Monday, October 05, 2020
Saturday, March 07, 2009
Tuesday, July 02, 2002
Issues. That word has multiple meanings in this context. One meaning is that we have all been obviously busy these past six weeks, which means that we've been dealing with a plethora of issues, with more to come. Another meaning is that new issues of two of my favorite magazines are out.
The magazine that I most look forward to is CrossTalk, The Journal of Defense Software Engineering. Since we've been so far behind I failed to report on the past two issues - a situation I am going to rectify now:
- July 2002 is devoted to Information Assurance.
- June 2002 is focused on software estimation techniques.
The other magazine I make sure I read as soon as it comes out is The Data Administration Newsletter. In the most recent issue, Issue 21.0 - 3rd Quarter 2002, you'll find a fresh set of papers and articles, and the insightful feature columns that are written by genuine industry experts.
Also noteworthy are the following new issues of newsletters that I read:
- STQe-Letter, Information for Software Testers, Managers, and Quality Assurance People.
- Amy D. Wohl's Opinions Volume 2, Issue 26 (28 June 2002).
- The Server Side Connection.
- Doug Kaye's IT Strategy Letter.
- Mike Sisco's E-Zine (June 2002 issue).
- Methods & Tools.
Monday, July 01, 2002
Appreciation. One gentle voice who encouraged us to release the backlog of entries is Nikhil Joshi of Pune, India. Thank you for your support and encouragement Nikhil, and rest assured that we will try to not get so far behind again.
But ... The content for Postcards from the Revolution is going to take an additional day before we're ready to release it. Please be patient.
This book is a collection of papers that address the full spectrum of testing issues and challenges in rapid development/rapid deployment environments. Although the title implies that this book is about quality and testing of web applications, many of the papers go well beyond that narrow scope.
The papers are divided into five categories:
- Managing for Optimal Time to Market. This categories contains an obligatory paper on high-speed web testing, which does address the key challenges. However, two of the papers are exceptional: Using QA for Risk Management in Web Projects drives home the relationship between QA and project risk, and Establishing Quality Procedures for Incremental Software Development is essential reading for anyone who needs to integrate testing into methodologies such as the Rational Unified Process or any other incremental/rapid development approach.
- Processes. This section of the book has papers covering topics ranging from how to use Extreme Programming to manage project risks to adapting test processes to web applications. In many respects the papers in this section capture the essence of the book's theme.
- Testing from the User's Perspective. This is my favorite section, especially the papers on business oriented testing for e-commerce and the paper titled "Strategic Testing: Focus on the Business". All of the material here reinforces my own experience and observations, and clearly shows the relationships among meeting business requirements, quality and project success.
- Technical Testing. Test professionals will get the most from this section because it provides techniques. My favorite is "Securing E-Business" because this important aspect of testing is usually given superficial treatment (if it's covered at all) in most testing books. Another paper I liked in this section is "The Back-End Side of Web Testing: Integration of Legacy Systems", which is applicable to enterprise application integration and e-business system testing. In addition to papers on testing techniques, other aspects of quality are covered in this section, such as performance monitoring (more aligned to capacity planning and performance management than testing, but certainly applicable to quality and service level management).
- Test Automation Techniques and Tools contains a single paper titled "Automated Testing of mySAP Business Processes". If you're involved in web-enabled ERP or portal quality this paper is a treasure.
Saturday, June 29, 2002
The 201 tools contained in this small, highly useful book range from Acid Test (doing a quick ratio of financials) to Z-Scores. Each tool is listed alphabetically, its use explained, and instructions on how to use it is provided. What I particularly liked is the worked examples that accompany each tool.
As an IT consultant who specializes in service delivery this book is not one I would normally include in my professional library. I was introduced to it when a colleague and I were writing a white paper on recovery management. We were searching for a way to link business imperatives to justification for investment in recovery strategies. We found one piece of the puzzle in this book - the Altman Z-Score. This tool predicts whether or not a company is likely to enter into bankruptcy within one or two years. This led to the development of a copyrighted model that addressed survival level objectives, and also became a key part of the Tarrani-Zarate Information Technologies Management Model. All this from a single entry in a small book!
Aside from discovering a relatively obscure, but important, tool I also found other useful tools in this book. Because I am not a business consultant or financial expert the tools were like a cram course in financial management for non-financial people. For example, I was able to apply some of the tools to personal financial matters - the real costs of a loan become quickly apparent when you compute them. I was also able to employ some of the tools to conduct realistic cost/benefit analyses, examine trade-offs supporting approaches to projects, etc. In this respect this small book has significantly improved my professional skills and has inspired me to read other books on financial management.
I strongly recommend this book - collection of tools really - to anyone who deals with finance, anyone who has P&L responsibilities, and business and IT consultants. The latter group will find this book to be invaluable for developing proposals, deliverables and project plans that add value.
Friday, June 28, 2002
The author of this excellent book give a realistic roadmap to achieving CMM levels 2 and 3, which are major hurdles in capability maturity, especially level 2 from a culture-shock point of view.
What makes this book realistic is the way you're lead through the important steps, with a complete focus on what it takes instead of theory. The book starts off with an obligatory overview of the CMM, but quickly segues into the steps needed to attain level 2 (repeatable), which are creating the structures, processes, training program and policies. While each of these are important, I especially like the inclusion of policies because they are necessary to codify goals and are frequently overlooked. This section also includes subcontractor management, which is important for aligning those with whom you are using on projects with your own organizational capabilities. This makes sense because if your organization is repeatable and your subcontractor(s) aren't, then you either need to go shopping for more compatible subcontractors, or get dragged back into ad hoc approaches.
The same approach to graduating to level 3 is used, with slight changes. In the section that covers level 3 the first topic is about focusing on organizational process improvement, followed by an in-depth chapter on defining organization processes. These reflect the key changes between level 2's repeatable goals and level 3's focus on defined processes. After these are clearly and completely explained the same formula - structures, processes, training program and policies - is addressed for level 3.
Following the steps to get to levels 2 and 3, the next section is centered on implementation and assessment. This section prepares you for the assessment process itself, and offers excellent advice on how to get through it. Additional information of value is provided in appendices B (Annotated Level 2 Preassessment Questionnaire) and C (Samples of Level 2 Policies), both of which are provided in PDF format from the book's associated web site.
One key question that needs to be answered: Which is better, this book or CMM Implementation Guide: Choreographing Software Process Improvement by Kim Caputo? My opinion is that both books are equally important and both should be read because they cover two different aspects of attaining CMM levels 2 and above. This book concerns itself with the nuts and bolts of processes, where Caputo's book is more focused on organizational change. I recommend both books, and think that they nicely complement each other.
Thursday, June 27, 2002
Many of the ideas and the approach for this book were born in the author's earlier book, More Process Patterns, which examined the very transition and support requirements in a more generic manner. In fact this book, like the earlier one, is a collection of best practice patterns that cover the transition and production milestones. After an introduction that explains the rationale and approach, the book covers the workflows and patterns in the sequence in which they will occur: testing, deployment and environment, operations and support, project management and infrastructure management.
What makes this book important is that it extends the Unified Process to include the key milestones that account for cost and quality, and goes into great detail about what is required and how to avoid failure. If you work in operations and support you will find the material in this book invaluable - you should also buy copies for key members of the project team that is delivering your system so they have an understanding of and appreciation for the task of supporting their creation. While this book will obviously benefit shops that employ the Unified Process, the information and workflows are equally useful in any development approach.
Wednesday, June 26, 2002
- learning the techniques
- realizing that it's really about people
- epiphany - it's about ensuring that someone else gets the blame if things go wrong and 1 & 2 are core skills in achieving this
The nine chapters in this 305 page book systematically cover all aspects of the people part of the equation. It starts with an accurate description of key management skills and duties required of a PM. It then addresses the basics of organizational planning, which focuses on roles and responsibilities. From personal experience I can attest that establishing roles and responsibilities is essential to project success.
Chapter 3, Human Resource Theory and Charts, sets the tone for the chapters on Staff Acquisition and Kickoff, and Team Development, both of which provide refined techniques for managing people and teams.
I particularly liked the chapters on resolving conflict (something that PMs deal with daily) and managing change, which is a constant. Since I work with multi-cultural teams that are international I also liked the chapter titled Worldwide Teams and Cultural Issues.
The chapter on project closeout and evaluation is a good reminder that there is a shutdown phase to projects, and this chapter provides guidance for how to perform this step in a structured manner.
Although this is a book on the PMI approach to project management, the material is also applicable to any project management methodology, including the UK standard (PRINCE2) and CompTIA's IT Project +.
Tuesday, June 25, 2002
- Data Warehousing Fundamentals. This is one of the best introductory books on data warehousing I've read. The authors make few assumptions of reader knowledge beyond the fact that they are IT professionals who have a technical background that doesn't necessarily include database and data warehouse knowledge. They do assume a basic knowledge of IT operations, project management skills and systems analysis and design - skills that IT professionals are expected to have.
The book is divided into five parts: Overview and Concepts, Planning and Requirements, Architecture and Infrastructure, Data Design and Data Preparation, and Implementation and Maintenance. These follow a development life cycle, making the structure of the book easy to follow.
What I like about this book is it doesn't just cover the theory and concepts (which it does do well), but sets data warehousing in the context of a larger architecture designed to meet specific business requirements. I also like the way the authors address real world issues such as planning and managing a data warehouse project, and the issues and factors surrounding adding a data warehouse into an existing technical architecture. This information is what IT professionals are seeking when they are faced with a technology with which they may not have strong knowledge, and it makes this book useful to the intended audience.
Among the chapters that I most liked are: Principles of Dimensional Modeling, Data Extraction, Transformation, and Loading, and Data Quality: A Key to Success. These capture the essence of data warehousing in my opinion and are topics that IT professionals without a data background need to understand. I also thought that each of the appendices were useful. They provided a finishing touch by covering project life cycle steps and checklists, critical success factors and guidelines for evaluating vendor solutions - each of which provide practical information.
- Data Warehousing and Web Engineering. This is a collection of papers that cover salient issues in data warehousing with an emphasis on business intelligence, data mining and knowledge management applications. While many of the papers in this book are more useful to technical professionals, there is a lot of material that will also be useful to marketing and competitive intelligence specialists in the business domain.
Some of the papers are more basic and introductory, such as "Justification of Data Warehousing Projects", "An Introduction to Information Technology and Business Intelligence" and "Some Issues in Design of Data Warehousing Systems". Some, however, address advanced topics such as "Data Mining Methods Databases and Statistics Point of Views" and "Incremental Data Allocation and Reallocation in Distributed Database Systems".
My personal favorite papers were "Specification of Components Based on the WebComposition Component Model" (reflecting professional interests in component-based development), "Complementing the Data Warehouse with Information Filtered from the Web", and "Using Business Rules Within a Design Process of Active Databases" (another area of professional interest).
In addition, the papers cover topics in data mining, data quality and knowledge management, which means that there is at least a few papers that will intersect with a reader's professional interests. The best audience for this book includes academics (the papers are citable), consultants who specialize in business intelligence and data mining, and organizations that have a solid base of experience with advanced uses of data warehousing.
Monday, June 24, 2002
Don't expect qualitative or quantitative risk assessment methods, or even a risk management process that is almost an obligatory part of most project management books. Do expect the collective wisdom of real people who were interviewed, and their recommendations for dealing with the real risks.
These risks range from misaligned or unwarranted expectations to slippery requirements. If you've managed an IT project many of the risks will be familiar. How the PMs who were interviewed handled them will be illuminating.
Aside from the fact that this is a highly readable book that is packed with wisdom and advice, the appendices also add a considerable value. Appendix 1 cross references the risks (constructs) by theme making it easy to quickly find the solution to a particular issue. Appendix 2 gives 5 hypothetical project profiles that reinforce the information in the body of the book, and Appendix 3 is a collection of strategies from the body of the book.
Regardless of whether you are preparing to manage your first project or are seasoned and battle-scared, this book provides knowledge and advice that you can use.
Sunday, June 23, 2002
The four chapters in this short, focused book introduce work breakdown structures, define them from a conceptual point of view, explain why they are the foundation of project planning, and show how to create one. These chapters comprise a scant 18 pages, but are thorough enough to accomplish the objective of explaining the Project Management Institute's practice standards for WBS.
The real value of the book is contained in appendices E through O, in which a WBS for common industry project types are given as examples. These 44 pages are the real reason to buy the book because they show real examples of the conceptual and brief "how to" approach compressed into the first 18 pages. The project types in these appendices are:
E - Oil, Gas, and Petrochemical (OGP)Appendices A-D are filler that descripe the PMI standards process and associated information, and can be safely skipped unless you are interested in those topics.
F - Environmental Management
G - Process Improvement
H - Pharmaceutical
I - Process Plant Construction
J - Service Industry Outsourcing
K - Web Design
L - Telecom
M - Refinery Turnaround
N - Government Design-Bid-Build
O - Software Implementation
Overall this is a much needed book because WBS are still skipped during the project planning phase in too many projects. This is unfortunate because the first thing that a professional does when called in to rescue a project is to examine the WBS, and if there isn't one, the first step towards rescuing a project is to develop one. By following this book, especially if any of the example WBS is similar to your project, will go a long way towards ensuring its success.
Saturday, June 22, 2002
It's written as a tutorial that uses two tools, Sensitivity, which is used with the chapters dealing with decisions under uncertainty, and Supertree for developing decision trees related to risk analysis. Instructions on obtaining the student versions of these programs are included in the book. Note that the student version of Supertree accommodates trees with up to 250 endpoints, and the student version of Sensitivity performs sensitivity for up to 12 variables.
My most used text on decision analysis is Making Hard Decisions by Robert T. Clemen. Where that book is more comprehensive, it's also less suitable for the working professional who needs a refresher and a desk reference. Therein lies the main value of this book - it's more aligned to real world problems that you'll find in the workplace and is written to be both a tutorial and a reference.
In the past I gleaned information and techniques from books about managing professional services from the perspective of law firms and other industries - good information to be sure, but fell short of the realities of technical services.
What I like about this book is the complete look at professional service management, with an emphasis on both personnel and cost management. I especially like the way the authors show how to go beyond mere cost management to optimize revenue and profit. The information and strategies they provide reflect extensive experience and a strong focus on the business aspects of professional services. I also like the ties to customer relationship management and various types of services, and the PSA components. This first decomposes the components of professional services management (manual or automated) into the critical success factors, then reconnects them into a coherent whole.
Although this book is about automating professional services management, most of the information, especially part 2, can be used effectively without automation. Therein lies the main value of this book and the reason why I think it's simply the singlemost important book a professional services manager can have. In order to get the information collected between the covers of this book you'd have to purchase a pile of related books from other industries, and spend a significant amount of time reading articles and surfing the net. If you are a professional services manager you already know that you don't have time for that. If you're being placed in a professional services management position you need this book.
Friday, June 21, 2002
Regardless of your goals or motivations, the first two chapters helps you to clarify your objectives, decide on the appropriate business model and mission statement, and introduces key concepts that will be used throughout the book. One of the most effective techniques in this section of the book is the way the authors lead you through framing your mission and goals and employing a service alignment risk factor to test the clarity of your mission and how it aligns to other business processes. This is especially important if technical services is not your core business.
Chapters 3 and 4 are, in my opinion, the heart of the book because they address revenue and profitability, and organizational structure - two areas with which many companies struggle. The information in these chapters will show you what you need to do to become and remain profitable, as well as how to best organize your resources to deliver in accordance with your chosen business model. For start-ups Chapter 3 provides an excellent framework for business plan pro formas. Chapter 5, Selling, thoroughly covers the critical success factors and metrics for selling services.
In chapters 6 through 8 services delivery, productizing and promotion are given the same thorough and insightful treatment. Of particular value is the customer engagement workflow that is provided in Chapter 11, and the four phases of professional services given in chapter 12. The phases provide a path by establishing basic implementation services as a service offering, then building upon these to provide integration services, consulting services and productized services - each phase represents an increase in what you offer customers (external or internal). For each of the phases the authors address the following factors: value proposition, profitability triangle focus, critical skills, required operational infrastructure, target mix, revenue growth rate, target gross margin and target operating profit.
I like the way that these (and all of the chapters) end with sample budgets and issues to watch, and the key financial models provided in Appendix D.
You can get more information about this book, including associated articles and PowerPoint presentations, from the author's webpage.
Wednesday, June 19, 2002
Integration is assumed to be within the context of ERP systems, which are enterprise-wide in scope. The level of detail is kept reasonably high so that both audiences can easily grasp the key issues and understand the challenges and needs of the other. What I like about the book is the fact that it never loses sight of business requirements, and the manner in which it stays focused on quality and real world issues. I also like the way case studies are used to reinforce some of the more abstract aspects of enterprise integration.
Highlights of this book that will interest both business and IT include:
- Totally Integrated Enterprise Goals and Agile Enterprise, which give a business framework for the technology solutions that are discussed later in the book.
- Methodology for Understanding Enterprises, which places integration and technology into the context of meeting business requirements.
- Business Development and Product Management, which provide insights to IT about the challenges that their business constituents face and their support requirements.
If you are seeking a book about deciding whether of not to implement an enterprise-wide system I recommend Enterprise Resource Planning Systems: Systems, Life Cycle, Electronic Commerce, and Risk by Daniel Edmund O'Leary. If you are more interested in an implementation methodology I recommend E-Business and ERP: Rapid Implementation and Project Planningby Murrell G. Shields.
Sunday, June 16, 2002
I like the complete coverage of both transaction and queuing approaches, and the vendor-specific information that includes Microsoft's .NET and Sun's Java, as well as everything in between. The sections database middleware and middleware performance are especially valuable because they are more generic and applicable to a wider audience than the MS- and Java-centric sections.
While individual papers have a slight vendor bias, the book as a whole is vendor neutral. This is not a book for learning about middleware as much as a good description of what's currently available and their strengths and weaknesses. If you are looking for a more general book I recommend Chris Britton's IT Architectures and Middleware: Strategies for Building Large, Integrated Systems for the fundamentals, and David Linthicum's B2B Application Integration for a detailed text on how to employ middleware in practice. However, this book will give vendor-specific details and a more up-to-date view of middleware that are missing from Britton's and Linthicum's books. If you're a system architect or consultant this book is an excellent desk reference.
Saturday, June 15, 2002
The chapter on engineering change control stands out because this aspect of both data structures and process change management are not covered (or only lightly touched upon) in other ERP references. This chapter and its companion on implementing change add significant value to the book and reflect mature and best practices. I also liked the chapter on new product introduction and custom manufacturing because these aspects of the manufacturing process come with a different set of challenges and requirements from steady production processes.
Regardless of whether you're using SAP, Baan or another ERP package (or are developing custom applications to automate manufacturing materials management) this book will expose the relevant details of the data structures, which are the foundation of any application.
Friday, June 14, 2002
Each section is devoted to carefully chosen papers, some of which reflect individual authors' experience. The strength of this approach is that you benefit from a rich diversity of viewpoints and deep subject matter knowledge. The weakness is that some of the material is inconsistent with what precedes or follows in the book.
Since this is a technology-focused book the highlights are that the information is current and reflects issues, methods and technologies that are valid as of the date this review was written. The editors ensured that information that is not commonly used in ERP integration, such as web services, are not addressed. This doesn't imply that web services will not play a future key role (such as in PeopleSoft 8), but that most ERP implementations are integrated using middleware, XML and other methods. The more typical integration methods are covered in great detail, and the sections on database servers and data warehousing are especially informative.
I also like the section on Internet commerce, which covers topics ranging from web-based testing and capacity planning to XML-based B2B commerce - topics that are not commonly found in other ERP texts. The section on project and systems management also contained excellent information, such as the paper titled "Service Level Management Links IT to the Business", which touches upon a critical aspect of integration. Each of the four papers in the Component-Based Development section also included information that should be carefully considered by large enterprises, especially those that are using off-shore development of off-site contractors to develop modules. This section goes into each of the major critical issues, including economic considerations, domain engineering, server-side Java development and object library management.
Some of the information in this book is time sensitive in that it will be rendered obsolete as web services play a larger role in ERP systems (which is already happening in a sense), and XML and/or ebXML emerge as a core component of all of the major packages, such as SAP, PeopleSoft, Baan, etc. If you have a defined architecture or integration group this book will make a good investment because of the wide array of topics covered. If, however, you are seeking a book that provides a methodology or focused technology description this book may not be for you.
Thursday, June 13, 2002
If you are not familiar with system dynamics, it's a methodology for studying and managing complex feedback systems using time graphs and causal loops, and more formal analytical methods such as simulation and exploring alternatives in a structured manner.
This book uses those techniques to align project management processes to software development. The best way to determine if this book is right for you is to answer the following questions:
- Is your core business software development?
- Is your organization at approximately the same level as that described by SEI's CMM for level 3 or above?
- Is there a commitment to implement an integrated process that is driven by the executive or board level and does this commitment have a strong sponsor?
Those who will benefit most from this book are organizations that have found existing PM methodologies to not fully meet objectives. For example, the U.S. standard based on the Project Management Institute's Project Management Body of Knowledge (PMBOK) is too generic for software development, and the U.K. standard called PRINCE2 is not as well suited for product-line and software vendor approaches to development. While the PMBOK and PRINCE2 contain processes and procedures that can be used, the system dynamics approach defined in this book gives a method for selecting, evaluating and integrating the processes and procedures borrowed from these two standards. Moreover, since the CMM and related models identify key process areas for project management, they do not prescribe how they are to be implemented. This book will provide the tools and techniques for tailoring the techniques to PM process areas.
If your objective is to find a book that describes a complete project management maturity model you will be better served by Strategic Planning for Project Management Using a Project Management Maturity Model by Harold Kerzner; if you are looking for an off-the-shelf methodology to use with iterative processes such as the Rational Unified Process I recommend Software Project Management: A Unified Framework by Walker Royce. However, if you are seeking to develop and implement a best-in-class, tailored project management methodology that is seamlessly integrated into your software development processes this book will show you how to achieve that goal.
Tuesday, June 11, 2002
Parts that set this book apart from the others include an emphasis on developing a business case and the structured way in which all project stakeholder requirements are considered in project quality and reporting. I also like the way projects are managed at the enterprise level as portfolios and integrated into programs instead of standalone projects. In addition, the many forms, checklists and diagrams are highly useful and can be used with little or no modification.
This book is also completely consistent with the PMI PMBOK and UK PRINCE2 methodologies, and the author's web site that supports this book contains a wealth of up-to-date information that adds to the value of this book.
Sunday, June 09, 2002
- Frameworks and Architectures. Consists of four papers of which I particularly liked Key Concepts in Architecture Definition Languages and Acme: Architectural Description of Component-Based Systems because of professional interests in ADLs.
- Object-Based Specification and Verification. The three papers in this section were focused on narrow topics; however, I gained much from Modular Specification and Verification Techniques for Object-Oriented Software Components. This paper alone made the book worthwhile to me, but this is a subjective remark with which you may not agree.
- Formal Methods and Semantics. Each of the three papers in this section were, in my opinion, valuable. My favorite, Toward a Normative Theory for Component-Based System Design and Analysis, contained a viable framework and approach to component design, which is a topic that receives little coverage in other component-based books.
- Reactive and Distributed Systems. The two papers in this section are interesting in that their topics intersect nicely with the discipline of semantic web engineering. If your interests or work also includes that knowledge area then the papers (Composition of Reactive System Components and Using I/O Automata for Developing Distributed Systems)will 'connect the dots' in a manner of speaking.
The second book is Component-Based Product Line Engineering with UML. Where most books on the subject cover the component-based development life cycle at a high level with an emphasis on the development, deployment and QA aspects, this one is about requirements and design. That is what sets it apart and an important work. It becomes even more important if you are using or trying to adapt the Unified Process to a component-based environment. Obviously if your environment also includes product line development the value of this book increases even more.
The book contains five parts which build upon each other. Part 1 is a thorough, 60-page introduction that compares and contrasts development life cycles, summarizes the approach the book proposes, and the concepts, artifacts and process associated with "KobrA" (a German abbreviation for "Component-based application development".
Part 2 is devoted to component modeling based on the KobrA component model, and covers all aspects in 153 pages. This part ends with an excellent introduction to patterns and UML, which lays the groundwork for the next part. The information in this part drills down into requirements and specifications, which is one of the reasons I cited above that sets this book apart.
In Part 3 (Embodiment) refinement and translation, component reuse and incremental development are covered in detail. Part 4 introduces and covers product line, framework and application engineering. It is here that the KobrA foundation laid in the previous parts begins to become coherent and the viability of the approach becomes apparent.
Part 5 is my favorite because, like Part 2, it gives a view of component-based development that most books gloss over. In particular, the chapters on maintenance and QA are filled with information that reflects the realities of component-based development, and the chapter on quality modeling is among the best treatments of the topic in any book or paper I've recently read. The 60 pages of appendices are also valuable sources of information and knowledge about metamodels, maintenance and process. I found this book to be an invaluable reference and recommend it to anyone who is heavily involved in component-based software engineering in conjunction with product line development.
Thursday, June 06, 2002
It does not contain technical information for developing components in various environments, nor does it go into the relative merits of component-based development from the viewpoint of any vendor. What it does contain is a tutorial on component-based development as a software engineering discipline, and makes a strong business case for adopting this approach to software development.
If you're expecting an end-to-end life cycle you may be somewhat disappointed because the book only covers the design through build phases of development. However, since this book is more about showing the value of components this scope is more than sufficient. If, on the other hand, you are evaluating component-based development as a business strategy you'll like the details about the value and underlying processes, and how this approach differs from more traditional software development. In particular you'll like the way the author goes into organizational issues (who owns the process), and the unique requirements of component-based development (such as strict configuration control and reuse strategies, and cataloging and certifying components). The case study at the end of the book pulls the preceding 13 chapters together and provides a realistic view of the strengths and weaknesses of components.
Tuesday, June 04, 2002
- Applied Statistics for Software Managers. If you're working in SQA or managing software development projects this book is an excellent introductory text to statistical analysis.
What I like about this book is that it's a tutorial on the statistical skills and knowledge that you'll need, and it combines this learning goal with the basics of software metrics and how they can be employed to measure productivity, estimate projects, and manage costs and organizational quality. The core approach is data analysis, and the main tools that the book employs are multi-variate techniques, regression analysis and correlation and sensitivity tests. The author has a talent for clearly explaining a dry subject, and while it will take a good deal of effort to master the material because of its nature, the excellent writing and illustrations will make it easy to quickly grasp statistical fundamentals and put them to use.
The lessons are taught within the framework of four case studies that are realistic and apply to the real world. The case study topics are: productivity analysis, analysis of time to market factors, development cost analysis, and maintenance cost drivers. These cover the full range of both internal development and product-line software engineering. I especially like the inclusion of maintenance costs as a topic of study because this area contributes significantly to total costs of ownership, but is often overlooked.
- Measuring the Software Process. This book contains the keys to meeting core CMM level 5 requirements, which defines key processes for optimizing and continuous improvement, and for achieving 6-sigma processes. However, you need not be striving for either (or both) of these goals to use the techniques and approach in this book to full advantage.
Implementing and employing statistical process controls are the basis of this book. The authors lead you through the steps and techniques necessary to implement and use SPC, starting with background information on processes and a process measurement framework, and moving through topics such as planning your measurement strategy, data collection and analysis, and developing and interpreting process behavior charts using common SPC chart types. The most common controls are x-bar (mean) and r (range) charts. Be aware that any SPC approach requires two conditions to be met:
- defined processes
- the processes are in statistical control (meaning that the data points being measured have settled into a normal distribution that are randomly clustered around a mean and have defined upper and lower control limits)
This book requires knowledge and skills in basic statistical analysis. If you require a refresher I recommend reading Visual Statistics before tackling this book.
Monday, June 03, 2002
Understanding the Essentials of the Six Sigma Quality Initiative is a short book that does one thing and does it well - clearly explains what Six Sigma is and why it's important. It accomplishes this in less than 100 pages, making it a succinct guides to a highly complex topic.
Practitioners will find the material too basic, but business managers will find it sufficient to see the value of a Six Sigma initiative. It's also useful for communicating an initiative and its importance to employees who are not directly involved, but need to be on board to imbue it into the corporate culture.
It devotes the first 35 pages to explaining the what's and why's in clear, non-technical prose, and the rest of the book covers the how's by explaining each of the tools that are used to achieve Six Sigma. Each tool, ranging from Analysis of Variance to Team Development, is quickly described at a high level, with all key factors and a brief summary of what it is and how to use it.
If you are a member of the organizational implementation team I recommend that this book used to communicate the reasons for the initiative and what Six Sigma will mean to your organization to employees. If you have a direct role in Six Sigma and your statistics are rusty I recommend augmenting this book with Visual Statistics by Jack R. Fraenkel, Enoch I. Sawin and Norman E. Wallen.
I've struggled with statistics for years, and had resigned myself to continuing that struggle until I read this wonderful book. Where most books assume that you remember lessons from high school this one starts from scratch. It also differs from other books by teaching you how statistics work instead of force feeding you formulas that you learn by rote, but do not impart an understanding of how statistics work.
I like the way that this book uses illustrations and clearly describes the 'whys' to make statistics come alive. Shortly after I started reading this book (which is actually interesting!), I began seeing the significance of data distributions, relationships and dependencies. This not only will improve your understanding of statistics, but also gives you the confidence to tackle problems that may have intimidated you or were beyond your knowledge level.
If you need to quickly refresh your knowledge and skills, or want to understand statistics instead of crunching formulas, this book is a fast way to get there.
Sunday, June 02, 2002
The book is divided into twelve chapters, each of which contains two or more papers written by top experts in the field, including Mark Paulk (of CMM fame), Watts S. Humphrey (creator of PSP and TSP, and prolific author of software engineering process papers), Robert B. Grady (author of three standard references on metrics), and others who key players, but are not as widely known outside of the SPI and SPA community.
Chapter 1 covers software process assessment with an article by Paulk that surveys the more common models for SPI and SPA, and a reprint of Sarah Sheard's excellent article from CrossTalk Magazine titled "The Frameworks Quagmire". Chapter 2 contains three articles on the SW-CMM, which seems to be the centerpiece of this book. Chapter 3, "Other Approaches to Software Process Assessment" contains four articles that add balance by covering non-CMM approaches that are in common use, especially in Europe (Bootstrap). I especially liked the article by David N. Card titled "Sorting out Six Sigma and the CMM", which combines two hot topics. One of the exceptions that I cited at the beginning of this review is the article on Trillium, which in my opinion has been superseded by TL 9000 in the telecommunications industry.
The three articles in Chapter 4 (Software Process Improvement: How To Do It) address common concerns and barriers to any SPI initiative, and each add well thought out ideas, especially Sandra McGill's "Overcoming Resistance to Standard Processes, or, Herding Cats", and William Florac's "Statistically Managing the Software Process".
Watts Humphrey's Personal and Team Software Processes, and CMMI are the key topics in Chapter 5, which covers developments inspired by the SW-CMM. All of Chapter 6's Software Product Evaluation articles were my favorites from among the collection in this book, and I particularly liked Jørgen Bøegh's "Quality Evaluation of Software Products" and Geoff Dromey's "A Model for Software Product Quality" because they go to the heart of key issues in both product line engineering challenges and user acceptance testing.
Chapter 7, ISO 9000 Series and TickIT, is the second exception that I previously noted. Much has changed in ISO 9000 with the 2000 standard, which renders this entire chapter moot in my opinion. I also thought the five articles in Chapter 8, The SPICE Project, would have been a better fit in Chapter 3. The same goes for Chapter 9, Experiences of Software Process Assessment, which is nearly an extension of Chapter 8, and is closely related to Chapter 3.
Two other favorite chapters are 10 (Software Process Improvement for Small Organizations) and 11 (Benefits of Software Process Improvement). Chapter 10's three articles dispell any notion that SPI is only feasible for large organizations, and the three articles in Chapter 11 focus on the benefits of SPI, especially Herb Krasner's article titled "Accumulating the Body of Evidence for the Payoff of Software Process Improvement". I also liked the final chapter, which covers software processes in general, including an excellent article on modeling. I felt that this chapter should have been at the beginning of the book instead of the end.
Overall, this is a book for those of us who are nearly religious about SPI; but is not a good introductory text. It's main value will be to IT consultants who specialize in either SPI or SPA (or both), and who need to be familiar with the mainstream standards and approaches.
Saturday, June 01, 2002
The first book is Translucent Databases. This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.
What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.
This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book. As of this entry the link to the source code is on the site, but the code itself is not yet available. When it is the value of this book will increase even more because of the time it will save by not having to manually create the code from scratch.
If you are new to the cryptographic techniques introduced in this book I recommend Cryptography Decrypted by H. X. Mel and Doris M. Baker, which is one of the best introductions to this complex subject. I also recommend reading Secrets and Lies: Digital Security in a Networked World by Bruce Schneier, which covers the technical, organizational and social aspects of security and gives a clear description of the technical underpinnings discussed in this book.
The second book is XML Security. Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.
Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.
The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.
Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.
Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.
Friday, May 31, 2002
Since this book's goal is to explain Oracle's SQL Plus and PL/SQL languages instead of getting you through an examination with a passing grade it goes into details that my training missed. I especially like the way that database concepts, design and modeling are covered in the first chapter, and the step-by-step approach to teaching SQL and PL/SQL by actually performing useful tasks such as creating tables and working with tables.
In addition to the basics, this book covers advanced topics such as row locking, performance and joins and set operations. PL/SQL is given the same thorough treatment as SQL Plus and as you read through the book and actually perform the tasks on a real Oracle instance your understanding and skill level increases greatly. Since PL/SQL is rich in features and programming constructs the care with which the author explains the basics and how to apply them in a real environment made learning fun and builds your self confidence.
I also liked the attention given to database administration tasks in the final part of the book, and found the SQL Plus and PL/SQL quick reference in the back of the book useful on many occasions.
If you don't have the luxury of attending Oracle training this book is an excellent substitute, and even if you're going through OCP training this book will fill in the gaps that will surely arise since the course is fast paced. Note that this book uses Oracle 8i as the example environment, but the material works with the newer 9i version too.
The ideal audience for this book is the new Oracle DBA or UNIX system administrators who have either inherited DBA responsibilities or who want to gain cross-functional skills. Experienced DBAs will find much of this book too basic, and may complain that it doesn't cover the full range of database administration topics.
In my opinion the relatively narrow scope of this book is one of its strengths. Instead of overwhelming the new DBA with hundreds of pages it sticks to the essentials. Another point in its favor is that the author doesn't attempt to go into gory details about how things work (information that you can get from other books as your comfort level and self-confidence improve), but remains focused on what you need to do in order to effectively manage and support an Oracle 9i instance.
While I liked the Getting Started and Some DBA tasks (Sections I and II) that start this book, I especially liked Section III, which covers tuning. This is the essence of what a DBA does, and the basics are well covered. This section also gives some excellent scripts that the new DBA will find invaluable. Section IV, is somewhat useful, but Section V is another favorite because it shows how to begin building your own set of tools, which is the hallmark of an experienced DBA. The scripts that are provided in this section are the foundation of database administration, and will spark ideas for additional and more specific scripts. The value is that you can learn much from what is provided.
Each topic in this book is given a brief 2-3 pages, which makes it somewhat terse. In many cases you'll have to go to other books for deeper explanations, but at least you'll be quickly functional.
If I had to choose a single book with which to get started this would be it. Of course you'll outgrow this as your skills and experience evolve, but it will get you started and does so using good practices and workable techniques.
Thursday, May 30, 2002
In a nutshell, you bring your knowledge of algorithms, data structures and development methodologies, and the book will show you how to apply them to web programming.
Wednesday, May 29, 2002
What you get: This collection consists of the following books, each of which I have reviewed on their product pages. I am summarizing the reviews to save time:
- OCP Introduction to Oracle9i: SQL Exam Guide. I rated this at 4 stars - be aware of the fact that this book does have errors, make sure you read the errata and you'll find it quite helpful.
- OCP Oracle9i Database: Fundamentals I Exam Guide. Another 4-star rating - there are editing flaws and inconsistent writing that do make this book ponderous at times. There have been times when I wished the authors and editors had paid more attention to the book, and other times when I silently thanked them for clarifying a concept.
- OCP Oracle9i Database: Fundamentals II Exam Guide. 4-stars. Among the strong points of this book are the self tests and practice exam questions. Weaknesses include poor editing, which seems to plague this series, and the inconsistent writing that is at times extremely clear and others quite obtuse. I prefer OCP: Oracle9i DBA Fundamentals II Study Guide by Doug Stuns and Matthew Weishan, which is better written, consistent and complete. It is also a 'best of breed' book.
- OCP Oracle9i Database: Performance Tuning Exam Guide. Unlike the others in this set this book is a 5-star gem. All of the key elements of performance tuning are covered, the illustrations are excellent and aid in understanding, and the drills, self tests and practice questions have been a tremendous help.
Pros: price, over 2000 pages of materials and CD ROMs with practice questions and other material.
Cons: with the exception of the Performance Tuning Exam Guide the guides in this set have editing problems and errors.
After a quick introduction to the XML processing the author wastes no time getting to the meat by going into processing types in Sections II (Event-Based Processing), III (Tree-Based Processing) and IV (Declarative Processing). Each of these sections are comprised of chapters and topics that cover the strengths and weaknesses of each approach, common tools and example applications, and tips and techniques.
Section V is focused on Java development, including SAX in Java, DOM in Java and XSLT In Java Applications. This section covers APIs, tools and specific considerations for each topic.
The final section addresses XML processing in detail, and deals with alternative processing approaches (including hybrids of event-, tree- and declarative-based models), schemas, and RSS.
In addition the appendices are informative and add to the value of this book. In particular, Appendix A, A Lightning Introduction to Python, will get seasoned developers up-to-speed (augmented by Appendix C which covers Python XML Packages). Appendix B is a glossary that goes into considerable detail, making it a handy reference.
Sunday, May 26, 2002
- Charles F. Goldfarb's XML Handbook (4th Edition) by Charles F. Goldfarb and Paul Prescod. Goldfarb invented SGML, upon which XML is based and which had a significant influence on the design of HTML. At 1200 pages this book is probably one of the most complete references that one can have. It covers every conceivable topic, ranging from a good description of XML and how it evolved from SGML, to semantic web and web services (each of which are disciplines onto themselves).
Expected topics are given in-depth treatment (XML, schemas, DTDs, datatypes, XSLT, XSL-FO, XLink, XPath, XPointer, XSDL, namespaces, topic maps, RDF, SOAP, UDDI, WSDL and VoiceXML), with a focus on the following:
- integration of XML and the older EDI approaches to e-commerce and extended supply chain systems
- a sound approach to content management - how XML fits into the web services framework
- chapters on important topics such as portals, databases, content acquisition, conversion and publishing
- a series of chapters devoted to tutorials on XML basics, schemas, and transformation and navigation protocols
This is an overwhelming book for beginners, but is a valuable resource for anyone who is deeply involved in web services, XML and related technologies. If you fit the latter category this is probably the only XML reference you'll need.
- Definitive XML Schema by Priscilla Walmsley. In a nutshell this book gives a detailed description of the XML schema and associated topics. The author is a member of the W3C working group that created XML Schema, and the material in this book is consistent with W3C recommendations. See the editorial description and reviews on this book's product page for specifics.
- Definitive XSLT and XPath by G. Ken Holman. Covers everything you need to know about transforming information structured vocabularies and output formats. The author is the chair of OASIS's XSLT/XPath Conformance Technical Subcommittee. See the editorial description and reviews on this book's product page for specifics.
Saturday, May 25, 2002
Although you can download XML specifications from the W3C working groups, a single book that summarizes these specifications is worth the investment. XML Family of Specifications: A Practical Guide is such a book. It's a comprehensive and up-to-date (as of this review) reference on XML as defined by the W3C. Part I is more of a desk reference (with a lot of example code), which covers XML syntax, modeling and parsing, DTDs and schemas. Part II, also with many examples, is a complete treatment of parsing with APIs, with separate chapters on SAX, DOM, JDOM and JAXP. Transformation and display protocols are covered in Part III, including CSS2, XSLT and XPath. XSLFO for formatting is also covered in this part. Xlink and Xpointer to facilitate referencing operations are the subjects of Part IV, and the book wraps up the formal descriptions of the family of specifications in Part V, which covers XHTML and RDF. I have a personal interest in RDF, and found the chapter devoted to it complete, but terse. This characterizes all of the chapters in this book. What makes this book valuable is the way the information is displayed. Each chapter starts with either an overview or concepts, and each clearly explains each specification and gives clear examples to demonstrate how they work in practice.
Appendices at the back of the book are especially valuable because they summarize much of the information in the body of the book. For example, Appendix A depicts the family of specifications in a format that clearly shows the relationships among them. In addition, the web site that supports the book provides a lot of supplementary material, including over 900 links to related resources and an image map of the family of specifications that is one of the most visually appealing and informative resources one can have at their disposal. Note that the web site is not up-to-date - some information that was cited as coming in April and May were still not online as of late June.
This is not a book for learning XML as much as it's a reference. The main value over W3C material that is available over the web is the clear writing and many examples. It reads much better than dry specs and is complete in its coverage.
If you work within the framework of the FDA's General Principles of Software Validation or the FAA's DO-178B for safety-critical avionics the material is consistent with these governing documents, but is too outdated to be useful.
However, if you are working on integrated projects that are unregulated with respect to government controls you may find this book useful. It contains a wealth of useful guidelines for establishing and managing processes to support development of products that are based on embedded software or hardware/software integration, The core of this book is a collection of templates that were developed and proven in the DoD industry, and are designed to manage integrated testing, failure management and field feedback. Each element is applicable to commercial environments, especially for companies that are manufacturing intelligent network devices, data storage systems and specialty products such as digital control systems, sensors and other integrated hardware/software products.
The templates are introduced in Chapter 1, and each of the seven functional areas covered by the templates are discussed in separate chapters. These functional areas are: integrated testing, failure reporting, design limits, product life, test/analyze/fix process, uniform test reporting and field feedback. A chapter on applying these follows, but the material is slanted towards DoD issues. If you apply thought and imagination while reading this chapter you should get ideas on how to refactor the cases into your own environment.
Section 2 devotes three chapters to software design and test, which are based on the older waterfall development life cycle. However, this particular life cycle lends itself well to developing embedded systems, making this material valid and applicable to commercial environments.
Overall, this is a useful book for the intended audience I cited above if you can track down a copy. In particular, the checklists and overall framework are valuable, and much can be learned from the risk-based approach taken in the book.
Shifting Gears. Although I'll inevitably return to quality and reliability, I am going to shift to another topic in my next entry: XML. Also, most of the topics for the next few weeks will be in the form of book reviews instead of the tutorials and news items that we've been writing about. That will change as soon as things stabilize. We're all busy and haven't the time to do the research we normally do, nor the freedom to craft original essays on topics that are dear to us. That will change in due time, but until then please bear with us.
Friday, May 24, 2002
Although over 11 years old the QA approach contained in this book is still valid. To get at the gems, though, you have to overlook a few things. For example, terminology common in the mainframe data center of past decades sounds quaint even to those of us who came from that environment. Also, the code examples used to illustrate quality problems are sure to confuse the younger generation of C++ and Java developers and test professionals who probably never heard of PL/I and only vaguely know about FORTRAN.
What I like about this book and the reason why I think it's still an important reference is the fact that application quality from an enterprise perspective is addressed. This goes beyond testing and release processes, as well as beyond project issues surrounding applications delivery and SQA. The focus is on production and maintenance, although testing, SQA and project metrics are addressed.
In addition to the focus, the book contains checklists, questionnaires and sample forms that can be updated to reflect modern computing environments - and you may be surprised to find that much of this 'ancient' material requires very little modification. Another aspect of this book that I like is the material on software maintenance, which seems to be a lost art, although it's as important now as it ever was.
Don't let the age of this book deter you if you're interested in quality assurance from a production support point of view. The best recommendation I can give is that this book has served me well in over a decade of consulting, and it probably will for years to come. However, it shouldn't be your only reference either.
Thursday, May 23, 2002
- Testing Very Big Systems. After you've peeled back the layers of testing techniques that are better documented and more refined in more recent books, and archaic language that characterized the mainframe lingo that was dying out when this book was first written a decade ago you'll find gold.
First, the way test case management is presented stands the test of time. The author is obviously well versed in managing complex system testing and it shows in his detailed approach to developing a test strategy and managing a large array of test cases. As good as this material is, it isn't a sufficient reason to track down a copy of this book because Rick Craig and Stefan Jaskiel have a more modern book, Systematic Software Testing that accomplishes the same goal.
The real gold is in the way that this book integrates testing, issue management and metrics. Although there is a large body of knowledge on these topics, this book manages to sort out the complexities in the clearest terms I've encountered. I also think that the approach change management is excellent, and especially the way this is linked to issue management. On the subject of issue management, the taxonomy of issue types has served me as a model during numerous consulting engagements for service delivery and software engineering process development, and have been proven in the field.
Additional gold is in the chapters on test documentation (especially the treatment of status reporting) and managing management. I also like the way that the author takes economic considerations into account, which was not much in vogue when this book was written in 1992.
If you're an SQA or applications delivery practitioner I strongly recommend tracking down a copy of this book. Look past the archaic parts and you will find one nugget after the other of useful information. I wish this book would be rewritten to reflect today's environment and the lessons that the author learned in the decade since this book was first published because there is much in this book that you will not find elsewhere.
- Ensuring Software Reliability. Despite this book's age and the subsequent software reliability books that have since been published, it adds a perspective and information that is either not in more recent books, or is not given the same comprehensive treatment.
If you are familiar with software reliability as a discipline and with any of the major books, such as John Musa's Software Reliability Engineered Testing, you'll probably not find anything new in Part I, although chapters 3 (software failures and failure processes), and 6 (reliability terms and definitions) add clear, succinct descriptions and definitions to these topics.
Part II, however, is where this book shines and why I use this book as one of my principal references. Specifically, chapter 7, which covers software reliability data collection, is thorough and comprehensive. I especially like the way data collection is integrated into a reporting process, and the near exhaustive list of error, product and process metrics and their associated descriptions. Chapter 8 is another gem. It describes 12 major reliability models, ranging from Musa's models to predictive models. One of the most interesting models in this catalog is the 'Leone Test Coverage Model', which is based upon percentage of completion and coverage of specific development and testing tasks. For each model the author gives a summary description, provides assumptions and parameters of the model, and the associated math. Each model's summary contains strengths and weaknesses, and when in the life cycle the model is best employed.
Overall, this book contains some invaluable information and information that has been superseded by newer books (especially the last chapters in Part II). If you're seeking information that I've highlighted above, this book is a worthwhile investment. If you're looking for a book that is more up-to-date I recommend Software Reliability Engineered Testing by John Musa. This book will remain an often referenced part of my library for some time to come.
Subscribe to Posts [Atom]