Figuring out that the phone was more than a computer took a bit longer. Initially I still carried my iPod on long trips, as well as my point-and-shoot camera and GPS. The iPod because I worried about battery life on extended trips like camping. The camera because the iPhone 3GThe 3rd generation of cellular wireless standards. 3G is implemented in a variety of non-compatible ways by various carriers. This includes CDMA, HSPA, and GSM for the most part. Typical performance is required to support peak data rates of 200 kbit/s. Some modern hybrid systems support several Mbit/s. camera was horrible compared to my previous LG Envy, and especially compared to my Olympus camera. GPS wasn’t even a real option, especially for off-road use.

The iPod was the first to go, I found I was carrying it an never using it. By the time the iPhone 4S came along I completely gave up on the point-and-shoot camera. The GPS was great for driving, but miserable off-road. I also started using the phone to record my sons band when they were at shows. I found the video rivaled my Flip camera, and the audio on those videos was better than the Flip.

Then big phones started coming along and I got screen envy. Not the really big ones, but the 4.7 – 4.8″ sweet spot, something that would still fit in my pocket. When the iPhone 5 finally showed up and the screen was an oddball skinny 16×9 it wasn’t for me. I don’t just watch video and pictures on my phone, I do real work and that format in that small size is just too narrow for vertical use, and too short for horizontal – a lose, lose situation. Plus that crummy iPhone slab is just uncomfortable to hold – why can’t they make them nice and curved like the iPod touch?

Along came the Nexus 4. I already had a Nexus 7 tablet, so the transition wasn’t as rough as it could have been. There was a bit of work to move my apple-centric email and calendar, but once I did that things basically worked the way I wanted. I loved the big screen, the shape was a bit better to hold, and I suddenly had access to some interesting features.

Panorama of Bellagio in Las Vegas shot with HTC One

One of those was Swype – when looking at Swype I never thought it would really work for me, but it turns out it just does. It take me about 5 minutes to completely fall in love with it. I still had the old iPhone 4, but swapping the chip back was unbearable between the hard angled sides, the tiny screen, and tiny non-swype keyboard. Not to mention the haptic touch. Poking keys with your fingers just seems so old fashioned.

The other thing was the widgets, as you’ve probably guessed. Not every widget is good, and in fact there are far more bad ones than good ones, but the good ones are really indispensible – more on this later because the HTC One was where things got really good in that area.

Unfortunately there were some downsides to the Nexus 4. Plain vanilla Jelly Bean was just great, but the phone has some serious limits for a high-end user, which isn’t surprising given it’s reasonable price. But here’s what didn’t work great.

First the screen, yes it’s big, and yes it’s colorful with a decent PPI, but the color accuracy was poor compared to the iPhone. The camera had some cute gimmicks, but the pictures were just awful – I went back to carrying the old Olympus, after clearing it of cobwebs. And I lost the ability to capture business cards with my phone camera – it just wasn’t up to the task. And comparing other Android cameras showed the same results. I know some say the camera is good, but they must be starting with something much worse than I could deal with.

When it comes to the built-in speaker, it was even worse than the iPhone, and everyone knows that iPhone speakers aren’t what you’d call good. It was fine for phone calls, but playing music was like the old mono AM radio in my 63 Dodge – with the volume down low. I know, you’re not supposed to rely on your phones internal speaker, but I wanted to (another thing I’ll speak of on the HTC One in a moment.)

Recording was even worse. I use my phone for audio memos and recording Webinar audio etc. It worked OK though not as clear as the iPhone. But when it came to trying to record my son’s rock band it was a complete disaster – the audio was unusable. Not bad, not usable at all – just random noise and cutting out. I tried several times, it was always a disaster. A bit of research let me to find out that this is way too common with Android phones.

The third was the storage. I came from a 64 GB phone, and I just couldn’t be happy in 16 GB. Much of my time is away from strong cellular service or wifi, and so I keep about 20 or 30 GB of music on my phone, as well as a movie or a couple of TV shows. I was OK on the Nexus 4, but not happy.

Then came the HTC One. A really solid build quality like I was used to from Apple, and a nice curved back like my old iPhone 3GThe 3rd generation of cellular wireless standards. 3G is implemented in a variety of non-compatible ways by various carriers. This includes CDMA, HSPA, and GSM for the most part. Typical performance is required to support peak data rates of 200 kbit/s. Some modern hybrid systems support several Mbit/s., but lighter and a bigger screen. This was worth looking at. Plus actual stereo speakers, and on the front – why doesn’t everyone do this?!

So I went online and bought the developer edition. This was so I would have an unlocked bootloader for OS experiments and I thought I would probably just put straight Jelly Bean on it since I was used to it. Plus I wanted an unlocked SIM for overseas travel. I went to the HTC website and ordered a 64 GB version.

My only real complaint with HTC was their purchase process. The order took forever, and they didn’t keep me up to date on status as is now common. I had to call every few days to find out what was going on. Anyway, several weeks later I finally had my new phone. As it turns out, the AT&T online process is just as bad, in some ways worse, but that’s a story for another day.

I connected the phone to my account, loaded my Android apps from my Google account, put my photos, video and music on it and was ready to go. I was showing it to my wife and when she saw the screen and heard the music quality of the speakers she was done with her iPhone. Just that fast, no experience with Android, but the HTC One was what she wanted, so I headed back to the AT&T store the next day and bought her one as well.

So here’s what I love about it. First the screen. We compared it with an iPhone 5 and the Nexus and the color rendition was much more accurate and properly white-balanced. It’s big, it’s unnaturally sharp, and it’s bright. Much better in daylight than the Nexus was. This is the best smartphone screen I’ve ever seen, bar none.

The camera is great for snap shots, dark shots, and video. It’s only shortcomings are when you’re doing big enlargements and small up-close details. I can scan business cards again and the Olympus has been re-retired. Not only does it take good dark shots, but it’s the first smartphone or snap shooter I’ve seen that handled flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages. properly – not more choosing between dark and blurry or over-flashed.

Water show at the Bellagio shot with HTC One

I did a dark picture test against the iPhone 5 and Samsung Galaxy S3 and it was really great compared to either of them. I put a black pocket-knife under my desk. Each camera was two shots – once without flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages. and once with. Notice if you look at the large image zoomed in on the HTC how sharp the image is, and how well balanced the flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages. shot is.

Samsung Galaxy S3 no flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.	Samsung Galaxy S3 flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.
iPhone 5 no flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.	iPhone 5 flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.
HTC One no flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.	HTC One flashWeb-based multimedia platform. Used for putting animation, interactivity, and video on web pages.

The video camera shoots 1080p HD and it really looks quite nice, both day and night. I’ve attached a fun little video below that I shot on the airport tram at Dulles – it starts slow but you’ll see what I mean – it’s like Star Tours at Disneyland.

The audio playback is amazing, it makes me dissatisfied with my iPad and even outshines the Kindle Fire HD – why did they put the speakers on the back? Audio recording works well for memos and even recording music if you’re using the video app. Other apps so far haven’t been able to record live music well – I suspect they somehow don’t make use of the HDR microphone. I’m hoping one comes along – it seem silly to record video to just get audio. But the quality is good again.

The size and shape are good – the phone is comfortable in my hand for the first time in a couple of years. The weight is fine, and it still fits in shirt and coat and even pants pockets.

The GPS is now good enough for off-road thanks to the Backcountry app. I have to say that for navigating I’ve still personally had better luck with Apple maps than Google and I still find Magellan and Navigon are even better as I’ve mentioned before. But for off-road the iPhone can’t compete with Android.

The only downside is the battery. It’s no worse than the iPhone or Nexus but not better. I long for the old days of charging my phone once or twice a week. Heck I’d settle for two days of really solid use, or even 24 hours of heavy use. HTC I hope you’re listening.

The really unexpected pieces were because of Sense. I had planned to replace the launcher at the very least and possibly even switch to plain jelly bean. However I quickly got used to Blend, the news feed, and now don’t use Flipboard at all and News360 only occasionally. I’m a Sense fan.

The contacts widget is really great, and the contact manager is the only one I’ve ever seen in mobile (iOS, Android, Windows 8, and Chromebook) that can handle multiple accounts properly, IE Skype, LinkedIn, Google, Exchange, Twitter, Facebook, and more. All without showing you duplicates.

I’m hoping HTC is successful, because I think a tablet built with the same quality would be amazing – sign me up, I’ll pre-pay.

My son, who was instrumental in pointing the HTC One out to me in the first place and helping research what the best phone would be, has finally made the change as well. His One is on the way (you can’t get a black 64 GB in any store – why not HTC?) and he’s giving up his iPhone 5.

So that’s a clean sweep – 3 iPhones changed into 3 HTC Ones. Try it yourself – you can’t go wrong.

 

My Trip from iPhone 4S to Nexus 4 to HTC One originally appeared on The Code Curmudgeon on June 13, 2013.

The topic is security and I’ll be talking about Hybrid Security Analysis: Bridging the Gap between Inside-Out and Outside-In. The basicBeginners All Purpose Symbolic Instruction Code. A programming language designed specifically for beginners. idea is how to you coordinate and get value from the outside testing like penetration testing and then relate it to development efforts like unit test and static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc..

If you can’t make the session, feel free to stop by our booth, plus I’m doing one of the Q&A sessions on Thursday at 10:15am as well. Hope to see you there.

 

Hybrid Security Talk at Better Software Conference West originally appeared on The Code Curmudgeon on June 4, 2013.

CodeCurmudgeon’s SQL Injection Hall of Shame

Check it out and let me know if I’ve missed any.

 

SQL Injection Hall of Shame updated originally appeared on The Code Curmudgeon on June 3, 2013.

Superficially, this seems bright.  It’s a big problem, and there’s only so much time, so let’s reduce the problem to something manageable.  Yeah, well, “apples to apples” is the wrong method of reduction.  What you are really doing in this case is saying “let’s spend our time and effort pretending that things are not nearly as complex as they actually are.”  Presented with a smartphone, a tablet, and a calculator, who in their right mind would only compare the calculator functionality across all three to determine the winner?  Apples to apples, right?  This would be comical if it was not true of the evaluation processes some organizations use for static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc. tools.  Especially in safety-critical industries, it crosses a line from carelessness into reckless endangerment.

Instead, let me propose a different reduction of your evaluation problem that will save you from arguing over which product chose the best font for the number “2.”  Stop evaluating features and start evaluating solutions.  State your problem in such a way that it allows (or even forces) creativity on the part of the vendor to get to the end goal.  (Do you really care about false positiveA result that is incorrect. Strictly speaking, it means that the tool providing the answer got it wrong. Generally it has a broader usage, meaning an error message that the developer doesn't think is important or real, either because of context or misunderstanding by the developer. rates of 7% versus 9%?  What if the 7% false tool takes 1 hour per task to resolve whereas the 9% false tool takes 5 minutes per task?)  When you take a step back from the marketing and focus on the reason you want a tool — reduce risks, reduce costs, secure revenue, improve productivity, maximize customer satisfaction — you can spot the slippery metrics about product capability and refocus on your driving needs.  You are in a better position to capitalize on unexpected opportunities.  You can even remember that this is for the long haul, so you would rather work with a company that cares about your success and will challenge you to make the right decisions.

[editors note: there is a good article about this as it specifically applies to static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc. tools on the Parasoft blog.]

 

The “Apples to Apples” Mistake originally appeared on The Code Curmudgeon on May 30, 2013.

This will be an informative lunch seminar on Thursday, May 16th from 10am to 12pm at FCN, Inc in Reston, VA. During this event we will be discussing trends, strategies and best practices for NISTNational Institute of Standards and Technology compliance.

Discover how to best utilize your company investments to deliver compliance throughout your organization. Participate in a presentation by industry expert Arthur Hicken as he facilitates a discussion on how to continuously integrate software quality into the development process with Parasoft’s comprehensive Development TestingDevelopment Testing is a software development process that involves practices such as static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc., data flow analysisA form of static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc. that works by analyzing software by tracing data flows and paths that might be used when running the application. It can find weaknesses, but is subject to false positive results because the paths and data it finds my be improbable or impossible., metrics, peer code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., unit testing, code coverage and other steps that can be performed at development time. The goal is not to replace traditional QA, but to reduce time and cost by catching problems earlier. platform.

What you will learn:

• Consistently apply static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc., unit testing, peer code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., coverage analysis, runtime error detection, etc.
• Accurately and objectively measure productivity and application quality
• Drive the development process in the context of business expectations – for what needs to be developed as well as how it should be developed
• Gain realtime visibility into how the software is being developed and where it is satisfying expectations
• Reduce costs and risks across the entire SDLC

Following the presentation Parasoft will demonstrate Parasoft’s development testingDevelopment Testing is a software development process that involves practices such as static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc., data flow analysisA form of static analysisAny form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., etc. that works by analyzing software by tracing data flows and paths that might be used when running the application. It can find weaknesses, but is subject to false positive results because the paths and data it finds my be improbable or impossible., metrics, peer code reviewCode review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality., unit testing, code coverage and other steps that can be performed at development time. The goal is not to replace traditional QA, but to reduce time and cost by catching problems earlier. solutions for C/C++, Java and .Net applications.

Hope to see you there. If you’ve always wanted to meet the CodeCurmudgeon in person, sign up here.

 

Seminar in DC – Development Testing for Compliance originally appeared on The Code Curmudgeon on May 8, 2013.