tags:

views:

793

answers:

24
+19  Q: 

What "Never Events" for Software Development are there?

I read an interesting blog entry by K. Scott Allen regarding software development "Never Events". I thought this would be a good subject to bring up in this forum. For this particular question I would like to focus on the "Never Events" that are the most important to avoid in a software development project. Please answer with a single "Never Event" per answer so that we can see the most heinous events bubble to the top.

Never events must be

  1. Measurable
  2. Avoidable
  3. Have serous implications.
+1  A: 

"Let's get the prototype ready, the design document/UT can wait."

dirkgently  2009-03-01 11:24:18
I disagree. A prototype is often a much clearer way to communicate the design to a customer. If you spend a lot of effort on a document and then show the customer your prototype, the effort may be in vain. Of course it's important to write the documentation after the prototype is approved.
flodin  2009-03-01 15:23:32
A prototype is an embodiment of the principles you choose. But that's just me, I guess.
dirkgently  2009-03-01 15:25:15
The prototype may be a good way to quickly show something to the customer in requirements definition, but even the agile camp says you're supposed to throw it away. The problems is when prototype becomes production.
Bernard Dy  2009-03-01 15:28:35
Prototyping is ok. Prototyping without documentation is not.
Treb  2009-03-01 20:58:54
+8  A: 

Releasing something that has not gone through QA.

I most often see this happening when the development company has signed a contract to pay a substantial fine if the software is not delivered on time. Usually such contracts don't explicitly define the quality level or content of the deliverable, so the easiest way out is to deliver a complete mess without daring to consider the backlash.

flodin  2009-03-01 11:30:36
not a never - the risk may sometimes justify the early release, especially if the current system isn't working...
ShuggyCoUk  2009-03-01 12:50:07
If the current system isn't working, wouldn't that mean that you already broke the "never" already? Two wrongs doesn't make it right.
flodin  2009-03-01 15:14:12
no - even with all the will in the world prod systems will break. sometimes this is because someone else gave you incorrect information, something you have very little control over. I can think of several examples...
ShuggyCoUk  2009-03-01 17:08:42
@ShuggyCoUk: The risks are never justified, this shouldn't happen. Not ever.
Treb  2009-03-01 20:57:01
I've personally done this and gained several hundred thousand dollars of value for my company. This is not a *NEVER* and you should never try to work in finance you wouldn't last long.
ShuggyCoUk  2009-03-01 21:58:36
@ShuggyCoUk: You're right, it depends on the environment. I steer away from finance, you keep clear of the pharmaceutical industry ;-)
Treb  2009-03-02 09:26:42
+4  A: 

Work overnight to have a release the next day.

Aleris  2009-03-01 11:33:48
When you have a "sev 0" issue at a customer, this does happen. So unless your never event is "don't have any defects that could stop a customer", this isn't a never event.
Richard  2009-03-01 11:55:12
But it shouldn't happen. You may keep the deadline, but the risk of introducing severe bugs is rising exponentially. Not worth it.
Treb  2009-03-01 12:12:35
definitely not a never - clearly never worked in finance...
ShuggyCoUk  2009-03-01 12:51:08
It would be a never if we are talking scheduled releases...there are always going to be cicumstances the require emergency releases. Normally customers should be made aware that you're not going hit a scheduled release date well in advance and then the release date will change.
Michael Prewecki  2009-03-01 13:30:20
+23  A: 

This code isn't in source control

MrTelly  2009-03-01 11:39:39
+1 When I was on a conference call with a big name hardware manufacturer once we asked them what source control they were using for the drivers they were providing us, and they honestly said "A USB key".
Andrew Barrett  2009-03-01 12:04:35
+1  A: 

We could patch and release without testing if that would be quicker ...

MrTelly  2009-03-01 11:40:51
+12  A: 

Releasing code immediately before a business critical time, ie Christmas for retail, or exam time for education.

MrTelly  2009-03-01 11:42:46
+3  A: 

A client of a brokerage house should never log into the web site with their userid/password and see someone else's data.

Of course, this applies to a lot of other businesses, too.

Don Branson  2009-03-01 11:58:01
A:  
strcat(dst, src);
flodin  2009-03-01 12:00:12
That would mean that every error in your code is a 'never event', which does not fit into the concept outlined in the blog.
Treb  2009-03-01 12:05:55
an answer like this should never happen. ;)
Don Branson  2009-03-01 13:42:49
Why the downvote? This fits the blog post very well. This is measurable (can be found by a text search, and some compilers like Microsoft's issue already a warning for it), avoidable, and has potentially serious implications (buffer overruns).
oefe  2009-03-01 14:57:40
It's a simple bug. Certainly not 'most important to avoid in a software development project'.
Treb  2009-03-01 21:00:44
It's a potential security hole, not just a simple bug. And we're looking for a list of items, not the single most important one. I'd say buffer overruns are at least on the top 25 list of "most important to avoid in a software development project."
flodin  2009-03-02 06:21:36
+1  A: 

Using timestamps as a means of versioning .NET assemblies.

Michael Prewecki  2009-03-01 12:02:48
Why not? (For the record: I have never done that, I just would like an explanation ;-)
Treb  2009-03-01 12:13:56
Because in the .NET world having the same version number for different builds can cause problems for GAC'd components.
Michael Prewecki  2009-03-01 12:26:47
But a different build would for sure have a different timestamp, wouldn't it? Or did you mean just using the current date?
Treb  2009-03-01 12:29:23
Yes it totally has a different timestamp but if an interface changes then any consumers of those interfaces need to know that they can not use the new interface and must use the old version.
Michael Prewecki  2009-03-01 12:35:24
if you use the timestamp as a cut through the source system trunk then this is fine (if messy, an explicit tag is more informative and less susceptible to forgetting which release had which timestamp.
ShuggyCoUk  2009-03-01 12:54:24
It's not fine in .NET if you change a method prototype you will bring down any client not expecting the change... and not gracefully. Where as changing the version will at best have no effect on the unsuspecting client and at worst prevent it starting.
Michael Prewecki  2009-03-01 13:24:37
+8  A: 

Releasing a "quick" bug fix to a live system during heavy user load without proper testing.

Rich  2009-03-01 12:05:08
Of course you only know that you did not have proper testing when it has failed.
CodeSlave  2009-03-02 15:29:58
A: 

The deployment of a product is not performed by the team that created the software, but given to someone from another team.

(Happened to my boss this week...)

Treb  2009-03-01 12:08:53
-1 In a an environment where a separate operations department exists, and where security is a serious concern, developers should never be allowed to touch a production system. Though they may sit beside or on the phone with operations during deployment.
ScottS  2010-06-18 04:04:11
@ScottS: You misunderstood me - it's not another operational department, the software was developed by another dev team, and we were given the deployment task.
Treb  2010-06-18 05:51:43
Ok, forcing deployment on someone else "just cause" should never happen. I'd retract my minus vote, but it won't let me.
ScottS  2010-06-18 18:18:53
@ScottS: Well, my answer could have been more clear, so I guess it's my fault ;-)
Treb  2010-06-19 07:23:55
+1  A: 

Documentation for the code ?
What for ?
The code is clear enough to be self-documenting... ;)

VonC  2009-03-01 12:19:37
+4  A: 

We don't have time to test.

Chris  2009-03-01 12:36:15
+3  A: 

In the style of the linked article where mistaken identity (of body parts, people) features heavily

Never perform an action on a production box thinking it is Test/DR.

This means:

  • hardware naming should be clear and consistent.
  • logins to production box must be controlled and use least privilege required
ShuggyCoUk  2009-03-01 13:38:29
+2  A: 

"In order to begin to develop on the source code you need : install a website by copy/paste on your machine, create a new database, change your config file, create a directory in this and this directory, set another directory in read-only, install this product etc..."

Keep it simple ! A script should be present in the SCC to set the dev environment in one step.

Nicolas Dorier  2009-03-01 13:39:02
+6  A: 

Making manual configuration changes to builds for different enviornments..

Gulzar  2009-03-01 13:57:11
+8  A: 

Refactoring without unit tests.

Gulzar  2009-03-01 13:59:23
-1 Having unit tests is ideal, but if you don't have them, you probably need to refactor in order to build some reasonable tests. Even if you will never write tests refactoring can still be good, just much more difficult.
ScottS  2010-06-18 03:57:30
+10  A: 

The never-ending crunch mode. See e.g. the "EA spouse" story.

Even in a healthy company people must sometimes put in some extra effort and work overtime. This can be a good thing that strengthens the team spirit if everybody toil together, beat the deadline, and can then go home and get some rest.

But when everything is critical all the time, people stop caring and become less efficient than if there were no deadline at all. The worst way of doing this is moving people from one project that's just ending its crunch into another project that's just beginning its crunch.

flodin  2009-03-01 15:38:35
I agree with your post, but as an aside, Warren Spector in lectures on computer game careers said of the EA Spouse thing that if it wasn't for young men working intense hours, there might not ever have been a computer game industry.
Bernard Dy  2009-03-01 15:42:55
+1  A: 

Make no effort to perform sufficient business analysis and keep the business engaged thoroughly from initial design through support and beyond.

In fact, don't require developers to have any basic understanding of the domain they're dealing with either. They need to be good at zeroes and ones and that's all. And the business people don't have to be stakeholders in the design, testing, and support of the system, they just need to do their business and that's all.

Bernard Dy  2009-03-01 15:39:31
+2  A: 

breaking the build...

aherrick  2009-03-01 17:07:38
+1  A: 

Failure to focus on the customer(s).

It matters not whether the customer is:

  • Real or Notional
  • Individual or Group
  • Internal or External
  • Paying, Charging your time to a project or getting it for free.
  • Even yourself!

This does not mean the customer is always right. If you think they are wrong feel free to talk to them and see if you can improve but you should talk to them and listen to what they have to say.

You can deliver the most robust, wonderful, brilliant, elegant system which is utterly useless to the people for whom it was intended. IF you cannot repurpose the solution to another customer then you have actually done worse than a quick and dirty ineffective solution since you will have wasted more of your and the customer's time getting to the same (non functional) point.

If you have multiple differing customers the general advice still holds true but then the subjective (and possibly political) elements specific to that situation mean it's much too complex for a 'Never'.

ShuggyCoUk  2009-03-01 23:33:21
+1  A: 

Sending cleartext passwords

Anon Guy  2009-03-27 08:50:01
A: 

No maintenance documentation.

Stewart  2009-03-27 09:03:20
A: 

Business plan? We'll figure that out after it's popular...

VirtuosiMedia  2009-03-27 09:08:24

related questions

How to convince a project sponsor that all functions in your code should have unit tests
What makes a good programming team?
Developer Burnout Stories
How Much Time Should be Allotted for Testing & Bug Fixing
Sprint velocity calculations
What is the best practice for estimating required time for development of the SDLC phases?
What software to use for a multistage development environment?
How would you extract data from a MS Project .mpp file?
What's your Post-Mortem meeting format?
Where does "Change Management" end and "Project Failure" begin?
How do you maintain a project schedule?
Managing my TODO list - how to get organised
Building morale in the dev team
How do you track your hours?
Am I In A Death March Project?
How to write a spec that is productive?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
What are the most important things to learn about .net as a Project Manager?
What free and/or open source tools are available for project and process management?
Managing a project vs Managing a Development
How do you fire a developer?
Creating a good developer abstraction layer?
Software tool for doing Project Postmortem
Have you used a wiki in your project or group?
Software for managing multiple projects.