Monday, October 29, 2018

Tips for passing the PSD exam

Looking for help regarding Scrum.org PSD exam? Take a look at these tips
Not sure if you are aware but I'm a Certified Scrum Master. Back in 2014 I wanted to work as a Scrum Master but turns out I love to work with development so I never exercised that role. Lately however, I've been working on a project and realized that as a developer, I wanted to help my company to improve their Scrum. This time, instead of pursuing the PSM II, I decided to go for the Professional Scrum Developer certification.

The Professional Scrum Developer certification

But what is the Professional Scrum Developer certification (PSD)? According to Scrum.org:
Professional Scrum Developers are members of the Scrum Development Team and demonstrate knowledge and understanding of Scrum and their ability to build software using Scrum in real-world situations.  The value of certification is intimately tied to the demonstration of knowledge needed to achieve it. By that measure, the PSD assessment is significantly more valuable than available alternatives for Scrum.

Why you should consider the PSD exam

I think every developer that wants to work or works in an agile team should try to get this certificate. Why? Because most teams think they do Scrum right. My experience (as a contractor and employee) is that, it's rare to find a team that does scrum the right way and a company that respects and understands the Scrum framework.

And on the flip side, the certificate shows recruiters and co-workers that the developer studied, understands and knows the foundations of the Scrum framework validated by Scrum.org, managed by Ken Schwaber, one of the fathers of the Scrum framework.

What to Study

First, understand the Scrum Guide. This is the most important resource in Scrum. It may seem simple but you'll see how much each work in there makes sense (and makes a difference). Remember, Scrum is difficult to master. Second, especially for developers, study topics related to agile practices, Extreme Programming and how they apply to Scrum. It's amazing how many concepts were imported from XP for example into Scrum and people most people have no idea that they aren't required.

My suggestions are:
  • How to use scrum in a development project
  • Working within a Scrum Team
  • Why and how a Definition of Done is important
  • General development practices
  • Agile architecture practices to slice features
  • Test driven development
  • Agile requirement management practices
  • DevOps tools in Scrum
  • TDD, BDD, ATDD, CI, CD, Code Quality

Tips for passing the exam

Okay so let's take a look at some tips to pass the exam.

Tip 1: Read and understand well the Scrum Guide

The Scrum Guide is the most important document in the Scrum framework. You should read it multiple times carefully reflecting on each word. Understand well the Scrum Guide and the scrum foundations including the associated roles, events, artifacts, and rules. I suggest reading it 3 or 4 times before doing any assessment.

Tip 2: Practice with the Open Assessments

You should make exhaustive use of the Open Assessments. Basically they are a subset of the questions that you may encounter in the exam.  I suggest that you only move to the next step once you get constant 100% on all exams for at least 3 days.

Suggestion: after studying the Scrum Guide, do a couple of assessments. Validate each of your answer against the assessment answer and be sure to review it back on the Scrum Guide and understand the reason for that.

Tip 3: Explore related content

Once you understood well the concepts and the Scrum Guide, it's time to search for related resources on the web. A good start point is the Scrum.org web site:
Also try to find exercise questions and try them. My approach was before seeing the answer I tried to answer it in my mind to then, look at the response. It helped me memorizing and understanding better. However, don't trust all the answers that you see online. Be critical and reflect if the answer that you see (apart from those in the Open Assessments) is correct. I saw multiple errors around. Be critical!

Tip 4: Study developer-specific content

Apart from Scrum foundations, developers will find lots of technical questions. For developers, you can find on this page a lot of relevant information. The recommended bibliography is:

Tip 5: Exam Time

Okay so you prepared well, understood all the Scrum Guide and know the foundations of the related development questions you saw. How to deal with exam time?
  • Review a couple questions in the morning just so that information is reloaded in your mind
  • Take a few hours and go do something completely unrelated to the exam. Relax
  • Grab a coffee and start the exam.
  • Pay attention to the remaining time but don't be concerned. Time is enough. You have 60 minutes to answer 80 questions. Time is more than enough as the questions are usually small;
  • Don't waste too much time on each question. When in doubt, bookmark it and move to the next;
  • Use the bookmark feature - this is good to mark the questions you're not sure about and come back to them later
  • Remember: keep calm

Final Thoughts

Even if you don't consider taking the exam, just studying the Scrum Guide and doing the online assessments is a big step. It's common to see teams violating some of the foundations of the Scrum framework. The result is usually unsatisfied team members, lack of visibility and dysfunctional projects. Knowing what, why not reserve some time to review how's your understating of Scrum doing?

See Also

For more posts about Agile on this blog, please click here.

Monday, October 22, 2018

Integrated security vulnerability alerts on GitHub - Why it matters

How GitHub's integrated security vulnerabilities could help developers using the platform?
Last week during GitHub Universe 2018, GitHub announced support for security vulnerability alerts for Java and .NET platforms. It's a significant contribution for the .Net and Java communities on GitHub because it simplifies, clarifies and alerts organizations and project owners about vulnerabilities on dependencies used on their code base.

Sounds complicated? Let's review what the announcement says:
With security vulnerability alerts, organization owners and repository admins receive a notification when any of their projects has a dependency with a known vulnerability.

How it works

By tracking public vulnerabilities in packages from supported languages on MITRE's Common Vulnerabilities and Exposures (CVE) List, GitHub notifies repo owners and alerts them of the risk.  By default, security alerts will be sent to owners and people with admin access in the affected repositories.

Apart from alerts, you should also see on your dashboard something like the below on the Insights tab, Alerts navigation menu of your GitHub repository:

GitHub now alerts about public vulnerabilities on your project

Apart from the above, other nice additions were added:
  • You will get weekly emails summarizing security alerts for up to 10 of your repositories
  • Most of that is configurable within GitHub
  • Works for both public and private repos
  • More importantly, GitHub never publicly discloses identified vulnerabilities for any repository.

Fixing the vulnerability

But knowing of potential vulnerabilities is just the first step. The next step is to address the issue and update the packages. Since .Net users usually update their packages using the Nuget package manager with packages located on Nuget.org, let's look at a concrete example: how to fix a recent vulnerability on Microsoft.Data.OData.

Microsoft.Data.OData is a very popular package. With 33+ Million downloads, it's being used in multiple 3rd party packages and probably you're using it on your projects too. Here's what I see on Nuget.org:

According to GitHub, CVE-2018-8269 was opened just last month and includes a vulnerability on every version < 5.8.4. Here's what the issue says:
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.

So let's update the dependency and patch the vulnerability.

Updating Microsoft.Data.OData

As you know, the update of a package can be done in multiple ways. Using Visual Studio or from the command line with:

Using the Package Manager:
Install-Package Microsoft.Data.OData -Version 5.8.4

Using the .NET CLI:
dotnet add package Microsoft.Data.OData --version 5.8.4

Once you've done that, rebuilt and redeployed, you're protected from CVE-2018-8269 at least =) .

Conclusion

Bugs security issues are always being found and fixed on libraries that we use. Reason why we should always try to keep our packages up to date.

But it's not trivial to scan all packages we use against the CVE database. Note that the CVE above does not state which version it applies to. Imagine how difficult and time-consuming it would be monitoring all the dependency chain ourselves. That's why this service from GitHub is very much appreciated!

Let's leverage this very useful feature for our benefit and keep our code secure.

And please, spread the word!

Monday, October 15, 2018

Customizing your Blogger title to improve SEO

How to use this simple tip and make your blog have more visibility.

Last week we discussed how to prevent archived pages from being indexed by crawlers. On this post we will discuss another nice improvement that we can add to our site: how to customize the tile of your page if you're using Blogger.

Changing Theme Settings

In order to do that, we will have to edit the html for our blog. As mentioned in the previous post, to edit our html, inside Blogger, we click Theme -> customize button:


Once the html opens, just at the beginning we can find the <tilte> tag. I replaced mine by:



Modified Template

After making this change, this is the expected logic:
  • if the page is an archive page (myblog/2018/05), show the blog title and add a noindex to the page so it won't show up in search results
  • else if the landing page, only show blog title
  • if it's a post page, then show the post title.

And this is my final source:
<b:if cond='data:blog.pageType == "archive"'>
<meta content='NOINDEX' name='ROBOTS'/>
<title><data:blog.title/></title>
<b:elseif cond='data:blog.pageType == "index"'/>
<title><data:blog.title/></title>
<b:else/>
<title><data:blog.pageName/></title>
</b:if>

Conclusion

There are many customizations that we can done to our pages. For more information check Blogger Help. Links specific to this post are referenced below.

See Also

For more posts like this, please click here.

References

Blogger Help - Widget Tags for Layouts
Blogger Help - Layouts Data Tags

Monday, October 8, 2018

Removing Blogger archives from Google to improve your SEO


If you're using Blogger like me to host your blog and tried to add your blog to google adding Google Search Console, you may have realized that by default, Blogger does not block Google from indexing your archived pages.

Potential problems are:
  • users won't find the content they are looking for
  • users will probably not click on your impressions
  • your site will be ranked low due to poor or duplicated results
  • some of your pages may even be banned

So how do we fix that?

Implementing noindex

According to Google:
You can prevent a page from appearing in Google Search by including a noindex meta tag in the page's HTML code, or by returning a 'noindex' header in the HTTP request. When Googlebot next crawls that page and see the tag or header, Googlebot will drop that page entirely from Google Search results, regardless of whether other sites link to it.
So, there are two ways to implement noindex: as a meta tag and as an HTTP response header. Using Blogger, the simplest is to make use of the meta <meta content='NOINDEX' name='ROBOTS'/>.

Let's take a look.

Editing the Template

To fix Blogger, you need to edit your html template by, in Blogger:
  1. open the Management Dashboard by: "Design"  (or "Layout") -> "Edit HTML"
  2. Backup your template by clicking "Download Full Template"
  3. Add the following three lines this just after <head> tag:
<b:if cond='data:blog.pageType == &quot;archive&quot;'>
     <meta content='NOINDEX' name='ROBOTS'/>
</b:if>



And save.  Now your template should then look like:

What's next?

Now just let Google and other search engines do their work. After a couple of weeks you should see that your archives disappeared from the search and your results are way clearer and concise giving users access to what they are looking for and hopefully increasing your engagement.

See Also

Customizing your Blogger title to improve SEO

For more posts like this, please click this link.

References

https://support.google.com/webmasters/answer/93710

Monday, October 1, 2018

Non-technical skills software developers should have

Developers shouldn't only be about development. Read to understand why.

Being a software developer is challenging. But rewarding at the same time and we should be grateful for that. But how do we conciliate all the challenges we face?

For example, it's probable that you feel pressured with deadlines, education, your own professional development, keeping up with many new technologies. Not to mention social skills. Since most of us we spend most of the time in front of a computer, are we socializing enough with our co-workers, friends and family?

Have ever questioned yourself about:
  • your career
  • your finances
  • your personal life
  • your health
  • your mind, conscience and professional resilience

A Recommendation

If you like me, have questions about all of that, I'd like to recommend the book Soft Skills: The software developer's life manual where John Z. Sonmez, author of the blog simpleprogrammer.com, guides us on this excellent book throughout these topics.

What’s Inside

  • Boost your career by building a personal brand
  • John’s secret ten-step process for learning quickly
  • Fitness advice to turn your geekiness to your advantage
  • Unique strategies for investment and early retirement

Summary

Here's the book summary:
Soft Skills: The software developer's life manual is a unique guide, offering techniques and practices for a more satisfying life as a professional software developer. In it, developer and life coach John Somnez addresses a wide range of important “soft” topics, from career and productivity, to personal finance and investing, and even fitness and relationships, all from a developer-centric viewpoint.

Conclusion

Be sure that this book has insights for everyone. Personally, as an eager to learn person, I really loved his 10-step to learn process. I don't want spoil but it's an interesting technique to learn quickly and start producing faster than ever.

Hope you enjoy the book as I did!

See Also

About the Author

Bruno Hildenbrand