapon laboration across stakeholders; Dimen- sions CM simplifies collaborative parallel pipeline. for a company to be successful in fast- development, improving team velocity In terms of methodologies, more and changing markets,” he said. and assuring release readiness; and more organizations are paying attention If companies are rethinking the way Deployment Automation enables deploy- to lean principles and their workflow, they are doing ALM, Rome suggests ment pipeline automation, reducing cycle said Bjork. He said that streamlining thinking about what the company actu- time and supporting rapid delivery. methodologies is the next big movement. ally needs instead of what it wants. She Since Scrum and many agile methodolo- said that in the past, companies would n Sparx Systems: Sparx Systems’ flagship gies taught companies to work faster, pick a vendor, and it would be like product, Enterprise Architect, provides now they can learn how to do that at “signing up for a mindset.” She said that full life-cycle modeling for real-time and scale while also eliminating waste. today, customers and the industry need embedded development, software and When it comes to choosing the right to have a conversation systems engineering, and business and IT Read this story on ALM tool, Haiut said to think about of what they need, and sdtimes.com systems. Based on UML and related speci- what integrates well into your company. that as an industry, she fications, Enterprise Architect is a com- prehensive team-based modeling environ- He said everyone hates surprises, espe- said they should be ment that helps organizations analyze, cially stakeholders who are outside of doing a better job at design and construct reliable, well-under- the development team. The best tools supporting where that z stood systems. z are not only what’s comfortable for the wants to go. SDT324 Full Page Ads_Layout 1 3/17/16 3:59 PM Page 49

Get started for free Don’t just go http://aka.ms/agiletools faster, go farther.

Go beyond planning and tracking with an end-to-end agile solution. Do agile better with Visual Studio Team Services. SDT324 page 50-55_Layout 1 3/18/16 1:18 PM Page 50

50 SD Times April 2016 www.sdtimes.com The state of mobile: Exciting times, Enterprise mass adoption will accelerate mobile software development maturity

hese days, everyone has a best friend: Their smartphone. BY ALEXANDRA “On the Web, personalization is a constant struggle, WEBER MORALES Twhereas on mobile it’s pretty accurate,” said Nancy Hua, cofounder and CEO of Apptimize, a mobile A/B testing platform. “You know everything they’ve ever done. You also for the next big thing. Progressive Web know their context at that moment: Are they on the go? Are apps take on a number of issues currently they inside or outside? Who are they with? The time-of-day facing native apps, including extending battery life, universal mobile access, and effects are pretty big. Context lets you deliver an experience less space on the user’s phone. Issues that’s a lot more magical.” with mobile browsers not being as responsive are already being dealt with, A “magical” experience molds itself tion life-cycle models to choose from. plus customers benefit from not having to the user’s preferences as well as Mobile has grown past the dichotomy of to make evergreen updates every time observed consumer behaviors. Hua Web view vs. native apps, ad hoc vs. cum- there is a change to the phone OS.” notes that people tend to browse shop- bersome app store updates, viral vs. Positioning itself to enable enterprise ping sites in the morning, “so you might instant failure. Enterprise adoption is a software to make the leap from the optimize for adding things to wish lists,” huge force pushing for mobile app devel- cloud to employees’ handheld devices in while in the evening, shopping hap- opment maturity. As devices proliferate 2016, Microsoft recently acquired Xam- pens, so making the “buy” button more and unprecedented consumer options arin, the cross-platform .NET develop- visible makes sense. abound, Gartner predicts that enterprise ment environment. But most agree that And increasingly, magic is necessary. software is poised to be the next mass cross-platform mobile frameworks like Mobile users are impatient with apps mobile adoption. Xamarin, React Native, AngularJS, Cor- they download through stores. Battery dova/PhoneGap and the like—while life, storage limitations, privacy lapses, The appeal of Progressive Web apps they have their fans—are an incomplete security nightmares and competing The way apps are developed, delivered answer to the mobile imperative. interests all make going mobile a great and maintained is poised for a massive According to a seminal June 2015 money-losing opportunity. Beyond that, shakeup as the market moves past viral blog post by Google developer Alex “We look at retention, engagement, rev- consumer apps to encompass mission- Russell, “Many platforms have attempt- enue, virality, funnel and flow through critical functionality. ed to make it possible to gain access to the app,” said Hua. “The ones who have “The big news moving into 2016 is ‘exotic’ capabilities while still allowing biggest gains are the ones who test and progressive Web apps,” said Karolyn developers to build with the client-side make changes all the time.” Hart, COO of InspireHUB, a mobile technology of the Web. In doing so, That said, there is no denying that charity engagement software vendor in they usually jettison one or more mobile apps are no longer optional. Richardson, Texas. “Google’s announce- aspects of the shared value system. Where options abound, however, are in ments in early, mid and late 2015 have They aren’t bad—many are technically the architectural, contextual and applica- sent leading-edge developers on the hunt brilliant—but they aren’t of the Web.” SDT324 page 50-55_Layout 1 3/18/16 1:18 PM Page 51

www.sdtimes.com April 2016 SD Times 51 exploding choices

According to Russell, the alternative able as apps screen have to earn that right over time is a new class of applications that: • use push notifications as you use them more and more. They • responds to form factor • are installable to the home screen, progressively become ‘apps.’ ” • can work offline and Certainly no one will miss the plain- • have app-like interactions • are linkable, because “The social tive request to install a website’s native • refresh in the background power of URLs matters.” app for a mobile experience. Much of • are secure via Transport Layer Why “progressive”? According to the magic of progressive Web apps Security Russell’s blog, “Sites that want to send comes from the new ServiceWorker • use W3C manifests to be discover- you notifications or be on your home continued on page 52 > SDT324 page 50-55_Layout 1 3/18/16 1:19 PM Page 52

52 SD Times April 2016 www.sdtimes.com

< continued from page 51 specification, a JavaScript-based re- Native Apps placement for the arcane Application PROS: Higher performance, app store approval (which provides safety, security Cache. ServiceWorker lets apps use per- and support), and easy accessibility are among some of the many reasons to use sistent background processing, inter- native apps, according to Moovweb. Further, through a variety of alerts and push noti- cepting network requests so that the fications they keep users engaged every step of the way. By tapping into the native UI sites that have been visited at least once components of an operating system, developers can get as close to the native OS bits can function while offline. Push notifi- as possible to capture a unique look and feel that runs quickly and smoothly. cations, background sync and adding to The native app approach can also allow for optimum performance, both online the home screen are also features of and offline, with the ability to access a variety of an OS’ native components, such as ServiceWorker, which is primarily a the camera, GPS or accelerometer. There is a reason why native apps have been Google/Chrome project and is under around so long: They offer an end-user experience that is unparalleled by the Web, consideration by Apple (though simple according to About.com. Progressive Web apps can be imple- CONS: Native apps by definition are developed for one particular mobile plat- mented for Safari, according to Buenos form at a time, such that if you build an app for iOS, it will not function or perform Aires-based JavaScript consultant on another device such as Android. This is the native app’s Achilles heel. Nicolás Bevacqua). Meanwhile, Mozilla In today’s environment, it may be cost-prohibitive to build, test and support an app for even just one type of device. In order to not alienate a large segment of Firefox and Opera are already on board. mobile users, multiple app development groups may be required to build and support JavaScript exceeds mobile expectations native apps across device types within an organization. This approach may be nei- ther cost- nor time-effective. Consider the time it may take to build one app for one Even without progressive Web apps, device; now multiply that by the types of devices you want to support. JavaScript is enjoying new prominence In addition, once the app is completed, it must be approved by the app store as a mobile enabler for companies pro- before it is put on sale and/or available for downloading. Apps are subject to the will viding Web services. and whims of each App Store operator. Plus, if any app updates are needed (as they “Software developers have long always are), they must be pushed through the App Store as well. z sought a way to create a portable logic —Eric Overfield engine where business logic can be written once and then run across multi- team developed for TurboTax is now takes to build fully native codebases ple platforms,” said Alex Balazs, vice being adopted as a company-wide stan- (with no app performance penalty). president and fellow architect for Intu- dard going forward. It has led to a 10x Built on top of the same engine that it, makers of TurboTax. “Attempts using productivity improvement for develop- React is, Rose predicts it will eventually C++, Java and Flash came close, but ers,” Balazs said. be included as an additional import never quite solved the problem for from React, while being easy to learn Web, desktop and mobile. With the Node.js, React Native gain fans for developers familiar with React. prevalence of Web browsers on all plat- Intuit also credits Node.js, the platform “There’s a terrific community behind forms, JavaScript has reemerged as a built on Chrome’s JavaScript runtime, React Native developing highly useful means to build a truly portable business for platform-agnostic user experience packages like a camera plug-in, a slack- logic engine.” design. “The use of Node.js in enterpris- like drawer view and many other things How did Intuit pivot from Web to es is growing, since it helps large organi- you don’t get from React Native out of mobile? In a word: quickly. Balazs zations expedite development for multi- the box,” he said. describes how it only took a year to be ple platforms by breaking monolithic “You can check out some of the able to offer the full version of its tax- enterprise architecture into smaller, sim- options at React.parts. These plug-ins filing software for 30 million customers. pler service components,” said Balazs. are now really easy to link with your “We created a development platform “At Intuit, we’re building enterprise- project by using rnpm [React Native for Intuit engineers—codenamed grade services that accelerate innovation Package Manager], which does all of ‘Fuego’—that has played a pivotal role in without upending the experiences that the file imports and xCode linking.” our mobile transformation,” he said. millions of customers rely on every year. Achieving native iOS or Android “Fuego enables the development team We’re using Node.js as we continue to performance with React Native apps all to write once and deploy everywhere re-platform to increase speed, flexibility, depends on how they are written, across the 50,000 screens in TurboTax by and deliver new capabilities.” according to Rose. “Some of React delivering user experience as a service.” Another option many are excited Native’s secret sauce is in the fact that Development teams are paired with about is React Native. According to they have two JavaScript threads run- content teams, and their combined mobile developer Evan Rose, this ning: one for UI and then a main app efforts are then sent to renderers that hybrid mobile application framework thread. This makes it so that application would render correctly for each plat- built by Facebook has helped him build JavaScript doesn’t block the UI and cre- form. “The Fuego platform that the applications in nearly half the time it ate jank,” he said. SDT324 page 50-55_Layout 1 3/18/16 1:29 PM Page 53

www.sdtimes.com April 2016 SD Times 53 Small tweaks matter for mobile development A/B testing and Continuous Delivery are critical to discovering what makes your users tick When it comes to mobile apps, getting the user to not only open the app but use it to its fullest is critical to avoiding abandon- ment. So how do you increase a push notification opt-in rate from a measly 22% to an industry-leading 62%? Last Minute Travel did it by removing the push notification prompt that appeared when a user initially opened the app. Omer Chehmer, head of mobile communications, and his team replaced it with multiple touch points along the customer’s journey. By expressing the benefits of push notifications to the user at the appropriate time—including asking the customer for permission to send updates on potential flight delays after they booked their trip—Last Minute Travel celebrated a push notification opt-in increase of 182%. ly with so many options for mobile testing around. Testing also The New York Times, long thought to be marching toward becomes critical in the highly competitive world of mobile apps. oblivion thanks to Internet news, has finally managed the tran- “Successful apps are cloned pretty rapidly. Every random sition to paid online journalism, and is seeing even more suc- utility app is cloned soon after launch,” said Hua. The answer is cess in mobile thanks to recent usability redesigns. A mid-2015 to keep testing new features—and never assume the app has fin- iPhone homescreen redesign not only increased visit frequen- ished evolving. cy, it resulted in users reading more articles and spending more time on the app. According to the company, six months into the MOBILE CONTINUOUS DELIVERY new look, new user retention was 60% higher year over year. Patrick Debois hopes you don’t think of him as a DevOps one- Small user experience changes that are A/B tested on cus- trick pony. At least, that’s what he said in his 2015 O’Reilly Veloc- tomers are critical for mobile success during the initial launch ity Conference talk, “Mobile continuous delivery—with a DevOps period when the vast majority of new users abandon the app, mindset.” During the presentation, he listed a vast array of open- according to Apptimize, a mobile-first testing startup. source and commercial tools his team uses to build mobile apps “Retention curve: I think that’s the first thing you should that report real-time results to a live television show. think about,” said Nancy Hua, Apptimize’s cofounder and CEO. These include: “When we first started the company, we put a lot of focus on n Hosted Continuous Integration options for mobile, such as user acquisition. But if you don’t have good retention, you’re Hosted CI (for iOS and Mac), Circle CI and Travis CI pouring money into a leaky bucket.” n Mobile security testing with dexter.dexlabs.org Using her tool, you can not only scientifically test theories n App metrics with Fabric about usability and flow, you can also hotfix copy and other n Flight recording with Flight Recorder minor changes, bypassing the app store review process. Of n Scenario testing with Appium course, A/B testing (indeed, testing of any sort) still seems aspi- n A/B testing and retention rates with Apptimize rational for many mobile efforts. Clearly it shouldn’t be, especial- n Ranking with App Annie —Alexandra Weber Morales

“Another great thing is the ability to code, Rose notes. “The team is working many enterprise mobile use cases. But seamlessly utilize native components on creating abstracted components, another approach is to choose a pre- and APIs. The React Native Bridge is which can be used in Android or iOS, built mobile app platform, such as a extremely easy to use with minimal but there are still some which only work social network, and run microapps on it. Objective-C or Java knowledge. In on one platform (i.e. Navigator vs. Nav- “Look what Facebook Messenger some other hybrid frameworks like Ion- igatorIOS),” he said. “From a UI per- has done with Uber integration: You ic/Cordova, you run into issues with spective, Android apps often have dif- can book an Uber cab from within long lists or trying to display a lot of ferent flows and paradigms, so the Messenger,” said Vijay Sundaram, media. You get around that in React platform-specific components to match cofounder and vice president of prod- Native by using native components, these paradigms makes sense.” ucts for SpotCues. “That’s a hybrid which get much better performance.” approach that they’ve taken, and it’s Finally, React Native’s recently Messaging as orchestration also in some ways a microapp. Look at added Android support lets you reuse Cross-platform frameworks will contin- Kik Messenger, a very popular messag- business logic and most of your UI ue to mature, meeting the needs for continued on page 54 > SDT324 page 50-55_Layout 1 3/18/16 1:20 PM Page 54

54 SD Times April 2016 www.sdtimes.com

develop an app and then market it. The low-friction environ- Web Apps ment enforced by the Web can increase users, while providing cost savings for development. PROS: Preferences for Web apps stem from their ability CONS: As promising as PWAs are, the techniques are to offer affordable cross-platform development solutions. The new and not fully vetted. PWAs still do not provide access to all main appeal of going progressive is the ability to code once for native features such as the camera and GPS. They do not work multiple devices, in addition to saving both time and money. on older browsers/devices. Also, as painful as getting a native Going progressive also alleviates the burden of App Stores by app approved in an App Store can be, once in, the App Store removing delays when updating a mobile app. Service workers does provide a measure of credibility. With PWAs, app develop- increase the ability for the app to work despite limited internet ers must find ways to get visitors to find and use their Web app availability and quality. outside of the App store. As Alex Russell stated at the Chrome Dev Summit 2015, PWAs do show great long-term promise, but what happens PWAs are “low friction”—they don’t require as much clicking when we combine native and Web apps? Can we get the best of and loading. A recurring roadblock with those developing both? Possibly. z—Eric Overfield native apps is the amount of time and money it takes them to

< continued from page 53 revamps in a competitive world, then ing app. They have a bunch of gather and use unstructured data. HTML5 apps that live in the NoSQL data on mobile is a relatively Clay.io marketplace. Messaging new development, however. apps are moving from pure chat to “The biggest thing we saw last year becoming orchestration platforms. was that we spent a lot of time educat- They’re more participatory, with a ing developers who were asking, ‘What highly integrated experience.” is NoSQL?’ ” said Wayne Carter, chief His company’s offering is a cus- architect of mobile at Couchbase, a tomizable context and location- NoSQL document store vendor. “In the based social network that uses Wi- client-side mobile world, they didn’t Fi or geofencing to connect people know what it was. NoSQL grew up on and apps. While the app is native, server-side, utilized by back-end engi- the microapps that a corporate neers. We were explaining why data human resources department might flexibility is important, why bringing install within it are simpler SpotCues’ social networking app is an example of data to the app tier allows you to evolve HTML5-based fare, often built HTML5 apps synergizing with native-code software. apps faster and be more iterative.” from templates provided by SpotCues. Further, local databases can enable The difference between this and other But if context awareness is mobile offline app capabilities. “Offline-first is location-based apps like Tinder or magic, data is an important ingredient the hottest trend in mobile-first move- Foursquare is that context is layered on in the potion. ment,” said Carter. “That’s about remov- top of location for a more compelling ing the barriers to delivering functional- user experience. “Spot owners can offer Why flexible data models work for mobile ity and features that were bound to the content and features customized for that The data requirements of mobile apps availability of the network or Internet.” location, whether it’s a stadium or a are different from legacy enterprise Building an app on top of a local multinational corporation,” said Sun- software: They must scale to millions of database like Couchbase Lite, which daram. users, not break despite constant the company claims is the first mobile NoSQL database, lets the app continue to operate offline while the database Hybrid Solutions reconciles any differences that occur between lapses of network connectivity, PROS: Hybrid apps allow for rapid development, while still encasing desired functionality and design. Hybrid apps can access native features because they are according to Carter. hosted within a native app. While the base of the Hybrid app is native, the content is But another architectural approach built from coding used for the Web, thus most changes won’t have to go through the is the headless app, or Data-as-a-Ser- app store, saving both time and money. vice. “If you take Couchbase Lite out of CONS: Hybrid apps are still not as tailored as native apps. They will always lose the picture and just use our stack as a to native apps in terms of speed and responsiveness. While Hybrid apps do offer a microservices or services stack, you can native feel, they are never truly native. Like native apps they must be downloaded to configure the gateway layer to expose your device, sometimes an unappealing feature that pushes others to go the more secure REST, stream and batch APIs to progressive route. In addition, WebView requires Internet access unless you are the Web,” said Carter. “It means you z using HTML5/service worker/caching. —Eric Overfield don’t have to build a middle tier. It’s SDT324 page 50-55_Layout 1 3/18/16 1:20 PM Page 55

www.sdtimes.com April 2016 SD Times 55

Options for building hybrid mobile apps The hybrid app world continues to be where mobile app devel- chased by Microsoft, provides a platform to build and design opment is headed at the moment. A solid number of frame- native mobile apps for different device types with ease while works, open-source toolsets and platforms are gaining sizable only having to maintain one codebase. Xamarin uses C# as the user bases to create mobile apps. common language, thus it is great for .NET developers, yet can Apache Cordova: Introduced in 2012, Apache Cordova (for- then be used to publish native apps for iOS, Android and Win- merly PhoneGap) is an open-source framework that provides a dows. Write once, use anywhere for sure, when Xamarin mobile development framework using HTML5, CSS also allows for a WebView that can then be combined and JavaScript. Cordova allows for cross-platform with PWAs to leverage their appeal as well. development without regards to each platform’s React Native: React Native, an open-source project native language. Custom applications execute with maintained by Facebook, is similar to Xamarin in that it a wrapper, provided by Cordova, tailored to each provides a platform to build cross-device applications device. Using API bindings, the wrapper can com- with one toolset. Based on JavaScript and React, React municate with a device’s features while the apps Native is used to create a truly native app (it’s not then communicate with the wrapper. just JavaScript/HTML running in a WebView). Ionic: Ionic is an open-source framework built “React Native helps developers reuse code on top of Cordova that uses AngularJS to pro- across the Web and on mobile. Engineers vide a native look and feel for apps. These apps won’t have to build the same app for iOS use Web technologies such as HTML, CSS and for Android from scratch, reusing the JavaScript while also being cross-device ready code across each operating system,” wrote and available in an app store. Margi Murphy for Techworld. Xamarin: Xamarin, created in 2011 and recently pur- Trigger.io: Trigger.io is a platform like Cordova and Xamarin that provides cross-device development Eric Overfield is a Microsoft MVP, and president and cofounder for iOS and Android. The primary cross-platform language in of PixelMill, a digital branding consultancy specializing in this case is JavaScript, but Trigger.io offers a more feature-rich Responsive Web Design, UI/UX and branding for SharePoint API (including UI modules) than many of their competitors. z websites and portals. —Eric Overfield

also called layer consolidation, and it’s ty: The Definitive Guide for Hackers the device manufacturer to build the gaining popularity. We’re excited to and Developers.” “That said, you security in. In the banking and medical start talking about it this year.” should be aware of the Common Cryp- fields that’s already the case: They need to framework, if only so you can tell data-level encryption.” Always the afterthought: Security when other developers are trying to Meanwhile, all that data must be play cryptographer,” he continues, rec- What else is new? encrypted, both at rest and in transport. ommending that the only method you With WiFi direct, iBeacons or NFC Indeed, the very collection of data should play with is CCCrypt. complicating the wireless communica- should be carefully considered, given Because it supports bad encryption tion field, the attack surfaces are only that keeping precise location informa- methods such as Data Encryption Stan- going to expand. But security will always tion, for example, can put an app devel- dard, and because it lets the developer be less exciting than the new ways our oper at legal risk. Just ask any software switch from the default cipher block devices can anticipate our needs, as well vendor that stores location data if it’s chaining to Electronic Code Book mode, as the proliferating SDKs to help devel- ever been subpoenaed in a divorce case. the framework is dangerous. According opers achieve them. “Integration of var- And the problems will only get to Thiel, who works as a penetration ious technologies like camera vision, worse as “data exhaust” from mobile tester, he still sees this happen often. voice recognition and machine learning users is hoovered up by governments, Three quarters of all mobile security will help to improve user experience by programs and attackers alike. That’s breaches are due to misconfigured allowing the user to perform complex why professional security is a mandate. apps, Gartner says. In the wake of the tasks without having to reach out to the “First things first: You are probably FBI’s case against Apple in the matter device,” said Dhaval Sheth, senior soft- not a cryptographer. I’m not a cryptog- of cracking Apple’s own file system ware engineer at Events.com. rapher. It’s easy to think that you under- encryption for counterterrorism pur- As mobile apps Read this story on stand the subtleties of an encryption poses, the need for application-level become ever more sdtimes.com algorithm or to copy and paste crypto security has never been stronger. predictive, progres- code from somewhere online, but you “I think people are watching that sive and responsive, will generally mess up if you try to do case. It will definitely change the way we eagerly wonder: crypto yourself,” writes David Thiel in they build apps,” said Couchbase’s Will we be best his new book, “iOS Application Securi- Carter. “They’re not going to lean on friends forever? z SDT324 page 56,57_Layout 1 3/18/16 9:25 AM Page 56

56 SD Times April 2016 www.sdtimes.com

What’s your mobile device BY MICHAEL HACKETT ing a test strategy that will balance risk testing on actual devices. Holding the Mobile apps are a necessity for compa- and return. device is everyone’s wish. Seeing page nies of all sizes, and apps are getting load and performance issues on the more complex all the time. That along Platform matrix real device is the most efficient, but we with the dizzying array of devices The diversity in devices, operating sys- know we can’t physically test every requires a well thought-out mobile test- tems and screen resolutions makes device. Usability testing on emulators ing strategy. And it will involve a bit of determining the right mix of devices to and browsers with any extensions is risk/reward analysis. test complicated. A little basic data getting better, but won’t always repre- Mobile apps come with inherent analysis will provide a lot of insight into sent what will be seen on the actual risks. For usability, compatibility and determining the best device matrix. device. Emulators can be good for test- responsiveness testing, what might be Three manufacturers account for 80% ing new functionality or a new compo- considered a minor issue on a laptop of devices used in the U.S.: Apple nent design, and they have some could be critical on a mobile device. (43.5%), Samsung (28.7%) and LG advantages over using actual devices. People are generally hurrying, multi- (8.2%). Using that information and Logging faults and capturing screen- tasking and have limited time and looking at specific target demographics shots are much simpler when working attention spans when using mobile can give a pretty good composite pic- from a desktop, and some conditions devices, so it’s not just bugs in apps that ture of the devices predominantly used that are hard to duplicate on real aren’t well tolerated. Buttons, menus by them (which will provide insight into devices, like low battery power, are and forms that are easy to access on a the operating system version), and easy to simulate. desktop can be small and frustrating to hence which ones to focus the majority Emulators also tend to be slower use when resized for mobile. Testing of testing on. Also, the product type than real devices. Depending on what too many devices creates unnecessary (such as business vs. consumer apps or type of app is being tested and whether expenses; too few devices risks lost rev- games) will influence the target tests are manual or automated can limit enue from app abandonment. Howev- devices. testing on emulators. Native apps talk er, taking time to understand the device After identifying the device matrix, directly to the operating system, while ecosystem and the customer the appli- there is also the option to use a mix of Web apps talk to the browser, which cation is designed for will enable creat- emulators and real devices. The testing talks to the OS. The more layers there implications of when (and when not) to are, the slower the response time. By Michael Hackett is cofounder of LogiGear, where he leads use emulators vs. real devices are large being aware of the limitations, selective the company’s training and complex; hardly anyone would use of emulators is an option to increase operations division. argue that nothing takes the place of test coverage with minimal cost. SDT324 page 56,57_Layout 1 3/18/16 9:26 AM Page 57

www.sdtimes.com April 2016 SD Times 57

the time. However, there are limitations to relying solely on device rental. An option is to own a manageable number testing strategy? of the key devices for a majority of test- ing and then utilize devices in the cloud Test execution Manual or automated for basic compatibility and functional Normally it is not practical or cost A lot of basic compatibility and basic testing. The knowledge and research for effective to conduct full testing or full functional testing can be done efficient- doing this is a big task. functional testing on multiple devices. ly with manual testing, but when it A practical approach is running a full comes to testing lots of devices and Fully outsourced option set of tests on one or two primary applications that need to be retested Completely outsourcing mobile testing devices, and then running the smoke frequently, automation can be an effi- is a strategy that works well for a lot of test on additional devices to identify cient way to scale. The efficiency gain organizations. This eliminates the chal- any obvious issues. However, it will depend on the experience and skill lenges and headaches of managing and depends on the nature of the applica- of the automation team—the standard maintaining an inventory of mobile tion. If the app is cutting-edge and can disclaimer “results may vary” is even devices. Firms with mobile specialists possibly stress the device’s capability more applicable to mobile test automa- typically understand the unique device (processing power, memory, GPS, or tion due to all the variables. Also, vari- and emulator testing nuances, and like- other device-specific hardware), then ous test automation tools will impact ly have mobile automation expertise as more extensive testing is in order. your choices of emulators vs. real well. Better firms, because of their One thing to keep in mind when devices. experience, can also help develop the running basic tests is that most hand- device and testing matrix that will pro- held mobile devices give priority to the Device management vide the optimum test coverage at the communication environment. For A big challenge of mobile testing is lowest cost. example, an incoming phone call always sourcing and then management of Mobile is rapidly becoming the pri- receives priority over a running applica- devices. Creating the initial matrix is mary user interface; with the Mobile tion. This makes it important to test the just the beginning. It’s common for each First movement, it already is the primary various events and the OS’ multitasking manufacturer to introduce three or interface, which means mobile testing ability. more new devices each year, and, on will continue to increase in importance. A mobile testing strategy is not com- average, devices are upgraded every two Applying a thoughtful Read this story on plete without testing the integration years. For most companies this makes it approach and rational sdtimes.com between the application and back-end impractical to maintain an inventory of analysis will go a long system. This is especially true when the devices. The growing numbers of cloud way in developing a release cycles of mobile apps and back- service providers make it possible to mobile strategy that end systems are very different, which completely “outsource” device manage- will provide the right they often are. ment, and are a good way to go most of level of testing. z SDT324 Full Page Ads_Layout 1 3/17/16 3:59 PM Page 58 SDT324 page 59_Layout 1 3/18/16 1:17 PM Page 59

www.sdtimes.com April 2016 SD Times 59 Code Watch BY LARRY O’BRIEN Those who can, code

f it were illegal to program a computer, I’d have astonishingly close to 0 or 1 telling us that, some- Larry O’Brien is a Ia machine under the floorboards. I sold my first how, our code has found a solution that we couldn’t software developer who program when I was 16 years old, in 1980, and with have found in a hundred years. lives on the Big Island of Hawaii. Read his blog at any luck I’ll be making my living this way for I remember that first astonishment over a pro- www.knowing.net. another couple decades. I’ve been trying to gram I wrote that solved an optimization problem, improve my craft for longer than some readers but unlike the cliché of never being the same as have been alive, but still the other day I read some the first time, equal and greater thrills have come code that made me feel like a fraud for even claim- to me over the years (interesting algorithmic chal- ing to be in the same field as that programmer. lenges are not nearly as common as the textbooks Being a programmer is as close as a human can say, but they’re out there!). We are as privileged in come to being a magician. You conjure, by concen- our lives as those who witnessed the harnessing of tration and will, a string of arcane symbols that fire, or who lived in the great cities of Europe dur- your silicon brazier converts into anything that ing the Renaissance. relies on information. When I was a kid, it was a I’ve also had the privilege of sharing my per- trope in science fiction that computers were limit- spective over the years. In the early 1990s, I edited ed to uses of pure, formal logic (“They deal only a few programming magazines and worked with with 1s and 0s”). Wrong! Our industry is a great Ted Bahr and Alan Zeichick: the B and Z in unending field of rich soil, and all of our accom- BZ Media. More than a decade ago they and editor plishments are just the first shoots of grass. David Rubinstein were kind As I write this, my wife is downstairs, immersed enough to give me this column We are as privileged in our in a virtual fight across a post-apocalyptic waste- and a free hand to write about land with a group of allies, the nearest of whom is the challenges and joys of soft- lives as those who witnessed sitting on a couch 3,000 miles away. On a whim, I ware development. I’m grateful the harnessing of fire. could stop mid-word in my writing, drive to a cafe, to them, and the eternally and pick up the sentence by tapping with my patient Adam LoBelia, for their thumb on the screen while waiting for a coffee. forbearance on some of my topics and my tardiness For that matter, I could dictate while driving and on some (many) of my deadlines. have that stream of text available to me before I There’s an old saying that goes, “Those who can, made my order (via a subscription to Nuance’s do. Those who can’t, teach.” Or, perhaps, “Those Dragon Anywhere, which I honestly don’t use who can’t, write columns and consult.” My deepest nearly as much as I intend to). An epic battle is thanks go to the readers who have mostly been too being waged between the greatest Go player of his polite to stand up and shout “How dare you spout generation and a system that combines Monte Car- such gibberish?” lo Tree Search (essentially, a random walk) with My impolitic views have occasionally caused deep neural nets (no predefined rule structure or some heartburn to management, but Bryan semantics). As far as I can tell, there’s no reason to Costanich and other executives at my company think that AlphaGo (and similar architectures) can- have always forgiven my excesses. That works at a not grow superhumanly competent simply by com- small company that has a narrow focus. But, as has peting against variations of itself. Oh, and we also been covered in SD Times, my company was write code to help our companies deliver value. recently acquired by a much larger one, where it But while non-programmers live in this brave would be vastly harder to avoid stepping on toes new world, with its digital over- and underlays, only and where people mistaking my stupid opinion for programmers can call the thunder and harness the company policy would have greater consequences. Read this story on lightning. In our day-to-day work we get hints of So this is my last “Codewatch” column. I still sdtimes.com mystery and small hits of reward, but too rarely do have many opinions about the right and wrong we get the unbridled glory of the fans spinning, the ways of writing software, but it all boils down to console filling up with long lines of “...” to assure us this certainty: the calculation continues, and then some number Those who can, code. z SDT324 page 60_Layout 1 3/18/16 9:23 AM Page 60

60 SD Times April 2016 www.sdtimes.com Guest View BY ANDREW PHILLIPS Increasing software deployments

Andrew Phillips is vice ore and more enterprises are realizing that a but be aware of compatibility challenges between president of DevOps Mstreamlined Continuous Delivery pipeline is tools. As you start with an automated build process Strategy for XebiaLabs, an integral part of extracting maximum business and stir automated testing into the mix (followed a provider of software for Continuous Delivery and value from the DevOps movement. The potential by the QA process and automated deployment), DevOps. benefits of rolling out more frequent software the management becomes complex. You are build- deployments are enormous, but speed, agility and ing a system that should evolve and improve, not innovation must be balanced with stability and something that’s set in stone. quality. Refocusing everything on delivering cus- 5. Orchestration and the big picture. You tomer value quickly is much easier said than done. need a vision that allows you to orchestrate, identify How do you overcome the challenges of imple- issues in advance, and mitigate risks. If you can’t menting such a massive change in a large enter- accurately analyze what’s going on inside your Con- prise? How do you shift mindsets and find an tinuous Delivery pipeline, then it’s hard to improve effective strategy? Every business is different, but the development process. Release orchestration can here are some practical tips to keep in mind that give you the insight and control you need. Senior worked for ING Bank. Analyst Amy DeMartine of Forrester Research rec- 1. Simplify and streamline. Complexity is your ommends that companies automate the delivery enemy if you really want to be agile. If you can stan- pipeline to improve speed, flexibility, visibility and dardize products and build simple services, then it’s control. “Creating a standard delivery pipeline as a much easier to deliver quickly. service removes variability from the delivery process, It’s important to remember Develop shared services that will creating checkpoints where you can apply visibility that your Continuous Delivery work across different countries and control. Visibility across the entire pipeline gives and portals. Always look for ways an easy and instant view of release health," she said. pipeline is also software. You to simplify what you’re doing and The same principle that prizes fast end-user streamline processes, starting feedback in agile methodology also applies here. have to maintain it carefully. with your IT landscape. 6. Continuous improvement. When you have 2. Start small. Don’t try to all this data, you can use it to identify bottlenecks implement a full Continuous Delivery pipeline on in your process and work out how to remove them. day one. Start small and create the feedback loop Visibility is also good for cohesion, encouraging the you need in order to learn and improve. What is whole team to pull together around a shared goal. the minimal viable product for the business? What Where can you speed things up? What can be is the minimal viable product for IT? What needs tweaked to reduce the cycle time without impact- to be in place for you to get started? It’s only by ing software quality? You should always be looking beginning with these small steps and getting feed- for ways to streamline the release process, but back that you can work out the right strategy. understand that it takes time and effort to improve. 3. Focus on adding value. Remove obstacles so 7. Prove and challenge. Compile evidence as that your engineers can work on developing valuable you work to improve your software delivery process. software. Figure out where you can automate repet- It should be clear that each step you take provides itive operations activities and testing. Keep compli- some business benefit. Transparency makes it easier ance in mind from the outset. When changes are to audit and ensure compliance, but it also helps to tested automatically, you can get fast feedback that secure a wider buy-in across your enterprise. Armed shows you how to improve, keeping the focus firmly with evidence, you can challenge other departments on adding value. Your Continuous Delivery pipeline or existing processes that may set barriers to even Read this story on is a means to an end, which is to deliver great soft- greater speed and efficiency. sdtimes.com ware to the customer. Never lose sight of that. These attitudes and principles will help you to 4. Build and maintain your pipeline. It’s focus on delivering the best software possible quick- important to remember that your Continuous ly, regardless of the apparatus you use. If you can Delivery pipeline is also software. You have to propagate the right mindset within your enterprise, maintain it carefully. You need to upgrade swiftly, you’re on the path to accelerated software delivery. z SDT324 page 61_Layout 1 3/18/16 1:17 PM Page 61

www.sdtimes.com April 2016 SD Times 61 Analyst View BY AL HILWA Microsoft and the new market realities

icrosoft releases SQL Server for Linux. platform alternatives. We should notice that as Al Hilwa is program MMicrosoft joins the Eclipse Foundation. Microsoft transforms and the market business mod- director of application development software Microsoft strikes a deep partnership with Red Hat. els change, the platform wars remain alive and well. research at IDC. Microsoft open-sources .NET and C#. Microsoft releases Office for iOS. At this point we should col- The platform wars are not going away lectively let our jaws rise to their natural closed posi- Eclipse traces its roots to efforts inside IBM to bat- tion and understand that the game has changed. tle Microsoft’s encroaching inroads in application The reality is that Microsoft means business as development in the late 1990s. Microsoft’s low- a multi-platform open-source player. In fact, we priced Visual Basic and later .NET and Visual Stu- should have every expectation that in the future dio tools were winning developer hearts and minds Microsoft will release more big products for Linux in a world of more expensive Unix IDEs. IBM and more technologies in open source. The ques- made a decision to turn the Eclipse tools frame- tion is what has changed and why is Microsoft work into open source and later formed a founda- doing this? The simple answer is because the mar- tion to evolve it. The effort largely accomplished its ket has changed. mission of creating a rich tool ecosystem for Java. In the new cloud and devices world, what mat- The strategic battles over tool platforms have ters is not the software licenses you sell, but the not gone away, but have morphed into cloud plat- volume and value of services and devices you sup- form wars, where IBM is moving fast to become a port. Amazon has proven this formula with the suc- top full-stack player, and also cess of AWS, and Apple and Google with the suc- into language wars, where IBM’s As Microsoft transforms and cess of iOS and Android. To be clear, software partnership with Apple is push- the market business models continues to eat the world, and the provisioning of ing the recently open-sourced great cloud services and the making of great Swift language into cross-plat- change, the platform wars devices requires constant innovation and evolution form mobile development to of software IP. But the value created with the soft- compete with Microsoft’s C# and remain alive and well. ware is no longer monetized exclusively with a its Xamarin acquisition. license sale. Instead, it may be monetized with Microsoft SQL Server traces its roots to a part- cloud usage fees (AWS), subscriptions (Adobe), nership with Sybase to support OS/2 in the late advertising (Google) or devices (Apple). 1980s. Sybase pioneered a client-server model for We are witnessing Microsoft execute a long- its Unix-based relational database, and Microsoft term shift to wean itself off license-based software wanted it for the new operating system. After the monetization to a broader set of monetization 1990 breakup with IBM over OS/2, Microsoft strategies. Enterprises and consumers don’t want proceeded with Windows and acquired code to own software like they used to, having learned rights for SQL Server from Sybase to evolve it that the perpetual licenses afforded them little in exclusively for Windows—until last month, when the way of control. Enterprises are now more com- a Linux version was announced. fortable renting software and letting its creators While by now the SQL Server code has been manage it. Similarly, consumers are comfortable effectively 100% rewritten (at least once), it is a paying for shiny new devices every year or two, and point to marvel that its lineage goes back to Unix. buying apps or app subscriptions. Vendors have to Being available for Linux will ensure that the data- adapt to this shift, and Microsoft, to its credit, has. base wars will continue no matter the OS or cloud. Azure is a full-service cloud that is intended to The difference now is that Microsoft is playing compete for every cloud workload. Providing a without a handicap. Read this story on diversity of Linux images to run enterprise apps is Those of us observing the market for a couple of sdtimes.com an imperative for business success. That Microsoft decades may not stop marveling at the broad shift products like SQL Server have to come to Linux Microsoft is making, but in the context of new over time is also an imperative if these products are cloud and devices economics, this is really the only to compete on an equal playing field with multi- sane path forward for the company can take. z SDT324 page 62_Layout 1 3/18/16 1:59 PM Page 62

62 SD Times April 2016 www.sdtimes.com Industry Watch BY DAVID RUBINSTEIN Are you paying too much for software?

David Rubinstein is eople can find out in as little as 15 minutes if So, he said, does the growing trend of cloud- editor-in-chief of SD Times. Pthey’re paying too much for their auto insur- hosted software, even as he acknowledged that the ance. There’s even a little green gecko to tell them so. vast majority of licensing today remains perpetual Determining if you’re paying too much for soft- and on-premises. “There is more subscription and ware, though, might be a more complex task. Fail- Software-as-a-Service being seen,” he said. “This ure to understand and manage your licenses can can address in theory the problem of compliance. lead to staggering costs, and even risk to your With SaaS, you have monitoring. You pay for 100 organization. users, and the 101st user can’t log in.” A recent survey by Flexera Software, a software But the other side of that coin is buying a SaaS licensing solutions provider, reveals that a large product for 100 users, but only 60 employees are percentage of companies are out of compliance using it. “If you don’t make use of what you with their software licenses, meaning they have licensed, you’ll never recover that money. With more software installed than to which they’re enti- software you own, you know you’ll install and get tled. The study also found that value and benefits of the product,” said Rossi. Enterprises are paying as 93% of organizations claimed to He made a point to say that asset management be spending on software they’re can be an important part of an organization’s cyber- much as 25% more than they under-utilizing—so-called security strategy. By ensuring that only licensed need to, because 25% of “shelfware.” This kind of waste is software can be installed and executed, it cuts the most common expense, and down on the risk of malicious attackers finding what they pay for isn’t used. according to Flexera, “is running software that can be exploited from the outside. rampant in enterprises.” So what’s the bottom line on all of this? According “Clients have waste and own more software to Flexera’s 10th “Key Trends in Software Pricing & than they need, and with other software, they’re Licensing” report, for 2016, enterprises are paying as using more than they’ve paid for,” said Ed Rossi, much as 25% more than they need to, because 25% vice president of product management at Flexera. of what they’re paying for isn’t being utilized. “The ways that software can be installed and dis- Rossi did note that vendors are increasing the tributed are difficult to track.” number of audits they’re doing of their customers There are a number of reasons why organiza- to help them save money. That is a change from the tions pay for software that ends up not being used, old days when over-licensing was overlooked by and most of them come down to a lack of software vendors who were profiting from unused software. asset and licensing management, Rossi said. Say a But increased audits can be problematic. “It can person leaves his job. In a development shop, this put a damper on the relationship [between vendor could mean an IDE instance or a build tool is sit- and customer], and it’s taxing in a number of ways. ting idle while the company searches for a replace- And then, from a straight-up dollar perspective, it’s ment for the developer. But when one is hired, the an unplanned expenditure,” he said, that has not company will often provide a newer, updated com- been budgeted. puter on which to work, and then license more Where companies really get hit is with “true- tools while still paying for the other instances. up” costs of licensing, which apply when vendors Or, Rossi pointed out, when companies add find that companies are using more software than server capacity, they could be doubling the use of they’ve paid for. “The costs there can exceed US$1 software without knowing it due to the complexity million or more,” Rossi said. The study showed of much of today’s licensing. “This,” he said, “is that 20% of respondents admitted to paying more Read this story on exacerbated by virtualization. You can easily lose than $1 million, with 2% admitting more than $10 sdtimes.com track of licensing associated with that.” million in true-up costs.” Flexera’s survey focuses on proprietary, com- So it might take more than 15 minutes, and mercial software, and does not look at open-source there’s no gecko to guide you, but your enterprise licensing, which Rossi said “has its own unique should get a handle on this and find out if you’re challenges.” spending too much on your software. z SDT324 page 63_Layout 1 3/17/16 4:00 PM Page 1

Attend

Register June 27-30, 2016 Early The Sheraton Boston and SAVE!

BOSTON!

“This is the most informative conference I have been to in years. The technical discussions gave me a much better understanding of direction, advantages and challenges we face with this massive platform.” —Jamie Tyndall, Manager, Application Development, Business Information Group Learn what’s new in SharePoint and Office 365!

Whether you want to learn about what’s coming THESE POPULAR SESSIONS ARE BACK! in SharePoint 2016, are still making the most out of SharePoint 2013 or even 2010, or getting started Branding Modern SharePoint Building Simple Dashboards in SharePoint with Office 365, you will find the SharePoint and Creating a Great User Experience in SharePoint Office 365 training you need at SPTechCon. Simplifying File Organization with Enterprise Keywords Cool Dashboards, Charts and Visualizations for Power Users Tackling Search – How to Create a Winning Search Strategy STAY CURRENT WITH NEW SESSIONS! Hybrid Dilemma: Dividing Content Between Cloud, Office 365 & SharePoint 2016 Power User Tools of the SharePoint Trade Stand Back, We’re Going to Do (SharePoint) Data Science Demoing Live Protection – DLP in SharePoint 2016 “This was a great conference that addresses all levels, Building a Native Mobile SharePoint App roles and abilities. Great variety of classes, great with React Native presenters, and I learned many practical things that I can take back and start implementing next week.” Navigation: A Step Towards Success in SharePoint —Kathy Mincey, Collaboration Specialist, FHI 360 www.sptechcon.com A BZ Media Event SPTechCon™ is a trademark of BZ Media LLC. SharePoint® is a registered trademark of Microsoft. SDT324 Full Page Ads_Layout 1 3/17/16 4:00 PM Page 64

70

60

50

40

30

20

10

0 06/01/2015 07/01/2015 08/01/2015

Q1 2015 Q2 2015 Q3 2015 Q4 2015

Jan Feb Mar AprMay Jun Jul Aug Sep Oct Nov