Would you use a Mac mini as your development machine?

Apple just released a brand new, gorgeous looking Mac mini. This major upgrade brings us two different models: a desktop one and a server version (priced at $699 and $999, respectively).

Equipped with a HDMI port, the desktop edition of the Mac mini makes for a perfect Home Theater PC. It’s small and stylish, and as such is a great fit in your living room. Most of the reviews I’ve read focus on its use as a highly capable HTPC (despite its lack of a Blu-Ray drive).

However, I see the new Mac Mini in a different light. At $700 it is far too expensive for a HTPC, yet it’s ideal as an entry-level machine for web, Mac, and iOS development (it’s almost as cheap as a Hackintosh, minus the headache).

Mac Minis will do the job and be more than capable thanks to their adequate, albeit not spectacular, hardware specs. If my MacBook Pro were to die today, I would definitely consider purchasing one for development purposes. Would you?

Follow up to my Gmail third-party access post

My previous post about a possible intrusion by non-authorized parties on my Gmail account has received a lot of attention on Hacker News, and was even linked to from LifeHacker. There were a lot of questions, concerns, and critics that quickly surfaced, and in this post I’ll address most of them. Given the volume of heterogeneous points at hand, I will present this post in an informal FAQ manner.

Image © Sooperkuh.

Did the IP 173.203.211.51 belong to a malicious user?

No. It belongs to etacts (a social plugin for Gmail), who has confirmed that the IP is one of theirs. They were authorized by me to access my inbox via IMAP for “analytics” purposes.

Why did you originally think that it could have been a malicious user?

A reverse-lookup of the IP address did not show an etacts hostname, as it had in the past, but instead a generic Slicehost server. A search quickly revealed that other people had complained online about the same IP accessing their inbox, too. This was a red flag, but contrary to some peoples’ interpretation, I didn’t freak out about it.

Oh come on, you freaked out, admit it.

Not quite, but I was reasonably concerned.

Were you a bit paranoid about it?

No.

But they are after you.

Really? Who?

Everyone. Everyone is after you.

Oh.

What about Zoho Discussions and Trendly?

Zoho and Trendly are the only two services I granted access to my Google account. In practice, this means I simply logged in using Google as a single sign-on, instead of creating a new account for each of those services. This type of OAuth-like authentication does not provide third party companies with your password, as explained by Google in this help page.

Contrary to my initial post, Zoho and Trendly could not have been the culprits. etacts on the other hand required a username and password in order to work. This is likely to change when Google introduces OAuth for IMAP.

Shouldn’t you — or anyone — know better than give your password to third parties?

Generally speaking, yes. You shouldn’t share your password with anybody. In this case, I assessed the risks and benefits of doing so, and opted for the convenience of the service, feeling that etacts was/is trustworthy.

etacts is a YCombinator-funded startup and its entire business model depends, for the time being, on people trusting them with their login credentials. Until Google launches OAuth for IMAP, there isn’t really a way around this scenario, if you want to use such a service.

I fully understand that some people may feel that it’s never wise to trust a third party regardless of the benefits involved into the equation.

Shouldn’t etacts attempt to prevent such false alarms?

Yes, and the team at etacts was very proactive in terms of proposing possible solutions to prevent those users who trust them from needlessly worrying when an usual IP is recorded. Publishing a list of their IPs and ensuring that reverse lookups of such IPs lead to actual etacts hostnames, were two of the potential solutions that they suggested.

So was it much ado about nothing?

Yes and no. Without a doubt, the event that led me to write the article was the false alarm, but the real motivation behind it was to bring Google’s access log to people’s attention, regardless of whether they shared their password or not. In fact, following my post there were reports of people who’d discovered there had been illicit accesses to their accounts.

I also published the article to share some suggestions on what to do when dealing with an intrusion.

Why did you say that you changed the password on a wired computer?

As I mention in the post, it was unlikely that someone managed to sniff my password by whatever means. Occam’s Razor did point towards the service I’d given my password to, which I made clear in my initial post.

I happened to have a newly formatted Linux desktop, so I used that one. It didn’t take any extra effort on my part. In my case, using that or using my laptop would have been no different (in fact, I used my WiFi throughout the whole ordeal, and I haven’t bothered to change my WiFi password either).

Since those were general suggestions in a checklist of sort, it didn’t hurt to include it for people who may have had their password sniffed (even though such scenario would require further action).

You don’t need DBAN to remove possible keyloggers

That’s true, you don’t. I’d been planning to do a clean install on my MacBook Pro for a long time, so I thought I’d take the opportunity and go ahead with it now. As well, formatting one’s hard drive to remove keyloggers is still a valid suggestion for those who did have their password keylogged.

You don’t need DBAN for a new installation either

These days it’s rather rare that I do a brand new installation, so when I do, I like to start with a clean slate. Booting with DBAN and running a quick erase to zero in every bit is not an overly lengthy process. It’s an unnecessary step, that is unless you have unicorn riding midget pr0n to hide.

Do you have unicorn pr0n to hide?

Only a few gigabytes.

Is there anything else you’d like to add?

One thing I forgot to mention in my previous post is that, after changing your password, you may want to remove the app authorization from your list of authorized third parties for your Google Account.

BTW, what’s up with the server dying on us?

When I setup my server (a long time ago), NGINX wasn’t as established as it is today. So I went with Apache which is a slow and heavy beast. If you add that WordPress is resource hungry as well, you get a fine tuned 1GB of RAM slice that struggled with several thousand visitors in the span of a few hours. An strace of the Apache processes revealed that despite APC and the WordPress SuperCache plugin, PHP was still hogging resources like doing so is going out of style. (Despite my server issues more than 20,000 visitors managed to read the article from my old server.)

I have now moved this blog to a 4GB, 2 CPUs server in the cloud, using NGINX as a web server. I will slowly port my other blogs as well as I migrate away from Slicehost. This setup should be able to handle much heavier loads (at least in theory). If you notice any problems, please don’t hesitate to let me know. (I officially declare my current deployment as an alpha “release”).

That should wrap things up in regards to this Gmail investigation, folks. Time to move on.

Adobe AIR as the cross-platform solution of choice

Adobe has just made an important announcement:

We are pleased to announce the immediate availability of the Adobe AIR 2 runtime. Starting today, you can download and install the new version at get.adobe.com/air/.

Adobe AIR is rapidly becoming a very viable solution to the desktop cross-platform conundrum. MicroISVs pay attention, this new release includes a native processes API, WebKit, multi-touch and gesture support, as well as major performance improvements.

If I were to develop a cross-platform application today, I would probably opt for AIR, just like Balsamiq did. Working with AIR and Flex (or HTML5) is a pleasant enough experience, and while bashing Adobe seems to be in vogue these days, I like where they’re heading (at least on the desktop front).

The world according to Android

Apple is receiving copious amounts of bad press due to their somewhat arbitrary and restrictive App Store policies. This isn’t going to change a thing at Apple, but the complaints are warranted. Android on the other hand is touted as being “the open platform”, and developers are invited to develop and sell their apps on the Android Market, rather than investing in a proprietary platform like the iPhone OS and the App Store.

So much for being open

When discussing the main emerging alternative platform, Android, we often hear about fragmentation issues, but critics tend to ignore the elephant in the room. Very few people can buy and sell apps on the Android Market. In fact, only developers from nine countries are allowed to sell applications on the Android Market. Take a look at the following map I prepared:

Fine folks from Canada, Australia, New Zealand, Denmark, Sweden, Ireland, Russia, China, India, etc, are all excluded from this platform. Sure, they can sell apps on their own sites, but the real advantage of the App Store and the Android Market is in their ability to show and sell apps to a wide audience. If you lose that, you are pretty much out of the game or you’ll be starting off with a humongous disadvantage.

Is this the best Google can do?

Before you jump in and cut Google some slack, remember that the Android Market has been around for almost two years. As much as I want to cheer for the underdog, one has to ask if Google really thinks that this half-assed attempt will challenge the absolute supremacy of the App Store in the marketplace. How much innovation, money, and good will are they leaving on the table? Keep in mind that there is no stevejobs@google.com. Google is notoriously bad when it comes to supporting and listening to their customers, because trust me, I’m not the only one complaining about this.

I want to believe in the future of Android and the prospect of developing for it, but like many other developers I don’t even have the option. If I wanted to develop in the emerging mobile market and perhaps make some money out of it, it’s the iPhone OS way or the highway.

The most important programming language today

“What programming language should I study next? What framework?” I occasionally receive emails from younger — and not so young — readers alike asking me for guidance about such matters. “Use the right tool for the job” is the correct answer, but it’s cheap advice when there are a plethora of tools seemingly right for the job. For most people these days the job at hand is of course web application development.

Should they study Ruby and Ruby on Rails? Or Python and Django? How about C# 4.0 and ASP.NET MVC? Maybe CakePHP? Java and Stripes? And how about more exotic choices like Clojure and Compojure or Scala and Lift?

With very few exceptions, in 2010, it’s hard to choose a combination of semi-popular technologies that couldn’t do the job. Does it really make a huge difference if you choose to study Ruby on Rails or Django? In all honesty, despite all the existing differences, it doesn’t really matter. As long as you become proficient with one of these tools, you will be adequately equipped to approach most web development tasks. Your experience as a server-side developer will be the bottleneck, not your framework of choice.

The real reason why I get asked these questions though, is that these people are mostly looking for a silver bullet, a language-framework combo that will magically allow them to create fantastic web applications in a matter of weeks. They are often after a shortcut, but there is no royal path to web programming.

When I think about the future of programming languages, I envision Babel not people talking Esperanto. We are destined to live in a technological world were there will be many valid server-side options, which are similar yet different enough to justify their own existence and that of their respective communities.

There won’t be a programming language to rule them all, but I believe one language will continue to be the lingua franca of the web. In that sense, it’s the most important programming language today and I think its relevance will only continue to grow in the future. I’m talking of course about JavaScript.

Today JavaScript is king when it comes to client-side web programming. It took us a while to reach this point. In the collective mind, JavaScript was considered a poor language used by amateurs to create annoying web pages. Today (thanks to AJAX amongst others factors) it’s a language that’s appreciated by many professionals and used by the vast majority of web developers. Whether you program web applications in Ruby, Python, Perl, PHP, C#, or something else, you’ll deal with JavaScript (it’s the greatest common denominator of the web development community). I know of very few professional web developers who lack a cursory knowledge of the language (or its cousin, ActionScript).

Over the past few years the browser has become the single most important application on users’ computers. This in turn, sealed JavaScript’s fate for the foreseeable future. Despite its many flaws, JavaScript is a powerful and elegant language that has advanced features which are blatantly missing from “full blown” languages like Java. Programmers have come to realize its power and usefulness within the browser. Beautiful JavaScript frameworks like jQuery, YUI, and more recently SproutCore and Cappuccino (Objective-J), showcased the art of what it’s possible to accomplish with this language. And with HTML5 becoming closer to reality, there will be an ever greater emphasis on DOM scripting and less reliance, when feasible, on RIA plugins.

If generally speaking, JavaScript is a solid and powerful language that most web developers need to know anyway, why can’t we develop in JavaScript server-side as well? And while we’re at it, maybe use it for desktop applications too? It would seem rational to capitalize on the benefits of having a huge percentage of programmers use the same language for both client and server-side programming. (If an update to the language is required to clean it up a little, let’s do that.) Why shouldn’t we be able to run js myscript.js, outside of a browser, and obtain the result of the computation in output? There is no inherent reason why JavaScript needs to be tied to the browser.

Thankfully times are changing and concrete answers to those rhetorical questions are emerging. The V8 JavaScript Engine is a project that was started by Google which provides us with a standalone shell to execute scripts and try out code in a basic REPL (Read-eval-print-loop). It’s the same engine embedded into Google Chrome, and as such, it’s a fast implementation as well.

Another great effort that’s headed in the same direction, and builds on top of V8 is Node.js, an evented I/O framework. You can think of it as Tornado, Twisted or EventMachine, simplified for server-side JavaScript. Node doesn’t require as much knowledge about event loops and non-blocking I/O, and the look and feel of such callbacks is very reminiscent of the type of AJAX code we’ve all seen before. Node can easily be used as a basic, ultra fast web server, to which one can delegate I/O callbacks for scalability and efficiency.

Recently Heroku announced beta support for Node¹. It’s a risk on their part, but one worth taking in my opinion. If nothing else, at the very least, Rails developers deploying on Heroku will have the option to integrate Node to increase scalability and performance.

But Node (which embeds the V8 engine) has a lot more potential than just that. The ultimate goal is to become a self-contained solution which would allow one to develop and deploy server-side JavaScript code in production mode.

Node is just a prominent example of the impact of the CommonJS project/movement, which is aimed at making JavaScript available outside of the browser (on severs and desktops). There is in fact an ecosystem of new .js libraries that are meant to be used with server-side JavaScript (this is likely to grow over time).

What we really need is a lightweight web framework that well integrates server and client-side JavaScript. This would have game changing potential (think Rails back in 2004). Developers have grown accustomed to a high level of abstraction when it comes to web development though, so there are a couple of possibilities here: either Node will become that framework or someone will create such a framework (perhaps on top of Node). Whoever does that will hold a piece of future and a golden ticket in their hands.

[1] For a terrific demo of a Cappuccino + Node application deployed on Heroku, check out GitHub Issues.

On the iPhone, iPad and Android Market Share

There has been quite a bit of discussion over the market share of mobile devices today (arguably, for the past few years). It all started with a link on TechCrunch, claiming that Android overtook the iPhone in terms of US traffic (according to AdMob). This being a clear case of selection bias, I set about to figure out the mobile devices used by the visitors of some of my sites during the past month.

As these figures will obviously depend on the type of audience that a site attracts, I put the following three sites on the table as samples (the first two are mine, the last one is my wife’s). All three sites have a predominantly North American audience, but they aren’t lacking for international readers either. This is not meant to be a scientific survey, just a quick way to gather some empirical data and satisfy my (and perhaps your) curiosity. It’s also important to understand that the “market share” here is not actually the market share of all mobile devices sold, but rather limited to those normally used for web browsing.

Let’s start with the data for this site which obviously has a very technical audience:

Next are the results for Math Blog, with has a geeky, but less technical audience.

Finally, my wife’s blog which is devoted to all things vintage. Her audience is generally non-technical and prominently comprised of female visitors.

A few thoughts on this data:

• No matter how we look at it, the iPhone is still much more popular than Android, particularly among technical people. If we consider all the devices running iPhone OS, the outlook is even less encouraging for Android OS.
• These numbers suggest that Android probably has a 10 to 20% “web usage share” amongst mobile devices.
• In one month, the iPad managed to grab a 5 to 10% slice of the mobile pie. Assuming we are OK with grouping it together with smart phones and PDAs, I suspect its share will become much larger in the coming months.

Android offers you a great degree of freedom, compared to the iPhone OS due to Apple’s draconian policies. But the market share for Android still seems to be somewhat small (at least according to the, admittedly limited, figures above). This may change in the future, if and when the number of popular devices that run Android continues to grow (which would include alternatives to the iPad).

With Android still having a long way to go before it catches up with the iPhone OS, which of the two would you develop for, assuming you could only pick one?

A tale of two search engines

Remember when Altavista seemed good enough? Then along came Google and seemingly overnight everything changed. We didn’t even know that it was possible to receive such good link suggestions from a search engine. Yet there, right before our very eyes, it happened.

These days, highly popular search engines are worth billions of dollars, mainly thanks to the massive advertisement businesses that can be built on top of them. The incentive to get a slice of that huge pie is clearly there. But can we do better than Google? And will such innovation necessarily arrive from the research labs of giants like Apple or Microsoft?

The answer to the first question is obviously yes. There is always room for improvement. The latter question may appear equally obvious as well, but let’s take the tale of two different search engines into consideration.

One of them was started by xooglers (ex-Google employees) with plenty of experience in the field of search engines; it had a team dedicated to its development and could afford to have a VP of communications. They received plenty of funding ($33M) to get the ball rolling, and garnered a fair bit of press coverage when they first launched.

A very different search engine, however, was started by just one person. It was bootstrapped (no external investors), came wrapped in a silly name, and virtually no one paid attention to its launch.

The first is Cuil (pronounced ‘cool’), which as many know, has become something of a running joke online. It’s the perfect example of how not to create a startup and of everything that could possibly go wrong with an ambitious software project.

From day one the results were so incomplete and irrelevant, that one has to wonder if the $33M they received was spent on developing the technology needed to clone Samuel Becket and place him in charge as the chief architect of the project. The absurdity of Cuil’s search results even led to the development of a highly entertaining Cuil Theory.

A few days ago the Cuil team launched an automated Wikipedia of sort, called cpedia. The end results were so terrible, that they will serve as an eternal cautionary tale against the indiscriminate use of Markov chains.

Unless Cuil/Cpedia is a practical joke aimed at the tech community, they may as well shut them both down. At this point they really are just wasting their time (and ours).

The second search engine, the one with a rather wacky name, was created by a single person (Gabriel Weinberg) and is called Duck Duck Go (a play on the name of that old childhood favorite, ‘Duck, duck, goose’). However, much to the surprise of many, there is real innovation going on here (particularly presentation wise).

Duck Duck Go’s zero click information is very useful – as is dividing the results by topic (for example, the word “ruby” can have different meanings in different contexts). Presenting all the search results on a single page (via AJAX) was a smart and handy feature as well. With this search engine your privacy is respected, particularly since your IP is not even logged.

This site is still as niche as it gets, but it’s reaching a tipping point amongst the ultra-geeks — not to mention that more and more people (myself included) are adding Duck Duck Go as their default search engine within their browsers. Is it better than Google? No, not always. It depends on the type of query. Sometimes it’s better, sometimes it’s worse, but it’s usually quite usable and is a concrete attempt to innovate the search engine realm.

Duck Duck Go serves as a poignant reminder to the software world that David can still strike Goliath.

My kingdom for an iPad

Tomorrow the iPad goes on sale in the States. Announced in January, the iPad sits squarely between a laptop and an iPod Touch. Large lines are expected to form in front of Apple Stores across America; ants scurrying to grab their crumbs.

What is uncertain is whether this release is going to be much ado about nothing or more an event that will revolutionize the computer market.

Among the iPad shortcomings are the following:

• A somewhat embarrassing name;
• Lack of Flash support;
• Inability to multitask (exception made for some Apple built-in apps);
• Software restrictions due to DRM;
• Lack of webcam;
• Lack of USB ports;
• Not as portable as an iPod, iPhone or a tablets a la Nokia N900;
• Not ideal for long typing sessions, due to a virtual keyboard (even though an external keyboard can be purchased as an optional accessory).

Your first impression might be that we are dealing with a flop like the Apple TV or similar niche products that are popular with Apple fans, but lack the transformational power and impact on society that have been shown by the iPod or the iPhone.

Much of the iPad’s criticism comes from a fundamental misunderstanding of the target use of this product. Those who consider the iPad a replacement for their laptop will no doubt be disappointed by the performance and restrictions of this device.

One also needs to take into consideration the iPad’s target audience. Many assumed that the target audience was primarily composed of geeky early adopters, programmers, and more in general, people with a technical mindset.

Far from telling my readers that they shouldn’t indulge in the prohibited pleasure of possessing an iPad, it seems clear to me that the Gaussian function has its maximum elsewhere, amongst students, casual users, and the general public, who want a device from which to check their email, surf, and play from their couch, kitchen or local coffee shop. A computing device that is small enough to carry in a purse, but large enough (with its 9.7" diagonal) to easily display websites and applications, without causing one to squint their eyes.

Seen in this light, the iPad has a solid reason for being, despite all of its limitations. Imagine a computer that is accessible and easy to use, and doesn’t require IT support from your nephew to fix (or remove a virus). In other words, a portable device that simply works. It only does a few things, but it does them in a manner that provides a pleasant experience to the average user.

The iPad’s field of application isn’t very restricted either. It can be seen as a portable console for casual gaming, a digital frame to show photos set to a soundtrack, or a quick presentation tool at a small business meeting. It’s a multimedia tool for listening to music and watching videos and lectures. Finally, the iPad is also a magazine and ebook reader. Some may rightfully argue that the e-ink technology is easier on the eyes for extensive reading, but the iPad has a vibrant color screen, and is able to display complex PDFs as well as ePub books sold directly from the brand new iBookstore.

The design, as is customary for products designed by Jonatahn Ive, is minimalistic, sleek and easy on the eyes. Starting at $499 (as shown in the figure below), the price point is rather competitive, so as to be able to reach a wide, international audience.

All things considered, it’s easy to imagine that the iPad will be a commercial success with the potential to transform how millions of consumers approach the Internet, gaming and book reading. This is far from certain, but I suspect that the iPad will be the iPod of the laptop world.

My suspicion is further supported by the ecosystem that surrounds this form of lightweight computing. Teachers will love the possibilities that such a device opens up, where students can now have a more interactive and multimedia-driven experience (particularly if ad hoc applications are created for this).

Book and magazine publishers already love the idea of selling books through the iBookstore, a refuge from the totalitarian price policies imposed by Amazon. This could in turn, really increase publishers’ investment in the digital world.

Programmers will be able to explore new ideas and create applications that are specifically tailored to the iPad user interface and user experience. The many advantages, and few disadvantages, of this approach are well known thanks to the iPod Touch and iPhone experience.

While restrictions are obviously limiting, they can also foster creativity. Among a sea of silly gag applications, there were also truly innovative apps designed for the iPhone. I would expect nothing less from applications developed using the same tools and distributed through the same channels, but targeted to a device that has much larger screen and processing capabilities.

Personally, I don’t know if I will purchase an iPad or not, after all I spend far too many hours in front of a traditional laptop already. But I clearly see a brilliant future for this new Apple product, despite its limitations and the closed approach to hardware and software that has become typical of Cupertino’s company.

What about you, are you headed to the Apple Store?

Cell Phone Cost Calculator Killed In Canada. Enough Is Enough!

Having been born and raised in Europe, I find the Canadian Telco sector appalling. In what is an otherwise outstanding country, the monopolistic tendencies and de facto cartels of the phone companies are screwing over Canadian residents, and there is very little being done to counteract this.

Recently Bell got its way again, and UBB (Usage Based Billing) was introduced regardless of what thousands upon thousands of taxpayers had to say about it. Countless complaints were forwarded to the CRTC (Canadian Radio-television and Telecommunications Commission), and these were promptly disregarded.

On Slashdot today there’s a story entitled Cell Phone Cost Calculator Killed In Canada. Upon further inspection it’s revealed that cell phone carriers have successfully lobbied public officials to stop a taxpayer funded initiative that would publish an online cellphone cost calculator. (“OMG competition! Think of the shareholders!” As someone pointed out on Slashdot).

Stopping this service is a waste of our money, but more importantly, it clearly highlights the fear of transparency and competition that is typical of companies like Bell and Rogers. It shows the power that phone companies have over the government. And it demonstrates how elected officials like Tony Clement (Industry Minister) are far more concerned with the bottom line of public companies than the interest of Canadian citizens and residents alike.

This is outrageous. How can we fight back? For once, I’m a believer in voting with my dollars. I do not currently own a cell phone, and I surf the web on a (factual) 3 Mbps connection from TekSavvy, having switched from Rogers’ 10 Mbps plan more than a year ago.

The two are an impediment, because I need a cell phone and a fast Internet connection. But the lack of competition doesn’t leave you with many alternative options if you want to avoid giving your hard earned money to the types of carriers mentioned above. And in the case of the calculator, my tax money ended up being wasted to protect these companies’ obsolete pricing models.

The (always excellent) Michael Geist makes a worthwhile suggestion:

With public dollars having funded the mothballed project, the government should now consider releasing the calculator’s source code and enable other groups to pick up where the OCA (Office of Consumer Affairs) left off.

Today I registered MyPhoneBill.ca. Should they ever release the source code, I will host it and deploy it at this handy URL. After all, we’ve already paid for the code.

In truth, I don’t see this happening. An open source solution that companies and individuals could build upon would frighten cell phone carriers even more than a closed source project deployed by the government.

If they won’t open source the code of the cell phone cost calculator, as I suspect the case will be, I’ll take a stand. I’ll implement and offer the service myself at MyPhoneBill.ca (site not active yet).

Such a site may very well have a solid business model, and I’m not opposed to that idea. But that’s not the main reason why I’d create such a project. Canadians have the right to learn about what the most advantageous phone plan for their usage pattern is, without having to spend days on end doing research. And companies have no right whatsoever to prevent this from happening. Similar sites exist in almost every other industrialized country and cell phone companies usually collaborate with them.

Enough is enough!