Page 1

No. 18 • Decembrie 2013 • •




itio d e l ia Spec

Deal with authentication in AngularJS

Interview with Mr. mayor Emil Boc Cluj

Scrum In Practice: A Case Study

Keeping Hold of Talented Employees, a Recurrent Issue in IT

Real time web with Meteor Îmbunătățirea continuă – o practică de luat în serios Continuous improvement taken seriously

Functional testing in PHP How to maintain the success of a game after its launch?

6 IT Days 2013 Ovidiu Mățan

7 How to Web 2013 brought together the SEE tech community Irina Scarlat

9 Interview with Mr. mayor Emil Boc Cluj

22 Scrum In Practice: A Case Study Papp László

24 SpotTune George Platon

25 CTF365

Ovidiu Mățan

Marius Corîci

11 Functional testing in PHP

27 How to maintain the success of a game for more than two years after its launch?

Bogdan Matei

George Abramovici

15 Deal with authentication in AngularJS Leonard Abu-Saa

17 Executable Specifications Alexandru Bolboaca și Adrian Bolboacă

19 Continuous improvement taken seriously Ovidiu Dolha

29 Keeping Hold of Talented Employees, a Recurrent Issue in IT Monica Soare

31 Real time web with Meteor Andrei Cacio

33 Interview with Richard Campbell (II) Attila-Mihaly Balazs



Ovidiu Măţan, PMP Editor-in-chief Today Software Magazine Organizer @ IT Days

tart-ups are a fashionable subject, which companies show a great interest in, wishing to get involved in the appearance of new products. The risks are high for both parties, but the reward that may be seen in a few years is a mirage which becomes reality. In How To Web 2013, which I have recently taken part in, one of the interviewed speakers drew the attention on the fact that there is a large number of start-ups which bring too facile products on the market, as they create in fact a mere graphical interface on a simple data base. But the latest products created by start-ups are very encouraging, proving a lot of creativity. A suggestive example on this line is the product of this year’s How To Web winning start-up: a completely robotized hand, low cost, for disabled people. Also, we should mention Ionut Budisteanu, who won the big prize of the Intel ISEF competition with a project of an autonomous automobile. These examples are the proof that we need to dare more, to approach reality in an interdisciplinary manner, turning its hidden connections to good account. If, until now, having a team of programmers was enough, time has come now for at least an electronics engineer or maybe even a robotics specialist to be needed in the team. How could the domestic environment be further improved, with all the comfort we already have at hand? This may not be a rhetorical question. Just think about the fact that at home we have phones, tablets, computers which can simulate and access almost anything from the perspective of a domestic usage. Their evolution implies adding new sensors, processing power, improving the battery operating life time and connectivity. Nothing new or spectacular. In turn, take a look around and count how many robots you have in your house? Maybe a Roomba, which is pretty silly, as a matter of fact. We do not have a widely spread mobile platform on which to install different brackets or sensors that could make our daily life easier. We also have the drones, which lately have become quite accessible and we will soon witness an exponential rising in their number. Unfortunately or maybe fortunately for us, they are all controlled by remote, while the autonomy and the AI part hasn’t really made its presence felt yet. Therefore, I hope to have raised a question mark for you before you decide to work for the next six months on an application which points to you on the map where the nearest gas station is or orders the tasks according to priorities. We go on with this advocacy of innovation within the IT Days event, too, an event which is set up by TSM magazine. We hope that the event will give the representatives of the IT community in Cluj the opportunity to materialize an original and creative approach, which could turn into a guiding mark of their activity. From the point of view of the approached themes, participants will assist to a combination of technical subjects with the presentations of local startups, as well as presentations of research projects. In order to find out more, we invite you to read the first article of this special edition of Today Software Magazine.

Enjoy your reading !!!

Ovidiu Măţan

Founder @ Today Software Magazine


nr. 18/Decembrie |

TODAY SOFTWARE MAGAZINE Editorial Staf Editor-in-chief: Ovidiu Mățan Editor (startups & interviews): Marius Mornea

Authors list Alexandru Bolboaca

Leonard Abu-Saa

Agile Coach and Trainer, with a focus on technical practices @Mozaic Works

System Architect @ Arobs

Bogdan Matei

Graphic designer: Dan Hădărău

Andrei Cacio

Copyright/Proofreader: Emilia Toma

Perl developer @ Evozon

Attila-Mihaly Balazs

Translator: Roxana Elena

Code Wrangler @ Udacity Trainer @ Tora Trading

Senior Php Developer @ 3Pillar Global

George Abramovici Business Manager @ King România

Reviewer: Tavi Bolog Reviewer: Adrian Lupei

Ovidiu Dolha

Adrian Bolboaca

Requirements engineer @ ISDC

Programmer. Organizational and Technical Trainer and Coach @Mozaic Works

Made by

Today Software Solutions SRL str. Plopilor, nr. 75/77 Cluj-Napoca, Cluj, Romania

Irina Scarlat

Marius Corîci

PR Manager @ How To Web

Co-fondator @ CTF365

Monica Soare

George Platon

Manager @ Artwin

Software developer @ Catalyst

ISSN 2285 – 3502 ISSN-L 2284 – 8207 Papp László Software engineer @ Evoline

Copyright Today Software Magazine Any reproduction or total or partial reproduction of these trademarks or logos, alone or integrated with other elements without the express permission of the publisher is prohibited and engage the responsibility of the user as defined by Intellectual Property Code | nr. 18/Decembrie, 2013



IT Days 2013


he online magazine from Cluj, Today Software Magazine, organizes on December 5th-6th, 2013, at Cluj Arena, the IT Days event. To the conference, we have invited international speakers as well as representatives of the local software industry. On the first day, we will approach subjects such as innovation and technology in IT, and on the second day, the main topic will be

entrepreneurship. The most main guests are: Eduardo Mendez Polo, Head of IT Cloud at Telefonica Spain, who will talk about the evolution of cloud services in the future. Tine Thygesen, CEO Everplaces Denmark, will have a presentation on innovation and startups, having Disruptive Technologies as a subject. Voicu Oprean, CEO Arobs, has the transition from outsourcing to product as a presentation topic. Maria Diaconu, CEO Mozaic Works, will present the manner in which innovation can be enhanced within the product development teams. Mirel Borodi, General Executive of the Transylvanian Consulting Trust, founder of, will present the crowd sourcing initiative, addressed to the local community. Șerban Țîr, Technical Manager of the Gemini Solutions group of companies, will


present a practical approach to supporting the local start-ups. The inaugural of the event will be carried out by the representative of the local administration, Mr. mayor Emil Boc, who accepted our invitation, asserting thus his supporting of this event which has positive implications in the development of our city. He will be followed by Alexandru Tulai, president of Cluj IT Cluster, the organization which reunites a great number of IT companies from Cluj. The host of the event is Dan Mircea Suciu, lector doctor at the Faculty of Mathematics and Informatics of Babes Bolyai University and Director of Engineering in the 3Pillar Global company. The technical subjects will be presented by local experts and they will cover a large area of the IT domain: starting with the architecture of systems, programming, testing, SAP technologies, research orientations, project management and ending with adaptive design and the security of

nr. 18/Decembrie, 2013 |

web applications. The event is sustained by important IT companies from Cluj: EBS, Arobs, Endava, Evoline, Accesa, G emini Foundry, Skobbler, Yardi, msg systems Romania, 3Pillar Global. Complete details of the event can be found online at We will come back in the following issues with complete recordings and a lot of information from this first edition of IT Days,

Ovidiu Măţan, PMP Editor-in-chief Today Software Magazine Organizer @ IT Days



How to Web 2013 brought together the SEE startups tech community


ucharest, November 25 2013 – Last week Bucharest hosted the fourth edition of How to Web, the most important web and technology event in South Eastern Europe. Developed around the „Let’s grow together” central concept, How to Web 2013 brought more than 40 international speakers from 4 continents in front of an audience of over 800 persons. Startup Spotlight, competition and orientation program for the best 32 startups in the region, was organized during How to Web. The How to Web 2013 presentations took place on two parallel stages. Grow Stage, the main stage of the event, hosted presentations of world class technology professionals. These talks were addressed to developers, designers, and the communities formed around tech products and brought to the attention of the public subjects such as technology innovation, building sustainable teams, actual tendencies in the industry, or the importance of design for developing innovative products. Thomas Hartwig (Co-Founder and CTO officially opened the event and talked about the advantages and challenges of accelerated growth and the lessons learned from developing King from 1 to over 100 million users. Mike Butcher (Senior Editor TechCrunch) continued by answering the question “Who runs Europe?” and revealed more about the most powerful tech people at European level. Another section of How to Web was dedicated to the lessons learned by working remotely with research & development teams. This subject was approached in a panel by Marius Jumolea (General Manager of the R&D center in Romania) and Michael Levit (Founder of Spigot). The discussion was moderated by Philipp Kandal (Co-Founder and CTO Skobbler) The second day of How to Web 2013 started with the presentation of Robin Wauters, technology journalist, that talked about industry trends and the way in which small European companies innovate and maintain themselves one step

ahead of their competition. The event continued with a fire side chat with Radu Georgescu (Founder of Avangate) that explained the strategic decisions taken for developing the c omp any a l l t he way from idea to its recent exit. David Bizer ( C E O Ta l e n t Fountain) presented the lessons learned from his 3 years journey with HackFwd, accelerator program that closed this summer, whereas the tools for developers were discussed by Martyn Davies (Developer Evangelist SendGrid), Jamie Hannaford (Software Developer Rackspace) and Michal Wawra (Developer Evangelist Twilio) in a panel moderated by Ivan Brezak Brkan (Netocratica). Christopher Martin (Senior Manager Bosch) discussed about the difficulties of developing a quality tech product, and Vitaly Golomb (Fondator and CEO Keen Systems) talked about design thinking and the importance of design for the development and growth of a product. During the two days of How to Web important professionals of the global tech industry came in front of the audience to share their experiences: Paul Ford (CIO Softlayer), Alex Hunter (CEO Rushmore. fm), Philipp Kandal (Co-Founder and CTO Skobbler), Marco Cecconi (Software

Engineer Stack Exchange), Simon Stewart (Software Engineer, Facebook), Matt Clayton (Co-Founder and CTO Mixcloud) or Ştefan Szakal (Founder of X3 and [e-spres-oh]). Ignite Stage, the second How to Web stage, hosted panels that approached startup specific subjects: best practices when going through an acceleration program; how does the right startup team look; shipping the right product for the right market; tips and tricks when looking for investments; how to involve and learn from mentors, clients and investors; what are the most common mistakes startup founders do. All these themes were approached by over 25 investors, representatives of world-class accelerators and investment funds that work with early-stage startups. Particularly addressed to the persons that are currently developing their own startup, the Ignite stage was especially designed for the 32 finalist teams of the Startup Spotlight | nr. 18/Decembrie, 2013



competition and orientation program. The startups were assessed by expert judges that took into consideration criteria such as the team fit and expertize, market size & trend, market validation & traction, customer acquisition cost, scalability and overall feasibility. The big winner of this year’s Startup Spotlight competition was Smart Hand, Bulgarian startup that engineers a myoelectric prosthetic hand for disabled people. Synetiq, tool that provides businesses with valuable emotional insights about their customers, was the runner-up in the contest. The team from Wyliodrin, easy web based development tool for embedded services, received the IXIA Innovation Award, and the best pitch award went to Data Maid, tool for creating and publishing rich media content on the go. The finalists received USD 20.000 cash prizes offered by IXIA Romania, the main partner of How to Web Startup Spotlight. Besides the consistent cash prizes, the finalists received several other valuable awards: access to Microsoft Azure’s platform, free infrastructure and mentoring as part of the Softlayer Catalyst startup program, office hours with Jon Bradford (Managing Director of the TechStars acceleration program), Biriş Goran legal


How to Web 2013 brought together the SEE tech community

scholarships consisting of 3 hours of legal advice for startups, the opportun it y t o pit c h their pro duc t during Startup Bootcamp, access to Hub:raum workshop in Krakow, a shortcut to attend a Seedcamp event, cloud infrastructure offered by Rackspace, Evernote premium accounts, tech goodies from F6S, as well as direct access to the Romanian Innovation Commercialization Program (RICAP). “The first edition of How to Web took place in 2009 in the Polytechnic University of Bucharest and we continued with a first international edition in 2010. How to Web grew from one year to another not only in terms of participants, but also in which regards its agenda and objectives. How to Web is more than a conference – we wanted to make a useful, practical tool that brings about measurable results for the persons in the audience. We are glad that we managed to reach these ambitious goals and the success stories that we have so far are a proof in this respect”, said Bogdan Iordache, Co-Founder and CEO of How to Web. How to Web 2013 was developed with the support of IXIA, X3, Bitdefender, CyberGhost, SoftLayer, Enterprise Ireland, Avangate, Microsoft, Hubraum, PayMill, Twilio, Biris Goran and Banca Comercială Română. The visibility of the event was ensured by the main media partners Prove PR, Digi T V, Adevărul, Forbes România, Capital,, Evenimentul Zilei, DAS Cloud, Revista Cariere, Ctrl-D, Star and, and the media partn e r s E c o n o m y. b g ,, Digjitale. com, IT Dogadjaji, CEE Startups,,

nr. 18/Decembrie, 2013 |

Goal Europe, Times New Roman, Akcees, IQ Ads, Computer World, PC World, Business Cover, Tech Cover, Business Woman, Gadget & Trends, Comunicaţii mobile, Agora, IT Trends,Market Watch, Business Review, Manager Express, România Liberă, Comunicatedepresă. ro, Zelist, Ejobs, Softlead,, Business24, Romanian Startups and Today Software Magazine. Irina Scarlat PR Manager @ How To Web



Interview with Mr. mayor Emil Boc Cluj – A Center of Innovation


r. mayor Emil Boc had the kindness to answer to a few of our questions regarding the supporting of the IT from Cluj, the manner in which the local community of programmers can get involved and the project of supporting the local start-ups.

The local IT industry is in continuous expansion; tell us how does Cluj-Napoca City Hall support this domain? At the moment we are working on the Strategy of the City for 2014-2020, and the IT industry is an essential component of the process. We have tried to involve specialists from the entire community in the process, from every domain, from education to entrepreneurship and innovation. The correlation of the pre-university and university studies with the requirements of the market is only one aspect which will have a significant impact on the development of industry. Those who are interested can learn more on the main directions of this strategy on the site Cluj-Napoca has defined itself in the past few years as a city of services and it holds a more and more important place on the map of Europe as a cultural centre and as a centre of innovation. I trust that, having the right strategy and the support of the community, we will outgrow Bucharest in several domains, and first of all in IT. Out city has the potential to truly become one of Europe’s “smart cities” and having

this goal, at the city hall of Cluj-Napoca we try to implement “smart” solutions, step by step, in each direction – from public transportation to the payment of taxes and contributions. We also have some major projects. Here I would like to mention Cluj Innovation City, which we support with all our trust, working together with the representatives of the industry in order to find the best solutions for these projects to become reality. We believe that many programmers would be interested in writing applications based on a platform which could give them access to real-time information. We are talking about traffic data, the position or estimated time for the public means of transportation to reach a station, the level of pollution, etc. Thus, with a minimum of effort, we would have the possibility to develop applications that are useful for the people in Cluj, through the direct agency of local programmers. Do you think this is possible in the future? We are open to any initiative which might improve our citizens’ daily life and the work processes of the institution,

which, eventually, will also be to the benefit of every person living in Cluj. There are aspects in which we have already received proposals through the groups that are elaborating the Strategy of the City. There are several domains in which one could start right now to develop applications and I would be happy to see ideas and their implementation coming from the community. Therefore, I invite all those who are interested to contact us, as the city hall’s service of Informatization Strategies is available for you. Cluj is a city with a lot of visitors; do you consider creating a free wireless network at the level of the city center? We know there is | nr. 18/Decembrie, 2013


interview Interview with Mr. mayor Emil Boc Cluj – A Center of Innovation something similar in the Central Park and it can have a positive impact especially on the foreign visitors. Indeed, there is a functional wireless network, but we have been cautious in respect to its extension, mainly out of security reasons. Cluj-Napoca will be the European Capital of Youth in 2015 and we are running for the title of European Cultural Capital. So, we are expecting a significant growth in the number of visitors and we are preparing for that purpose. However, we do have a major responsibility as a municipality, to ensure the security and confidentiality of the data, which is a problem if we consider the free public networks in particular. We shall discuss with the experts from the domain and try to find the best solutions. Are there any projects in which the City Hall of Cluj needs IT volunteers? Yes, Cluj-Napoca City Hall is currently in a process of informatization of activity – we already have encouraging results; we need support, so, I would be happy to have young people who are working in the IT industry in Cluj involved with us in the implementation of these changes. I recommend to the people who are interested to send us an e-mail to the address of the specialized service – – and they will get more information. We know there is a project in progress in the Lombului area, for the support of local startups. Can you tell us more about it? The Centre for Creative Industries will offer companies the opportunity to carry out their activity in a structure that is unique at a regional level due to the complexity and diversity of the facilities and services. The Centre will provide integrated business services, free counseling services (help desk type) offered by


the staff of the structure for helping businesses in the following domains: IT consultancy and services, legal counseling, marketing and sales counseling. The design of the entire structure is a dynamic one, being created on a participatory basis, responding thus to the real needs of the potential clients, in terms of location, functions, space, services, parking, subsidies and equipment. We intend to produce a cluster effect which will help to increase the competitiveness of the quartered companies, through the exchange of information, facilitating business partnerships, the savings done by sharing some spaces and equipment. The centre comes to fulfill the companies’ need to be acquainted with the latest technological evolutions, by forming a consultative division, also including representatives of the academic environment. They will be able to communicate with the representatives of the companies which function in the domain of creative industries, according to the specific of each company.

nr. 18/Decembrie, 2013 |



Functional testing in PHP


Bogdan Matei Senior Php Developer @ 3Pillar Global

n 1999 the principles of „Extreme Programming” came out and four years later Kent Beck reformulated those concepts into the more popular Test Driven Development. In the same period, in his efforts to spread the principles of TDD, Dan North was frequently hitting the same questions: „At what stage to start writing code?” „What should be tested exactly?” and „What is the structure of the tests and how to call them?”. Then he had the inspiration to propose the idea of behavioral testing or functional testing and thus Behaviour Driven Development was born - a paradigm that aims testing from the user perspective, meaning how he expects the application to run. Going further from concept to implementation in different languages was only another small step. In PHP the BDD concept has experienced two forms: SpecBDD - which focuses on the technical behavior of the code, and the popular form, StoryBDD - which focuses on functional (business) behavior. SpecBDD specifications cover how code should behave, while those for StoryBDD are written as „stories”, using a language very close to human, called Gherkin and describing about how the use should perceive the application. The frameworks helping this division have become PHPSpec for SpecBDD and Behat for StoryBDD, the latter being a project inspired by Cucumber from Ruby. This paper is dedicated to StoryBDD and comes to present technical aspects of the organization of functional testing for Web projects, aiming to automate the process. To test exactly from end user’s perspective would suppose, under ideal conditions, to have the same type of browser, perform the same behavior and then analyze the results of made operations, if they meet the functional expectations or not. Under conditions lower than ideal (for many reasons) we may still be gratified with at least server-side testing, dropping browser facilities, like Javascript, partially or completely. Implementation of such a BDD testing environment involves the

following steps: installation of components, setting up the environment, writing „stories”, extending the stories language, data comparison, execution and reporting.

Installation of components

It is the first step and unfortunately tends to be the most frustrating. Because I mentioned tools, except PHP which is, of course, a must (having at least a 5.3 version), the suite comprises: a. Gherkin language interpreter, to translate the „stories” from human language into machine actions: Behat; b. a set (API) of methods that produce actions in browser: Mink with its drivers and MinkExtension; c. a solution to communicate with the browser (proxies), sending the above instructions and reading the replies: Sahi (superior, especially the Pro version) or Selenium2 (requires JRE installed); d. a solution to compare the response to the browser against the correct expectations, but keeping the features of automatic testing reporting: PHPUnit; e. and of course browsers. At this point testing different versions of Internet Explorer adds additional complexity, as | nr. 18/Decembrie, 2013


programming Functional testing in PHP there cannot be multiple versions of IE use a minimal (usually typical in examples) on the same machine. BDD framework, but in practice the requirements extend to: Installation and interaction diagram of • the ability to run functional tests in above components is: specific browsers; • the ability to run tests only server-side, when the browsers are missing or not they are not needed; • the need to h a v e s e r v e r- s i d e reports at the end tests execution; • the need to easily and specifically intervene in the conThe installation process offers more figuration files for rapid maintenance. possibilities. If Sahi comes with a visual installer, the other components are instalMost of these requirements are met led more easily all together using Composer. by creating a file „behat.yml” with specific We create a text file, called composer.json profiles, as the default comes with Mink with the following JSON content: profile, which does not allow server-side { Javascript interpretation: „require”: { „behat/behat”: „2.4.*@stable”, „behat/mink”: „1.4.*@stable”, „behat/mink-extension”: „*”, „behat/mink-goutte-driver”: „*”, „behat/mink-selenium2-driver”: „1.0.*”, „behat/mink-sahi-driver”: „1.0.*”, „phpunit/phpunit”: „3.7.*” }, „minimum-stability”: „dev”, „config”: { „bin-dir”: „bin/” } }

We get Composer locally and we ask it to install our components: curl | php php composer.phar install

Installation operations may take several minutes and the final result is a folder vendor/ containing the project dependencies. At this stage a few special mentions are useful: • for an environment setup without requiring changes outside of the project folder the executable „bin/behat” should not be put in the list of operating system known commands, but instead be always used with its full path or relative to the project; • it is better to create a dedicated folder for reports.

Set up the environment

Even the components installed pretty much together unfortunately further need to be configured separately. First (and only one time for the project) we initialize the Behat component, by typing in a command line: php bin/behat --init

At this point we’re basically ready to


default: extensions: Behat\MinkExtension\Extension: base_url: ‚’ goutte: guzzle_parameters: ssl.certificate_authority: false filters: tags: „~@javascript” chrome_selenium: extensions: Behat\MinkExtension\Extension: base_url: / javascript_session: selenium2 default_session: selenium2 browser_name: ‚chrome’ selenium2: wd_host: capabilities: { „browser”: „chrome”, „version”: „24”} firefox_sahi: extensions: Behat\MinkExtension\Extension: base_url: default_session: sahi javascript_session: sahi browser_name: firefox sahi: host: localhost port: 9999 filters: tags: „@javascript” phantomjs_sahi: extensions: Behat\MinkExtension\Extension: base_url: ‚’ javascript_session: sahi browser_name: phantomjs goutte: ~ sahi: ~ filters: tags: „@javascript”

The last part of configuration is about browsers: • functional testing works better if we set up proxy servers Sahi or Selenium2 (this operation binds the browsers almost exclusively to functional testing, breaking the normal navigation, and therefore a dedicated environment for functional testing is required); • special settings are required for „https”, as the invitation of certificate

nr. 18/Decembrie, 2013 |

installation breaks the tests; a must is that the browser knows the addresses „https://” and the certificates are already installed; • when we are unable to use common browsers (for example we have a server with text mode only) we still can do functional testing, including Javascript code, by using a browser like PhantomJS; Mink has no drivers for it, but works well through a proxy. For Sahi setup, PhantomJS has to be added to the configuration of its browsers; • when the project is large, which involves many tests, it’s better to use, for Behat version 2, a project organization with more behat.yml templates for each browser, while testing specific website features can be achieved using profiles.

Tests writting

Dan North did a significant achievement: he simplified the structure of the classical tests which used to have four phases (setup, execution, testing, teardown) to three phases, namely, Given, When, Then. These become keywords that mean the actor, context (process) and the results of actions. Tests are shown as a story having a suite of one or more scenarios, with a title and a description. A scenario is a composition of several ordered testing steps. Each step means an action described in Gherkin language. „How does the computer understand Gherkin and know what to do then?” is a question that is answered by a dictionary, nothing more than a mapping table between Gherkin meaning and PHP methods. Behat comes implicitly with a basic dictionary. To find out its content, with or without details, you can use the commands: php bin/behat -di php bin/behat -dl

Dan North did a significant achievement: he simplified the structure of the classical tests which used to have four phases (setup, execution, testing, teardown) to three phases, namely, Given, When, Then. These become keywords that mean the actor, context (process) and the results of actions. Tests are shown as a story having a suite of one or more scenarios, with a title and a description. A scenario is a composition of several ordered testing steps. Each step means an action described in Gherkin language. „How does the computer understand Gherkin and know what to do then?” is a question that is answered by

TODAY SOFTWARE MAGAZINE a dictionary, nothing more than a mapping table between Gherkin meaning and PHP methods. Behat comes implicitly with a basic dictionary. To find out its content, with or without details, you can use the commands: • you cannot have dependencies (like inheritance) between stories; • by default the scenarios even from the same feature file are completely independent and if a certain persistence of data between them is necessary, then is possible but requires special programming; • tags are recommended, at least for splitting scenarios into two categories: those that do and those that don’t include Javascript (for Javascript the corresponding tag is @Javascript and it can be placed above the story title or before every scenario). For example, a story will look like:

bootstrap/*.php”. There is only one main context file, presented as the definition of a class that derives mainly (because there are other context classes, but more particular) from BehatContext or MinkContext. The difference between the two basic classes is that MinkContext brings session management functionality, while the default BehatContext provides only basic functionality. You can have more sub-context files and this is how is solved the problem of a large dictionary, too large for a single file easy handling. Extending the dictionar y means to follow the relationship between a step from the testing scenario and the method to be implemented in the context. Implementation is preceded by special annotations @Given, @When, @Then, followed by a regular expression, which, if met, triggers the call of that method:

# Content of file Login.feature Feature: User makes login As a user I want to do login So that I can see my dashboard @Javascript Scenario: Login with correct credentials Given I am in the „/login” page When I fill ”myusername” And I fill ”mypassword” And I click ”Login” Then I should see ”Welcome Username!”

/** * Some function description * * @Given /I am („\w+” user)/ * @Given /I am user:/ */ public function iAmUser(User $user) { $this->user = $user; }

/** * @Given /I entered „([^”]*)” and expect „([^”]*)”/ */ public function complexStep($number, $result) { return array( new Step\Given(„I have entered \”$number\””), new Step\When(„I press +”), new Step\Then(„I should see \”$result\” on the screen”) ); }

Also, you can inject Javascript code directly for browser execution, by using specific API calls of the used proxy. It’s easy to anticipate that for large projects, where there is a single context file, things tend to become unmanageable, especially because of the rule that inside a context, including all sub-contexts, a regular expression must match a single function and not more. In Behat version 2 (the current stable version) big testing projects have the following alternatives for easier maintenance: • use the profiles, inside the behat.yml file, and for each profile you can make use of the “class” property or together the properties ”features” and ”bootstrap”; you need to pay attention when you create profiles, as their names have to be unique inside the same behat.yml file; • use sub-contexts; the main context can load sub-contexts, sharing the same session or you can manage sessions independently.

The function can have any name, as it’s the regular expression with the determinant role of function call. The same Scenario: Login with bad credentials function can have multiple annotations, as Given I am in the „login” page When I fill ”bad username” seen above, and the key aspect is that one And I fill ”bad password” And I click ”Login” regex points to a single function, otherwise Then I should see ”Invalid credentials” an error occurs. It is also recommended Behat 3, currently under development, The structure of context file to write a title and a description for the promises to bring a direct feature-context I wrote above about a dictionary that is function, which will be visible when the mapping. used as a mapping between Gherkin phrase dictionary is displayed. Further, Behat offers also the possibiand PHP methods. If Gherkin is the human lity to have automatic actions, run through readable part of stories, methods are the Inside the body of a function you can hooks: technical part, organized in so-called “con- use steps, thus creating a complex step is • before or after a suite (tags @ text file”, located by default in „features/ easy: BeforeSuite, @AfterSuite); Our core competencies include:

Product Strategy

Product Development

Product Support

3Pillar Global, a product development partner creating software that accelerates speed to market in a content rich world, increasingly connected world. Our offerings are business focused, they drive real, tangible value. | nr. 18/Decembrie, 2013


programming Functional testing in PHP • before or after running a story (tags @BeforeStory, @AfterStory); • before or after a scenario runs (tags @BeforeScenario, @AfterScenarion) These operations are useful for connecting to the database for tests preparation or cleaning and reporting. Figure below shows the stages of the execution of these operations, interspersed during the runtime of files „*.feature”. Sometimes it may happen that the tar-

get website is loading slowly and this may break the functional tests. For this the “spins” are used, which prolong the waiting for website reply, long enough in order to make sure website responds before a step is invalidated.

Data comparison

Within the context file, inside functions, both implicit and custom, a comparison intervenes between the result found on the page the one expected. For this, PHPUnit comes into scene, a library with a wide variety of facilities for comparison. Integrating PHPUnit has the benefit of a mature library, largely used in Continuous Integration/Delivery environments, in conjunction with existing code. Mink already has comparing features derived from PHPUnit, but to use all the functions you need to make the following import declaration:

course only when we have more profiles defined); • the relative location of behat.yml (yes, you can have more behat.yml like files); • the target feature file ”.feature”; • if yes or no reports are required and what is their format: php bin/behat --config behat. yml features/test.feature – profile firefox_sahi --format html --out behat-reports/Report. html

For functional testing using a real browser a proxy is required to be installed on the same machine, the proxy must be started and the browser proxy settings must be already configured. Mink will send instructions to the address specified in behat. yml proxy, the proxy will open the local browser, but the reports and tests are carried out on the machine where you run the command. This allows virtual machines with different browser instances (usually required by Internet Explorer), machines which in turn can be controlled by using scripts. The condition is that the testing server has graphic mode and a virtualization solution (VMWare, VirtualBox, etc..).

Functional testing apart of project codebase

Often functional testing is required completely independent of project’s codebase. This means that functional testing becomes a parallel project, but which needs to be flexible for horizontal expansion, especially when the web portal is large. Expansion will encounter three or four difficulties/debate themes: • the management of lots of ”.feature” files; • how the specific context is assured: using profiles (I prefer this method, as it’s easier to more templates of “behat. yml” for each type of browser) or using require_once ‚PHPUnit/Autoload.php’; sub-contexts (in this case don’t use magic require_once ‚PHPUnit/Framework/Assert/Functions.php’; functions); in the main context file. • how you know the expected values (known data set); Tests execution • optionally, especially when you try Tests execution involves the launch of a to test a website for which the DOM command line, in which are specified: structure is broken or more complex • the target profile from behat.yml (of so it does not allow easy access to page


nr. 18/Decembrie, 2013 |

elements (for example the “id”, “name” or “class” properties are missing), you need to plan special development to locate UI elements (usually using Xpath ”locators”; when their number increases significantly, you will need to manage them, in relation with the expected data). For a better project organization and because the QA team often does not know how the correct values are computed, it is better to preserve this data set inside the codebase project and between functional testing project and codebase project can be established and API, using various communication methods (REST, HTTP, common database, etc.). The testing project can query for a specific element, obtaining its expected value and, optionally, its xpath locator.


Functional testing stands at the top of testing pyramid. An intuition or reproduction of end user behavior and his context (browser) provides an excellent level of quality assurance. The main purpose of functional testing is represented by the analysis of application’s correctness, using as much as possible he context and the behaviour of the end user, but that can be extended to the analysis of performance and security.



Deal with authentication in AngularJS


Leonard Abu-Saa System Architect @ Arobs

uthentication is the process of identifying a user that wants to access a protected resource. We use authentication in our everyday lives: ID cards, user names and passwords, security cards, etc. The process that comes next is called ‘Authorization’ and they are very strongly related and sometimes mistaken one for another. With ‘Authorization’, we can check for user rights and see if they have or not access to a specific resource after they have been authenticated. However, make no mistake; there could be no ‘Authorization’ without ‘Authentication’. In this article we will discuss about the process of identifying ‘who this user is’ using AngularJS.

Considerations Remember that all actions take place on the client side, which means that the client has full control over the browser and can overpass security checks. Therefore, it is very important to make the verification on the back-end also.

The next thing to do is to recognize an authenticated user and check if it has access to the routes.

Recognize an authenticated user

There are several ways of doing that but I prefer using the power of AngularJS throughout the use of ‘Services’. Therefore, I have Setting up client-side Routing created a ‘UserService’ where we store the Here we can decide which pages will current user name and a value-indicating if it need authentication and set the routing for is authenticated or not. the application. A route is defined provi// in UserService.js ding at least the template or template Url myApp.factory(‚userService’, function () { and the controller of that page. In addivar user = { isLogged: false, tion, I have added the ‘access’ property with username: ‚’, }; ‘allowAnonymous’ attribute. This way we var reset = function() { know if the current route needs authenticauser.isLogged = false; user.username = ‚’; tion or it is a free access page. In our example }; we have the ‘Login’ page which is accessible return { user: user, by anyone and the ‘MembersPage’ that needs reset : reset }; authentication }); // in app.js var myApp = angular.module(‚myApp’,[‚ngResource’, ‚ngCookies’, ‚ngRoute’]); myApp.config(function ($httpProvider, $routeProvider) { window.routes = { ‚/Login’: { templateUrl: ‚/Account/Login’, controller: ‚AccountController’, access : {allowAnonymous : true} }, ‚/MembersPage: { templateUrl: ‚/Home/SomePage, controller: SomePageController’, access: {allowAnonymous:false}}}; for (var path in window.routes) { $routeProvider.when(path, window. routes[path]); } $routeProvider.otherwise({ redirectTo: ‚/ Login’ }); });

After we have the service in place, it is time to use it and implement the check functionality for a route. There are several methods that intercept the route change event, but we are interested only in those that occur before the user was redirected so we can check if it is authenticated: ‘$routeChangeStart’, ‘$locationChangeStart’. Here we can check if the route that the user is going to allows anonymous access and if the user is logged in. In the case of failure, we can display an error message and redirect the user to | nr. 18/Decembrie, 2013


programming Deal with authentication in AngularJS the login page. // in RootController.js myApp.controller(‚RootController’, function ($scope, $route, $routeParams, $location, $rootScope, authenticationService, userService, toaster) { $scope.user = userService.user; $scope.$on(‚$routeChangeStart’, function (e, next, current) { if (next.access != undefined && !next.access.allowAnonymous && !$scope.user.isLogged) { $location.path(„/Login”); } }); $scope.logout = function () { authenticationService.logout() .success(function (response) { userService.reset(); toaster.pop(„info”, ‚You are logged out.’, ‚’); }); }; $rootScope.$on(„$locationChangeStart”, function (event, next, current) { for (var i in window.routes) { if (next.indexOf(i) != -1) { if (!window.routes[i].access.allowAnonymous && !userService.user. isLogged) { toaster.pop(„error”, ‚You are not logged in!’, ‚’); $location.path(„/Login”); } } } }); });

Authentication Service

This service provides a way of communicating with the server and sets up the login status. We are interested in login/logout methods for the moment. On the back-end, a Web API service is used. The login method is a post request sending the ‘login’ data consisting of the username and password. Notice also the ‘RequestVerificationToken’ that is used to avoid cross-site request forgery attacks. //in AuthenticationService.js myApp.factory(‚authenticationService’, function ($http, $log, $location) { return { login: function (login, antiForgeryToken) { return $http({ method: ‚POST’, url: ‚/api/Account/AuthenticateUser’, data: login, headers: { ‚RequestVerificationToken’: antiForgeryToken } }); }, logout: function () { return $‚/api/Account/Logout’); } }; });

Putting up all together

The only thing that remains is to create a view to collect login information and a controller where we can use the authentication service and the user service together. A very simple login form would look like the example below. We have three input fields wrapped up in a form. //in Login.cshtml @model Model.LoginModel @{ Layout = null; } @functions { private String GetAntiForgeryToken() { string cookieToken, formToken; AntiForgery.GetTokens(null, out cookieToken, out formToken); return cookieToken + „:” + formToken; } } <div class=”container”> <form name=”loginForm” class=”form-signin”> <input id=”antiForgeryToken” data-ng-model=”antiForgeryToken” data-ng-init=”antiForgeryToken=’@GetAntiForgeryToken()’” type=”hidden”/> <h2 class=”form-signin-heading”>Authentication</h2> <br /> <input type=”email” required=”required” name=”username” class=”formcontrol” ng-model=”userData.username” placeholder=”Email address” /> <input type=”password” required name=”password” class=”form-control” ng-model=”userData.password” placeholder=”Password” /> <label class=”checkbox”> <input type=”checkbox” value=”remember-me”>Remember me</label> <button type=”submit” class=”btn btn-lg btn-primary btn-block” ng-


nr. 18/Decembrie, 2013 |

click=”login(userData, loginForm)”>Login</button> </form> </div>

When the user clicks login button, the form data is sent to the account controller. Using the authentication service, the data is sent in a POST request. In case of success, we use the user service to store the data and redirect the user to the desired page, otherwise we show an error message and keep the user on the login page. // in AccountController.js myApp.controller(‚AccountController’, function AccountController($scope, $cookies, $log, $location, authenticationService, toaster, userService) { $scope.login = function (userData, loginForm) { if (loginForm.$valid) { authenticationService.login(userData, $scope.antiForgeryToken) .success(function (response) { if (response.status) { userService.user.username =; userService.user.isLogged =; toaster.pop(‚success’, ‚You are signed in!’, ‚’, 2000, true); $location.path(„/MembersPage”); } else {

toaster.pop(‚error’, ‚Invalid username or password!’, ‚’, 2000, true);} }).error(function (data, status, headers, config) { $;});} }; });

This is all it takes to have a rudimentary authentication implementation with AngularJS.



Executable Specifications


Alexandru Bolboaca Agile Coach and Trainer, with a focus on technical practices @Mozaic Works

Adrian Bolboaca Programmer. Organizational and Technical Trainer and Coach @Mozaic Works

xecutable specifications are a way of using automated tests with the purpose of documenting the functionalities of an application. Automated tests are more and more used in the software industry, with the purpose of validating the correct functioning of an application. The validation implies of course a dialogue with the persons who formulate the requests (business analysts, product owners, product managers and other stakeholders) and the automated tests do not relieve us from documenting the ways the application is used. For documenting the functionalities there are some solutions, the most common one being writing specification documents. The problems start at the moment when the functionalities change; most of the time the specification documents cannot keep the pace. The reasons can be different: this procedure is heavy, it often takes a lot of time and often the documents are created by other persons than the ones who are writing the code for the application. There is often the risk that the specifications do not show, for a period of time, the current way the application works. One solution to reduce the waste only business language, without technical generated by rewriting the specification terms. documentation would be using tests as spe• The tests should not include implemencifications. They verify already the code and tation details in their names. are constantly synchronized with the produc• The tests should focus on the behaviour tion code. Why not write the tests in such a from the user’s point of view. way that they would look like a specification document? Do we need other type of documentation? Depending on the type of software system that needs to be developed, one might need How to write executable specifications? other types of documentation that cannot be The tests can be written as executable spe- automatically generated from the production cifications by obeying some rules: code. Here are some examples: user’s manual, • The tests should be written in such a way they can b e re ad in a natural language. • The names of t h e t e s t s should use | nr. 18/Decembrie, 2013


management Executable Specifications architecture documentation, commercial documentation, operational documentation, etc. Obviously this type of documentation needs to be written by using specific documents or diagrams.


Fitnesse1 is, historically speaking, the first tool used for writing specifications. It uses tables and it can be used on almost any technology. RSpec2 si Cucumber3 have been developed initially for Ruby, but now they have been ported for other languages as well. For example SpecFlow 4 is a .Net port, and JBehave5 was developed for Java technologies.

How to work with executable specifications

The specifications can be written by the business people (analysts, product owners, product managers, etc) by using a natural language, on the following pattern: Feature: Adition In order to avoid silly mistakes Cashiers must be able to calculate a sum Scenario: Simple numbers • I have entered 4 at the calculator keyboard 1 2 3 h t t p : / / e n . w i k i p e d i a . o r g / w i k i / Cucumber_%28software%29 4 5


• I have entered 3 at the calculator Disadvantages? keyboard • You cannot implement it if you do • I press sum not have automated tests for all the use • The screen should display 7 as a cases of the software system. result • A rigorous discipline must be maintained for the teams who write tests in Thus anyone who knows the domain order to focus on the behaviour from language can read and understand this the user’s point of view and to use only test. Then programmers link this text with names from the domain. functions from the code, that call the production code, in a very similar way with Conclusions the tests written in Junit/Nunit/xUnit, but The executable specifications are a very structured a bit differently. These tests will good way to get a constant feedback and be failing in the beginning, but as the func- to check if the application behaves as the tionalities are implemented they will be users expect it to. In order to write execupassing one by one. table specifications the programmers need to master writing unit tests and acceptance What are the advantages of executable tests by using the language from the busispecifications? ness domain one works for. • Minimize the documentation work, The transition towards executable spetying it to automated testing. cifications can be gradual, in small steps, • Very fast feedback for the persons until the dialogue between the business who generate the requirements for the people and developers becomes efficient. product. They can know at anytime what By using executable specifications, the is implemented and how, just by running business analysts can write the requirea set of automated tests. ments on which they can have a dialogue • Very fast feedback for the developers. with the developers, by using a natural lanThey understand quickly where they guage, and creating acceptance tests for the need to modify the existing system in application at the same time. order to add new functionalities. • A very useful dialogue tool between the business people and the technical persons. The specifications are understood by both groups of people and avoiding the “us vs. them” situations. • Increase the confidence of the team and have a product that does what it should.

nr. 18/Decembrie, 2013 |



Continuous improvement taken seriously


Ovidiu Dolha Requirements engineer @ ISDC

nformatics and Computer Science academic programs in Romania often include courses like software engineering, software analysis and design, and project management. Despite the initial attractive appearance of these courses, students frequently become slightly disappointed in the end, or at least compared to other courses (e.g. programming languages, hardware, even physics, mathematics), the lectures are seen less interesting or useful. In reality, it’s not about the intrinsic lack that students have about these topics. Part of the problem lies in the theoretical approach of these materials and the difficulty that students have in understanding the fundamental content. This leads to the constraint to learn by heart a good part of the courses, without truly understanding the principles behind. In Cluj, if you ask people in software companies what they consider their profession to be, plenty will say “Software Engineer”. It sounds nice, but in fact it takes years to even begin to understand what software engineering really is about. The main reason why students don’t understand the significance of diverse software engineering aspects is not related to the content. Now that I review some of that content after working in IT for more than 7 years I find it relevant and interesting. Improvement models like CMMi seem fascinating and crystal clear. But why didn’t I have the same feeling while I was a student? In this article, I will focus on continuous improvement, one of the least well understood practices of software engineering; but bear in mind that most of it will apply to many other concepts as well (think project management, software analysis and design, software architecture, software requirements). I will try to briefly expose some of the reasons responsible for the situation, and then I will mainly focus on effective solutions that could reasonably make it better. Arguably one of the leading causes of misunderstood concepts is education. Education, as I mentioned before, has access to great content, but which unfortunately is ineffectively transmitted. Now, when I talk about education I include both the undergraduate experience (school), but also education within the organization (professional development). I will tend to focus on the organizational education because it’s the one

we have more control over and thus yields to more pragmatic solutions. The first reason for ineffective education is lack of didactical skills (usually found in rigid systems). The trainees don’t feel attracted or inspired in the first place. The second reason and (in my opinion) accounting for much more of the issue is the lack of context attached to university courses. Topics like CMMi, a very abstract model that fundamentally focuses on managing ambitious continuous improvement programs, can only be understood in the context of organizational life, but which is completely unknown while you are still a student (some will find jobs while still in school, but will have barely scratched the surface of organizational life by then). Continuous improvement has to be taught in a right context to make sense. Even in organizations that seem to understand well the concept, there is still the impulse to superficially present it and then impose it rather than investing in right education and providing the best setting for it. And this is where the key lies. My proposal for better continuous improvement is to start taking it seriously. This entails a series of changes we need to make, and I advocate that the best approach is bidirectional (both top-down and bottom-up at the same time). Looking top-down, the most important change needed is to start applying continuous improvement practices transparently. Surely senior management in the leadership team does indeed use continuous improvement, | nr. 18/Decembrie, 2013


management Continuous improvement taken seriously but how and when? Make sure it becomes clear to the organization. Senior management should make a goal for themselves to be the best at CI. We want to hear about how well calculated and informed decisions are taken (especially the hard ones). We want to hear about strategy planning, retrospectives that use historical data (measured over time), and real risk calculations. We want to hear about process & quality management on senior management levels. And if possible, we want to also see evidence of this: documents (or parts of them), meeting minutes, measurements, and logs, anything to inspire the lower levels. Leading by example is a proven effective way to change organizational culture, a theory applicable also in the cases when practices are less “healthy”. At the same time, looking bottom-up, the focus on education needs to be strengthened. Most people are willing to learn and understand, but IT professionals are inherently sceptical (and for good reasons). To win them over, it’s very important to talk concretely, which is indeed extremely challenging when the subject is continuous improvement. Some ways to achieve this include telling success stories. Find the best projects where CI is striving and provide the context to tell their stories. Encourage CI success promotion, like open sessions, marketplaces, workshops, and inter-team experience exchange. A marketplace approach has been organized several times in ISDC. It’s a place where people show something they are proud of from their organizational life (whether it is some awesome architecture, functionality in their product, some clever component they built or simply best practices collected over time


that turn out to be great in some context or other). It’s a great way to get everyone together to discuss. An informal environment is perfect for friendly dialogue and open sharing. Not only does this motivate people, but it’s simply incredible to see how many things they do not know about what their colleagues do in other projects and teams. Sometimes, unintuitive strategies turn out to be most effective ones. An example is to encourage people to learn from their peers. That is, instead of always involving the same “senior” CI proponents to talk about it, allow everyone to do it. Find free advertisers within the organization and consciously provide encouragement to these people (target especially those with high informal power). Also encourage dialogue, do not censor those against CI, but instead organize debates. Such a practice turned out to be very effective in ISDC. We call it “Mythbusters”. In fact, it’s just an open debate on a controversial topic. People are encouraged to participate and voting happens before and after to see what beliefs are in the organization and how we can change them simply through intelligent discussions backed by research. Continuous improvement is facing rough times. Almost a century ago, when it all started, Japan was one of the countries with the lowest quality of products. Kaizen was the name of the initiative and it simply meant good change (kai = change, zen = good). A simple philosophy turned around the economy, and took Japan from once the worst product quality to the best in the modern era. CI started to boom in various forms and places, moving from production to services and from tangible production to

nr. 18/Decembrie, 2013 |

conceptual and creative domains. Various businesses adopted concepts and adapted them to their needs. CMMi is for example a continuous improvement model specifically designed for IT. While in tangible and repetitive businesses more concrete standards work well, in IT there was a need for a more abstract and flexible model that always requires tailoring to work. This is one of the reasons why CI in IT is so difficult both to understand and to apply. But it’s not only IT. Industry in general is becoming less and less tangible when it comes to human work. Automation rapidly takes over the repetitive and tangible aspects, leaving the human labour to focus greatly on other domains: creativity, innovation, strategy, complex planning, management, communication & human interaction. This is precisely why we now see a decline in Japan. In the later years, quality has decreased; other emerging countries (China, South Korea) are taking over the lead. Why? Exactly the same reason Japan has taken over the lead a century ago: they found a better way to do things. But now emerging economies are starting continuous improvement directly on non-tangible industries (which gives them advantageous speed), while Japan is slower due to inertia from applying it to tangible work. The lesson here is not to give up CI, but to learn to apply it and to apply it really well, to educate the newcomers in the field by presenting a favourable context and in fact, to take it seriously. We need to be sceptical, to ask relevant questions, to be open, to tailor CI depending on each specific case. The world is more dynamic than ever and our practices need to be adapted accordingly.



Scrum In Practice: A Case Study


dopting an agile approach for managing software projects is a journey, they say. This is the story of our team’s journey so far. Being a case study, it is neither an introduction to Scrum, nor a collection of best practices. Instead, I’m going to share with you the way we are applying Scrum.

Papp László Software engineer @ Evoline

The article is structured around core Product backlog Scrum concepts. The concepts show up The requirements for the project have mostly in the order we started to use them. been described in OneNote ever since the prototype phase. Information is organized Context in a shared notebook and OneNote automaBefore delving in I think it is impor- tically synchronizes it so that all users see tant to set the context in which Scrum was the changes. This central repository is also applied in our case. Our team was asked to useful when analyzing the requirements and migrate a well established software suite to dividing them into tasks. It stores questions new technologies and platforms. It was clear and answers, minutes of meetings in which from the beginning that this is a long term we discussed the open issues with the proproject. Furthermore, no official release was duct owner or other people familiar with the scheduled for the first year of development. domain know-how, the existing application We were given time to investigate the new and the required functionality. technologies and to implement a prototype. The product backlog is derived from the During this phase there was no planning and OneNote notebook. Features are prioritized we didn’t use sprints. Parts of the prototype by the product owner based on how they were then kept in the real project. are valued by customers. Furthermore, it is also the product owner who decides how Planning many features should go into a release. We The aim of planning was to be able to offer do planning only for the features selected for some kind of predictability to the product a release. This does not necessarily happen owner. Once we had a set of requirements at the beginning of each sprint. Notice that defined we needed a forecast: how much time the product owner is not influenced by our will it take to implement them? Needless to planning when selecting the features. This say, the product owner would appreciate an is a value-driven approach as opposed to a estimate only in time. Furthermore, we wan- cost-driven one, nowadays advocated by the ted to back that estimate with historical data, #NoEstimates movement. because that would make it more plausible. | nr. 18/Decembrie, 2013


management Scrum In Practice: A Case Study Story points

One of the benefits of working on large, long term projects is that the team can afford using story points for planning. In our team, story points were introduced based on the following assumptions: • we’d not always know in advance which team member will work on a given task • planning will be done by the whole team together Given that the team was heterogeneous, comprising of junior and experienced developers, these assumptions would have made using time estimates really difficult. Our estimates, or rather measurements, based on story points try to grasp the complexity, the effort and the uncertainty involved in finishing a task regardless of the developer who’ll be working on it. Imagine having two rocks each weighing 1 kg, which have to be moved 100 meters by a “team” consisting of two people, a 3-year-old and a 30-year-old. It will take the 3-year-old a lot more time to move a rock than the time needed by the 30-yearold. Nevertheless each rock is 1 kg. It’s the same with tasks. Subsequently, implementing tasks measured by a team to have 1 story point may and often will not take the same amount of time.

Reference tasks

In a nutshell, here’s how it goes. The team needs to decide on a measurement scale to be used. Usually it is the Fibonacci sequence, but we took over its slight variation from planning poker I’ve already mentioned above. Each number of the scale is represented by a column on a board. An additional area called the Parking Lot is also introduced for tasks whose value won’t be agreed. All tasks to be measured are written on stickers. After this preparation there are three rounds coordinated by a facilitator. The first two are silent, hence the name. In the first round team members walk up to the board, one at a time, to place one task on it. This way all tasks will get on the board in an initial column. In the second round team members may move tasks from one column to another as they see fit. If a task is moved around frequently the facilitator will place it in the Parking Lot. We keep track of the movements on the sticker. The last round is reserved for discussions. If the Parking Lot is not empty now is the time to dissect the tasks from it and possibly agree on the corresponding column. It is worth mentioning that we reserve a couple of days to identify the tasks that are going to be measured based on the requirements. Furthermore, every task is briefly presented to the team mainly from a functional point of view before the planning session. Not all the tasks are handed out randomly to team members during the first round. For the more specific tasks like the ones related to database or to frontend design we know in advance who’ll work on them and we let those persons to place the tasks in an initial column. Usually they will remain there during the second round.

Before starting our planning we agreed on some reference tasks. These are tasks relative to which all other tasks are measured. We picked tasks already implemented in the prototype, of which the whole team had a common understanding and we assigned story points to them from the sequence used in planning poker. The whole sequence is 0, ½, 1, 2, 3, 5, 8, 13, 20, 40, and 100, but we only used values below Velocity 5. Velocity is the most vital metric we The values in the sequence are conside- use. We observe it continuously in order red quantified task categories or sizes. to forecast and to collect the historical data necessary to back our estimates. Measuring tasks Given the size of the product backlog In order to measure the tasks we deci- and the velocity, both in story points, we ded to use planning poker. This is a widely can calculate the number of sprints needed used technique that I’m not going to pre- to implement the product backlog. We took sent here. As the team grew, however, we hit advantage of this when we got our very first its limitations: it was more and more time release date. I informed the product owner consuming. Luckily, I stumbled upon an that most probably we cannot deliver the alternative called Silent Grouping presen- whole product backlog by then. He wasn’t ted by Ken Power. It promised to be much happy about it, but eventually we reviewed faster than planning poker so we decided to the backlog and postponed the tasks that give it a try. And it worked. Silent Grouping turned out to be not so important for the is described in detail in [1]. first release.


nr. 18/Decembrie, 2013 |

Picking the velocity to use in the calculation above is not always straightforward after many sprints. I’ll mention two methods. When the first release date was initially set by the product owner I picked the latest value. Until then the velocity continuously grew so my argument was: “Look, even with our highest velocity it will probably take us five sprints to cover the product backlog and there are only three available until the deadline.” The second method takes the median of the velocities measured over sprints. In my view the second method should take into consideration only sprints where the team was more or less the same. If the team is doubled from say 5 people to 10 then velocities obtained by the team of five are hardly relevant anymore.


We receive feedback at least every fortnight in follow-up meetings in which we demo what we’ve been working on lately. This way we can present features as they are developed and we have the opportunity to adapt to requirements that change or come up along the way. Before the follow-ups we always write a mail to the product owner about the recent developments. It describes all the items that are considered to be worth demoing by the team, so it acts as an agenda for the follow-up. All the team participates in the follow-ups and each team member presents the items he or she contributed. The main benefit of involving the whole team in the follow-ups is that the developers and the product owner can interact with each other. Open issues are clarified, background information is shared on

TODAY SOFTWARE MAGAZINE activities, feature ownership. Currently feature owners have a detailed overview of the feature and they keep track of the tasks related, which helps t he te am i n b e i ng self-organized.

specific features and the feedback is received directly. What’s next? I think being transparent and predictaTesting ble paid off. The product owner seems to We have sprints dedicated to system trust us, since he asked from us for protesting and fixing. There is no sprint totypes on new, complementary projects. backlog for this kind of sprints, since most In case these projects will materialize they of the tasks come up during the sprint. We will act as excellent growth opportunities are using an action list instead. The action within the department. list is our bug tracking Excel file. Each issue There are, of course, several areas where has a priority that specifies the order in we could improve. One of them is dividing which they should be tackled. Nevertheless, the features into smaller tasks with more when a bug is found the developer who was or less the same size. We only managed to assigned to the related task is first notified avoid tasks above 13 story points, but there on the spot to see if the bug can be quickly is still some way to go to come up with a fixed. If it can, then we don’t track the bug backlog containing only tasks that have 2 any more. I got to know this approach or 3 story points or even less. When we’ll from Henrik Kniberg in [2]. The reason get there velocity may be calculated as the behind is to avoid huge action lists that are number of tasks completed in a sprint. In hardly manageable and that will intimidate order to practice breaking features into developers. really small tasks I plan to run the Elephant Carpaccio exercise, invented by Alistair Retrospective Cockburn. There is a facilitation guide for We tried in several ways to hold the it written by Henrik Kniberg in [3]. Sprint Retrospective. Initially it was coupled with the planning meeting, meaning Follow-up meetings take more and that we tried to reflect on the past sprint more time, resembling the planning poker before doing the planning for the next one. sessions we had in the past. We are about Another approach was to have it during a to introduce feature-based follow-ups focuteam lunch. Neither way proved to be effec- sing on a single feature and involving from tive. Nowadays I’m trying to get feedback the team only the people that are working in a non-intrusive way. On one of our whi- on the given feature. To keep the team teboards there is a dedicated space where team members can specify things that: • are going well • should be improved

up-to-date on all features we’ll also hold more informal internal demos. Story maps, a technique I got to know from Jeff Patton in [4], will allow us to see the big picture of the project. What story mapping tries to solve is to keep the context in which tasks have to be implemented. While discussing with the project stakeholders the required features it becomes clear why these features are needed, and what capabilities they cover. Furthermore big features are decomposed into smaller ones in order to better capture them. This entire context is often lost when dividing the features into tasks and placing them into a flat backlog. Steve Rogalsky wrote on how to get started with story maps in [5] (the illustration is from there).

Biography [1] Power, K. Using Silent Grouping to Size User Stories. (2011) using-silent-grouping-to-size-user-stories/ [2] Kniberg, H. Scrum and XP from the Trenches. (2007) [3] Kniberg, H. Elephant Carpaccio facilitation guide. (2013) http://blog. elephant-carpaccio-facilitation-guide [4] Patton, J. The new user story backlog is a map. (2008) the_new_backlog.html [5] Rogalsky, S. How to create a User Story Map. (2012) the_new_backlog.html

The topics that pop up on the whiteboard during a sprint will represent the agenda for the retrospective.

Feature ownership

Nearly a year into the project we identified lots of activities at feature level: understanding the requirements, dividing them into tasks, identifying the tasks that can be implemented in parallel, communication with project stakeholders, just to name a few. As the team grew considerably during that year, it seemed appropriate to me to introduce a new role for these | nr. 18/Decembrie, 2013





good teacher once told me: “If you need to do something more than twice, do something which will do it for you!” At first, I wasn’t at all convinced about the truth of his statement, but going through a few years of Computer Science, I started seeing it that way. The truth is that we, „the humans”, are truly bad at doing repetitive tasks. And so it should be – let’s let technology take care of that for us so we can enjoy the things which really matter. SpotTune started from a simple idea which came to me whilst I was in college. We’re all so terribly busy in that time of our lives – and I wanted to do something to change that. I let my imagination do its job and, well, that’s how SpotTune came to be! I needed a ‚smart app’ which could do personalized tasks. I wanted it to able to automatically send a message to my girlfriend when I finished my courses so we can meet up, or send a message to my mom so she can start cooking dinner! I wanted the app to put my phone on ‚silent mode’ whenever I attended conferences, went to the movie or theatres or on Sunday at church! I wanted to let my friends know whenever I reached a certain location. I wanted my WiFi to be turned on whenever I got home, because I had a router there – and my data connection to be turned off. You may have already been through the same situations already. The above mentioned scenarios are only a few ‚mini tasks’ which little by little drain our time without us noticing a thing. The idea of the app is that it should be capable of capturing events/actions which should trigger at a certain place or time. Simple enough. SpotTune tries to automate these processes and bring back fluid user experience to the scene. The main principle is simple: configure once, enjoy every time after. Here’s a simple example. On average, a smart-phone user (of any kind) activates and deactivates his WiFi or mobile-data 4 times every day for different reasons. The process is relatively short but which, through its repetitive nature, gets terribly cumbersome after a while: unlocking the screen, pull down the notification bar, press the WiFi button, wait. This takes roughly 15 seconds, assuming nothing goes wrong. After doing the math, we can see that our ‚smart phone’ user spends roughly 7 minutes each week and 6 hours each year turning his WiFi on and off. It’s strange now that you think about it: sacrificing 2 or 3 good movies for dealing with your WiFi being switched on and off?


nr. 18/Decembrie, 2013 |

Did the phone in your pocket ever try to do a sing-along with the opera house’s orchestra while the lead soprano is in the middle of her aria? SpotTune will offer the possibility to automatically set the phone profile to ‚silent’ and send a message to whoever tries to contact you in a given interval of time. And this is only a few taps away! The only purpose of app is to simply make the user’s life easier. Alongside these options, the application will also track the approximate time it saved the user, automating his processes. Each action will have an assigned number of seconds which will add up to a locally stored total. This gives important feedback to the user, an element which should never be overlooked. The next steps for the app will be to create its website which will allow users to configure their tasks which will later be synchronized with the mobile app. SpotTune is meant to make the users’ life easier. Tasks can be combined and the possibilities are endless. You can bring feedback and suggestions to . Let your imagination fly!

George Platon Software developer @ Catalyst





n October 2011, we started the HackaServer Project, a web security testing platform using the power of crowd sourcing. When we were building HaS we had to come up with a way to create a spin off in case things were not moving in the direction that we anticipated. I have to mention that HaS is not open for business yet because of one simple reason: We are a very small team.

A short recap

• Scattered – it happened all over the In f o r m at i o n S e c u r i t y t h r o u g h world but being scattered and short, Gamification is not a brand new concept. automatically they are small too. In fact is quiet old, since the dawn of the • Don’t count – because don’t last and internet I’d say. It is called CTF – Capture are remote, HR departments don’t even The Flag. DefCon conference have one of ask as experience about it when hire the first CTF competition. You can check information security. CTF Time to see where a CTF (within • Scenario based with a lot of different information security industry) take place. restrictions and plenty of rules. If you dig about CTFs, you’ll find CTFs • Not real life replica. organized by CS faculties, companies or even governments agencies. So why another CTF when there are

Why CTFs?

• The best way to learn is to learn through applications and that’s where gamification excels at with great results on skills improving, education and training. Learning information security through gamification would increase students/employee engagement, improve retention rate and speed up the learning curve/process. In the same time, for students/ employees it is something entertaining, challenging, community driven and hands on. Today’s CTF competitions are great and very diverse starting from level based and going all the way to attack and defense scenario based where Red Teams and Blue Teams try their best. Among their beauty, very much appreciated is the effort and dedication of the teams behind every CTF. However they have few but major problems in two ways: the way are designed and held: • Don’t last – Nowadays CTFs last between 24 hours up to few days only – weeks at most. • Remote – Not always is over the internet and you have to be physically in that room/building.

plenty of it?

We, the team behind CTF365, decided that is time to change the way CTF is designed and held by bringing a brand new approach and push security gamification at a bigger scale: World Wide. Our goal is to create a real life Internet replica where security professionals, security students and security wannabe to get continuous training on real man made servers and infrastructures not in some special vulnerable designed servers.

Who is it for?

• Blue Teams, Red Teams, CERT/ CSIRT - Offensive and defensive specialists can improve their trainings on real life alike enviroments. • CTOs, System Administrators – Can experiment brand new server configurations and see if can be defeated. • Security Vendors – Can test their WAFs or whatever software they develop as well as security hardwares. • Security Training Companies – Improve their students retention rate on real life alike environments. • Information Security Recruiters – Security Certificates are very important but user’s (candidate) performance and achievements as security professional

matters most when interviews for hiring. • Web Security organizations like OWASP – Spread awareness among web developers and Devops. • InfoSec Conferences – Participants really want to have fun and more, their achievement not to be let in vain. • Web Development Companies – Web developers/Designers training on Defensive Security • D a t a C e n t e r s – S y s t e m Administrators training on Defensive Security

How that’s possible?

We did asked ourselves too and looks like we’ve made it so far. Though there are a lot more to do under the hood as well on the middle and frontend, our IaaS is flexible enough to mimic the real world. CTF365 flexibility platform allow users to connect their own infrastructure whether is cloud based or private or dedicated servers. We proved it before that is possible to have servers to be tested in the cloud and more, we did had a Metasploitable in the cloud. You can read this article right here on Rapid7 Community. Companies and organizations can get their own CTF infrastructure within minutes and all their users achievements can be added to general user’s performance. This feature will engage more users on future InfoSec conferences CTFs.

Where we’re at?

At this moment, CTF365 is in Alpha Stage which means it’s up and running with a small number of teams (over 30 teams) and there are +13,000 registered users and +1300 teams ready to play all over the world. | nr. 18/Decembrie, 2013


startups CTF365 Being in Alpha means that we’re still in the developing stage and those who got access to Alpha and future Beta can experiment and see how will look like the live version. Later on, when we’ll start to add more hardware capacity we’ll be ready to let everyone to get in. In Alpha and Beta most of the users/ players are security professionals from different pentest companies, security training companies or security related. Among referrals we also accept infosec professionals, as well as infosec instructors/ teachers, that request Alpha access. If you like early access, just let me know and we’ll try to grant your access.

Bottom line

“Security will never be perfect, but can be pushed to perfection” According Frost & Sullivan predicts global employment of information security professionals to increase 332,000, ending the year at 3.2 million and reaching ~5 millions by 2017. Beside certified professionals there are over 25 millions users on security/hacking forums. As I said it before in an interview, The Internet grows faster than the World’s capacity to provide well trained system administrators as well as well-trained coders/programmers regarding security matters. There is a widening gap between and somebody has to patch it or at least to try. At its core, CTF365 is not a game. It’s a “Training Platform for Security Professionals and ITC Industry” that implements CTF concepts and leverages gamification mechanics to improve retention rate and speed up the learning/ training curve.


CTF365 is an internet within The Internet where users will built their servers and they can experiment real life like services such as microblogging platforms like Twitter, social networks like Facebook or G+, email services like Gmail or Yahoo and, here’s the beauty of the entire concept, they can hack it at will. For instance the real world have GoDaddy when domain registration right? We have GoGrandpa.365 where users will be able to register their own domain.ctf or domain.365 They can learn new offensive techniques or they can learn defense security as well. Web developers can train their skills to build safer applications and learn how they can defend their apps from being hacked. For security professionals and security students as well as for web developers and system administrators this is “Gardens of Eden”, the mother of all training grounds because is not a pre-build lab with certain vulnerabilities. It’s like the biggest army training ground or millions dollar flight simulator where pilots get into the most unaware situations without getting hurt while training for the worst.

nr. 18/Decembrie, 2013 |

Marius Corîci Co-fondator @ CTF365



How to maintain the success of a game for more than two years after its launch?


ubble Witch Saga has 26 months since its initial launch on the Facebook platform and 16 months since its launch on the mobile market. Despite that, the game manages to maintain its position in Top 10 games on the Facebook platform and on mobile it remains the most popular game in the bubble shooters category, still receiving the best reviews and comments.

What is the secret of the success of this King game, in the context where the gaming industry is continuing to grow, the competition is stronger and stronger and games with new mechanics, design and business models are being released constantly? I don’t think we can talk about a recipe which guarantees the success, but looking at other apps (regardless of their specific), we can at least learn from others’ mistakes, paying attention especially to the way in which they managed to surpass the obstacles that inevitably come up in software development. Even before the launch, it was known that Bubble Witch Saga will be a game with a classic mechanic. That is the reason why we tried to bring a novelty element and that element was the story behind the game. The player’s journey (saga) had a multiple purpose: making the difference between other similar games and bringing a better retention rate. This journey translates for the player through a growth in in-game skills, in level difficulties or in the introduction of blockers (which are not impossible to surpass), as well as in the interaction with other players –friends on Facebook. The social interaction element was one of the factors which maintained Bubble Witch Saga for more than two years in tops. Friends help each other in the game: they send each other helpful elements such as lives (or energy) or boosters in order to

pass certain barriers. The competition element is also present and some players can be motivated by obtaining a higher score in a certain level or recovering his leadership position when being outran by friends. In the case of Bubble Witch Saga, the attention paid to players was very important, especially to their actions in the game. No game is perfect and bugs will continue to appear and, as I mentioned before, the players’ options are increasing, but by keeping a constant dialogue with the users, Bubble Witch Saga maintained its position high in tops. This dialogue was carried through several channels, such as fan groups on the Facebook page or the ratings and comments in AppStore and Google Play. But the most important aspect of this dialogue was the existence of a very well done tracking system. Many players are reluctant to offering direct feedback and can always give up the application in a second. Bubble Witch Saga has managed to stop many of these potential giving up points exactly through this tracking system. For example, recently it was noticed that one of the game levels had a very high abandonment: the players had many tries at this level, but for the ones who managed to pass, it was very difficult to obtain the necessary score. The solution was to find a new version for that level, not necessary an easier one, but one with more accent on using the skills already acquired by the player during the entire

game journey. Another method through which Bubble Witch Saga is maintaining its strong position is by constantly adding new content. Here we refer to new levels (continuing the game progress), as well as the graphics. For example, for Halloween, Bubble Witch Saga had a new seasonal theme, in which specific elements of this event have been introduced on the progress map: one of the game balls was turned into a pumpkin, one of the game sounds was turned into a ghost laughter, animated skeletons appeared from place to place and on the sky bats were flying instead of hawks. On Christmas, the game was modified again with some specific elements. Also, it is very important to differentiate the players according to the progress in their Bubble Witch Saga journey. On the one hand, there are players who reach the ending of the game and they want new levels and more difficult challenges. On the other hand, there are players at the beginning of the game who need help with their progress. For the latter, for example, an interactive tutorial to help them understand the goal of the game is very useful. The features developed for Bubble Witch Saga concentrated mainly on players, trying to offer them the most pleasant experience. One of King’s strategic decisions was giving up in-game ads, in order for users to enjoy the game story without | nr. 18/Decembrie, 2013


management How to maintain the success of a game for more than two years after its launch? interruptions. This experience of continuity was followed and ensured by synchronizing the mobile progress with the Facebook progress. Bubble Witch Saga was the first game having this feature and continues to represent one of the examples given by Facebook (the technical details and problems that occurred were presented to you by my colleague Cristi in one of the past magazine issues). A secondary positive effect of this strategy is its viral character. The player comes back more often and is playing more, being prone to recommending the game to his friends, through word of mouth, as well as mouse to mouse. The game must offer him this possibility and facilitate Facebook posts, without forcing him or making him do it unwittingly. In the same spirit, the moment when we want to develop a new feature for Bubble Witch Saga, the first question asked by the development team is “why?” or, better, “what is the benefit of the player?” Once we find the answer to this question, the implementation remains just a formality. Here comes up another aspect through which Bubble Witch Saga has managed to maintain as one of the most popular games on Facebook: an extraordinary team that works on this project. The Bubble Witch Saga team is rather small, counting 10 people: developers, QA, artist, designer and producer, this being an advantage. Each team member is responsible with the success of the game, everyone’s opinion matters and the decisions regarding the ideas implemented in the game are being taken by agreement and can come from any team member. The working environment is


always nice and relaxing because the entire team knows very well what they have to do and the deadlines are established by its members. Furthermore, the moment an error occurs, it is very important that the entire team learns from mistakes, communicate transparently and move further. How much longer will Bubble Witch Saga last in this crowded market that is continuing to grow? We don’t now, but it will surely keep its top position, as long as we will continue to innovate, listen and respect the players.

nr. 18/Decembrie, 2013 |

George Abramovici Business Manager @ King România



Keeping Hold of Talented Employees, a Recurrent Issue in IT


he IT domain has been confronting with real crises in respect to employing programmers. This phenomenon can be viewed as a paradox since, at least from the point of view of the public opinion (which is more or less competent), the IT market is seen as still being a very welcoming one, as it is not saturated with employees and it keeps absorbing well prepared programmers who can ensure a stable infrastructure of this continually expanding and more and more branched domain. However, just like in the politics, a migration process has been recorded in the IT domain, too, or in a pejorative remark, multiple switching of the working place due to the boom of the IT market. This phenomenon of migration started between 2006-2008, along with the arrival to Romania of some large companies such as IBM, Apple, Sonny-Erickson or Alcatel. If during that period the market was full of programmers, at the moment the IT domain is dubbed as “the domain of zero unemployment rate”. Due to this instability generated by the migration or the insecurity of the position of the employees within the company on the long term, questions have been raised regarding the keeping of programmers. What should the manager of the company or the HR department do in order to keep valuable employees? How should they act and what should they offer them in order to stimulate them to grow together with the company and thus, to remain stable employees? Indeed, to answer these questions, we need certain statistics and accumulated experience, but they may work or not when applied in view of offering a satisfying answer. In other words, the employer has to feel the pulse of the company (to know his employees and be familiarized with their needs and the difficulties they encounter) and to permanently adapt his knowledge on the domain and on the IT market where they carry out their activity. We all know that in any domain of activity, the main criterion for attracting and holding on to one’s employees refers to the financial aspect. The same happens in the IT domain, where the salary package is of a great importance. However, what is very interesting is the fact that, unlike other domains, there is a “but”. The relativism of the money is given by a series of factors which state that money does not always come absolutely first for a programmer. Yes, it is very important (where isn’t it?) but, from the perspective of a passionate programmer, the material criterion hardly ever comes before the possibility of working with innovating, last generation technologies. That’s why we can state without any hesitation that providing some updated technologies at the working place represents a sure way of keeping one’s employees and, likewise, the lack of interest in replacing the outdated technology leads to massive departures. If we consider this context from a logical point of view, we can clearly assume

the following thing: even if at the beginning the employee does not lay so much emphasis on the financial aspect, but focuses his attention towards the new technologies, it is still him the one who wins; it is not about immediate advantages, but long-term professional gainings, since developing some skills to adapt to new technologies leads to an enhancement of experience, reaching an upper level of expertise and, in time, to the gradual and certain rising of the salary. For the companies that wish to overcome the development barriers conditioned by the lack of working force, it takes more than that. Just like they have ambitious business goals, they need to dare invest more in human resources. The example of Google is very well known and everyone admits that it was the investment in people that has brought remarkable results. Is there anyone among the IT people who wouldn’t like to work for Google? And yet, how many of the presidents of IT companies are willing to make an investment in people similar to that of Google? Google did not rest upon market researches regarding the employees’ benefits, but it dared. It dared to invest into people as much as it was necessary in order to create the culture that no one wants to leave. Google provides everything you need for you to live only inside Google, like in a prison or in the army, with the big difference that in Google you want to be “confined”. The motifs for which programmers choose to leave a company are numerous. They reside in the salary package, lean bureaucracy at the place of work, rigid schedule, management related problems, the hindering of one’s creativity or, most of the times, difficulties encountered within the project team, due to the lack of an efficient dialogue. Thus, the atmosphere is oppressing and suffocating. In order to overcome these drawbacks, the managerial board of the company initiates several strategies in view

of holding on to their employees. Different strategies and methods will be discussed below, in an attempt to determine their viability and, if need be, to identify and suggest new such methods. The IT domain is at the moment one of the engines of economy, which managed to bloom in a time when the other domains were heavily affected by the economic crisis. Given an educational system that is insufficiently adapted to the market, the growth of the IT domain in Romania was bolstered up by two actuating levers. On the one hand, people who had recently graduated were hired, so we are dealing with well prepared employees, but who still have to develop a lot of skills and to acquire experience. Holding on to them should be done according to a programme, right from their employment for that job (keeping them in the company, in this case, is synonym with “fabricating” a quality employee profile – actually, the employer, through different means, by training his staff ensures their medium and long term loyalty). On the other hand, there are people who have been employed for a while and have gathered enough experience to become an important target for the management of the company. Since they are experienced, trained and, also, since they provide quality services, they are much more difficult to retain in the company, since they are aware of the alternatives and the standards of the domain. Consequently, keeping hold of them is more difficult, in the way that they are the most wanted and their complaints are harder to satisfy. Following the delimitation of the two categories, we can characterize the employees as: those lacking experience, the novices, who often prove to be selfish and moody (that’s why many of them do not stay too long or they continue to move from one company to another) and the experienced ones, who are well-established, loyal, who do not migrate | nr. 18/Decembrie, 2013


management Keeping Hold of Talented Employees, a Recurrent Issue in IT from a project to another or from a company to another, because they already have a certain rank and they have acquired a certain professional maturity. An extremely important factor to keep the programmers going and at a high level of contentment is motivation. As we are dealing with pragmatic persons who work according to some fixed patterns, they permanently need incentives and motivation in order to keep up working without lowering the rhythm of quality. The intrinsic motivation depends on each person’s adaptability and it is fluctuating, but the extrinsic one, coming from the leaders of the company, has a greater impact. That is why the company should offer some challenging planning, projects from which everyone can learn new and useful things. Moreover, the project organization process should be a compelling one, drawn in an exact and professional manner and based on the most innovative technologies. If in addition to the things above we also mention a positive work environment and positive, constructive interaction between the programmers, we can surely talk about yet another method of keeping hold of one’s employees in the company. In order to emphasize this method of retention, it is enough for us to comparatively look at the following example of a manner of organizing projects (the project methodology). In the past, to achieve a deliverable product, the projects were going through numerous and somewhat “stiff ” phases: in respect to the deadline, it was usually a long term project; the detailed planning which hardly ever had any loopholes for alternative solutions; the architecture of the application; its implementation. This obsolete methodology is called Waterfall and it is not a good example for keeping one’s employees, since it generates boredom, routine and that innovative constraint set by the rules. Instead, the technique of the Agile methodology perfectly works as a manner of keeping the programmers – it is an up-to-date, modern method of project development, characterized by short periods of execution, close relation between the members of the project and the project coordinator, open and adaptive communication between the employees but also with the project owner (the product designer, the one who has ordered it). The long periods spent by employees within a company are the result of, first of all, the human and social quality of the group and of the one (ones) who are leading/ managing the group. It is classic and actual to say that “the employees join the company and leave the managers”.


Let’s assume that at one point a company hires a very reliable and hardworking candidate for the position of programmer. Soon, he proves to be an extremely valuable employee, having a faultless conduct, as probably only 5% of the other programmers have. However, unavoidably, there comes a problem. This person wishes to remain as long as possible within the company, but, since he is honest, he asks his employer to provide him with a flexible schedule so that he can work mostly from home, as he is a true family man and he needs more time to dedicate to his family. Besides, he has already proven his efficiency and qualities. How does the company react in this case? Most of them state that they provide the flexibility of the schedule, but, when it comes to keeping to this duty, difficulties emerge. This is a landmark where most of the companies don’t manage to deal with the situation, losing their valuable employees. Instead, the other companies, those who understand and put into effect the needs of the truly important employees, will keep hold of them and will acquire long term valuable services. There is also a series of advantages and facilities which have a deciding role in keeping one’s employees. The working schedule has to be flexible, meaning that as long as you accomplish your assigned task, you can choose the hours to work. The extra hours should be rewarded punctually, in different ways. The self-respecting IT companies provide their employees with free documentation centers, both at their headquarters and online. Offering some passes to the gym, swimming pool or other sport centers should become a priority, since the life of a programmer is quite sedentary, the lack of exercising can lead to a decrease of focusing and efficiency. Moreover, the employees should benefit from sponsored trainings, workshops and conferences meant to improve their soft skills, so as not to become limited. Since people are social beings, the company should provide them with a pleasant, comfortable and friendly working environment, endowed with coffee and juice machines, different games for the breaks and socialization space. Even if these recreation related facilities have become a custom, and they are far from being something new, there still are some instances where, within some companies, they represent the main (and maybe the only) way of motivating and keeping the employees. Last but not least, the employeremployee relationship must go beyond the hierarchical barriers, it should be based on friendly collaborations; going out in an

nr. 18/Decembrie, 2013 |

informal environment should become a habit and the sporting activities provided by the company should take place as often as possible because it is only the spontaneous team spirit that develops collegiality and friendship. For instance, employees’ anniversaries, the celebration of a success within the company, “the employee of the month” or the annual ceremonies of awarding the most efficient employees within the company constitute, no doubts, events which consolidate the group and represent a decisive plus in keeping hold of programmers within the IT companies. Even if there is a good understanding and interaction, backed up by the lack of an inferiority complex towards the higherup positioned people from the hierarchical point of view, a key element is represented by the face to face communication. Therefore, from the moment of employment and throughout the entire period of holding the job, it is imperative that the interaction and communication between the employer and the employee be done as directly as possible (considering the fact that the inefficiency of communication and the lack of feedback have always generated important problems and fragile relationships). This means avoiding sending information through e-mails or third parties. Direct approach reduces bureaucracy and increases the trust degree between people, and relationships no longer tend to become impersonal, meaning that the leaders of the company prove their authenticity and transparence – this way gaining image and legitimacy, which is an essential plus in respect to the issue of keeping hold of employees. As one can notice, the main goal of companies should be to integrate their employees. As a consequence of implementing all the described strategies (of socializing, of involvement, technical), the management team should be able to form a powerful, united collective which can generate advantages for both involved parties: on the one hand, the company gains stability and does not have to face the problem of keeping hold of its employees and, on the other hand, the employees will be happier to work, the professional passion is no stranger to them and, most importantly, they will not have the tendency to migrate.

Monica Soare Manager @ Artwin



Real time web with Meteor


eteor is an open-source platform for a much faster creation of web applications, no matter the experience level of the programmer. The moment you start a new project or you want to write your own web application is usually followed by the question: “Which is the most appropriate framework for my application?” Each programmer will have already formed an opinion in this respect. Normally, they will choose the platform that is considered to be the most efficient and powerful for the respective technology or the one which is used most often by the team, in order to maintain a relatively predictable speed in the project development process. From the point of view of the web technologies, opinions are divided, but one thing is certain, that we find ourselves in an era where the JavaScript technologies are in a continuous expansion and their usage is spreading not only on the web platforms, but also on the mobile platforms. Moreover, most of the web developers are using JavaScript technologies in creating applications. Meteor is a pure JavaScript platform which provides you with a few extremely useful facilities, among which: • One language for both client and server side, • Live page updates, • Powerful data synchronization, • Hot code pushes, • Smart packages.

Meteor provides you with two Boolean variables which can help you in this situation: • Meteor.isServer specifies the code block which will run on server-side. • Meteor.isClient specifies the code block which will run on client-side.

Creating a Meteor application

Smart packages

As a first best practice rule, we do not recommend excessive usage of the above mentioned variables. We recommend using the file structure described in the specifications. All the files running strictly on the server will be created under the server director, and those which will run on the client will be created under the client director. Thus, the entire application can be written in only one programming language. This thing is a great advantage for the programmers who are largely exposed to JavaScript technologies.

Meteor can be very easily installed by using the following Meteor manages to elegantly combine the same technology linux/ unix order: both on the server-side part and on the client-side part of the application. This thing is possible since Meteor applications are $ curl | /bin/sh running on a Node.js instance. In order to be able to differentiate Meteor can be very easily installed by using the following the code running on the server from the one running on the client, linux/ unix order: Meteor provides you with two Boolean variables which can help you in this situation: $ meteor create myApp • Meteor.isServer specifies the code block which will run on Now, meteor has created the myApp directory which contains server-side. the web application together with a configuration for Node.js • Meteor.isClient specifies the code block which will run on through we will be able to start the local server in order to visuaclient-side. lize the project in a web browser: As a first best practice rule, we do not recommend excessive $ cd myApp $ meteor usage of the above mentioned variables. We recommend using the => Meteor server running on: http://localfile structure described in the specifications. All the files running host:3000/ strictly on the server will be created under the server director, and By running the meteor command within the project, the those which will run on the client will be created under the client local server was started and the web application can be accessed director. through a local IP at the port specified in the output. Thus, the entire application can be written in only one programming language. This thing is a great advantage for the One language for both client and server side programmers who are largely exposed to JavaScript technologies. Meteor manages to elegantly combine the same technology both on the server-side part and on the client-side part of the Templates application. This thing is possible since Meteor applications are The Meteor platform has a default templating system installed, running on a Node.js instance. In order to be able to differentiate by the name of Handlebars. With the help of this system you can the code running on the server from the one running on the client, give a much more dynamic aspect to the pages. These will be able | nr. 18/Decembrie, 2013


programming Real time web with Meteor to communicate in a very smart manner with the server-side proThat’s it! Now the project has been successfully uploaded on cessed data which are about to be sent to view. For the time being, the desired server. Moreover, the application does not stop during Meteor accepts only Handlebars, but in the future, more options a deploy. Meteor handles all the updates part and server maintewill be implemented. nance, and the clients won’t even feel the deploy. In order to use the templates in Meteor, you simply have to create a .html file in which to introduce the <template> tag together with the attribute name, which will be given a suggestive value. Meteor will now evaluate the file and the generated template will be able to be accessed through a global variable Template. nume_template. Furthermore, through the intelligent synchronization system, Meteor will maintain at any moment the data from view synchronized to those on the server, and any alteration will be instantaneously seen on the view.


Meteor uses the NoSQL type data base called mongoDB. This is the only one accepted for the moment, but there will be other data bases implemented in the future. For the client-side part, Meteor uses a mongoDB emulator called minimongo. With the help of the collections we can manipulate the documents from the database: Members = new Meteor.Collection(“members”);

By accessing this function, an EJSON type object was created, which is actually a traditional model from an ORM framework (Object-Relational-Mapper). The Members Collection is globally <template name=”hello”> declared and accessible from the client-side part as well as from <b> Hello {{ what }} </b> </template> the server-side part. Just like the HTML pages, the changes of the collections are conveyed real time towards all the clients. Thus, any Now we can dynamically populate the content of the “hello” alteration of the data base will trigger the updating of the collectemplate, by accessing the handlebars expression called “what” tions distributed to the clients. In order to manipulate the object from within the brackets: collection, we will use the following syntax: Example of template:

Template.hello({ what: ”World!” });


Template.hello.what = function{ return “World!” ;};

Members.insert({ name: “John Doe”, location:”ClujNapoca, Romania” }); Members.remove({ name:”John Doe” }); member_john = Members.findOne({“ name: “John Doe”});

In the development phase, the data base can be modified even from the client side. This is very useful for debugging and testing, Live page updates but once the application reaches a ready for production stage, the Nowadays, keeping the data on the client up-to-date with autopublish and insecure packages, which offer this facility, will those on the server is a task in focus. Meteor manages to let the be disabled. programmer off from reinventing the wheel, as the self-update mechanism is built in the platform. This mechanism updates Conclusion both the automatically generated HTML and the HTML that was Meteor is built on a series of cutting-edge technologies, which, manually created through JavaScript. smartly combined, free the programmer from extra work and time spent. Thus, he manages to focus more on the aspects of the The mechanism behind consists in using a rendering function application other than the tasks which are common to any prowhich is conveyed to Meteor.render, which will return a DOM ject. Even if Meteor has not yet reached version no. 1.0, it is in fragment called node. This DOM fragment will update itself a stable stage, and some projects have already begun to migrate automatically through the platform whenever it detects a content towards this platform. Right now, the platform is at version, alteration. Meteor.render uses a concept called reactive compu- but despite the fact that is has gone through several automated tation in order to find out which node needs to be updated with but also manual testing sessions, there still might be a few bugs. new data. Most of the applications use this mechanism automa- In addition, Meteor is in continuous development, thanked to a tically, and the programmer doesn’t have to directly access these team of programmers who are working full time to offer some methods. Thus, the pages maintain the real time update factor, and major changes in APIs, with every launched update. Even though the content is permanently updated. it hasn’t reached a final first version yet, Meteor is an extremely flexible, powerful, last generation platform which should get to Hot code pushes the public’s attention. Normally, when the application has to go into production or when a live deployment is carried out on a server, this can imply a higher degree of difficulty. There is a series of procedures which must be carefully observed, among which: moving the data base, shutting down and restarting the HTTP server, checking for possible deployment errors, synchronizing services, etc. An extremely useful and interesting thing which Meteor offers is Hot code pushes. This is a completely automatic mechanism for carrying Andrei Cacio out the deploy. All there is to do is to carry out the following order within the existing project: $ meteor deploy <host>


nr. 18/Decembrie, 2013 |

Perl developer @ Evozon



Interview with Richard Campbell (II)


ichard Campbell has more than 30 years of high-tech experience and is both a Microsoft Regional Director and Microsoft Most Valuable Professional (MVP). He has consulted with a number of leading North American organizations. In addition to speaking at conferences around the world, Richard is co-host of „.NET Rocks!, the Internet Audio Talk Show for .NET Developers” and the host of „RunAs Radio, the Internet Audio Talk Show for IT Professionals.” After the “The Essence of DevOps” RABS Guest session we had the opportunity to sit down with him and ask a couple of questions about the past and future of the computing industry as well as advice on on how to get into and advance your career in it. Attila: Do you think that a generalist approach is something that can be sustained? For how long can it be sustained? Do we need to specialize in different subdomains? Richard: I think the body of work has been large enough that we always needed specialists. There are too many skills to know, but each one has its role. I go back to the bridge metaphor over and over again. If you’re going to build a bridge, there is one engineer. They don’t build the bridge but they sign off on the paperwork and if the bridge falls down it’s their fault. You need guys who know how to pour concrete properly. You need guys who know how to string cables properly. You need guys who know how to lay asphalt properly. And they are skilled people, they are technicians in their own right. They’re different sets of skills and you need all of them if you’re going to be successful with the bridge. There’s certainly an engineer involved but they’re not the only one. I think you need to value each of the skills and that generalists have to get into specific responsibilities in the overall arc of building software successfully. Someone with their eye on the whole ball is a useful guy, but there is only so many of those and he needs to work with specialists to actually be successful.

everything about anything ever - for starters. You got to get a feel for what you want to do. Not every piece of software is a bridge either. One of the things that really excited me about the smartphone movement is that it brought back the really small team. Three people could make a living building an interesting app. And for a long time that was impossible. Game development got so complex that it took big organizations like Electronic Arts with a hundred to two hundred people to put out a game that actually stressed the limits of a video game machine. But you go down to a phone a suddenly one good programmer and one good artist and one management type to put all the pieces together can bring in an income where everybody can live. And that’s cool! We did that in the 80’s with desktop computers and 4G languages. And the fact that it’s back really interests me. I think we are in the later stages of it now where there are so much products on smartphones that it’s getting harder and harder for that to be successful. I think the biggest challenge for a young person today is to figure out what workstyle they want. And again, we can’t presume we’re going to stay in the same career. You can stay in computing for a long time. I know I have. But I haven’t done the same job more than a year at a time. There is always something new coming along. Some other way to work. And I think that’s part of really leading your career - keeping your eyes on the horizon and picking new things you want to try on and moving into that direction when you get an opportunity to.

A: Do you think that this is a useful attitude for young people who want to come into the field to adopt? Should they look for a speciality to specialize in and study toward it and not to expect to know everything about computer science / engineering? R: I don’t know that we can know

A: So if I understand correctly, young people should experiment a little bit to see what they like and move towards that direction if they want to work in computing. R: And I think if they want to stay in (computing), they got to dedicate a certain amount of time to keeping their eyes on

what’s coming - deciding what’s important to them, what they want to try next. There is a trap: you get good at one particular skill and you stop learning - you just focus on that one skill. You can ride that wave for a long time. You start out on the leading edge and the gradually you move back in the stack until you’re the old guy maintaining the legacy system. All with the same skills. In my mind if you spend ten years doing the same thing in computing, you don’t have ten years of experience - you have one year of experience repeated ten times. It’s more interesting to me, I think it’s a more fun career and it makes you a more valuable worker to actually press against the limits of your skills and explore other skills. That diversity makes you better at everything. You can’t do it all, you have to pick your niches but understand: if you only know one programming language, you got a very narrow way of looking at things. Your second programming language will be a real pain. Your third one will be the breakthrough language. That will be the one where you’ll start to see the whole in language and just see the sugar on top of them making them different. After that fourth, fifth and sixth are easy. And the other thing that happens to your mind is that you don’t care about languages - languages are not that important. The way you think is important. And how you solve | nr. 18/Decembrie, 2013


interview Interview with Richard Campbell (II) problems is important and it makes you a more valuable worker all around. That doesn’t mean learning everything. That just means getting your mind in place to have real perspective on what a productive approach is to software development. A: What do you think is the best way to learn? And I would divide this question into two parts: what’s the best way to learn for a young person who is getting into the field of computing? Should she get a degree? Should she study on her own time? And the same question for someone who’s been in the field for a couple of years and wants to advance her career. R: I think first and foremost you need to know yourself well enough to know how you learn. What is an effective mechanism for you to learn? One of the good news items is that there are many ways to learn right now and resources in all of those ways. I realized a long time ago that I’m a good reader. That I learn very quickly by reading and I’m impatient with other learning methods so I read to learn. That’s me. If you best learn with video, there are awesome products out there to learn with video. If you best learn hands on, there are classes available for you. So it’s up to you how you want to learn. I would say that many of the core programming approaches we have these days have very high bar of entry. It’s very challenging to get productive in some of these larger development environments, so you might want to pick a simpler one. To push yourself past the amateur level to really push yourself into computing as a profession - you have to do it yourself. No certification is going to save you. When I’m hiring a developer - rarely am I looking at skill anymore. I’m usually looking at two things: passion and their ability to work with the team - how well do they integrate with my people. You got those two things, I can teach everything else. Passionate enough that if I throw a new language at you - you’re not only able to do it, you’re going to be excited about doing it. That if I give you a Pluralsight account and say “I need you to get up to speed on Single Page Applications in HTML5” you’re do it in no time because you got the videos and you can watch them as much as you want to. And working with the team well: that you value the differences in the skills and want to work closely - that to me is the most valuable employee that I can possibly have. And realize that both of those skills are really soft skills - technical skill aren’t


going to get you far anymore - the ability to pick up new technical skills will. We’re in this transformational time in computing and so the skill you learn today isn’t going to serve you as well five years from now. But your ability to learn those skills and your willingness to do it will serve you well. A: Speaking about soft skills - what do you think is the biggest misconception people outside of our industry have about it? Things like “you only sit in front of the computer”, “you don’t interact with people”, “you can learn it and then you are set of life”, ... R: There is a thing called the Dunning Kruger effect which says that most people know so little about this that they don’t even know that they don’t know anything. And computing is often like that. Often we’re in a situation where the managers of an organization think that software development is all about typing. So if you’re not typing, you’re not working. And you have to educate them that that’s just not the case. That typing can be very destructive to the development process. It can lead us further away from the goal than closer. That there actually has to be a plan and there has to be forethought. I think helping to educate people and helping them understand what’s complicated and what’s easy - because it’s not obvious in software. Most of the time it is the soft skill piece. We’re pretty sure today, right now that there are very few business skills that can’t be automated, where we can’t put technology to them and benefit them some way. The technology has come a long way and it’s extremely robust right now. Most of the time the problem is in the team and in the requirements gathering. Actually understanding the business well enough to apply technology to it. That’s a real growth area. It’s always been a problem but it’s getting more and more acute as time goes on. A: Thank you. These were the questions I prepared and I want to if you would like to mention any resources, websites, things you’re working on, things people should check out? R: .NET Rocks . It was created by my friend Carl Franklin back in 2002, which is kind of amazing because in 2002 the word podcast didn’t even exists. That was coming along a couple of years later. He was just making MP3 files and putting on the internet. But now, fast forward eleventwelve years and show has grown really strong. I’m the newcomer. I came aboard

nr. 18/Decembrie, 2013 |

in show 100. I think were at show 916 now. We had our 900th episode in Wisconsin at a conference. They had a big party around it. 900 is a lot of shows. The show comes out twice a week - Tuesdays and Thursdays. It’s a free to download podcast. It’s just an MP3 file and you can get it in iTunes or Zune Marketplace or anywhere you want. We now have mobile apps for all the devices - even Windows Phone. And twice a week we talk to .NET luminary: Rocky Lhotka or Scott Guthrie - somebody deeply into the .NET space - about what they’re concerned about and new technologies. We’re trying to make it easier for folks that are working in the industry or are interested in the industry to sort out what’s important to them and where they should learn more on certain topics. The Tuesday shows tend to be the more technical shows. Thursdays we go further afield. Sometimes it’s about a technology, sometimes it might be a history lesson. We once did an interview with Les Pinter, the guy who wrote the original version of Word that he sold to Bill Gates. Or we talk about Career opportunities. Once a month or so we do a geekout show on something outside the development space entirely. Last month it was asteroid mining. This month it’s barbeque. But you know, we try to be light-hearted about the show. We know a lot of people who are listening on their commute and so we’re very much a talk-show format. We try to have fun with it, we’re pretty silly people at the best of times. And DNR is just one of the shows. We do the Tablet Show one a week on Mondays and that’s tablet and mobile development across the platforms - we talk about iOS and Android and Windows and then I’m also on the IT side - coming from the early days of computing we’ve build a lot of equipment, did a lot of networking so I talk to IT professionals about once a week on Wednesdays on Run As Radio shorter, a little tenser, a little more focused on a particular subject area than the lightheartedness that is DNR. So yes, four shows a week these days. A: Thank you so much for the interview.

Attila-Mihaly Balazs

Code Wrangler @ Udacity Trainer @ Tora Trading


powered by

ISSUE 18 - Today Software Magazine (english)