There is no fragment in program code where you cannot make mistakes. You may actually make them in very simple fragments. While programmers have worked out the habit of testing algorithms, data exchange mechanisms and interfaces, it's much worse concerning security testing. It is often implemented on the leftover principle. A programmer is thinking: "I just write a couple of lines now, and everything will be ok. And I don't even need to test it. The code is too simple to make a mistake there!". That's not right. Since you're working on security and writing some code for this purpose, test it as carefully!
Pex (Program EXploration)
is an intelligent assistant to the programmer.
By automatically generating unit tests, it helps to find bugs early.
In addition, it suggests to the programmer how to fix the bugs.
Pex is actually a unit test generation tool. It takes a parametrized unit test and generates parameter sets to get full code coverage and exercise all of the code. It actually analyzes the code to find appropriate values, and then generates normal (unparametrized) tests.
Most testers consider UI testing as the Achilles' hell of automated testing and often just stick to manual testing for UI. There is no doubt that UI testing does have its challenges. It has complex workflows, is relatively much slower than Unit Tests and also is more brittle.
* Introduce a global state in the program, hide the dependencies.
* Test-driven development: classes become tightly coupled with the singleton. Need to test the singleton along with the class to be tested initially.
Some quotable quotes here: "while we laugh at the guy who expected that his computer could be hooked up to his boom box to use the cd, he's actually just a bit ahead of us. Yes, ahead, not behind. In the future, he probably could get his computer to talk the boom box into transferring data from its cd."
"When I was a teenager, I had a friend who made extra money testing and changing vacuum tubes in TV's and radios. Try earning money that way today- there is actually a very small market for that kind of thing, and there are still people who sell tubes and the like, but that market is pretty small. In the dumbed down computers of the future, there may still be a few antique machines kicking around here and there, but that isn't going to support very many of us."
This is largely true and happening all the time. A programmer can use Python or Smalltalk without needing to know C (or Fortran or assembler.) A child can program in Morphic tiles (Etoys and Scratch)! We don't need to know the difference between a serial cable and a printer cable, or how to install a driver' it is all USB (or Bluetooth!) There are some gurus that program USB, but perhaps only a few hundred of them, and the rest of us just use it.
The industry stewards have countered Apple's move with their own application stores, so there's a huge opportunity to write the "killer app" for one of several smartphone platforms.
40 MB to less than 4 MB of free RAM
one-app-at-a-time requirement complicates any implementation of a copy-and-paste mechanism.
As a security sandbox, the iPhone OS permits only one third-party application to run at a time, and not in the background.
adding some useful Bluetooth profiles that supported stereo headsets, data synchronization, or the ability to implement multiplayer games would be usefu
iPhone OS 3, that provides some of the missing features mentioned here, such as the A2DP profile for Bluetooth, voice recording, and copy-and-paste.
Have to learn Objective-C; is only smartphone platform that uses it.
Competitors will soon catch up on the UI.
embed navigation and GPS plotting into applications.
provide their own map content
The OS now supports the use of accessories connected to the iPhone either through its 30-pin docking connector or wirelessly via Bluetooth. Now that the device has been "opened", you can expect an entire ecosystem to build up around the device, much like the iPod has.
peer-to-peer connectivity using Bonjour
developers can now allow users, from within the application, to purchase and obtain new content
No voice dial.
A client-server mechanism provides access to low-level system resources, and in fact the kernel itself is a server that parcels out resources to those applications that need them. This transaction scheme allows applications to exchange data without requiring direct access to the OS space.
C/C++ for porting existing UNIX applications, and Java to port Java ME MIDlets. As mentioned previously, the software stack offers several run-times that offer application development using WRT widgets, Flash, and Python.
The primary programming language for the platform is Symbian C++,
Handango has managed the wide-scale distribution of Nokia applications. In February, Nokia announced plans to launch its Ovi Store, which sells applications, videos, games, pod-casts and other content, similar to Apple's App Store. The store will be accessible by Nokia S60 smartphones in May.
Non-standard Symbian C++ has steep learning curve, with special idioms to master.
Large number of Symbian APIs to learn, since it contains hundreds of classes and thousands of member functions.
Manages multiple e-mail Exchange e-mail accounts, along with support for POP3 and SMTP, and e-mails can have file attachments
FIPS 140-2 compliant, and supports AES or Triple DES encryption sessions via BlackBerry Enterprise Servers
BlackBerry Device Software has enhanced the capabilities of the platform with its own Java virtual machine (JVM), along with new Java classes that offer multitasking capabilities and UI enhancements to go beyond the capabilities of Java ME.
You can also take existing Java ME code and add specific BlackBerry classes to make a hybrid Java ME application
don't intermix MIDP 2.0 and BlackBerry API calls that perform either screen drawing or application management.
The catch to writing an application that uses BlackBerry API extensions is that it ties the application this smartphone. However, this is no worse than using the unique Java classes found in Google's Android.
Apple promotes the design goal that applications should accomplish one purpose.
no Flash support, and you can't download files.
For non-Exchange users, Apple's MobileMe online service, after some fits and starts in 2008, now supports the push of e-mails and changes to the calendar and contacts.
The iPhone 3G can work in tandem with Microsoft Exhange Server 2003 and 2007 to support enterprise operations.
Cocoa Touch is a subset of Apple's Cocoa,
Cocoa Touch components manage most of the writing to the screen and playing media, yet there are APIs exposed that let you access the accelerometer and camera.
Quartz engine is identical to the one found in Mac OS X
Only a select few higher-level frameworks have access to the kernel and drivers. If necessary, an application can indirectly access some of these services through C-based interfaces provided in a LibSystem library.
the SDK provides Dashcode, which is a framework based on a Web page composed of HTML and Javascript. You can use DashCode's simulator to write and test your web application. You can also use several other third-party frameworks to write web applications, and debug these with Aptanna Studio's tools.
Made by HTC, the G1 is the first smartphone using the Android platform.
e-mail program (which makes use of Google's Gmail), a mapping program (using the company's Google Maps), and a browser that uses WebKit, not Google's Chrome web browser
Android is not Java ME, nor does it support such applications
ability to both browse and manage multiple IM conversations. On the other hand, such heavy use of the smartphone's CPU shortens battery life significantly. Maybe Apple is on to something in limiting the number of applications that the platform can run.
On the positive side, the Android APIs support a touch interface (and the G1 has a capacitive touch screen), but not any multi-touch gestures.
copying text from the web pages is the browser isn't allowed
The advantage to Android's use of a different bytecode interpreter is that the DVM was designed so that multiple instances of it can run, each in their own protected memory space, and each executing an application. While this approach offers stability and a robust environment for running multiple applications, it does so at the expense of compatibility with Java ME applications.
Seasoned Java programmers will find the Android SDK an amalgam of Java SE and Java ME methods and classes, along with unique new ones
compile the Java code to generate Dalvik bytecode files, with an extension of .dex. These files, along with the manifest, graphics files, and XML files, are packaged into an .apk file that is similar to a Java JAR file.
The certificate that you use to generate the private key does not require a signing authority, and you can use self-signed certificates for this purpose.
The Developer Phone provides access to a shipping Android device without the cash outlay or contract contortions required when developing for the other platforms.
in February the site began supporting priced applications. Google allows developers to take seventy percent of the proceeds.
it's possible that you might pick up a malicious application before it is detected by the user community.
Open source, open platform: if you hate the mail program, some third-party is writing a better one.
Lengthy developer's overview of Symbian, Mac OS X iPhone, Blackberry, Android. This talks about the leading app platforms except Java ME and Windows Mobile, though it does explain how Blackberry and Symbian support Java ME.
Not all operators are
symbols. Some are written as words. One example is the typeof
operator, which produces a string value naming the type of the value
you give it.
Having such numbers is
useful for storing strings inside a computer because it makes it
possible to represent them as a sequence of numbers. When comparing
strings, JavaScript goes over them from left to right, comparing the
numeric codes of the characters one by one.
There is only one value in JavaScript
that is not equal to itself, and that is NaN, which stands for “not
a number”.
In practice, you can usually get by with knowing that of the
operators we have seen so far, || has the lowest precedence, then
comes &&, then the comparison operators (>, ==, and so on), and
then the rest. This order has been chosen such that, in typical
expressions like the following one, as few parentheses as possible are
necessary:
The difference in meaning between undefined and null is an accident
of JavaScript’s design, and it doesn’t matter most of the time. In the cases
where you actually have to concern yourself with these values, I
recommend treating them as interchangeable (more on that in a moment).
. Yet in the third expression, + tries string
concatenation before numeric addition
When something that
doesn’t map to a number in an obvious way (such as "five" or
undefined) is converted to a number, the value NaN is produced.
Further arithmetic operations on NaN keep producing NaN, so if you
find yourself getting one of those in an unexpected place, look for
accidental type conversions.
g ==, the
outcome is easy to predict: you should get true when both values are
the same, except in the case of NaN.
But when the types differ,
JavaScript uses a complicated and confusing set of rules to determine
what to do. In most cases, it just tries to convert one of the values
to the other value’s type. However, when null or undefined occurs
on either side of the operator, it produces true only if both sides
are one of null or undefined.
That last piece of behavior is often useful. When you want to test
whether a value has a real value instead of null or undefined, you
can simply compare it to null with the == (or !=) operator.
The rules for
converting strings and numbers to Boolean values state that 0,
NaN, and the empty string ("") count as false, while all the
other values count as true.
where you
do not want any automatic type conversions to happen, there are two
extra operators: === and !==. The first tests whether a value is
precisely equal to the other, and the second tests whether it is not
precisely equal. So "" === false is false as expected.
The
logical operators && and || handle values of different types in a
peculiar way. They will convert the value on their left side to
Boolean type in order to decide what to do, but depending on the
operator and the result of that conversion, they return either the
original left-hand value or the right-hand value.
The || operator, for example, will return the value
to its left when that can be converted to true and will return the
value on its right otherwise. This conversion works as you’d expect
for Boolean values and should do something analogous for values of
other types.
This functionality allows the || operator to be
used as a way to fall back on a default value. If you give it an
expression that might produce an empty value on the left, the value on
the right will be used as a replacement in that case.
The && operator works similarly, but the other way
around. When the value to its left is something that converts to
false, it returns that value, and otherwise it returns the value on
its right.
Another important property of these two
operators is that the expression to their right is evaluated only when
necessary. In the case of true || X, no matter what X is—even if
it’s an expression that does something terrible—the result will be
true, and X is never evaluated. The same goes for false && X,
which is false and will ignore X. This is called short-circuit
evaluation.
Approve software
only if they have a well-founded belief that it is safe, meets specifications,
passes appropriate tests, and does not diminish quality of life, diminish
privacy or harm the environment. The ultimate effect of the work should be to
the public good.
Not knowingly use
software that is obtained or retained either illegally or
unethically.
Ensure proper and
achievable goals and objectives for any project on which they work or
propose.
Microsoft All-In-One Code Framework delineates the framework and skeleton of Microsoft development techniques through typical sample codes in three popular programming languages (Visual C#, VB.NET, Visual C++). Each sample is elaborately selected, composed, and documented to demonstrate one frequently-asked, tested or used coding scenario based on our support experience in MSDN newsgroups and forums.
Acceptance test-driven development is what helps developers build high-quality software that fulfills the business's needs as reliably as TDD helps ensure the software's technical quality.
Code developers often have a nightmare when their development environment gets corrupted or some other snags stop them from creating and deploying their application. If such a thing happens at the eleventh hour of code delivery, hell breaks lose. At such testing times how badly as a programmer you would have wished for some alternative.
CodeRun Studio is a cross-platform Integrated Development Environment (IDE), designed for the cloud. It enables you to easily develop, debug and deploy web applications using your browser. CodeRun Studio can be used instead or alongside your existing desktop IDE. You can upload existing code in order to test it in the cloud or for sharing with your peers. CodeRun Studio also enables you to instantly compile, package and deploy your code to the CodeRun Cloud .\n