Tag Archives: Software Development

What is Static Analysis… and What is it Good For?

As I talk to people about static analysis, I get a lot of questions and it seems that static analysis means different things to different people. The definitions people use for static analysis can be any or all of the things in this list:

  • Peer Review / Manual Code Review / Code Inspection
  • Pattern-based code scanners
  • Flow-based code scanners
  • Metrics-based code scanners
  • Compiler / build output

A working definition of static code analysis is the analysis of computer software that is performed without actually executing the software being tested. I’d like to talk briefly about each of these techniques, when/where to use it, and why it’s helpful.

Perhaps the oldest version of static analysis is Metrics-based code scanners where we look at things like complexity or even simply number of lines or methods in a file. Pattern based code scanners are what some think of as the traditional static analysis technique. A more modern offshoot of this is Flow-based code scanners where they look at paths through the code and say “Oh this could happen to you or that could happen to you”. The last is, which most people don’t think about, it output from your compiler or your build process which is a very valuable thing.

Peer Code Review

Let’s start with what we would call peer code review or code review or manual code review or code inspection. The idea is that humans are looking over each other’s shoulders, the idea being to check to see if the code is doing what you are trying to do. And there’s some really cool stuff out there to help you do this more efficiently. What you don’t want code review to be is checking syntax, or in fact anything that could be checked by an automated tool.

What we want to do is in some point, get some other eyeballs into some other’s code beyond the people who write for themselves, so we don’t get some kind of self-sustained mechanism that someone decides to do something in certain way.

Peer Code Review will help you finding problems early and functional problems. Most important part of Peer Code Review is have an access to mentoring process where other people look over your shoulder and can give you feedback like “you know… I would do that differently for this case. Here is better way to do it”.

You learn from code review because you benefit from the experience of others. In addition it helps you learn the code base because you are looking at other pieces of an application rather than just your own.

Pattern based analysis

Pattern based static analysis is finding a specific pattern from your code. This could be a good pattern meaning something you want in you code, or a bad pattern meaning something you don’t want to be in your code (bugs).

For example, I may have a branding issue. I want to make sure when my code prints out copyright statement. In this case the pattern is that certain code exists where I expect it to be, such as the footer of a web page.

Or the pattern might be a bad one, such as code that doesn’t free up resources when it’s done, causing memory leaks.

It may also be formatting issues that curly is here and under bar used there and case sensitive names used here and there. But we have to remember that it’s not just syntax problems but really things could cause a bug, for example when we try to internationalize our product or it may cause performance issue things like that.

Additionally the really cool thing about pattern based static analysis is that it improves the developers themselves. For example, a developer writes code for accessing a database. The code includes a try/catch block but he forgot to free up resources with a finally block.

The pattern based static analysis tool catches it and lets the developer know. After a few times with this warning, the developer will learn from it and start right code with a finally block to avoid the violation (and the nagging from the tool).

In other words, the tool is actually teaching the developer by suggesting a best practice  over and over again. Ideally, you encapsulate intelligence of your best developers into pattern based rules.

Pattern based static analysis is not just to check syntax and code formatting. It’s designed to save you time, not to “take time”. Some people say they don’t have enough time to perform static analysis, but generally, you don’t have enough time to skip it.

Flow Analysis

Flow analysis is the idea that instead of looking for a specific pattern in a particular file or class, we are going to look for a pattern based on trying to follow particular path through the application. But rather than run the application, it simulates the application execution.

Flow analysis looks possible paths of the logic and then manipulates the data to see if the bad pattern appears. For instance, it might try to inject bad data to see if it causes a problem, such as a SQL injection.

The paths are hypothetical in that they may or may not actually occur when you use the application, but they are at least possible. The cool thing is that it find real bugs in your application.

One of the things that flow analysis can find is uncaught exceptions. This may always be a problem because sometimes you handle the exception another way. For example, web application servers commonly have a wrapper to catch all exceptions. This is important because system uncaught exception acts basically same way as system exit.

Sometimes you have application stability issues, and very frequently it is related to unhandled exceptions. In such a case, flow analysis is a big help in improving your application.

API misuse is another common source of problems that are handled with flow analysis. Where the API not well understood or poorly documented it can lead to memory leaks or corruption.

With security, it finds the some potential types of problems for you that you can start to work on. It’s a great first pass, but it’s not as powerful as pattern based analysis for preventing issues and for giving thorough coverage, being limited to the hypothetical paths that the testing tool can figure out.

Metrics

Metrics falls into two goals: you want to understand what’s going on in the code and the other is find possible problems. They do this by measuring something in the code. Sometimes when they people talk about metrics, they mean KLOC, cyclomatic complexity, number of methods or classes, things like that.

Metrics can point you to potentially dangerous design issue which is very helpful. They are generally more useful more at the design level than the debugging level.

When tools started doing static analysis about 20 years ago, there were a lot of metrics in place. When people had a bug in field and couldn’t reproduce it they tried to use metrics to suggest where the problem might be, then use a debugger to check the area suggested by the metrics.

The problem is that sometimes it gives you a good idea and sometimes it doesn’t. It really depends on what metrics you are looking for. If you’re using metrics to try and find bugs, it can be difficult and time-consuming. But if you’re trying to use them to understand your application, they actually end up telling you things.

So let’s assume you have a metric that measures the number of lines in files in your application and you start notice giant files. It probably means that design is not as good as it should be, because components should be very discrete and they should have known inputs and they should produce known outputs. When files get large they probably have a lot of complicated logic in the middle of them. Typically it is a good time to look at and refactor and build them down.

Compiler / build output

You should think of compiler warnings as a useful form of static analysis. Internally we set a policy many years ago that our products must compile without compiler warnings. It turns out that many of the compiler warnings are traceable to real problems in the field. At best, they mask real problems buried within your code. If you think that you can ignore compiler warnings, you’re assuming you know as much about the language as a compiler programmer. They put compiler warnings in place because they think about the code in terms of how the language is supposed to be used. If they give you a warning, it means they’re concerned that the code won’t operate properly. It’s best to pay attention to such warnings.

All of these types of static analysis can be valuable in improving your code and your development process, and even your developers as I discussed. I’ll go more in depth on these techniques in future posts.

[Disclaimer]
As a reminder, I work for Parasoft, a company that among other things make static analysis tools. This is however my personal blog, and everything said here is my personal opinion and in no way the view or opinion of Parasoft or possibly anyone else at all.
[/Disclaimer]

Resources

Going with the Flow in Static Analysis

As part of my ongoing series about Static Analysis issues I want to talk about the relationship between the traditional static method and the newer dynamic or flow analysis method. People seem to misunderstand how the techniques relate and what each is good at. In particular, many seem to think that flow analysis is a replacement for non-dynamic analysis, which couldn’t be more wrong.

For the sake of having a simple term to identify both methods, I’ll refer to the older “static” method of static analysis and “pattern-based” and the newer flow-based method as “flow-based”. This is somewhat of a misnomer in that both types are really based on patterns, but seems to be a somewhat common way of referring to the two methods. If the terms I use bother you, feel free to do a search-replace function in your head when reading. I’m not too worried at this point about a strict technical explanation of each, but rather to their relationship. The goal is to have a way to differentiate in terms these two particular types of static analysis. Of course there are other types of static analysis as well, but I’ll leave that for another day.

Let me begin by saying that there is in fact a very strong relationship between pattern-based and flow-based static analysis, at least at an academic level. In almost every situation there are a set of pattern-based rules that would allow you to code in such a way that would prevent the occurrence of the issue being found by the flow-based rule. Given the nature of how flow analysis works, it can never find all possible paths through an application. This makes it a good idea to start programming in a more pro-active way to prevent the possibility of issues you’re concerned about.

For example, in security, one of the basic problems is using tainted data. Somewhere in the application between getting data from the user and operating on the data, you need to check if the data is safe. Depending on how far apart the operations are, it can be extremely difficult if not impossible to check every possible path. Security code scanners that rely on flow-based analysis attempt to find possible paths between user input and uses of the input that allow tainted data to be operated on. They can never find every possible path even if you let them run for an incredibly long time.

Instead, if you restructure your code so that input validation is done at the moment of input, then you don’t have any paths to chase, and you don’t have to worry about tainted data in your application. Flow-based tools won’t find anything anymore, because you won’t have any unprotected paths. This is sometimes a more difficult sell for developers, since it doesn’t provide them with a single broken piece of code that needs to be fixed. Rather it tells them that the way they’re writing code now could be improved – a bitter pill to swallow.

However applying this same principle to things like memory corruption, resource consumption, etc. can make the program far more robust than chasing possible paths ever could.

An excellent methodology is to start with flow-based analysis and fix the low-hanging fruit. Once you have compliance with your flow-based rule set, then review what you’re doing with flow and compare it to pattern-based static analysis. Determine as best you can how to apply static analysis and catch all possible potential problems before they happen, and put that into place. This moves you from a reacting to issues in your software to a more preventative stance.

There are those who say that flow-based analysis is preventative, but it’s still symptom driven – namely trying to find the openings and bugs you left in your code. Pattern-based analysis, when deployed properly, can be used to address the root problems. In our tainted data example, this means changing our coding style so that we don’t have paths where data could be tainted – root problem handled.

Essentially, flow-based analysis finds real bugs in possible paths. When you get a message from it, you just decide whether you care about that path or not. Static on the other hand tells you about the potential for a bug, not necessarily about the existence of a bug. Again, with our security example, Flow-based says “you used tainted data” where pattern-based says “this data could be tainted before use”.

When compared, you can see that flow-based analysis is a great way to find low-hanging fruit, because it’s looking for bugs instead of you doing it. On the other hand, because it works by guessing (flow fans hate the “guessing” term) at possible paths through your code, it will always be by it’s very nature incomplete.

Pattern-based analysis on the other hand requires restructuring your code and behavior if you want to achieve it’s full value. Some code is not well suited to such change, such as working legacy code.

Used together you have a very powerful solution that is much more robust than either technique on it’s own.

[Disclaimer]
As a reminder, I work for Parasoft, a company that among other things make static analysis tools. This is however my personal blog, and everything said here is my personal opinion and in no way the view or opinion of Parasoft or possibly anyone else at all.
[/Disclaimer]

Resources

My Favorite Open Source software

open source word cloud on chalkboardI have a love-frustration relationship with open source software. I could never say I hate it, because I don’t. I am however painfully aware of not only how many bad open-projects are out there, but how many almost-great ones there are that come tantalizingly close to making the grade. We still haven’t reached the point, for example, where you can put a Linux desktop in the hands of the average consumer without good Sysadmin backup. Contrast that with the millions upon millions of windows systems in the hands of the Technologically challenged that continue to work. I wish it weren’t so, but it is.

Ubuntu has made strides in this area with their 10,000 paper cuts project but there is still a long way to go. Many open-source projects remain too geeky and too buggy for mainstream success. On the other hand, there are some astounding successes that continue to give me hope. Without going into problems inherent in open-source vs traditional proprietary development (I’ll leave that for another day) I’d at least like to mention the applications that have made my life better, or have even changed the world. Don’t worry there is a poll at the end for you to choose your own favorite. As always you can sound off in the comments as well.

My top 10 list of open source that really works. Criteria are it works well but doesn’t require you to be an uber-geek. At least not a sysadmin. You might be an uber-geek in your area of expertise, such as video or database. I expect a few people to complain about the criteria, but I think one of the biggest problems for the open-source movement, especially Linux and Android, is that they can’t gain traction with the mainstream because they not only have the option for radical configuration, but the requirement for the same. Most people have software to solve some particular need, not to play with the software itself. Yes, I know there is a group out there that loves playing with stuff for it’s own sake, and that’s OK – there’s nothing wrong with it. But recognize that it’s a minority position and that most people just want stuff to work.

Many will disagree with the list, but that’s not really possible – it’s a list of MY favorites, not yours. 😉 Feel free to mention yours in the comments though – maybe I’ll change my mind. There’s a poll at the bottom.

Top Ten Open Source Projects

In no particular order

Apache web server
Who can deny that Apache has changed the world? It’s a really great, really powerful web server. But it also just works out of the box. You’ve gotta love it. I’ll bundle Tomcat into this since I almost always use them together as do many others. You can use them separately if you want.

Ubuntu Linux
Who could miss putting Linux on a list like this? Currently my favorite flavor is Ubuntu. They have a simple installation, streamlined updates, a commitment to fixing annoyances, and more. They work well from desktop to server to virtualized JeOS environments (meaning Just enough Operating System). (More on JeOS at a later date).

MySQL
Having a good, powerful yet simple database available without massive cost and unencumbered by crazy licensing is probably one of the unsung heros of the modern web. Without data-driven websites we’d all still be reading static text articles. Again, MySQL can be tweaked ad nauseum, but also works well essentially out of the box for people who don’t want to waste time. I hope that Oracle keeps this gem alive. [Update 2011-10-04]Oracle has
released performance updates to MySQL[/Update]

Eclipse
In the bad-old days we used to have a variety of expensive, annually updated development environments on Windows. On Unix it was mostly command line – open four windows, one each for edit, compile, run, debug. Tools had to work hard to integrate, and tool vendors made difficult choices about what environments to support.

Eclipse being not only free but open with a well designed API let us move from working on our development environment to working on the projects we wanted. I used to spend a lot of time keeping my Emacs (with VI plugin!) working with all it’s crazy plugins. My favorite Eclipse flavor happens to be MyEclipse because it has so much useful stuff built into it. Probably most of it I could find somewhere, but this way I can just install what I need in one shot and it just works.

Standard disclaimers about working for Parasoft aside, I never leave home without Jtest plugged into my Eclipse for testing my java code even though it’s not open source.

Bugzilla
You can’t build great software without having a good bug-tracking system, and while Bugzilla is open-source / free, it remains one of the best. It has enough features for most organizations, is light-weight, and easy to use. It also has a well-published API with all kinds of nifty clients and plugins being created for it. For example, I have one on my iPad that in some ways is better than the web interface.

WordPress
What’s the web without blogging, self-publishing, storefronts, etc.? WordPress makes it easy for everyone to start a site without being an HTML expert. I have been using it after doing things by hands for years, and I’m starting to rethink some of the other projects I’m working on. I know some will think Drupal at this point. It certainly has a large following as well, perhaps even larger. But I prefer WordPress for it’s absolute usability. I’ve played with Drupal and was just never comfortable deploying it for real life. For most people, WordPress may be a better choice, I know it is for me.

VLC
I’m one of those people who has my computers integrated into my home entertainment system. I prefer living without silly disks and other dinosaur media. Years ago I moved away from music CDs, and I’m close to being done with DVD and blu-ray. The great thing about VLC is that it will play any video format you have. Really, anything. No messing around with plugins, codecs, video frame rates, and all that geeky stuff. Just right-click your video file and “open with VLC” and you’re off and running.

I have no desired to continually reconvert my videos to different formats to accommodate new devices and VLC let’s me just watch what I want. Again, it even works on iPhone and iPad, for all those who think you have to have Apple format video through iTunes.

Plex / XBMC
Plex is just a Mac fork of XBMC. From my experience, they seem to have improved on the original, but I haven’t spent enough time on the XBMC/Windows side to really be sure. This is the media-server equivalent of what VLC does for a single device. Basically you point it to the drive(s) where you store your videos, music and photos. It sets up a server which can speak DLNA so that your “usual” media server clients can use it, like Playstation, Samsung TV’s, Xbox, and more. You can also run a hard video line from your computer to your TV for an even better experience. This is one of those things that will ultimately lead to people cutting the cable. It has a plugin architecture and people are continually adding what they call “channels” which are really wrappers around existing web-based content such as Comedy Central, CNN or Aljazeera. You’ve got to try it to really understand, but it’s amazing.

Gimp
For those who need high-power image editing and manipulation, this is your gnu-alternative to those expensive programs out there. Maybe this one isn’t for the faint of heart, but for those familiar with image editing, it’s no problem to use. I’ve moved almost completely to Gimp and don’t expect to pay for other image editing programs in the future.

Firefox & Thunderbird
Firefox and Thuderbird, both from Mozilla, are definitely starting to feel dated where once they seemed cutting edge – sorry guys. I hope you push back to the front. But I cannot discount the contribution they’ve made to the world. I was once a dedicated Firefox user, but now it just looks clunky compared to others. If it wasn’t for Firefox we’d probably all be stuck with lousy browsers where instead we have several choices now. Thunderbird let us escape from the horrible enterprise email monoliths before full Ajax web-based email clients made it easy to live without a local mail client. Kudos, Mozilla.

Open Source Honorable Mentions

Projects that just didn’t quite make the top ten, although many would probably make the top 20. You’ll notice a recurring theme that I left many out because they’re just too wonky or complicated for everyday use or for “regular” people.

Apache Commons
I love Apache Commons. It has more cool useful libraries than I can count that keep me from inventing the wheel. However I suspect that it’s not used nearly as often as it could be. I almost put this in the top 10, but decided it’s probably too limited in use as well as scope – only developers feel this. Or maybe end-users should count as well? I can’t decide. But I can’t live without it either.

OpenOffice
I have to admit I’m a fan of anything that keeps the world from a single provider for office tools. But my experience with OpenOffice is frequently that it’s not quite there yet. There are some annoyances in conversion to/from the MS Office files that I have to use in my everyday life, and this means I just can’t rely on it. I wish I could. But I see improvements being made, such as a native OSX client rather than relying on an Xserver, so I have hope.

source control. There are a lot of good programs out there, but for most projects this will not only do the job, but do it well. By the way, it’s free of course. Why do people still pay for that big heavy source control program? You know the one I’m talking about.

Hudson / Jenkins
Continuous integration and build automation are very useful to software development. I find these tools useful for automation in general as well – goodbye Cron! It used to be just Hudson and then there was a split. Honestly I don’t know which one is a better choice right now – feel free to voice your opinion. I’m still using Hudson because I’ve gotten used to it. Probably you can’t go wrong with either.

Maven
Maven is a big improvement over “make” that we all used to use to build our software. It’s really the next generation of Ant, which is a great thing in itself. This one comes with a caveat though – there is a certain religious fervor that can cling to some Maven users. Using Maven can lead to lost productivity if pushed to extremes. And the “convention over configuration” mantra is a nice idea, but really the same is true if you simply do things in a standard Eclipse configuration. In practice it means “if you totally reconfigure all your development projects and source layout and builds to do what we think is good, you won’t have to reconfigure them”. We used to call that “my way or the highway”. Caveat emptor. Used properly, Maven will make your life better, used indiscriminately it will be painful.

Android
Android isn’t really free, and at least the current release isn’t really open. But still, it’s a nifty idea. I’ll ignore for a moment the potential IP issues until they get resolved in court one way or another, but having a strong mobile OS to compete and drive innovation helps everyone. Awesome.

Audacity
Audacity has a lot going for it. The times I’ve tried it I’ve always suspected it would probably do what I need, but it was tough to figure out. I think it’s still just too wonky for regular people. I suspect it will remain that way, as simple audio editing is becoming more and more available, even on our smartphones. Those who do heavy audio editing may disagree – let me know.

VNC
VNC is a remote desktop technology that works on Unix including Mac. It comes in a lot of varieties such as RealVNC and TightVNC – on the Mac it’s actually baked in as the native remote desktop. It’s a great idea, but obviously there are more people using Microsoft’s remote desktop, so I couldn’t put it int he top ten. But I use it all the time – maybe Microsoft will give up their proprietary ways and switch, but holding your breath is probably not a safe bet.

Handbrake
If you work with video files, such as ripping your movie collection, converting it to play on your Playstation, Xbox, PSP, iPod, smartphone, etc. then this is for you. It’s a powerful, full-featured open-source video conversion program. But suffers from nearly terminal geekiness. Out-of-the-box settings yield mediocre results compared to what a really good video file should have. Going beyond that requires an extreme amount of esoteric knowledge, and even at that it can be tricky to repeat at a later date. If you know video you can really enjoy this, if you’re a beginner you might get lost.

MediaWiki
We’ve all used Wikipedia. This is the software behind it. Lots of great things are being done around the web with wikis, but even without all that, you only need to look at Wikipedia to see how amazing this can be and has been. There are still some core issues that need to be worked out with the idea of canonical encyclopedia coming from a wild open community.

As you’ve probably figured out by now, there is some really great stuff coming out of Apache and Sourceforge. I haven’t covered Google much here because they’re more on the free application side in many cases though they do manage a lot of open-source as well – it’s worth a look both as an end-user (gmail, etc) and as a developer.

Padding your work – the iPad in the office

iPad © by Yagan Kiely
I recently added an iPad to my technology arsenal. I’ve been using a MacBook Air for several years now and I really like the size & weight, but compared to the iPad it’s enormous and has a short battery life. I get a lot of use out of my iPhone, so I know what the iPad can do. Some continue to insist the iPad is just a toy.

For me, the big question mark is the keyboard. If I’m carrying an iPad and a notebook while traveling, it seems a bit ridiculous. If I carry an iPad and a keyboard, isn’t that just a notebook? Is there any real advantage to such a thing? Well I decided to give it a try and see what happens.

I travel a lot, so based on things like email, eBooks, and in-flight entertainment the iPad was a no-brainer, it can do them all very well. But I was wondering how useful I can actually make it in a software company.

If you’re going to try to use the iPad as a replacement device, there are a few categories of apps you’re going to be interested. I’ve broken out a few of these categories and selected some basic apps to see how well they will work. I’ll go into more detail on each after I’ve got some real use.

I checked out a list of 30 Business Apps and while it has some interesting ideas, it didn’t cover some specific software development needs. I’m purposely ignoring the entertainment category such as music, video and games, as it’s well covered in many other places.

Office Tools

I bought a couple of office suites for comparison purposes. I know, this sounds crazy, but it’s still less than the price for Microsoft Office on a desktop. My basic needs are typical word-processing, simple spreadsheet, and presentations. I also have some apps for note-taking and planning.

I happen to be a fan of the Mac office suite with Numbers, Pages, and Keynote. Especially Keynote is a great improvement over PowerPoint. So I bought each of those apps. I had already purchased a Keynote remote app for my iPhone that I haven’t had the chance to tryout yet.

However, our office and clients remain largely Microsoft (MSFT) based, so I bought the QuickOffice apps as well. After initially giving it a pass, I decided to get DocsToGo as well. There are one or two other major office suites for the iPad as well, I may try them at some point, but probably only if I’m missing something. I’ll be shaking them all down as much as I can in the coming weeks and I’ll give the long and short of it here.

There are a few other tools I use frequently in the office, such as a voice recorder to take dictation for creating presentations, training materials, whitepapers, articles, etc. At the moment this is centered heavily around the built-in memo recorder on the iPhone, and possibly Siri will help but I don’t know yet. I’ve also got Dragon Dictation but mostly it’s something I record and then later work from manually. I’ve got a few other audio recording apps as well. I’ll give a full shakedown in the near future.

Another useful office tool is having some kind of scanner software based on using the camera in the iPad. OCR on top of that is really the icing on the cake. I’ve got a couple of these installed, at the moment GeniusScan and JotNot Pro. I’ll see if I can figure out which is best.

For note taking I’ve frequently used simple text editors or a blank page in the word processor. While both work, neither is well-suited to the task. Ideally I should be able to type, write with my finger or stylus, and draw simple things to help illustrate the topic at hand. I should be able to save, edit, and share the document created. With that in mind, I’ve got a few note-takers installed like PenUltimate, but the noe I have high hopes for is Note Taker HD.

I’ve also got an app that lets me try to study/plan/organize based on putting 3×5 cards on a cork-board. It looks really great, but I’m not yet convinced it’s actually useful or sustainable.

Travel Tools

This is a category that some office users won’t need. If you’re an iPad in the office and at home kind of person, you can probably skip this set. My initial set includes the apps for the airlines I use, just in case I need them. I also have the TSA app for airport information. The bulk of my travel information comes from TripIt which I have found very useful on the iPhone.

I also take a GPS on the road with me via my iPhone, so I haven’t listed it as a necessary item for the iPad, even though the bigger screen makes for easy mapping.

File transfer

I also already have some file sharing apps to transfer files on and off my device. Mostly I use iDisk since I have MobileMe but long-term I will be doing something else. I’ve installed Box.net since they have the free 50GB offer running right now. I may get a small DropBox for comparison with that. And my Latest favorite in this area is FileBrowser which let’s me do normal file system browsing on remote computers, such as my desktop.

I’ve got a few others as well, some of which have already been deleted for lack of usefulness.

Development tools

For software development I have a decent Bugzilla client called iBzilla, and nice SVN source control client called CodeViewer 2, and I bought a few code editors I will be trying out, including Textastic, Koder, and of course what computer is complete without VI?

Database

One could argue that database is part of the development tools category, but I think it’s big enough to warrant separate treatment. I do a lot of database work, so again I already had iPhone apps for connection to various DBs such as Oracle and MySQL. I updated them to iPad versions. Mostly I use Navicat. I’ll discuss this in a separate post, but if anyone has suggestions for good DB apps I’d be happy to check them out.

I also have Bento for quick and dirty db stuff, but I currently don’t use it much. If I find a way to leverage it for work I’ll let you know.

Social / Web stuff

For social and web stuff I have the usual suspects, Twitter, WordPress, Polldaddy, LinkedIn, GoToMeeting, WebEx, Instant messengers, etc. This covers blogging, posting info, messaging, as well as video conferencing.

Geek stuff (SysAdmin)

And I had the usual array of geek utilities like DNS tools such as nslookup, VNC for remote login, and a terminal client that includes SSH support. There is some overlap between these so I’ll try to narrow it down to what you actually need with what’s good and bad about each.

Other iPad stuff

There are a few other things that are interesting. For example, I am making more use of the Kindle application now for books. I do have a Kindle and there are times I prefer it, but that’s normally for when I am not carrying the iPad.

I find the Kindle device great for reading, but the larger iPad better for reference books. One other benefit is that most technical manuals are much cheaper on Kindle than in print, and it’s very convenient to have them with you when you need them.

I’m going to assume that at least conceptually all of the ideas here are equally useful for other tablets. This will depend of course on having the apps you need available on the platform of your choice.

I could certainly borrow a tablet from a friend and do a similar experiment, but it’s something that takes time to do in depth, so we’ll see. If any of you are interested in a similar idea, let’s talk.

Updates on real world experience will be coming in the near future as I shake down each category.