TEAM Zarate Tarrani Notes From the Field

Milestones, Quality, Tools & a Promise. The milestone first: Happy birthday Marcia Hopkins! Marcia is one of those rare people who is skilled in instructing, process analysis, technical writing and web page design. She is also blessed with with the ability and talent to also produce sparkling prose in her creative writing endeavors. When was the last time you met an IT professional who could write, present and code?

The fruits of last night's research include manuals that will warm the heart of any SQA practitioner. I've also unearthed some amazing tools, and have gathered material that I'll dole out over the next few days.

Quality. On 19 April 2001 I reviewed a book on Amazon titled Software Error Analysis. The book is, in my opinion, outstanding, but that alone isn't remarkable. The reason I'm mentioning the book is because you can read it online as well as download a copy in PDF format. Isn't it nice to have choices?

That book came from the National Institute of Standards and Technology (NIST) High Integrity Software Systems Assurance Group. There are two more documents from that group that are worth their weight in gold to SQA professionals:

1. Software Quality Assurance: Documentation and Reviews
2. Quality Characteristics and Metrics for Reusable Software

I also came across an interesting MS Word document about test frameworks that has interesting ideas you may want to incorporate into your test process.

Tools. NIST has a collection of web tools that are publicly available for download. These tools are a part of the NIST Web Metrics Testbed, which is designed to explore the feasibility of a range of tools and techniques that support rapid, remote, and automated testing and evaluation of website usability.

Also available are a collection of web metrics papers developed by NIST and a comprehensive list of web usability resources.

Promise. Tomorrow I'm going to provide material and tools on XML conformance testing, including a test suite. In the meantime you can read the XML Conformance Testing presentation in PowerPoint format.

The sun has finally burned off the haze here in Tustin, California and I'm going to enjoy the sunshine, a good book and an espresso.

Less than two hours ago I posted an entry on risk management and auditing in this weblog's alter-ego, Postcards from the Revolution, and am extending the topic here. This weblog focuses more on software engineering, while Postcards from the Revolution is our soapbox for IT professional improvement, so the content here will be slanted towards software engineering risk management and its cousin, quality.

Two PowerPoint presentations that fit this topic are:

1. Project Management & Software Engineering Techniques to Achieve High Software Quality
2. Developing Software Quality Plans (a complementary PDF presentation you will want is Developing Software Quality Plans: A 10-Step Process)

The International Software Testing Institute has an article that drills down into the quality process: Modeling the Software Quality Assurance/Software Quality Engineering Process. This site has a large number of special interest groups, each with their own page and additional content, and an impressive collection of software testing articles that cover the full spectrum of QA.

The motherlode of artifacts, however, is the Department of Energy, which makes the following publicly available:

• DOE Software Engineering Methodology Guide.
• System Engineering Guide (MS Word format).
• QA Guides.
• Project Management Guides.
• Templates and Checklists.

Have a nice weekend.

I just added a Search Feature to this page that returns results from both this page and Postcards from the Revolution (see links on the left side of this page). Thanks to Unmesh Laddha for suggesting this enhancement.

I just checked the latest OraPub whitepapers and was delighted to see the 4th draft of their masterpiece, Response Time Analysis for Oracle Based Systems. This draft is dated 11 February 2002 and is essential for any DBA, or capacity or performance analyst.

Their Oracle tools page contained a new entry for shops using EMC storage solutions: Oracle scripts for EMCLink Collector. There is also an 11 February 2002 update to the free OraPub System Monitor (OSM). This tool provides interactive information about an Oracle database system.

A Shotgun Wedding. In Linda's Postcards from the Revolution entry earlier today she mentioned ebXML. I agree with her that ebXML is an important consideration for electronic commerce architectures, but have a concern that this emerging standard is not coming from the World Wide Web Consortium (W3C). Instead it's a standard that is sponsored by Organization for the Advancement of Structured Information Standards (OASIS) and the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT).

A JavaWorld article titled ebXML: Not just another acronym sums up ebXML and the apparent disconnect between the W3C and OASIS. This disconnect is not a rivalry or competing effort. It's based on the fact that the W3C is not directly involved in an area that, in my opinion, should have their involvement. I have another opinion about this: there is an inevitable marriage between OASIS and W3C with respect to ebXML, hence, my theme:

Something Old. ebXML roots in XML can be clearly seen in Robin Cover's 29 January 2002 piece titled Electronic Business XML Initiative.

Something New. If ebXML is a new term to you read Romin Irani's 11 July 2001 article titled An Introduction to ebXML (Collaborative Electronic Business is here to stay), and also go to the source: OASIS. If you've been following my entries on security in Postcards from the Revolution, then you'll certainly want to examine the XML-Based Security Page on the OASIS site.

Something Borrowed. The open source folks have initiated Open ebXML projects and an Open ebXML Laboratory.

Something Blue. When IBM gets into the picture you begin to take things seriously. Big Blue's XML Zone has a well-written article from June 2001 titled Understanding ebXML Untangling the business Web of the future that fully describes ebXML.

... and a silver sixpence in her shoe. Welcome back Linda!

NOTICE: CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP) was issued today (12 February 2002). See also: Network World article titled CERT warns of SNMP vulnerability with widespread impact for a quick summary of the impact and scope of this problem.

eXtreme Programming, RUP & Refactoring. I just finished reading a short paper titled LIPE: A Lightweight Process for E-Business Startup Companies based on Extreme Programming, which is one of the more sensible approaches to blending development processes with business realities that I've read in a long time.

In my opinion XP (eXtreme Programming) is a viable way to quickly implement applications to meet business requirements. I am not comfortable with the way XP treats design documentation, and certainly do not believe that large-scale systems should be built using XP. However, for iterative projects designed to quickly deploy systems and applications to achieve business competitive advantage, it is sound and effective. In many ways it's a mini-RUP (Rational Unified Process). As an aside, if you're interested in the RUP I have a set of presentations in PowerPoint format that gives a complete picture of the basics.

William Wake's Software Design and Development page is a starting point for XP information because it contains links to all of the major web resources, and has additional articles, papers and information that I haven't come across before. His 158-page whitepaper titled XP Explored is an interesting dissertation on both XP and refactoring.

If you're interested in refactoring and patterns (two topics of previous entries here), Joshua Kerievsky's Refactoring to Patterns is a paper any developer will love.

Miscellaneous Short Topics. I love sharing, and today am in a particularly generous mood. Here are some documents and presentations on miscellaneous topics that I rediscovered when I was cleaning up duplicate files:

• Client-Server Response Time - a PowerPoint presentation on measuring response time in a client/server environment. This is a quick refresher for capacity planners and performance analysts.
• Project Quality Assurance - PowerPoint presentation on project-oriented quality with a focus on SQA.
• Risk Management - a PowerPoint presentation on project risk managemet. Also addresses operational risk management.
• Software Inspections - policies and procedures in MS Word format that will kickstart implementing inspections into your organization.

If you don't receive The Data Adminsitration Newsletter you're missing one of the best resources on the web. This newsletter is not just for DBAs - it's for IT professionals in every discipline.

If you're interested in SCM the ACME Project (Assembling Configuration Management Environments) is the web resource to visit. The purpose of the ACME project is to gather together successfully used "best practices" and "lessons learned" for software configuration management (SCM), as well as other useful information about SCM. Brad Appleton, the initiator of the project has, in my opinion, fulfilled the purpose in all respects.

If you're like me you want to thumb through a book before you buy it - and you probably buy many technical books online because bookstores don't carry a large selection of technical and business books these days (at least not the interesting ones). BRINT Books-to-Click has a large number of full titles online that you can read for free. Reading online is not the same as reading words on a printed page, but you'll know what's in a book before you buy it.

Ending Note: I dug up an old graphic that Linda and I did ages ago titled Life Cycle in a Nutshell. It somehow fits with the theme of this entry, so I thought I'd share it.

Capturing Knowledge and Practices. I'm a patterns advocate because they lend themselves to capturing best practices and lessons learned. These, in turn, are a form of knowledge management that facilitates knowledge transfer, not to mention process improvement.

Most IT professionals, and probably all developers, have some familiarity with patterns, amd the first introduction probably came from reading Design Patterns. That 1994 book introduced the powerful technique for capturing best practices, lessons learned and solutions in object-oriented development. The concept was borrowed from the building industry and was inspired on a 1977 book by Christopher Alexander titled A Pattern Language: Towns, Buildings, Construction.

Patterns have even spawned a growing body of knowledge of what not to do, called anti-patterns.

Because I am such an advocate (and a passionate one at that) I want to share what I consider to be the best patterns resources on the web:

• If you're new to patterns start with Brad Appleton's Patterns in a Nutshell. This page succinctly and clearly explains patterns with a minimum of extraneous fluff.
• After you get an idea about what patterns are and what they can do for you, read Mr. Appleton's Patterns and Software: Essential Concepts and Terminology.
• If you get the impression that patterns are for developers only (and object-oriented ones at that), a visit to Scott Amby's Process Patterns page will dispel that notion. This page supports Mr. Amby's two books, Process Patterns: Building Large-Scale Systems Using Object Technology (See Linda's 27 September 2001 review and my 26 January 2001 review on Amazon), and More Process Patterns: Delivering Large-Scale Systems Using Object Technology (Linda reviewed this one on 4 February 2001). Don't let the term Object Technology in the title throw you - these two books capture patterns that cover the full application and service delivery spectrum and are two books to which Linda and I refer for best practices.
• If you're an operations analyst or business process specialist, you'll find the workflow patterns page to be a source of interesting information as well as evidence that patterns are cropping up everywhere in IT.
• Bell Labs Organizational Patterns is further evidence that the use of patterns has migrated out of the OO deveopment domain into a much larger world. Remember, we borrowed the idea from the building industry. Organizational patterns deal with unpredictable systems called human beings. The complex interrelationship of this pattern type is illustrated in the Org Patterns Map (click on any node). This information is also broken out into a more readable table of patterns that are hyperlinked to each individual pattern.
• Alexander Hirnschall at the University of Linz, Austria, maintains an interesting . As a side note, Mr. Hirnschall also has interesting pages on workflow management and Active Object-Oriented Database Design

I previously touched upon anti-patterns. Sometimes an example of what not to do is as powerful as a documented best practice. Linda reviewed AntiPatterns in Project Management on 24 April 2001. I thumbed through the book and found it interesting. I have also thumbed through the related books: Anti-Patterns and Patterns in Software Configuration Management (a wonderful resource for CM specialists) and AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis (the book that introduced anti-patterns).

A good place to start for understanding anti-patterns in context is the design patterns page on the anti-patterns site. Follow up with anti-pattern viewpoints as an overview, then drill down into the three views:

1. Development.
2. Management.
3. Architecture.

Ending Note: Shifting gears - I'll end with two sites that I recently discovered and want to share:

1. SCHEMA.NET. This site is part of a family of pages: XMLINFO, XSLINFO and XMLSOFTWARE. The goal of this family of sites is to provide well organised information and resources on XML.SCHEMA.NET provides DTDs and schemas for practically every business domain and vertical imaginable.
2. Functional Programming and XML, which is an article on O'Reilly's xml.com that makes a compelling argument in favor of using functional programming techniques instead of OO for XML development. It's worth reading regardless of your views on OO vs. functional development.

Related topics are in today's Postcards from the Revolution: Activity-Based Cost and Value-Added Assessment, eXtensible Business Reporting Language and Reference Software Quality Profiles.

Important. I haven't authenticated this, but it comes from a source whom I trust. The warning is:

The IRS Criminal Investigations Division recently sent out an alert to law enforcement agencies regarding this scam. PLEASE READ and FORWARD to others, so they might not be a victim of what could seriously damage you financially.

Some taxpayers have received e-mails from a non-IRS source indicating that the taxpayer is under audit and needs to complete a questionnaire within 48 hours to avoid the assessment of penalties and interest. The e-mail refers to an "e-audit" and references IRS form 1040. The taxpayer is asked for social security numbers, bank account numbers and other confidential information. The IRS does not conduct e-audits, nor does it notify taxpayers of a pending audit via e-mail.

That e-mail is not from the IRS. Any e-mail received of this nature should be saved so that a computer forensics investigation can be conducted to determine the originator. Law enforcement personnel should remain cognizant of this latest identity theft ploy. And this social engineering exploit is not limited to the U.S.A. A criminal in your country can also pull a scam like this. Be Warned! More info at: webmaster@fleoa.org - Federal Law Enforcement Officers Association.

I did do a quick Google search and discovered that this scam is also being pulled over the phone.

Late Note: I just finished adding an entry to Postcards from the Revolution that provides technical resources for security, including source code references and whitepapers. If my comments in my 9 February entry about security testing piqued your interest then this material is something you'll want to read.

Surviving Projects. I've been skimming through some of my favorite books lately and got drawn into Steve McConnell's now classic Software Project Survival Guide. Linda reviewed this book on 6 July 2001 on Amazon; I've had a copy since 1997. The value of the book is enhanced by the companion web site, which is rich in content and artifacts that keep this 5-year old book up-to-date. Among the more valuable of these are:

• Survival Test Checklist (downloadable in Excel format)
Each of the 18
• checks cited in the book
• Resources cross-referenced by book chapter and by book subject

In addition to the materials that directly support the book, Mr. McConnell also provides a free tool called Construx Estimate that will add structure to your estimation process. Another free tool that is available from this site is CxOne Basic, which is a tailorable, modular, and scalable software engineering framework. The basic version is a subset of the enterprise version, which is a commercial product. The artifacts included with the framework are linked to industry best practices.

CxOne Basic is also tied to the Software Project Survival Guide with a cross-reference between the book and the product. There is also a comparison between CxOne and eXtreme Programming with comparisons between the CXOne framework and the Rational Unified Process and the CMM slated to be provided in the future.

More on Architecture. Architects (and technically-oriented project managers) should be familiar with the Reference Model for Open Distributed Processing (RM-ODP). An excellent starting point is the Distributed Systems Technology Centre (DSTC) RM-ODP page. They also sponsor other projects that you may find interesting, including:

• Enterprise Modeling
• Organisational Policies and Security
• Knowledge and Resource Management
• Component System Engineering

Ending Notes. If you haven't been to Software Dioxide, you're missing one of the best multi-discipline resources on the web. This site, which requires free registration for full access to an incredible array of resources, is divided into eight domains:

1. Project Management.
2. Product Engineering.
3. Knowledge Management.
4. Software Reuse.
5. Quality Assurance & Models.
6. Measurement.
7. People & Management.
8. Contracting & Acquisition.

This is one of the first places to which I look when I'm researching a topic, and I have it bookmarked on my Netscape personal favorites toolbar.