Software Development

"Technical Debt is widely regarded as a bad thing; that should be avoided or should be paid back as soon as possible. Should you? We don't think so. First, we compare Technical Debt with financial debt, explain its similarities with Strategic Design and which stakeholders it surprisingly has. Then we list the various possibilities to identify the Technical Debt in your code, which you perhaps have to take care of. Finally, we describe different ways that a project could pay back Technical Debt and which considerations must be made in order to decide if you should better repay, convert debt or just pay the interest." - imabonehead from Bookmarklet

There are so many projects where I never need to pay back the technical debt. It feels great to default on technical debt! - Amit Patel

"There are two main ways to exploit this trust in regular web applications. The first approach is web-cache poisoning; manipulating caching systems into storing a page generated with a malicious Host and serving it to others. The second technique abuses alternative channels like password reset emails where the poisoned content is delivered directly to the target. In this post I'll look at how to exploit each of these in the presence of 'secured' server configurations, and how to successfully secure applications and servers." - imabonehead from Bookmarklet

"Admittedly in the U.S. folks with an organized mind, the grit to get through technical subjects, and the drive to go to work every day can find higher paying jobs that involve more social interaction (e.g., medical doctor, Wall Street banker, etc.). But that doesn’t explain why people in the Philippines or China aren’t training themselves en masse to be able to soak up the $30-100/hour jobs that would be readily available to them if they could demonstrate the ability to turn a customer request into working code. Why are the Greeks, Portuguese, and Spaniards going bankrupt instead of learning to administer Cisco and Linux?" - imabonehead from Bookmarklet

How many technical subjects does a Wall Street banker have to study? - Spidra Webster

"In my last blog post I was mentioning 6 arguments why you shouldn’t use Git. While 5 arguments were obviously meant to be sarcastic (who can really think that slow operations like searching the history in SVN can be an advantage) there was doubt about one argument that can be tricky: Git destroys the idea of continuous integration In Git you are using branching heavily. Let’s assume everybody’s working on feature branches. Then somebody is renaming a widely used interface or class and checks the code into the mainline. If you don’t integrate your feature branch early this can result in lot’s of conflicts." - imabonehead from Bookmarklet

"Some people favor solutions with an integration branch. People integrate the changes from their feature branch on an integration branch. If the CI-Server has build the software successfully and all tests passed, the changes get automatically pushed to the mainline. That way the mainline stays always deployable and green. I don’t like this solution: The integration branch is basically the mainline. But if a build fails, it is not so important to fix it. Not my understanding of continuous integration." - imabonehead

"This article describes the stack. GDB is used to analyze its memory. One needs to know this subject to play with low-level security. Environment: x86, Linux, gcc, GDB." - imabonehead from Bookmarklet

"There is a perception in some tech circles that older programmers aren’t able to keep pace with rapidly changing technology, and that they are discriminated against in the software field. But a new study from North Carolina State University indicates that the knowledge and skills of programmers actually improve over time – and that older programmers know as much (or more) than their younger peers when it comes to recent software platforms." - imabonehead from Bookmarklet

"Inversion Of Control is one of the most common and widely used techniques for handling class dependencies in software development and could easily be the most important practice in unit testing. Basically, it determines if your code is unit-testable or not. Not just that, but it can also help improve significantly your overall software structure and design. But what is it all about? It is really that important? Hopefully we’ll clear those out on the following lines." - imabonehead from Bookmarklet

"To come to fruition, software projects take investment, support, nurturing and a lot of hard work and dedication. Good release management practices ensure that when your software is built, it will be successfully deployed to the people who want to use it. You have the opportunity to satisfy existing customers and hopefully to win new ones." - imabonehead from Bookmarklet

"A major U.K. telecommunications provider had a problem. It needed to implement a business critical supplier switch, which required it to reengineer its billing and account management systems. These systems had to be in place within three months, otherwise the organization risked losing hundreds of millions of pounds and a decline in their stock value. But the telecom's development processes were poor, and its release management was extremely problematic and inconsistent." - imabonehead

"The company brought us in to help deliver the software within the time constraints and to turnaround a failing release management process. Within three months, we'd released both the pending releases and two scheduled releases of the reengineered applications. Most important, we established a straightforward and lightweight release management process to ensure that future releases would happen on time and to the required quality. Follow along as we show you how we did it—including the mistakes we made." - imabonehead

"Building Continuous Delivery into an organisation requires radical change." - imabonehead from Bookmarklet

"While Continuous Delivery has a well-defined value proposition and a seminal book on how to implement a deployment pipeline, there is a dearth of information on how to transform an organisation for Continuous Delivery. Despite its culture-focussed principles and an adoption process described by Jez Humble as ”organisational-architecture-process not tools-code-infrastructure“, many... more... - imabonehead

"Most of the programs that we use every day contain bugs; a bug is a malfunction in a program, which can make the program take unwanted actions or errors. These bugs or vulnerabilities can be exploited by writing a code that is usually called an exploit. The most common types of vulnerabilities are those that concern the corruption of memory as buffer overflows, the heap overflows, race conditions, format string attacks, etc… In this article, we won’t learn to write an exploit, we will not even see how to search for a vulnerability in a software, but we will see how to write and analyze shellcode and the relationship with the above." - imabonehead from Bookmarklet

"How do we teach students the essential ideas behind garbage collection? A garbage collector (GC) implementation must address many overlapping concerns. There are algorithmic decisions, e.g., the GC algorithm to use; there are representation choices, e.g, the layout of the stack; and there are assumptions about the language, e.g., unforgeable pointers. These choices, and more, affect each other and make it very difficult for students to get off the ground." - imabonehead from Bookmarklet

"Most organizations don’t think about application security until after the application has been designed and architected. They may layer on security testing after the application is developed. They may decide to test the application in its run time state, just before it goes to production. Some even test it after it’s in production. There are many high-profile companies that do this; you can read all about them (and the corresponding security breaches in their applications) in the latest news headlines." - imabonehead from Bookmarklet

"To put the root cause of this issue bluntly, there’s a disconnect between security and development that can lead to serious security vulnerabilities down the road. Developers aren’t security experts, and most security experts aren’t developers. There needs to be a better mutual understanding — and earlier cooperation — between the two parties to better eradicate security issues." - imabonehead

"The US Federal Trade Commission (FTC) on Tuesday crowned two winners in its Robocall Challenge contest. The winners will split a $50,000 prize. They're Aaron Foss, a software developer from Long Island, New York, and Serdar Danis, a computer engineer who declined to reveal his hometown. Foss cooked up Nomorobo: a cloud-based robocall killer that employs "simultaneous ringing." This approach uses a second line to identify and hang up on illegal robocalls before they can ring through to the target. The following YouTube video demonstrates how Nomorobo would work:" - imabonehead from Bookmarklet

"A write-up in ComputerWorld New Zealand summarized a Forrester Consulting survey of the state of software release management. Business managers were asked how long would it take to deploy new systems. Forty percent said they needed more than a year to deliver on new strategic software projects. Today’s companies are “stuck in a rut,” focused on the daily grind of keeping systems running rather than delivering strategic innovation." - imabonehead from Bookmarklet

"What does this mean for when you’re working with a system that’s moving too slowly to satisfy the business? I think it means you have the opportunity to innovate, especially if you can focus on automation. Here are some examples." - imabonehead

"Continuous Integration is more than just merging code. Join CEO and Co-founder of UrbanCode, Maciej Zawadzki, as he explains some of the fundamentals of Continuous Integration." - imabonehead from Bookmarklet

"A Collection of quotes and paraphrases for developers from around the web." - imabonehead from Bookmarklet

"Adopt these DevOps practices to realize the goals of effective collaboration, smoother operations, and cleaner code." - imabonehead from Bookmarklet

"Why one of Steve Jobs's guiding principles should also be yours. And also: What you can learn about code quality from Doom’s source code." - imabonehead from Bookmarklet

"In his revealing biography of Steve Jobs, Walter Issacson told of Jobs's fastidiousness when it came to product details, even the stuff people would not see. Jobs demanded the unseen features be as finished and polished as the visible." - imabonehead

"A little story about how saddle shoes are like software requirements...really." - imabonehead from Bookmarklet