6 ways to make your alerting less boring (and more effective!)

Posted by Joep Weijers on November 8, 2018

Imagine you are a developer and you have just pushed a change that breaks the build. The Continuous Integration system, Jenkins in our case, sends you an email to notify you about this failure. BORING! Here are six examples that you can use to spice up your alerting and motivate your Development and Operations teams to react to alerts faster.
Read more

What all Developers need to know about: Data Security vs. Data Privacy

Posted by Martijn van Lambalgen on November 5, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Recently I’ve been doing a lot of work for Data Privacy at TOPdesk. Since May 2018 the GDPR is in effect, so our developers need to be aware of the consequences. Since I’m mostly a security guy, I was wondering about the differences and similarities between Data Security and Data Privacy. Do they have the same goal? Can you use the same approach? Or is there a trade-off?

Read more

What all Developers need to know about: CORS

Posted by Simon Lenz on October 2, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

In today’s article, we want to have a closer look at cross-origin resource sharing to see how it can help making your web application a little safer. Or more correctly, help giving you more control over the security of your application.
But before we can dive into talking about CORS, we need to explain the SOP.

Read more

GDPR – What do Developers need to Think about?

Posted by Martijn van Lambalgen on September 20, 2018

GDPR

Since May 25th 2018 the European privacy law GDPR is effective. Although everybody knows this is all about privacy and respecting the customer’s data, it may not always be clear for you as a developer what is expected of you. Basically there are 6 principles in the GDPR that we need to follow. I’ll try to shed some light on the principles with practical examples to make you understand better what to think of during your daily work.

Read more

What all Developers need to know about: Session management

Posted by Martijn van Lambalgen on September 3, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

The HTTP protocol is stateless, meaning that the server is not required to store state information for a conversation. This simplifies the protocol a lot, but there are often situations where keeping state is desired. For example, you don’t want users to send their login credentials with each request. To prevent having to reauthenticate all the time, sessions were invented. Sessions are great because they allow the user to authenticate once, and then stop thinking about it. However, hackers also find them great, because if sessions leak, the hacker doesn’t need to authenticate either to use your account. So, how do we do proper session management and prevent session data from falling into the wrong hands?

Read more

Resources for Exploratory Testing

Posted by Hazel Hollis on August 30, 2018

What is Exploratory Testing?

In scripted testing you follow a script that tells you where to click, what to enter, and what to expect. Freestyle exploratory testing does not rely on scripts, but rather on the experience and intelligence of the tester. As you go you change your plan and approach based on what you have seen so far, just as you would when exploring an island or a new city.

Exploratory testing is not ‘just clicking around randomly’. It is quite the opposite. Good exploratory testing demands critical thinking, an eye for detail, a good deal of imagination and a natural curiosity for “what if”’s. It takes expertise, intuition and practice.

Exploratory testing is perhaps the most difficult and skilled form of manual testing. So I’ve gathered a few of my favourite resources to help you on your way.

 

Read more

How to Organise a Bug Hunt in Six Easy Steps

Posted by Hazel Hollis on August 29, 2018

In this blog, I want to share my experiences in organising a bug hunt. Testers at my organisation formed teams, who then set about testing a piece of the software that my own team had developed. It was a great learning experience for everyone involved, and something I’d highly recommend.

 

What is a Bug Hunt?

During a bug hunt, a Test Owner presents two teams (of two or more people) with a piece of software to be tested. The Test Owner provides some basic information, and the teams get to work testing the product. At the end of the session, they report their findings back to the Test Owner. The activity can be seen as training in how to organise and communicate testing, but is also a fun way to learn a new piece of software.

 

How Do You Organise a Bug Hunt?

Here are a few insights from my first experience as Test Owner. One of the hardest things for me was estimating how complex to make the test object. The most enriching on the other hand was seeing other testers dissect software that I had helped build. Because the teams were distributed, I also picked up tips on how to make working remotely go smoother.

Your experience will undoubtedly be a personal one. Nevertheless, the tips below will make the first time much easier.

Read more

One software, many customers – Are you truly agile?

Posted by Tobias Spöcker on August 2, 2018

Does your company consider itself to do agile development?

Is the Software you produce delivered to a huge customer base?

Have you ever wondered if you and your organization really follow the practices of the agile manifesto?

If yes then this is a good read for you. At TOPdesk we reached the size of a company that can no longer be labeled small. With over 600 employees across 14 countries we list ourselves as a mid size company. Although we are not a large-scale enterprise yet I figured we are already facing the downsides such an organization comes with.

Before I go into more detail about that, I would like to briefly state the agile manifesto’s core values before I set them into contrast with the practices in our company.

Read more

What all Developers need to know about: Security Headers

Posted by Martijn van Lambalgen on August 1, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Adding security headers is usually a quick win when improving the security of your web application, but nowadays there’s so many to choose from. Or shouldn’t you choose at all? Why not add all of them? How does this work? We tried to make an overview of which headers improve your security, and what they actually try to achieve for you.

Let’s start at the beginning. The HTTP protocol tells you to specify the HTTP protocol version, add a bunch of headers and optionally include a body for your request/response. The response headers can be thought of as meta data to the response, or as additional instructions for the browser. E.g. it tells the browser which content type the reponse page has, what server handled the request, or how long the requested resource can be cached. Below is an example of an HTTP response. The relevant security headers are marked in red.

Read more

What all Developers need to know about: Leaking version information

Posted by Yannick Mortier on July 9, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

Security experts, penetration testers, developers, administrators, and anyone else who creates or deploys software will often ask the question “Just how closely should I guard the version numbers of software and libraries that I use?”

Today, we are going to look at some answers to that question, and why we might choose one approach over another.

Read more

What all Developers need to know about TLS 1.0

Posted by Martijn van Lambalgen on June 4, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

TLS stands for Transport Layer Security and it is a cryptographic protocol to secure communication over a network. This is what is used when you type ‘https’ instead of ‘http’ in your browser to communicate with a server, but it is also used to secure other end-to-end communications like email, voice-over-IP or DNS. TLS is the successor of SSL (Secure Sockets Layer). Many people still use the word SSL when they actually mean a TLS connection. SSL is old and deprecated. Just like SSL, TLS 1.0 has been found to be insecure. This is why TOPdesk is slowly going to drop support for this protocol version in favor of version 1.2 (and soon also 1.3).  Here we’ll discuss what you need to know of TLS 1.0.

Read more

What all Developers need to know about: Reverse Tabnabbing

Posted by Martijn van Lambalgen on May 2, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

It’s been a while ago when I first heard about reverse tabnabbing. Initially I didn’t think much of it, because exploits are not always straightforward. At TOPdesk we fixed any potential issues some time ago, but recently it’s getting more attention. I always applaud it when security topics get more attention, and therefore I’d like to explain here how we approach this at TOPdesk.

“Reverse tabnabbing” you say? What are you talking about? Never heard of this thing. Okay, so apparently it hasn’t gotten enough attention yet. Reverse tabnabbing can easily lead to some nasty phishing attacks. I originally read this article by Mathias Bynens on rel=noopener. It explains (and demonstrates) that if a site has a link to an external domain, and when you click the link, the site on the other domain gets full control over the parent’s  window object.

Read more

What all Developers need to know about: Password guidelines

Posted by Martijn van Lambalgen on April 4, 2018

— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —

It’s time for our monthly security blog again.  Almost a year ago NIST published a new version of their password and digital identity recommendations. What are those recommendations, and why have they changed?

The new recommendations put an end to many of the crappy guidelines that we all hated, like requiring all kinds of special characters in your password, or having to change the password every x weeks. Slowly, people start to understand that these were not very good guidelines as they weren’t very well aligned with human behaviour.

Are you an ambulance driver, and need a password? Try ‘ambulance’. If the system also requires numbers, what about ‘ambulance1’? Special characters? Good chance that you will select ‘ambulance1!’. And next month, when the password needs to be changed, it will be ‘ambulance2!’, and so on. That’s what happens when you try to annoy people with these requirements. It gets ‘less’ secure, instead of ‘more’.

Read more

What all Developers need to know about: CSRF

Posted by Yannick Mortier on March 19, 2018

— This post is part of a series of blog posts about all kinds of Security topics for Developers —

Imagine the following: You set up your blog a while ago. Everything is running smoothly. You add a few plugins here and there to make managing it easier, and you are using a custom theme so it looks enticing to new visitors.

One day, on a routine check of the comments you received, you decide to investigate one comment a bit more closely since it contains a link. You don’t want to end up supporting spam messages, so you decide to click the link and see what it’s all about.
Read more

What all Developers need to know about: Cookie Security

Posted by Martijn van Lambalgen on February 13, 2018

— This post is part of a series of blog posts about all kinds of Security topics for Developers —

Cookies are small packets of data which a server can send to your browser to store some configuration or personal data. The browser automatically sends them along with all requests to that same server. The contents are usually very interesting to hackers, so it’s important to know how to secure these cookies. Fortunately there are a lot of things you can do to improve cookie security. So… what do you need to know?

Read more

What all Developers need to know about: Clickjacking

Posted by Martijn van Lambalgen on January 17, 2018

— This post is part of a series of blog post about all kinds of Security topics for Developers —

Clickjacking is still one of those amazingly simple attacks that are also easy to prevent. That is, if you know what clickjacking is, because considering the amount of websites that are vulnerable, not many developers know about this.

In a clickjacking attack, an attacker attempts to ‘hijack’ clicks by making the user think he is clicking something else. The basic idea here is that the attacker loads the thing he wants you to click on in an invisible iframe and then shows you something else. For example, you may see a button ‘Click here to get a Free iPad’, but when trying to click it the button, the click-event goes to a ‘Transfer $1000,- from my creditcard’ button in the invisible iframe. Clickjacking may cause all kinds of harm to the user. E.g. the hacker may get access to your webcam, steal money, send emails on your behalf, or worse… It is possible to hijack basically any type of event in the browser (like mouse events or key strokes) if the website that executes that action is not properly secured.

Read more

Rolling updates in Kubernetes

Posted by Martijn van Lambalgen on January 8, 2018

So, you want to do rolling updates of your services in Kubernetes to achieve zero-downtime? That’s what we wanted to reach too, and what we’re doing now (mostly). Our journey involved quite a bit of research, filling of gaps in our lacking knowledge, learning from a multitude of mistakes, and a fair bit of trial and error. To make your journey more efficient, here is what we learned.

Read more

Design Sprint for the Enterprise – made visual

Posted by Katalin Doczi on November 28, 2017

In the past 2 years, we have been experimenting with a relatively new framework called a Design Sprint. We try to apply it at the start of our new projects. We really liked the concept but lacked a resource that explained how to do a Design Sprint in visuals. So we created a Design Sprint hand-out ourselves.

 

“What is a Design Sprint?” – you might ask.

 

Well, to stay brief and to the point, it is a framework of 5 days of activities that can help your product team validate new product concepts super quick with your future audience – your users – without the need to build anything… wow!

Validate in the shortest amount of time
Validate in the shortest amount of time

We at TOPdesk find it really important to include developers (a Scrum team) early on in the product development process for multiple reasons;

  1. To establish a shared understanding of the business goals (viability) with important project stakeholders
  2. Their insights are crucial during concept development from their respective field(s) (technological feasibility)
  3. To build empathy towards the target users of the project (desirability) with the team who will actually build the product

We believe that Design Sprints can help to a great extent to reach these objectives. While there is a tremendous amount of information to be found about this method online, we (the UX design team at TOPdesk) wanted to provide a brief visual overview to participants of Design Sprints about how we use this framework in the context of the work we do at TOPdesk.

We have noticed in the past years that our developers sometimes felt uncomfortable attending these weeks, simply because the word “Design Sprint” left them with doubts.

“I’m not a designer, what will I be doing there?” 

“Wow, I cannot draw, why do they want me to attend?”

In our Design Sprint Handout,  we provide short visual examples of each exercise during a Design Sprint. We hope that this booklet will help anyone to understand that Design Sprints are not about how good you draw. They are about building a concept together as a team and validating if you are on the right track with users, during a course of a week.

 

cover_ds handout

 

Today, almost 2 years later and after having roughly 10 Design Sprints behind us, we are happy to have a handbook that can be used by any designer, Scrum Master, or creative facilitator to give them a kick-start in running workshops like the Design Sprint. The handbook can also be used to just get inspired by these methods, as the methods described in the booklet could be applied anytime during the development process.

If you want to get a better understanding of what the process behind a Design Sprint at TOPdesk looks like and understand why so many of us are excited about it, then go ahead, download it! Feel free to use it, share it or just simply read it to learn more about this great approach to lean and user-centered software development!

Feedback is always welcome, just like sharing is caring 😊

 

20170125_140349

 

 

Pipelines: breaking the wall between Dev and Ops

Posted by Joep Weijers on October 11, 2017

At TOPdesk our Development department is working closely together with our Operations department. This collaboration started off a bit rough, but through several initiatives this was smoothed out. In this post I’d like to show how we used Deployment Pipelines to break down the wall between Development and Operations.

Read more

Software developer Viktor Tamás: you’re never done learning

Posted by Fijke Roelofsen on August 28, 2017

How do you become the best software developer you can be? We talked to Viktor about it. He works at TOPdesk’s office in Budapest and besides being a great programmer, he’s also got an adventurous streak. Curious how Viktor brings programming to the outdoors? Keep reading!

 

Read more

Five Free Web-based Tools for Exploratory Testing API Responses

Posted by Hazel Hollis on August 7, 2017

How to test whether your API can handle anomalous HTTP responses.

Today I was exploratory testing my Service, which performs sequential HTTP requests that depend on the response of the previous request. I wanted to find out how our API would handle a variety of HTTP responses. I also wanted to see what would happen if things went wrong. What if the response contains an image? Or an error code? Or what if there was a timeout?

To answer these questions as quickly and easily as possible I ventured on to the web. With some effort, I found what I was looking for, and on the way I discovered a few tools that are just great for exploratory testing your API’s response handling. If you test or debug API’s on a regular basis, here are a few free tools you’ll definitely want to check out.

 

Read more

Getting Docker Security Right

Posted by Martijn van Lambalgen on July 21, 2017

I started working with Docker at TOPdesk almost a year ago. Security is an interest of mine, so I did some research. You can’t look at Docker without thinking about Microservices, although they are separate topics. It is often said that Microservices can greatly improve your security. But also, that if you do it wrong, security can actually get worse.
So, what do you need to do to improve (Docker) security, rather than get rid of it? For most security concerns there is already a good solution, although not all of them are widely adopted. Let’s have a look at our concerns and how we take care of them.

Read more

TOPdesk comic #4

Posted by Bogdán Bikics on July 11, 2017

(Don’t get us wrong. We actually like it.)

Exploring Trends in Testing

Posted by Hazel Hollis on June 23, 2017

TestNet Spring Conference: Trends in Testing

20YearsTestNetNBC

A week or two ago I went to the TestNet 2017 Spring Event. I’m not going to recount the content of each talk or workshop I attended. Instead I want to combine this event with my experience at other conferences, and give you an overview of the biggest trends in agile testing right now.

 

Read more

JavaScript based server for JavaScript, Java based server for Java

Posted by Orsika Labuda on May 16, 2017

Node.js and Express server as seen by a Java developer

Introduction

This post is about Node.js basics, mainly from a pragmatic point of view. The majority of TOPdesk developers have a Java background (I previously focused on backend), but during the development of my latest project my team decided to use Node.js. We have surprisingly positive feelings about it, and we think it is worth sharing our experiences.

Read more

Performance testing for web applications: a quick guide

Posted by Corina Stratan on April 27, 2017

Today we use the web for almost everything. With continuously growing numbers of users for their web applications, developers face the issues of performance and scalability more than ever. This is also the case here at TOPdesk: while there used to be a small group of people developing performance tests, we now aim for the goal that each development team is able to write and run their own tests. To make it easier for teams who are new to this, we are collecting guidelines and documentation. Here is an introduction into performance testing with pointers for further reading.

Contents

  1. Which parts to test
  2. How to model the workload
  3. How much load to apply
  4. Where and when to run the tests

Read more

International Hackathons: Tinkering Time, Freedom and Responsibility

Posted by Hazel Hollis on March 29, 2017

TOPdesk International Hackathon

What makes TOPdesk TOPdesk? When you ask around, it all comes back to our corporate culture. TOPdesk gives its employees freedom to explore and experiment, coupled with the responsibility to use this wisely. Just one example of this is our International Hackathons, where self-selecting teams work on a project of choice. At the latest International Hackathon, TOPdesk colleagues from all over Europe gathered together in Kaiserslautern for three days of innovation and fun.

 

Hackathons – An Agile Development Microcosm

International Hackathons at TOPdesk are a microcosm for the way that TOPdesk tackles the challenges of Agile Development. Nobody is going to breathe down your neck and tell you how to do your work. No, sir.

Instead, we give individuals the space to experiment. Teams look critically at their own processes, and select those methods that lead to the best results. You see this in the variety of tools and techniques in use at our (currently) sixteen Scrum teams. I want to share a few of the tools my International Hackathon team selected to make our project a success. Come, take a peek into the world of Agile Development at TOPdesk.

 

At the core of the TOPdesk culture are freedom and responsibility.

 

Read more

Put EVERYTHING in version control!

Posted by Joep Weijers on March 15, 2017

Screenshot of Revision HistoryThe whole software world is backed by Version Control Systems, providing history and traceability to code changes. But you don’t have to restrict its usage to code. Read on to learn how TOPdesk enjoys the benefits of a VCS by employing it in 5 alternative ways.

1. Documentation:

You want your documentation to live as close as possible to the code it describes. Putting your documentation right next to the code in a VCS allows you to keep both up to date. People who work with a certain revision are automatically presented with the relevant documentation for that version.
Read more

Senior Software Developer Roel Spilker: “The best code is no code at all”

Posted by Leo Kranenburg on March 6, 2017

Few people possess the knowledge that TOPdesk’s senior developer Roel Spilker has about Java. Not only is he actively working with this programming language since 1999, he is also co-inventor and creator of Lombok. This is a game-changing tool that enables tens of thousands Java programmers on a daily basis to code quicker and prevents them from making mistakes. “In many cases I wonder how to improve the code.” But how does he do it? And what can other developers learn from this in order to keep improving their developer skills?

Read more

DIY Flower for Valentine’s Day

Posted by TOPdesk on February 14, 2017

Today is the very first Valentine’s Day since we launched our Techblog. We would like to take the opportunity to thank you, our readers, with a puzzle! Take a small break from coding to complete the following analogue challenge:

TOPdesk-sends-you-flowers

Some TOPdesk developers master this skill already. As a result, you will often find our workspaces and huddle rooms cheerfully decorated with colorful flowers and swans.

Download the TOPdesk_DIY_fold-flower_2017

Code Reviews Done Right

Posted by Martijn van Lambalgen on January 20, 2017

(This story originally appeared on https://martijnvanlambalgen.wordpress.com/2016/12/27/code-reviews/)

Recently, I’ve read several articles, and heard multiple discussions on the quality of code reviews. To order my thoughts on this topic, I decided to write down my own ideas. Perhaps it helps someone, or it might lead to even more discussions.

So, what is a good code review? Obviously it depends on the situation. How big is the code change, how important is the feature, how many people are going to read that particular piece of code in the future, are there deadlines, etc. Let’s focus on the situation where there’s a reasonable amount of time available (no emergency fixes), for a feature change that has average importance, in a medium-sized team. Note that when I talk about a ‘code review’, usually I don’t just do a review of the ‘code’, but also of all the other parts my colleague has worked on. According to me the reviewer should for example also look at design and documentation, and check whether the acceptance requirements for the story have been met.

Read more

Tweaking the office atmosphere

Posted by Tobias Spöcker on January 16, 2017

Post-it wall

Company culture and office atmosphere

An attractive environment helps team productivity, even managers know that by now. Everybody enjoys working in a nice office atmosphere. A variety of things can help to reach this goal. For example personally customizable workplaces or aesthetically pleasing office design which usually includes colorful furnishing and decoration. Often, simply providing all the necessary tools to accomplish the job in a good manner can also be enough to achieve this.

Of course, this is only a fraction of what leads to a good work and office atmosphere. Besides the mentioned tangible options there are also social characteristics.

Read more

Becoming a better programmer: A Q&A with Anna Maier

Posted by Leo Kranenburg on December 20, 2016

It started with a two-week computer science course for girls when she was a teenager. Fast-forward fifteen years and Anna Maier is a successful developer who has been going strong for over 8 years at TOPdesk and who takes pride in solving the most complex of problems on a daily basis. We had the pleasure of asking her several questions about how she continually improves her programming skills – and how others can do the same.

Anna Maier

Anna, what sparked your interest in programming?

Read more

Continuous Integration with GitLab

Posted by Balázs Varkoly on December 5, 2016

Recently Team Alfonzó, with help from the Build Team, took the next in adopting a new build infrastructure. We wanted to move away from Jenkins and the TOPdesk DockerHub registry, towards a more distributed infrastructure. Our Implementation Wizard project gave us the opportunity we were looking for to start making use of GitLab’s CI and Registry features.

How does GitLab compare to a Jenkins pipeline script?

If you have ever written a pipeline script for Jenkins you will probably find GitLab’s solution more refined and aesthetically more pleasing. Here – instead of Jenkins’ Groovy based DSL – you write a yaml file in which you list the build stages and specify the scripts that should run at each stage. Yaml syntax provides you with a sensible structure, while preserving the freedom you need to configure the build. Unfortunately it lacks the possibility to try out scripts without committing and pushing to the code base. You might want to be aware of this before unwittingly flooding the change history with CI-related experimental changes.

Read more

Google Test Automation Conference 2016 – When top players talk about Automated Testing

Posted by Tobias Spöcker on

golden-gate-foggy

This image perfectly pictures my first feelings about the conference, but let me go into a bit more detail first.
I signed up for the Google Testing blog more than a year ago. There I found a lot of interesting and useful reading about the world of automated testing. When I later got an email from Google informing me that there would be a conference held by them, I was not entirely sure wether I should apply. Is it relevant for me? Am I experienced enough to contribute? Well, what’s the worst that could happen? So I applied for it and did not regret it in the end.

Read more

Committing to a story

Posted by Joppe Kroon on November 15, 2016

Lately I have been focusing upon subtly improving the way I commit my work to the repository, trying to write a story with my commits.

New team, new procedures

Not too long ago I transferred to a different development team within my company, and besides the different social culture I also encountered a distinctly different technical culture. I think this is mostly due to two things.

First, my new team lacks a dedicated tester, making each developer ultimately even more responsible for not only their own code, but also for the code that they test from the other developers. Second, the team is responsible for one of the real back bones of the product. In other words, mistakes tend to become showstopper problems that disqualify builds for use.

So, to make sure that the quality of our work is up to snuff, the team has introduced a mandatory peer review step before code is even considered ready for testing. This means that another developer of the team, who wasn’t involved in creating the story, has to sign off on the code as if it was his own. This has the added benefits of knowledge sharing as a side effect!

Going into the transfer to this team, I wasn’t really worried about my code being reviewed. Additionally, reviewing other people’s code is proving to be a great learning experience. But lately I have started to notice that maybe I could have made life a little easier for my colleagues.
Read more

Let’s get hacking

Posted by Fijke Roelofsen on November 14, 2016

20161013_102605

“Please tell me you’re seeing this too.” Read all about this year’s Hackathon.

On 13 October, our developers across Europe teamed up for the Hackathon, a day to mix up the teams, take a break from regular development tasks and focus on original new ideas.

Read more

Front-end with TypeScript Tutorial – Step 1 to 3: Minimal TypeScript

Posted by Bogdán Bikics on October 27, 2016

Now that we know the basics of NPM, Gulp and TypeScript, let’s start our step-by-step tutorial. At the end you should have everything you need to get started with a TypeScript project. Even if you need a few extras at a later point, you will already be on the right path and will be able to figure things out relatively easy.

Before we start, I’d like to ask your forgiveness for the suboptimal folder hierarchy we will set up. In a real project I would go for a more complex hierarchy. For now, I kept it simple for two reasons. Firstly, so that I don’t have to refer to long paths in code snippets. Secondly, I hope that this will be more understandable for you, the reader. After finishing this tutorial you should be able to adapt your knowledge easily on any folder hierarchy.

Read more

Front-end with TypeScript Tutorial: First Some Basics – NPM, Gulp, Browserify

Posted by Bogdán Bikics on

This series of posts is written with the purpose of helping people who are starting with a new front-end project, or to those who want to introduce TypeScript in their already existing JavaScript project. In This Post I am going to kick off by introducing all the basic tools involved, like Npm, Gulp and Browserify. In the upcoming posts, I will present a step-by-step tutorial to help you get started.

Read more

Front-end with TypeScript Tutorial – Step 7: Adding Jasmine Tests

Posted by Bogdán Bikics on October 25, 2016

In Part 5 (Step 6: Gulp) we built up our fully working ecosystem with TypeScript. It enables us to use TypeScript, compile it automatically on every change, clean up, handle dependencies both for internal and external node modules. Now it is time to put the cherry on the top of the cake: let’s add Jasmine tests written in TypeScript!

Read more

No Root Cause Analysis? Here’s why you’re missing out.

Posted by Hazel Hollis on October 7, 2016

What is a Root Cause Analysis?

Think for a minute. What usually happens when a serious bug makes it to production?

Someone walks by and asks you to look into it. ‘Find the cause’, they say. So you go in search of the cause, with the goal of fixing it as soon as possible. This is good, but it is by far not the most ideal situation. Let me explain.

Consider the very real error that led to the immediate destruction of an aircraft before take-off. In an unfortunate turn of events, instead of flipping the switch for raising the flaps, a pilot accidentally flipped the switch for raising the landing gear. Although nobody was injured the pilot’s mistake inconvenienced customers and led to expensive repairs. The cause of the failure was noted as pilot error. Why wasn’t this the end of it?

Read more

What happens between finding and reporting a bug?

Posted by Erik Hörömpöli on

Reporting a bug right away after finding it might not be the most useful thing you can do. What.. how? Here is an example and the theory behind it.

Looking at the bug itself, not only what it can cause

My team refactored a part of our application to start using javascript. I was curious how it would react to the biggest numbers that can be typed in when I found a bug. There was a shopping cart involved and multiplying really big numbers got the cart frozen, it seemed. I pressed F12 to see what was going on behind the scenes. It wasn’t only because of big numbers, but instead it was a digit overflow, caused by a precision error in javascript (which I then quickly learned about: http://www.w3schools.com/js/js_numbers.asp) Aha! From then on I could easily reproduce it. I wondered, how else this could be a problem? This lead to me adding some pretty average-looking numbers which then would cause the same problem, locking down the cart.

Read more

Choosing a database connection pool

Posted by Corina Stratan on September 8, 2016

Some time ago we were looking for a database connection pool library to use at TOPdesk (here is a good introduction to connection pools if this term is new to you). There are many open-source connection pool libraries available, so we did not lack the choice. But with so many options it becomes difficult to choose most suitable one, which is why we decided to do a bit of research. Here are some of the things that we learned.

Our criteria

The first step was to decide which are the most important features we needed. Based on previous experience with our older connection pool (which was developed in-house) and on reading newer documentation, we settled on:

Reliability

Performance is always high on our wishlist, but one thing we find more important is reliability. We therefore planned to check the number of open bugs in the libraries that we were considering. Especially undesirable are deadlocks, a problem that some connection pools have when misconfigured. It actually happens quite often that connection pools are incorrectly or not optimally configured, and one of the causes is that some of them have unexpected default settings. We were therefore looking for a connection pool that is straightforward to configure and has reasonable default settings.

Performance

One thing to keep in mind is that the results of a performance test for connection pools are significantly influenced by how the pools are configured; and of course, the type of load used in a test might not be similar with the load that a real application will have in production. So, although we took into account the results of some performance tests that we found online (for example, this performance test) we also wanted to make sure that the connection pool that we choose will have a good performance in our own environment with our own configuration.

Functionality

For our application we needed a few specific features from the connection pool, such as support for Hibernate 4+ and being able to configure connection properties like the default type of transactions and the default isolation level. We also wanted to be able to configure when and how the connection health checks are done, in a way that is appropriate for the infrastructure and database server being used (our application supports both Oracle and Microsoft SQL Server).

Documentation & user community

Working with well documented libraries is easier, so we planned to check this aspect as well. We also prefer to use libraries with a larger user community, since they are usually better maintained.

Read more