Tuesday, December 15, 2015

What if security in software isn't really an issue?

This is a thought exercise as much as anything. I do think that software security is massively important and more should be done about it.

Anonymous Hacker

What if security in software isn't really an issue?

Yes, a few big names have been in the news recently but they must be the exception or it wouldn't be newsworthy. It's not like everyone is getting hacked all the time. Is it?

I don't worry too much about the security of my car. It doesn't have a fancy alarm and satellite tracking. There are many other cars that are easier to steal or are worth more to someone who wanted to steal a car. Isn't it the same with software?

Even if I, as a business owner, suffered a security breach there aren't any real consequences.
  • There may be some negative press for a short time--but all press is good press, isn't it?
  • There may be a small (relatively) financial consequence in terms of fines or legal bills.
  • No one of any note who has been hacked previously has suffered any major, long term, negative consequences.

It's said that education is the answer to solving software security issues but where's the motivation?
  • If there's no real consequence to security breaches, then why spend time and money educating people to prevent it.
  • If security isn't an issue, then we can get more developers into the industry faster as that's one less thing new developers have to be taught.
  • It's not just a developer education problem. Even if developers knew how to make more secure software they won't always be given the time and resources to do that if their superiors don't think it's important so you need to persuade the whole business on the importance of software security.
Trying to sell a solution to a technical problem (software security) that someone might not have, yet, to a non-technical stakeholder (someone higher up in the business than a developer) can be tricky. In trying to persuade them to fix a problem they don't have now you're selling risk/insurance.
Let us spend more time now to prevent an issue that we might have at some point in the future.
This may or may not work based on political, financial or other business constraints.

Then there are issues of accountability, liability and due diligence.
If there is a security breach who's responsible? The developer? Or the more senior person(s) in the company who didn't ensure developers had the time, knowledge and resources to do what's best for the company?
There's also no way to be certain you're secure. So how much effort should be put into having more security? When do you stop taking more time and expense to increase security, for an uncertain return?

Even the systems we have in place to try and ensure some level of security aren't brilliant. A few years ago (yes noting that things may have changed in the intervening time) I was working on a website that had to go through a PCI compliance check. I was shocked at how little the check actually covered. Yes, it meant the site was not doing some bad things but it doesn't mean it was doing only good things. The checks potentially left a lot of what I saw as possible security vulnerabilities--which I ensured were addressed.

Let's just forget about all this though. Software security doesn't really matter as there are no real consequences to the business and the only people who seem to talk about it are developers pointing out what they think are the things the other developers didn't do or did wrong.


But wait, could capitalism solve this problem for us?
Education (of developers) is largely claimed to be the solution here but is capitalism, not education, the way to get change? - If more companies get hacked then insurance claims and therefore premiums will go up--eventually to a level which makes a difference to the company. At which point there will be incentives for being more secure - and even proving it. If a company could do things to prove it was serious about preventing software security issues it might then be able to get a discount on the related insurance.
What if a business could get cheaper insurance for software related security issues by signing up to a service from the security company which would continuously be checking for breaches?

  • The insurers would benefit if they didn't find anything as they'd be less likely to face related claims.
  • The insurers would benefit if they did find something as they could put up the premium and hopefully the company could implement a fix before it is exploited and so not have to make a claim.
  • The company would benefit if no vulnerabilities are found as they'd pay lower premiums. Plus their user data and business continuity would be protected.
  • The company would benefit if something was found as they'd have the opportunity to fix it before it being exploited.

Those doing the testing would be incentivized to find exploits and disincentivized from missing something that is later exploited by another party.

Could this be done now?
Unfortunately, I think not. It depends on the costs of having security experts work for the insurers and paid for (either directly or indirectly) by the companies taking out insurance.
Sadly, I think we'll need more exploits, pushing up insurance premiums further, before this becomes financially viable.

Things look like they will get worse before they get better. :(


Tuesday, December 08, 2015

How do you test your Windows Apps?

Checklist Chalkboard

When you're testing your apps, how do you do it?
Do you rely on yourself and your memory of things you should be testing or testing for?
Or have you created your own checklist?
If you have created one, how do you know it's complete?
Or if you haven't, where would you begin creating one?

Whatever you situation, the App Quality Alliance are here to help you. They recently (the end of November) released two documents specifically designed to help anyone testing Windows apps.

Baseline Testing Criteria for Windows Applications

Accessibility Testing Criteria for Windows Applications

Whatever your experience with app development, testing, and/or windows there should be something in here for everyone, to help you be confident you're releasing high quality applications.



Gratuitous self-promotion: I served as the technical reviewer for these documents.


Tuesday, December 01, 2015

Raisin' up app news with AppRaisin

Are you a Windows [Phone] app developer who wants another way to tell potential users of an app about it's launch or major update?
Or
Are you interested in hearing about new and updated Windows 10 apps?
Or maybe you're both.

If any of the above apply to you then you should check out AppRaisin by AdDuplex.


It's like a social news site focusing on Windows app news.

Users decide what news rise to the top by "raising" the apps they like and ignoring the noise. This way enthusiasts get to make sure that top of the crop apps get the attention they deserve and less active users get a curated list of just the best app news.

If you want to discover some of the best new apps then check it, and them, out now.

Download the universal Windows 10 app from the store now.

Tuesday, November 24, 2015

5 signs you're thinking about testing your code incorrectly

Test runner output showing both passing and failing tests

Having code that can be tested in an automated way is essential when it comes to making software that you can support and update quickly. Unfortunately there are still many developers for whom testing isn't a priority or even a consideration :(

Here are five indications that you're not prioritizing testing appropriately as a developer, and the consequences thereof:

Tuesday, November 10, 2015

Windows 10 developers need help!

I guess that's why there's so many helper classes!

Here are a few links to MSDN:



And here are a few others:

  • System.Runtime.CompilerServices.RuntimeHelpers
  • System.Runtime.InteropServices.ComEventsHelper
  • System.Runtime.CompilerServices.CallSiteHelpers
  • System.Runtime.CompilerServices.ContractHelper
  • System.Reflection.Emit.OpCode,System.Reflection.Emit.SignatureHelper
  • System.Reflection.Emit.SignatureHelper
  • Windows.ApplicationModel.DataTransfer.HtmlFormatHelper
  • Windows.Security.Cryptography.Certificates.KeyAttestationHelper
  • Windows.UI.ColorHelper
  • Windows.UI.Xaml.CornerRadiusHelper
  • Windows.UI.Xaml.DurationHelper
  • Windows.UI.Xaml.GridLengthHelper
  • Windows.UI.Xaml.PointHelper
  • Windows.UI.Xaml.RectHelper
  • Windows.UI.Xaml.SizeHelper
  • Windows.UI.Xaml.ThicknessHelper
  • Windows.UI.Xaml.Controls.ListViewPersistenceHelper
  • Windows.UI.Xaml.Controls.Primitives.GeneratorPositionHelper
  • Windows.UI.Xaml.Markup.XamlBindingHelper
  • Windows.UI.Xaml.Media.MatrixHelper
  • Windows.UI.Xaml.Media.VisualTreeHelper
  • Windows.UI.Xaml.Media.Animation.KeyTimeHelper
  • Windows.UI.Xaml.Media.Animation.RepeatBehaviorHelper
  • Windows.UI.Xaml.Media.Media3D.Matrix3DHelper




And probably more...




Friday, November 06, 2015

Don't throw away cached data just because it might have expired

Following on from my post about etags, earlier this week, there's something related to caching that I've seen many apps do wrong.

It basically comes down to this: just because the timespan that a server says content can be cached for has expired doesn't mean that the content will be changed.

Let me demonstrate by way of an example.

Imagine this scenario:

- App want to display an image from the web.
- App requests the resource
- Server returns resource and also an expiry header saying it's good for 24 hours
- App displays the image and recognises the header so saves a copy of the image for later reuse. (That it recognises the header and caches a copy of the image is already better than many but let's keep going.)
- App is closed after two minutes of use
- App is reopened six hours later
- App shows image from cache as it hasn't expired.
- App is next opened two days later
- App ignores the cached image, as it's expired, and so goes to the server to get it again.

Notice that last point.
What if the image hasn't changed?

Was the best thing the app could have done to:
- briefly show a space/placeholder while the image is downloaded again?
- waste data downloading the same thing again?

Wouldn't it be better to:
- keep showing the original image
- check if the image is still valid. (using, for example, etags or if-modified-since headers)
- if it is still valid, then update the expiry time/TTL stored locally
- if it is no longer valid then update the locally cached and displayed image.

Yes, it's a little bit more work but it's a better experience.
- less, duplicate, content need be downloaded
- consistently display images that haven't changed

It may not by the right approach for every image and is dependent upon server support but definitely worth considering.




Tuesday, November 03, 2015

A simple explanation of etags

I recently worked on an app where I was responsible for some of the performance improvements on the networking side. This applied to both the speed and size of the data being transferred. It was an app that retrieved a lot over content over HTTP.

After adding gzip support the next thing I wanted to add was support for etags (entity tags) as they were the caching method supported by the server.

Amongst the other developers on the team there was some scepticism about the value of this. They'd not used etags before and so some assumed it wouldn't be worth doing.
It turns out this scepticism was due to ignorance. As they'd not used them before they didn't know how they worked.

With so much of software development involving data retrieved over HTTP I'm still surprised when developers aren't familiar with some of the more common HTTP Headers.

While working on this, my son (age 8) asked what I was doing at work. Here's how I explained it to him and how I've since explained it to other developers who have found the simplicity helpful.


Imagine I wanted to know a list of your friends.

You tell me that they are Archie, Bob and Charlie. Additionally you tell me that these are represented by special code 1.

The next time I ask you for a list of friends I can say that if they can still be represented by special code 1 then you can just tell me that they haven't changed.

That time you respond that they haven't changed.

Some time passes and I ask again. Still stating that I know what they are if special code 1 applies.

This time you reply that they are now Archie, Bob and Dan and these are represented by special code 2.

Some more time passes again and I can ask the question again this time stating I know the answer if it can be represented by special code 2.



So, in the above example the "special code" is an etag.
In the HTTP world the server responds with the content requested and an etag value in the header.
On subsequent requests I include the previously returned etag in the If-None-Match header.
If the content doesn't match that tag then a new response is returned like the first one. If the content hasn't changed (and does still have the same tag) then the server responds with a 304 (Not Modified) status.

The value of all this is that you can be spared the network overhead of the server returning data that is the same as what you've already received. This saves the time and cost (if on a mobile network or other connection where you pay for data) of the data transfer. You also avoid having to process data that matches what you already have.

There are downsides though too. You have to track the different etags for different requests. You may have to store the previous responses. (Especially if you want to use etgs beyond the single use of an app.) You also have to write your code such that it can handle a 304 response. This may mean that you can't treat a response with no body as an error. (Something I see a lot of people do.)

In the above mentioned team there was concern about the impact on the total amount of data sent by adding the extra request header. In reality this was much smaller than the several kilobytes of data we were saving on each not modified response. By adding support for etags we were able to substantially reduce the amount of data the app consumed.


This isn't the only way to not get data that hasn't changed from the server on subsequent requests and there are situations where it isn't appropriate or even possible but I think it's probably the simplest and definitely one to be aware of.




Tuesday, October 27, 2015

Shouldn't we aspire to optimize [code] everywhere?

[Searching through my long list of partially finished blog posts I found this. I think the principles are still relevant so posting it now.]

Last weekA [long] while ago I wrote a post about how I've seen a change in the places where it's important to write optimized code.
One of the responses I got was that "shouldn't we aspire to optimize [code] everywhere?"
This strikes me as the result of a very developer/code focused reasoning and is, I feel, a topic worth discussing further.

Let's start by looking at this from a purely developers perspective. By which I mean we're only thinking about the code and there are no other considerations.

Given no other constraints then it may be fine to spend indefinite amounts of time on optimizing code. That is, getting it to run faster or use less memory or any other attribute by which we may measure code.
But to what end?
What benefit does such optimization bring? We may be able to say it's better but if that only benefits our developer mentality then is it worth it?

For most of the time there are external constraints when writing code. If writing for someone else (say as part of your job) there's probably a time and cost constraint. Either code must be written by a certain date/time or there is only so much budget to pay for the development effort.

Even if we are writing code for our own use then there will be a point when it's "good enough" to use. Yes we might be able to make it better than that but should we? If we want to keep making it better then at what point do you stop? If it's theoretically possible to make it faster do you put off shipping?

But what are we optimizing for in the first place?
Because we can?
Or because it will provide a measurable benefit?

On .net rocks show #1003 there was discussion about the value of performance improvements and the following claim:
“The threshold of perception is 2%. The threshold of meaning is 20%”
This means that if you can’t make it 20% better (faster) then the user won’t care.

Do you really need to spend a lot of time optimizing your code for only a small performance improvement? Probably not.
But yes, also a difficult discussion to have when you have to optimize performance to hit some arbitrarily defined number. (If you've ever had a project where someone has decided that X must be done in 300 milliseconds and you're busy trying to get it down from 305 then you have my sympathies.)


Yes, performance is a feature and yes you should make things as good as you can. Just remember to balance them against being usable and good enough.






Friday, October 23, 2015

I don't need to know about your errors

 

Look at these screenshots I captured today. (from public, released apps - if you really care which apps you should be able to make an educated guess.)
Disappointing isn't it?

Disappointing for at least two reasons:
1. There was an error
2. The app developer thought the best thing to do was put the exception details on the screen.


  • As the user of these app what am I supposed to do with this?
  • How does seeing this help me do what I was trying to do?
  • What are you trying to achieve by displaying this information?
  • Why no helpful error message?
  • Why no instructions on what to do now this has occurred?
  • Has this information been reported back to you so the app can be updated to appropriately account for this scenario in future?
  • Should I forward this to the app developer? If so, how?
  • Would additional information about what I was doing when this happened be useful to the developer? And if so how should I provide it?
  • Is it safe to keep using the app as is? Should I restart it? Or come back later? Or maybe wait for an update?
  • Are the developers already aware of this issue? Has it been reported before and they know about it? Or is this a new thing?
  • When can I expect this to be fixed? If ever?
  • and many more questions....but hopefully you get the idea.



You wouldn't do this in your app. Would you?


Thursday, October 22, 2015

Stop frustrating me with your SPA web apps

tl:dr; it's about the person using it, not the technology.

This will get ranty. I understand if you want to skip this ;)

Spa-Franchorchamps

Congratulations, you've built a fancy new, all the rage, website using the SPA (Single Page App) style where everything is shown on a single page with all the content swapped in/out and loaded as needed.
Good for you. You've done something fancy with technology.
However.

How is someone supposed to link to a specific piece of content? 
The way everyone has always done this is by grabbing the URI from the address bar. You are modifying the address bar (at the very least by changing fragments and allowing them to be used as direct links) when you change what's displayed on the screen, right?
No, having a share link somewhere on the page isn't enough. Especially if that only loads a popup containing the link.

What happens when someone scrolls down through a large amount of content and then loads a small amount?
So, I'm on a page with a lot of content. I scroll down so I can see all that content and then click a link to see something else but the screen goes blank. What happened? A bug? Is there no content? Is it a link to a blank page? Is it still loading?
No. The large amount of content was replaced with a small amount but the height of the page wasn't adjusted so the content is at the top but I'm still looking at the bottom. Is it really too hard for you to adjust the total height of the page or just automatically scroll me up so I can actually see the content I just clicked on?
Yes, I know that scrolling up isn't too hard but it's not a case of just scrolling up. It's: look at the page; wonder if it's still loading; decide it's not; scroll up to see if something is there; be frustrated that the website made something that should have been trivially simple (show the content for the link I click on) much harder than it needed to be.
This also applies to paged lists too: scroll down a list; click on "next page"; list updates but I'm left looking at the bottom of the list (which is now the bottom of the second/next page); have a sad face; scroll back up the list, all the which thinking about alternative apps/sites I could use in the future.


Yes, individually these are just minor things but I'm starting to see them more and more. If your site does this then you're breaking expectations about how to work with (use) websites



Wednesday, October 21, 2015

The user group I organise now has a code of conduct

(Well actually I added it last week.)

Much has been said over the last year or so about codes of conduct (CoC) at conferences and hackathons. I've not heard anyone else talk about them with regard to meetups/user groups but, as a group organiser, they've been on my mind for a long time. Should we have one? Shouldn't we? Do we really need one? What if we do? What if we don't?
I see user group events as being no different to mini-conferences so that seems like a good reason to have this discussion.

As the title suggests we do now have one and I've written about why on the group's website but I thought it might be worth sharing here too.

Ultimately it came down to two reasons:
1. The people who aren't already coming
2. Potential speakers.

The people who aren't already coming.
We haven't had any issues with the people who are coming. (I know that some people assume that CoCs only get created in response to issues. We haven't had any and hope we don't.) This is about people who aren't coming and don't know what to expect if they do.
As a group we're happy for anyone to attend who is interested in the subject (of creating apps). What matters is your interest in the subject. What doesn't matter is where you're from, what you look like or how you identify yourself. In fact having people attend who have a broad range of ideas, experiences and backgrounds is a great thing as those factors can bring new perspectives. It's the opportunity to meet, hear from and exchange experiences and ideas that meeting in person provides. If we were all the same it would be very boring. The CoC just says that we acknowledge differences as a good thing and it's not acceptable to discriminate or act inappropriately in reference to those differences. We know it can be intimidating to go somewhere for the first time when you know you may be different from the other people there. We just want to say that we know that can be the case and we want you to feel welcome if you do come.

Potential speakers.
Hearing speakers, from other events, start to say that they won't speak at events that don't have a CoC could also have been potentially limiting. They don't want to be involved with communities that aren't addressing this potential issue.


If you're interested you can see it at http://windowsapps.london/conduct/

If you've got an opinion on this I'd love to hear it.


Tuesday, October 20, 2015

How much would you pay to get another user of your app?

Once you've built an app it's perfectly understandable that you want as many users for that app as possible. But how do you get them?
I regularly hear developers complain that they are disappointed and frustrated that people aren't just finding their app (and installing it) or they're upset that the store isn't promoting their app.

One of the common approaches to user acquisition is advertising. I find that it's common, particularly amongst those with a development background, to underestimate the cost of advertising and have unrealistic expectations about what they can pay to acquire new users.
"$0.10 per new user is far more than I want to be paying" - A developer
To get a feel for what other companies/developers are willing to pay for a new user, I looked at 50 randomly selected campaigns for both iOS & Android from AdDeals and plotted it in this diagram:
(Yes, it's a box-and-whisker diagram. And, no I haven't made one of these since I was in school.)


It roughly tallies with Cost Per Install (CPI) data from Fiksu from last year.

That's an average of between $1.00 and $1.50 per new install.
Yes these figures are for Android and iOS - there just isn't enough Windows data out there that I could. I expect it to be roughly the same situation there though. Sorry if that's what you want. Or if you know of some I'd love to hear it.

So what?

So, consider how realistic your expected figures for what you'll spend to get new users are.

You may be competing for users against people who are prepared to pay. And those who are prepared to pay more will get more ad space.

The above AdDeals figures are based on "non-incentivized" installs. This means that the apps can't offer benefits to users of an app for installing another.
Why so?
Well, would you want someone to install your app just to get a benefit in another app. If that's why they installed your app do you really think they'd become regular users?
Surely you want people to install your app because they want to use it.

Having the people who install your app actually use it is especially important if you're paying for the user acquisition. After all, if people don't use the app how will you monetise their use and recoup the cost you paid for the acquisition?

Why such a range in the amounts above?
Because different apps will be able to earn more from each user. If a user of an app will typically earn the app's creators $9 in profit it's worth spending more to get that user than an app where users typically only earn the owner $1. It's simple economics.


But what if you can't afford or do want to pay for advertising?
Well then you need to consider other ways of attracting new users. Maybe you could consider cross-promotion. ;)


Tuesday, October 13, 2015

The problem with smart watches (and smart bands)

As more and more functionality moves to the mini computers we wear on our wrists and people talk about them replacing the computers we carry in our pockets (phones) there's a big drawback to be aware of.

Apple Watch and Microsoft Band on wrist


Interacting with a device on your wrist requires you to use the other hand.
I've seen a few experiments where devices on the wrist can detect responses to notifications on the wrist by specific gestures and movements with the hand but nothing that can let me browse content or initialize an action. While I expect lots of people to end up experimenting with this in future, I'm not expecting anything amazing any time soon.

The device in my pocket? I can take that out and use it (well the vast majority of functionality) with just one hand.

This matters because there are often times when it's not always possible to use both hands. Sometimes it's just more convenient to only use one.

Yes, some interesting things are happening, and will continue to happen, with wrist worn computers. Just don't expect them to replace the ones in your pocket for quite a while yet.



Wednesday, September 23, 2015

Using Application Insights to Improve Mobile Beta Testing

I was recently asked to write a post for the Microsoft MVP Award Program Blog about how you can use data captured with application insights to improve your beta testing.

Application Insights - lightbulb logoHere's a snippet:
When it comes to beta testing, unfortunately, many developers release the app to their testers and then just sit back and hope for feedback. In many scenarios just hoping for feedback isn’t sufficient and so to ensure you're getting both the most feedback possible and the test coverage you would like it is important to be proactive about capturing feedback and monitoring what the testers are doing.



Read the whole thing at:  http://blogs.msdn.com/b/mvpawardprogram/archive/2015/09/22/using-application-insights-to-improve-mobile-beta-testing.aspx





How I fixed broken WiFi after upgrading to Windows 10 - and it wasn't a VPN issue

I just upgraded another laptop from Windows 8.1 to Windows 10.
I kicked it off overnight and all looked good in the morning. Until, that is, I tried to access the internet.
Everything was ok with the routers and I could connect to multiple networks from other machines but none would work on the newly updated machine.

Searching the internet I found many other reports of a similar issue and most seem to be due to a problem with old VPN software.

This wasn't my situation.
Eventually I found this solution:

Go to: Control Panel > Device Manager > Network Adapters > Select WiFi adapter > Advanced Tab > Roaming Aggressiveness > change to highest.


 This worked for me but YMMV.


This worked for me too:



Wednesday, September 16, 2015

Effective pixel sizes for different Windows 10 devices


When defining layout in a UWP app, measurements are in effective pixels (EP).
Here, for my reference as much as yours, is how the EP values for a range of devices compare.


Device Effective Pixels
4" phone 320x533
5" phone 360x640
6" phone 432x768
8" tablet 640x1024
12" tablet 960x1440
13.3" desktop 1280x720
23" desktop 1920x1080
xbox (42") 1280x720
55" Surface Hub 1920x1080
84" Surface Hub 2560x1440

Or to compare they can be visualized like this:



There's also HoloLens and IoT devices to potentially consider too.
Details for HoloLens are not yet available and the range of possible screens you could connect to an IOT device is incredibly broad so I chosen to leave it out.


Monday, August 17, 2015

Why the Windows 10 Universal Windows Platform Bridges are a GREAT thing!

At the build conference earlier this year, one of the more controversial announcements were the "Bridges" that were introduced.




These "bridges" are new ways of building apps and involve using tools and languages that are different from the "native" methods of C#, C++, VB.Net or F# for the code and XAML or Direct-X for the UI.

They allow the use of Objective-C to build UWP apps, or repackaging Android APK bundles, Native Win32 apps or websites as Windows 10 apps.

Recently the iOS bridge has been open sourced and made publicly available. There's also been a leak of Project Astoria (the Android bridge).

Some people (mostly developers) think these bridges (for Android and iOS in particular) are a bad thing. I don't.

I suspect that negative reactions to the bridges are mostly reactionary and come from a place of fear, elitism and uncertainty.

If you've spent the last few years building Windows and Windows Phone apps you'll have built up some skills and experience that you were probably hoping would help you build similar apps in the future.
That's no bad thing but some people presume that the introduction of these bridges means the end of native development for Windows (& Phone) using C# & XAML. That's probably a bit of a reach.
If you've been doing native development professionally, especially as a contractor, then you may be more concerned. There will probably be less work creating ports of other apps to Windows (Phone/Mobile).
Yes, losing your job is a bad thing and I know of one person who has lost their job due to a change in need for developers who can do straight ports of Android apps to Windows Phone. If you end up unable to find work I don't think you can solely blame the bridges though.

I believe that many of the skills and experience that are used to create great apps for Windows and Windows Phone can also be used to create other things too.
If you've been developing such apps you'll know more than just how to use a specific SDK or programming language.

If someone explicitly told you that you could keep building apps for Windows/Windows Phone with the same skills and knowledge for a long period of time I'd take them to one side and have a quiet word.

The world of software development is ever changing and in the world of mobile development particularly so. This is a world where we can almost guarantee at least one new major OS update every year. A place where tools, technologies, languages and frameworks are regularly updated or replaced. This is not a place you can afford to stand by for a long period of time and expect nothing to change. The mobile app landscape was very different 5 years ago.

If you'd decided that you will only ever continue to develop apps for Windows and will only consider using C# and XAML to do so (I've spoken with a few developers who have this attitude) then you're making things hard on yourself.

If you want to stop with what we've got now, why stop now? Are things not going to get better or easier in the future?  If now, why now? Why didn't you stop at some point in the past?

If either on your own or on the advice of others you are confident in the technologies and levels of knowledge you will need to continue building apps for the next few years would you please share them with the rest of us. Oh, and if you're really that good at predicting the future can you let me know next month's lottery numbers. (Actually, you might need them too, if you're going to refuse to learn anything new and insist that you'll keep using the same tools to build for the same platforms evermore.)

So, if we can't rely on a future of porting Android and iOS apps to Windows/Windows Phone, what can we do?

How about something new? Rather than just reinventing the wheel.

Getting to do exciting new things is better than just rehashing what already exists. Even if it is easy money.

We don't build a better future by just building variations of things that already exist. There's more to life than just building apps.


That was a lot of words and some sentiments that I know many will take umbrage with so let's recap the details.

Why they may be a bad thing?
- Less investment in native Windows apps may affect people looking for work doing such.
- Running Android or iOS apps on Windows (Phone) may create a sub-standard app experience that could put users off the platform.
- Existing Windows developers abandoning the platform in backlash at the news. (I've heard a few people claim they're going to do this.)
- Windows may be seen as just a third place ecosystem where running a version of an app built for another OS is good enough. The knock-on effect of this could mean fewer companies considering developing for Windows at all and the platform taking a decline.
- Lack of access to Windows specific features may lead to apps that don't work as well or show the platform in the best light.

Why they may be a good thing?
- More "official" apps coming to Windows sooner as the process is easier for companies to do so.
- More "official" apps should lead to a stronger platform that attracts more users and could lead to opportunities for other apps.
- They allow companies to not need to build the same thing an extra time. This means they can focus on building better products that work across multiple platforms.

Why don't the matter?
- The Android bridge only works on the "Mobile" version of Windows 10.
- There are still things (features, APIS, etc.) you can only build/access with native Windows technologies.
- The bridges don't let you target everything you can with Microsoft's own technologies.
- The existing skills you already have (I hope) enable you to do more than just build native Windows apps.
- Visual Studio and other development tools from Microsoft are super powerful and can enable you to be more productive building native Windows apps than adjusting existing Objective-C or Java code to run on Windows.


And one final question that I know has come to mind for a lot of independent (hobbyist) Windows Phone developers.

What if you've built a WP version of an app that wasn't on the platform and now may be?
Many developers have seen spaces left by the "app gap" and created their own apps to fill these gaps. This typically means building a version of an app that exists on iOS and/or Android for Windows Phone. I've had a few people ask what these bridges mean for them. Their concern is that the official version of the app may now come to Windows Phone (probably via the Android bridge) and so be competition for their app.
This is a curious situation. Surely if building a 3rd party app because the creators of the app on other platforms haven't built a WP version because they see a lack of opportunity for return on investment, the creator of the 3rd party app is relying on the platform not getting big/popular enough that a first party/official app is released. At the same time they almost certainly want as many users of their app as possible.
If an official app is released and you've built your own version of that app it may not be the end of the world for you. Here's why:
- The launch of the official version could bring a wave of promotion that you could benefit from.
- You already have a user base. Will they automatically leave? If so, then wouldn't you have been vulnerable to another 3rd party app.
- Hopefully your version will be better suited to the Windows Platform and so feel more natural to people familiar with the OS.
- With a native app you can do more platform specific things that an Android app running on Windows can't.
- You can specialize in the features of your app to better serve a niche or certain type of user or certain scenarios. After all, there are many services which provide an official app but for which there are also many successful and popular third party apps that are also for the same service.



Thursday, August 13, 2015

My thoughts on the Surface Hub now I've used them


Yesterday I got a hands-on with both sizes of the Surface Hub. If you're not familiar with the name it's Microsoft's new wall mounted computer intended for collaborative work and meetings.

In the picture above you'll see the small one (yes really) which is a 55" 1080P screen. There's also an 84" 4K version.

They're available for pre-order now but aren't expected to ship until January 2016.
The small one is $7k and the larger is $20k. So, not cheap.

These devices really excite me. I'd love to do some work with collaborative software on such devices. In fact, given the choice, I'd take one of these over a HoloLens! Don't mistake them for just an all-in-one PC with a massive touchscreen. These are a completely new type of computing device.

I was very tempted to order one when orders opened last month. I held out though for two reasons.
Firstly I don't have anywhere to put one.
Secondly I had concerns about the screen on the 55" one.

1080P on a 55" screen means the pixels must be quite big. I have a 1080P screen on two 5.5 inch phones I carry in my pocket all day. I've learnt that a 1080P screen that is only 5.5" in diameter means that I can't see the pixels. I was concerned that I'd see the pixels on a 55" screen.

Having used one, the curves on a circle and diagonal lines were decidedly blocky when I was standing in front of the 55" screen. Personally I'd expect that I'd spend a lot of time very close to the screen and so this would constantly bother me. :(
This isn't typical of most user though. I understand the intention/expectation is that most people using the surface hub will view it from a distance.
From a distance both sizes looked great.

If the 55" device had a 4K screen then it would be very compelling.

My first reason for holding out deserves further comment too. These are not light devices. You're not going to hang them on a plasterboard wall. You'll want to seriously consider the structure of the wall you want to put it on. At these prices you don't want one falling off and breaking. Or worse, falling on someone.

Using the 84" version brought up usability ideas I hadn't thought of before.

  • How do you mount it so that short people can reach the top and tall people easily reach the bottom?
  • What about people who can't reach the top? Apps that require a swipe down from the top may have issues if the user can't stand.
  • Having a button on one side may mean a few steps for a person standing on the other side of the screen if they want to touch it. Might buttons on both sides be better?


What I saw was not the final version of the OS and so didn't handle multiple concurrent users. It was all very exciting though.


Tuesday, August 11, 2015

Looking at the AdDuplex data differently: Treating variants the same

If there are two variants of a phone: for example one that takes one sim card and the other two; or one version that supports LGT and one that doesn't. Are they really different devices?

Each month, AdDuplex releases stats based on the devices that it serves ads to. You'll find July's stats here.

In looking through the data, it made me wonder if the device variants were really that different. What if we considered the Lumia 520, 521 and 525 as the same. And of course the 630 & 635. And the 530 & 535. etc. etc.
So I rehashed the data to combine the Lumia figures ignoring the last number and replacing it with an 'X'

Here's the impact on the top ten most popular devices.
Make of it what you will.


So, it's still all 5's and 6's.
The 64X is higher than I would have expected.
The 1320 is a nice surprise too.

Yes, you may quibble over whether the 640 & 640XL should be considered the same or claim that 928/Icon is more like the 930 than the 920 but here we are. If you can come up with a really convincing argument for me to adjust accordingly I might be persuaded ;)


Friday, August 07, 2015

Creating an Xbox One style loading indicator



If you've started an XBox One you'll have seen the loading screen where the three white circles pulsate below the logo while the console starts up.

Watching this the other day I thought I'd have a go at recreating such an animation. (I've been looking at a lot of loading indicators recently and thinking about different ways of displaying a waiting state.)

After fiddling around in Blend for a bit (I decided to just do it all in Blend for a change) I came up with this: https://github.com/mrlacey/XboxStyleLoadingIndicator

It's a (Windows 8 style) Universal project but the UserControl in the Shared project will also work with Windows 10 (and probably WPF & Silverlight too).

It's quite simple.
It has `Foreground` and `Background` Brush properties, that are set to White and Green by default.
It has an `IsEnabled` property that you can bind to if you're so inclined.
It has `Start()`and `Stop()` methods, and if you can't work out what they do then you're probably in the wrong place.

Here's the interesting bit:
I don't like it when animations stop abruptly part way through or when loading indicators flash up on the screen for only a split second. Some people use a timer for preventing very brief display (e.g. the indicator must be shown for at least N seconds before being hidden) but that doesn't prevent it disappearing part way through the animation. To address this I made the control so that it will always complete the animation it is doing before stopping. This means that calling `Stop()` or setting `IsEnabled` to false won't immediately make the animation go away. If that's what you want then change `Visibility` or hide or remove it in some other way. ;)


There are a couple of known issues:
- You have to specify a background colour that matches the background of whatever it is displayed on top of. This means it might look odd if not on a solid colour background.
- It doesn't scale well. But you could easily modify the code in the UserControl if you wanted something bigger.

Both of these issues could be addressed by switching to using a Path, rather than the Ellipses I'm using at the moment. It might be something I get round to eventually, But if you'd really like to see it sooner then let me know.


Thoughts? Interest? Feedback?


Wednesday, August 05, 2015

How important is the color of an app icon?

So, someone is viewing your app in the store. How much effort do you put into optimizing what they see?
What about the colour of the app icon?

I have an app I use for demos, experiments and the like. It's called PhoneBook.

It has a bright pink icon.


The reason it had such a coloured icon was to try and make it stand out. There are aren't a lot of apps with pink icons:


So, earlier this year, I decided to do an experiment to see what impact changing the icon colour would have on downloads. I didn't change anything else in the app or store description or do any other promotion. I just tried different colour icons to see what impact it would have on organic downloads.

I tried six other colours to see what impact they would have and ran with each colour for seven days.

I had my suspicions about which would be positive and which would have a negative impact on downloads.

Quick.
Before you scroll down any further, which colours do you think would increase, and which would decrease downloads.




Have you made a guess?



Here's what happened:



Compared with the last week in pink, just changing the color of the icon of the app in the store saw downloads increase by 23% or decrease by 19%.


What colour do you use for your app icon?
Have you explored what the difference might be if you changed the colour of it?
It might be worth the change. But you won't know if you don't try.



Windows 10 as a meal


Imagine Windows 10 as a meal.
It's a pretty special meal, so let's consider it a banquet.

symmetrical gluttonyNow, if you look at what we have in Windows 10 so far it might seem a bit disappointing.
Here's the thing though. If Windows 10 is a banquet, what we've had already is just an appetizer. It might be considered a very nice appetizer. You may consider it better than the appetizers you've had before, but it's an appetizer, or first course at best, none the less. Don't mistake it for the full banquet.
This is just the starter. The really good stuff is yet to come.

Like a banquet with many courses, we're not going to get all of Windows 10 at once.
We're going to get familiar things like a new mobile operating system. We'll have specialist foods like an IOT platform and we'll have strange, exotic new things like Surface Hub and HoloLens. Then we'll round it all off with a playful XBox dessert.
Now that sounds like a much better meal.

If what we've got so far is great for you, enjoy. Dig in.
If you want to wait a while and see what is yet to come then that's ok too. You don't want to fill up on bread.

I think that it's future meals that will be where things get really interesting. It seems a bit like Microsoft have spent the last few years rebuilding the same platforms over and over again. If Windows 10 is the OS for the next few years (at least) then we can look to some polish coming in future. Give an expert chef some time with a certain recipe or set of ingredients and they should be able to come up with something fantastic. ;)


Like all analogies this is obviously flawed, but hopefully useful. Let me know your thoughts of Windows 10 so far.


Monday, August 03, 2015

Two approaches to updating your app to Windows 10

So, you want to make a version of your app that targets Windows10.
That seems like a great idea but how do you go about it? After all, there's no "Update this project to Windows 10" option like we've had in previous versions.

You almost certainly want to keep your existing code so you can continue to provide updates to users who haven't yet updated to Windows 10.

This leaves two options:

1. Create a new project and copy files (or links to those files) into the project.
    More at https://msdn.microsoft.com/en-us/library/windows/apps/xaml/mt188198.aspx

2. Copy the existing project files and modify them.
    More details at https://msdn.microsoft.com/library/mt148501(v=vs.140).aspx





Thursday, July 30, 2015

Unexpected Windows Phone errors

I've been updating an app that targets WP8.0.
With a couple of hours spare I've been looking through the dev center health reports to see if there are any exceptions occurring that I can do anything about.
It seems that I'm not be defensive enough in my coding and previously didn't allow for things that should never happen from happening. :S

Yes, really.

Even if it's not displayed an app should always have one tile, the "primary tile" that can be accessed in code so it can be updated.
Like this:

var primaryTile = ShellTile.ActiveTiles.First();

Except when it can't.

According to the stack traces, the above has failed.
The lesson? Always use `FirstOrDefault()` even when there should always be at least one and you want the first.


A page has a State dictionary that can be used for storing details while the app is deactivated/tombstoned.

You should always be able to access it and it should always exist:

protected override void OnNavigatedTo(NavigationEventArgs e)
{
    base.OnNavigatedTo(e);
 
    if (this.State.Count > 0) 
    {

But then, apparently (according to the exception details) there may be an exception when accessing the `State` property.



For an app with over a million installs the number of times the above have happened is incredibly small but may be worth noting if you want to be super robust in your code. Of course, if you not busy with Windows 10 related things ;)


Wednesday, July 15, 2015

My CTR has gone down - but I'm not concerned

Here's my CTR for the two weeks before and after I switched to real-time bidding for one of my AdDuplex campaigns.



I've dropped from an average of 1.8% to 1.2%. That's down by a third!


Is this a bad thing?

If CTR was what i was most interested in then I'd be concerned.
Many people would be very worried about this change.

However, here's the important thing.
Over the time period I spent the same budget every day and the clicks did this:


For the same budget, the number of clicks went from an average of 184 to 290. That's an increase of 57%. This is a very good thing.

On its own, CTR is a potentially misleading statistic as it doesn't show the whole picture. Without knowledge of the number of impressions CTR is meaningless. A high CTR from a low number of impressions could be a lot less than a low CTR from a very high number of impressions.

My ultimate aim from buying the advertising is to increase the number of downloads I get. Clicks are a proxy for this figure as the store won't yet tell me where referrals come from. Without the store listing changing over this entire period I can assume that the conversion of people clicking on the ad to eventually installing the app has remained constant.

CTR is indicative of a means to an end. Don't be deceived into thinking this is what ultimately matters. It's the return on investment that's should be monitored and in this case that means clicks.


Tuesday, June 30, 2015

AdDuplex has introduced real-time bidding - what this means for you

Last week, AdDuplex have announced the introduction of a bidding based sub-system. If you're an AdDuplex user then you may have some questions about this and what it means for you.

Here, in hopefully simple terms, is what it means to you and what has changed.

Cross-Promotion
If you're cross promoting your app with the AdDuplex control then nothing has changed. This is true whether you've got a Windows or Windows Phone app and if you're using the control directly or through AdRotator or AdMediator.
If you show ads for other apps and in exchange ads for your app are shown in the other apps then nothing changes.

Direct Campaigns
If you've bought direct advertising in an app nothing changes. Any campaigns you're bought will continue in the same way. You can also continue to buy advertising in the same way.

Network Campaigns
This is where things have changed.
Previously, all ad impressions that you purchased cost the same amount.
This made things were nice and simple and you knew what you'd get for your money.

In reality though, some ad inventory is more desirable than others. This could be ads in some types of apps and people in some locations.
When something is more desirable it is reasonable that some people will be prepared to pay more for it. Similarly it's reasonable to want to pay less for something that other people aren't as interested in.

The way that advertising platforms account for the varying relative value of different impressions is via real-time bidding or RTB. (RTB article on Wikipedia)
This is what AdDUplex has changed to using for paid network advertising.

What this means for you is that:
  • Some ad impressions will cost more.
  • Some ad impressions will cost less
  • You can expect to get more impressions for your money
  • If you want specific targeting for your ads you may end up getting fewer impressions for your money but they should be more valuable to you and therefore something which will convert better. (If you're targeting correctly.)


Practically, what does this mean for you?
If you are currently running paid network campaigns you can switch them to be RTB based.
If you do this before July 7th 2015 you'll get your current balance doubled!
If you don't do this manually, all accounts will be automatically updated on January 1st 2016.

As per the instructions on the blog post, to make the switch, log in to your account and go to "Buy ads –> Billing –> Add credits" then follow the instructions to convert your credit.
The day after you do this you'll be able to adjust your campaign(s). Just go to the bottom of each campaign and adjust as appropriate.


I'd suggest keeping the old daily budget and starting with a low bid (e.g. $0.99) and then adjusting based on performance once you see what you get with those settings.





Tuesday, June 23, 2015

Are bugs on one device more serious than bugs on another?


Overheard (somewhere I'd expect people to know better):

"Bugs in mobile apps aren't as serious as bugs in desktop apps."

Really?
What are the implications of believing this?
What happens when this is the prevailing attitude in the developer culture? In a company or in a wider community? Especially when "building once to run everywhere"?


The background to the above quote was that they believed that lots of mobile apps are buggy but desktop apps are generally of a higher quality.

I think the opposite is true (at least of good apps). The connection to mobile devices and the competition between apps mean that bugs are more obvious and developers work harder to avoid and address bugs as part of a greater focus on UI & UX.
On the desktop there hasn't, traditionally, been a great focus on UI & UX and quality hasn't been as great as users are more tolerant of bugs and a substandard experience as their expectations are lower.

Of course, in a brave new world of universal apps that run on multiple devices a bug can easily exist on both mobile and desktop. The good news in such situations is that you can fix it in both locations at once. But sometimes that might not be the case and you could have a bug that only manifests on one platform. This means you have to test everywhere.



Thursday, June 18, 2015

Using a keyboard shortcut for the back button on your Windows [10] desktop app? Set IsTabStop on the page to True

*Disclaimer - This is based on my experience with the current preview tools/SDK. Things may change in the future.*

So, you've got a Windows 8[.1] desktop app and want to port it to Windows 10 (or just want to build a Windows 10 app that will run on the desktop), read on.

If your app has more than one page you'll almost certainly have some way of navigating backwards through the page stack. The default way of doing this will be with some form of button on screen that the user can tap with their finger or click with their mouse.

But what about the keyboard?
Yes, it's possible to `Tab` to the back button and invoke it that way, but if you have a page with a lot of controls on it it may require a frustratingly large number of key presses to "tab" to the back button.
A common (defacto/unofficial) alternative is to use the keyboard `Escape` and/or `BackSpace` buttons as a shortcut.
If doing this you'll probably do so by adding a `KeyUp` (or `KeyDown`) event handler to the page.

Here's where it get's fun.

To have the page listen to keyboard events it needs to have focus (or contain controls that have focus and let event bubble up to it).
In Windows 8.1 a page code get focus and listen to events even if `IsTabStop` was false (the default).
In Windows 10 a page must have `IsTabStop` set to True to be able to get focus and be able to listen to key press events.


Discovering this cost me far more time than I would have liked. I document it here in the hope that it saves someone else some time in the future.



Wednesday, June 10, 2015

What if I enable developer mode, install an app and then disable developer mode?

This question came up on our webinar this afternoon.

What happens if you put a device in developer mode, install an app as a developer and then turn off developer mode? Can you still use the app?

I didn't know, so I tried it:


  • I put a device (phone) in developer mode.
  • I then deployed an app from Visual Studio to a phone.
  • The app ran fine when launched from the apps list or the pinned main tile.
  • I then disabled developer mode.
  • When trying to run the app again it would not start. Nothing happened when tapping the app (in the list) or the tile. No message, nothing.


Based on the current preview build (10135) you cannot use an app installed through the developer tools once developer mode has been disabled.


*Update* - apparently the lack of message when the app doesn't start is a bug that will be addressed ;)

Badass: Making Users Awesome - Book review

This was originally posted at http://windowsapps.london/2015/06/10/badass-making-users-awesome-book-review/



I feel I should start by apologising to you. I was given a review copy of this book a few months ago but the fact it's taken me this long to tell you about it is something I should apologies for. You need to know about this book. And yes, I should apologies to the person who gave me the review copy too. ;)


This is a book about products and services but equally applies to apps. Given multiple similar apps, why are some more successful than others and what can we learn from the ones that are successful so that we can be successful too?

The structure and layout of the book is different to most but something you’ll recognize if you’ve read any of the Head First series.

The book aims to provide a “formula for improving our chance of making a sustainable, bestselling product or service” or app!

I think there’s something in it for everyone involved in app development and who want to create apps that uses will love and get value from. Obviously if you’re just building apps for yourself and/or to scratch a technical itch then carry on. Well, actually, upon reflection, there’s still something in this book for you too.

Here’s the thing. When it comes to a product/service/app in any category or niche, what distinguishes the successful from the not so successful is not luck. It’s about making the person using it a badass!

What does that mean?
It’s about creating better users, not better products.
The knock on from this is that people will talk about themselves more (people like doing that) and the reason for that will be your app. The most trusted form of advertising is recommendations from friends and family members. When others discover that the reason for then becoming badass is down to your app you’ll see the number of downloads of your app go up.

You may have heard the advice that you should “build services, not apps”. While that advice is generally good, it’s better to not “build a better service, [but] make a better user of the service”.
If you can create your app so that it creates a great Post-UX UX (the experience after using the app) then you’re on your way to a winner.

The book has a lot of information to help you create apps (and services) that will help create badass users. That is users who “reliably perform in a superior way”.

The advice covers everything you’ll need to know to help your users. Whether it’s practice, examples, struggle, progress, rewards, jargon, choices, memorization, willpower or affordances. There is a lot you’ll need to know and this book will help you through it.

There are also two other things you’ll learn about that are especially close to my heart.
“Cake features” and how you app can actually make people fat. Yes really. And how you can cause an emotional response in your users through appropriate prompts and a compelling context.


I urge you. Go get and read this book to learn more.
You owe it to the people who will use the apps you help create.


Get it from Amazon or O'Reilly.


Tuesday, June 02, 2015

When you go truly multi platform with UWP everything will be paid for with In App Purchases

In App Purchases (IAP) are how everything will be monetized in Windows 10.

Well, at least in part.
If you have any other thoughts I'd love to hear them.


In the Windows 10 every app will have a single store entry with a single price. Clearly this won't be appropriate when the app or game varies greatly on different platforms (device families).

Consider a game that exists on mobile, desktop and Xbox. Today you'd expect the gameplay to be very different across the platforms and also the price of the game to be different on each and you'll probably have to pay for each platform separately.

Obviously this won't work when there's a single price.
The solution then is for the app to be free and then you pay to unlock the app on each device you want to use it on.
There's an important UX consideration here around apps that appear to be free but then you have to pay for them once you've downloaded them.
A possible solution for this is to provide a free trial on each platform and then a paywall for the full game.

Obviously, some goodwill in the pricing will be nice and appreciated too.
For instance, if I buy the Xbox version first I might get the other platforms included too. Or, if I buy the mobile version first then I'd like a discount when I later buy the Xbox version.

Or maybe you use different monetization strategies for different platforms. Maybe the game is listed as free in the store but monetized with adverts in the mobile version and paid for (via IAP after a trial/sample) on the Xbox. With the desktop version being the same as one or other of those as is deemed appropriate.

Apps might be even more varied than games in their differences on different platforms. The near canonical example of this is the phone or tablet that is used for data collection and the desktop version that is used for reporting.
For some scenarios the above won't work or be appropriate and so having separate store entries for different platforms will be a better solution.

There are lots of unknowns here. The thing to note is that it's very unlikely that there will be a simple solution that works for all (or even most?) apps and games.

If you're building for Windows or Windows Phone and aren't yet familiar with IAP then now might be a good time to get prepared. You'll find documentation on MSDN.


5 tips for reducing the memory footprint in a background task

I was just asked for 5 tips on reducing memory footprint in background tasks.
Here's what I came up with:

1. Include as few external dependencies as possible.
2. Include as little of your own code as possible.
3. Don't load anything in memory you don't need - and free anything you do load before carrying on.
4. Do as little as possible - stick tightly to only what you absolutely must do.
5. Don't be afraid to split functionality between multiple tasks if need be.


Yes, they're all quite generic but this is actually a fairly standard scenario on mobile. Ultimately, to save time and resources (memory, network, power, etc.) you should do as little as possible and only use the things you must.


Monday, June 01, 2015

Reserve you Windows 10 upgrade today! It's free. It's easy. No worries.

If you see this icon in the notification area (system tray) on your machine then you should click on it.



Here's what you can expect when you do.







Reserve your free upgrade. It's not like they're going to run out but it means you'll get the free update as soon it's available.