神刀安全网

10x or not: You’ve got to do things right

You must have heard about 10x programmers. If not, here’s a little introduction from Sean Cassidy

10x developers are quasi-mythical programmers whose ability to design complex systems and hammer out production-ready code is legendary. Their impact on their project or team is felt for years after they stop contributing, and their contributions don’t stop there.

This concept, myth, or whatever you choose to call it, has existed for years. And yes, there are people who are able to think ahead, solve complex problems and get a lot of stuff done. It is a good thing to have such person on your team, you can be pretty sure that stuff will be done no matter what. But problem begins when you have imposters or even worse, jerks posing as 10x people. They may be pretty good in programming and get through interviews easily, but that’s not everything that is required to be a 10x high performer. There are far more soft skills, motivation and determination required. Now, people may be posing intentionally or unintentionally — but that doesn’t matter. After all you are stuck with someone who is not as good as you think. The rush to recruit 10x people has made this worse. Here is another quote from this widely shared article: The quiet crisis unfolding in software development .

Odds are far better than good that your high performers are achieving what appears to be high levels of productivity by building technical debt into the application by taking shortcuts whether intentionally or unintentionally.

When you factor in code debt and the frustration of other so called 1x people fixing the debt, the high performers suddenly seem to be a burden to the whole team. Such situations are far more common than you think, here is another angle to the 10x thinking .

This makes me think, isn’t it better to have existing people do well, and probably become 2x or 3x. If you have a 5 member team, instead of depending on a 10x person to come and fix all your worries, if you could make your current team 2x or 3x, you already have an advantage! But how do you do that?

You do that with your culture . You create a no shaming environment so developers in your team are comfortable discussing their shortcomings with their peers. You create a culture where people are eager to have their code reviewed from peers and are not afraid/ashamed of constructive feedback. You create a culture to value and reward substance over noise.

I can go on and on here, but the point is until and unless you have an inclusive environment where everyone feels important and their contributions however small are recognized — you’re at risk of bringing your existing 2x,3x,5x, or 10x people to 0.5x or lower!

How can software help

While this whole 10x or not thing is more of a thought process and mindset problem, software can help a tiny bit in making your processes aligned to ideal environment where code debt is not taken lightly. Enter Linters. Wikipedia says

Generically, lint or a linter is any tool that flags suspicious usage in software written in any computer language. The term lint-like behavior is sometimes applied to the process of flagging suspicious language usage. Lint-like tools generally perform static analysis of source code.

Linters can sniff out issues from your code with minimal human intervention. But, they can’t replace manual code review because complex stuff needs human eyes — at least for now. So you can think of Linters as your first line of defense against spaghetti code.

Here are few open source and free Linters for some of the popular programming languages:

PMD

PMD is a source code analyzer. It can find common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. Additionally, PMD also includes a copy-paste-detector aka CPD. CPD finds duplicated code in Java, C, C++, C#, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Ruby, Scala, Objective C, Matlab, Python, Go, Swift. PMD also has plugins for IDEs like Eclipse, NetBeans, JDeveloper, etc.

Languages supported : Java, JavaScript, PLSQL, Apache Velocity, XML, XSL.

Project Link : https://pmd.github.io/

License : BSD-Style. Read full text here .

Bandit

This is a project from renowned OpenStack security team. It is designed to find common security issues in Python code by processing each file. Bandit builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Languages supported : Python.

Project Link : https://github.com/openstack/bandit

License : Apache license .

Go Meta Linter

Go Meta is a tool to run some of the very common tools for statically checking Go source for errors and warnings. That basically means, with Go Meta, you can run a bunch of Go linters at once.

Languages supported : Golang.

Project Link : https://github.com/alecthomas/gometalinter

License : Not specified .

CSSLint

CSSLint is a tool to help point out problems with your CSS code. It does basic syntax checking as well as applying a set of rules to the code that look for problematic patterns or signs of inefficiency. The rules are all pluggable, so you can easily write your own or omit ones you don’t want.

Languages supported : CSS.

Project Link : https://github.com/CSSLint/csslint

License : https://github.com/CSSLint/csslint/blob/master/LICENSE .

NSP

Node Security helps you keep your node applications secure. With Node Security you can make use of the CLI tool to help identify known vulnerabilities in your projects.

Languages supported : NodeJS, JavaScript.

Project Link : https://github.com/nodesecurity/nsp

License : Apache license .

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 10x or not: You’ve got to do things right

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址