Who is responsible to look into client reported issues [closed] - issue-tracking

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
In our organisation we deliver products to different product lines depending on the requirements. in short the same application is customised according to customer requirements and delivered. After deploying the application sometimes we got some issues logged by client.
My question comes here. who is responsible to look into the issues and solve it
Programmers
Testers
Management is asking Testers to have a look into the issues and solve them. But the testers don't have the chance to look into the code. is it feasible to ask the testers to go for the issue resolution and end up wasting time doing nothing thus delaying the solution to the customers.

I would normally expect management to look through the issues every so often (say, every week), and allocate depending on schedules, severity, forthcoming releases etc. Some questions are:
is it an issue a bug, a feature request etc.?
does it prevent your client from working with your tool ?
is it impacted by forthcoming work (e.g. will a new feature remove the feature causing the issue) ?
I don't believe you can resolve these issues in isolation. It requires project managers etc. with awareness of project direction and programmers with awareness of the codebase to work together to determine how/when issues should be addressed, and their impact on other work streams.

Initially you should have a support department that does triage on all newly added issues. They should be empowered and informed enough to decide whether this is a non-issue, whether there's a work-around or whether they don't know. If it's the latter then it should be elevated to programmers.
You might also want to include the testers in the chain if the support guys are unable to produce an adequate 'how to reproduce the problem' document for the programmers.

The way it works at our company is that the testers are asked to verify the client's issue, i.e. trying to reproduce it and document the steps taken to reproduce it. Then it gets logged as an official bug and assigned to a developer who can retake the tester's steps and hopefully fix the bug.

Testers can identify an issue. How can they resolve the same? Only the developer will be able to do it. Looks really strange where a tester is asked to resolve the issue.

Who deals with the clients? Liasing with clients is not a task normally associated with the technical staff.
You should have someone whose role it is to speak to the customers, find out exactly what the issue is and how the client would like it resolved so that it may be passed onto the most relevant person to address the issue.

I would say the logical way to do it is:
Testers should try to reproduce the problem and identify its source
Report the problem with steps to reproduce it to the programmers
It's not common usage to let testers solve the issues as the programmers won't get the feedback they need to avoid the issues in the future.

Testers - verify that the problem exists.
Programmers - solve the problem.
In between there is another part to this, which is "gather information about the problem". Usually this is a split between testers and programmers; exactly how balanced that load is depends on the team.
If you don't have the code, you can't fix bugs. It's as simple as that. At the very most you could fix configuration errors, but if the misconfiguration was caused by the program that's a short-term fix.

Related

Getting my Symfony pull request merged

One month ago I submitted a pull request for what I believe is a backwards-compatibility break in Symfony 2.7:
https://github.com/symfony/symfony/pull/15328
No one in the core team has reviewed it yet, which is surprising to me since I would have thought BC-breaks would be a high priority. I've read the contributing guidelines and followed them as best I can; the only problem I see is that it's not passing on HHVM for reasons that I don't think have to do with my change.
So my question is: have I missed some prerequisite for getting one's PR reviewed, or do I just need to quit whining and be patient?
I cannot talk on behalf of the core team or direct experience. In fact I should not talk at all :-)
But as an occasional open source maintainer myself, I see that there are 222 PRs open; as long as yours is failing the CI tests, I fear it will definitely get less attention than the others. Also it may have been triaged as a less important fix. Again, this is just IMHO.
I think you should really focus on fixing the broken CI test; you can ask another question here to get help.

Is ESAPI.NET a dead project?

I've been recently tasked with leading an effort to improve our input (and output) validation with OWASP recommendations and PCI compliance in mind. In the process, I'm trying to assess the value of the ESAPI.NET project which does not appear to have seen any activity since the spring of '09 and as it stands is incomplete.
Does anyone have experience using or extending ESAPI.NET v0.2? Is it a good starting place today for building out an infrastructure to address the targeted vulnerabilities?
FYI: I am looking at MS AntiXSS which, of course, only addresses a portion of ESAPI's scope. We already do a good job with SQL injection though there are improvements we need to make.
(If someone wants to create an ESAPI tag, feel free. I don't have the mojo.)
Looks like there were a couple updates last week: http://code.google.com/p/owasp-esapi-dotnet/source/list
You might contact one of the project leads on that list to ask what's going on.
NOTE: 05/26/2012: the last update on that project was dec 4, 2010. Yes, it is dead.
It looks like ESAPI is dead period. There's nobody using it, there are no questions, no forums, no information, nothing. The listservs (what is this, 1996?) are barren too. The documentation is terrible and the samples in the swingset don't work (server that installs is HTTP not HTTPS, and no transactions can be made in HTTP mode).
Seems to be a dead end project.
The project itself seems dead there are however some people who maintain a github copy with several (minor?) additions...
https://github.com/haldiggs/owasp-esapi-dotnet
https://github.com/jstemerdink/owasp-esapi-dotnet

CDN: "Origin pull" service providers? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Does anyone know of inexpensive "origin pull" CDN service providers.
The only provider that I've found that provides this are SimpleCDN and Akamai. Akamai is crazy expensive and SimpleCDN seems to change their business model daily, so I'm concerned with using them.
We use PantherExpress in "pull mode" (not sure they do anything else, really) and it's great. Also very competitively priced. They're now owned by CDNetworks; I haven't talked to their sales people at all so I don't know how much changed.
LimeLight were also much better priced than I expected when we were getting quotes; but they had this stupid "oh, a little more for this feature and extra for that feature" pricing where PE just gave me a simple price including all their features.
When we were evaluating EdgeCast was missing some of the features we needed, but I think they've caught up now.
We use 10-20Mbit/sec on the CDN to give you a ballpark.
Few other CDNs:
Edgecast
Highwind
Reflected Network
Afaik most of pay-as-go CDN providers, as CDN77.com or Maxcdn, has this feature as the simpliest and standard one. You can find more about Origin Pull providers also in discussion CDN: "Origin pull" service providers?.
As I'm using CDN77 I can confirm you that they are providing this without any problem, with 14 day free trial version, on about 50 or 60 PoPs.
I've used LimeLight with an origin pull model and it works quite well. The only issue is their edge network is constantly expanding so if you want to employ any kind of security for your content on the origin (i.e. firewall ACL's) it becomes a constant maintenance PITA. OTOH, if your content if wide open to the public then I would highly recommend them.
I don't know how cheap they are for a new customer. I guess it depends on how much traffic you are expecting (and ultimately how much money you will give them). My company does a fair amount of CDN business so we got really nice pricing, but YMMV.
Also, if you are a Rackspace customer you might be able to leverage their pricing - they use LL exclusively for their own content and for their cloud offerings (http://www.rackspacecloud.com/cloud_hosting_products/files).
Good Luck!
You might want to give VPS.net CDN a try:
https://www.vps.net/cdn-signup
According to their wiki they support "Origin Pull".
I don't work for them
I haven't used their service
but their pricing looks very competitive.

Distributed Cache/Session where should I turn? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am currently looking at a distributed cache solution.
If money was not an issue, which would you recommend?
www.scaleoutsoftware.com
ncache
memcacheddotnet
MS Velocity
Out of your selection I've only ever attempted to use memcached, and even then it wasn't the C#/.NET libraries.
However memcached technology is fairly well proven, just look at the sites that use it:
...The system is used by several very large, well-known sites including YouTube, LiveJournal, Slashdot, Wikipedia, SourceForge, ShowClix, GameFAQs, Facebook, Digg, Twitter, Fotolog, BoardGameGeek, NYTimes.com, deviantART, Jamendo, Kayak, VxV, ThePirateBay and Netlog.
I don't really see a reason to look at the other solution's.
Good Luck,
Brian G.
One thing that people typically forget when evaluating solutions is dedicated support.
If you go with memcached then you'll get none, because you're using completely open source software that is not backed by any vendor. Yes, the core platform is well tested by virtue of age, but the C# client libraries are probably much less so. And yes, you'll probably get some help on forums and the like, but there is no guarantee responses will be fast, and no guarantee you'll get any responses at all.
I don't know what the support for NCache or the ScaleOut cache is like, but it's something that's worth finding out before choosing them. I've dealt with many companies for support over the last few years and the support is often outsourced to people who don't even work at the company (with no chance of getting to the people who do) and this means no chance of getting quality of timely support. On the other hand I've also dealt with companies who'll escalate serious issues to the right people, fix important issues very fast, and ship you a personal patch.
One of those companies is Microsoft, which is one of the reasons that we use their software as our platform. If you have a production issue, then you can rely on their support. So my inclination would be to go with Velocity largely on this basis.
Possible the most important thing though, whichever cache you choose, is to abstract it behind your own interface (e.g. ICache) which will allow you to evaluate a number of them without holding up the rest of the development process. This means that even if your initial decision turns out not to work for you, you can switch it without breaking much of the application.
(Note: I'm assuming here that all caches have sufficient features to support what you need from them, and that all caches have sufficient and broadly similar performance. This may not be a valid assumption, in which case you'll need to provide more detail in your question as to why it isn't).
You could also add Oracle Coherence to your list. It has both .NET and Java APIs.
From microsoft : App fabric
Commerical : NCache
Open source : RIAK
We tried a couple in the end we use the SQL session provider for asp.net/mvc yes there is the overhead of the connection to the DB but our DB server is very fast and the web farm has loads of capacity so not an issue.
Very interested in RIAK has .net client and used by Yahoo - can be scaled to many manu server

From admin to dev [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Recently a friend of mine had gone from a high level NOC position to a developer. Before that he was just doing the help desk stuff. He has no degree, only the usual MIS/networking certifications and as far as I know only tinkers with code on the weekends. I can see where in some scenarios having a good understanding of configurations, packets, users, OU's, etc would be extremely beneficial to a developer.
My question is this, how many full time developers started off this way? Even how many people dual wield the responsibility of developer/systems administrator/network administration?
I'm sure that this is a fairly common scenario. I've spent 12 years in I.T. and I find that as time goes on, the real income comes from being a specialist (DBA, coder, etc.) as opposed to a generalist (network admin, helpdesk).
It's actually the path that my career is taking. I'm not quite a full-time DBA or developer but that's where I'm heading.
I'm also willing to bet that the people skills I've picked up along the way (helpdesk support, network admin, systems analyst) will help me in my DBA/Developer career. Skills I don't feel I would have gotten had I jumped right in to a coding career.
Indeed. I think developers should know the platform they are building software for. If a dev has worked as sysadmin before, he will know how to integreate his software well. Some Windows-Desktop-App related "integration smells" that come to my mind:
App does not run unter normal-user privileges (run on properly secured enterprise desktops? oops!)
App requires write permissions to all kind of system folders (security? oops!)
App stores user settings in 'nonstandard' locations like %programfiles% (backup? permissions? oops!)
App does not provide silent-installable setups (deployment? oops!)
Etc..
A real sysadmin would never write software that has one of the above integration smells. Really.
It's quite common in small companies. I did that for some time - developing the software we sold to customers, keeping the network going, and adding features to the database as needed for a manufacturing company of fewer than 20 people.
You wear many hats in a small business.
But I started off programming microcontrollers in high school, so I can't claim this is where I started.
It is very helpful to have a working knowledge of all these systems as a developer.
-Adam
The overlap of developers and admins happens quite a bit. Our last admin developed on the side just so he'd have a better understanding of what he was helping support. When he left I became the admin just because I tinkered with admin stuff on the side to know how my software was being supported.
A broad understanding with a few focuses is what I'd say is best for any technical professional. Then with a bit of study you can change to meet whatever need may arise.
I've seen it more the other way where a programmer also "admins" the servers and sometimes network. I've definitely been in that position.
I would think it can easily go the other way as well where an admin can start programming systems, but from my experience it's not as common. Whenever I ask a server admin or network person "do you program too?" most of the time the answer is "no".
I think it might be easier for programmers to cross the line because when you are programming a system unless you always have an admin available you need to be able to set up your own environment and that usually includes setting up a server.
I started off as a NOC operator, eventually working my way up to a senior network engineer position. During the last 2-3 years of my tenure at my previous company, I picked up a fondness for programming and started teaching myself everything I could on my own time. Around 2005, I left said company for a small startup and still work there today as as the admin and primary developer.
The one challenge I impose upon myself is to not make admin changes at the drop of a hat to satisfy programming challenges. I must force myself to code in a way that any application I make can be redeployed elsewhere with minimal privileges, despite the fact that I can do pretty much anything I want with our own servers. It's a fine line between performing both duties well and performing one duty badly due to the needs of the other.
I'm here.
Although I've been tinkering with code since I was a child, my first full-time job was being a system administrator, a DBA and other related roles.
Afterwards I worked full time job as a developer, and now I'm both a developer and a security researcher.
Also, I managed to complete M.Sc in CS.
I believe that such transitions are possible, and very beneficial, as you get a wider view on your field of work.

Resources