April 2012 Archives

Beautiful mobile applications, beautiful user experiences Part 3

bridgwatera | No Comments
| More

In part three of this guest blog for the Computer Weekly Developer Network, Sybase technical evangelist and mobile evangelist Ian Thain discusses the new mobile application landscape characterised by new and more beautiful user interfaces. Parts one and two can be found here.

There are a few mobile design guidelines that should never be far from your thoughts.

To take a few as examples :-

  • The initial screen should be kept as clear as possible to act as a launch point, because first impressions count.
  • Keep the main/primary controls in the thumb 'hot zones' at the edge of the screen and keep the most important content at the top, with controls at the bottom.ITSmallPR.jpg
  • Be generous with the space on the screen, do not crowd and avoid scrolling where you can.
  • Stick to proven navigation models, which can be used in combination, use flat pages for simple applications, and if possible make use of a tab bar that switches between the app's main functions, and/or a tree structure for drilling down through a hierarchy of content.

Oh -- and utilise the power of standard visuals and consistent functionality, but also borrow interface metaphors from real world examples when you can, including cool graphics to add to the look and feel.

For enterprise mobile applications, you'll need to ensure compliance with the standard corporate branding and identity guidelines in your visual design, which also helps to build a consistent look and feel for the brand; a brand that will have cost a lot of money to develop!

NOTE: This will include standardised naming, icons, graphics, colour, logo and design schemes.

Finally, don't forget to test, review and refine in line with the common iterative development processes. With mobile applications this can be even more important as you get one chance to make a real impression on an app store before you risk sinking out of sight as your novelty expires.

Test it yourself, let your users test it and widen the test group as far as you can before launch to catch any issues which can sink your user satisfaction numbers. Is it intuitive to use, do you need special lighting conditions to see your navigation clearly, do users enjoy using the application?

The ABC Factor

Ultimately great mobile application design goes way beyond the technology, and involves a plethora of hidden factors which can make all the difference in building a hit product. At the end of the day your goal is to build something which incorporates the ABC factor - it's an application that's Amazing, Beautiful and Compelling.

Editorial disclosure: Adrian Bridgwater works in an editorial capacity for the International Sybase User Group, a completely independent association that represents thousands of users of Sybase products in more than sixty countries around the world. He is not an employee of Sybase but seeks to work with ISUG to support its work challenging and questioning Sybase product development and training.

IBM at InfoSec: security megatrends for application development

bridgwatera | No Comments
| More

IBM the PC company that became IBM the laptop company, that then became IBM the IT services company and then transmogrified into IBM the cloud-focused socially collaborative tools company is (unsurprisingly perhaps) one more version of itself too...

Welcome to IBM the security company!

Well, in fairness, Big Blue has acquired 12 security specific businesses over the last few years.

Plus, when the firm acquired Massachusetts-based provider of security intelligence software Q1 Labs in Jan 2012, it made former Q1 CEO Brendan Hannigan head of the newly-formed IBM Security Systems division.

At the time of its most significant purchase in the security zone IBM said that the new division will target a £60 billion opportunity in security software services, which has a nearly 12 percent compound annual growth rate, according to IBM estimates.

With this week's InfoSec show being held in London's 'glittering' Earl's Court, the Computer Weekly Developer Network spoke to Martin Borrett, director of the IBM Institute for Advanced Security (Europe) and Marc van Zandeloff, VP of strategy and product management for IBM Security Systems.

Borrett and Zandeloff detailed what they call out as the four security megatrends this sector divides up into:

1. cloud-based risks
2. mobile related risks (including Bring Your Own Device)
3. advanced persistent threats
4. security intelligence via deep analytics

IBM's technology works to analyse data flows looking for anomalies to detect advanced persistent threats and will utilise "enriched IP reputation information" as it aims to flag suspicious behavior across various network activities.

Infosec Reg.jpg

To address the current slew of risks and vulnerabilities IBM is this week announcing the QRadar Network Anomaly Detection appliance that analyses complex network activity in real-time, detecting and reporting activity that falls outside normal baseline behaviour.

The analytics can look not only at inbound attacks, but also can detect outbound network abnormalities, where malware may have already infected a "zombie" system to send data outside the organization.

"Advanced attackers are both patient and clever, leaving just a whisper of their presence, and evading many network protection and detection approaches," said Zadelhoff. "Most organisations don't even know they have been infected by malware. An advantage of IBM analytics is that it can detect the harbingers of new attacks from the outside or reveal covert malicious activity from the inside."

Using advanced behavioral algorithms, the QRadar Network Anomaly Detection appliance analyses disparate data that can collectively indicate an attack - network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity.

It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.

Above all, IBM advocates a "secure by design" approach so that software application development projects are architected around a security consideration that spans (at least) the four "megatrends" highlighted here throughout the entire development lifecycle.

What's next? IBM the reality TV company?

Software development in the global interconnected sandbox

bridgwatera | No Comments
| More

Perforce has upped its software version management system with a new release featuring additional capabilities for "advanced distributed version control" to keep developers productive even when they are disconnected from the firm's shared versioning service.

New replication technology is also said to improve system performance and scalability for remote teams.

These are the buzzwords then for globally distributed mobile on-the-go software application development teams:

  • organisation for control,
  • traceability,
  • accountability
  • and security.

With Perforce Sandbox (P4Sandbox), developers can work on private copies of their projects while staying informed of project status on the shared versioning service.

P4Sandbox uses a local repository to create a remote branch from the shared Perforce versioning service. Users can work with their local repository and access all of Perforce's versioning features, even if the connection to the shared service is slow or non-existent.

Developers only need to be connected to the shared versioning service when they are exchanging data.

Randy DeFauw, technical marketing manager at Perforce, said, "We've learned that developers want the option to work offline or use a more flexible workflow, but the enterprise still demands the security and reliability of a shared service. P4Sandbox gives developers the freedom to experiment while the entire codebase remains securely managed in the shared versioning service."

What can software application developers expect from InfoSec?

bridgwatera | No Comments
| More

The InfoSecurity Show 2012 is on next week at London's glittering Earl's Court.

The collective PR machine driving vendors' appearances at the show has been just a little wearisome, with very few clients taking the trouble (so far) to drill down into the real "what it means to you" element for practitioners at the coal face of the either the data centre or the front line of the application development lifecycle.

I thought "feature-benefit" explanations were the linchpin to sales success right?

It appears not.

For now we're mostly just getting "feature-feature-feature", oh well.

Here's my rationale...

While security vendors are keen to lay out their wares and slap around terms like "robust end-to-end protection", there is a deeper and quite crucially important story to be told that asks the following questions:

• At what stage should software application development projects identify and classify their security/encryption/protection quotient and set out a concrete IT asset management "place at the table" for this element?

• As security is "architected in" to a software development project, how does the responsibility for its ownership transition from software architect to developer to IT asset manager and onwards?

• How can open source community contribution model engagement help aggregate malware risk awareness and how can that be engineered into software products in production and postproduction?

• How should software developers be "tutored" into security awareness at all levels? For example, if developer A is a user experience GUI specialist and developer B is a graphics rendering guru, then neither probably stop and think about security too much -- but as all data represents risk and all risk is the concern of security, how should the "security mandate" be proliferated throughout all stakeholders in the software application development lifecycle?

But heck -- it's only Friday and next week is next week away. I can see companyies listed such as Alien Vault who work directly with developers and are open source in methodology terms at heart.

InfoSec 0.png

According to show previews, Barmak Meftah, CEO of AlienVault, the unified open source SIEM company and Richard Kirk, VP for Europe, have flown into the UK to talk about how they are collaborating with the IT security community through open source to find the source code for malware and emerging threats. AlienVault's new Open Threat Exchange will give back solutions and inside information to the open source community for free, and for others they publish their research and sell products that detect and amend vulnerabilities.

OMG! Someone is listening!

Other show preview info details Cryptzone's Director's Portal, a new feature that has been "requested by the developer community" no less. More details to come, if the story holds water.

Imperva also looks interesting. The company says it will reveal what the "cool automated tools" that the likes of LulzSec and Anonymous are using. The firm has a new 'Hacker Intelligence Initiative', which reports on the latest and most popular automated hacking tools.

OMG again I think. OK, well I will aim to drill down into as command-line centric a story as I can when I get to the show. Failing that, I will collect as many T-shirts and branded packets of Gummy Bears as possible.

InfoSec 2.jpg

HTML 5 Offline Apps: "Doughnut Hole" Caching

bridgwatera | No Comments
| More

Craig Shoemaker is a software developer, podcaster, blogger and product guidance manager for user interface controls and components company Infragistics - he is also host of the Polymorphic Podcast.

In this guest blog for the Computer Weekly Developer Network he covers HTML offline applications that allow users to work independently of an Internet connection using technologies native to the web browser.


Pages included in an offline application (by being listed in the application manifest) are served from the application cache whether or not a connection to the Internet is present.

In the event that a user is viewing a page in an offline application with an available Internet connection, you may want to display some data from the server without requiring the user to change pages.

Doughnut holes

Microsoft's Scott Guthrie introduced the concept of "doughnut hole" caching in ASP.NET where a cached page may include small windows of content that are updated independently of the cached page. An HTML 5 doughnut hole cached page would have an offline page that makes an Ajax call when connected to the web in order to display live data to the user. When offline, the page simply renders default data native to the page.

There are a number of different practical applications for implementing an offline application. While most developers first think toward the mobile context when considering the user of an offline application, there are some ways any website may enjoy the benefit of working independently of connectivity status.

NOTE: A website's Home and Contact Us pages are excellent candidates for offline availability so users can visit your website and at least get some basic contact information about the organisation even when disconnected from the web.

Consider a Contact Us page which displays a notification of upcoming event information to the user. When working connected to the web, live event listings are displayed. While working offline, a telephone number prompting the user to call for event information is rendered. This approach keeps site visitors informed and connected with or without access to the public web.

Figure 1 depicts how the page is rendered while offline and Figure 2 shows how the page looks when served from the application cache, but the computer is connected to the web.

Infra 1.png

Figure 1: Offline application showing native event information while working offline.

Infra 2.png

Figure 2: Offline application showing event info from the server while working connected to the internet.

Even though pages loaded into the application cache are served from the cache regardless of whether or not the computer is connected to the Internet, you can implement your pages to take advantage of online resources when available.

"Doughnut hole caching" is possible by making an Ajax call to the server when a connection is available and then rendering the results to the user. If the page is working in a disconnected state, then the page quietly renders data already available on the page - it's the best of both worlds!

Amazon creates 'highly-tuned' search function for cloud apps

bridgwatera | No Comments
| More

Amazon Web Services has introduced CloudSearch, a new service intended to give software application developers the option to build search functionality into their cloud-based applications.

With cloud in its 'still-nascent' state, many customers might arguably "assume" that search functionality is an implicit component of application data that sits on virtualised hosted cloud environments.

Amazon explains that this is not the case and that prior to its release of CloudSearch, building robust search capability required dedicated engineering teams who would spend weeks, or even months, provisioning, configuring and deploying costly search infrastructure and software

The company points out that it might know a thing or two about hosting, cataloging and searching data stores at scale as a result of its book trade pedigree -- and Amazon CloudSearch leverages the same A9 technology that powers search for Amazon.com

"Developers simply create a search domain, upload the data they want searchable and Amazon CloudSearch automatically provisions the technology resources required and deploys the highly tuned search indexes needed," said the company, in a press statement.

CloudSearch scales as the amount of searchable data increases or as the query rate changes. Developers can tinker with the mechanics of this tool from the AWS Management Console and change search parameters, fine-tune search relevance and apply new settings without having to upload the data again.


Image: In Amazon CloudSearch, documents are described using the Search Data Format (SDF). The JSON version of the sample Wikipedia document shown above is approximately 1 KB in size.

Migrating SharePoint 2010 On-Premise apps to SharePoint 2010 online

bridgwatera | No Comments
| More

This is the final segment of a four-part guest blog post by Jeremy Thake, enterprise architect and Microsoft SharePoint MVP at Avepoint -- previous blogs are all live linked.

As discussed in the previous article, the promotion of SharePoint solutions from one environment to another can prove complex. To add to this complexity, when organisations decide to move from SharePoint 2010 on-premise to SharePoint 2010 online, any full trust solution packages used in the advanced tier cannot be deployed into the multi-tenant environment.

To migrate these solution packages, they need to be manually converted to a sandbox solution in Visual Studio 2010. This is as simple as changing the property in the Solution property pane, but don't be fooled by building your solution and it compiling. It will only fail once it is deployed and executed at runtime. There is an additional CodePlex project with FXCop rules that will do this at compile time for you, as well.


In some circumstances, developers can get lucky and find that they have only used functionality within the limits of sandboxed solutions. In other cases, where they have used APIs outside of these limits or are consuming too much CPU time, developers will need to start looking at approaches to work around this. I have also worked with customers that have de-scoped functionality to get around the limitations.

There are a few key approaches to handling solutions that require functionality that is blocked when using sandboxed solutions:

• Client side code - Script blocks built within the ASPX pages can call out to external web services, which cannot be done by sandboxed managed code. The SharePoint client object model is a sub set of the server side API, consumed by JavaScript, and allows for very similar actions as what can be done via server side API.

• Azure Service Bus - For functions requiring complex calculations that would reach the limits of the resources measured in the sandboxed solution, organisations are moving these calculations to the Azure Service Bus.

• SQL Azure - In some cases, where on-premise solutions accessed SQL databases inaccessible by SharePoint 2010 online, organizations are also moving their data into the Azure cloud.

• Azure Web Application - In some cases, the user interface (UI) layer and business logic are completely pulled into an Azure application. Often, the data layer is left inside SharePoint lists and libraries. The UI of the application is then added to SharePoint 2010 as an IFRAME.

The other issue with migrations, often with large amounts of data, is the time it takes to actually do the full migration. Sometimes the initial move of all the content into SharePoint 2010 Online does not occur within the outage window available.

Organisations find themselves doing an initial migration of the bulk of the content, but then take a full outage of the production solution to do an incremental migration of the changes from when the bulk was done to present and then switch to SharePoint 2010 online solution. In this instance, third-party products are the only real viable approach.

Beautiful mobile applications, beautiful user experiences Part 2

bridgwatera | No Comments
| More

In part two of this guest blog for the Computer Weekly Developer Network, Sybase technical and mobile evangelist Ian Thain discusses the new mobile application landscape characterised by new and more beautiful user interfaces. Part one can be found here.


If I have one piece of advice to give when you're migrating your application over to mobile -- please talk to your existing users first.

Find out what application features they use most, what they like and don't like about your existing interface and what new features they'd love to have incorporated to make their lives easier.

You may be surprised by the answers you get!

Once you have that invaluable user feedback in hand, it's time to get a formal functional specification down on paper, an Application Definition Statement (ADS).

Application Definition Statement - a definition

The ADS is a concise, concrete declaration of an application's main purpose and who its intended audience is -- to build an ADS you should have little or no preconceived idea as to what the application will eventually become.

• Firstly, list the features that you think the users might like based on your previous research, around a dozen items in the list is a good number.
• Secondly refine who you believe the core users users will be and then cross reference the features list with the user list to ensure best fit.
• Once the one paragraph ADS is complete and agreed, pin it up on the wall and make sure that it is adhered to! It's your roadmap, and it will keep the development team on track.

Keep in mind the four main cornerstones of User eXperience (UX) design - availability, simplicity, efficiency and familiarity. Even though you're starting with a fresh mind-set for the mobile development, it pays to ensure that your users should still get a sense of familiarity from your product, something to ease them into using the new mobile version without jolting them out of their comfort zone. Factors like efficiency and availability will require intelligent use of backend technologies, especially if your app is data heavy in any way.

Ed: Is Thain correct about those cornerstones? If we apply those rules to a car for example, it has to be available (it should start), simple (functional without safety concerns), efficient (goes without saying) and familiar (ergonomically and aesthetically pleasing) -- so that works, but just how far can we carry the analogy: televisions, yes - but pizzas, probably not.

Personally I am a great believer in building as much of the application in an 'occasionally connected - always available' model that allows data to be stored locally on the mobile device and updated bi-directionally back to the backend systems when available, minimising down-time for the application and the user alike.

There is nothing more annoying for a user of a mobile application than not being able to use the application when they want or need to. Mobile users tend to concentrate on one thing very well and so the application should make the interaction simple and efficient. The user is an expert in their field and understands the business domain intimately, so the experience you deliver should be familiar and relate to their expertise as well as following the default experience they are used to within their mobile operating system of choice, such as iOS for example.

Remember innovate and enhance!

It's wise to choose your application interface development tools carefully, as they can make all the difference between a good result and a great one. There are any number of tools that help with iterative design processes. These include such services and software as Balsamiq Mockups, iMockups (iPad Application) and App Layout (iPad Application). There are also an increasingly large number of mobile interface elements available for Adobe PhotoShop, Illustrator and Fireworks. Some can be interchangeable, for example iMockups can generate .BMML files for Balsamiq mockup import.

The concluding part of this story follows shortly.

Editorial disclosure: Adrian Bridgwater works in an editorial capacity for the International Sybase User Group, a completely independent association that represents thousands of users of Sybase products in more than sixty countries around the world. He is not an employee of Sybase but seeks to work with ISUG to support its work challenging and questioning Sybase product development and training.

New BlackBerry software development centre in Silicon Valley (of the Kings)

bridgwatera | No Comments
| More

BlackBerry maker Research in Motion has announced plans to establish a software development centre in Egypt -- it's first in Africa.

Local Egyptian press reports suggest that the Canadian smartphone maker will locate its new operations in Cairo's Smart Village.

smart V.jpg

Image: the Smart Village complex is home many global IT brands

Smart Village is an industrial park located towards the west of the Egyptian capital on the main road between Cairo and the northern city of Alexandria

The company has reportedly shown more interest in the Egyptian market as a whole after the Arab Spring uprisings of 2011.

Despite continuing political uncertainty in the region, RIM appears to be pushing ahead with its plans to open in the country. The company will be in a position to employee local Egyptian software engineers as well as international staff.


Subscribe to blog feed

About this Archive

This page is an archive of entries from April 2012 listed from newest to oldest.

March 2012 is the previous archive.

May 2012 is the next archive.

Find recent content on the main index or look in the archives to find all content.