Category: Technology

Code Review | Foolproof Your Software Quality

Posted on by galaxy-admin

Code reviews can be tedious and if the code is somebody else’s then some frustration is justified. However, code reviews do save a lot of time and keep breaking errors in check.

Based on the scale of your project you can either go with peer review or with group review. When you’re confident about your code and are in a time crunch, you can choose to get your colleague to review your code. This way, you get an error-free code that can be pushed for production. On the other hand, if the project scale and team size are larger, you can opt for a group review. Let’s explore both these options –

What is a Peer Code Review?

Simply put, when you ask one of your teammates to see if there are any mistakes or areas of improvement in your code.

The Process

Typically, when the code is complete and ready for review, the developer creates a request to get it reviewed and forward it for release once approved. The assigned reviewers then approve or reject the pull request depending on the quality of the code. If approved, it implies that the code is ready to be merged in the release branch. Just to an additional layer of assurance

To ensure the highest code quality and keep a check on code churn, practice heads like development lead and engineering head are also added default reviewers. They are notified via emails about the requests along with developers that are doing the review. These reviews are dynamic and are done as and when the pull requests are created.

What to Look for During the Review

Even though there are multiple sets of eyes involved, there’s a lot that can still go wrong with peer reviews, if not taken seriously. Blanket approvals will only set you back further. Different teammates might have different standards of code quality, in that case, a checklist can help people align.

Peer-review Checklist 

peer-review-code

This checklist can help the reviewers prioritize what matters and find out defects before the code goes for production.

What is a Team Code Review?

It’s like peer review but more people are brought in for this and review the code as a group. The motive here is to bring different sets of people with different expertise onboard to test the overall feasibility of the code. Think Developers, Testers, Architects, and Managers gathering weekly for code review.

The Process

Since a lot many people are involved in a group review, it calls for a slightly different approach than the one used in peer review.

  • The developer presents the user story to the entire team.
  • Review of the design as per the user story implementation.
  • Then the code is discussed and reviewed by the review group.
  • Test cases are compared with the business rules implemented in a user story.
  • Code walkthrough is done to get the logic across to every individual, sanitizing the code in the process
  • SQE group presents the test cases based on the user story.
  • Database dependencies like table schema, initial data scripts, data upgrade scripts are then reviewed by the DB team.
  • The Release Engineering team is then brought in to discuss and review the dependencies on the deployment scripts.
  • The performance team then gets inputs and benchmarks performance for the user story.

Who looks for what during these reviews?

Developers will use other stories as a basis and compare from a coding perspective to see if there are any dependencies.

Testers will look for business rules that are part of the test cases and try to circle out the ones that are not if implemented.

The architect ensures that everything is as planned and according to the initial blueprint. And if all the design principles and best practices are employed to ensure software quality.

Teams like Database, Release Engineering, and Performance Engineering will look for dependencies in their area of expertise.

Why Team Code Review

  • It helps break the practice and mentality of working in silos which prevents interaction across teams.
  • It’s easier to spot errors with multiple eyes on your code
  • Testers help identify functional gaps before it’s too late
  • The architect will keep shortcuts in check
  • The shared services team will get inputs for executing the corresponding steps in their area of expertise.

Code reviews can seem like a marginal change to your process but the results are quite significant. One of the most overseen benefits of these group code reviews is to bring teams together. And when they are working as a whole instead of domain-made silos, great products emerge. It also serves as a learning opportunity for a lot of people. People who come from different domains and junior resources are just starting.

And of course, this bi-directional learning process will help keep your code symmetrical across systems while keeping it maintainable, scalable, readable, and of the best quality.

About Galaxy Weblinks

We specialize in delivering end-to-end software design & development services and have hands-on experience with large, medium, and startup business development requirements. Our engineers also help in improving security, reliability, and features to make sure your business application scale and remains secure.

7 Best Practices For React Security

Posted on by galaxy-admin

React is undoubtedly one of the most popular JS libraries to build applications. It is also one of the most actively developed libraries which means instant bug fixes and security patches. React has many advantages, but may fall susceptible to security threats. Here are a few recommendations that we share based on our vast experience of working with this technology.

(Know more about our proficiency in Front-end Technologies)

Cross-site scripts and URL injections are some of the most common and serious attacks that affect applications in general. These vulnerabilities are targeted to steal sensitive user data and capture user input to steal credentials and card information.

We have made a list of some best practices that will help you enhance the security of React applications. Do have a look!

Protection against XSS

Your application may have some vulnerabilities that hackers can exploit and insert data in your code that your app treats as part of the code. This in turn gives the attacker the access to make requests to the server and even captures user inputs to steal sensitive credentials.

The injection might look like this:

Code!<script>alert(“malicious code”)</script>

Here’s what the same thing looks like with some protection against XSS:

Code!&lt;script&gt;alert(“malicious code”)&lt;/script&gt;

&lt; and &lt; being interpreted as < and >, the browser won’t confuse the data for code.

You can also use:

  • Using the createElement() API.
  • Using JSX auto escape feature.
  • Using dangerouslySetInnerHTML to set HTML directly from React instead of using the error-prone innerHTML.

Adding End-to-End Encryption

Almost every real-time communication application that you’re using comes with End-to-End encryption as standard.

End-to-end encryption means that nobody else other than the parties involved can read the messages. It’s made possible by encryption technology that ensures that the message is encrypted just as it leaves the sender and can only be read once it reaches the intended receiver.

To get E2E in your React application you have to rely on a vendor that provides the tools and kits to ensure secure encryption. Virgil for example is a vendor that provides a platform and JavaScript SDK to create, store, and offer robust E2E secure encryption via public/private key technology.

HTTP Authentication

There are several ways to make authentication secure in your application. Pay special attention to the client-side authentication and authorization because typically they’re ones subject to security flaws.

You can use one of these to ensure your application safety

JSON Web Token (JWT)

  • Move your tokens from localstorage to an HTTP cookie since it’s fairly easy to extract from local storage.
  • Keep, sign, and verify the secret keys in the backend
  • Avoid decoding the token on the client-side and ensure that the payload is small.
  • HTTPS over HTTP under any circumstances

Other methods:

  • OAuth
  • AuthO
  • React Router
  • PassportJs

Rendering HTML

You should always sanitize dynamic values that you assign to dangerouslySetInnerHTML. The recommended sanitizer to use is DOMPurify.

Import purify from “dompurify”;

<div dangerouslySetInnerHTML={{ __html:purify.sanitize(data) }} />

DDoS prevention

Denial of service happens when the app is not secure or it’s unsuccessful in masking the IPs of services. As a result, some services stop because they can’t interact with the server.

One way to deal with these issues is to just limit the number of requests to a given IP from a specific source.

Or you can always- 

  • Add app-level restrictions to the API.
  • Make calls on the server and NOT on the client-side.
  • Add some tests to secure the app layer.

Keep Your Dependencies Updated

There are a lot of third-party dependencies that you use that are patched regularly for security reasons. They can prove to be risky if not updated.

Update your dependencies regularly via security patches and ensure that you leave no backdoor vulnerable for attacks. Try using npm-check-updates to discover dependencies that are out of date. And update if needed to ensure that you’re covered.

Keep An Eye On Library Code

Third-party libraries. Useful? Yes. Risky? A little.

These libraries, modules, or APIs in most cases will help you fast track your development but sometimes they might take your application down with their flaws.

That shouldn’t stop you from using some great third-party offerings. Just a word of caution though, ensure that you are aware of the vulnerabilities, their scale, and workarounds.

And lastly, keep them updated and patch the old ones, just to make your application airtight.

We hope that you find these practices useful and employ some or all to keep your React applications secure and in shape. Do let us know if you’re struggling with some enterprise-wide dependable implementation, we are here to lend a hand. Get in touch with us here.

5 Tools For Efficiently Managing Technical Debt

Posted on by galaxy-admin

In our previous article, we talked about what is technical debt and how one strikes a balance between juggling code quality and its timely delivery. In this new blog, we have come up with a list of tools that will help you and your developers for assessing and acting on the analysis of your technical debt.

Let’s see what the tools are.

SonarQube

SonarQube, early known as Sonar, is an open-source platform that assists developers in improving their code quality. It comes with two customizable dashboards, called Global and Project. This makes it very clean as you can add or remove widgets as per your requirement. It supports more than 20 programming languages.

Widgets provide information like the number of days required (in terms of human resource) to fix code base issues, your technical debt ratio, technical debt pyramid, and many more details. All this makes your developer and QA testers’ life a bit easier and helps in keeping the reins of technical debt in check.

Bliss

Bliss focuses on your coding and testing quality. It’s a dashboard that uses numerous static analyzers for any reported flags and consolidates the said data for your team. Bliss helps in understanding the origin of how your technical debt accumulated over some time to a certain extent.

Integration with code repositories like Github, BitBucket keeps you informed on how your team code is and helps you understand what can be changed.

SQUORE

Squore is a commercial tool, but the setup is pretty easy. Squore is split into two sections, on the left are the projects, artifacts, and technical debt indicators, on the right, are various widgets.

It considers four factors for calculating technical debt. This includes efficiency, portability, maintainability, and reliability. When there is a violation detected in code, it’s added to the indicators and goes in the subset of that particular indicator as well.

You will also be able to see the distribution of your technical debt across functions, making it easier for your team to prioritize their tasks.

Teamscale

Yet another commercial tool Teamscale helps in assessing and controlling your code quality. It promotes transparency among your team members via clone detection for any redundancies in your code, unwanted dependencies with the help of architecture conformance analysis, and bug detection.

It is compatible with all major languages and version control systems. Using an incremental analysis engine delivers speedy feedback and sheds light on the root causes for potential issues. You will also get various IDE options, like plugins for Eclipse, NetBeans, IntelliJ, and Visual Studio.

Kiuwan

Kiuwan is a SaaS-based commercial solution for code quality management. It has plans which offer static analysis, duplicate code detection, technical debt computation, what-if analysis, and possible solution road maps. This all is presented in user-friendly and customizable dashboards.

The dashboard is very easy to understand. On the left side of the dashboard, you will find a list of your analyzed projects and on the right, there will be quality analysis information. Kiuwan uses the “Checking Quality Model” which consists of five indicators, maintainability, reliability, portability, efficiency, and security for assessing your projects. And with this, there is a risk index and efforts to target the index as well.

All the tools mentioned above have been here for quite some time but unless you consider your resources and prospects, picking one will be difficult. But as the experts say, you can not go debt-free ever, neither debt is negative in every scenario. You need to strike a balance between timely code delivery and least compromise on quality ensuring that your technical debt never boomerangs back on you.

You can get in touch with us for any technical debt issues and maintaining manageable levels of the same, we are just a click away.

Managing And Minimizing Your Technical Debt

Posted on by galaxy-admin

Technical Debt – also known as Code Debt, Design Debt, or Tech Debt is often the byproduct of speedy deliveries of the software.

There are times when the project manager has to make a strategic choice between speedier delivery and code quality. There may be scenarios where along with a tight deadline, you stumble across some new bugs or want to add on some interesting features in your product. The project managers may choose to opt for shortcuts and temporary fixes to speed-up the deliveries and come back to the bugs after the release. This leads to technical debt.

Technical debt is inevitable as software design and development decisions are also driven by business goals and deadlines. However, like other debts, it has to be paid off within a certain period to avoid defaults and even complete rework. We have also covered some tools that will make the payoff and technical debt management easier.

A Technical Debt leaves you with two options, either fix everything wrong in the code and miss the deadline or fix only what’s necessary and come back to the rest on a later date (without fail). However, many fail to do so, subsequently adding to the existing debt, which is even worse. So how to deal with it?

Let’s learn more about Technical Debt, its relation to software quality, and where to draw the line.

So, when is Technical Debt unavoidable?

  • When another high-priority feature/ functionality needs to be attended because of a high opportunity cost.
  • You are on a mission to get your product tested with your real users and can not miss the launch deadline. This implies you choose to go-live with a working product over a ‘flawless code’.

When is technical debt beyond tolerance?

  • It’s hindering your user experience in numerous ways
  • There’s a mountain of older debt that was never attended to in the first place
  • It’s coming in the way of your product’s scalability and expansion plans
  • Technology and tools used are obsolete in the current scenario.

Is there a connection between Software quality and Technical debt?

The answer is a yes, but not necessarily in a negative way. If someone claims that their technical debt level is low, it can mean several things. They could have missed many deadlines, deployed more resources (in terms of employees, efforts, and time) than required, or even went down the rabbit hole of over-engineering.

And the opposite can also be true. The answer varies from person to person. Finding the right balance isn’t easy, but one can always strive for it.

Managing your technical debt efficiently

As discussed above, there is a good and bad side to everything, technical debt included. A perfect, error-free code is never a possibility. There will always be some small bug, patchwork done to meet deadlines.

However, technical debt should not be the culprit behind sleepless nights. Here is how we manage it for our clients:

  • Schedule regular clean-ups that go to the root of your technical debt. This means that you will have a spare more than a day regularly to keep your product’s technical debt within manageable limits.
  • Make sure that any shortcuts, omitted code lines, or such trade-offs decisions are taken in your development stage are documented in a single and accessible place. Also, it must be recorded in a way that every team member can understand it and don’t end up wasting time in decoding the documents themselves.
  • Inform stakeholders about your present technical debt levels. This will ensure that there is no surprise sprung on them when certain deadlines are missed.
  • Implement automated unit tests during development stages. This will provide faster feedback and lead to quicker iteration cycles.
  • Be on the lookout for newer technologies and possible industry disruptors. This will help you in anticipating the current relevance of the technologies deployed in your product. Also, when finalizing the tech stack of your products, ensure that the tools and technologies selected will be around for a long time and have active communities.
  • If possible, have a dedicated team (can be a small one) exclusive for managing technical debt. Unanimously decide on the permissible level of technical debt with this team. And keep them involved in your development and testing process.
  • This is specific to legacy codes. Factor in the relevance, time and efforts required, possible delays, testing, and team capabilities before you deep dive into it.

Leaving behind loads of technical debt is no wise decision. In the future, your team will dread going back to it, or even think of rewriting the entire code. But it is complementary to quicker iterations and release cycles. So ensure that you follow through with technical debt reviews regularly.

Feel free to get in touch with us here for any discussions on this or newer projects. We are always up for challenges and unique ideas!

About Galaxy Weblinks

We specialize in delivering end-to-end software design & development services. Our engineers also help in improving security, reliability, and features to make sure your business application scale and remains secure. Get in touch with us here.

Google Analytics 4 | The Vital Updates That You Need To Know

Posted on by galaxy-admin

A lot is happening at Google, particularly on the analytics front with the new GA4 version. Apart from some practical UI choices, this Google Analytics update has made some much-needed amendments for user privacy, as well. A long-awaited successor to Universal Analytics, let us explore what this version has in store for all of us.

Web and Mobile analytics combined

GA4 will combine your web and mobile numbers for you. Your marketing team will be able to leverage this for their campaign results. And as a brand, you will be able to assess your user behavior across platforms in a single place. All this is possible because Firebase Analytics is now deployed in the backend by Google.

Increased focus on user privacy 

GA4 will not rely on tracking pixels (cookies). Instead, it will cash in on Google Signals and machine learning for the assessment of user behavior.

Changes in reporting and UI 

UI changes are visible in this update. Reporting categorization has changed, like the early Audience, Acquisition, Behavior, and Conversions groupings are replaced with Engagement, Retention, and Analysis. What remains unchanged is that data visualization is on the right and report selectors are on the left.

You will also find an ‘Analysis Hub’ that will assist in creating reports with ease. The region, device used, device model, user resource, age, language preferences, etc all can be seen in a single place under user properties. These changes reflect that shortly, your users and their experience is all that matters.

Enhanced Built-in event tracking capabilities 

This upgrade is all about tracking and measuring real time conversions. It includes page scrolls, video engagement, outbound link clicks, etc. Via this, you will be able to engage with your users right from the beginning and grab their attention for a longer duration.

This reporting is a major shift and focuses on event based tracking as opposed to session based tracking in Universal Analytics. Additionally, you do not need additional code for all this or even setting up event tracking in Google Tag Manager.

AI powered predictions 

GA4 will leverage AI and machine learning for predicting trends and decoding patterns in customer centric data. Marketers can benefit from this data in various ways, like seeing the surge in demands in a particular product, potential revenue and churn rate estimates, and plan their marketing campaigns accordingly.

Greater flexibility

GA4 enabled the option to create custom reports as per their requirements. Pre-made reports are a thing of the past now. You will see only the data relevant to your business and a clean dashboard that is also easy to get a hold of.

Some more noteworthy updates 

  • There is no bar on the volume of data that you send to the GA4 property but there is a limitation on the number of unique events that you can use.
  • Free BigQuery export for all (free version included) and you can access raw data and even run SQL queries.
  • Cohort analysis will help in grouping your users with specific common characteristics, say the average time spent on your app/ website or users who signed up for your newsletter, etc.
  • The bounce rate has now been replaced with the engagement rate. And many other new engagement metrics are seen like engagement time, engaged sessions per user, etc.
  • You will find debugging in the reporting interface itself.
  • You can also find total unique users from various platforms in the reporting view present in the GA property report.

The GA4 train is all set to jump into the future. It’s best to get on board as early as possible as  Google has ensured that the updates are done in anticipation of the future user needs. If you need someone to do the migration for you or handle analytics for you in the future, do get in touch with us.

About us 

We, at Galaxy Weblinks, are all for new ideas and experiments. We believe that being up-to-date in this fast-paced world gives us adequate time to explore and implement new changes. Our analytics team is proficient in building apps that are well aligned to our client’s and platform requirements. Contact us for a free consultation!

DevOps For Enhanced Business Growth

Posted on by galaxy-admin

DevOps has been around for a good number of years now. Thanks to the promise of streamlined business and growth operations, it has gained a lot of popularity as well. However, many organizations when faced with numerous implementation challenges, are unable to make a complete transition.

Everyone needs to up their game to thrive in such a highly competitive business world. DevOps will help you in fulfilling many customer expectations like:

  • Prompt bug fixes
  • Fast release of new features and functionalities
  • Responsive feedback system
  • Storage of customer data and its safekeeping

So let’s see how you can leverage DevOps to minimize implementation challenges and provide an enhanced user experience.

Continuous Iteration and Continuous Delivery

The essential rule here is to keep iterating the code numerous times for removing any errors and bugs. CI and CD help you in getting real-time feedback from your website and iterate accordingly. When your program code is entered into a repository, it will be assembled and tested (more on this below) before it goes live. This will create a streamlined CI/CD pipeline, assisting you in numerous ways.

  • Less number of bugs reach your production cycle and QA engineers
  • Iterative deployments cycles will help in releasing new features quickly
  • You are at a lesser risk of causing high disruption as the changes are done in smaller batches
  • Deployments are automated hence your time, especially in the smaller iteration done

Automated Testing

When customers see the 404 error, they may never return to your website. Automated testing can help you avoid such situations. It works on predefined conditions and removes any new bugs that may hamper your user experience. You will benefit in the following areas:

  • The system detects errors before they snowball into bigger problems and fix them with minimum human interventions
  • The right QA tools will decrease the possibility of human errors
  • Your teams can focus on building new test suites and kits

Cultural Shift

DevOps integrated with Agile methodology will result in a lot of changes within your organization. DevOps is driven by a responsible, responsive, and collaborative approach to change.

Automation in processes and tools will lead to a learning environment. Developers, designers, and testers should come together to solve issues before it hampers the user experience. There needs to be a balance among organizational, technology, and innovation goals. Developers and QA engineers can collaborate to create products that end-users demand.

Security 

Any misuse of your user’s data can cost you dearly. DevOps helps you build a secure website so that you can collect, process, and secure your customer’s sensitive data like personal information, payment modes, and banking data. All this can be ensured via:

  • Server updates to be automated
  • SSL/ TLS configurations to be done correctly
  • Code vulnerabilities especially from a security point of view to be checked regularly
  • 2-FA for an added level of security
  • Data encryption
  • Source control
  • Restriction on data access

All the points above are an integral part of DevOps. Its implementation will build a more secure environment for your customers. Given below are a few questions that we encourage our clients to think about before they go in for a complete change.

  • Is your current setup ready to handle faster updates and features?
  • How much transparency and visibility is there throughout your SDLC?
  • With no new cost, can your current infrastructure generate more revenue?
  • How receptive is your team for new changes and an everlasting optimization process?
  • Which processes are you ready to automate right away and the ones in near future?
  • In the current setup, how are you planning on increasing the stability and performance of your business?
  • How much financial liberty is available for future expansion plans?

All these questions are pretty intense but so will be the transformation that you wish to take on. Agile and DevOps go hand in hand. If you have any doubts or need to talk to a DevOps expert, contact us here and we will be happy to help you.

How To Build An Easily Maintainable Application

Posted on by galaxy-admin

Among the many operational challenges, businesses continually face the question of how much time and money they should allocate to application maintenance.

A robust and high-performing application delivers expected business functions with rare instances of manual intervention. If you can succeed in building such an application, you have with you the very coveted almost-zero maintenance app.

However, the drive toward zero-maintenance has its own set of drawbacks. By over-optimizing the applications, the software development process may become “less friendly” to the business. You may face issues such as increasing budgets for future-proofing the solutions, unwillingness to accommodate “unrealistic timelines,” denying complex changes, etc.

End-to-end optimization may be theoretically attainable, but from an ROI perspective, the cost of achieving it may not be justifiable. Zero maintenance, as an objective, may not be easy to achieve. On the other hand, as an initiative, it can be a driver for delivery improvements. In sync with the best practices to build easily maintainable applications right from the initial stage of the development lifecycle, you can expect transformational results.

In this article, we will help you understand the significance of software applications maintenance, just like the maintenance of any other business asset. We’ll also cover the best practices to build an easily maintainable web application.

Why should application maintenance be more of a thing?

Your system’s specifications will change from time to time. They are much more likely to be in constant flux: you learn new facts, business priorities change, architectural changes due to system growth, old platforms replacements, users request new features, legal or regulatory requirements change, previously unexpected use cases, etc. Complying with new regulations, altering a particular table, upgrading to a newer release, interfacing with a different OS, or porting an application to a new server – all necessitate application maintenance.

By ensuring high maintainability practices in your software development, you will be able to:

  • Fix issues or add new features without introducing new bugs.
  • Improve performance or other attributes.
  • Adapt to a changing environment efficiently.
  • On-board new developers quickly.
  • Have a minimal impact on other components because of change to one component.
  • Establish test criteria effectively and efficiently.

Best practices to build an easily maintainable application

Eliminate Dependencies To Clear Technical Debt

Technical debt piles up as we add more and more code, by nature. If the imported code gets updated by the owner, then that code needs to be updated in the programs that use it as well. So, the tech debt that you incur is all the code that you borrow, and all the code they borrowed from, and so on.

Refactoring has made life easier as we started to understand the development processes. For example, rewriting some business logic or it could be switching to different frameworks, etc. You can pick a small chunk of tech debt in every sprint so that you don’t have to suddenly stop taking new features, and clear tech debt.

Adopt Test Driven Development

We all know that the development process is not complete if you haven’t tested your code. No doubt, writing tests might seem like extra work in the beginning. However, you will notice values of test cases when you are about to commit buggy code, only to find out that one of the test cases has failed. Test cases help to make sure that the new piece of code isn’t breaking any available functionality.

But tests become part of the maintenance overhead of a project. Badly written tests are expensive to maintain. For example, ones that include hard-coded error strings, are themselves prone to failure. It is possible to write tests for low and easy maintenance under the guidance of the right TDD team, for example by the reuse of error strings, and this should be a goal during code refactoring.

Balance Modularization And Re-Usability

A modularized solution with reusable components is one of the best practices to design a maintainable solution. Adopting modularization of every single feature and highly reusable components will require expert developers, which may increase the cost. But, these aspects will be significant in the long run due to the decreased cost of flexibility to make changes and maintenance. Every developer must still consider these aspects while writing code, irrespective of the fact that most of these aspects can be handled by using a good framework.

Incorporate Automation

Automation is the crucial part of every app development because it speeds up the delivery of products, simplifies developers’ workflow, and requires the use of fewer tools. There are two ways you can do that by making code testing a shared responsibility. Quality assurance (QA) and developers share the same goal in the SDLC: delivering a quality product on time and on/under budget. To ensure cooperation and alignment towards this goal, developers should share the responsibility of quality testing or can use required automation tools for visual QA as well. Every module must include meaningful regression, functional, and unit tests.

Following the agile methodology, all members of our team (including development and QA) are responsible for testing code. The build is then thoroughly tested including unit and integration testing via a CI process, and then reaches the QA department for black-box testing. it has already been thoroughly tested. Load tests are applied to make sure that undesirable situations are caught.

Create API And Method-Level Documentation

It is far better to not rely on inline comments to explain the logic and write self-documenting code. Although, this does not mean you should adopt zero documentation. This is especially needed when working with multiple teams or when developing an extensible application or consumable library. Because zero documentation leads to poor code readability and hard maintenance for other team members. For example, the public API should be documented precisely, describing the functionality, outputs, and inputs. This enables API users to understand and use the available functionality.

Conclusion

The zero-maintenance journey can be effective only if adopted holistically:

  • From the initiation stage, always involve key stakeholders cutting across multiple IT layers, to derive synergic benefits.
  • Look for improvements in key focus areas such as infrastructure, tools, services, operating models, and processes.

Your task is not over even after you’ve leveraged mobile/web app maintenance. Application maintenance requires frequent attention as it is not a mere one-time task. You would need to continue to monitor it to stay ahead of your competitors or have a competitive advantage over them. Regular monitoring will keep your app/system bug-free and will ensure an efficient and seamless user experience.

About Galaxy Weblinks

We specialize in delivering end-to-end software design & development services and have hands-on experience with automation testing in agile development environments. Our engineers, QA analysts, and developers help improve security, reliability, and features to make sure your business application and IT structure scale and remain secure.

10 VS Code Shortcuts To Code Faster In 2021

Posted on by galaxy-admin

VS Code is loaded with lots of features by default that makes it powerful, even without the themes and extensions.

However, even experienced developers may not be aware of these useful features. Not everyone has the time to explore every tip and trick to find the ones that help them code faster. With each new update of VS Code, new features are introduced that often remain unexplored.

Here we’ve listed the 10 most useful VS Code tricks that can help you code faster this year.

1. Multi cursor selection

Defining multiple cursors helps in editing a document in more places simultaneously. Multi-cursor mode can be used for column-mode editing. You can place as many cursors in as many places as you want in a single editor view. You can continue editing once you have your cursors placed, and all operations will be implemented to all cursors at the same time.

To set cursors above or below the current position use Ctrl+Alt+Up or Ctrl+Alt+Down. To add cursors at arbitrary positions, select a position with your mouse and use Alt+Click. You can add additional cursors to all events of the current selection with Ctrl+Shift+L. To go back to a single cursor, just hit the Escape key.

2. Open/Close terminal with one hand

It is convenient to have a pop-open terminal window in VS Code. No need to switch out to another application window to deal with the terminal. It’s also readily accessible by pressing Ctrl + (the backtick key).

What’s nice about this feature is that the shortcut is a one-hand operation, so you can open or shut the window without touching the mouse.

3. Type to find any command

From Command Palette, you have access to all of the functionality of VS Code, including keyboard shortcuts for the most common operations and any registered command, or those provided by add-ons. Press Ctrl-Shift-P and start typing.

Further, if there’s a key binding related to a given command, it’s available in the type-to-search drop-down list. So that you can cut straight to the key shortcut in the future.

4. Open the new editor window to the side

Sometimes we want to open the definition to the side so that we can use “Command + Option + Click.”

5. Github pull requests and issues 

If you are working with Github, you can install Github pull requests and issues extension to search for any project and clone a repository to the editor itself. This saves you time to go directly to github and bring it to your terminal.

6. Source Code Navigation

When we read codes or after reading the definition, we often need to jump from the source code to their definition. Here you can use the following shortcut keys to complete the source code navigation.

Go to Definition: F12

Go back: Control + –

Go Forward: Control + Shift + –

You can also use F12 to continuously jump between different definitions. When you want to go back to continue coding, you can use “ control + -” to go back, but the efficiency of doing so is too low. At this time, you can go back to coding with only one step i.e. by using the command “Go to Last Edit Location.”

7. Grid Editor Layout

Editor groups are placed in vertical columns, by default (for example, when you split an editor to open it to the side). You can easily place editor groups in any layout you like, both vertically and horizontally:

You can create empty editor groups, to support flexible layouts. There are also a predefined set of editor layouts in the new View > Editor Layout menu:

8. Code Folding

Code folding is required when the file size is big and you just want to get an overall understanding of the code.

1. To fold the innermost uncollapsed region at the cursor:

On Mac: Command+ Option + [

On Ubuntu/Windows: Ctrl + Shift + [

2. Unfold will re-open the collapsed region at the cursor:

On Mac: Command+ Option + ]

On Ubuntu/Windows: Ctrl + Shift + ]

9. See Visual Studio Code’s internal process list

Similar to any other task manager in every OS, VS Code has its own internal Process Explorer that lets you see a list of all the current subprocesses running inside the code editor. You can see every externally spawned process, extension, window, and so on. For each process, Process Explorer displays the memory usage, the CPU, and process ID.

Search for “Process Explorer” in the command palette or just select “Open Process Explorer” from the Help menu to open Process Explorer. You can right-click on a process to kill it or copy its information.

10. Remote Development

Since remote development has become the norm for developers, many have started using remote development extension packs. This comes with remote wsl, containers, and ssh, or you can separately search for an extension that lets you work inside the browser, also known as VS Codespaces.

It is split into two components – the UI component which would run on the local machine and another one is the server component, which would let you run, edit and debug your code on the remote machine. The VS Code server can run anywhere, and the remote extension will help you communicate b/w VS Code and the server.

This helps avoid having huge mono repositories, where devs would connect to a huge vm and nothing would be available on their local machine so that they can deploy changes and fixes.

Give It A Shot!

Now that you are armed with the useful productivity tricks, go ahead and give it a try. Once you get the hang of all these shortcuts, you will wonder how you survived without them. You may even blow the minds of some of your Emacs or Vim friends or co-workers with your efficient coding tricks!

Galaxy Weblinks

We specialize in delivering end-to-end software design & development services and have hands-on experience with large, medium, and startup business development requirements. Our engineers also help in improving security, reliability, and features to make sure your business application scale and remain secure.

Top 5 Python Frameworks To Opt For

Posted on by galaxy-admin

Building the backend for a web application or service?

It doesn’t matter if it’s simple or complex, there’s a Python framework that can address your needs. Choosing the right one can make tedious implementations like user management, data design, form submissions, and security, less of a headache.

If your project is simple you can opt for something implicit and minimal rather than explicit and complex. Whereas, if you’re working on a big project then you’d need all the firepower a framework can pack. Here are 5 Python backend frameworks that you might want to consider for the backend of your web application.

1. Django

Undoubtedly one of the most known and deployed frameworks, Django has been the go-to choice for enterprises for building web applications for years. With its 3 stable releases, Django has come far in terms of deployment speed. It is now equipped with the new asynchronous ASGI standard for Python web applications.

One of the reasons that Django is so popular is that it comes with batteries-included, meaning all the components that you’d need to develop a generic web application. For instance – user management features like tracking, sessions, passwords, and admin permissions, etc. are common to most web applications. Django provides these features natively.

From a safety POV, Django has some practical defaults to prevent attacks and cross-site scripting issues. While placing a variable in a page template, such as a string with HTML or JavaScript, the contents are not rendered literally unless marked safe.

This Python framework sure is powerful but it comes at the cost of unnecessary complexity; even simpler applications need a lot of configuring to install and run. Django applications are heavy and come with many moving parts. Django is monolithic, meaning apps are chunky and tightly coupled, so everything gets deployed together.

2. CubicWeb

CubicWeb is an object-oriented semantic web app framework. It uses reusable building blocks of code called “cubes”. Cubes are made up of a schema, logic, and views. These components can be utilized as in any other modular framework, each having its function. It lets you build apps by reusing your code and of others.

It’s a powerful Python framework featuring the fundamental building blocks of a modern web application. In CubicWeb, you set up and manage instances with a command-line tool and its built-in templates let you generate HTML output conveniently.

Since CubicWeb doesn’t support the native async functionality some workarounds are required. One of which is to use the cubicweb-worker cube to perform tasks asynchronously. Moreover, it also comes with a lot of dependencies which translates to a daunting list of manual tweaking on the local environment. You can use pip install instead to get them all in one go or you could also use a Docker container to set up shop.

The CubicWeb development has been slow and is not the most promising but it still powers some of the large-scale semantic web and linked open data applications.

3. Web2py

Inspired by the simplicity of Rails, Professor Massimo di Pierro created a simple and easy to set up framework called Web2py. It’s a scalable, open-source full-stack framework for Python which comes with its web-based development environment and features like Role-Based Access Control (RBAC), Database Abstraction Layer (DAL), and support for internationalization.

The data abstraction system in Web2py is a bit different from Django’s ORM, which uses Python classes to define models, whereas Web2py uses constructor functions like define_table to instantiate models.

Just like CubicWeb, Web2py doesn’t explicitly use Python’s Async functionality, but it makes up for it with a scheduler for handling long-running tasks.

4. Weppy

Looking at features like data layers and authentication, Weppy will remind you of Django. But when you look at the code it starts looking like Flask, with minimal instruction to get a basic single route setup ready.

Weppy is a lightweight framework and comes with convenience functions, which makes it great for building RESTful APIs. You just have to use @service on a route to get data that is automatically formatted in the format of your choices like JSON or XML. Though lightweight, it packs some big framework features sans the weight and complexity. Validation mechanisms, form handling, response caching, internationalization, and user validation among others are such features.

The not so complex ‘Just enough’ features come with some trade-offs. Weppy extensions try to make up for these trade-offs but unfortunately the list of official add-ons is not that long.

The upcoming Weppy 2.0 will support async and sockets as low-level first-class entities. Also, all the upcoming versions will require Python 3.7 and above to run.

5. Zope

In contrast to every framework mentioned in the list (except for Django) Zope is meant to be a full-blown, enterprise-grade application server stack. For templating, Zope uses a flexible Zope Page Templates (ZPT) system or a basic DTML markup system. While ZPT can be a powerful way to design templates but the syntax takes some getting used to.

While the complexity can be beneficial for enterprise-grade applications, when it comes to installation Zope can be a bit difficult. So much so that it also offers a specialized setup tool called zc.buildout for installation .

If there are no resource constraints and you can look past the unnecessarily complex setup then Zope might prove to be the best for a large undertaking.

One thing to note is that there is no direct support for Python’s async. However, Zope utilizes the zc.async package to distribute tasks across machines and synchronize them in a ZODB instance.

There are a host of choices to base your backend on. It boils down to how much functionality and freedom to tweak are you looking for? All of these frameworks offer something that makes it a unique offering. You just need to truly understand what your solution needs and your choice will be easy and best suited.

Galaxy Weblinks

With over a decade of experience in creating and delivering robust software design and development services, our developers know the backend technologies like the back of their hands. Galaxy has expertise in all major backend technologies, be it PHP, Java, Node, and Python. You can spell out your requirements and leave the rest to us. For more information, do visit us here.

What are the best practices to build a Mobile App?

Posted on by galaxy-admin

Turning your great mobile app idea into reality requires a significant amount of time, effort, and money. Mobile app development is a complex and long process that involves different tasks to get the final product. These tasks require decision-making and can be crucial to an efficient overall development process that not only has cost implications but also determines the overall success of your app.

This necessitated the need for a well-outlined app development process. In this article, we have compiled some of the key mobile app development best practices for developers.

Carrying out research and formulating a plan

Each app idea aims to solve a specific problem catering to the needs of its user base. So it is a crucial first step to –

  • Carry out thorough research to know your market
  • Understand the target audience
  • Identify the market gap
  • Research your competition, and differentiate your product offering.

Better research leads to a better product when it comes to app development. If you don’t invest your time in research, you will end up with a lot of iterations which would mean increased manhours and capital.

Choosing the right development platform and app type

Choosing the right platform for your application at an early stage is crucial since the iOS and Android app development processes are different from each other and take time to develop. It is important to choose the right app type (native, hybrid, or web apps). All these types have benefits and limitations, and the right selection is usually determined based on answers to these questions.

  • What is the objective of building your app?
  • What are the key features to be included in your app?
  • What is your budget to develop the app?
  • How quickly do you want to develop the app?
  • Are you more interested in building an MVP across different platforms?
  • Do you want to build it in-house or outsource?

Focusing on design and user experience (UX)

Design is the most important aspect that helps you build a connection between your users and your product.  A good design enhances usability, accessibility, and pleasure the user has while interacting with your app and ultimately your company. Before starting coding for the app development, the focus should be on carrying out a detailed design phase to create prototypes to check their effectiveness. If an app is built without a good UX and after spending huge amounts of time and money, the customers will not stick to the product. So a revamp after launch would be very expensive and brand-damaging in many cases.

Carrying out debugging and testing 

Debugging and testing are the most important parts of mobile app development best practices. Tests need to be carried out extensively to ensure that your app is running efficiently. These tests should run for different test scenarios and conditions to make sure the app is ready for the users.

Focusing on app security 

App security is crucial when it comes to customer data and sensitive user information. Many times developers ignore the security risks while developing the mobile app and thus allow vulnerabilities risking user information while collecting, using, and transferring such data. A developer should carefully implement best practices around privacy at all stages of the app’s life cycle. New privacy rules and policies are developing quickly and developers should be on top of these changes in regulation and policy matters as well as follow the app development rules and guidelines for the different operating systems (App store, Play store, etc).

Planning app updates post-launch

An app requires frequent updates and maintenance support post-launch to accommodate user feedback, feature enhancements, technology enhancements, privacy policies, operating system updates, etc. A good development team should plan for these updates timely to roll out bug fixes, minor changes, or features enhancements.

A few common mistakes during the app development process

We highlight below a few common mistakes that are mainly due to not following the best practices during the app development process.

  • Lack of research around the market, users, competitors, etc
  • Not addressing user requirements and incorporating user’s feedback
  • Focusing only on budget and not adhering to budget management
  • Poor design UI/UX
  • Overloading the app with complex features and functionalities that are not user friendly
  • Not creating an MVP and testing out different prototypes
  • Hiring a development team that does not follow best practices and are misaligned with the overall objective
  • Poor planning and communication during the app development process
  • Lack of maintenance activities and no timely updates of the app

Conclusion

Mobile app development is an ongoing process and it will continue to evolve over time and during the development process. Following these best practices during the app development process can help you avoid common mistakes that can prove to be expensive and damaging to the company’s brand. If you’ve any doubts related to mobile app development and if you need assistance developing one, then feel free to talk to us here.