Ruby Sig: How To Design A Domain Specific Language
Google engEDU
1 hr 3 min – Oct 5, 2006

Google Tech Talks
October 5, 2006

David Pollak has been developing commercial software for 28 years. He founded Athena Design and wrote Mesa, the first real-time spreadsheet. David wrote Integer, the first online, collaborative spreadsheet. Since 2000, David has been developing domain specific languages for security and general web development.

ABSTRACT
David will describe a framework for developing DSLs which includes:

* Identifying the constituents in a development project;
* Determining the costs and benefits of a DSL for a particular constituency vs. hand-coding functionality for that constituency based on interviews and specs;
* Identifying the ‘thought leader’ in a given constituency and interviewing him or her to determine the semantics of the domain;
* Determining syntax of the DSL;
* Mocking up the DSL and ‘test driving’ it with the thought leader;
* Finding appropriate integration points for the DSL into the application;
* Defining the process by with the Domain Experts will update code in the DSL (e.g., they have a web page where they can change tax calculation rules vs. they make a change to particular Ruby files as part of a development/staging/production cycle.); and
* Iterate over the semantics, syntax, and process to fully integrate Domain Experts into the development process. Read the rest of this entry »

How To Design A Good API and Why it Matters
Google engEDU
1 hr – Jan 24, 2007

Google Tech Talks
January 24, 2007

ABSTRACT

Every day around the world, software developers spend much of their time working with a variety of Application Programming Interfaces (APIs). Some are integral to the core platform, some provide access to widely distributed frameworks, and some are written in-house for use by a few developers. Nearly all programmers occasionally function as API designers, whether they know it or not. A well-designed API can be a great asset to the organization that wrote it and to all who use it. Good APIs increase the pleasure and productivity of the developers who use them, the quality of the software they produce, and ultimately, the corporate bottom line. Conversely, poorly written APIs are a constant thorn in the developer’s side, and have been known to harm the bottom line to the point of bankruptcy. Given the importance of good API design, surprisingly little has been written on the subject. In this talk, I’ll attempt to help you recognize good and bad APIs and I’ll offer specific suggestions for writing good ones.

This talk is part of the Advanced Topics in Programming Series at Google. Read the rest of this entry »

How To Recruit, Motivate, and Energize Superior Test Engineers
Google engEDU
59 min – Nov 9, 2005

Google Tech Talks
November 9, 2005

Jeff Feldstein

ABSTRACT
The expectations today are for increasingly high-quality software, requiring more sophisticated automation in testing. Test and QA teams must work more closely with development to ensure that this sophisticated automation is possible. This has lead to software engineers applying creativity, talent and expertise to not just application development, but testing as well. This transition from manual to scripting to highly engineered test automation changes the way we recruit, hire, motivate and retain great test engineering talent.

The speaker uses examples of how his team at Cisco changed the way it tests over the past six years. In this class, he’ll review eight points for why test is a better place for software developers than software development, and he’ll show how and when to express these points to hire, motivate and retain top talent. You’ll see how to inspire greater innovation and creativity in your testing processes, and how to manage and inspire test and development teams that are spread across different locations. You’ll also learn the place of manual testing in the new environment. Read the rest of this entry »

How To Plan Projects With Distributed Teams
Google engEDU
56 min – Apr 3, 2007

Google Tech Talks
April 3, 2007

Hubert Smits will give a hands-on overview of the activities that are involved in larger agile projects. Larger projects stretch out over more then a few months and have more then a single team involved. Things get more complex when the teams are not collocated. Hubert has based the talk on his paper "Multi Level Planning for Agile Projects" and presents a practical implementation of the planning levels. The experience he uses in the presentation is taken from his work as an agile coach for Rally Software Development, which brings him to projects with teams scattered across the globe: the US, Europe, Middle East and Far East. Read the rest of this entry »

How To Break Web Software – A look at security vulnerabilities in web software
Google engEDU
1 hr 27 min – Apr 13, 2006

Google TechTalks
April 13, 2006

Mike Andrews

Mike Andrews is a senior consultant who specializes in software security and leads the web application security assessments and Ultimate Web Hacking classes for Foundstone.

ABSTRACT
It all started out as a place to share physics documents, but has grown into potentially mankind’s largest and most complex creation. The World Wide Web is a lot of things – a soapbox for everyone, a giant shopping mall, an application platform, and unfortunately a hacker’s playground.

As more applications get "web-ified" moving from the desktop or legacy systems onto the web, attackers follow the vulnerabilities. Without sophisticated tools or "1337 5×1llz", web applications are now the most attacked technology, with the majority of attacks categorized as "easily exploitable".

So, before your application is placed out into one of the most hostile environments, how do you stop your software from being "0wn3d" by the 14 year old in their blacked-out bedroom, or being used by a Russian crime cartel?

In this TechTalk, Mike Andrews will look at how web applications are attacked, walk through a testing framework for evaluating the security of an application and take some deep-dives into a few interesting and common vulnerabilities and how they can be exploited. Read the rest of this entry »