December 2003 - Posts - Darrell Norton's Blog [MVP]

Top 10 Signs your development project is Doomed

10. After your application starts failing everywhere, you talk to the DBA and he says, “I had to change the names on all the columns because I didn’t follow the company standard. You can still make Friday’s deadline right?”

9. New requirements are added by the business manager so that the application works on his machine.

8. The current application is evolving faster than you can develop the replacement application.

7. Four hours in a requirements meeting were spent debating “extends” versus “includes” for part of a use case.

6. Requirements consist of an Access or Excel application with tons of VBA code. Oh, and you need to fix the bugs while you are at it (we don’t know what they are, but fix them before delivery).

5. “Give us honest estimates for how long the work is going to take. But make sure you finish in 2 months.”

4. Project Management = Microsoft Project

3. When hiring two contract programmers, management asks “We don’t need two computers do we? They can just share one right?”

2. The “Senior Technical Architect” on your web application project, assigned because he has 23 years with the company, has never done web development ever.

And the number one sign your project is doomed…

1. All requirements are critical, ultra-high, or high importance.

Posted Dec 30 2003, 06:59 AM by darrell with no comments

Risk Management the MSF way

I’ve looked at numerous risk management models and processes and have tried out several. I always look at it with an eye toward practicality. Even if the process is the best in the world, if it is too difficult or time-consuming to actually do, then it’s worthless. This could be why most projects I've been around have paid only minor attention to risk management, if indeed addressing it at all.

That is where the MSF Risk Management Discipline comes in. This white paper from Microsoft is one of the best short discussions on risk management for software projects that I have found. Every developer should read it. It shows the basics of how to identify, categorize, assign impacts to, and prioritize risks. It also covers all phases of risk management, from risk identification and project inception through risk mitigation and project completion.

Not all of it needs to be implemented though. There is the potential for a lot of process; however it is there because the MSF is meant to be scalable, much more so than most agile methodologies. The best advice that I can give is to start with a “Top 10 Risk List” as described in Rapid Development by Steve McConnell. Then, when the situation warrants it (e.g., your project grows rather large), add more process as necessary.

For more info

MSF Risk Management Discipline
You can download all the MSF white papers in Word format here.
Waltzing with Bears by Tom Demarco and Timothy Lister
Risk Management Overview at the SEI
The Risk Management Catalog by Alistair Cockburn

Posted Dec 29 2003, 07:37 AM by darrell with no comments

SQL Server Transactions - Commit and Rollback

A coworker was having trouble with a stored proc. There were several IF statements where one path created another nested level transaction while the other did not. Trying to get the stored proc to COMMIT only certain transactions by name was sometimes generating an error that there was no corresponding BEGIN TRANSACTION. What we learned was the following.

Whenever you execute a COMMIT TRANSACTION statement, any transaction name after the statement is ignored. The only thing a COMMIT TRANSACTION statement does is reduce the @@trancount variable by 1. If this makes @@trancount = 0, then all database modifications are committed.

For example, say you have the following code (from SQL Server Books Online):

CREATE TABLE TestTran (Cola INT PRIMARY KEY, Colb CHAR(3))
GO
BEGIN TRANSACTION OuterTran -- @@TRANCOUNT set to 1.
GO
INSERT INTO TestTran VALUES (1, 'aaa')
GO
BEGIN TRANSACTION Inner1 -- @@TRANCOUNT set to 2.
GO
INSERT INTO TestTran VALUES (2, 'bbb')
GO
BEGIN TRANSACTION Inner2 -- @@TRANCOUNT set to 3.
GO
INSERT INTO TestTran VALUES (3, 'ccc')
GO
COMMIT TRANSACTION Inner2 -- Decrements @@TRANCOUNT to 2.
-- Nothing committed.
-- ROLLBACK TRANSACTION Inner1
GO
COMMIT TRANSACTION Inner1 -- Decrements @@TRANCOUNT to 1.
-- Nothing committed.
GO
COMMIT TRANSACTION OuterTran -- Decrements @@TRANCOUNT to 0.
-- Commits outer transaction OuterTran.
GO
DROP TABLE TestTran

Just copy and paste this code into Query Analyzer. Add Select statements wherever you would like to see the state of the TestTran table and whether the statements have been committed or not.

The only transaction name that SQL Server cares about is OuterTran. It’s fine to label Inner1 and Inner2 transactions for other developers, but SQL Server does not use them. Also, the COMMIT TRANSACTION statement does not use the transaction name. Only a ROLLBACK uses the transaction name, and only the outermost transaction name. For example, trying to do ROLLBACK TRANSACTION Inner1 where it is commented out in the code snippet above would not work.

UPDATE: From BOL, thanks to Frans for pointing this out to me. It makes intuitive sense, and is the confirmed behavior.

Committing inner transactions is ignored by Microsoft® SQL Server™. The transaction is either committed or rolled back based on the action taken at the end of the outermost transaction. If the outer transaction is committed, the inner nested transactions are also committed. If the outer transaction is rolled back, then all inner transactions are also rolled back, regardless of whether or not the inner transactions were individually committed.

Each call to COMMIT TRANSACTION or COMMIT WORK applies to the last executed BEGIN TRANSACTION. If the BEGIN TRANSACTION statements are nested, then a COMMIT statement applies only to the last nested transaction, which is the innermost transaction. Even if a COMMIT TRANSACTION transaction_name statement within a nested transaction refers to the transaction name of the outer transaction, the commit applies only to the innermost transaction.

It is not legal for the transaction_name parameter of a ROLLBACK TRANSACTION statement to refer to the inner transactions of a set of named nested transactions. transaction_name can refer only to the transaction name of the outermost transaction. If a ROLLBACK TRANSACTION transaction_name statement using the name of the outer transaction is executed at any level of a set of nested transactions, all the nested transactions are rolled back. If a ROLLBACK WORK or ROLLBACK TRANSACTION statement without a transaction_name parameter is executed at any level of a set of nested transaction, it rolls back all the nested transactions, including the outermost transaction.

Posted Dec 24 2003, 06:23 AM by darrell with 12 comment(s)

Java not suitable for object-oriented frameworks?

Interesting article on why Java is not suitable for object-oriented frameworks [via Jeff Sutherland]. From the abstract:

Many business applications involve Java and object-oriented frameworks. Several characteristics of Java conflict with some key features of frameworks. These conflicts force the creation of “work-arounds” by developers. We show several examples that illustrate the tensions that exist between Java and object-oriented frameworks, and discuss how we solved them.

Most of this obviously applies to .NET, except for section 4.2. The .NET-equivalent to the Java “Deprecated” comment is the “Obsolete” attribute, which is not buried in the comments. Not too sure on the remote exceptions section. Any takers care to bring us up to speed?

Posted Dec 23 2003, 03:26 PM by darrell with 4 comment(s)

Windows Forms getting short shrift in .NET

Windows Forms are getting shortchanged in version 2 of .NET.

In ASP.NET, the DataGrid control is already much better than the Windows Form DataGrid control. And in ASP.NET 2.0, the DataGrid is getting automatic sorting and paging. Yet there is nothing at all on the Developer Tools Roadmap that shows any work is being done on the Windows Forms DataGrid.

Many of the Windows Forms improvements are in deployment, with the new ClickOnce technology. Web apps already have deployment figured out, and I guess the ASP.NET team can then concentrate on stuff like making development easier (Master Pages, DataGrid enhancements, themes/skins, et al). On current winforms projects, we have to resort to third-party tools like SyncFusion. While good, and definitely better than coding all this functionality ourselves, it’s weak compared to what you get for free in the land of webforms.

I really want to like Windows Forms. I want to write slick, full-featured UIs with .NET. But it's just so hard to do so, with the allure of the ASP.NET siren's song.

Posted Dec 23 2003, 07:57 AM by darrell with 7 comment(s)

My Tech Predictions for 2004

Scott Hanselman offers some technology predictions for 2004. In an attempt to cash in on the high popularity and low responsibility entailed with such a blog topic, I offer my own technology predictions for 2004.

First up, the smart personal object technology (SPOT) Scott talks about will get a lukewarm reception at best. Who needs to check stock prices on a device where they can’t do any trading. A phone would be better, because then you could call your broker and it has a bigger screen. For weather, traffic, instant messaging, and appointments, get a PocketPC or Palm which has a bigger screen and a stylus. Get a Blackberry to check your email. All of these products are already established and I don’t see a compelling need to switch to wristwatch technology yet (in the future maybe).

Second, RFID will take off. With Wal-Mart and government deadlines for early 2005, this seems like a slam-dunk. The government deadline could slip, but I doubt the Wal-Mart one will. This will also have the effect of increasing the deployment of new data warehouses and increase the size of existing ones. Especially with Microsoft’s new entry in the business reporting field, this is a hot area.

Third, IBM will finally wrest control of Java from Sun, becoming the de facto Java leader. IBM already does more for Java than Sun does, and now Sun is trying to sell desktop software. Oh, and they’re still trying to sell hardware and they’re pissing off the Linux crowd. Ouch. I don’t know if they could screw up more, but McNealy might surprise us yet.

So, like Scott Hanselman ended his post, what are your Technology Predictions for 2004?

Posted Dec 22 2003, 06:03 AM by darrell with 3 comment(s)

TDD: How much unit test code should you write?

Introduction

Some other bloggers have asked how much unit test code (as a percentage of the total project’s code) should be written. I have certainly asked that question myself! So I decided to find out.

The point of this research was to determine roughly how much unit test code there was in a given project, expressed as a percentage. I know that lines of code aren’t the greatest thing in the world to count, but if you program your unit test code the same way you do your application code (and you certainly should), then making generalizations based on project percentages should be ok. Please note that all projects were developed in.NET.

I also wanted to find out what the percentage of unit test code was in real life projects. I did not want statistics from some book using contrived examples which “should apply to your projects.” Worse yet, I didn’t want uninformed speculation!

Procedure

Requiring access to source code, I turned to open source for data. I reviewed quite a few popular open source software projects, and ended up with eight projects that had discernable unit test code. I did not use data from my own projects yet, as that would obviously bias the findings.

All of these projects had GUIs, and the total lines of code counted included any GUI code. Lines of code were only counted for class files (cs and vb files). Lines of code ranged from 3000 to 50000.

Results

Here are the results:

Average	39.0%
Median	39.9%
High	55.9%
Low	18.4%
Standard Deviation	13.7%

The average was 39 percent of the total code base was unit test code. Probably more accurate is the median, which was 39.9 percent. The highest individual project percentage was 55.9 percent, and the lowest project (that still had unit tests) was 18.4 percent. The standard deviation was 13.7 percent.

The average and standard deviation together tell you the range in which most projects fall. Assuming a normal distribution curve, 95 percent of all projects will have unit test code ranging from 12 to 66 percent. The normal curve is a safe assumption, however the problem lies in the fact that the sample I have now might not be large enough to accurately represent the population.

Analysis/Recommendation

If you are doing test driven development, use a simple line counter program to see what percentage of your code base is unit test code. If it is much less than 20 percent, you probably aren’t testing enough. If it is much more than 66 percent, your test code is probably becoming an out-of-control mess.

Note that I did not follow the 95^th percentile figures exactly. Also, unit test code percentages often vary depending on the type of the application. Fancier GUIs tend to require a lot of code which is often not as well tested with tools like NUnit or csUnit.

Anything else?

If you know of any open source or freeware projects I should include, please leave them in the comments!

Posted Dec 19 2003, 06:43 AM by darrell with 7 comment(s)

NUnitAsp v1.4.1 Released while we were sleeping

NUnitAsp v1.4.1 is out. There are a couple of cool new features, and it's built with the latest version of NUnit. From the release notes:

This release includes numerous improvements, thanks to our new patch king, Levi Khatskevitch. We have support for basic and Windows authentication, new testers, a vastly improved parser, and support for the https: protocol. If you've tried NUnitAsp in the past and gotten stuck with a 404 error, that's fixed now! There's numerous other small improvements.

The NUnitAsp website is at http://nunitasp.sourceforge.net.

Download the latest version of NUnitAsp.

Posted Dec 18 2003, 07:31 PM by darrell with 1 comment(s)

More on Contracting, Consulting, and being Independent

There have been some good posts on consulting and contracting lately. These posts sort of form a thread, so I’ve arranged them in roughly chronological order.

In his first consulting post, Rory breaks contractors down into two categories: headhunters or independents.
Bryan then rants on the uselessness of headhunters. The comments bring up some good points about the value headhunters do add.
I highlighted DonXML’s comparison of consultants vs. contract programmers.
DonXML talks about finding contracting jobs.
In his follow-up post, Rory talks about the wonderful experience you can get being a contractor, as well as an understanding of the “metastuff.” Mark Dunn left some excellent comments in this post, too.
DonXML has now posted a Consulting Rate Worksheet.

Steve Eichert also pointed us to the “consulting tips from the million dollar consultant” web site. In my opinion, the site is too full of self-aggrandizement, although there are a few good articles. I’ve been reading about consulting, and the practicality of the blog posts is just awesome in comparison.

Another good consulting site I check out is RealRates.com. They have lots of survey data filled out by other consultants, so you can get a rough indication of what similar people are doing or earning right now.

IT workers can also get the Robert Half Technology 2004 Salary Guide. You fill out a form and they mail it to you for free. Good for consultants or permanent employees. I haven’t gotten any spam email or junk mail as a result of this, either. Of course, I rarely get spam anymore.

I wonder if the percentage of independents/contractors/consultants is higher for bloggers than it is for non-bloggers. Anyone know or care to guess?

[Updates are in the bullet list]

Posted Dec 18 2003, 07:23 AM by darrell with no comments

Consultants vs. Contract Programmers

DonXML Demsak left a comment in response to this post by brady gaster. It was so good I couldn’t leave it buried in the comments.

You are confusing 2 similar but definitely different jobs, the consultant versus the contract programmer. The consultant is paid to consult the client on how to best go about developing an app, work out something suitable to the client, and then do it. The contract programmer is told by the client how to best go about developing an app, and then do it according to the client's wishes. Consultants get paid more, but have a higher risk, and sometimes have to take one for the team (aka the person the hired you). A contract programmer doesn't get paid as much as a consultant, and isn't paid to think. Don't ever confuse one role for the other, it will only cause endless fustration for both parties (i.e. make sure your role is known ahead of time). Sometimes clients are paying for contract programming, when they really need a consultant, and that is when consulting gets a bad name. [DonXML Demsak]

Posted Dec 17 2003, 07:09 AM by darrell with no comments

An Argument for Variable-Scope Projects

I’ve found it very difficult to convince clients on the benefits of variable scope projects. One approach that I have found useful is to use a risk-based approach to determining the project management variables scope (product), schedule, and cost (see the project management triangle). Here the client ranks the three variables by how confident they are about their estimate for that variable (or your estimate for scope).

First you sit down with a client and ask them what the easiest variable to put an estimate on is. In today’s business climate, this is usually the schedule. “Oh, we have a trade show on March 1.” What is the client’s confidence in this estimate? For all intents and purposes it is 100 percent. Whatever software they are demonstrating needs to be done by then. The trade show may be rescheduled, but it is not likely unless there is an earthquake or other disaster, in which case the show would be cancelled anyway.

That leaves scope and cost. Now ask the businessperson what they are more confident in estimating. “We have a budget approved for only $250,000.” And the confidence of that is again close to 100 percent. So, the variable with the least amount of confidence, scope, is allowed to “float” based on concrete decisions on the other two variables. Thus we fix what we are most confident in, and allow the lesser known variable to be appropriately more flexible.

“But we need a certain amount of functionality delivered!” they will exclaim.

Perfect! If the client can prioritize the functionality, tell them you will deliver as many of the most important features as possible considering the schedule and cost. Also remind the client that they cannot fix all three sides of a triangle, only two within reason. What do I mean by within reason? Well, even if I have a several million US dollars, I won’t be able to rewrite the entire space shuttle program by the close of business tomorrow.

Finally, offer to work in short iterations, and at the end of each demonstrate a working system. Not a complete system, but a fully-working part of one. And tell the client that they will be able to make changes at the end of each iteration (every 2-4 weeks) until the delivery date regardless of changes in business conditions. If work is not getting done as fast as the client would like, then they have the option of increasing the project’s budget to allow for more developers, to purchase components, or whatever else to speed up development.

Posted Dec 16 2003, 11:03 AM by darrell with no comments

SCC Plugin for TortoiseCVS: An installer with no uninstaller, or How NOT to Do Things

The SCC plugin for TortoiseCVS project on SourceForge, a tool that will map CVS commands to Microsoft’s SCC API, just released some new files. I did not expect an installer, so I was pleasantly surprised when the download automatically installed itself. So I tried it out and then decided to uninstall it (to be fair, it is only version 0.2).

Well, the uninstall does not switch the registry keys back to the previous source control provider, which (unfortunately) right now is SourceSafe. Fortunately, instead of having to spelunk around in the registry, Harry Pierson’s ruthlessly competent SCC Switch utility restored my SourceCodeControl provider back to SourceSafe in a jiffy.

I just don’t understand why, if the developers went to the effort to create an installer, they wouldn’t create an equivalent uninstaller. This is only a few registry keys, and Harry’s already written the code for you! Don’t get me wrong, TortoiseCVS is great, and if the SCC Plugin is as good then I’ll definitely use it. But an install with no uninstall? Weird.

Posted Dec 16 2003, 06:27 AM by darrell with no comments

O'Reilly's Safari Bookshelf

No, I don’t get any money for posting this or referring anyone. Neither does my company. This is just to let you know my experiences with Safari in case you were thinking of subscribing.

Several of the books I’ve reviewed here lately I don’t actually own. My employer, CapTechVentures, gives every employee an account with the Safari Bookshelf by O’Reilly.

Now they certainly don’t expect us to read all of our books online, but view it more as being able to search a large number of technical books and be able to view the relevant material quickly (as opposed to Amazon, where you can search for something, but then you must buy the book). It is especially useful for all the technical work we do, and covers enough of both Java and .NET to be useful to everyone. Currently Safari has close to 2000 books.

So what publishers would you expect to find? Check out this diagram:

If you read a lot of books by these publishers, Safari could be a good investment for you.

What are the limitations? To view the full text of a given section of a book, it needs to be on your “bookshelf.” There are several bookshelf sizes. I use small, and that limits me to 5 concurrent books at a time. Once a book is on your bookshelf, it has to stay there for 30 days. Most books take up one slot, but some take a half-slot (0.5 slots) and some can take more than one, though I haven’t seen any books like that yet. You can upgrade your bookshelf size at any time, which costs more money of course.

That’s about it. I enjoy it as an employment perk. Would I buy it on my own? I’m not sure, since I can usually get my employer to foot the bill on any technical books I want to purchase. If that were to change, I probably would subscribe.

Posted Dec 13 2003, 03:06 PM by darrell with 4 comment(s)

Filed under: Book Reviews

A Review of Balancing Agility and Discipline

In Balancing Agility and Discipline, Barry Boehm and Richard Turner attempt the unenviable task of trying to meld the agile and traditional methodology approaches to software development. Overall, they present a fairly reasonable discussion on the advantages and disadvantages of each, although I do have some qualms about the name of the book.

Staring with the title of the book and continuing throughout the text the authors depict the plan-driven methodologies as being “disciplined.” This bothers me, in that it labels agile software development as undisciplined. Anyone that has ever had to figure out how to unit test some difficult piece of software or tried to keep the daily meetings under 15 minutes knows that it takes a lot of discipline.

One telling quote is, “If one has strong discipline without agility, the result is bureaucracy and stagnation. Agility without discipline is the unencumbered enthusiasm of a startup company before it has to turn a profit.” I definitely agree that without process development degenerates into code-and-fix. However, if you are doing Scrum, even though you might not have all the pretty Gantt charts and estimates accurate to the second, you are doing agile development with discipline. In fact, Scrum is a process of continuous improvement, which corresponds to CMM Level 5 “Optimizing”, the holy grail of CMM compliance!

Merriam Webster’s dictionary definition of discipline is (only the applicable meanings are shown):

5b. Orderly or prescribed conduct or pattern of behavior, c. Self-control
6. A rule or system of rules governing conduct or activity

This doesn’t really differentiate agile processes from plan-driven processes. A word that I think is much better is rigor. Rigor is:

2. The quality of being unyielding or inflexible
4. Strict precision, Exactness

In this light, Balancing Agility and Rigor makes much more sense. Agile software development, when done right, is usually very disciplined. Plan-driven development supposedly has more discipline, but is more often abused by a lack of discipline. So while discipline is up for dispute, I doubt anyone would dispute that plan-driven methodologies are more rigorous than agile ones.

Wording aside, the authors make an effort at defining five key dimensions along which projects vary:

Personnel – skill level of the developers
Dynamism – volatility of requirements
Culture – the degree to which the company prefers follows process or not
Size – size of the project, mostly in number of developers
Criticality – the loss due to impact of defects

Each of these factors affects whether the project should be agile or plan-driven overall. The more agile experience project personnel have, the more volatile the requirements, the higher the degree to which the company prefers chaos over order, the fewer the number of developers, and the less critical the project leads to an agile approach. The opposite of these dimensions leads to a plan-driven approach.

This is only the beginning, however, and the rest is where the authors make a substantial contribution to the current methodology literature. The authors go on to classify risks into three different types: environmental risks, agile risks, and plan-driven risks. Environmental risks apply to all projects, regardless of type (agile or plan-driven), since they include things like technology, complexity, and stakeholder coordination. Agile risks are those risks, such as scalability, personnel turnover, simple design, and skill level, which tend to impact agile projects more so than plan-driven projects. Plan-driven projects, though, have their own risks, namely changing requirements, speed of delivery, emerging requirements, and personnel skill level.

Once a project’s various risks are recognized, the base project type (agile or plan-driven) is then customized to address the biggest risks. Simple to describe, difficult to apply. There are also several examples of project tailoring. One adds plan-driven aspects to an agile project; another shows adding agile elements to a plan-driven base. The advice is also to tailor up, that is to add plan-driven rigor when needed, versus trying to remove rigor when it is not needed.

The skeptical reader will ask, so where’s the proof? Luckily Boehm and Turner have plenty. The primary source is a large group (100+) of projects at USC, with secondary input coming from the huge Cocomo II project database. You know the agile movement is coming of age when there are actual statistics to back it up, found in this book and in Agile and Iterative Development, by Craig Larman. Finally we can cast off the agile witch doctors who peddle their “agile wares” without proof or analysis other than “it seemed like a good (agile) idea.”

Posted Dec 11 2003, 06:26 AM by darrell with 1 comment(s)

How much architecture can you do and still be Agile?

Steve Maine posted some ramblings on the design phase. In it, he tries to determine how much architecting is allowable in an agile process. Steve wants to be agile, but really enjoys doing design (don’t we all!).

Fortunately, Barry Boehm and Richard Turner discussed this very dilemma in their book Balancing Agility and Discipline: A Guide for the Perplexed. Using the research of over 100 IT projects at USC combined with the multiple decades of research that went into the Cocomo II estimating model, they have come up with the follow diagram. [Chap. 5]

The dashed gray line shows the percent of the project’s schedule devoted to Steve Maine’s design phase, or architecture. The dark solid lines show that as more time is added for architecting a solution, the less time will be spent doing rework. The solid light gray lines show the additional schedule needed due to the costs of doing the architecture.

The sweet spot is the lowest point on the curve for each size program. The 10 KSLOC program (10,000 lines of code) for example, has its sweet spot at the very beginning. This means that for very small programs, no more than 5 percent of the project schedule should be spent on design/architecture. Any more than 5 percent and you are increasing the project’s schedule without any payback. For 100 KSLOC programs (100,000 lines of code), the sweet spot is around 25 percent, and for 1000+ KSLOC (1 million lines of code or more), the sweet spot is around 40 percent.

Now, all this assumes relatively stable requirements, in the range of 1-2 percent requirements change per month. As the diagram notes, if requirements change more rapidly, the sweet spot shifts to the left and the percent of time spent on architecture should be reduced. If you are creating safety critical software, then the percent of time spent in architecture should be increased. Note that these are all generalizations which need to be customized based on the risks and opportunities for each situation.