Sticking to the iPhone
Recently, I got a chance to play around with a Nexus One phone and I was using it as my main phone with the intent to use it as my new main phone. I had enough of the lack of background apps and the closedness of the iPhone, so I thought, I should really go through with this.
Unfortunately though, this didn't work out so well.
People who haven't tried both devices would probably never understand this, but the Nexus One touch screen is really, really bad. The bit of squigglyness you see on the picture in the linked article seems like no big deal, but after one week of Nexus One and then going back to the iPhone, you can't imagine how smooth it feels to use the iPhone again.
It's like being in a very noisy environment and then stepping back into a quiet one.
Why did I try the iPhone again?
While I got Podcast listening to work correctly on the Android phone, I noticed that a lot of my commuting time is not just spent by listening to podcasts, but that some games (currently Doodle Jump and Plants vs. Zombies) play a huge role too and the supply of games on the Android plattform is really, really bad.
And don't get me started on the keyboard: Neither the built-in one nor the one I had switched to even comes close to what the iPhone provides. I'm about 5 times as fast on the iPhone than on the Android. Worse: After switching to the Nexus One, I again began dreading having to write SMSes which usually spells death to any phone for me.
Speaking of keyboard: The built-in one is completely unusable for multilingual people: The text I write on a phone is about 50% english and 50% german. The Android keyboard doesn't allow switching the language on the fly (while the english and german keyboards are quite alike, the keyboard language also determines the auto correction language), and it couples the keyboard language to the phone UI language.
This is really bad, as over the years I bacame so accustomed to english UIs that I frankly cannot work with german UIs any more - also because of the usually really bad translations. Eek.
So, let's tally.
| iPhone | Android Device | |
| Advantages |
|
|
|---|---|---|
| Disadvantages |
|
|
While I thought I could live with the touch screen, the moment I turned on the iPhone again to play a round of "Plants vs. Zombies" that just came out for the i-Devices, I've seen how a touch screen is supposed to work and I could not bring myself around to going back, but I still wanted some of the one big iPhone disadvantage, which is lack of non-SMS-based messaging fixed for me, so here's what I've done:
- WhatsApp on the iPhone works really well as an SMS replacement (something I was after for a very long time)
- meebo so far never disconnected me on the iPhone which is something all other iPhone IM clients have done for me - and even on the android, meebo tended to disconnect and not reconnect.
For me, that's it. No more experiments. What ever I tried to get away from Apple's dictate, it always failed. The N900 is a geeks heaven but doesn't support my expensive in-ear iPhone headset and doesn't provide any halfway interesting games. Android has a bad touchscreen, next to no battery life, is slow and crashy.
It's really hard to admit for me as a geek and strong believer in freedom to use something I bought for whatever purpose I want to use it for, but Apple, even after two years, still rules the phone market in usability and hardware build quality.
Can't wait to see what the next iteration of the iPhone will be, though they don't have to change anything as long as their competition still thinks it's ok to save $2 on each phone by using a crappy touchscreen and a crappy battery.
JSONP. Compromised in 3…2…1…
To embed a vimeo video on some page, I had a look at their different methods for embedding and the easiest one seemed to be what is basically JSONP - a workaround for the usual restriction of disallowing AJAX over domain boundaries.
But did you know, that JSONP not only works around the subdomain restriction, it basically is one huge cross site scripting exploit and there's nothing you can do about it?
You might have heard this and you might have found articles like this one thinking that using libraries like that would make you save. But that's an incorrect assumption. The solution provided in the article has it backwards and only helps to protect the originating site against itself, but it does not help at all to protect the calling site from the remote site.
You see, the idea behind JSONP is that you source the remote script using <script src="http://remote-service.example.com/script.js"> and the remote script then (after being loaded into your page and thus being part of your page) is supposed to call some callback of the original site (from a browsers standpoint it is part the original site).
The problem is that you do not get control over the loading let alone content of that remote script. Because the cross-domain restrictions prevent you from making an AJAX request to a remote server, you are using the native HTML methods for cross domain requests (which should not have been allowed in the first place) and at that moment you relinquish all control over your site as that remotely loaded script runs in the context of your page, which is how you get around the cross domain restrictions - by loading the remote script into your page and executing it in the context of your page.
Because you never see that script until it is loaded, you cannot control what it can do.
Using JSONP is basically subjecting yourself to an XSS attack by giving the remote end complete control over your page.
And I'm not just talking about malicious remote sites... what if they themselves are vulnerable to some kind of attack? What if they were the target of a successful attack? You can't know and once you do know it's too late.
This is why I would recommend you never to rely on JSONP and find other solutions for remote scripting: Use a local proxy that does sanitization (i.e. strict JSON parsing which will save you), rely on cross-domain messaging that was added in later revisions of the upcoming HTML5 standard.
Twisted Tornado
Lately, the net is all busy talking about the new web server released by FriendFeed last week and how their server basically does the same thing as the Twisted framework that was around so much longer. One blog entry ends with
Why Facebook/Friendfeed decided to create a new web server is completely beyond us.
Well. Let me add my two cents. Not from a Python perspective (I'm quite the Python newbie, only having completed one bigger project so far), but from a software development perspective. I feel qualified to add the cents because I've been there and done that.
When you start any project, you will be on the lookout for a framework or solution to base your work on. Often times, you already have some kind of idea of how you want to proceed and what the different requirements of your solution will be.
Of course, you'll be comparing existing requirements against the solutions around, but chances are that none of the existing solutions will match your requirements exactly, so you will be faced with changing them to match.
This involves not only the changes themselves but also other considerations:
- is it even possible to change an existing solution to match your needs?
- if the existing solution is an open source project, is there a chance of your changes being accepted upstream (this is not a given, by the way).
- if not, are you willing to back- and forward-port your changes as new upstream versions get released? Or are you willing to stick with the version for eternity, manually back-porting security-issues?
and most importantly
- what takes more time: Writing a tailor-made solution from scratch or learning how the most-matching solutions ticks to make it do what you want?
There is a very strong perception around, that too many features mean bloat and that a simpler solution always trumps the complex one.
Have a look at articles like «Clojure 1, PHP 0» which compares a home-grown, tailor-made solution in one language to a complete framework in another and it seems to favor the tailor-made solution because it was more performant and felt much easier to maintain.
The truth is, you can't have it both ways:
Either you are willing to live with «bloat» and customize an existing solution, adding some features and not using others, or you are unwilling to accept any bloat and you will do a tailor-made solution that may be lacking in features, may reimplement other features of existing solutions, but will contain exactly the features you want. Thus it will not be «bloated».
FriendFeed decided to go the tailor-made route but instead of many other projects each day who go the tailor made route (take Django's reimplementations of many existing Python technologies like templating and ORM as another example) and keep using that internally, they actually went public.
Not with the intention to bad-mouth Twisted (though it kinda sounded that way due to bad choice of words), but with the intention of telling us: «Hey - here's the tailor-made implementation which we used to solve our problem - maybe it is or parts of it are useful to you, so go ahead and have a look».
Instead of complaining that reimplementation and a bit of NIH was going on, the community could embrace the offering and try to pick the interesting parts they see fitting for their implementation(s).
This kind of reinventing the wheel is a standard process that is going on all the time, both in the Free Software world as in the commercial software world. There's no reason to be concerned or alarmed. Instead we should be thankful for the groups that actually manage to put their code out for us to see - in so many cases, we never get a chance to see it and thus lose a chance at making our solutions better.
(Unicode-)String handling done right
Today, found myself reading the chapter about strings on diveintopython3.org.
Now, I'm no Python programmer by any means. Sure. I know my share of Python and I really like many of the concepts behind the language. I have even written some smaller scripts in Python, but it's not my day-to-day language.
That chapter about string handling really really impressed me though.
In my opinion, handling Unicode strings they way python 3 is doing is exactly how it should be done in every development environment: Keep strings and collections of bytes completely separate and provide explicit conversion functions to convert from one to the other.
And hide the actual implementation from the user of the language! A string is a collection of characters. I don't have to care how these characters are stored in memory and how they are accessed. When I need that information, I will have to convert that string to a collection of bytes, giving an explicit encoding how I want that to be done.
This is exactly how it should work, but implementation details leaking into the language are mushing this up in every other environment I know of making it a real pain to deal with multibyte character sets.
Features like this is what convinces me to look into new stuff. Maybe it IS time to do more python after all.
All-time favourite tools – update
It has been more than four years since I've last talked about my all-time favourite tools. I guess it's time for an update.
Surprisingly, I still stand behind the tools listed there: My love for Exim is still un-changed (it just got bigger lately - but that's for another post). PostgreSQL is cooler than ever and powers PopScan day-in, day-out without flaws.
Finally, I'm still using InnoSetup for my Windows Setup programs, though that has lost a bit of importance in my daily work as we're shifting more and more to the web.
Still. There are two more tools I must add to the list:
- jQuery is a JavaScript helper libary that allows you to interact with the DOM of any webpage, hiding away browser incompatibilities. There are a couple of libraries out there which do the same thing, but only jQuery is such a pleasure to work with: It works flawlessly, provides one of the most beautiful APIs I've ever seen in any library and there are tons and tons of self-contained plug-ins out there that help you do whatever you would want to on a web page.
jQuery is an integral part of making web applications equivalent to their desktop counterparts in matters of user interface fluidity and interactivity.
All while being such a nice API that I'm actually looking forward to do the UI work - as opposed to the earlier days which can most accurately be described as UI sucks. - git is my version control system of choice. There are many of them out there in the world and I've tried the majority of them for one thing or another. But only git combines the awesome backwards-compatibility to what I've used before and what's still in use by my coworkers (SVN) with abilities to beautify commits, have feature branches, very high speed of execution and very easy sharing of patches.
No single day passes without me using git and running into a situation where I'm reminded of the incredible beauty that is git.
In four years, I've not seen one more other tool I've as consistenly used with as much joy as git and jQuery, so those two certainly have earned their spot in my heart.
Life is good
Remember last week when I was ranting about nothing working as it should?
Well - this weeks feels a lot more successful than the last one. It may very well be one of the nicest weeks I've had in IT so far.
- The plugin system I've written for our PopScan Windows Client doesn't just work, it's also some of the shiniest code I've written in my life. Everything is completely transparent and thus easy to debug and extend. Once more, simplicity lead to consistency and consistency is what I'm striving for.
- Yesterday, we finally managed to kill a long standing bug in a certain PopScan installation which seemed to manifest itself in intermittently non-working synchronization but was apparently not at all working synchronization. Now it works consistently.
- Over the weekend, I finally got off my ass and used some knowledge in physics and and a water-level to re-balance my projector on the ceiling mount making the picture fit the screen perfectly.
- Just now, I've configured two managed switches at home to carry cable modem traffic over a separate VLAN allowing me to abandon my previously whacky setup wasting a lot of cable and looking really bad. I was forced to do that because a TV connector I've had mounted stopped working consistently (here's the word again).
The configuration I thought out worked instantly and internet downtime at home (as if somebody counts) was 20 seconds or so - the TCP connections even stayed all up.
- I finally got mt-daapd to work consistently with all the umlauts in the file names of my iTunes collection.
If this week is an indication of how the rest of the year will be, then I'm really looking forward to this.
As the title says: Life is good.
Food for thought
- When you open a restaurant, you know the risk of people going to the supermarket and cook their own meal, not paying you as the restaurant owner.
- When you publish a book, you know there are going to be libraries where people can share one copy of your work.
- When you build a house and sell it, you know the people living there will be going in and out of your house for year without ever paying you anything more.
- When you live in a family and clean the parents car for one Euro, you know about the risk of your sister doing it for 50 cents next time around.
But
- The music industry claims to have a monopoly on their work, managing to get laws created that allow them to control distribution and disallow anybody to create a lookalike without paying them.
- The game industry is hard at work making it impossible for honest customers to even use the game they bought on multiple devices. And now they even begin to go after the used games market (think about that SNES pearl you just saw in your small games store. The one you wanted so badly ever since you've been young. Wouldn't it be a shame it was illegal for them to sell it?)
- The entertainment industry is hard at work to make you pay for every device you want to play the same content on.
- Two words. "SMS pricing".
Why do things applying to "small people" not apply to the big shots? Why does the government create laws to turn around well-known facts we have grown up with just so that the wealthy companies (the ones not paying nearly enough taxes) can get even wealthier?
I just don't get it.
Apple TV – Second try
When Apple announced their AppleTV a couple of months (or was it years?) ago, I was very skeptical of the general idea behind the device. Think of it: What was the big success behind the iPod? That it could run proprietary AAC files people buy from the music store?
No. That thing didn't even exist back then. The reason for the success was the total easy (and FAST - remember: Back in the days, we had 1.1 MB/s USB which every MP3 player used vs. 40MB/s Firewire of the iPod) handling and the fact that it was an MP3 player - playing the files everyone already had.
It was a device for playing the content that was available at the time.
The AppleTV in its first incarnation was a device capable of playing content that wasn't exactly available. Sure it could play the two video podcasts that existed back then (maybe more, but you get the point). And you could buy TV shows and movies in subpar quality on your PC (Windows or Mac) and then transfer them to the device. But the content that was available back then was in a different format: XVID dominated the scene. x264 was a newcomer and MP4 (and mov) wasn't exactly used.
So what you got was a device, but no content (and the compatible content you had was in subpar quality compared to the incompatible content that was available). And you needed a PC, so it wasn't exactly a device I could hook to my parents PC for example.
All these things were fixed by Apple today:
- There is a huge library of content available right here, right now (at least in the US): The new movie rental service. Granted. I think it's not quite there yet price vs. usability-wise (I think $5 is a totally acceptable price for a movie with unlimited replayability), but at least we have the content.
- It works without a PC. I can hook this thing up to my parents TV and they can immediately use it.
- The quality is OK. Actually, it's more than OK. There is HD content available (though maybe only 720p one, but frankly, on my expensive 1080p projector, I don't see that much of a difference between 720p and 1080p)
- It can still access the scarce content that was available before.
The fact that this provides very easy to use video-on-demand to a huge amount of people is what makes me think that this little device is even more of a disruptive technology than the iPod or the iPhone. Think of it: Countless of companies are trying to make people pay for content these days. It's the telcos, it's cable companies and it's device manufacturers. But what do we get? Crappy, constantly crashing devices, which are way too complicated for a non-geek and way too limited in functionality for a geek.
Now we got something that's perfect for the non-geek. It has the content. It has the ease-of-use. Plug it in, watch your movie. Done. This is what a whole industry tried to do and failed so miserably.
I for my part will still prefer the flexibility given by my custom Windows Media Center solution. I will still prefer the openness provided by illegal copies of movies. I totally refuse to pay multiple times for something just because someone says that I have to. But that's me.
And even I may sooner or later prefer the comfort of select-now-watch-now to the current procedure (log into private tracker, download torrent, wait for download to finish, watch - torrents are not streamable, even if the bandwith would easily suffice in my case - the packets arrive out of order), so even for me, the AppleTV could be interesting.
This was yet another perfect move by Apple. Ignore the analysts out there who expected more out of this latest keynote. Ignore the bad reception of the keynote by the marked (I hear that Apple stock just dropped a little bit). Ignore all that and listen to yourself: This wonderful device will certainly revolutionize the way we consume video content.
I'm writing this as a constant sceptic - as a person always trying to see a flaw in a certain device. But I'm sure that this time around, they really got it. Nice work!
My PSP just got a whole lot more useful
Or useful at all - considering the games that are available to that console. To be honest: Of all the consoles I have owned in my life, the PSP must be the most underused one. I basically own two games for it: Breath of Fire and Tales of Eternia - not only by this choice of titles, but also by reading this blog, you may notice a certain affinity to Japanese Style RPG's.
These are the closest thing to a successor of the classical graphic adventures I started my computer career with, minus hard to solve puzzles plus a much more interesting story (generally). So for my taste, these things are a perfect match.
But back to the PSP. It's an old model - one of the first here in Switzerland. One of the first on the world to be honest: I bought the thing WAAAY back with hopes of seeing many interesting RPG's - or even just good ports of old classics. Sadly neither really happened.
Then, a couple of days ago, I found a usable copy of the game Lumines. Usable in a sense of when the guy in the store told me that there is a sequel out and I told him that I did not intend to actually play the game, he just blinked with one eye and wished me good luck with my endeavor.
Or in layman's terms: That particular version of Lumines had a security flaw allowing one to do a lot of interesting stuff with the PSP. Like installing an older, flawed version of the firmware which in turn allows to completely bypass whatever security the PSP would provide.
And now I'm running the latest M33 firmware: 3.71-M4.
What does that mean? It means that the former quite useless device has just become the device of my dreams: It runs SNES games. It runs Playstation 1 games. It's portable. I can use it in bed without a large assembly of cables, gamepads and laptops. It's instant-on. It's optimized for console games. It has a really nice digital directional pad (gone are the days of struggling with diagonally-emphasized joypads - try playing Super Metroid with one of these).
It plays games like Xenogears, Chrono Cross, Chrono Trigger - it finally allows me to enjoy the RPG's of old in bed before falling asleep. Or in the bathtub. Or whatever.
It's a real shame that once more I had to resort to legally questionable means to get a particular device to a state I imagine it to be. Why can't I buy any PS1 game directly from Sony? Why are the games I want to play not even available in Switzerland? Why is it illegal to play the games I want to play? Why are most of the gadgets sold today crippled in a way or another? Why is it illegal to un-cripple our gadgets we bought?
Questions I, frankly, don't want to answer. For years now I wanted a possibility to play Xenogears in bed and while taking a bath. Now I can, so I'm happy. And playing Xenogears. And loving it like when I was playing through that jewel of game history for the first time.
If I find time, expect some more in-depth articles about the greatness of Xenogears (just kidding - just read the early articles in this blog) or how to finally get your PSP where you want it to be - there are lots of small things to keep in mind to make it work completely satisfactory.
reddit’s commenting system
This is something I wanted to talk about for quite some time now, but I never got around to it. Maybe you know reddit. reddit basically works like digg.com - it's one of these web2.0 mashup community social networking bubble sites. reddit is about links posted by users and voted for by users.
Unlike digg, reddit has an awful screen design and thus seems to attract a bit more mature crowds than digg does, but lately it seems to be taken over by politics and pictures which devalues the whole site a bit.
What is really interesting though is the commenting system. In fact, it's interesting enough for me to write about it and it works well enough for me to actually post a comment there here and then. It's even good enough for me to be sure that whenever I will be in the situation to design a system to allow users to comment on something that I will have a look at what reddit did and I will model my solution around that base.
There are so many commenting systems out there, but all fail in some regards. Either they disturb your reading flow, making it too difficult to post something. Or they either hide comments behind a foldable tree structure or they display a flat list making it difficult to see any kind of threading going on.
And once you actually are interested in a topic enough to post a comment or a reply to a comment, you'll quickly lose track of the discussion which gets as quickly buried by newly arriving posts.
reddit works differently.
First, messages are displayed in a threaded, but fully expanded view, thus allowing to skip over content you are not interested in while still providing all the overview you need. Then, posting is done inline via some AJAX interface. You see a comment you want to reply to, you hit the reply link, enter the text and hit "save". The page is not reloaded, you end up just where you left off.
But what good is answering to a comment if the initial commenter quickly forgets about his or her comment? Or if he or she just plain doesn't find her comment again?
reddit puts all direct replies to any comments you made into your personal inbox folder. If you have any of these replies, the envelope to the top right will light up red allowing you to see newly arrived replies to your comments. With one click, you can show the context of the post you replied to, your reply and the reply you got. This makes it incredibly easy to be notified when someone posted something in response, thus keeping the discussion alive, no matter how deeply it may have been buried by comments arriving after yours.
So even if reddit looks awful (one gets used to the plain look though), it has one of the best, if not the best online discussion systems under its hood and so many other sites should learn from that example. It's so easy that it even got me to post a comment here and then - and I even got replies despite not obviously trolling (which usually helps you get instant-replies, though I don't recommend this practice).