You can program bug free

Money Spent Wise on QA

You can not. This is a lie, just like the cake. You can lower the number of bugs. The more you spend wisely on QA the less bugs you will have. The magic word is “wisely”. You can spend unlimited amount without increasing the quality. Old truth in just any area: you can waste money if you are not wise.

On the other side of the line there is no free lunch. If you do not spend enough on QA you can only dream about properly working software. You won’t have less bugs if you do not spend on QA. And you will never be bug free.

Bug free software is contradiction. We have bugs, and we do not like them. We have to zap them.

Ad-hoc bug zap

Most of the bugs are zapped in an ad-hoc manner. The developer writes some test, develops some code. The code does not work, has bugs and the developer fixes the code until it runs fine with the unit tests crafted beforehand. Integration tests and end-to-end tests may also discover some bugs. These are usually reported in a bug tracking system and the developers fix them and they are eliminated in the next release.

Sometimes, however bugs are not that easy to handle.

Classified bugs

Sometimes bugs are not that simple to handle. Sometimes it takes a lot of time to fix a bug. It may need analysis how and when the bug manifests. Sometimes bugs magically disappear like if computers were non deterministic. Other times fixing a bug requires significant code modification. This is, by the way, a clear sign of design shortage on the technical or business level (or both).

If a bug is difficult developers may be reluctant to hunt for it and fix it. If it needs alteration of lot of code they may tend to declare the behavior to be a feature rather than a bug. Fortunately we know who has the last word in such a debate: money. Feature is what business uses to make value. Everything else is just behavior. And here comes the other aspect of bug classification: does business care about a certain behavior? If yes, the behavior is a bug and is a target for fix. If not then this is just a behavior.

Bug Classification Quadrandt

Looking at that in a quadrant we have four different types of bugs.

1. There are bugs that are easy to fix and have high impact on the business. They are the easy picks. Developers are usually eager to fix those bugs and become the hero of the project.
2. Bugs hard to fix and having no business impact will never be fixed. There is no point.
3. Bugs easy to fix and low impact on business are fixed many times when a developer has some time (minutes) to do the fix. This is the hobby area.
4. There are bugs that are hard to fix and have high impact on the business. These are the critical bugs that get most of the attention. These bugs will not be fixed from one day to the other and therefore they have to be assessed, budgeted, scheduled and eventually fixed.

Cost of bug fix

Business needs these bugs fixed and many times the cost to fix them does not represent any extra value. Usually business feels that these bugs just have to be fixed but not on their costs. They have already paid for the feature, which eventually fails. If the development organization is separate company then the vendor should have the budget to do the fix. It had to be included in the contractual price. If the development is in-house the cost may not be discussed or may be T&M based. In that latter case the developers “charge” only the hours they spent developing the feature instead of project fixed price but when there is some bug the hours to fix are also charged. This is something not clarified well enough among the players and is a source of interdepartmental stress in many times.

“Easy picks” are fixed without budgeting and business people press the developers to fix the bugs “in their free time” without separate budget. The driver for this may be to lessen the burden of costs that business people are usually measured on and also many times to hide the errors that were in the specification, communication on the business side. On the other hand developers want even easier to fix bugs to be assessed since they are usually measured on billable time. They are also reluctant to burn their so called “free time”. This time is not really “free time”. This time is covered by work hours and is usually used for self education. And developers (at least those that deserve the title) love to educate themselves (for example reading blogs like this).

For this reason there is no clear and precise border between the “Easy Pick” and the “Assess, Budget, Schedule, Fix” areas. Business people want to pull the border to east leaving more and more bugs in the easy pick area, while developers want the border more to the west, and the fight area is in between. And the real problem is when the project members spend significant amount and effort in that area.

Conclusion

When you find yourself in a debate about bugs and features with the business people, try to bring up this quadrant in your mind. Many times the cost/value coordinates of the bugs are not discovered. Think about it even qualitatively.

Advertisement

Knowing the bits

We use complex systems. My mother once said that there could be little leprechauns behind the TV screen redrawing the screen 50 times a second she could not care. (At least she new that the TV in Europe had 50 (half) screens every second.) Most of the people do not care about the electronics and the softwar around us. The trend is that this technology penetration is going to be even more dense. Electronics gets cheaper, programming becomes easier and soon toilet papers will have one-time-use embedded computers on it. (Come up with a good application!) Face recognition is not the privilege of NSA, CIA, KG or Mosad and the technology spread does not stop at the level of big corporations like FB, or Google. Shops start to install cameras and software that recognizes and identifies frequent buyers helping the work of the sales. People get used to it and IT personnel are not different, are we?

Kind of yes. The difference is that we are interested in the details of those leprechauns how they do their job. We know that these days there are liquid crystals in the screen, they are controlled by low voltage signals (at least compared to the voltages of the former CRT solutions) and that there is a processor in the TV/toaster/toilet paper and it is programmed in a language called e.g. Java.

We, Java programmers, program these applications and we not only use the language (including RT) but also layered software, frameworks. How do these layered software work? Should we understand or should we just use it and hope that it works?

The more you know a framework the better you can use it.

Better means faster, more reliable, creating code that is more likely to be compatible with future versions. On the other hand there should be a reasonable stop when you have to halt learning and start using. There is no point to know all the details of a framework, if you never start using it. You should aim for the value you generate.

On the other end of the line however, if you do not have enough knowledge of the framework you may end up using a hammer digging a hole instead of a shovel. I usually feel confident when my knowledge reaches the level of understanding that I know how they (the developers of the framework) did it. When I can bravely say:

If I had time (sometimes perhaps more than lifetime of a single person) I could develop that framework myself.

Of course, I will not, because I do not have the time and also, more importantly because there is no point developing something that is already developed with appropriate quality. Or is there?

I could do it better.

I have heard that many times from junior programmers and from programmers, who considered themselves not that junior. The correct attitude would have been:

I could do it better, but I won’t because it is done and is good enough.

You do not need the best. You just need a solution that is good enough. There is no point to invest more if there is no extra leverage. There is no point to invest more even if there is leverage but it is lower than the investment in other areas would be higher.

Generally that is it when you are professional. Face it!

We hate/love lambda

We have the long waited lambda feature in Java 8. And we love it. We love to use it at places where we used anonymous class. We love to use it where we used some looping construct. Now we use functional interfaces instead and thus we get faster performance using parallel streams and we get more readable code. The time is a short period of euphoria to be replaced by the several, low orbiting WTFs reviewing out others code. I write nice and readable code but I continually experience that others write ugly, unreadable and wrong code. (Please feel the delicate odour of irony.) And I expect lambda will make it worse.

There are two main values in a programming language feature:

1. How well can you express your ideas utilizing the feature.
2. How badly one can use (or abuse) the feature.

Good language features aid a lot in expressing yourself and can not be abused. They just shine bright readable in all their glory no matter how hard a bad guy may use them the wrong way. They end up with properly working and readable code. The only problem with these ideal language features is that they do not exist.

On the other hand bad language features are hard to use to express your ideas and are easy to misuse. And contrary to the previous one: they exist.

The reality is that most languages have language features that provide great ways to express your ideas but at the same time they can also be misused. Usually the easier to express yourself the easier to misuse a feature. Java language does not shine with brilliant syntax to briefly express your ideas but the same time you can not abuse it really. You can abuse it a bit, but there is no Java counterpart of the obfuscated C contest. Java is verbose, dull, boring. It is so dull that the language that wanted to overcome this dullness is named groovy. Groovy is many steps ahead of Java implementing shiny features. They have the tools and they are not afraid to use it. Groovy developers are and should not be afraid of unreadable code written by the bad guys or else they are going to have bad time. If you are to maintain Groovy code, prepare for the worst. No matter how good and beautiful Groovy code could be it will be just bad, because it was written by average programmer.

The Groovy language implements a feature if the feature can be used well and brilliant but how bad the feature can be abused is not considered really. The designers of the Groovy language assume that the programmers are all brilliant, and experienced artists. We all are, aren’t we?

Implementing lambda Java made a step towards the Groovy direction. It is a great feature that can replace the ugly anonymous class use, aid functional style and so on. But at the same time …

OpenSource License Manager

What is a License Manager?

License managers are used to enforce license rights, or at least to support the enforcement. When you develop an open source program, there is no much you need to or can do to enforce license rights. The code is there and if anyone just wants to abuse the program there is nothing technical that could stop them. Closed source programs are different. (Are they?) In that case the source code is not available for the client. It is not possible to alter the program so that it circumvents the license enforcement code, and thus there is a real role for license rights enforcement.

But this is not true.

The truth is that there is no fundamental difference between closed and open source code in this respect. Closed source codes can also be altered. The ultimate “source” for the execution is there after all: the machine code. There are tools that help to analyze and decode the binary to more or less human readable format and thus it is possible to circumvent the license management. It is possible and there is a great source of examples for it. On some sites hosted in some countries you can simply download the cracked version of practically any software. I do not recommend to do that and not only for ethical reasons though. You just never know which of the sites are funded by secret services or criminals (if there is any difference) and you never know if you install spy software on your machine using the cracked version.

Once I worked for a company where one of the success measurements of their software was the number of the days after release till the cracked versions appeared on the different sites compared to the same value of the competitor. The smaller the number was for their software the happier they were. Were they crazy? Why were they happy to know that their software was cracked? When the number of the days was only one single they, why did not they consider applying stronger license enforcement measure, like morphing code, hardware key and so on?

The answer is the following. This company knows very well that license management is not to prevent the unauthorized use. It can be used that way but it will have two major effects which will ruin your business:

• Writing license management code you spend your time on non-productive code.
• License management (this way) works against your customer.

Never implement license management against your customer.

When your license management solution is too restrictive you may restrict the software use of your customer. When you deliver your code using hardware key you impose inconvenience to your customer. When you bind your license to Ethernet MAC address of the machine the application is running on, again: you work against your customer.

Set<User> != Set<Customer>

Face the said truth: there will always be people, who use your software without paying for it. They are not your customers. Do they steal from you? Not necessarily. If there is someone who is not buying your software, he is not your customer.

If you know that there is no way they would pay for the software and the decision was in your hands whether you want them to use the software or use that of your competitor what would you choose? I guess you would like your software to be used to get more feedback and more knowledge even in the area of non-customers. People using your software may become your customer more likely than people not using it. This is why big companies sell out educational licenses to universities and other academic institutions.

Should we use license management at all in that case? Is license management bad down to ground in all aspects? My answer is that it is not. There is a correct use case for license management, even when the software is open source (but not free, like Atlassian products). To find and understand this use case there is one major thing to understand:

The software is for the customer, and any line in the code has to support the customers to reach their business goals.

Paying the fee for the software is for the customers. If nobody finances a software the software will die. There is nothing like free lunch. Somebody has to pay for it. To become a customer and pay for the software used is the most straightforward business model and provides the strongest feedback and control for the customer over the vendor to get the features needed.

At the same time paying for the software use is not the core business of the customer. Paying for the resources used supports them to reach their business goals is indirect. This is where license management comes into picture. It helps the customer to due their duties. It helps them remember their long term needs. This also means that license management should not prevent functionality. No functionality should stop if a license expires. Not to mention functionality that may prevent access to data that actually belongs to the customer.

If you approach license management with this mindset you can see that even open source (but not free) software may need it.

License Management Tool: license3j

Many years ago I was looking for some license management library and I found that there was none open source. I wanted to create an open source (but not free) application and it required that the license management is also open source. What I found was also overpriced taking into account our budget that was just zero for a part time start-up software (which actually failed business wise miserably, but that is another story). For this reason I created License3j which surprisingly became one of the most used library of my OS projects.

License3j is very simple in terms of business objects. It uses a simple property file and lets the application check the content of the individual fields. The added value is handling electronic signature and checking the authenticity of the license file. Essentially it is hardly more than a single class file.

<dependency>
	<groupId>com.verhas</groupId>
	<artifactId>license3j</artifactId>
	<version>1.0.4</version>
</dependency>

Feel free to use it if you like.

How not to use Java 8 default methods

Warning: you can not make this unseen once you have read

I was talking about the multiple inheritances of default methods in the last blog article and how they behave during compilation and run time. This week I look at how to use default methods to do real inheritance, which actually, default methods were not designed for. For this very reason, please read these lines at your own risk, and do not imply that this is a pattern to be followed, just as well do not imply the opposite. What I write here are some coding technics that can be made using Java 8 but their usability is questionable at least for me. I am also a bit afraid to let some ifrit out of the bottle, but on the other hands, those ifrits just do not stay there anyway. Some day somebody would let it out. At least I attach the warning sign.

Sample problem

A few years ago I worked on an application that used a lot of different types of objects that each had a name. After many classes started to contain

public String getName(){...}
public void setName(String name){...}

methods that were just setters and getters the copy-paste code smell just filled the room unbearable. Therefore we created a class

class HasName {
  public String getName(){...}
  public void setName(String name){...}
}

and each of the classes that had a name, were just extending this class. Actually, it was not working for a long time. There were classes that extended already other classes. In that case, we just tried to move the HasName upward in the inheritance line, but in some cases, it just did not work. As we went up the line reaching for the top we realized that those classes and their some other descendants do not have a name, why to force them? To be honest, in real life it was a bit more complex than just having a name. If it were only names, we could live with it having other classes having names. It was something more complex that would just make the topic even more complicated and believe me: it is going to be complex enough.

Summary: we could not implement having the name for some of the objects implemented in some spare classes. But now we could do that using default methods.

HasName interface with default implementation

Default methods just deliver default functionality. A default method can access the this variable, which is always the object that is implementing the interface and on which behalf the method was invoked. If there is an interface I and class C implements the interface, when a method on a C c object is invoked the variable this is actually the object c. How would you implement getName() and setName()?

These are setters and getters that accessing a String variable that is in the object. You can not access that from the interface. But it is not absolutely necessary that the value is stored IN the object. The only requirement is that whatever is set for an object the same is get. We can store the value somewhere else, one for each object instance. So we need some value that can be paired to an object and the lifetime of the value has to be the same as the lifetime of the object. Does it ring the bell?

It is a weak hash map! Yes, it is. And using that you can easily implement the HasName interface.

public interface HasName {
    class Extensions {
        private static final WeakHashMap<HasName, String> map = new WeakHashMap<>();
    }
    default void setName(String name) {
        Extensions.map.put(this, name);
    }
    default String getName() {
        return Extensions.map.get(this);
    }
}

All you have to do is write at the end of the list of interfaces the class implements HasName and it magically has.

In this example the only value stored is a String. However, you can have instead of String any class and you can implement not only setters and getters but any methods that do something with that class. Presumably, these implementations will be implemented in the class and the default methods will only delegate. You can have the class somewhere else, or as an inner class inside the interface. Matter of taste and style.

Conclusion

Interfaces can not have instance fields. Why? Because in that case, they were not interfaces but classes. Java does not have multiple implementation inheritance. Perhaps it has but “please don’t use it” kind of. The default method is a technological mistake. You can call it a compromise. Something that was needed to retain backward compatibility of JDK libraries when extended with functional methods. Still, you can mimic the fields in interfaces using weak hash maps to get access to the inherited class “vtable” of fields and methods to delegate to. With this, you can do real multiple inheritances. The type that your mother always warned you about. I told you!

Another warning: the above implementation is NOT thread-safe. If you try to use it in multithread environment you may get ConcurrentModificationException or it may even happen that calling get() on a weak hash map gets into infinite loop and never returns. I do not tell how to fix the usage of weak hash maps in this scenario. Or, well, I changed my mind, and I do: use default methods only the way they were designed for.

If you want to know more about the Java 8 features there is a comprehensive and short tutorial on Java Code Geeks at Java 8 Features Tutorial