Tag: Java

Categories
Software development

Merge code and SpotBugs issues

Reading Time: 4 minutes
Sinking hole in our neighborhood main street? We try to find the root cause.

Back to coding. When working on the same file at the same time, the old joke is try to check in your code change before the other girl (guy) does. This way you don’t have to worry about the merge (meaning, put in your code change while keeping the other person’s code changes). In this day and age though, when working in a team, with the code review process, etc., we cannot count on we always be the 1st one to check in code changes. Thus, comes the “merge hell”. And I thought I was in that for a moment last few days, as I didn’t know a lot code has been changed for the repo (feature branch) I was reviewing and tried to merge. But it didn’t turn out as bad as I thought.

Some observations I have. Some are well known: one is don’t keep the feature branch for too long. I think the recommendation is a day or 2 (source 1, source 2). But we kept it much longer than that. To add to the complexity, I saw meaningful amount of refactoring being done in another branch (which I need to keep as well, at the same time it complicated my feature branch merges).

The approach I took eventually: initially I accepted everything in my feature branch, and I quickly realized that won’t work. So I took the opposite approach, I accepted everything in the dev branch (after the other feature branch is merged), and then I pick and choose my feature branch changes, and put in those changes. Ran local build and tests.

Btw, on testing front, I observed a locally hosted (localhost) Web Service (WS) calling another WS locally vs calling the WS hosted on #AWS #K8 has performance impact: roughly 15 sec vs 45 sec. I yet to test the scenario of caller WS on AWS.

My good old days

I cut my teeth on “code merge” about 20 years ago, when I was working for a software company. We didn’t have agile and all the jazz. But we were doing the modern day agile and did software dev in an increment way. Every 2 weeks different dev branches (teams) of the company merge our code changes to the central repo, and we call it integration. Since we have annual release of our software, we pretty much do about 20 phases (2 weeks x 20 = 40 weeks) for a release. Each team has a person that is responsible for the build and integrate the code to the central repo (not full time job, just once every 2 weeks, and the total time spent is about 8 hours the most for every 2 weeks). And yours truly was the integrator. And I had to resolve the merge conflict sometimes. And in some cases I need to get other teams involved to make sure my merge is good. I recall we used PerForce for source control, and KDiff3 at the time.

SpotBugs

Just as I thought I was close to be done. I encountered a few SpotBugs issues. Mainly there are 3 types, as shown below.

  1. Optional type returns null (this is a big no no). I took out the “Optional”.

2. The default getter and setter generated by Lombok has a potential security issue. The solution is to make a deep copy. Refer to this SO thread 1, thread 2 and thread 3. For me I found out I need to do a null check in the setter (we don’t want to set something to null, it throws null point exception too).

3. And last but not least, it didn’t like multiple instances of hard coded strings being created in the same file. This is a low hanging fruit – just create a string variable for that.

I think one common question may come up is how SpotBugs compares to Sonar Qube. My impression is SpotBugs can be run locally, and per the “fail earlier, fail faster” motto in the Agile development, this is excellent. As for Sonar (or Sonar Qube) my recollection is we usually configure it with a CI tool such as Jenkins, and we usually need to proactively look at the results ourselves: we likely can configure it so that at least it can email us the failures in a CI build. But either way it seems local build capability is either not there or hard to achieve.

G2 also has an executive summary. Quote below:

“Reviewers felt that SonarQube meets the needs of their business better than FindBugs. When comparing quality of ongoing product support, reviewers felt that FindBugs is the preferred option. For feature updates and roadmaps, our reviewers preferred the direction of FindBugs over SonarQube.”

Bonus Advice

I probably solved more coding problems by stepping away and taking a walk… or driving on the way to home after work. Once I couldn’t resist the temptation to try it out so I turned around 😂 #walking #driving #coding (warning: always pay attention to the surroundings while drive or walk, the physical safety of you yourself and those around the you are the most important).

(Update 01-Nov-2023) I found an issue with “merge commit”. I did not do the rebase or at least I did not use the git rebase command. What I did: I go to the “target branch” in my local, do a git pull (get the latest code), then go back to the “from branch”, do a git merge target_branch, now the “from branch” is updated with the “target branch” most recent code change, and I would no longer have “merge commit” in my Pull Request (from merge branch to target branch). Note the code change was pushed into the merge branch using the command “git merge feature_branch”. Note this is a 3 way kind of merge, from “my feature branch” to “from branch or merge branch”, and the code change eventually goes to “target branch”. We like to have only the relevant code changes (commits) from the “merge branch” to “target branch”. Read this doc if you like to learn more about advanced merge.

(Update 11-Dec-2023) Thought this one is funny. The gradle build on my local worked fine, but SpotBugs test failed on the CI (Continuous Integration) build. I don’t have access to the CI server. And I guessed it’s the unused variables I just added. So I added a bit loggings for the two new variables I just introduced. And it worked: now the CI build is good.

Categories
Career Software development Technology

Job search advice amid COVID-19 pandemic

Reading Time: 5 minutes

We are at unprecedented times, in terms of the pandemic, and the economy aftermath. The IT software dev job market is not impacted as much as some of the hard hit ones such as. travel and leisure, but nobody is also insulated when there is a typhoon. For example, locally here in St. Louis, Enterprise rent a car, the largest car rental company in the US and in the world, has laid off more than 2,000 people, IT division included. I recall about 10 years ago I wrote a post about job search, and I like to update it, amid the time change and this specific pandemic change.

Some obvious things

No onsite interviews, remote or video interview only these days. Zoom is the most popular choice, and for developers there are some white-boarding online software. Realtime white boarding is actually quite challenging, from my personal experience, on both ends. It also depends on the friendliness of the interviewer, some interviewers like to be “above the interviewee”, they give the problem, did not like to talk or give hints, and expect a quick answer right away. On the other hand, there are some other interviewers who are more open and friendly, and sometimes they will throw a dog bone to rescue. As interviewer I always try to be the former, as I personally have been in the receiving end of “bad interviewers”, and don’t like the experience. Once at an onsite interview (long time ago), a guy who maybe quite sharp, made this comment: it sounds like you did much better than the other guys came in earlier, they really don’t know what they were talking about. And at least you put up this and that, blah blah blah… is this a compliment? I guess my English is already good enough to appreciate the underlying tone there. On the other hand, I can always appreciate good / friendly interviewers, once (not in coding or white boarding) during an onsite interview, the interviewer saw my schedule and saw that I was stuck in the little room all day, he offered let’s talk a walk, and talk in the company cafeteria. It was year early / winter 2005 as I recall, in middle of New Jersey.

Websites

Below two the most popular websites now.

Indeed: note Indeed.com is No. 1 in terms of the number of jobs. I found my last job and current job via Indeed.com. This is mind boggling when you think about it. I am not sure whether it exists in 2010. It’a an aggregator website. A bit like Google for information search.

LinkedIn: linkedIn became more meaningful too, I got a job offer in my last round job search and the lead is from LinkedIn. Many companies now post jobs at LinkedIn. Besides the number of jobs, we all know LinkedIn is the top 1 place that recruiters congregate. And as I built profile at LinkedIn, I also received more unsolicited messages or requests from mostly recruiters or website SEO people. Most recently I decided to be more discreet on accepting recruiters request. Most recruiters are young enthusiastic people and I bet they send out things blindly. This brings to another point.

Also, stackoverflow has a job portal, and some of the jobs are looking good too.

Recruiters

I think recruiters are still useful, if we are more discreet and we ask what we want. I have some recruiters friends from both ends as well: job search, or candidate technical screen. And I keep in touch with them from time to time, as a part of relationship building. Sometimes this could be a simple “hi” when the recruiter is in the hallway or in the office. I do understand, on linkedIn, or via database, sometime some younger recruiters will cold call (the reason I pick up the reason was probably the call from number is an agency I know). And we need to keep things in perspective that’s a part of their job and paycheck too. Also keep in mind we live in a small world especially in the St. Louis IT job market, and sometimes the table can turn quickly. I recall seeing a former coworker at two separate places (and I remember he was not being nice to me 🙂 I don’t have grudges against him, but I just know I probably won’t use him as reference, and vice versa.

Code Test

Not white-boarding or pairing either remote or on spot, but something like hacker rank, or filtered.ai. Those are okay as they are usually not overly difficult, they are fair test in other words. There is some random ones, which is usually some problem a tech lead, an architect came up with. And some of those can be nasty. Once I spent 24 hours on a problem, and could not solve it. I solved it a day later. Also noted the behavior type questions on filtered.ai or company recruiting website. Those are easy ones to score points, so don’t waste the opportunities. Usually they let you re-do if the first recording does not look good. The coding test, if done properly, you can run the unit test on the editor and you know it’s failed or passed.

(Update 05-19-2020) There are a lot of online code playground or white boarding tools for code testing on the spot. Those are mostly collaboration tools, with some syntax highlighting. But it’s usually not as powerful as the hacker rank or filterer.ai as the latter ones usually have the build-tests, so basically you will know your code is good enough or not by passing those tests (tests are usually hidden though). Tools such as code labstack (Update: 03-01-2023 no longer available, here is alternatives programiz, and jdoodle) are still pretty useful. One thing I am not sure is how they manage the sessions. From interviewer (hiring side) point of view, it maybe helpful to give a heads up if a quick code test is expected so that the candidate is aware. I have seen candidate just bail out without even trying. I have been on the receiving end of this kind of test as well. Again the interviewers friendliness (more precisely helpfulness, do they just want to see the candidate fail, or they want to be as human as possible) varies. (sample java code question here). Also JavaScript code playground such as codepen.io (more links for codepen clock 1 mine and clock 2 Dan Abramov) and jsbin.com .

(10-31-2022) Found another website codio (may not be free), today I happened to use it for Python coding as I was helping a high school student on AP CS course (STEM focused high school in LA area, it seems they require AP CS as a course).

My javascript code samples.

Last but not least, problem solving questions. One example: Suppose we have 8 balls: one is heavier than the other 7, the other 7 are identical. Now we have one balance (or scale), and we can put balls on two sides to weigh and compare. Use as few attempts as possible, to find the heavy ball? A follow up question is, if we have 2 or 3 attempts, how many balls can we handle (again one heavy ball with many identical lighter balls). 

About me. Also you may read about my other post on related topic.

Also, please note this guide on job search. I haven’t read the whole thing but it appears good. Much longer than this blog. Last but not least, this post is a good read too (Helen Anderson @helenanders26).

The Science Behind Making Software Engineering Interviews Truly Predictive of Job Performance by Geoff Roberts.

Categories
Technology

A legend is a legend

Reading Time: 2 minutes(Update) Many people (such as DBANotes) think IBM is the ultimate loser in the Sun/Oracle deal. I think the deal is not necessarily bad news for IBM. Here is my rationale. IBM did not win because:

1) Anti-trust concern. Sun and IBM together will have a very high share of both UNIX server and storage tape markets.

2) Oralce CEO Larry and Sun CEO McNealy are very good friends (source: WSJ).

Negatives for Oracle:

Continue reading “A legend is a legend”