Testing Accessibility with Accessibility Insights

Posted by Anna Maier on December 9, 2019

There are many tools out there that help you check if your website or webapp is accessible. Most of them do an automatic check based on some accessibility guidelines. Some also provide functionality to do checks yourself, for example, to check the color contrast. The open source tool Accessibility Insights takes a different approach: on top of the usual automated checks there is a set of guided manual checks. This makes it a great tool to learn about accessibility testing and programming.

Read more

“We take your Security Seriously” – part 3

Posted by Martijn van Lambalgen on October 29, 2019

At first, the title of this blog sounds like an excuse. It’s that sentence that almost every company uses ‘after’ they got hacked. (Don’t worry, we didn’t!). According to me it’s a bad excuse if you present it after everything has fallen apart and only then start working on it. You need to work on it every day.

In this series of 3 blog posts we’d like to share a bit of the Serious work we’re doing at TOPdesk to Secure our customers’ data. We’re doing this not just to keep the data safe, but also because Security is an amazingly interesting and fun topic to work on.

In part 1 and part 2 we talked about making all our colleagues aware of the risks, and how we help Developers write Secure code. In this part we’d like to tell you how we’re continuously monitoring our software for suspicious behavior and how we can respond if something needs our attention.

Read more

“We take your Security Seriously” – part 2

Posted by Martijn van Lambalgen on October 14, 2019

At first, the title of this blog sounds like an excuse. It’s that sentence that almost every company uses ‘after’ they got hacked. (Don’t worry, we didn’t!). According to me it’s a bad excuse if you present it after everything has fallen apart and only then start working on it. You need to work on it every day.

In this series of 3 blog posts we’d like to share a bit of the Serious work we’re doing at TOPdesk to Secure our customers’ data. We’re doing this not just to keep the data safe, but also because Security is an amazingly interesting and fun topic to work on.

In part 1 we talked about making all our colleagues aware of the risks. In this part we’d like to tell you how we’re helping our fellow Developers to actually build Secure software.

Read more

“We take your Security Seriously” – part 1

Posted by Martijn van Lambalgen on October 1, 2019

At first, the title of this blog sounds like an excuse. It’s that sentence that almost every company uses ‘after’ they got hacked. (Don’t worry, we didn’t!). According to me it’s a bad excuse if you present it after everything has fallen apart and only then start working on Security. It’s something you need to work on every day. And once you think you’re doing fine, you probably still need to speed up, because attackers continuously improve their skills too.

Although we have no intention of getting hacked anytime soon, we’d like to share with you some of the Serious things we’re doing to take care of your Security. Today the first of three blog posts, in which we’ll talk about awareness and training.

Read more

Summer Internship Development: Improving the release notes webpage

Posted by Juris Majors on August 30, 2019

Motivation

During our summer internship in Tilburg, we worked on improving the current release notes website and the process of distributing release notes information to customers. Currently, release notes for each quarter are manually formatted, translated to PDF’s and then distributed to the customers. Our goal was to improve the website so that process would become less cumbersome.

Furthermore, the quarterly release notes are available only for a fraction of all 13 TOPdesk languages. Partially this is because the notes have always been manually translated and that takes a lot of time. Therefore, we experimented with different services and translator models to see if automatic translations are viable.

After the bootcamp, we spent the remaining 6 weeks of the internship on developing these functionalities.

Enough blabbering… how did we do all of it in one summer?

Read more

First batch of TOPdesk Summer Interns in Tilburg

Posted by Juris Majors on

During the free summer months, a lot of students take up a summer job. Foregoing the sun-filled beaches to make some extra money during their holidays. However, what if you could earn some money and gain valuable experience as a developer? (And still go to the beach during the best internship outing!) 

Well, if this sounds good already, read on to learn about our experience as Software Engineering Interns at the TOPdesk branch in Tilburg.

Who are we?

We are Team Spaghet, the team that has been working on improving the release notes website this summer. We are three students, all with a background in Computer Science and Artificial Intelligence. Our goals during this project were to deliver a great product, have a taste of the life of software developers and learn as much as we can along the way. 

Read more

Building AIKI: the Smart Suggestion AI

Posted by Maxim Marchal on

Developing an AI prototype

Group picture of the team. 6 people smiling

TL;DR: If you want to brush up on your programming skills, make some nice money and work in an environment with clever, friendly people: go do the Development Summer Internship!!

Introduction

Artificial intelligence is the buzzword of the decade, no question about it. While it used to be very difficult to develop an AI product from scratch (unless you were an experienced researcher), now the entry barrier is so low that even students can implement something meaningful. This was the premise of this year’s TOPdesk Development Summer Internship: get a handful of young people with affinity for programming and let them develop a technical product from scratch. The only common denominator for this year’s group was that everyone was highly motivated and a student with at least some experience with programming; besides this, the group was a nice blend of different nationalities, personalities and skillsets.

Read more

Summer Internship Development: The road to RoomSense

Posted by Lucie Oude Luttikhuis on

Imagine, you’re sitting behind your desk, exhausted after building a difficult piece of code. You really need some time to relax. Luckily, TOPdesk has specific game rooms for this purpose, so you ask some colleagues and head to the room. Arriving there you notice that it is occupied, and the people inside mention that they just started their game. It would’ve been nice to know that before your walk. Unfortunately, you didn’t, so even more frustrated you try to get back to work.

As Summer Interns, this is the situation we were trying to solve during this summer. Only six weeks ago, we arrived fresh from our universities to get some working experience. Most of our team members only coded in their computer science courses. Now, we’re almost done with creating a fully working website.

Read more

Success Criteria of WCAG 2.1 Summarized

Posted by Joppe Kroon on July 15, 2019

The WCAG 2.1 update published in 2018 was a backwards compatible, additions only version. It adds 12 new A and AA (and 2 AAA) level success criteria focused on mobile accessibility, people with low vision, and people with cognitive and learning disabilities.

Reading through all the documentation can be intimidating, whereas a checklist can be too brief. Inspired by the session on WCAG 2.1 at NCDT of 2019, this post summarizes each success criterion; hopefully creating a middle ground between the full specifications and a checklist.

At the end of each section you’ll find a link to the “Understanding” document of the success criterion. Here you’ll find all exemptions, recommended techniques, and more.

If you are in fact looking for a checklist, WebAIM has created a checklist of all 2.x success criteria. Alternatively, the How to Meet WCAG (Quick Reference) is always a good place to start.

Read more

Frontend Testing with Jest – Mocks

Posted by Anna Maier on July 5, 2019

Jest is a popular unit testing framework for Javascript. In an earlier post, we have looked in detail on how you can use assertions in Jest unit tests. In this post, let’s look into using mocks in Jest tests.

So, what are mocks?

In unit tests, you want to focus on one functionality only and ignore the logic of functionality you are dependent on. This is where mocks come into the picture. They make it easy to provide dummy objects for dependencies . Additionally, mocks keep track of all interactions with the mock. This way, you can check if your code calls the dependent code in the right way.

Read more

Testing: bugs and emotions

Posted by Bart Klinge on June 5, 2019

While reading the ISTQB handbook (not something I advise you to do) you will sometimes come across stories of testers having difficulty talking to the people who do the coding and how to deal with that. Having to tell the coder that what they created contains bugs or is missing a feature somehow is possibly problematic and how to tell them is supposed to be a skill testers should have or develop.

Read more

Raising awareness about Accessibility

Posted by Anna Maier on May 24, 2019

“Software programs should be usable by everyone.”

I think everyone can agree with that statement. Unfortunately, there is some extra work needed to make a program truly accessible. Even worse, this is often only thought of in the last bit of a project. This leads to accessibility often being cut out because of time and budget constraints. If accessibility would be considered from the start, it could be built in more easily. But how can we make us as developers more aware so that we actively think about accessibility when building the software?

Our answer: let’s experience first hand how (in)accessible our software is!

We decided to host an accessibility challenge for our colleagues. Read below how this turned out…

Read more

Frontend Testing with Jest – Assertions deep dive

Posted by Anna Maier on April 29, 2019

When it comes to frontend testing, most developers think of slow tests using selenium and a connected browser in an error prone setup. With more and more logic moving to the frontend, this picture is now slowly changing. Modern javascript testing frameworks make it possible to run tests fast and reliably.

Read more

Preparing (and cheating on) an ignite talk

Posted by Joep Weijers on February 5, 2019

An igniting matchIn an ignite talk, a speaker has 20 slides to present a topic to you. The slides automatically advance every 15 seconds, so they have exactly 5 minutes to get their point across. Topics typically include quick pitches of software tools, methodologies, but fun topics are also game: I’ve seen a speed course Dutch, and a talk about coffee.
Read more

What all Developers Need to Know about: Threat Modeling

Posted by Martijn van Lambalgen on December 11, 2018

— This post is part of a series of blog posts about all kinds of Security topics for Developers —

Threat modeling is a process which far too few developers know about. It is a process that does what the name suggests: It helps you to model all threats to your application. Basically you make a list of threats, but in a structured way, such that you can assess the risks, and decide what to do about them.

Read more

6 ways to make your alerting less boring (and more effective!)

Posted by Joep Weijers on November 8, 2018

Imagine you are a developer and you have just pushed a change that breaks the build. The Continuous Integration system, Jenkins in our case, sends you an email to notify you about this failure. BORING! Here are six examples that you can use to spice up your alerting and motivate your Development and Operations teams to react to alerts faster.
Read more

What all Developers need to know about: Data Security vs. Data Privacy

Posted by Martijn van Lambalgen on November 5, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Recently I’ve been doing a lot of work for Data Privacy at TOPdesk. Since May 2018 the GDPR is in effect, so our developers need to be aware of the consequences. Since I’m mostly a security guy, I was wondering about the differences and similarities between Data Security and Data Privacy. Do they have the same goal? Can you use the same approach? Or is there a trade-off?

Read more

What all Developers need to know about: CORS

Posted by Simon Lenz on October 2, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

In today’s article, we want to have a closer look at cross-origin resource sharing to see how it can help making your web application a little safer. Or more correctly, help giving you more control over the security of your application.
But before we can dive into talking about CORS, we need to explain the SOP.

Read more

GDPR – What do Developers need to Think about?

Posted by Martijn van Lambalgen on September 20, 2018

GDPR

Since May 25th 2018 the European privacy law GDPR is effective. Although everybody knows this is all about privacy and respecting the customer’s data, it may not always be clear for you as a developer what is expected of you. Basically there are 6 principles in the GDPR that we need to follow. I’ll try to shed some light on the principles with practical examples to make you understand better what to think of during your daily work.

Read more

What all Developers need to know about: Session management

Posted by Martijn van Lambalgen on September 3, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

The HTTP protocol is stateless, meaning that the server is not required to store state information for a conversation. This simplifies the protocol a lot, but there are often situations where keeping state is desired. For example, you don’t want users to send their login credentials with each request. To prevent having to reauthenticate all the time, sessions were invented. Sessions are great because they allow the user to authenticate once, and then stop thinking about it. However, hackers also find them great, because if sessions leak, the hacker doesn’t need to authenticate either to use your account. So, how do we do proper session management and prevent session data from falling into the wrong hands?

Read more

Resources for Exploratory Testing

Posted by Hazel Hollis on August 30, 2018

What is Exploratory Testing?

In scripted testing you follow a script that tells you where to click, what to enter, and what to expect. Freestyle exploratory testing does not rely on scripts, but rather on the experience and intelligence of the tester. As you go you change your plan and approach based on what you have seen so far, just as you would when exploring an island or a new city.

Exploratory testing is not ‘just clicking around randomly’. It is quite the opposite. Good exploratory testing demands critical thinking, an eye for detail, a good deal of imagination and a natural curiosity for “what if”’s. It takes expertise, intuition and practice.

Exploratory testing is perhaps the most difficult and skilled form of manual testing. So I’ve gathered a few of my favourite resources to help you on your way.

 

Read more

How to Organise a Bug Hunt in Six Easy Steps

Posted by Hazel Hollis on August 29, 2018

In this blog, I want to share my experiences in organising a bug hunt. Testers at my organisation formed teams, who then set about testing a piece of the software that my own team had developed. It was a great learning experience for everyone involved, and something I’d highly recommend.

 

What is a Bug Hunt?

During a bug hunt, a Test Owner presents two teams (of two or more people) with a piece of software to be tested. The Test Owner provides some basic information, and the teams get to work testing the product. At the end of the session, they report their findings back to the Test Owner. The activity can be seen as training in how to organise and communicate testing, but is also a fun way to learn a new piece of software.

 

How Do You Organise a Bug Hunt?

Here are a few insights from my first experience as Test Owner. One of the hardest things for me was estimating how complex to make the test object. The most enriching on the other hand was seeing other testers dissect software that I had helped build. Because the teams were distributed, I also picked up tips on how to make working remotely go smoother.

Your experience will undoubtedly be a personal one. Nevertheless, the tips below will make the first time much easier.

Read more

One software, many customers – Are you truly agile?

Posted by Tobias Spöcker on August 2, 2018

Does your company consider itself to do agile development?

Is the Software you produce delivered to a huge customer base?

Have you ever wondered if you and your organization really follow the practices of the agile manifesto?

If yes then this is a good read for you. At TOPdesk we reached the size of a company that can no longer be labeled small. With over 600 employees across 14 countries we list ourselves as a mid size company. Although we are not a large-scale enterprise yet I figured we are already facing the downsides such an organization comes with.

Before I go into more detail about that, I would like to briefly state the agile manifesto’s core values before I set them into contrast with the practices in our company.

Read more

What all Developers need to know about: Security Headers

Posted by Martijn van Lambalgen on August 1, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Adding security headers is usually a quick win when improving the security of your web application, but nowadays there’s so many to choose from. Or shouldn’t you choose at all? Why not add all of them? How does this work? We tried to make an overview of which headers improve your security, and what they actually try to achieve for you.

Let’s start at the beginning. The HTTP protocol tells you to specify the HTTP protocol version, add a bunch of headers and optionally include a body for your request/response. The response headers can be thought of as meta data to the response, or as additional instructions for the browser. E.g. it tells the browser which content type the reponse page has, what server handled the request, or how long the requested resource can be cached. Below is an example of an HTTP response. The relevant security headers are marked in red.

Read more

What all Developers need to know about: Leaking version information

Posted by Yannick Mortier on July 9, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Security experts, penetration testers, developers, administrators, and anyone else who creates or deploys software will often ask the question “Just how closely should I guard the version numbers of software and libraries that I use?”

Today, we are going to look at some answers to that question, and why we might choose one approach over another.

Read more

What all Developers need to know about TLS 1.0

Posted by Martijn van Lambalgen on June 4, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

TLS stands for Transport Layer Security and it is a cryptographic protocol to secure communication over a network. This is what is used when you type ‘https’ instead of ‘http’ in your browser to communicate with a server, but it is also used to secure other end-to-end communications like email, voice-over-IP or DNS. TLS is the successor of SSL (Secure Sockets Layer). Many people still use the word SSL when they actually mean a TLS connection. SSL is old and deprecated. Just like SSL, TLS 1.0 has been found to be insecure. This is why TOPdesk is slowly going to drop support for this protocol version in favor of version 1.2 (and soon also 1.3).  Here we’ll discuss what you need to know of TLS 1.0.

Read more

What all Developers need to know about: Reverse Tabnabbing

Posted by Martijn van Lambalgen on May 2, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

It’s been a while ago when I first heard about reverse tabnabbing. Initially I didn’t think much of it, because exploits are not always straightforward. At TOPdesk we fixed any potential issues some time ago, but recently it’s getting more attention. I always applaud it when security topics get more attention, and therefore I’d like to explain here how we approach this at TOPdesk.

“Reverse tabnabbing” you say? What are you talking about? Never heard of this thing. Okay, so apparently it hasn’t gotten enough attention yet. Reverse tabnabbing can easily lead to some nasty phishing attacks. I originally read this article by Mathias Bynens on rel=noopener. It explains (and demonstrates) that if a site has a link to an external domain, and when you click the link, the site on the other domain gets full control over the parent’s  window object.

Read more

What all Developers need to know about: Password guidelines

Posted by Martijn van Lambalgen on April 4, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

It’s time for our monthly security blog again.  Almost a year ago NIST published a new version of their password and digital identity recommendations. What are those recommendations, and why have they changed?

The new recommendations put an end to many of the crappy guidelines that we all hated, like requiring all kinds of special characters in your password, or having to change the password every x weeks. Slowly, people start to understand that these were not very good guidelines as they weren’t very well aligned with human behaviour.

Are you an ambulance driver, and need a password? Try ‘ambulance’. If the system also requires numbers, what about ‘ambulance1’? Special characters? Good chance that you will select ‘ambulance1!’. And next month, when the password needs to be changed, it will be ‘ambulance2!’, and so on. That’s what happens when you try to annoy people with these requirements. It gets ‘less’ secure, instead of ‘more’.

Read more

What all Developers need to know about: CSRF

Posted by Yannick Mortier on March 19, 2018

— This post is part of a series of blog posts about all kinds of Security topics for Developers —

Imagine the following: You set up your blog a while ago. Everything is running smoothly. You add a few plugins here and there to make managing it easier, and you are using a custom theme so it looks enticing to new visitors.

One day, on a routine check of the comments you received, you decide to investigate one comment a bit more closely since it contains a link. You don’t want to end up supporting spam messages, so you decide to click the link and see what it’s all about.
Read more

What all Developers need to know about: Cookie Security

Posted by Martijn van Lambalgen on February 13, 2018

— This post is part of a series of blog posts about all kinds of Security topics for Developers —

Cookies are small packets of data which a server can send to your browser to store some configuration or personal data. The browser automatically sends them along with all requests to that same server. The contents are usually very interesting to hackers, so it’s important to know how to secure these cookies. Fortunately there are a lot of things you can do to improve cookie security. So… what do you need to know?

Read more

What all Developers need to know about: Clickjacking

Posted by Martijn van Lambalgen on January 17, 2018

— This post is part of a series of blog post about all kinds of Security topics for Developers —

Clickjacking is still one of those amazingly simple attacks that are also easy to prevent. That is, if you know what clickjacking is, because considering the amount of websites that are vulnerable, not many developers know about this.

In a clickjacking attack, an attacker attempts to ‘hijack’ clicks by making the user think he is clicking something else. The basic idea here is that the attacker loads the thing he wants you to click on in an invisible iframe and then shows you something else. For example, you may see a button ‘Click here to get a Free iPad’, but when trying to click it the button, the click-event goes to a ‘Transfer $1000,- from my creditcard’ button in the invisible iframe. Clickjacking may cause all kinds of harm to the user. E.g. the hacker may get access to your webcam, steal money, send emails on your behalf, or worse… It is possible to hijack basically any type of event in the browser (like mouse events or key strokes) if the website that executes that action is not properly secured.

Read more

Rolling updates in Kubernetes

Posted by Martijn van Lambalgen on January 8, 2018

So, you want to do rolling updates of your services in Kubernetes to achieve zero-downtime? That’s what we wanted to reach too, and what we’re doing now (mostly). Our journey involved quite a bit of research, filling of gaps in our lacking knowledge, learning from a multitude of mistakes, and a fair bit of trial and error. To make your journey more efficient, here is what we learned.

Read more

Design Sprint for the Enterprise – made visual

Posted by Katalin Doczi on November 28, 2017

In the past 2 years, we have been experimenting with a relatively new framework called a Design Sprint. We try to apply it at the start of our new projects. We really liked the concept but lacked a resource that explained how to do a Design Sprint in visuals. So we created a Design Sprint hand-out ourselves.

 

“What is a Design Sprint?” – you might ask.

 

Well, to stay brief and to the point, it is a framework of 5 days of activities that can help your product team validate new product concepts super quick with your future audience – your users – without the need to build anything… wow!

Validate in the shortest amount of time
Validate in the shortest amount of time

We at TOPdesk find it really important to include developers (a Scrum team) early on in the product development process for multiple reasons;

  1. To establish a shared understanding of the business goals (viability) with important project stakeholders
  2. Their insights are crucial during concept development from their respective field(s) (technological feasibility)
  3. To build empathy towards the target users of the project (desirability) with the team who will actually build the product

We believe that Design Sprints can help to a great extent to reach these objectives. While there is a tremendous amount of information to be found about this method online, we (the UX design team at TOPdesk) wanted to provide a brief visual overview to participants of Design Sprints about how we use this framework in the context of the work we do at TOPdesk.

We have noticed in the past years that our developers sometimes felt uncomfortable attending these weeks, simply because the word “Design Sprint” left them with doubts.

“I’m not a designer, what will I be doing there?” 

“Wow, I cannot draw, why do they want me to attend?”

In our Design Sprint Handout,  we provide short visual examples of each exercise during a Design Sprint. We hope that this booklet will help anyone to understand that Design Sprints are not about how good you draw. They are about building a concept together as a team and validating if you are on the right track with users, during a course of a week.

 

cover_ds handout

 

Today, almost 2 years later and after having roughly 10 Design Sprints behind us, we are happy to have a handbook that can be used by any designer, Scrum Master, or creative facilitator to give them a kick-start in running workshops like the Design Sprint. The handbook can also be used to just get inspired by these methods, as the methods described in the booklet could be applied anytime during the development process.

If you want to get a better understanding of what the process behind a Design Sprint at TOPdesk looks like and understand why so many of us are excited about it, then go ahead, download it! Feel free to use it, share it or just simply read it to learn more about this great approach to lean and user-centered software development!

Feedback is always welcome, just like sharing is caring 😊

 

20170125_140349

 

 

Pipelines: breaking the wall between Dev and Ops

Posted by Joep Weijers on October 11, 2017

At TOPdesk our Development department is working closely together with our Operations department. This collaboration started off a bit rough, but through several initiatives this was smoothed out. In this post I’d like to show how we used Deployment Pipelines to break down the wall between Development and Operations.

Read more

Software developer Viktor Tamás: you’re never done learning

Posted by Fijke Roelofsen on August 28, 2017

How do you become the best software developer you can be? We talked to Viktor about it. He works at TOPdesk’s office in Budapest and besides being a great programmer, he’s also got an adventurous streak. Curious how Viktor brings programming to the outdoors? Keep reading!

 

Read more

Five Free Web-based Tools for Exploratory Testing API Responses

Posted by Hazel Hollis on August 7, 2017

How to test whether your API can handle anomalous HTTP responses.

Today I was exploratory testing my Service, which performs sequential HTTP requests that depend on the response of the previous request. I wanted to find out how our API would handle a variety of HTTP responses. I also wanted to see what would happen if things went wrong. What if the response contains an image? Or an error code? Or what if there was a timeout?

To answer these questions as quickly and easily as possible I ventured on to the web. With some effort, I found what I was looking for, and on the way I discovered a few tools that are just great for exploratory testing your API’s response handling. If you test or debug API’s on a regular basis, here are a few free tools you’ll definitely want to check out.

 

Read more

Getting Docker Security Right

Posted by Martijn van Lambalgen on July 21, 2017

I started working with Docker at TOPdesk almost a year ago. Security is an interest of mine, so I did some research. You can’t look at Docker without thinking about Microservices, although they are separate topics. It is often said that Microservices can greatly improve your security. But also, that if you do it wrong, security can actually get worse.
So, what do you need to do to improve (Docker) security, rather than get rid of it? For most security concerns there is already a good solution, although not all of them are widely adopted. Let’s have a look at our concerns and how we take care of them.

Read more

TOPdesk comic #4

Posted by Bogdán Bikics on July 11, 2017

(Don’t get us wrong. We actually like it.)

Exploring Trends in Testing

Posted by Hazel Hollis on June 23, 2017

TestNet Spring Conference: Trends in Testing

20YearsTestNetNBC

A week or two ago I went to the TestNet 2017 Spring Event. I’m not going to recount the content of each talk or workshop I attended. Instead I want to combine this event with my experience at other conferences, and give you an overview of the biggest trends in agile testing right now.

 

Read more

JavaScript based server for JavaScript, Java based server for Java

Posted by Orsika Labuda on May 16, 2017

Node.js and Express server as seen by a Java developer

Introduction

This post is about Node.js basics, mainly from a pragmatic point of view. The majority of TOPdesk developers have a Java background (I previously focused on backend), but during the development of my latest project my team decided to use Node.js. We have surprisingly positive feelings about it, and we think it is worth sharing our experiences.

Read more

Performance testing for web applications: a quick guide

Posted by Corina Stratan on April 27, 2017

Today we use the web for almost everything. With continuously growing numbers of users for their web applications, developers face the issues of performance and scalability more than ever. This is also the case here at TOPdesk: while there used to be a small group of people developing performance tests, we now aim for the goal that each development team is able to write and run their own tests. To make it easier for teams who are new to this, we are collecting guidelines and documentation. Here is an introduction into performance testing with pointers for further reading.

Contents

  1. Which parts to test
  2. How to model the workload
  3. How much load to apply
  4. Where and when to run the tests

Read more

International Hackathons: Tinkering Time, Freedom and Responsibility

Posted by Hazel Hollis on March 29, 2017

TOPdesk International Hackathon

What makes TOPdesk TOPdesk? When you ask around, it all comes back to our corporate culture. TOPdesk gives its employees freedom to explore and experiment, coupled with the responsibility to use this wisely. Just one example of this is our International Hackathons, where self-selecting teams work on a project of choice. At the latest International Hackathon, TOPdesk colleagues from all over Europe gathered together in Kaiserslautern for three days of innovation and fun.

 

Hackathons – An Agile Development Microcosm

International Hackathons at TOPdesk are a microcosm for the way that TOPdesk tackles the challenges of Agile Development. Nobody is going to breathe down your neck and tell you how to do your work. No, sir.

Instead, we give individuals the space to experiment. Teams look critically at their own processes, and select those methods that lead to the best results. You see this in the variety of tools and techniques in use at our (currently) sixteen Scrum teams. I want to share a few of the tools my International Hackathon team selected to make our project a success. Come, take a peek into the world of Agile Development at TOPdesk.

 

At the core of the TOPdesk culture are freedom and responsibility.

 

Read more

Put EVERYTHING in version control!

Posted by Joep Weijers on March 15, 2017

Screenshot of Revision HistoryThe whole software world is backed by Version Control Systems, providing history and traceability to code changes. But you don’t have to restrict its usage to code. Read on to learn how TOPdesk enjoys the benefits of a VCS by employing it in 5 alternative ways.

1. Documentation:

You want your documentation to live as close as possible to the code it describes. Putting your documentation right next to the code in a VCS allows you to keep both up to date. People who work with a certain revision are automatically presented with the relevant documentation for that version.
Read more

Senior Software Developer Roel Spilker: “The best code is no code at all”

Posted by Leo Kranenburg on March 6, 2017

Few people possess the knowledge that TOPdesk’s senior developer Roel Spilker has about Java. Not only is he actively working with this programming language since 1999, he is also co-inventor and creator of Lombok. This is a game-changing tool that enables tens of thousands Java programmers on a daily basis to code quicker and prevents them from making mistakes. “In many cases I wonder how to improve the code.” But how does he do it? And what can other developers learn from this in order to keep improving their developer skills?

Read more

DIY Flower for Valentine’s Day

Posted by TOPdesk on February 14, 2017

Today is the very first Valentine’s Day since we launched our Techblog. We would like to take the opportunity to thank you, our readers, with a puzzle! Take a small break from coding to complete the following analogue challenge:

TOPdesk-sends-you-flowers

Some TOPdesk developers master this skill already. As a result, you will often find our workspaces and huddle rooms cheerfully decorated with colorful flowers and swans.

Download the TOPdesk_DIY_fold-flower_2017

Code Reviews Done Right

Posted by Martijn van Lambalgen on January 20, 2017

(This story originally appeared on https://martijnvanlambalgen.wordpress.com/2016/12/27/code-reviews/)

Recently, I’ve read several articles, and heard multiple discussions on the quality of code reviews. To order my thoughts on this topic, I decided to write down my own ideas. Perhaps it helps someone, or it might lead to even more discussions.

So, what is a good code review? Obviously it depends on the situation. How big is the code change, how important is the feature, how many people are going to read that particular piece of code in the future, are there deadlines, etc. Let’s focus on the situation where there’s a reasonable amount of time available (no emergency fixes), for a feature change that has average importance, in a medium-sized team. Note that when I talk about a ‘code review’, usually I don’t just do a review of the ‘code’, but also of all the other parts my colleague has worked on. According to me the reviewer should for example also look at design and documentation, and check whether the acceptance requirements for the story have been met.

Read more