Skip to content

Bashar Kokash Posts

Out-of-question software deliverables

Regardless of the size of any software force whether an individual developer doing freelance at home, a small team of 3-5 developers, or a big company dedicated for the industry of software development, they all do have a process; a written best practice, a proven method, or a common set of rules and conventions that the team agreed to follow. These rules enable the product/software development life-cycle to continue to go on and on smoothly, from requirement gathering to design, development, testing, reporting and fixing bugs until the final delivery.

Any software product especially in this era, the era of technology and connected everyting, must have the following set of features: Security, User Experience and Performance.

It is not accepted any more not to follow the best practices, nor to have a slow application suffering doing basic tasks especially with the exponential growth of the processors power. The lame answer for such issues is: the customer didn’t ask for it, it was not included in the requirements documents that the customer signed, or the customer did something wrong, the user didn’t follow the instructions, or the user is not educated. You might yourself heard better or lamer answers.

In this post, I will demonstrate the main technologies that I think any software should be built on, regardless of its business, customer, programming language or the development process or methodology followed.


It was almost 10 years ago when one of my friends worked on an Arabic version HI5, yes that was before Facebook, the moment I figured out the password is stored plain in the cookies, alt + F4 and I never went back to that site. Number 1 is always security. No matter how almost everybody including big companies emphasize on security, data protection and encryption, you still find a lot of them who fall under that bridge.

In a modern secure application, all types of data should be protected during:

  • Data processing: within the memory when access is only granted to the allowed process by the secure operating system.
  • Data storage: whether stored in a local XML file or a database in the cloud, critical data should be encrypted using proven symmetric (AES) or asymmetric (RSA) algorithms. Never store user’s password, just hash them but please don’t use MD5, while sensitive credit cards information should be strongly encrypted following industry standards (PCI standards for the payment processing applications)
  • Data transmission: within the network, through the web or the cloud, SSL/TSL should be enforced, never transmit your data plain.
  • Authorization: don’t trust people and apps, keep verifying
  • Common attacks: application injection, JavaScript injection, cross site posting, and SQL injection are still common, using the proper practices or modern platforms, such attacks are useless.

That means data should be safe all the time, from system users, administrators with power privileges and off course hackers. Ensuring use’s identity is a must, no one should be ever allowed to manipulate data intentionally or unintentionally. Name any development platform or language, they all do support all major encryption algorithms and practices and are designed to enforce them. Depending on the application, several or multiple security levels can be embraced to enforce your rules on the application, database, servers, and communication channels.



It is not the case anymore, where people can wait days or weeks to travel from a city to another, every information should use the speed of light. Unless your application is doing a complex algorithms and calculations, most of your basic operations like data retrieval and manipulation should be instant. For example, a banking system is considered one of the top critical apps where security is more preferred than performance or convenient, industry standards require certain restrictions to limit and manage the window of fraud, so you can ask the user to login to his account using a certain process or a combination of several factors, such as OTP linked only to his mobile, force a certain IP, region or location, or even a personal checkup and approval.

If your application is taking too much time to load or to perform an operation, question yourself, you must have done something wrong, if you think that delay is reasonable, you should quit and find another job.


User experience – UX

Medium, the famous blogging website is one of my favorite example in perfect user experience. It delivers only the expected in a simple, minimal and unique experience. You can find many definitions for a perfect user experience, some call it Apple 😉 others have published theories and papers on how to deliver the best application user experience. I see it as a continuous effort towards making users smile using your application.

There are several concepts/ practices for delivering a good user experience such as, delivering simplicity; keeping everything to the minimal required level, no need to fill the screen with all the menus, features and functionalities, show only what you think it is important for the user to perform the task. Also, keeping the number of clicks to the minimal is a key factor, this means in order to perform any task in your application starting from the home page, the number of clicks should be as minimal as possible. Some suggest 3 as the magic number, but as long as you are measuring that factor then you are on the right track.

Environment specific features will deliver an awesome experience to the user, if he is a loyal Android user and your application uses an Android specific gesture or widgets, he will feel home or for Windows applications you can add live tiles and so on.

User guidance; the application should be user-friendly; i.e. self-explanatory, no need for user manuals or training, the app should be easy to the degree the users feel they have used it before even during their first time.

UX efforts should be taken seriously in the application development life-cycle, put in the correct place, before, during and after the development. If not, the application will simple be very complex to use, users will be required to have a PHD degree to do the basics.


Do you have your own list, please share it in the comments.

No Estimates Software Development

Software development can go messy as you can imagine, that’s why we have rules, processes and tools to help control code and delivery.

The key asset to a proper software plan is estimating how long such a feature/ task requires using the experience and resources available in your team. Estimation is considered a commitment that you have to honor, requirements might change, or you might not be a subject matter expert, so unclear requirements and the fear of commitment lead to unrealistic estimations.

But can’t we deliver software skipping the estimation stage, or when they called zero estimates, if you are familiar with a certain repetitive task that your team is expert in, does it has to have the same estimate the same time? why don’t we estimate only the new features or tasks?

Woody Zuill, a senior consultant, trainer, and Agile coach, was recently hosted on .NET Rocks podcast, he is one of advocates to “No Estimates” software development, listen to him and let me know what you think in the comments.

Hello World

Not every blog starts with “Hello World” unless you are a developer.

This blog Code / Business will highlight topics of both low-level geeky code and high level strategy stuff, and somewhere in between. Expect some html, code and a lot of technical discussion in an abstract way that will interest you.

Feedback is more than welcomed.