This article is a beginning-to-end write up of the Agile methodology by Miriam Posner, an Assistant Professor at UCLA. She starts with a pov of someone watching an agile team in action, complete with all the user stories, story points, stand ups, a whiteboard, post-it notes, and sprints. For those who have not been introduced to this software development process, ‘stories’ are descriptions of features with ‘points’ showing the difficulty of implementing said features. ‘Stand ups’ are start-of-the-day meetings done standing up for quickness, the whiteboard is to organize each story point, represented by post-it notes, into the stages of ‘in-progress’, ‘done’, ‘backlog’, etc. ‘Sprints are just quick two week long work periods that help to break down the project into digestible chunks.

While this might seem rather much from to some people, others might have an opinion closer to Miriam, who found it to be efficient and intriguing. As such she researched the origins of Agile and learned the complicated history of managers and software developers. I will try to keep this summary brief while hitting all the major points.

Miriam starts with the buildup to Agile. It started in the 50’s and 60’s, most ‘experts’ said building the computer was the hard part and programming it would be trivial. The sheer enormity of their incorrectness led to a push in the field to adopt the name (and stricter processes) of engineering, leading to the coining of the term ‘software engineering’. The idea was that by following engineering techniques the experts would “transform the arcane and error-prone craft of computer programming to meet the highest standards of the engineering profession.” The next people to step in were the businesses who looked to hire these new ‘software engineers’. They created a framework of control where one person defines the project and breaks it up into steps, which are in turn handed to engineers to build and test before moving on to the next step. This was derogatorily called the “waterfall” method, so of course upper management took the name and method and ran with it. This method started to fail due again to people who were not programmers believing they knew what programming entailed. The main problem was that whenever any issue came up in the code, every step needed to be redone which meant the timeline would be increasingly muddled.

Next came Agile, created by “17 middle-aged white guys dressed in khakis and dad jeans” in the Agile Manifesto. In their words:
“We are uncovering better ways of developing software by doing it and helping others do it.

Through this work we have come to value:

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Customer collaboration over contract negotiation

Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.“

I would like to continue this dive but I am out of words.

Have a good day.

Link:
https://logicmag.io/clouds/agile-and-the-long-crisis-of-software/

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.

I just recently finished learning about git in a classroom setting, so every step from forking to cloning to branching and staging then committing into pushing ending with pulling. All the parts to get the gist of git, but nothing in the way of advanced use. Enter this article written by Gitlab.

As its title suggests, “15 Git tips to improve your workflow” has 15 total tips in regards to git, so lets go through some of them together.
1. Git aliases; amazing function, to think that rather than checkout, branch, or commit I could use a custom name. This is, in my opinion, great for new devs since once they grasp the concept of what a command does they can alias it to something that makes sense to them.
2. Visualizing repo status with git-prompt.sh; needs to be downloaded but definitely a useful tool for people like me who benefit from a more visual experience.
3. Command line commit comparisons; definitely more of a practical command that is helpful to see your workflow. Definitely going to be using this one to help me track what I actually worked on and might even download the Meld tool they mentioned.
4. Stashing commits; another practical command that makes sense just for a dev to know. If you have to push a sudden fix in the middle of adding a feature you can stash the changes made for the feature, commit the fix and then just pop the stash to get back all the previous work.
5. Pull frequently; nothing to add.
6. Auto-complete commands; tab to automatically finish a word is also applicable in search engine prompts as well. So useful for a new dev since if they forget the command but remember the first letter they can just flick through the commands until they find what they were looking for.
7. Set a global .gitignore; create a list of files to remove from commits and put it on the exclusion list, nice and simple.
8. Enable autosquash by default; had to look this up, apparently the squash command merges commits into one big commit. Personally not too sure of the use case so will have to test it out at a later date.
9. Delete branches locally that remote removed when fetching/pulling; as part of fetch, there is a prune attribute that will work this functionality and it just needs to be set to true.

Obviously there are 6 more tips and they are: Use Git blame more efficiently, Add an alias to check out merge requests locally, An alias of HEAD, Resetting files, The git-open plugin, and The git-extras plugin. I will not go over them here but definitely give the article a read if you are interested.

Link:
https://about.gitlab.com/blog/2020/04/07/15-git-tips-improve-workflow/

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.

The first time I was taught about ‘Smells’ in code it was in connection Robert C. Martin’s “Agile Software Development, Principles, Patterns, and Practices“. For those who have not read it, starting from Rigidity we have Fragility, Immobility, Viscosity, Needless Complexity, Needless Repetition, and Opacity. All of these are categories of red flags in code, they are problematic because over time they make the code “hard to understand, modify, and maintain”. In an earlier post of mine, I talked about design patterns which are proven solutions to common coding problems. So when I saw an article talking about smells that can come from these design patterns I was intrigued. This eventually lead me to find out that the Singleton design pattern specifically is considered by many to be never good to use.

In an article titled “Examining the Pros and Cons of the Singleton Design Pattern“, Alex Mitchell first explains how the goal of the singleton design pattern is to “ensure a class has only one instance, and provide a global point of access to it.” He then goes on to list the pros, which, for those who do not know or remember, are; it insures only one instance exists throughout the code, it allows for that one instance to be called globally, and it limits access to that instance. Then he gets to the cons, first of which is it violates the single responsibility principle. Next up is the pattern’s tight coupling followed by how it complicates testing and finished with it obscuring dependencies. He then offers an alternative to singeltons in the form of Monostate or dependency injections and then a nice conclusion to wrap it up.

Lets go in order for the cons. Con #1: on a second look this seems obvious, the singleton class is simultaneously controlling its creation and managing access to itself. Con #2: again on second blush its because there only being one instance of the object means you cant use polymorphism or alternate implementations. Con #3: you cannot test in isolation since a singleton persists globally across tests. Con #4: the dependencies are not explicit when the singleton is used. The Monostate pattern allows for multiple instances to exist while having the same logical state, so while config1 and config2 can both change configValue, getting configValue from either config1 or config2 would return the same value. Dependency injection is, as far as I understand it, passing the singleton into the class that uses it, so rather than referencing the singleton it just has the singleton inside the class.

From this article I have come to a better understanding of dependency injection and will probably be using this framework in my future code since apparently a lot of code still uses the singleton pattern and dependency injection seems to best handle existing singletons.

Link:
https://expertbeacon.com/examining-the-pros-and-cons-of-the-singleton-design-pattern/

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.

In the ever-evolving landscape of cybersecurity, Common Vulnerabilities and Exposures (CVEs) are publicly disclosed security flaws that pose a significant risk to software systems. These vulnerabilities, if left unchecked, can be exploited by malicious actors. Developers, therefore, play a critical role in defending their code against known CVEs, ensuring secure software development from the very first commit. The article “Defending Your Commits from Known CVEs” explores a tool that developers can use to safeguard their work, integrating security seamlessly into the development lifecycle. This blog post reflects on the key insights from the resource, what I’ve learned, and how I plan to apply these practices in my future as a software professional.

The article emphasizes the prevalence of open-source components in modern projects and warns about how these components can add vulnerabilities to your project. This article particularly stresses the use of the tool Git Guardian Software Composition Analysis to catch CVE’s before they are added in a commit. Git Guardian SCA is a vulnerability scanner made by Hacker News to catch risks early.

I selected this article because it connects directly to our course discussions on open-source development and using Git. Understanding how to mitigate CVE risks is essential in order for us to be modern developers, and this article provides a useful tool to enable us towards this goal. It also touches on the use of open-source software.

From this article I learned that the open-source movement has a profound place in current development. It blows my mind that 96% of current projects have open-source components and that anywhere from 70% to 90% of any given modern software is open-source components. I don’t know if I should be happy that the world is working together so much or sad that apparently a lot of software development is not as much coding as I initially thought. It also explained how you can automate the tool’s use with Git hooks which was a new resource that I was introduced to. It allows the developer to automatically trigger actions at different points of gits execution.

Going forward I will be much more vigilant in using any piece of open-source software since apparently a large number of those projects could be using CVE’s. I will also try to expand this vigilance to the rest of any future teams I am a part of. I will probably also look into making my own tools to integrate with git hooks.

link to the article :
https://thehackernews.com/2024/05/defending-your-commits-from-known-cves.html

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.