Software application development
This blog is intended to provoke discussion and exchange between like minded software application developers, engineers, architects, project managers - and keen hobbyists too.
Thursday 30 October 2008, 7:20 PM
Mobile banking: ease-of-use is more important than trust, really?
I attended a meeting this week with a company called Vasco that works with authentication software. The upshot of this encounter was that I ended up debating the single most important factor governing the adoption of mobile banking services. While I contended that it is ‘trust’ in the security of the service, Vasco says that they think ease-of-use is more important.
Let me explain, the company’s proposition was that if I am using a mobile banking service then there is an implicit level of trust that I must have in my bank in the first place - and that the functionality and usability of the application will be the deciding factor in terms of whether I use it or not.
That’s great, they have some cool authentication tools that produce one-time passwords and they do have a lot of customers. The problem is that I am already sceptical about the robustness of my own bank’s online service and its ability to keep my money safe. God knows they manage to spell my name wrong enough of the time; there are errors and loopholes in their systems for sure.
Even if Vasco’s authentication systems work well which I’m sure they do, how about the fact that ease-of-use isn’t just about how easy their technology is to use; it’s also about the total experience and mobile screens from funky smartphones to BlackBerry’s to PDAs to iPhones just aren’t suited (IMHO) to this kind of application navigation.
Now, this rant has some direction – if Vasco says the biggest market today for this kind of service is South America (seems weird huh?) and the biggest market in terms of potential is India… then don’t these both fall into the developing so-called BRIC countries where low incomes dictate that the old fashioned small screen phone is surely more common than the iPhone. Checking your bank statement on one of those? Are you kidding?
Anyway onto an interesting quote… Vasco says that, “In 2008 on a typical day online there are 26 million Americans performing banking online.”
… and that further, according to Javelin Strategy and Research “In 2008, 27 million US adults will participate in mobile banking.” (that’s all year) … but in 2009, “That number will grow to 47 million.”
The driver behind this growth, so protagonists such as Vasco would have us believe, are technologies in the realm of their authentication techniques that are based around time and event-based response. After being easy to use and secure, mobile banking apps also need to make money for the bank – but presumably that comes directly as a result of ease-of-use.
Vasco’s Digipass for Mobile provides two authentication applications, first of all a response only authentication code and a second application that can either be a challenge/response authentication code or e-signature.
Ultimately, I think that scepticism aside, mobile banking will of course become as much of a reality as ATMs or secure online payments. I still think it may be more of a wider trust factor that governs the way we start to use these technologies though. As much as I might worry about desk based online banking, I console myself with the fact that surely my bank is insured for attacks upon its accounts.
Maybe I’m just a worrier – or maybe I’m just kidding myself.
Let me explain, the company’s proposition was that if I am using a mobile banking service then there is an implicit level of trust that I must have in my bank in the first place - and that the functionality and usability of the application will be the deciding factor in terms of whether I use it or not.
That’s great, they have some cool authentication tools that produce one-time passwords and they do have a lot of customers. The problem is that I am already sceptical about the robustness of my own bank’s online service and its ability to keep my money safe. God knows they manage to spell my name wrong enough of the time; there are errors and loopholes in their systems for sure.
Even if Vasco’s authentication systems work well which I’m sure they do, how about the fact that ease-of-use isn’t just about how easy their technology is to use; it’s also about the total experience and mobile screens from funky smartphones to BlackBerry’s to PDAs to iPhones just aren’t suited (IMHO) to this kind of application navigation.
Now, this rant has some direction – if Vasco says the biggest market today for this kind of service is South America (seems weird huh?) and the biggest market in terms of potential is India… then don’t these both fall into the developing so-called BRIC countries where low incomes dictate that the old fashioned small screen phone is surely more common than the iPhone. Checking your bank statement on one of those? Are you kidding?
Anyway onto an interesting quote… Vasco says that, “In 2008 on a typical day online there are 26 million Americans performing banking online.”
… and that further, according to Javelin Strategy and Research “In 2008, 27 million US adults will participate in mobile banking.” (that’s all year) … but in 2009, “That number will grow to 47 million.”
The driver behind this growth, so protagonists such as Vasco would have us believe, are technologies in the realm of their authentication techniques that are based around time and event-based response. After being easy to use and secure, mobile banking apps also need to make money for the bank – but presumably that comes directly as a result of ease-of-use.
Vasco’s Digipass for Mobile provides two authentication applications, first of all a response only authentication code and a second application that can either be a challenge/response authentication code or e-signature.
Ultimately, I think that scepticism aside, mobile banking will of course become as much of a reality as ATMs or secure online payments. I still think it may be more of a wider trust factor that governs the way we start to use these technologies though. As much as I might worry about desk based online banking, I console myself with the fact that surely my bank is insured for attacks upon its accounts.
Maybe I’m just a worrier – or maybe I’m just kidding myself.
Wednesday 29 October 2008, 8:10 AM
Inconsistency in the air over UK software patent examinations
The hallowed halls of the European Patent Office (EPO) have been reverberating with disquiet this month and it’s all as a result of the software industry in the form of the long-running Symbian case.
At the end of last week, the EPO announced that its president, Ms Alison Brimelow, has referred a number of questions regarding the patentability of programs for computers to the EPO’s Enlarged Board of Appeal (EboA).
As you may know, the English Court of Appeal’s decision on the scope of what type of software-related inventions were patentable in the UK upheld an earlier High Court decision overturning the UK Intellectual Property Office's (IPO's) refusal to grant Symbian a patent for its 'novel and inventive computer operating system'.
Although this case has been around for some time now, the reason that it’s still making headlines is due to the inconsistencies in way patent applications are being examined across Europe (especially in the UK) and the uncertainty that arises as a result of this.
In an increasingly competitive programming landscape with so many reusable components and tools, software engineers are faced with a tougher challenge than ever when trying to create and code for "the next big thing", while at the same time avoiding their very own high court litigation suit.
Although all software code is automatically protected by copyright, in the same way as news articles or books - a truly new piece of software needs to not only provide a new user proposition, but also meet the requirements needed to pass as new or 'unique enough' to warrant patentability.
What we’re saying here is that you have to apply to get a patent over and above your copyright, as they are not the same thing. The issue at hand is that software on its own is not normally granted a patent (at least not in Europe, but it often is in the USA).
Legal cases in the past have hinged around software applications whose code may be new and original, but which in practice exhibit the form and function of another application so closely that a patent already in existence is deemed to have been infringed.
Even when programmers argue that they have provided a new route and means to achieving what may be a similar end result and user experience to that produced elsewhere, they have still lost their cases. Although they may argue that a chef who publishes a recipe for an omelette does not then own the patent for omelettes – so that therefore there is more than one way to produce the same end product – they very often fail to convince the courts.
The best advice in this situation, especially if you have the next super killer app up your sleeve, is to get yourself as well informed as possible.
According to the Chartered Institute of Patent Attorneys (CIPA), the situation now is that applications to patent software will be examined by the UK-IPO and the courts in the UK on the same basis as they are at the European Patent Office (EPO).
"The clear and authoritative guidance from the Court of Appeal will end a difficult period of uncertainty and confusion for UK inventors," said Dr John Collins, at the time of the Court of Appeal's announcement, adding, "The decision is particularly beneficial for SMEs, who can now pursue computer-related inventions at the UK-IPO rather than at the more expensive EPO."
The Court of Appeal refused permission to take the case to the House of Lords.
Last Friday's EPO announcement on this subject has reintroduced uncertainty for applications to patent software-related inventions and is likely to add to the delays applicants experience after they have submitted patent applications to the EPO.
At the end of last week, the EPO announced that its president, Ms Alison Brimelow, has referred a number of questions regarding the patentability of programs for computers to the EPO’s Enlarged Board of Appeal (EboA).
As you may know, the English Court of Appeal’s decision on the scope of what type of software-related inventions were patentable in the UK upheld an earlier High Court decision overturning the UK Intellectual Property Office's (IPO's) refusal to grant Symbian a patent for its 'novel and inventive computer operating system'.
Although this case has been around for some time now, the reason that it’s still making headlines is due to the inconsistencies in way patent applications are being examined across Europe (especially in the UK) and the uncertainty that arises as a result of this.
In an increasingly competitive programming landscape with so many reusable components and tools, software engineers are faced with a tougher challenge than ever when trying to create and code for "the next big thing", while at the same time avoiding their very own high court litigation suit.
Although all software code is automatically protected by copyright, in the same way as news articles or books - a truly new piece of software needs to not only provide a new user proposition, but also meet the requirements needed to pass as new or 'unique enough' to warrant patentability.
What we’re saying here is that you have to apply to get a patent over and above your copyright, as they are not the same thing. The issue at hand is that software on its own is not normally granted a patent (at least not in Europe, but it often is in the USA).
Legal cases in the past have hinged around software applications whose code may be new and original, but which in practice exhibit the form and function of another application so closely that a patent already in existence is deemed to have been infringed.
Even when programmers argue that they have provided a new route and means to achieving what may be a similar end result and user experience to that produced elsewhere, they have still lost their cases. Although they may argue that a chef who publishes a recipe for an omelette does not then own the patent for omelettes – so that therefore there is more than one way to produce the same end product – they very often fail to convince the courts.
The best advice in this situation, especially if you have the next super killer app up your sleeve, is to get yourself as well informed as possible.
According to the Chartered Institute of Patent Attorneys (CIPA), the situation now is that applications to patent software will be examined by the UK-IPO and the courts in the UK on the same basis as they are at the European Patent Office (EPO).
"The clear and authoritative guidance from the Court of Appeal will end a difficult period of uncertainty and confusion for UK inventors," said Dr John Collins, at the time of the Court of Appeal's announcement, adding, "The decision is particularly beneficial for SMEs, who can now pursue computer-related inventions at the UK-IPO rather than at the more expensive EPO."
The Court of Appeal refused permission to take the case to the House of Lords.
Last Friday's EPO announcement on this subject has reintroduced uncertainty for applications to patent software-related inventions and is likely to add to the delays applicants experience after they have submitted patent applications to the EPO.
Monday 27 October 2008, 8:37 AM
Vendors snuggle up for Microsoft PDC
Just a short train ride from Hollywood, the great and good of the software development industry are buddying up with Microsoft this week to celebrate PDC (Professional Developers Conference) 2008.
I attended the 2005 event and it was a good gig for sure. Aside from getting loosened up with the “Developer & Tools” gang over hotdogs and MGDs, the highlight was a very funny keynote video featuring Bill Gates and Napoleon Dynamite, oops sorry… there was lots of good tech-talk too.
Anyway, this year I’m watching the news from rather nearer to Cricklewood than Hollywood. The only clear advantage I think I can boast is a lack of jet lag and an early sniff of show news from Compuware, who has used the event to punt out its DevPartner Studio 9.0 code-quality product that purports to be of use when looking at security vulnerabilities, defects and performance problems.
Microsoft is clearly pleased to see its so-called partners save up their pennies to roll out technologies that “support” its own Visual Studio 2008 offering with additional testing functionality. Presumably Parasoft will be making similar noises this coming week for the SOA space, or perhaps not.
Judging by the PDC event web site on pre-show day, parallelism seems to be a popular theme. There also appears to be a whole stream dedicated to robots – this could be down to influence from the UK as British Microsoft evangelist Paul Foster is a keen robot developer and I’ve worked on various features with him on this subject in the past. Cloud computing and virtualisation will no doubt be favourites for this coming week too of course.
I digress, Compuware’s proposition is (I would like argue quite sensibly) based upon the fact that code quality is of particular importance right now as web applications become richer (in the form of RIAs) and more prevalent in day to day usage – and that without a consciencious approach to code quality, the possibility of security attacks on those apps can only increase.
The company says that, “DevPartner Studio 9.0 scans Microsoft ASP.NET application source code to find security problems before they become deeply embedded in the code base. By scanning application source code at compile time, DevPartner Studio can pinpoint unsafe coding practices to the exact method and line of code.”
Oh – and apparently they’ve catered for 32-bit application development on Windows x64 platforms as well as a number of new .NET technologies and legacy environments too.
Knowing the expected work load from my attendance at the last event, I have managed to find one extra benefit of looking at all this news from the UK. Will the Brit press corps be sat by the pool on the Sunday so that they can gently work off their jet lag? Oh no, Microsoft takes the pre-show (or day zero) programme pretty darn seriously and there won’t a moment’s rest if the PR gang have anything to do with it. Enjoy gentlemen ☺
STOP PRESS: according to Twitter Tweets from Tim Anderson late last night: this is the first PDC not to have sold out! Thanks for the news Tim. Apparently there’s still 6500 attendees there though.
I attended the 2005 event and it was a good gig for sure. Aside from getting loosened up with the “Developer & Tools” gang over hotdogs and MGDs, the highlight was a very funny keynote video featuring Bill Gates and Napoleon Dynamite, oops sorry… there was lots of good tech-talk too.
Anyway, this year I’m watching the news from rather nearer to Cricklewood than Hollywood. The only clear advantage I think I can boast is a lack of jet lag and an early sniff of show news from Compuware, who has used the event to punt out its DevPartner Studio 9.0 code-quality product that purports to be of use when looking at security vulnerabilities, defects and performance problems.
Microsoft is clearly pleased to see its so-called partners save up their pennies to roll out technologies that “support” its own Visual Studio 2008 offering with additional testing functionality. Presumably Parasoft will be making similar noises this coming week for the SOA space, or perhaps not.
Judging by the PDC event web site on pre-show day, parallelism seems to be a popular theme. There also appears to be a whole stream dedicated to robots – this could be down to influence from the UK as British Microsoft evangelist Paul Foster is a keen robot developer and I’ve worked on various features with him on this subject in the past. Cloud computing and virtualisation will no doubt be favourites for this coming week too of course.
I digress, Compuware’s proposition is (I would like argue quite sensibly) based upon the fact that code quality is of particular importance right now as web applications become richer (in the form of RIAs) and more prevalent in day to day usage – and that without a consciencious approach to code quality, the possibility of security attacks on those apps can only increase.
The company says that, “DevPartner Studio 9.0 scans Microsoft ASP.NET application source code to find security problems before they become deeply embedded in the code base. By scanning application source code at compile time, DevPartner Studio can pinpoint unsafe coding practices to the exact method and line of code.”
Oh – and apparently they’ve catered for 32-bit application development on Windows x64 platforms as well as a number of new .NET technologies and legacy environments too.
Knowing the expected work load from my attendance at the last event, I have managed to find one extra benefit of looking at all this news from the UK. Will the Brit press corps be sat by the pool on the Sunday so that they can gently work off their jet lag? Oh no, Microsoft takes the pre-show (or day zero) programme pretty darn seriously and there won’t a moment’s rest if the PR gang have anything to do with it. Enjoy gentlemen ☺
STOP PRESS: according to Twitter Tweets from Tim Anderson late last night: this is the first PDC not to have sold out! Thanks for the news Tim. Apparently there’s still 6500 attendees there though.
Friday 24 October 2008, 8:11 AM
Software development from classical, jazz and karaoke to heavy metal
Software application development comes in many flavours, or as we often like to call them ‘methodologies’. There are different styles to suit different people for different reasons – and that’s a lot like music isn’t it?
It’s perhaps no surprise that I saw this idea take shape at the oh-so-cross-platform Qt Developer Days conference that I was at last week. Once again bowing deference to the man who postulated this idea, Forrester analyst Mike Gualtieri, I thought this was a really cool analogy to draw. Let me explain and expand upon the idea…
CLASSICAL: In the world of music this is where we see structure and design being carried out by professional composers and execution (or playing) being undertaken by virtuosos. In software application development, this is an environment such as structured or procedural programming with top down design.
JAZZ: In music, once again this is professionally composed content that adheres to laid down principles for what works and what does not. But, it is open to freeform contribution from a community of others. Open source anyone?
MOBY: Well, not just Moby, but mashups… now surely I don’t need to explain this one at all right?
KARAOKE: Could this be hobbyist programmers playing around with professional tools to get used to the look and feel of how things work?
THRASH METAL: Extreme programming perhaps?
ELECTROPOP: Autonomic self healing computer systems come to mind, both CA and IBM talk volubly on this issue and there are some nice parallels with the human body’s own autonomic nervous system.
HEAVY METAL HAIR BANDS: Simply put, according to Gualtieri, this was the dot com era. Everybody was doing stuff, nobody was too sure what was going on, but we had a lot of fun (and he really did play Mötley Crue).
GUITAR HERO: There’s a serious point to be made here, this is once again a reference to my blog earlier this week on user-created applications. Putting dumbed down professional power in the hands of average users is never a good thing whether it’s in software application development or heavy metal heaven.
Gualtieri took us through this idea pretty early on the morning and Mötley Crue served up at volume 11 in any technical keynote is bound to wake you up. We need more of this kind of presentation style!
It’s perhaps no surprise that I saw this idea take shape at the oh-so-cross-platform Qt Developer Days conference that I was at last week. Once again bowing deference to the man who postulated this idea, Forrester analyst Mike Gualtieri, I thought this was a really cool analogy to draw. Let me explain and expand upon the idea…
CLASSICAL: In the world of music this is where we see structure and design being carried out by professional composers and execution (or playing) being undertaken by virtuosos. In software application development, this is an environment such as structured or procedural programming with top down design.
JAZZ: In music, once again this is professionally composed content that adheres to laid down principles for what works and what does not. But, it is open to freeform contribution from a community of others. Open source anyone?
MOBY: Well, not just Moby, but mashups… now surely I don’t need to explain this one at all right?
KARAOKE: Could this be hobbyist programmers playing around with professional tools to get used to the look and feel of how things work?
THRASH METAL: Extreme programming perhaps?
ELECTROPOP: Autonomic self healing computer systems come to mind, both CA and IBM talk volubly on this issue and there are some nice parallels with the human body’s own autonomic nervous system.
HEAVY METAL HAIR BANDS: Simply put, according to Gualtieri, this was the dot com era. Everybody was doing stuff, nobody was too sure what was going on, but we had a lot of fun (and he really did play Mötley Crue).
GUITAR HERO: There’s a serious point to be made here, this is once again a reference to my blog earlier this week on user-created applications. Putting dumbed down professional power in the hands of average users is never a good thing whether it’s in software application development or heavy metal heaven.
Gualtieri took us through this idea pretty early on the morning and Mötley Crue served up at volume 11 in any technical keynote is bound to wake you up. We need more of this kind of presentation style!
Thursday 23 October 2008, 8:24 AM
Games development: a tester’s perspective
For the last few months I’ve been involved with a company that produces games for the Mac platform as one of their ‘testers’. It’s an unpaid role of course, but I have been able to witness the growth and development of the application throughout its various builds.
The company is Feral Interactive and the strength of the process behind their testing programme is exhaustive. Each of us were required to log any glitches we found, however small, into an online bug tracker noting our machine model name, operating system, RAM and graphics card etc.
'
Approved image use: courtesy of Feral Interactive
As the various game builds took shape we could see refinements being made and witness the interaction between other testers as they commented on various aspects of the game, some of which were even new feature requests.
Quite apart from the fact that its great to see high quality games being produced for the Mac; I have written in the past about Software Change Management in the games industry and the need for automation to control the huge binaries involved – so clearly there is a need for automation at many levels of the games development project.
Although this is pretty common sense kind of stuff, the guidelines for what make a good bug report make interesting reading. The company says that bugs need to be both ‘repeatable’ and ‘specific’ – that way the software engineers can pinpoint it and fix it.
Here’s some more from the testers’ guidelines briefing:
“Avoid cuteness if it costs clarity. Nobody will be laughing at your funny bug title at 3:00 AM when they can't remember how to find your bug.”
“One bug per report please. Completely different people typically fix, verify, and prioritise different bugs. If you mix a handful of bugs into a single report, the right people probably won't discover your bugs in a timely fashion, if at all. Certain bugs are also more important than others. It's impossible to prioritise a bug report when it contains four different issues, all of differing importance.”
“No bug is too trivial to report. Unless you're reading the source code, you can't see actual software bugs, like a dangling pointer -- you'll see their visible manifestations, such as the segfault when the application finally crashes. Severe software problems can manifest themselves in superficially trivial ways. File them anyway.”
All of the above is not to suggest that the game had a lot of bugs of course – but those elements that may have been out of line were not overlooked. We’re contractually bound from being able to mention the subject matter or name of the games we test, so all I can say is that it’s not Space Invaders.
The company is Feral Interactive and the strength of the process behind their testing programme is exhaustive. Each of us were required to log any glitches we found, however small, into an online bug tracker noting our machine model name, operating system, RAM and graphics card etc.
'Approved image use: courtesy of Feral Interactive
As the various game builds took shape we could see refinements being made and witness the interaction between other testers as they commented on various aspects of the game, some of which were even new feature requests.
Quite apart from the fact that its great to see high quality games being produced for the Mac; I have written in the past about Software Change Management in the games industry and the need for automation to control the huge binaries involved – so clearly there is a need for automation at many levels of the games development project.
Although this is pretty common sense kind of stuff, the guidelines for what make a good bug report make interesting reading. The company says that bugs need to be both ‘repeatable’ and ‘specific’ – that way the software engineers can pinpoint it and fix it.
Here’s some more from the testers’ guidelines briefing:
“Avoid cuteness if it costs clarity. Nobody will be laughing at your funny bug title at 3:00 AM when they can't remember how to find your bug.”
“One bug per report please. Completely different people typically fix, verify, and prioritise different bugs. If you mix a handful of bugs into a single report, the right people probably won't discover your bugs in a timely fashion, if at all. Certain bugs are also more important than others. It's impossible to prioritise a bug report when it contains four different issues, all of differing importance.”
“No bug is too trivial to report. Unless you're reading the source code, you can't see actual software bugs, like a dangling pointer -- you'll see their visible manifestations, such as the segfault when the application finally crashes. Severe software problems can manifest themselves in superficially trivial ways. File them anyway.”
All of the above is not to suggest that the game had a lot of bugs of course – but those elements that may have been out of line were not overlooked. We’re contractually bound from being able to mention the subject matter or name of the games we test, so all I can say is that it’s not Space Invaders.
Previous
