Posts tagged: Software

The Apple Voodoo

I love the iPhone. As usual when it comes to Apple gadgets, the feeling for design and thinking outside the box produced a phone that finally made me see the point of a smart phone.

The one thing that’s always bothered me though is the App Store and conditions. A central directory of apps and central point of download is a good idea. A standardized update procedure is an even better idea, at once solving all the bullshit problems windows users have to put up with (how interested are you in updating Adobe Reader or Java all the time, really?)

The one thing I don’t agree with is the approval process. And Apple just went from tolerably bad to intolerably worse on that one. I think it’s a bad decision to restrict what you may run on the phone and how, but it’s still a decision I can respect — their rules on how you execute stuff within the context of their operating system.

However, the new terms of service for iPhone OS 4 says this:

Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs

Here’s where Apple has clearly and definitely stepped over the line. Not only must the resulting application conform to certain demands, now my development process must conform to certain demands?

Code generation is an incredibly useful technique, and they’re banning it simply to stop the Flash compiler and make a grand statement? Either way, how in the world are they planning to enforce this? Will this lead to an arms race between Apple trying to detect application code that has been compiled to C, C++ or Objective-C and a company like Adobe making a compiler that compiles Flash to those languages in a way that looks as close to human-written as possible? Unless I have to submit a full-length video of myself coding the entire thing, there is just no way to tell with a reasonable accuracy.

How much collateral damage is acceptable, Apple? How many other companies and customers will suffer over your crusade against Flash? How many developers will hate your guts before this is over? There are just so many pins the developer voodoo doll will take.

The iPhone app craze will eventually die as more people realize the gold rush is over. And at that point, Apple can keep its Objective-C Nazi corner, while the rest of us go back to using the best tools for the task at hand.

Web Form Verification for Dummies

The standard method for interaction with computer applications has gone from being the command line to being the native GUI, to being the web form. We were awesome at verifying input when it came from the command line — that was simple. Then we were kind of ok verifying input in the native GUI, although quality varied a lot more.

Now we suck at verifying user input from web forms. The current state of code that verifies user input has both managed to take us back to the kindness of the command line when it comes to freedom of input and manages to check all the wrong kinds of things. Why is it so hard to write these checks? I suspect because people don’t really think much about them, and I bet there are more interesting things out there than to write user input verification.

These problems aren’t some beginner coder errors either — they’re rampant on even the biggest sites out there like paypal.

The most common field to get me snared is the phone number field. In 99% of all cases, the site assumes that all phone numbers in the entire world are formatted like US phone numbers. Not, as one could imagine, because I’m claiming to live in America — I clearly just told the site that I live in a European country. So anyway, inputting my actual phone number causes an “invalid phone number” error. Not that there is any mention whatsoever on the site about what the correct format of a phone number is (there are, in fact, even several ways of writing a US phone number).

This sets off a wildly unamusing guessing game of how to “convert” my phone number into a format the site will accept. This practice often costs the sites money as I end up giving up and going somewhere else, frustrated and unable to make a simple online purchase that didn’t really require that phone number anyway, did it?


Another highly amusing game is the one where web sites try to force users to choose “secure” passwords by enforcing the formats of passwords. “You must have at least 6 characters, with at least one letter and one number”. Sounds good, except in general these passwords are restricted to only contain letters and numbers. Hold on, isn’t it common wisdom to include at least one non-alphanumeric character in a secure password?

As such, out of my set of passwords, the only password which tends to pass most password verifications is my least secure one. The idea that you could fix a social problem through technology is somewhat funny anyway — “password1” is not more secure than “password” in any way that really matters.

ErrorThe same thing applies to the old trick of forcing your users to change passwords every month. This can have two potential outcomes — users append a counter to the end of their password, and increment it every time they are forced to switch, or they keep a post-it note taped to their monitor with their current password. Neither outcome is a net gain in terms of security.

Some sites even let the user set a password which is then considered invalid when the user tries to log in (ebay, for instance,  has done this) — causing a prompt for a new password and much annoyance.

Format wars

Parsing stuff is what computers are good at. So forcing me to input something in a strict format is always a loss. Either separate the fields and force me to select the individual parts of a date separately or actually use all that computing power at your disposal to do your user a favor. Telling me you have no idea what I mean by “2009-12-21” because you expected “20091221” is annoying the user for no good reason, even if you told me to not include dashes.

If you find yourself in a situation where you need to verify input  from the web, take an extra minute to consider how you could make things as convenient as possible for the user, which ones of your assumptions only hold true for the region you live in… and when you’re done, whatever you do make sure you tell the user exactly what the expected format is.

Don’t Be an Open Source Douchebag

I love open source software. It provides both a neat training ground for programmers, a good place to go scratch that itch. On the other side of things, it provides awesome software for people, including some software that would never come out of a big development house.

Still, there are some issues with free software that don’t really show up to the same degree with commercial software. One such thing is documentation. It’s painfully obvious that documentation is written by people who:

  1. Already know the software in and out.
  2. Don’t like writing documentation.
  3. Know nothing about how people learn.

For instance, when I started a side project a few months back, I was looking for a build system. After settling on CMake, I set about trying to make sense of it. There’s the ever-present getting started example, of course. And then there’s the full reference of everything you could possibly want (almost).

But in between those, there’s nothing. Well, nothing except a book, which just goes to show you that there’s something missing — a professional writer could obviously make some money out of explaining things in a reasonable way.

The problem with this is that it doesn’t match how people learn. Getting started is a good step, but a relatively small one. Most of the time will be spent incrementally expanding the knowledge, moving from beginner to expert. Most time will thus be spend in some kind of zone in between the “getting started” and “reference of everything” levels.

Worse than that, some open source programmers have a tendency to view their full reference documentation as an appropriate resource for everyone. “It’s all in there,” right? But pointing a beginner at a 40-page document detailing all the options of some application when all they want is to run it properly isn’t very helpful. I’m sure you know what I’m talking about if you’ve ever used an open source command line tool.

That ends us up with the really dark side of free software culture. The true douchebags out there will not only be extremely smartass in their RTFM comments, they’ll also be incredibly sensitive and defensive about the software they’re working on.

I ran into a problem with cygwin’s SSHD implementation last week. In searching for the solution, I found this mail list answer:

  Wrong.  That is uninformed speculation and guesswork.  Stop
spreading misinformation.

  Cygwin SSHD has had the support for fully logging in as any
user since 1.7, as you have already been told and completely
ignored.  Go and read the manual.  The link was in the previous
email I sent in this thread.

  freesshd works exactly as Cygwin *used* to before it got
subauth support: when you log in with a key, rather than a
password, you just end up as an admin user.

Wow. This kind of answer is wrong on so many levels. First of all, while he makes it seem like the functionality has been there forever, cygwin 1.7 is still not even out of beta. The chance that an end user has it is about 0. So, with the current version (1.5),  supposedly cygwin sshd works just like freesshd. This is clearly false, because the original poster reports one working and the other not (which is, by the way, exactly the same results that I had).

So, a user reporting a problem about logging in gets pointed to a long documentation about security settings in a beta version, doesn’t understand a word from that document (no surprise there), and as a result gets told to “stop spreading misinformation”. Truth is, simply installed like any normal user installs applications, one works and the other doesn’t, something made quite clear by an answer from the original poster in a different place in the thread:

> Are you talking about password or public key authentication?
> If the latter, Have you tried the LSA authentication package
> in Cygwin 1.7?
I don't know. I'll try to deciper that. Sounds complicated. In
the meantime, friend is using freesshd.

The essence of what he’s saying (which has been completely missed by the cygwin developers) is that the effort required to get cygwin to work like one would reasonably expect of it is much higher than the effort required to just google for something that just works out of the box. The fact that you could potentially make it work is irrelevant, because he’s not getting any help actually making it work.

He might as well just have said, “I don’t care about making it work for you. It works for me.”

Software companies usually compensate for their complete lack of useful technical support with a good (or at least reasonably decent) amount of help documentation. Free software usually has neither.

I encourage any programmer to practice their technical skills on an open source project. But while you do so, take the opportunity to practice your people skills a bit as well, or why not your writing skills? Don’t be an open source douchebag — someone reporting your software’s flaws is not attacking you personally.

The Lyrics to my Life

Jeff Atwood posted a suggestion a while back for a “Support Your Favourite Small Software Vendor Day“. He has an interesting point, in that there’s a tendency to not register the shareware stuff out there. I’m as guilty as many others on this — I tend to not buy software that doesn’t do what I expect of it, keep looking for something better, but never find it.

Some of these are painfully apparent in my computer setup. I run dual-screen setups both at home (2560×1024) and at work (3200×1200), and I manage both with the excellent shareware application DisplayFusion. It has the unfortunate effect of being so good that I use it once, then forget about it for at least 3 months. Finding good backgrounds is easy on DeviantArt, though, and I’ve always had a soft spot for auto-rotating desktop backgrounds. Well, turns out DisplayFusion can do that in its registered (or “Pro”) version.

It has the rather sour licensing terms of “one computer only” however, so I’d need to buy two licenses. I find that rather greedy, to be honest — I never use both computers at once (they’re both stationaries, one at home and one at work), and while I certainly find the application worth the money, I don’t fancy paying for the same thing twice, for the same reason I don’t think people should be restricted to installing Spore on 3 computers, as long as they’re only playing on one at a time.

If you’re a small developer trying to make money off shareware applications, I’d advice you to not try to put MS/EA-style restrictive licenses on them. There’s just no point, and while EA may be able to take the hit of being despised by every forum flameboy around, you can’t. The likely effect is that you lose sales rather than gain additional ones. Result in this case: I’m looking for another good dual-monitor wallpaper application to buy instead.

Another app I’ve used for a long time is Minilyrics. I’m an absolute music junkie, tend to be listening to various kinds of music more or less constantly. I’ve always been interested in lyrics viewing addons, but fell completely in love when I found Minilyrics. The difference is the amount of config you can do with Minilyrics.

Most lyrics viewers scroll down text in a window — Minilyrics defaults to this as well. This takes up a chunk of screen space, and as I mentioned I like to have my music on a bit more often than always, or a bit more often than that. But with Minilyrics I can set it to scroll horizontally, and place the app as a small strip just about anywhere. At work I basically always run Visual Studio maximized on my primary monitor, so I’ve ended up with a setup with Minilyrics layered transparently on top of the title bar.

Minilyrics on top of visual studio's title bar

Minilyrics on top of visual studio's title bar

I love that setup — it keeps the lyrics where there’s always an unused bit of screen space, and it’s always easy to check out whatever those words that just floated by in the headphones were, without taking focus away from what I’m doing. It doesn’t look like much on a still image like that, but seeing the words scroll by is awesome.

At home I don’t have the luxury of a single app always running in maximized mode though. I’ve grappled with that for a while, and ultimately came up with my current setup, which has Minilyrics running at the bottom of my second monitor, in a reserved space (so I have a lyrics bar on my second monitor, just like you’ll have the task bar on your primary monitor).

Minilyrics at the bottom of my second screen

Minilyrics at the bottom of my second screen

I haven’t been able to find any applications that properly put up a bar like that on a second monitor, so I ended up writing a very small application only for the purpose of reserving that space with a transparent window. It took me a while to figure that one out — most application I’ve seen with the capability to dock in like that with the edge of a screen calls it “docking” — Microsoft terminology calls it “Application Desktop Toolbar” (thanks, Stack Overflow folks). Once I knew what to search for to get the information I needed, writing the app was quick and painless.

Anyway Minilyrics had some very annoying bugs, but I still kept using it. And the latest version has fixed nearly everything that annoyed me — so it was well worth the money.

To end the whole theme of music: I guess anyone who can identify both songs has a suitably wicked musical taste to be compatible with mine.

What shareware do you use?

WordPress Themes