Tuesday, 18 December 2012

Why is Android still crap?

The BBC posted about their attitude to Android today causing some discussion among the mobile developer community.

Android has come a long way and the latest version of the OS and some of the devices coming out are really cool, but the market is heavily fragmented and fragmentation is still a real problem.  And it's not just screen-sizes and resolutions, we learnt how to handle that 10 years ago.

Firstly, there is a great deal of difference between the range of APIs available (with 2.3 still being the most popular and only about 33% of devices supporting 3+).  There is "support" available to bring some of those APIs to the old APIs, but it means developers retrofitting their apps with the support library (assuming they didn't using it from the beginning) and it still doesn't grant access to all the cool features of 4.0+.  Yep, you can target various APIs directly, but adding "if API > 4.0" type statements to code and having to create "layout-v16" specific XML files is frankly fugly.

Next, providers and manufacturers are able to took about with Android as much as they want, so who knows how much they've gimped it and therefore what effect that'll have on your app.

Finally is that there are real differences between the hardware.  I have direct experience of different devices handling various situations differently (usually memory, as reported by BugSense).  The emulator works fine but "stock Android" on an offending device demonstrates the problem, where as other devices of similar spec are fine.  I shan't mention names *cough*Samsung*cough*Sony*.

If I'm still not getting through to you, consider the possible number of permutations.   Try plugging in some numbers for Android and then iOS.  You'll see what I mean.

Fragmentation degree = Screen sizes * screen densities * API variation * hardware variation * provider/manufacturer OS tweak variation.

So the conclusion from someone who does commercial Android dev on a regular basis is that Android dev is a PITA and iOS is significantly easier.  For me, that explains why iOS stuff tends to get done first as it'll reach a user base of people who generally are prepare to throw more money at stuff than Android users and with a lot less development pain.

Sunday, 7 October 2012

What is Oxwall? or, How to host your own Facebook?

I'm a member of a smallish social group in the area that I live in.  Our common interest is roleplaying games, boardgames, wargaming and other such activities that get people round a table, talking laughing and rolling dice.  We coordinate our activities via a website, and have done since the group formed.

We originally met when our founder member posted up an advert on Meetup.com to take part in a game of Dungeons and Dragons.  The group filled quickly (I think to his surprise) and it wasn't long before we had more members than games.

We slowly began to realise Meetup.com wasn't for us, apart from anything else it cost money.  So we moved to GroupSpaces which seemed to suit the needs of our slowly growing group much better.  Before long though, we were getting annoyed with GroupSpaces permanent "beta" mode ... constantly tweaking things and changing functionality and not always in the way we liked.

It was at this stage I considered writing my own social networking application for the group, but soon discovered that actually it's a lot of work and I just didn't have the time.

Then I discovered Oxwall.

Oxwall is a PHP based web application (a la Wordpress, et al) which you can use either via their hosted solution or by installing it on your own server.  I have a Bytemark VM for the various websites I run so decided to throw it up there and check it out.

It wasn't perfect, but straight away it felt to me like it had a lot of potential and it had the functionality we needed at that particular time: somewhere for the group to socialise online, event management and a forum.  It also has a few other things, but those were the main things we needed bust most importantly, we were in total control of the software.

The architecture is MVC based and modular.  For instance, event management is handled by a module. If you deactivate (or uninstall) the events module, the functionality disappears.  Not bad for a PHP app!  Diving in to the code, I found it to be pretty clean and well written (in most places).  However, I did need to make some changes, and even write an entire module, but I'm going to talk about them in upcoming posts.

Additionally, the community is fairly active and there's a market place where you can download plugins (some are free, others are not) and hire people to write code.

But for now, if you are looking for a Facebook style social networking application (incidentally, Oxwall integrates with Facebook for authentication if you want it), then this might be the app for you, if you have somewhere to install it.

Friday, 31 August 2012

Why are good enterprise development practices for iOS unsupported?

iOS developers everywhere will know what I mean.  Sensible (and these days standard) development process involves the use of Continuous Integration (CI) - everyone knows this and I'm not going to wax lyrical on the benefits here.

However, Apple make this very difficult to do.  It's possible, but it requires a hack and is not officially supported, the biggest problem being the running of unit tests which cannot be done consistently and headlessly, which pretty much negating the reason for having CI.

Where I'm working just now does indeed use CI (Jenkins with MacMini build slaves).  It's an impressive set up, but is problematic.

At my suggestion, my colleague created a bug to try and encourage Apple to address this, but now we need your support. If you understand this pain and want Apple to address it (and can open an bug with Apple) please log a bug and use the following information:

Title: Support Running of Unit Tests Headlessly
Description: Duplicate of 12214314

Apple tools should better support Continuous Integration systems e.g Jenkins.

Of Particular concern is that the xcodebuild command does not take a test argument so we need to manually edit the emulator scripts to run tests headlessly (as stated in blogs like http://www.raingrove.com/2012/03/28/running-ocunit-and-specta-tests-from-command-line.html).

We shouldn't need to do this. We should be able to run tests from the commandline with the same ease that we press command-U to run them when the project is open.

Let's get Apple to really support iOS development in the enterprise!  Thanks in advance.

Tuesday, 3 July 2012

ADSL Modem Routers Suck!

For a long time I used a ADSL Wireless Modem Router at home.  This device connects to your ADSL Internet connection and provides your home with a wireless connection.  It does the job of sending information to and from your computer and the rest of the Internet (as well as your local network).  The problem is, I seem to go through one of these every 12 months or so.  They wouldn't break completely, but they'd require daily reboots.

Most recently I started a job working from home and the company has a VPN to allow me to access their issue tracking system and source control.  There's been at least two different types of VPN and in both cases my Netgear DGN2000 just could not handle it, requiring a reboot daily, even though the VPN was being made between my computer and the remote network.

I've had two networks running in my house.  A 802.11b/g network to service my wife's old, pre-N MacBook Pro and an 802.11n network being served by my Time Capsule in bridge mode.  Why did I even have to do this?  Again, because the router just can't handle it.  The Netgear DGN2000 is capable of creating up to 4 access points, but as soon as you have any combination of b/g/n the router requires daily reboots.  b/g on it's own is fine and as is n on it's but not in any combination.

Struggling with my work's VPN was the last straw.  So I decided to try something else.  Knowing my Time Capsule is a rock solid WIFI router I figured I should try and eliminate a combined device from the equation.  So I switched out my Netgear DGN2000 and replace it with an Zoom ADSL Bridge-Modem.  This is a fairly cheap device that does one thing, and so far seems to do that one thing very well.  Namely, it provides a connection to the Internet via ADSL, but does not do any routing.  After a little configuration of my Time Capsule, it was easy enough to make that my router and so far I haven't had to reboot anything.   I'm even running the Time Capsule in b/g/n mode and so far haven't noticed any slow down like I would have with the Netgear.

We'll see how long this lasts (so far about 3 weeks up time), but I am feeling pretty confident about my network set up at home now.

Of course, if I had cable in my area then this would be moot as I'd be using that.  Get your finger out Virgin!

Monday, 2 July 2012

Open Web Micro Blogging

I love Twitter.  No, that's wrong.  I love micro-blogging and Twitter seems to be the de-facto standard service for doing that.  It allows me to interact with hundreds of people, many of which I would never have access to.  These relationships can be long term or entirely temporary.  They can be friends, celebrities or companies.

Twitter makes this form of communication and interaction available to everyone with very little effort.  However, it is a centralised service and that means someone else is in control of your data.  Recent developments suggest that Twitter are going to shut down certain clients.  In addition to this Twitter is becoming more and more commercialised with sponsored tweets appearing in your timeline, adverts when you click on links and so on.

So the web should be an open place and resistant to censorship, shut downs and so on.   To create a Twitter-like service that does not depend on Twitter (or any other similar service) you need to decentralise, but that's not easy for people who are not developers or highly technical.  

So how do we do it and, in order to keep the real value of Twitter, how do we keep it easy for the masses to adopt?

Well, I'm not entirely sure, but inspired by the second link above, I've created this community on geekli.st to encourage discussion and perhaps come up with a plan.

Friday, 29 June 2012

Scottish Ruby Conference Day 1

Firstly, the conference itself is extremely well organised, great speakers, and in a fantastic building.  However, I'm just going to talk about two main things which stuck out for me, neither of them very positive unfortunately:

1) Women in Computing

Mike Lee (@bmf) talked about this at (what felt like) length during his keynote.  While I generally agree with the sentiment, I'm not sure a rant telling people how to behave is the best way to address the problem.

What is the problem?  Apparently people make assumptions about women in computing.  Worse, guys generally assume women at conferences are not programmers and try to flirt with them.   There was more of the same vane, as well as some comments about people assuming all black guys steal cars.  Women, like the other people at the conference (i.e. men) aren't there to be flirted with and yeah, I agree with that.

Stereotypes are bad.  I agree.  But didn't Mike just create a new stereotype?  That all conference going guys have the same attitude?  I'm pretty sure I don't!  In fact, I think Mike under-estimates people's ability to empathise and I'm sure the people Mike was talking about are the minority rather than the norm.

I totally agree prejudice should be stamped out, and hard, but I feel that highlighting the existence of prejudice is counter-productive as all you do is alienate a different group in that minority group's place and now more people are alienated than ever.  We, people in general, need to get to a state where gender, race, sexual preference, religion really doesn't matter.  I think Mike wants that, but I'm not convinced his rants on behavioural change actually help.

As a result of the talk I actually became overly conscious about even starting a conversation with any women at the conference and by the end of the day I was pretty sure that there were at least a couple of women on their own during the in-between sessions when networking opportunities are at their premium. They certainly weren't surrounded by a gaggle of gorking geeks as Mike seems to think they would have been either.

Conclusion - don't suffer, or allow someone else to suffer, prejudice.  Use education to teach people to exhibit a mutual respect for all people, but don't tell people how to behave.

2) Tell, don't ask.

While watching the talk about Hexagonal Architecture I was initially excited as modularity (especially runtime modularity) is a favourite subject of mine, so I settled in to find out how Ruby approaches this.

For me, modularity a particularly important aspect of software development, especially in larger systems where tight coupling reduces architectural agility.  However, I'll refer you to Kirk Knoernschild for more information, as he's got a great handle on this.  He's also very good at explaining what the problem is and how to fix it.

To be frank, I was soon disappointed.  The speakers slowly got around to talking about dependency injection,  inversion of control and programming to interfaces, without properly mentioning it.  Their Hexagonal Architecture was nothing more than a well-architected modular application... but without [Java] interfaces to enforce a contract.  They referred to these as protocols, which I am familiar enough with from my Objective C experience, but there is no formal definition of a protocol or interface in Ruby.

Hey, but this is OK!  These principals have been around since the 1980s with Smalltalk and that never had protocols or interfaces either.  Correct!  And that's exactly why Java *does*.

Is this the state of Ruby?  At least 10 years behind Java, if not more?

My current feeling about Ruby (especially Ruby on Rails) is that it gives you a lot out of the box and you can build a solution very fast but what is generated for you absolutely needs to be refactored, or will become a maintenance nightmare later down the line.

Conclusion - Ruby sacrifices [runtime] modularity, fine grained contractual interfaces and thus architectural agility in favour of terse, human friendly, rapid application development.

Friday, 15 June 2012

Importance of Passbook in iOS6

While I haven't actually watched the WWDC keynote video I did watch a live blog and I have to admit that at the time Passbook didn't seem that big a deal... but having some time to think and then seeing a demo of it by one of my colleagues today, it suddenly clicks in to place.

Essentially, the next few years will see a distinct rise in mobile payments.  All those store cards you've got; Tesco, Starbucks and so on, will disappear to be replaced by cards on your phone.  In the case of those two examples they already have native iPhone apps to replace your physical card with a virtual one but so far the move has not been ubiquitous probably due to the lack of a unified secure platform with consistent user experience, which Apple now provides in the form of Passbook.

The main focus of Passbook just now is on ticketing.  This allows paper boarding passes, cinema tickets, and so on to be replaced with a virtual version.  Even better, the tickets can become 'relevant' at specified times and places, popping up on your phone.  For instance, you might pre-book to see the latest blockbuster film.  You end up with a ticket in your Passbook (probably after downloading it from the cinema's website, or opening an email with it attached) and then when you arrive at the cinema it automatically pops up ready to be scanned.

However, ticketing is just a small piece of the puzzle.  With NFC on the horizon, it won't be long before you're paying for all kinds of things with your mobile phone, from interacting with vending machines, to buying a washing machine.  Passbook is another step in that direction and in my humble opinion vastly understated.

Wednesday, 6 June 2012

Linked-In loses 6.1m un-salted hashed passwords - WTF does that mean?

... and why does it affect you?

This post is aimed at the layman.  If you're not particularly technical and want to know what this is all about, read on... 

Well firstly, it only affects you if you have or had a Linked In account.  Contacts of mine seem to be deleting their accounts in droves, but more about that later.   Chances are, their account data is possibly still hanging around.  Who knows for sure if your data is really deleted?

But what it essentially means is that someone might have your email address and password, and if you use the same combination of email and password on sites like PayPal, you could find yourself out of pocket!  So even though the warning is to change your password on Linked In - remember to change it on any sites where you use the same email address and password to log in.

Standard practice is not to store your password in plain text, but at the same time they need a way to compare what you enter when you login with what's in their database.   To do this, passwords are "hashed".  Hashing is a form of encryption.  You take some characters and apply an software process to it and produce some other seemingly random characters.  For example if you use the password "manchester" it isn't sat in their database as "manchester" for the world to see, it'll look like this "018a9567ea15470312c40d3e5d6bbcd4".

There are different algorithms for hashing.  The one I used above is called md5 and is not recommended for use in recent times, but is fine for demonstrating this point.

No matter how often you try, the md5 hash of "manchester" will always equate to "018a9567ea15470312c40d3e5d6bbcd4".   But it's a one-way operation... you can't take "018a9567ea15470312c40d3e5d6bbcd4" and reverse the process to find out that the input was "manchester".

However, what you can do is generate any number of md5 hashes easily enough.  So all a password thief needs to do is generate md5 hashes for a known list of inputs and compare them.  Thus, if they see "018a9567ea15470312c40d3e5d6bbcd4" in the list, then they know your password is "manchester".

The passwords were stored un-salted.  Why is salting important? 

Salting adds a layer of security to your password and this is really where Linked In failed.

Salt is a bit of extra data that is appended to your password before it is hashed with the result being stored in the database.  When you sign in to a website, they add the salt to whatever you entered as your password, hash the result and then compare it to what's in the database.  You don't add the salt when you sign in, the server does it for you.

But the important thing is, so long as the salt is secret then the passwords are now near-impossible to decipher.  For instance, using "manchester" adding the secret salt of "mouse" makes your password look like "manchestermouse" and now gives a hash of "63a1d6c2df05dc6919084c7d763b6622"... a totally different result!

Thus, unsalted passwords are nearly as unsafe as plain text passwords.

So in conclusion, you can't do anything about a site's security if it has been implemented poorly, but you can help to protect yourself using a strong password; at least 8 characters with a good mix of letters (uppercase and lowercase), numbers and strange characters like exclamation marks, hyphens, dollar sign, etc.

Another very important tip is to try not to use the same password across multiple sites.  If this is too tricky to manage, use a secure password service like lastpass.com.  They have password generators and automatically inject your password in to forms on a web page, while storing your password securely on their servers.  Very convenient and if used correctly, very secure!

Friday, 2 March 2012

Biannul update

It seems to be that I only update this blog a couple of times a year now. I'm not going to promise to do otherwise as that will just set me up for a #fail, thought I do have a post to write about a concerning Apple issue that I'm sure most app developers ignore and they really shouldn't.

But back to the point, what is going on with me now?

6 months at the large investment bank in Glasgow flew by and it could have easily gone on for much longer, but I was approach by a large multi-national to join their mobile centre of excellence in Edinburgh. This is also on a contract but for a much longer engagement and with the potential to expand my business (brindysoft.com Ltd) in ways that would normally involve a lot of risk and effort.

The result is I am now working with a brainy bunch of folk on innovative mobile oriented solutions. I've only been here for four weeks and have already used a whole raft of technologies. The product I'm working on is very exciting and the kind of thing that everyone will be using in 18-24 months, especially with the mainstream arrival of NFC (near-field communications) technology in mobile devices.

My OSGi focus is slowly disappearing. The space is moving along rapidly with new specifications and innovations, but I find that even though the potential adopters I am working with are very interested in the concepts, pragmatically "Spring and Maven does the job". I was extremely skeptical about this, but I have to admit, the combination of these two technologies allows me to build fairly complex modular applications in very little time at all, even more so when you use something like Spring Roo to do the heavy lifting for you. I never thought I'd say it, but I'm beginning to become a Maven and Spring convert. However, I still hope to work with OSGi on a large scale project, it might even happen here if keep evangelising enough.

But I finally get to exercise my love for smart mobile devices and am getting to build a large scale enterprise system working both with mobile clients (iOS, Android, Blackberry, Windows Mobile) and server architecture (Java, Cloud technology, SOA principles) deployed both in the public cloud and within private cloud configurations. Exciting times ahead.