Upgrade Anxiety – We all have it

As I type this I can see an icon indicating 10 plugins need to be upgraded on my blog. Most are minor upgrades with tweaks and fixes that don’t really affect me. Some, like the WP Super Cache update, are enough to give me nightmares of my blog having serious technical issues.

Oh wait…hah! Well, I actually did totally mess up my blog a couple years ago. I thought simply installing the WP Super Cache update would automatically preserve all of my settings. If you aren’t familiar with this WordPress plugin, it essentially provides a performance boost to your blog by having a gazillion caching-related knobs, bells and whistles that you can tune.

Yes, I did research the topic of upgrading beforehand. And at the time, deja vu, I found very little useful information other than people recommending you should upgrade. Caveat Emptor. I ended up paying a tech support person $175 to fix my mistake and my blog was totally messed up for about a week.

Okay, so now I make sure to backup/export all my WP Super Cache settings . Yet I still get the heebie-jeebies every single time I get its plug-in update notification.  A few friends offered some not-so-tongue-in-cheek suggestions of why don’t I just learn about all the different settings and just experiment. “You have the skill(z),” they told me. I couldn’t argue with that.

What it really comes down to is “how” I want to spend my time. Like most members of the Esri Developer Evangelist team, I’m totally slammed at work and the outdoors keep me busy after hours and on most weekends. I don’t really care to learn the nitty-gritty intricacies of WP Super Cache and it’s hundreds of configuration permutations, along with all the other stuff I have to learn to stay on top of the latest technologies, APIs, etc.

In hindsight, now I know the WP Super Cache website doesn’t have a single link or tab that explains the various settings and configuration options. There are ten steps listed that don’t even begin to cover what happens if you change something, or what are the pluses and minuses of doing one setting versus another.

Lessons Learned:

  • You don’t have to accept all upgrades whether it’s your laptop, smartphone app, etc. I’ve gotten really good at skipping some. Others, like Chrome, happen automatically and even though they also occasionally introduce new bugs.
  • Note to self: Always, always back up your software, databases and settings.
  • Some upgrades deserve more attention than others. WP Super Cache is one of those upgrades that deserves your full attention to details. Spend time on forums reading and asking questions before hitting the upgrade button.
  • Some upgrades simply aren’t worth it. I’ve dropped a number of plug-ins that mysteriously started gathering information from my blog such as AddThis. I was running a protocol analyzer at the time and I noticed strange http requests to a 3rd party URL. Not only were the synchronous http requests slowing down my website, but when I visited the 3rd party website the details of what they did were extremely vague.
  • The last lesson learned is actually a note to software vendors that may be reading this. Too many upgrade notifications per month is very annoying. Unless you find a fatal bug, one upgrade per month is about my limit.
Tags: ,
Posted in WordPress | No Comments »

Esri Developer Summit – Washington D.C.

This year, for the first time, Esri has added a day of fun for our fellow geo-developers that work for the Federal government or who live and work in the Washington D.C area.  Tacked onto the end of the regular Federal GIS (Geographic Information System) conference, the Esri [Geo] Developer Summit will take place on Wednesday February 12, 2014. Consider it to be a full day of geo-geek coding goodness. If you are in the D.C. area and have requirements to do anything spatial or geo-related then you should definitely attend.

If you are already planning going to be there stop by and say “hi.” I’ll be presenting these three sessions:

-       ArcGIS API for JavaScript – Advanced Topics
-       ArcGIS API for JavaScript – Building Mobile Web Apps
-       ArcGIS Runtime SDK for Android – Building Applications

Last but definitely not least, if you can’t make that, our full-blown geo-developer conference is called the Esri International DevSummit and it takes place in Palm Springs, March 10 – 13. Over 1500 developers converge on this desert oasis to deep dive into all things geo.

Tags: , , ,
Posted in Conferences | No Comments »

What all mobile web devs should know about PhoneGap

If you already building or looking into getting started with mobile web applications you should understand the basics of PhoneGap. The name ‘PhoneGap’ is widely recognized, and perhaps more widely misunderstood.

The nudge to write this article was born out of conversations where we stumbled across concrete limitations to modern responsive JavaScript libraries such as bootstrap and jQuery. Limitations that cannot be overcome by adding more brilliant functionality because some JavaScript capabilities simply do not exist within the browser today. Furthermore, other requirements were imposed by political realities, timeframes and expectations.

That’s where PhoneGap steps in. 

So what, tell me what PhoneGap does?

PhoneGap is owned by Adobe and it has an open source top-level Apache Foundation sister project called Cordova. I won’t bore you with its long and twisted history, you can read about it here if you want.

The bottom line is PhoneGap allows you to develop JavaScript mobile applications that have access to certain aspects of the native device such as writing data to a filesystem. Your web application is wrapped within a native mobile application container that gives you JavaScript access to native operating system capabilities beyond what the browser itself is capable of doing!

By native I mean iOS Objective C, Android Java, WindowsPhone, Windows 8, Blackberry 10, Amazon Fire OS and Tizen. Your JavaScript applications runs in a chrome-less browser that gives you special hooks to the operating system. You can also submit PhoneGap applications to the AppStore, Google Play and others.

Who uses this stuff, well you may be using a PhoneGap app from one of these online stores and not even know it. To mention a few: Southwest Airlines and many others.

What limitations can PhoneGap address that responsive libraries don’t?

If your requirements call for all or most of the following items, then PhoneGap is the correct choice for your project today. That may change as HTML5 continues to rapidly grow, but for now I’m sticking with the following bullet points. Stick with me and read through all of these before starting to throw out counter arguments.

JavaScript skillz. If you are an existing JavaScript shop, then PhoneGap leverages your existing JavaScript skills to access capabilities beyond current browser functionality without the need to have an in-depth understanding of Objective C or Java.

Sure, it’s easy to say you can hire expert contractors to develop iOS and Android applications, along with UX designers and testers. But, if your budget doesn’t include the capital costs for these folks and all you have is JavaScript ninjas on staff then the choice is easy.

Or, maybe you have genius-level developers that could easily and quickly spin up on all your need to know on ObjectiveC and Java Android. If this isn’t the case, and your timeframes and budgets don’t allow for this then you’ll need a fallback plan such as PhoneGap.

Access to camera.  Yes, you can currently access the camera on some web browsers today. However, the support on mobile browsers is still inconsistent, limited or non-existent. On the other hand, native device OS’s are expected to have access to cameras If they didn’t it would be considered a serious oversight. PhoneGap provides cross-platform mobile device access to the camera.

Read/write access to SD Card. Just to reiterate, this is both read and write access to a local storage device. Certainly there is a FileReader API in plain old JavaScript, but as far as I know there isn’t a FileWriter or its equivalent yet. If you need the write access to go along with read capabilities then you should be looking at PhoneGap.

[Correction Jan. 27, 2014] I mis-wrote. The FileWriter API exists however it has limited supported across browsers: http://caniuse.com/#search=filewriter. And, examples of it’s use can be found here.

AppStore or Google Play. If you have a requirement to submit your application to the app store then PhoneGap will help you get there. There is no way today for submitting a stand-alone web application for acceptance on AppStore or Google Play. Period. Some will argue that the need for using these online application stores is going away, but that’s a non-issue if you have been directed to meet this requirement a.s.a.p. and your job depends on it. If that’s the case, then PhoneGap will be your friend.

Is there anything else I should know?

Yes…First, PhoneGap is not perfect, but then again few software projects are perfect. You will need to install and know a few things about the native IDEs you want to support. If you want to deploy Android you’ll need to install Eclipse or IntelliJ. For iOS you’ll need to install XCode. Etc. You still have to compile a native project or you can try your hand at Adobe’s PhoneGap Build, which is a cloud based build system for PhoneGap.

It is confusing that there are two projects that share a common/similar code base: PhoneGap and Cordova. Also, Cordova’s documentation has typically been more up to date that Adobe’s. If you do your research you’ll find various performance complaints and bug issues (like I just said are there any software projects that don’t have these??).  Yet, overall it’s a great starting point if you have the needs listed above, and it’s much better than trying to start from scratch given today’s dramatically shortened delivery expectations.

You can absolutely still use bootstrap, jQuery and other JavaScript libraries within PhoneGap. There are caveats, of course, related to application life-cycle issue, navigation as well as App Store and Google Play user interface acceptance guidelines.

If you want to add functionality to PhoneGap because you find some critical thing is missing that you need for your project, the good news is you can develop a custom plug-in.

Last, I should mention Titanium Studio. It also lets you leverage JavaScript skills, with the primary difference being that it converts JavaScript into native byte code rather than just displaying it in a chrome-less view.  Plus it’s comes with its own IDE and MVC Framework.  I’ve never used Titanium so I can’t judge it, however I know people who do use it successfully and love it. It’s one more thing to consider that you should be aware of.

References

Cordova Documentation

PhoneGap Documentation

PhoneGap Platform Support

Tags: , , , , , , ,
Posted in JavaScript, Mobile, PhoneGap | No Comments »

The question that I get asked the most these days is “what development languages should I be learning [to stay competitive/excited/motivated/etc] ?” The high-tech industry, and software in particular, is changing at a ridiculously fast pace and that introduces a lot of uncertainty and confusion as well as great opportunity. My answer to this question is unequivocal: I think for the foreseeable future developers should be learning the basic concepts of JavaScript and Python. If you don’t already have these skills then you simply cannot go wrong with this approach. If you’ve been a long-time server-side developer, or you are just getting started with software development then knowing the patterns and practices for JavaScript and Python will serve you well.

Why?

There are three primary reasons and I’ll try to be short and to the point. First, there are at least 2.5 billion internet users world wide, and that number is growing. Their primary method of accessing the web is a browser and JavaScript is the lingua franca of the browser world. JavaScript is a scripting language and it is “the” fundamental building block that allows web pages to “do” things such as submitting your search request to a server, or helping to find your location from your phone. Almost all web pages being served up around the world have JavaScript in them.

Second, the majority of retail, commercial and governmental web applications have a requirement that calls for the use of “server-side” code. This is code, such as Python, that runs on a server and not in the browser application. The most common functionality of server-side code is passing data back and forth between a database and a web application. For example, if a web app asks for a username and password, that user name and password are almost always stored on a server somewhere and not, for security reasons, in the web page and on the client browser where it could be very easily stolen.

Third, you can absolutely apply these client-server patterns and practices to other languages used within the realm of web development. A User Interface designer who has been solely focused on layout and styling via Cascading Style Sheets (CSS) can now understand and appreciate how the underlying JavaScript code can affect the look, feel and behavior of a web page. Python skills can also be used a springboard for more quickly learning other powerful web development platforms such as ruby-on-rails.

The bottom line is if you understand both client development (JavaScript) and server development (Python), then you start to gain considerable value as someone who understands how to help the entire system work together in harmony.

A short note on jQuery.

Many (most?) new web developers learn jQuery first. However, even if you know jQuery you don’t necessarily understand JavaScript. The awesome jQuery libraries provide an interface that hides and simplifies a lot of native JavaScript hoopla, and in general can really make life significantly easier and save time when building modern cross-browser web apps. jQuery is built using JavaScript (and CSS3), but it is not JavaScript. Because of that, when something goes wrong or not as you expected (not if, but when!), and you have a general understanding of how JavaScript works, then you stand a much better chance of figuring out a timely work-around with significantly less stress, frustration and time wasted towards your projects deadline.

The absolute minimum recommended reading list:

JavaScript.

  • Douglas Crockford’s book “JavaScript: the good parts”.
  • Douglas Crockford’s website – He is considered a key brainchild behind the ongoing development and understanding of JavaScript.
  • W3schools – An excellent website for anyone using or learning JavaScript. It has tutorials and online Try It Yourself sample apps.

Python.

Tags: , , , , , , ,
Posted in JavaScript | No Comments »

Let me start out by saying I like my Android phones. I like developing for Android even with all the inherent version support issues, etc etc. So, in my previous post I brought up privacy issues related to installing Android apps along with a suggested fix. That post was inspired by a major change in Android v4.4.2 that removed “App Ops,” even though I didn’t mention it by name. The removal of that functionality is now a very visibility topic thanks to a number of high–profile bloggers such as the Electronic Frontier Foundation (EFF) who also have taken exception to this change.

In a nutshell, App Ops or its equivalent, would allow you to manually toggle individual application permissions on and off.  You can search for articles on what App Ops is, or read my previous post on what it should be.

I’d take the issue of “control over what applications can access” even one step further and propose that it’s well past time that Google should begin reviewing Android app submissions similar to what Apple does for the App Store.  Seriously. In combination with App Ops, or similar functionality, this could only help reduce the amount of nefarious practices, content, viruses, Trojans and more. Case-in-point: for the first this September, Kaspersky Labs reported a particularly sophisticated Trojan virus along with distribution mechanisms specially gift wrapped just for Android users. And, then again in November they announced an Android-specific financial phishing Trojan aimed at stealing banking usernames and passwords.

To get an idea of what is allowed on Google Play all you need to do is compare Apple’s App Review Guidelines with Google Play Policies and Guidelines. For example, searching the related Android Developer Content Policy for the term “review”, it only shows up once, and that is in regards to serving up advertisements.

My hope is that Google takes heed and makes some necessary and timely changes so that we can all continue to enjoy our Android devices safely and securely.

Tags: , , , ,
Posted in Android | No Comments »

Important fix needed for Android app permissions

I believe there is a significant flaw in how permissions are set when you install Android apps. You get two options – Accept all or nothing. For readers not familiar with how Android app permissions work, there is a configuration file for each app that sets permissions for that app only. Permissions are needed for any functionality that affects how the app accesses things like sensors (e.g. GPS), SD Cards and the internet. These permissions do not affect any other app on the phone.

I propose an important change should be implemented at the operating system level — You should be able to accept or deny each privilege at installation time. This would make it an opt-in approach rather than an opt-out. Sure, some of you will say there are apps that can help you do that afterwards, but for tens of millions of consumers that’s not good enough. The vast majority of consumers simply don’t do take advantage of that for a variety of reasons, so having the option to accept/deny up front is the best way to go.

Yes, there is a good chance that many (most?) users would still simply accept all. However, I think increasing numbers of users would become aware that they can opt out of certain things and take advantage of the convenience and the potential for added security that this approach provides.

Developers and companies that build Android apps will probably yell loudly that this will affect how their apps work. Note that there are no technical reasons as to why this wouldn’t work. If someone checks “don’t allow internet access”, we developers can gracefully disable parts of the application and provide notifications when users attempt to access the internet. If someone disallows geolocation, then we do the same thing. Users can always opt back in if they need to. If some vendors take the approach that if you opt-out of certain things then the entire app will be disabled, then so be it. I personally would be wary of installing an app that did that.

Take the example of the screenshot below. This is the installation screen from a very popular sports app. I wonder why does it need access to my phone calls, my Accounts, or even contents of my USB storage? It doesn’t even provide an option to move the app to USB and there are no capabilities in the app (that I’m aware of) related to making phone calls. I would love to be able to opt out of these.

Android permissions

Tags: , ,
Posted in Android | No Comments »