Smart Contract is a contract but instead of written in human language, it is written in a programing language. Like a contract, a Smart Contract defines conditions and financial obligations among participants. Unlike a contract, with a Smart Contract, financial obligations can be executed automatically if conditions are met, without underwriters, lawyers or law enforcement entities.
A contract can protect financial rights of participants only if there is a government enforce and operate. Financial obligations in contracts is money. Money is managed and operated by banks. A Smart Contract is a program and only execute on Blockchain. Blockchain is a network of computers, obey to a protocol that provide services similar to a bank such as : holding balances, transferring value, recording ownership, enforcing rules automatically, and keeping an immutable transaction history.
What Conditions can be added to a Smart Contract ?
Not every statement in contract can be converted to Smart Contract. Smart Contract is a program so it works well with precise numbers and clearly defined if-else conditions such as: money amount, date time, vote counting, temperature.
For example that a company is using Smart Contract to pay employees salary. The Smart Contract can easily implement the agreement that, at every 1st of each month, a fixed amount of money is automatically transferred from the company’s wallet to each employee’s wallets, provided that sufficient funds have been deposited in advance.
Once deployed, the smart contract does not rely on the company’s willingness to pay or on any manual action from accountants or banks. If the date condition is met, the payment is executed exactly as written. If the funds are not available, the payment simply does not occur, making the failure transparent and verifiable to all parties.
In this way, the smart contract replaces trust in the employer or intermediaries with trust in predefined rules and automated execution, ensuring predictable and timely salary payments without human discretion.
However, the smart contract cannot determine whether the employee actually worked, worked well, or should be fired. Those human decisions must be made outside the system. The smart contract only enforces what was clearly defined in advance: who gets paid, how much, and when.
What Conditions can NOT be added to a Smart Contract ?
Smart Contract can not work with Emotions, Quality Judgements, Real Life Events.
For example that a company hires a developer under this agreement:
“The developer will build a high-quality mobile app that meets business needs. Payment will be made if the work is satisfactory.”
This is where Smart Contract can not replace contract. A smart contract, as a program, can not decide:
Whether the app is “high-quality”
Whether it “meets business needs”
Whether the work is “satisfactory”
These require:
Human judgment
Discussion
Interpretation
Sometimes negotiation or compromise
Smart contracts are excellent at enforcing clear rules, but they cannot replace contracts that rely on human judgment, quality assessment, or trust.
For someone with no programming experience, the word “refactor” can be confusing at first, because it’s mostly used in coding. For a simple explaining, refactor is Making something better or clearer without changing what it does.
Why Refactoring when there is nothing change ?
“If it works, don’t touch it” is a principle that is still valid in real world. It’s truth, pragmatic and is recommended at some extent when we do not have enough understanding about system we are working on. From business perspective, Refactoring feels unproductive when there is no new features added to system, but, just like a business, sometime we need to restructure processes, reorganize people and rearrange tasks to maximize outcomes, programing process also need refactoring to optimize coding experience which help source code more readable, maintainable, and scalable. These benefits, in turns, accelerate developers when adding new features or fixing bugs later on.
What is Readable code ?
Readable code is code written clearly so another developer, or future you, can read it quickly and know what’s going on, sometime just by guessing via variable names and function names. Some tactics can be applied to ensure readable code are:
Clear naming: Variables, functions, and classes have names that explain their purpose.
Short, focused functions: Each function does one thing, not many things.
Consistent formatting: Proper indentation, spacing, and line breaks.
Avoids unnecessary complexity: No overly clever tricks, Straightforward logic.
Helpful comments: Explain why, not what.
Use of standard patterns: Code follows common conventions so others instantly recognize the structure.
What is Maintainable code ?
Readable: as explained as above
Well-organized: Code is structured logically into modules, functions, or classes
Consistent: Follows the same style, naming, and patterns everywhere.
Well-tested: Covered by tests to catch bugs early and safely.
Documented: Has comments or docs explaining why and how things work.
Flexible: Easy to modify, extend, or adapt without breaking existing code.
What is Scalable code ?
Efficient: Uses memory and CPU wisely, Avoids unnecessary heavy operations.
Modular: Pieces of code can be separated or duplicated easily
Asynchronous / non-blocking when needed: Doesn’t freeze the whole system while waiting for one slow task.
Uses good architecture: Clear layers, Can split into microservices or separate components if needed.
Uses proper data structures: For example, using a Map instead of a List for fast lookups.
Database scalability: Indexes, caching, batching queries, sharding, etc.
Refactor safety
Because the goal is to keep system working as the same while rewriting codes, there must be a metric indicate sameness, or early detect differences in system behaviors. This is where Test Driven Development shines.
Writing Test is mistakenly overlooked by inexperience developers. Beginners usually think programing job is just to write code, see it run then move on writing another code. Writing tests looks like an extra work or an annoying requirement. This is okay just as a young men does not understand “karma”. And karma for this overlooking usually are:
Bugs keep coming back
Bugs evolve when there is more code added
Take so much time for debugging
Source code become a mess and a small change can take months to add
When bugs bring enough pain, developers begin more experience.
Test Driven Development (aka TDD)
Test-Driven Development (TDD) is a software development process where you write tests before writing the actual code.
TDD follows a repeating 3-step loop:
Write a failing test ( yes, always fail first ! )
The test describes what the code should do.
It fails because the feature doesn’t exist yet, or the bug is not fixed yet.
Write the minimum code needed to make the test pass
Not perfect code, just enough to pass the test.
Refactor – Clean up the code
Improve readability, maintainability, scalability
Keep the tests passing.
Then repeat the cycle for the next feature and bug fixing.
Tests ideally can simulate the UX that users will engage on real product. This can not be 100% achieved but keep this principle in mind will help a lot to write good tests. Depends on how closely a test to real world UX, tests can be classified to 3 levels: Unit Test,Integration Test, and E2E Test.
Unit Test
Unit Test is ideal to test behaviors of a function or a class. In each unit test, we can test output of a function given a particular input. We can anticipate what inputs can be, even unrealistic ones (hackers usually input unrealistic ones) , to ensure our functions keep functioning regardless what input is. Unit tests can be used as a debugging tool when we can test directly a part of system without try reproducing via UI/UX. For functions that is well guarded by unit tests, developers can feel more confident to add changes or refactor it because bugs can be caught early.
Integration Test
Integration tests are tests that check how multiple parts of system work together. Functions, Classes and Flows can be tested on how they are interacting together inside a system. It ensures that every “pieces” of the system are integrating properly. Similar to Unit Test, we can anticipate and simulates Flows to can catch bugs soon.
E2E Test
E2E (End-to-End) tests are the tests that simulate a real user using the real app, by actually click buttons and typing text.
This is ultimate form of Test that can catch bugs that unit or integration tests cannot. E2E Tests test the app in an environment closest to production. They validate the entire system from UI/UX to data storage. But it is the hardest tests to make when a real system need to be deployed for E2E tests can execute. Simulating user behaviors by coding requires more effort. This is why many teams usually stop at Integrating Tests and it is totally ok when majority of bugs can be catch at level of Integration Test. Writing E2E Tests is time consuming so we should only write it for bugs that un-produceable at Integration Test level. These bugs are high-level bugs and it should be addressed by high-level tests, and they mostly about concurrency, timing and resources:
Race Condition: A situation where the correct behavior of a program depends on the relative timing or interleaving of multiple threads or processes. It’s about uncontrolled timing causing wrong results.
DeadLock: Two or more threads/processes are waiting on each other indefinitely, preventing progress. As the result, system freezes because resources are locked in a circular wait.
Livelock: Threads or processes keep changing state in response to each other but make no actual progress. As the result, CPU or threads are active, but nothing gets done.
Starvation: A thread never gets access to a needed resource or CPU because other threads dominate it. As the result, resource exists, but some threads never get a chance to execute.
Atomicity violation: A set of operations that should be executed as a single, indivisible unit is interrupted, causing incorrect results.
Order violation: Correct behavior depends on operations happening in a specific order, but the order is not guaranteed that eventually leads to incorrect results.
Heisenbug: A bug that disappears or changes when you try to observe it (e.g., by debugging, logging, or adding print statements). This sounds like quantum computing but yes, it does exists. These bugs often caused by concurrency, timing, or memory issues.
Data corruption: Shared data is modified concurrently without proper synchronization, resulting in invalid or inconsistent values.
Lost update: Two concurrent operations overwrite each other’s results, causing data loss.
Dirty read / inconsistent read: A thread reads a partially updated or uncommitted value from another thread or transaction and then produce wrong results.
Priority inversion: A low-priority thread holds a resource needed by a high-priority thread, causing the high-priority thread to wait unnecessarily.
In conclusion, to Refactor code safely, we need a lot of tests, good tests one !
Here is a poster in Vietnam that every buildings have to place to warn citizen about online scammer. Scammers now are tech + government powered criminals, well funded and well-organized !
Above poster lists popular tricks that have been used by scammer for decade and caused extreme financial damage to citizen. Below is a summary on what happened and existing solutions at the end of this post
Impersonate bankers
Scammers pretend to be bank employees, using forged caller IDs or fake emails to convince victims that their accounts have problems or suspicious activity. They pressure people to provide OTPs, passwords, or transfer money to “secure accounts,” exploiting the victim’s fear of losing funds.
Love trap on social networks
Criminals create fake profiles on Facebook, Zalo, or dating apps, using attractive photos and sweet messages to build emotional bonds. After gaining trust, they fabricate emergencies, travel problems, or gifts stuck at customs and ask the victim to send money to “help.”
Impersonate telecommunication officer
Fraudsters pose as telecom staff claiming your SIM will be locked, your number is involved in illegal activity, or you must update customer information. They then guide victims to provide ID details or install malicious apps that allow remote control of the phone.
Fake Sim 4G upgrade
Scammers contact victims saying their SIM card needs to be upgraded to 4G/5G and ask for OTP verification. When the victim shares the OTP, the scammer hijacks the phone number, enabling them to reset banking passwords and steal funds.
Recruit Partner
These scams offer “partnership” opportunities with fake companies or online stores. Victims are promised high profits or commissions, but after investing money, they cannot withdraw earnings, or the scammers disappear entirely.
Impersonate Social Insurance
Scammers claim to be from the social insurance authority, saying the victim has unpaid contributions, benefits problems, or involvement in illegal records. They create panic and manipulate victims into sharing personal data or making payments.
Impersonate charity
Fraudsters pose as charity organizations, exploiting compassion by collecting “donations” for fake causes such as medical emergencies, disaster relief, or orphan support. The collected money goes directly to the scammers’ accounts.
Gambling
Many scams involve illegal online betting sites. Victims are lured with promises of guaranteed wins or insider tips. After depositing money, the site manipulates the results or locks the account, making withdrawal impossible.
Impersonate Financial Organization
Scammers pretend to be from loan companies or investment firms, offering high returns or easy loan approval. They require “processing fees,” “insurance,” or initial deposits—after receiving the money, they vanish.
Forced loan
Victims is transferred an amount of money from strangers. Then strangers call them and tell that it is borrowed from black credit firms, and threaten that if they do not pay, they can come with force.
Fake Crypto Trading Platform
Fraudulent crypto apps or websites show manipulated profit charts to convince victims they are earning money. When victims deposit larger amounts, withdrawals are blocked, and the platform disappears.
Recruit house cleaner
Scammers post fake job ads for housekeeping, offering high salaries. Applicants are then asked to pay “training fees,” “uniform fees,” or deposits for tools. Once paid, the job offer is withdrawn and the scammer disappears.
Buy / sell on digital platforms
In online marketplaces, scammers sell products they never deliver, or buy goods and send fake payment receipts. Some also lure victims into sending deposits to “hold” an item, then immediately block them.
Missions via strange apps
Victims are assigned “simple online tasks” such as liking posts or rating products, with small initial payouts. Later, the tasks require larger deposits to continue earning, and once enough money is collected, the scammers cut off contact.
Clone Facebook account
Fraudsters impersonate the victim by cloning their facebook account, asking friends and family to send emergency money or mobile card codes. Others use the hacked account to run ads or steal linked personal information.
Impersonate government officers
Scammers masquerade as police, prosecutors, or tax officials, claiming the victim is involved in money laundering, tax evasion, or criminal cases. They use intimidation to force victims into transferring money to “verify” or “clear” their records.
Fake jackpot / gift
Victims receive messages claiming they’ve won a prize, iPhone, or overseas gift package. To claim it, they must pay customs fees or taxes. After sending the money, the supposed prize never arrives.
Terrorism via phone calls
Some scammers make threatening calls pretending to be criminals or debt collectors. They use fear—claiming harm, kidnapping, or legal consequences—to force victims to transfer money quickly without thinking.
Impersonate law firms
Scammers pose as lawyers claiming there is a lawsuit, unpaid debt, or urgent legal issue. They pressure victims to pay consulting fees or settlement amounts immediately to avoid prosecution.
Terribly, this keeps going on, at least at the moment of this post, regardless many effort from Vietnam, Korea, Singapore, etc polices. Because it is backed by some other governments, it is really hard to eliminate them all.
Well-organized criminal networks
Scam centers in Cambodia are hard to destroy because they are often backed by well-organized criminal networks that operate across multiple countries. These groups have resources, connections, and the ability to relocate quickly when law enforcement pressure increases. Their cross-border structure makes it difficult for any single government to completely shut them down.
Corruption & weak enforcement
Another reason is the presence of corruption and weak enforcement in certain regions. Some scam compounds operate in areas where local authorities have limited oversight or where bribery and influence allow criminals to continue operating with minimal interference. Even when raids happen, the networks frequently rebuild in nearby locations or migrate to neighboring countries.
Many scam centers also hide behind the facade of legal businesses, such as casinos, entertainment centers, or investment companies. These fronts make investigations more complicated because law-enforcement agencies need strong evidence before taking action. Criminals exploit this ambiguity to stay operational for long periods.
Human trafficking victims
Additionally, these scam operations rely on a steady supply of human trafficking victims brought in from various countries. Victims are forced to work under threats, making the operations difficult to expose. Because the workers are often imprisoned and isolated, reliable information rarely reaches the outside world, slowing down international rescue efforts.
High profitability and Low traceability
Finally, global factors contribute to their persistence. The rapid rise of online scams, cryptocurrency, and digital anonymity provides scam centers with high profitability and low traceability. As long as these operations generate massive revenue with relatively low risk, shutting them down completely requires coordinated international action—something that remains complex and slow.
Solutions
So looks like that citizens have to protect themself before government get things done.
And below is some protection tactics that can be observed in Vietnam
Chongluadao.vn is a Vietnamese cybersecurity initiative that maintains a large database of verified scam websites, phishing pages, and fake online services. It allows users to check whether a link is safe and relies heavily on community submissions to keep its blacklist updated. It focuses on suspicious urls and websites. User can search for past reports to know whether a page is scam.
TrangTrang.com is another platform supporting community reporting of suspicious phone numbers. It focuses on gathering public complaints about calls. Users can search past reports before pick up a call, helping them avoid risks.
Firewalls on smartphone
Smartphone Firewalls can act as a digital shield that monitors network traffic to detect and block malicious connections. Unlike antivirus software that only reacts after threats appear, firewalls proactively prevent dangerous apps or websites from communicating with scam servers. They help stop phishing pages, data exfiltration, and suspicious background activities. This makes them especially useful in preventing scams delivered through fake apps or hidden links.
SafePhone is a specialized mobile firewall designed to filter both internet traffic and incoming call threats. It can block incoming calls from known scam numbers. It also can prevent users to access scam websites when tapping urls on messengers. By putting blacklists right on user’s smartphone, it helps users defend against risks more seamlessly without frequently looking up on other websites.
Browser Extensions
Browser extensions can add an additional security layer directly inside the user’s web browser. They can warn about dangerous websites before loading, block trackers, stop pop-ups, and identify phishing attempts. Extensions with anti-scam features check every website against a global blacklist and use heuristics to detect fake login pages or fraudulent shopping sites. This type of protection is crucial because most scams start with a single click on a malicious link.
SafePhone includes a feature called SafeBrowser. SafeBrowser is a secure browsing mode inside the SafePhone ecosystem. It routes traffic through SafePhone’s protection filters, blocking malicious domains and preventing users from accidentally accessing scam websites. This controlled environment is especially useful for elderly users, children, or anyone who prefers a safe but still simple browsing experience.
News goes old and lessons usually be forgotten. Below is some incidents happened in cyber battlefield for a feel of 2023 – a drama year.
Company
Domain
Breached Data
Money
Attack vector
iRent
car rental
– millions of partial credit card numbers – at least 100,000 customer identification documents
N/A
the database has no password
Yes Madam
Salon platform
– customers’ location data – user device details, – IMEI numbers of ~900,000 users
N/A
the database has no password
PeopleGrove
social platform for higher education institutions and alumni networks
– gigabytes of personal information: email addresses, phone numbers, addresses, details of university achievements and scores, and resumes containing detailed work histories and employment details
N/A
the database has no password
Proskauer Rose
international law
– private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions.
N/A
misconfiguration
AvidXchange
automate invoice processing and payment management processes
– employee payroll information – corporate bank account numbers.
N/A
easily guessable passwords
Toyota
Manufacture
– data of 2 millions customers
N/A
misconfiguration
Ferrari
Supercar Manufacturer
– 7GB of documents, data sheets and repair manuals.
N/A
Ransomware
LogicMonitor
network security
– data of a small number customers
N/A
use of default password
Microsoft
AI
– accidentally exposed tens of terabytes of sensitive data, including private keys and passwords
N/A
publishing a storage bucket of open source training data on GitHub.
Tesla
– 75,000 company employees personal information
N/A
two former employees leaked
Microsoft
Email
– a key that allowed to stealthily break into dozens of email inboxes, including those belonging to several federal government agencies.
N/A
Unknown
Crema Finance
Crypto
$9 million in cryptocurrency
ethical hacker turning rogue
Taiwan Semiconductor Manufacturing
ChipMaker
$70 million ransom demand
Leaked setup information
Reddit
Social Network
– 80+ gigabytes of compressed data
N/A
“highly-targeted” phishing attack
T-Mobile
Telecom
– personal data belonging to 37+ million customers.
N/A
social engineering + SIM swap
Twitter
Social Network
– 400+ million email addresses and phone numbers
N/A
a security bug
MailChimp
Email
– 400+ accounts mostly of cryptocurrency and finance-related accounts
N/A
social engineering
Okta
Identity
– 134 organizations data
N/A
stolen credentials
Truepill
Pharmacy Fulfillment
– 2.3+ million patients personal data
N/A
poor security design
Perry Johnson & Associates
Healthcare
~9 million patients data
N/A
Unknown
Intellihartx
Patient payment
half a million people’s personal and health information
N/A
MOVEit (1)
PharMerica
Pharmacy
– 5.8 million personal information
N/A
MOVEit (1)
HCA Healthcare
healthcare
– 11 million patients’ data
N/A
Unknown
Enzo Biochem
biotechnology
– 2.5 million patients’s clinical test information
N/A
Ransomware (2)
Managed Care of North America
Dental
– 8.9 million clients data
N/A
Unknown
NextGen Healthcare
electronic health record software
– 1.05 million patients personal data
N/A
Ransomware (2)
Illumina
DNA sequencing devices
– Can alter test result in devices
N/A
CVE-2023-1968
Maternal & Family Health Services
Healthcare
– 461,070 personal data of patients, employees and vendors
N/A
Unknown
23AndMe
Genetic testing
– 6.9 million user data records
N/A
Unknown
Welltok
Patient Engagement
– 8 million personal data
N/A
MOVEit (1)
McLaren Health Care
Healthcare
– 2.2 million patients sensitive personal and health information
N/A
Ransomware (2)
Performance Health Technology
Data Management Services
– 1.7 million Oregon citizens health information
N/A
MOVEit (1)
Colorado Department of Health Care Policy and Financing
Healthcare
– 4 million patients data
N/A
MOVEit (1)
HCA Healthcare
Healthcare
– 11 million patients’ data
N/A
Unknown
Sabre
Travel booking
– 1.3 terabytes of data on ticket sales, passenger turnover, employees’ personal data, corporate financial information.
N/A
Ransomware (2)
See Tickets
Global Ticketing
– customers’ credit card information
N/A
Credit Card Skimming Malware
MGM Resorts
Hotel & Casino
– unspecified amount of customers’ personal information – ATM shut down – Website offline
~ $100 million
Ransomware
Caesars Entertainment
Hotel & Casino
N/A
$30 million demanded
Ransomware
Motel One
Hotel
– 50 credit cards data
N/A
Ransomware
Radisson
Hotel
N/A
N/A
Ransomware
Fidelity National Financial
real estate services
virtually froze all the company and its subsidiaries’ activities
It is certainly that there is a lot of programming languages on the market. Each language creates itself job positions and even programming “religion” where engineers prefer using a certain language over others, and thanks to that, the software development market can thrive because the diversity in language increase the scarcity in workforce.
So why some language offer higher salary than others ?
Well, language is tool, each tool is more appropriate for a certain purpose. Salary is the compensation from the budget assigned for a purpose. So actually there is no standard market price assigned to each language. It still is the supply-demand game. The difference is the demand is influenced by big boys in the industry. Big boys create programing languages, frameworks that overcome limitations of the ones exists before. The limitation can be speed, memory efficiency, friendly syntax, built-in solution for repeatable tasks. As the result, it can save money in renting physical resource (computers) and save working hours (constructing and error fixing) and that savings also contribute to the compensation, or the salary.
Can an engineer learn multiple language ?
Absolutely Yes.
Learning a language is always hard and time-consuming. There is a lot to remember: syntax. And syntax can be translated from one to another by the same principle as human language. So far, for each language, what we need to remember are:
How to declare variable
How to write conditional check (if-else)
How to do the loop (for-while)
How to separate code in reusable blocks (class, method, function, interface)
How to handle concurrency (process, thread, event loop)
What libraries are offered out-of-the-box per each language.
The tactic is, for the first language, learn it carefully and practice a lot. For new languages, compare it to the one we knew, and find the translation between syntax sets, then practice a lot.
Another tip is to search for open-source projects, and read their code. This is also a quickest way to learn from top engineers.
Is it worthy to know more than one language?
Yes, I think.
If we only need a stable job, one language is enough. But remember that technology changes everyday, and any project has the starting date and the end date. So, ensure your adaptability.
If we are interested in technology, learning new languages can provide us a deeper understanding about computer as well as to see more than 1 way to solve same issues. It keeps us open-minded, curios and provide a broad range of knowledge, which is a truly stability, so far as what I learn from many professionals.
And, the whole programing activities is a career, not a single language itself.
Shortly said, when you can handle entire development cycle, end to end.
Most of developers can quickly master the syntax of particular programming languages, but it does not mean Senior is a developer who mastered all syntaxes. Senior must be master of syntaxes as default , plus many other skills.
A software development cycle includes steps :
Collect requirements from customer needs
Choose programing methods and technical solution that fit requirements and the development team.
Operate the continuous delivery process to bring the product to reality.
Troubleshooting issues
Provide guidances for other developers to let help them contribute to development process.
Estimate development time.
Depends on each developer abilities, some can tackle all phases in 2 years, some can take 10 years, or even never for some reasons that I will mention at the end of this post too.
From above steps, we can deduce some skills that a Senior must have to afford the job
Be patient enough to listen to customers to understand their real needs
Have strong understanding about UI/UX to offer solutions, customers usually come with the imagination of the best scenario but most of time, bad things happen.
Can explain technical terms to non-tech customers. Some time we need the customer to empathize with the development team on how difficult a feature can be, or why some feature is more expensive than others, or why something is impossible.
Experience on some programing paradigms. The most popular paradigm today is Object Oriented (OOP), but beside it, Functional Programing or Reactive Programing is raising too. Each paradigm has its own pros and cons. Each language, depends on its features, can be classified into 1 or multiple programing paradigms. For example, Java is an OOP language, but from Java 8, it has some libraries designed as Functional styles. Javascript is Functional as beginning, but today it support OOP style too. Pros and Cons of each paradigm can make writing code for some certain types of requirements harder or easier, and write code much or less. So it is important that a Senior should understand as much as possible of different programing paradigms to ensure the maximum quality of code with minimum effort. And this is why firms willing to pay much more for one who be truly Senior.
Know how to integrate with popular 3rd party services. Those services focus on solving some common issues for common features such as sending & managing emails, upload / download file, or billing, etc. Integrate with 3rd parties helps to avoid re-inventing too much, reducing error prone and development time.
Proficient with command lines & shell scripts. Most of processes of packaging products use command lines. Some modern IDEs provide features of package the product, we can use it instead of command lines, but in some situations such as deploying web servers , or to automatically build mobile application, we need to use command lines. A Senior of any kind of product must know how to build his application using command line only. IDE is a convenient tool only, does not dependent on it too much.
Proficient with Version Control tools such as GitHub. Development process contains a lot of code change from many developers, some good, some bad, some worthy, some trashy, some full of risks. Senior must review other codes frequently to always aim the code quality to the highest.
Proficient with debugging techniques to find out root cause of issues. Most IDE today support well breakpoints to stop the program at any point so that developers can double check everything. Some situation we have to use logs on console to figure out the problem.
Can quickly understand the source code and project structure as well as business concepts to have quick diagnose for issues.
Can create automation tests to early detect issues after each code change.
Have knowledge about computer architecture & system design to provide optimizing solution when the application hit its limitation.
Good at technical explaining, to provide guidances or support for lower levels developers, as well as to cooperate with other Seniors.
Good at technical writing to contribute the knowledge base to the team.
Have a few achievements in the past, such as completed features, completed projects, proven optimizing solutions.
Have a sense of development time. Be able to give a reasonable estimation time is a point proving that a developer has seen thoroughly the development process.
To acquire above abilities, there is no way but Practicing. The point is we should know what to practice. Experience is not about number of years you go to work, it is number of things you have done. And the most important is, external validation is not necessary. You don’t need to wait for a validation exam or certificates to call yourself Senior, especially in the software development world. As I know that there is no official contest to generate the title for developers, but the modernness of current world is cultivated by many no-title heroes. We give respect to ones who contribute.
So now, what to practice ?
There are many ways to practice, via your work, on your free time, via courses , but I would like to suggest below :
If you have a chance, do some small outsourcing projects. This will throw you to entire development process and get familiar with customer needs.
If there is no chance to find an outsourcing projects, create one for yourself as a personal project. Do any application idea that you wish to have !
If you have no idea, just try to clone some famous applications. !
Watch Tech conferences. It’s easy to find them on Youtube now. This will up you to date on technology fields and listening to experts is a best way to learn.
Read books about related subjects such as UI UX designs, Design Patterns, System Designs, Operating Systems, or even Management area if you are interested in or even Psychology if you feel you are having troubles when talking to clients. Books can gradually feed you with knowledge in an organized way and some day it will be useful all. Don’t expect any one book can change your life, one thousand books can !! .
Be curios ! Spend your free time on learning new technology, compare to what you already know to see the different, the improvements or a new way to solve an old problem.
Write down everything. Don’t trust your memory. Writing is a good way to learn again and learn deeper.
Practice explaining complex & abstract concepts by talking to friends or writing blogs like me. 🙂
And last but not least, what will prevent you to level up ? , according to me :
Do the same tasks by the same way in a long time. You won’t have a broad enough view and so you won’t have the deep view too.
Too Passive. Remember that you are the change you need ! Never wait for a chance from somebody. People is tired enough to find chances for themself.
Reject reading or learning.
Satisfy with what you knew. You never know what you don’t know !
This post is just some thoughts with intent to provide more detail about an abstract term “Senior” in software development world. Hope this can help developers to double check the career status or help people on other fields to understand important criteria when finding or hiring developers.
How will you explain software development process to your non-developer friends or colleagues ?
I’d like to compare it to building a house. Which steps do we need to go through when building a house :
Know your budget & need
Design or buy design
Transform the design to construction plan
Estimate cost and adjust the design by cost
Hire and manage workers
Prepare construction site
Choose materials
Build the foundation & Framing
Install walls, doors, windows, roofs, grounds
Hook up to water line & electricity line then install other devices
Decorate
Check Endurance & verify with design requirements
Maintain, fix or replace broken parts.
Each above step has a corresponding phase in software development with corresponding roles :
Building steps
Software Team Role (a person can take many roles)
Know your budget & need
Project Owner, – Has Money, Business Domain Knowledge & Idea Business Analyst – Deep Understanding on Business Domain and User needs – To clarify which features should be developed
Design or buy design
Designer – Drawing: Photoshop,Illustrator, – Art concepts, – UX understanding
Transform the design to construction plan
Architect Developer – Broad knowledge on technologyto choose appropriate solutions – Experience on Scalability, Latency, Security, Performance issues
Estimate cost
Architect Developer/Project Manager – Knowledge on solution’s pricing and average salary for developers & other roles
Hire and manage workers
Project Manager – Hiring – Assigning works and report the progress to Product Owner – Internal & External communication – Develop working environment, policies
Prepare construction site
System Engineer – Setup machines, connect machines to machines and configure/tune them – Linux or other operating systems knowledge to install requested components – Monitoring system & handle system issues – Benchmark test(latency, maximum load)
Architect Developer – Deep experience on Programing to define a healthy source code structure, coding conventions and solutions, building life-cycle and other communication support tools like task manager, group chat, source code management, etc…
Build wall, doors, windows, roofs, ground, wall
Back-end Developer – Experience on chosen languages & frameworks tocreate components, connect components to solve businessideas
Hook up to water line & electricity line then install other devices
Back-end Developer – Integrating to third-party services
Decorate
Front-end developer – Create interfaces (website, mobile applications,… ) to let users to interactas designed
Depends on each project’s complexity and budget, some roles are included in another role. It is the same to the differences between building a small house and a skyscraper. For example, for a system that to serve millions to billions users, the role of Architect Developer is extremely important and Architect problems are far more difficult and complex than coding problems. This kind of system contains a number of machines, maybe located cross over the world and that requires real need of System Engineer. And on the contrary, a common system that only have to server hundreds to thousands users is easy to achieve by simply applying existing solutions without any significant tuning. This project level usually only need Senior developers with strong programming skill. For a small team (3-4 members), communication can be more transparent than a large team, so the role of Project Manager can be merged into other. But for a large team, communication become more problems and to maximize member abilities and avoid duplicating work as well as conflicting work, it needs a Project Manager.
Different from building a house, the design of a software can be changed more frequently, even in the middle of progress and because it is easier to change than reconstructing a building, it is ok and in fact, it happens every time. Business Analyst is the role that has closest contact with users, has clearest vision in the business and is the one who writes the requirements. For small team, Product Owner is usually the Business Analyst too. Depends on those requirements, the design may be changed and some may lead to changes in infrastructure too. And of course, every changes COSTs.
The endurance of a building depends on materials & construction methods. Similarly, the code written by developers determines the endurance of a software which is called Stability. The measurement of Stability is corresponding to the number of bugs and errors. Bug is the symptom of mistakes, human makes mistakes, and coding method is to reduce the changes of make mistakes. A building built with some mistakes can kill people. A software with bug can’t kill people but it does damage to the business, much or less. Tester or QA/QC is the role to ensure this criteria.
Above is some thoughts that I hope can help to give clearer insight for people who always wonder what us – developers do daily.
Good product must be made from good materials. And good software must be made from good code.
To know how to write a good code, we need to know what the bad code is.
What is bad code ?
Code is a communication method between programmers in a team on what we are doing, how we are doing it and why we do it . A bad communication is a conversation that make nobody understand, or take a month to understand. A bad code is a code that make your whole team have no idea what it is or why it was there. Communication is never about how much you can talk, it is about whether you can make others get your idea. And similarly, writing good code is never about which syntaxes you can use, what model you can apply, it is about whether you can make it clean and clear – it means to be easy to understand to others programmers.
Why is “hard to understand” code bad ?
Code that hard to understand means it will take long time to fix, update, or change when new requirement comes because people need time to consume and digest the code before dare to make some changes. Even the authors of that code, after a few weeks, may not remember how it was made or why he made it that way. This reduces the adaptability of changes which is the core meaning of the term Agile nowadays. When you can’t adapt quick enough, you may be beaten by your competitors.
Code that hard to understand means when people make some changes related to it, they potentially create bugs because there are maybe some magic in it that they don’t understand well. More bugs means more time to fix. More time to fix means more cost for development team. More cost means less effectiveness. Less effectiveness leads to blames. More blames less happiness, and so on…
Code that hard to understand can leads to other hard to understand code. Because it is hard to understand, and time is limited, a programmer has to make the last and also the worst choice, is “hard code”. And that hard code will bring many surprises lately if there is no informing mechanism to others.
If your team is in situations that there are too many bugs, or a small changes in features can’t be accomplished in small amount of time, or many developers blame each others, beware, your source code may have some bad things.
What are symptoms of bad code ?
After a few years of programming, you can be a Senior guy and reviewing Junior’s code will be your daily task. Reviewing code, as its definition is to ensure good code quality. But is it too arrogant when give someone the right to tell what the good is ? Actually, to ensure good code quality is to prevent bad code to come to the product. To be able to tell whether a code is bad enough to be prevented, the Senior must be the guy who suffers enough through pains of bad code and use that experience as the reason for every Junior’s question : why is it bad ? Below are some reasons that may help to explain to people why the code is bad.
Before naming symptoms, let remind the essence of Coding. Coding, as its heart, in any language, is about defining states and changing defined states. For example in Java, states are varibles, and methods are to update those varibles, and a collection of varbiles & related methods forms a Class in Java. Or in Javascript, there are Functions and varibles and frameworks are actually about how Functions & varibles are organized and wired together. Similarly, databases are to store states permanently and APIs that every programmers know what it is, is about changing states stored in databases. Design patterns are actually about how to define states and how to wire logic – changing states, properly for a single purpose : make it easy to understand. And bad things happen when you don’t know how to wire things properly.
Below is some symptoms that I’ve seen from my works :
Decentralized logic : Logic is about changing states. If a logic changing a state is located inside multiple components, it is decentralized. A Component is a building block of the source code, like a Class in Java, a Function in Javascript, a API, etc, depends on scope. Most of time, we want the logic atomic – means it shouldn’t fails partially. And to make a logic atomic, every pieces of code related to it, should be located in the same places, closed together, so that programmers always have a quick understand on how states will be updated. Gathering codes closely, means has easier & more intuitive roll back strategy. If pieces of code are splitted into multiple components, there are many chances that it will fail partially, and a logic that fails partially causes bugs.
Decentralized logic also make programmers spend more time on finding and gathering information about states and how states are updated. If your programmers always have to search usages of a particular varible or method around the project before dare to make some update on a particular feature or business logic, there is a chance that feature or logic is decentralized. Spend time to centralize them.
Out of pattern : The reason why development teams always want to use a particular framework is not only about reducing development time but also because frameworks contain proven patterns that help the source code clean and clear, easy to read and scale. Beside strategically patterns defined by the framework, every team also define their own tactical patterns like naming conventions, module dividing rules, etc. Every patterns bring its own some reusable components and pre-wired properly so that it make sure a small change only need small number lines of code, small amount of time. Out of pattern usually happens when a programmer does not know well about those pre-defined rules. So, if you find out a logic that unfamiliar with existing ones, or there are many defining & wiring components efforts, there is a chance it is out of pattern. But, sometime current patterns can’t solve upcoming problems, defining a new one is ok, but this rarely happens.
Bad Naming: Engineer is bad at naming and most of time, bad naming makes other engineers confused. Have you ever find out a Class contains a run() and an execute(), and a process() method? Or have you find out varibles like tmp_1, tmp_2, or entity1, entity2, etc. Do you have any idea what they are about ?
A varible name should describes its purpose itself so that you can tell other programmers what you intend to do with it without reading the whole functions, understand this or that algorithm to just know what it is. Bad naming usually comes from improperly component defining. We have a rule Single Responsibility in programming. And when a component holds more than 1 responsibilities, it becomes hard to naming. Studying proven design patterns will help you get some ideas on how to divide responsibilities into components.
Repeat someone’s work: Actually this happens because the poor communication between team members so people don’t know what others do. The cost of this is likely you are paying twice for one tool and when the tool need to be fixed, it costs twice too. There is a rule name “Don’t repeat yourself” in programing, but actually, it must be “Don’t repeat ourself”.
Cumbersome solution: This is about problem solving skill of individuals. Some solves it in tidy way, some makes it chaos. But it must be tidy. In pure algorithms like sorting, searching, etc, cumbersome solution maybe the tradeoff for optimizing in speed or memory. But nowadays, those algorithms usually are packaged into libraries. Most of time we deal with business logic and if that business logic does not have to deal with memory optimizing or speed enhancing, it should be simple. Clean code is over Clever code. The symptom of a cumbersome solution can begin from bad naming in varibles and methods, too much temporary things or a bunch of loops and conditions compacted into one place.
Smell of the Hell : The term Hell in programming means “Overusing”. Overusing in anything is bad, right ! . We may have heard about terms like “Callback hell” in Javascript world and “Inheritance Hell” in Java world, let find out more about those hells by googling it.
The cause of overusing things is people don’t have proper understanding about what they are using. If you are writing Javascript, and you find out you have to chain more than 2 callbacks, it is time to find other approach, like using Promise or async/await function. If you are writing Java, and you find out a Class that extends from others but have to override too much non-abstract methods, there is something not clearly in your class hierarchy. There is another rule when dealing with Inheritance is “Composition is over Inheritance”. Complex component is compacted from simpler components, not from a complex hierarchy.
Hard to documentor express in paradigm: Try to express the component and how components wired together to others. If it is hard to express, there is a chance that the model is not clear enough.
How to avoid bad code ?
Learn Design Pattern : This give you some hints on how to design components and naming them properly
Review code seriously: This give you chances to sharing skills and knowledges, also have an overview about how the source code is growing.
Do thing tell people: If you write something reusable, tell people. If you have some note or document things somewhere, tell people. If you wanna know something, tell people.
Read official technical documents fully before actual do coding: this will provide you knowledge on existing solutions so you can avoid re-invent the wheel.
Target audience : People with intent to be a software developer
Let’s skip the part of reasons and motivations that make you decide to be a developer, it’s maybe your interesting, or it’s just about money, or the life just pushes you to, etc , this post is to give you some guideline to go on this road.
Developers is likely heroes in games you play. What skill that hero should have, how to level up, which criteria to put points to after level up, which bosses to defeat and the most important thing is whether you understand the story behind the game you are playing, to enjoy it !
Let’s start with the story of developer
SoftwareDeveloper world map
Developers, software developers is to create applications to solve real life problems to serve human need. Finding the need is a difficult task too and it deserves to discuss in another post.
There are many kind of applications. Names of application kinds depends on where it run and how it run. It is up to you to choose to follow one or many.
Desktop application : Applications that run on computer / laptop with UI for user to interact with
Web application : Applications that put in a server and you access by using web browsers. There is 2 parts of a Web application called Client side & Server side. Technology used in each side is different too.
Mobile application : Applications that run on mobile phones, now include Android & iOS
iOT application : Applications that run on multiple devices connected to each others in some network model
Imagine this is hero class selecting phase of the game you gonna play. Let thanks god because you don’t have to name your character :)). But each kind of application requires you to use appropriate tool sets.
There is another kind of define developer class when model client-server application model is dominant nowaday, it is :
Front-end developer : Is ones who take care of Graphical User Interface (GUI) for user to interact with. It includes Desktop Application, Mobile Application and the client side of Web Application
Back-end developer : Is ones who take care of something like system architecture, database, etc, things that are not visible to normal users.
To create any application, you are required to know
A programing language for your kind of application
A Integration Development Environment (IDE)
A framework or libraries for your kind of application
A database for your kind of application
A package management tool for your kind of application
Know how to deploy/release your kind of application
Know how to test your applications
Languages
Programing language is your weapon. It will determine which kind of application you can make. Below is the most popular languages at the moment of this post
Java : well-known as a cross platform language, Java can be used to create desktop application, server-side of web applications, Android applications
C# : for Desktop applications on Window
Javascript, HTML, CSS : This combo is essential for client-side of web application
Python : good for build tools but also good to build Web application
NodeJS : built upon Javascript, well-known for server-side of web application
Kotlin : well-known for Android development and as a replacement for Java in mobile world
Object-C, Swift : well-known for iOS development
PHP : well-known for decades in web application development
A lot of languages right ! Everyone wonders which is better than others. The answer is none. Each language has its own benefits and use cases that we will discuss later. And nowaday, it is very normal that a developer can use more than 1 language.
IDE
IDE is the software built for developers, to make their life easier when dealing with common problems while writing code:
Remember syntaxes
Remember boilerplate codes
Command lines
Compile code, debug & run
Setup environment
Search usages of a function or varible
Search a piece of code / text among a bunch of files in a project
Organize project
Format your code for readability
….
The most of IDE provide features like code suggestion or auto complete to that help you type faster and more correct and more readable, to avoid most of typo mistakes. They also have excellent text searching feature that really helpful for troubleshooting problems with your code. Some advance IDEs even can suggest you what need to do and what to do next in what you are doing. And debugging support, this one will save you a lot of time – sometime you have no idea what you are writing, trust me :)), debugging is the only way to figure out. Below is the most advances IDEs currently :
IntelliJ : the best at my point of view, but it is not free. But you may find some crack somewhere :))
NetBean : Free, very equal to IntelliJ
Visual Studio : Free, most popular IDE, usually used in academic courses
Android Studio : Dedicated for Android developing
XCode : Dedicated for iOS developing
…
Learning to use a IDE may take time too but it is worthy. It helps you more efficient and look professional too.
Framework / Libraries
Language is weapon but know how to use weapon deadly is matter too. Imagine it is likely that why you need to learn kung-fu while you have arms & legs already. Framework is built by top level developers and it is embedded with programing experience in decades. It provides ready to use structural solutions in for very common programing problems , kinda of best practices. A little different from framework, Library is a set of tools that help you solve programing problems but not strict in a predefine structure like a framework, you are the one who are responsible for that structure. Below is some most popular nowaday framework/ libraries. The popularity here depends on the demand on job market : (the order is no meaning)
JavaFX : built from Java, for Desktop application
.NET : built from C# ,well-known good to build Desktop application, but it also can build Mobile Application, Web Application and iOT application too.
Spring : built from Java, for server-side of Web application
ExpressJS : built from NodeJS, for server-side of Web application
ReactJS, AngularJS, VueJS : built from Javascript, for client-side of Web application
Android Studio itself contains a framework to develop Android application
XCode itself contains a framework to develop iOS application
Laravel : built from PHP, for Web application
Django : built from Python, for Web application
Database
Database to store data. Depend on your purpose , it can be the most advanced storing technology or just simple files.
Below is some popular database technologies to learn about database for Web application:
SQL : Typical relational database. – Relational database means it requires data to be stored in a structural way, with clear relationships between them. SQL offers a strong transactional query (that we will learn later) that ensure consistency of data. – SQL is a good candidate for applications that dignify the data consistency over other features ( like banking system, accounting system for example ).
MongoDB : Typical Non-relational database (NoSQL), easy to scale but requires extra setup effort. – MongoDB can be a great choice if you need scalability and caching for real-time analytics; however, it is not built for transactional data. – MongoDB is frequently used for mobile apps, content management, real-time analytics, and applications involving the Internet of Things. If you have a situation where you have no clear schema definition, MongoDB can be a good choice.
PostgreSQL : like SQL but more advanced with additional features.
Couchbase : NoSQL type, with Sync Gateway allowing to synchronize data between server and client side seamlessly. If you need an application with realtime data update, Couchbase can be a good choice
Cassandra : NoSQL type, support scaling out-of-the-box. If you need a database that is easy to setup and maintain regardless of how much your database grows, Cassandra can be a good option. If you work in an industry where you need rapid growth of your database, Cassandra offers easier rapid growth than MongoDB.
…
Databases for Web application are usually hosted in dedicated server for best performance to serve from hundreds to millions requests per minute
Different from Web application databases, Client side applications like Desktop application or Mobile application require more lightweight solutions to store data locally. Data that client side applications store usually are application settings, user preferences, static data, cache data from remote database (if it has a server side), etc
SQLite : SQL type
Realm : NoSQL type and faster than SQLite in common operations
Couchbase Lite : a counter part with Couchbase database in server side, with builtin sync features
…
Thanks to community , each language today has it own libraries to interact with databases. Unlike language, you should know more than 1 type of databases, at least 1 in SQL type and 1 in NoSQL type to feel different ways to solve a problem.
Package management tool
Building an application means solving a lot of problems. Thanks to community, the world of open source, most of problems are solved and packaged out there. When you build an application, you always need a few or a lot of them.
To manage the structure of the project and to bring more autonomous to application building process, each language usually has its own package manager tool(s) to :
Install/Update/Uninstall packages
Create a building cycle of the application for continuous development and integration
Manage project structure in consistent way but easy to expand too
Below is some Package management tools for each language :
For Java application : Maven
For Android application : Gradle
For Javascript application : NPM
For HTML & CSS : Bower
For PHP application : Composer
For Python application : pip
For C# : NuGet
Deploy/Release process
This is the critical phase of building an application. It is bring what you build to the real world, where people can access it, and use it. It depends on kind of application that we use term deploy or release. If you are building the server-side application, we use term deploy, because you are going to send your application to a server, to execute. And if you are building the client-side application , like Desktop app or Mobile app, we use term release.
Android & iOS applications have its own release processes that you can find in official documents of them. IDEs usually support application release process . Then you have to learn the process to uploading your applications to Play Store (for Android) and Apple store (for iOS)
Desktop application is easiest, the version you build while developing can be used as release version already. Your next work is to introduce it to your customer
Deployment process is more complicated. Because the server is mostly run on Linux OS nowaday, it is very recommended to learn how to operate a Linux OS, at least know how to connect to a remoteLinux server via SSH & execute command lines when a tutorial asks you to do. More detail about Linux will be in another dedicated post. It depends on the language or the technology you choose that has a different deploy process. We will mention in another posts case by case.
Test your application
Last but not least, testing your application before delivering to the real world is an important phase that make sure you don’t disappointed people or lost customers.
The most basic technique of testing is manual test. Yes, you try your application in every cases and every ways can have to make sure it does not crash.
The more advanced technique is automation test, where you write code to simulate every use cases with your applications. This way is more professional, and more efficient, but also more skill to be required.
In automation test, there is a few sub kinds too. I name here only kinds I mostly use :
Unit test : is to test the correctness of functions or a set of functions.
Integration test : is to test the correctness in functioning of a group of components of your applications. In integration test, you have to simulate every actions in UI to interact with the application
To learn about automation test, below is some libraries for doing test in languages :
JUnit : Unit test library to test Java program
Chai & Mocha : Unit test library to test Javascript program
PHPUnit : Unit test to test PHP program
unittest : Unit test library to test Python program
Selenium : great tool to do integration test for Web application. It is a browser basically but controlled by developers
AutoIt, Appnium : great too to do integration test for Desktop application
Espresso : included in Android Studio, to do integration test for Android application
XCUITests : included in XCode, to fo integration test for iOS application
Wrap it up
You may concern that why iOT application is rarely mentioned in above lists. It is because iOT application includes many applications in many devices. Depends on what kind of device, you may choose yourself any tool above to develop. For example, You may have a phone to control electric circuit in your house, so you have to develop an Android application and a Java application on the device controlling the circuit, a Rasperri Pi for example.
To wrap it up, I note down below some popular skill sets currently for you upcoming hero to choose:
Web application in Java : Linux, Java, Servlet, Maven, JUnit, Selenium, ReactJS, HTML, CSS, PostgreSQL
Web application in Javascript : Linux, NodeJS, ExpressJS, NPM, Mocha, Chai, HTML, CSS, ReactJS, Selenium, MongoDB / Couchbase
Web application in PHP : Linux, PHP, Laravel, HTML, CSS, Javascript, PHPUnit, Selenium, SQL / PostgreSQL
Android application : Kotlin, Gradle, Expresso, Realm / Couchbase Lite
iOS application : Swift, XCUITest, Realm / Couchbase Lite
…
To proficient in any skillset is time consuming, it can take you years but don’t worry, most of companies don’t require you to master all of this before applying for a job unless you are applying for Senior position. Most of times, people master their skill via their job. So keep learning and learn in the right track
The Tech Lead 