In the last couple of months I’ve been learning about what information can I extract from a codebase. I’ve written some articles on how to use NDepend to extract a static view of the system’s quality. But this view is based only on the current state of the codebase. What about source code history? What can it tell us? How has the code changed? These are exactly the kind of questions that Adam Thornhill‘s book, Your Code as a Crime Scene: Use Forensic Techniques to Arrest Defects, Bottlenecks, and Bad Design in Your Programs, tries to answer.
I have been using static code analyzers for a while now. While these are useful, you need to spend a lot of time analyzing warnings and issues. And the problem is that, after you first run one of the static code analysis tools on a legacy project, you are overwhelmed by the number of issues. Object-Oriented Metrics in Practice, by Michele Lanza and Radu Marinescu, shows us how to use metrics effectively. It shows how to combine metrics in order to spot design flaws. This book also presents some novel visualization techniques. These are a great way to understand and visualize a complex system.
User Stories are at the heart of agile delivery, yet creating user stories is a hard skill to master. I think everyone working in an agile project has battled with stories either too big or too small, too technical or without business value. Fifty Quick Ideas to Improve your User Stories by Gojko Adzic and David Evans provides solutions to many of these issues. This book helps readers to be more agile, instead of doing agile. It challenges ideas like using numbers for estimations and using velocity for capacity planning or for measuring value.
Enterprise Integration Patterns by Gregor Hohpe and Bobby Woolf is a seminal book on Messaging. Every developer working on messaging solutions should read it. Even though it’s more than 10 years old, the content is still relevant. This is because the book focuses on patterns and principles and it’s technology agnostic. The authors do a good job on describing how you can combine the patterns together and present the trade-offs of different approaches.
On my current project we are using OAuth 2.0 and OpenID Connect for securing our Web APIs. I have used OAuth in the past, but OpenID Connect was something new to me, so I decided to get a deeper understanding of these two protocols. In my search for a good book on the subject, I’ve found Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by Prabath Siriwardena. As the title says, it’s about OAuth and OpenID Connect. But, while I was skimming the book I noticed that it’s about more than that, as it presents the evolution of different security protocols. The book looked promising so I decided to read it and I must say that I have gained a lot from it. It provides a good overview of the most important topics on API Security.
Writing good tests is hard. Writing good specification is even harder. On my current project we treat test code with the same care we treat production code (which should be the norm on all projects), but we could still improve the readability, reliability and maintainability of our test suite.
With this in mind, Fifty Quick Ideas to Improve Your Tests by Gojko Adzic, David Evans and Tom Roden was the perfect choice for our book reading club. I’ve previously read Gojko’s Specification by Example, which really helped me better understand BDD and how to use it in practice, so I had high hopes for this book.