Monthly Archives

September 2017

The PYPI Python Package Hack

By Security, ToolsNo Comments

There is a brand new hack out there that has very quietly affected many of people.  Malicious developers uploaded slightly misspelled library names in Python’s package installer PyPi. Prominent examples include urllib vs. urrlib3, bzip vs. bzip2, etc.). These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code. It is very similar to what happens when you type in https://cnnn.com/ vs. https://cnn.com/

Reference  You can read a pretty good discussion here: https://news.ycombinator.com/item?id=15256121

What does PyPi do exactly?

PyPi (Python Package Index)  is a repository of software for the Python programming language. There are currently 117,189 packages installed that users can download. It is the default repository for python developers around the world. If you want to install a common library, you use a special tool called pip, which knows how to pull files down from the PyPi.

What can you do about it?

1. Run this simple one-page python code to check for bad packages. Ref: https://github.com/williamforbes/pypi_hacked_names

The output will look something like this in verbose mode.

pypi hacked list

Output from https://github.com/williamforbes/pypi_hacked_names

2. if you don’t have any of the bad packages, then there is no problem.  However, make sure you review all of your virtual environments and run the same script.

3. If you do have a potentially compromised library, don’t use pip uninstall as it runs code in the package. Just go to the directory and delete the package.

That’s it! This is a very insidious attack. Will keep tracking this at PyPi to see if we can help protect users.

Branding Your Company Part 2: Finding Our Why | Capabilities Flyer

By MarketingNo Comments

Our branding strategy played a major role when we began to apply it to our new capabilities flyer. Bytelion had grown both in number and in personality since the previous flyer. Recent hires brought great energy into the company, and we wanted to share that fresh energy.

screen-shot-2017-09-05-at-4-43-23-pm

Question Your Team

From experienced employees to our student interns who just started, we interviewed a broad range of team members to find our “why.” It was important to hear from multiple employees to gather an accurate documentation of our company’s voice. We asked them, why do you come to work each day? What do you hope to accomplish at our company? What do you bring to the table that no one else can? Each employee talked about different aspects of our company. Each expressed what their work meant to them. Many employees talked about their unique passions. Whether their passion was for coding, project managing, designing, or even blogging, we discovered what united these different interests was the love to tackle challenging difficult problems. By the time we finished, we had pages of content. It was starting to look overwhelming, but we decided to continue and find common a theme.

screen-shot-2017-09-07-at-3-49-45-pm

The Writing Process

The hard part was stitching together each individual’s thoughts into one comprehensive paragraph. It took many (and we mean many) attempts to slim our collective ideas down into one paragraph. What we found difficult was how effortless it was to start using long winded sentences that essentially were nothing but fluff. Returning to our goal, our “Why” sounded like an “It” was collective voice kept us grounded. To stay focused, we frequently asked, could anyone at our company recite this and be genuine about it?

screen-shot-2017-09-08-at-9-49-51-am

Revisions

What we discovered is that it takes multiple revisions to write your company’s true passions and visions onto paper. We learned a lot, but most importantly to not be afraid to eliminate the elaborate phrases that don’t have meaning or value. In some cases, we had to completely start over to find the right set of words that encapsulate the spirit of our team. We concluded that the broad range of expertise our employees share is the desire for excellence, passion for perseverance while fostering individuality.

Review! (Again and again)

Once we established who our team was, we reassessed our flyer. The purpose of the capabilities flyer was to share Bytelion’s abilities with potential clients. What we had, was a great summary of our team, but our resume did not truly stand out for our clients. Then it clicked, our ‘why‘ was our clients. So what if we were passionate about coding? Why does it matter to our clients what our personal interests are? What they need to know is what we as a company can offer them. Do we have the ability to make the idea a reality?

If our flyer could not prove that we could provide something of value, we would be wasting their time. So, we decided to change who we were addressing. It was no longer about us; it was about our clients, -the people who need to understand who our company is.  We decided that the needs of our clients should not only reflect all aspects of our company but also be the core of our brand.

screen-shot-2017-09-14-at-3-01-29-pm

screen-shot-2017-09-14-at-3-01-38-pmFinal Thoughts:

In conclusion, branding goes far beyond a simple name and a logo.  It is the legacy that is carried on long after others have moved on. The development of the brand can be profound due to its complexity. It should embrace all aspects of your company, but when applying your brand to your work, make sure that you are speaking to your clients. Don’t let the presence of your brand overwhelm your product. If done correctly, with a well-developed brand you will gain broader recognition of your company. Through your brand, you can share your company’s positive attributes and stand out from the competition. Your customers will enjoy interacting with a company that goes far beyond their demands and expectations.  After all,”people don’t have relationships with products, they are loyal to brands.

How can I move my difficult development team to Agile?

By Agile3 Comments

How can I transition my team to Agile?

Development teams can be difficult and incredibly frustrating. Some developers believe that scrum is micromanagement and does not value transparency. Others are stuck in their ways and don’t want to change. Some development teams have had terrible agile leadership, dysfunctional project execution and therefore are far less than impressed with the entire Agile experience.

In this post, I will explain how you can guide the most difficult people through the process and make them a believer. Please note, each team is unique, which means each team requires a unique approach. If you want more information about Agile vs. Waterfall method, check out our previous post: Corporations Moving to Agile.

screen-shot-2017-09-05-at-1-24-20-pm

Become a self-taught expert

Before walking your team down the path of agile, make sure you are well read with some core agile development books. For a quick and insightful overview of the scrum process, I recommend Scrum: A Breathtakingly Brief and Agile Introduction.Team members can finish this book in under an hour. Youtube has a plethora of amazing videos like this one from Atlassian. If you prefer to read through the web, we highly recommend Mountain Goat Software (You are welcome Michael Cohn!). We have relied on their interpretation of agile roles and techniques the most. To understand agile, it is a good idea to see both sides of the story, Google “Agile sucks” or “why we quit scrum” to understand the objections.

  • Pros:  Simple, easy, low-cost.
  • Cons: Won’t pick up on many of the nuances that only real experience provides.

Demonstrate Leadership

Sit down with your team and discuss exactly why you are moving to agile. Explain how the process works, what the benefits are, and listen to their problems and concerns. Bring up your research from why “agile sucks” early on so they are aware that you understand how they might feel. You don’t have to be a developer to command the respect of your troops. You do, however, have to understand their point of view to be able to work with them. Believe it or not, software development, like product fit, involves human empathy. So try walking in someone else’s shoes.

  • Pros: Lots!
  • Cons: None. Time spent on this pays off in the (very!) near future.

screen-shot-2017-09-05-at-1-26-17-pm

Get Help: Hire An Agile Coach

There is an industry of Agile coaches that will work with your organization to spot problems, collaborate with product managers to “modify” some less desirable behaviors. Then turn the pressure on for development teams to get the most out of them.  Agile coaches have varying degrees of expertise, so you must be careful in your vetting process.  One of the best we have found is the team at Project Cooks.

screen-shot-2017-09-05-at-1-29-23-pm

Get Help: Hands on Agile Hybrid Training

If you want to train your development team, another reliable option is to have your team co-locate with a software services company that has a mixture of software development and agile training. This emerging model can be found in New York City’s Pivotal Labs. Your team works with theirs for about four months while building a product using Agile techniques. At the end of the four months, your team is capable of working out of your offices with a full and practical understanding of Agile development. Bytelion is currently implementing this model in Baltimore/Carroll County Maryland.

  • Pros: Your team works side by side with Agile experts.
  • Cons: Expensive model, Team must travel.

screen-shot-2017-09-05-at-1-31-32-pmFire Your Way Out

Let’s face it; sometimes you are going to work with some pretty difficult people. No matter what you do, they will not change. There are times that you won’t be recognized as a strong leader.  No matter how effective you are as a product owner, there can be an impediment to the relationship that will make you less efficient.  If you have either of these scenarios, it is best to cut your losses and find the right people who will fit your organization and culture of openness and accountability.

  • Pros: Confidence that you have hired the right team.
  • Cons: You will have to shed people with domain knowledge and invest in new people.

screen-shot-2017-09-05-at-1-33-22-pm

Formal Certification

You may want to consider a Scrum workshop to certify all members of your organization. These can be pretty expensive, but the benefits should far outweigh the cost. You can find team workshops/courses at scrum.org and scrumalliance.org. For more details the two, please check out our comparison.

  • Pros: All principles are covered, team has the same standard
  • Cons: Knowledge may be superficial,  time away from the office.

screen-shot-2017-09-05-at-1-34-58-pm

Final Thoughts:

Having the right Agile team and culture is critical to your product line. We hope that these options are helpful to you as you move forward. As always, nothing beats engaging at networking events to meet other leaders including conferences and events to hear how they solved their problems.

If you were curious about Bytelion’s agile development process, we are happy to chat.
Feel free to email us at info@bytelion.com

 

What’s the difference between Smoke Testing & Regression Testing?

By TestingNo Comments

You can prevent mistakes found within your application through Quality Assurance (QA) testing. This step is critical for any software project as it helps your team produce the best product before delivering it to the client. In this article, we will discuss two types of QA tests. If you are curious about QA and how it can help your project be sure to read our article Why is QA Essential for your Project?

What is a smoke test?

smoke testing

A smoke test is a quick run through of a site;  it focuses on critical functionality to ensure the site can perform basic features.  The primary features are often called red routes in the software industry.

It only takes a couple of minutes to complete, up to ten minutes at most. What is great about smoke tests is you can perform them either daily or every other day.

Smoke testing came to software testing from a similar hardware test -where the device passed if it did not catch fire (or smoked) the first time it was turned on!

For software purposes, an example of smoke testing could be for a hotel reservation site. In this smoke test example, the tester would ensure the user will be able to sign up, change your password, create a booking, and be notified.

what-the-team-builds-1

What is a regression test?

A regression test is an in-depth, thorough examination of a site. It tests all of the complex user stories and detailed nuances of the site, therefore; they may take many hours to complete. Performing a regression test ensures any changes made did not negatively impact any of the functionality of the site. A regression test will cover every feature, new and old, along with bug fix checks to make sure bugs did not reappear in the software.

When should I perform a smoke test or a regression test?

You should frequently perform smoke tests. Performing a smoke test immediately following a push to production acts as a way to ensure the high-level functionality of the site is working.

In my experience, you should conduct regression on a per sprint (generally two weeks) basis. A regression test should occur immediately before a push from a testing environment to production. This will ensure that the push to production will not negatively impact the functionality of the site. If we use the previous hotel example, a regression test will check not only the basic items that make the site work but allow us to test more complicated use cases for bookings, such as multiple locations, discounts or promo codes, and international tax law.

Just a quick note about regression testing and developers… Never mix the two.  Developers are too close to the problem to test properly, and it takes them out of their development zone. Developers need to spend the majority of their time developing, rather than doing in-depth testing.

regressiontesting

Final Thoughts:

Now that you know a thing or two about the major types of user testing, you can apply the proper technique when you need it! Having your developers conduct smoke testing on their code helps them move along faster with their development, especially in the beginning of a project.  However, you need to be able to invest in regression testing on a routine basis or components of your application will begin to break. This small investment will allow you to fix things quickly and efficiently.

Have any questions about testing?  Our knowledgeable quality assurance team is happy to help! Please contact us info@bytelion.com

Kathleen was featured in a previous article about our interns.

screen-shot-2017-09-05-at-4-06-24-pm

Why building an admin panel should be in your first sprint

By Agile, DevelopmentOne Comment

Overlooking small aspects is the nature of starting a software development project. From how much time a feature will take to the Mythical Man Month Mistake; eventually a team runs into all of these. One area that’s commonly forgotten and can make a big difference in the performance of an application is the admin panel. In my opinion, few features are as important and useful as an admin panel. More often than not, developers and project managers don’t take the time to plan, design, and implement. Often, projects can run over because of this. With a little up front work, you can cut this friction down dramatically and help your company drive revenue faster.

mythic-man-month

Insight into user behavior:

What is an admin panel you may ask? It’s an admin-specific platform in an application that allows for access and manipulation of data within the user interface of the site. The admin panel can help user-related functions, such as providing insight into user behavior, dealing with profiles that violate the site’s terms and conditions, and tracking transactions. But you should know that admin sites are not just limited to user-related tasks.

A well-built admin panel can be turned into a dashboard to either display business metrics and analytics without the viewer writing a single bit of code, or to export weekly data which can be used to create reports. Add to the list that any QA member of the team will love an admin panel for the ease it gives them in verifying data, quickly entering or deleting data, and determining if an issue is in the frontend or the backend. Functioning without an admin panel can lead to a lack of insight into your data, and add greater difficulty for the testing team.

wordpress-admin-panel

Examples of Web Frameworks

Most web frameworks have plugin libraries that make the creation of an admin panel much easier. For example, PHP/Laravel has LaraAdmin (https://laraadmin.com/), Ruby/Rails has ActiveAdmin (https://activeadmin.info/)and my favorite backend framework, Django (https://docs.djangoproject.com/en/1.11/ref/contrib/admin/), has an admin panel by default!

this VVVV is a pic of a dashboard modification of the Django admin panel to provide some analytical functionality

This is a pic of a dashboard modification of the Django admin panel to provide some analytical functionality

Limitations:

While out-of-the-box admin panels are wonderful, we have to work around some limitations. Most plug-and-play admin panels accomplish two goals: to manipulate data and to display data. These are crucial parts of any data-driven apps.

Can we push it further? Yes we can! Your customer doesn’t need to see a graph of quarterly earnings or the number of visits of repeat customers, but I bet you do.

How about the average purchase per transaction? If these metrics appeal to you, I suggest expanding the limited admin panel functionality to include business analytics. There are other sites out there that can build admin panels, but they may not have the custom features your team needs.

Final Thoughts:

A well-built admin panel will increase productivity, give insight into data, and help you catch bugs; adding up to greater revenue for your business. By investing in the admin panel early, you are going to build your application much more efficiently and allow your team to do what they need to make your business grow.

Do you need help building our your next admin control panel? Our expert backend teams are happy to help! Contact us at  info@bytelion.com.