Thursday, November 28, 2013

Is HTML5 a 'no brainer'?

In a recent article on, the article's author Andrey Kovalishin speaks of the benefits of HTML5. It's true that from some practical perspectives, HTML5 (and effectively, its Canvas and media elements programmed in Javascript) appears to be a good choice: it is a cross-platform solution that works 'out of the box' on many devices and which has now reached maturity in various ways (not least performance in addition to degree of support).

A couple of issues I do see still with HTML5:

  • From a serious developer's perspective, let's face it: JavaScript is truly truly dreadful. By rights, it really should have been allowed to die its death in peace. Many developers, including myself, reluctantly put up with it for some tasks because it has gathered such industry momentum as a cross-platform solution. It 'runs in the right places' but from a developer's perspective, it's really not very apt for remotely complex applications and, were there a choice, not really what you'd like to be using in most cases.
  • HTML5 doesn't solve the problem that native apps still have a privileged position on many devices in terms of App Store discovery and access to some native functionality. The latter may not be huge issue for many apps such as simple games, but the former may be. (It's probably true that raw performance isn't the issue it used to be, on the other hand.)

Securing the "computers" we forget about...

While we're all preoccupied by the security of our laptop and desktop machines, dutifully ensuring that we apply updates and patches and run regular virus checks where appropriate, it's easy to forget that various other pieces of infrastructure such as routers and broadband modems are, at a basic level, full-fledged computers. When did you last update the firmware to your broadband router? Does your ISP or manufacturer of your router even offer such a facility? The issue is illustrated quite pertinently by this report on a recent Linux worm apparently doing the rounds.

Saturday, November 23, 2013

Trusting "open source"

A major benefit of open source software, at least in principle, is that any sufficiently competent programmer can audit the code and gain a level of confidence that the code does not contain security loopholes or backdoors or does not constitute malware more generally. We know that in practice, the idea that "the community at large" has the competence and motivation to audit the source code of a complex project is something of an ideal (you only need to look at the number of security flaws that are found in Linux distributions on a weekly basis). But in principle they could at least gives us a level of confidence about the software writer's intent and it's certainly better than not having the source code at all.

Of course, even if the published source code of a mainstream project is audited, there still remains the issue that in reality, all but the ultranerdiest of übergeeks will actually bother to obtain the software by compiling it from source. Most people will simply download the ready-compiled binaries without taking the time or having the expertise to check whether the binaries they are merrily installing on their computer actually match the published source code.

Recently, master's student Xavier de Carné de Carnavalet decided to attempt such a feat for popular file encryption tool TrueCrypt. His report demonstrates that checking that a published binary actually matches the published source code for a given project is something of a labour of love, and that various assumptions need to be made. Luckily in the case of TrueCrypt, the result does give us a level of confidence that the binary does not hide any malicious code (assuming none is hidden in the published source code). What is slightly alarming is that this type of basic security check is far from being a routine process that any user or even developer could accomplish.

TrueCrypt has come under the spotlight because its authors are an anonymous foundation and it is an obvious target for backdoors on the part of hackers or intelligence agencies. But there is surely much more mainstream software (such as free, open source antivirus programs) that should be given such attention.

As far as an audit of the TrueCrypt source is concerned, at least earlier versions have been subject to a basic security audit, but apparently from the point of view of detecting accidental security flaws in the source code rather than deliberate backdoors or vulnerabilities. This is why cryptography Matthew Green, for example, has recently called for a public, properly funded audit of TrueCrypt. In the light of recent revelations on how intelligence agencies have been compromising mainstream software such as antiviruses, I wonder how many more popular open source projects should be subject to the same scrutiny and haven't been.

Wednesday, November 20, 2013

How effective are the different mobile app stores for app discoverability?

Modern mobile operating systems, and notably Apple's iOS, have fundamentally changed the way most apps are purchased on such devices. With users now locating and purchasing apps directly from the device's built-in app store, the discoverability of apps in such stores is of paramount importance for app developers and marketers.

A recent report drawn up by Pfeiffer Consulting puts Apple, Google and Amazon's app stores head to head, comparing them with reference to various criteria such as the sophistication of their search options. Apple's App Store comes out on top, though arguably not by a resounding margin. But none of the three stores compare well to the theoretical target set by the report's authors: fundamentally, they criticise a lack of features such as natural language search in all three app stores.

The authors raise some interesting points, although the basis of their theoretical benchmarks isn't always clear. It's hard to imagine that a company such as Apple, with an app store that is now well beyond its teething stage, has not at least conducted a feasibility study on the inclusion of natural language search or that its programmers would be incapable of producing one. It seems more likely that the companies have decided that such a feature is not appropriate for app store searching on a mobile device.

Nonetheless, the report may be useful reading for those marketing cross-platform apps who aren't familiar with the discoverability features provided by all three stores.

Friday, November 15, 2013

Internet Security: IETF technical plenary explains "how we got where we are"

This recent Internet Engineering Task Force plenary provides an illustrative summary of the history leading to the current state of affairs regarding Internet security and how it has come to be compromised by intelligence agencies, along with a discussion of potential steps to mitigate the situation in the future. I recommend you start viewing with Bruce Schneier's presentation approx 20 minutes in.

Is Apple really going to release a curvy iPhone?

We're constantly bombarded by spurious "rumours" that Apple is poised on the brink of releasing this-that-or-the-other. If all of them came true, my iPad would be unlocked with an iris scanner and by rights, I should have been wearing an iWatch for at least the past 7 years or so...

I would have taken the rumours about curvy iPhone screens with similar barrels of salt were it not for the fact that one of the reports comes from Bloomberg. This doesn't mean that they're perfect at checking and vouching for their sources, but probably better than some other random student-grown web sites.

So, is a curvy iPhone really what the universe wants right now and would Apple make one? As the Bloomberg article points out, a curved form factor for a mobile phone isn't unprecedented. But I would posit that it's of dubious utility overall: yes, it may fit your face better, but most of the time, your phone is essentially an information presentation and manipulation device nowadays, not a device for making telephone calls. Is a curved screen really the thing you need to read a word document or play Elephants vs Zombies?

Unlike other manufacturers, Apple have the issue of homogeneity: this year they took the brave step of releasing two iPhone models and the market is letting them know what they think of their green plastic iPhone accordingly. But is it really a viable option to roll out a separate line with a curved screen? (They presumably wouldn't take the gamble of releasing a curved form factor across the board.)

So, I'm skeptical but as ever, prepare myself to be proven dismally wrong...

With all this tech talk of security: the simple stuff still matters stoopid!

The major tech story of 2013 will surely be that this is the year that it came to light to just what extent the NSA have been compromising basic Internet and security infrastructure at a technical level. However, as this report points out, we shouldn't let that overshadow the fact that as a race, we are still  really bad at security infrastructure on a social level. It seems that the best way to find out the password to an employee's computer is still to stand at Waterloo Station with a clipboard in your hand and ask them, "What is the password to your computer?"...

Thursday, November 14, 2013

Game Design: "squishy physics"

I recently reviewed Cyto's Puzzle Adventure for iOS: I think it's an interesting idea of a "2D physics" based game that includes a "squishy" element compared to "blockier" games of the genre.

Microsoft reportedly to launch native .NET compiler

According to this article on ZDNet, Microsoft is to launch a new native .Net compiler, codenamed "Project N", allowing C# developers (among others?) to benefit from some of the optimisations used in Microsoft's C++ compiler. One benefit will apparently be quicker launch times. I'm slightly skeptical about the benefit for run times (are lots of people using .NET for applications that will benefit from up-front native compilation as opposed to JIT compilation?), but I guess watch this space...

New tools for 2D games

This year, Apple added a new 2D game framework to Mac OS and iOS, which will hopefully allow smaller developers in particular to create more visually impressive 2D games over the coming months for Apple devices.

Another welcome addition to the 2D gaming scene will be the latest version of the Unity game development kit. Normally a 3D game engine, the latest version (Unity 4.3) now includes a 2D toolset. If it takes off, this should lead to some interesting cross-platform 2D creations from smaller developers.

Tuesday, November 12, 2013

Apple gives developers 50 extra promo codes per app release

Apple has apparently made an update to its developer site today which gives developers a total of 100 promo codes per app release (previously 50). In effect, this allows developers to give away a total of 100 free review copies of their app rather than the previous 50 and will help them to promote their apps to a wider audience.

iPad Air Benchmarks

Performance benchmarks for the new iPad Air (while being aware of the appropriate pinches of salt that must be taken with such "raw" benchmark data) suggest that the device delivers around twice the CPU performance overall compared to its predecessor. For developers, the question is always at what point it is worth developing to the facilities of the newer device.

Friday, November 1, 2013

50% off O'Reilly Java e-books

Users of the Javamex site may be interested in various Java e-books published by O'Reilly which are currently being offered at a 50% discount. See here for more information.

That said, I confess that the raison d'être of an e-book version of a "pocket guide" (see the Java 7 Pocket Guide which features among the offering) is a little suspect!