Björn’s Blog

Valentine’s day is upon us, and like many other special days throughout the year a pesky aspect of the internet rears it’s head again: e-cards.

For one thing, spammers jump on the opportunity and send around intriguing e-card announcements of the form “somebody sent you an e-card” or “n people want to meet you on network x”. It’s a good idea to never click on those links in emails, as most likely they’ll just link to a scam.

So that is one reason not to send e-cards: it endangers the recipient, because he is getting used to clicking on e-card links, which might be hazardous. The better e-card sites are capable of including the senders name in the email (”xyz sent you an e-card”), but even that is no guarantee that the e-card is legitimate. It is easy to harvest the names of a person’s friends from various social networks (Facebook and others) and simply pretend to send e-cards in their name.

One way to at least send a reasonably safe e-card would be to use a very well known and trustworthy company, like Yahoo, Google or Amazon (and that list is probably the complete list, I can’t think of any other well known sites). But even then it is still rude: by sending somebody an e-card, you are giving away that person’s private information, namely their email-address. Chances are high that in addition to your lovingly selected e-card, that person will also receive a never ending amount of spam mails for the rest of their lives.

If you absolutely want to send a greeting card by mail, just attach a regular JPEG image to an email you sent from your normal email program. Otherwise, why not invest in a real postcard? I know there are a lot of funny flash movies available for special occasions, but really JPEG is preferred. The chances for security holes in JPEG viewers are very small (although not impossible), and the same can not be said for most other formats like flash or Power Point.

That said, I admit that the occasional e-card from a friend has given me a warm fuzzy feeling. I don’t really expect most people to understand the issues with e-cards, or with giving my email address to a 3rd party. But I’d prefer it if they did, hence this article.

The S.M.A.R.T. monitor has been warning about imminent failure of the hard drive in my mother’s laptop, so it was time to exchange it. Since it is running Ubuntu Linux (version 9.10, Karmic Koala), I was looking for ways to create an image of the old hard disk and transfer it to the new hard disk.

My initial googling didn’t immediately yield definite results, even though I found some comments mentioning “dd”. Therefore I wanted to quickly summarize the steps I have taken in case anybody else looks for something similar.

While I found forum threads recommending a variety of tools, they were usually several years old. Therefore I wasn’t sure if the recommended tools are still state of the art. Also I preferred a disk image over using the recovery mechanisms of the backup software (sbackup or rsync), as I wasn’t 100% sure if permissions and everything would work out OK on a fresh install of Ubuntu (probably, but a disk image just seemed cleaner).

Then I found this blog article about copying a disk with dd and decided to stick with it. Other than in that article, since I didn’t have a way to connect the new hd without installing it in the notebook, I first copied the image to another external hd. Then I exchanged the internal disk and copied the image back onto the new internal disk.

To do the copying, first boot the notebook from the Ubuntu CD (”Ubuntu LiveCD”), to run Ubuntu from the CD and not from the internal hd. That way, the conents of the hd don’t change during the copy process. Booted into Ubuntu LiveCD, I quickly changed the keyboard layout in the settings -> keyboard menu (it defaults to US layout, but I have German). Then I mounted the external USB disk by selecting it in “Places” (or clicking on it in Nautilus, the Ubuntu file explorer).

Then open a shell, and create an image of the internal hd by executing

sudo dd if=/dev/sda of=/media/name_of_external_disk/image_name

The sudo might be optional, in my case I needed it because the external hd was only writable for root. If the external hd doesn’t have a name yet, you can assign one with GParted or Disk Utility (I forgot which).

This might take a while, depending on the size of the internal hd. The resulting image will be as big as the capacity of the internal hd. dd will copy the whole hd, no matter how much of it is used or not. Also dd does not give any progress reports, so just be patient.

As the article I linked to mentioned, it might be a good idea to check with
sudo fdisk -l /dev/sda that /dev/sda is the right hd (I recognized it because of the size).

Now, power down and exchange the internal hd, then boot up with the Ubuntu LiveCD again. Again, change the keyboard layout (if necessary) and mount the external hd. (I actually rebooted once because at the first time there was a hickup mounting the external hd. After the reboot it worked).

Then write the disk image back using

sudo dd if=/media/name_of_external_disk/image_name of=/dev/sda

(again, checking that sda is the right target with fdisk might be good).

If the new disk is the same size as the old one, that’s it. Otherwise, the partitions on the hd can be resized with GParted to make them use the whole disk. GParted can be started from the Ubuntu Administration Menu.

I had only one problem: the hd had a “normal” partition containting the main file system, followed by an extended partition that contained the swap partition. Somehow I couldn’t move the extended partition or the swap partition, and therefore I could not resize the main partition either. Eventually I figured that I should first resize the extended partition to fill all the remaining space. Then I could move the swap partition (which is inside the extended partition) to the end of the available space. That done I resized the external partition again to only be as big as the swap partition. After that I could finally resize the main partition to use all the remaining space (OK, except for 8MB that were left over because of alignment with the hd’s “Cylinders”, not sure if that was necessary or not). Before resizing/moving the swap partition it might be necessary to select “swapoff” for that partition on gparted, if the Ubuntu Live system has decided to use that swap space.

That’s it - again a scarily long text to describe a simple procedure.

A downside might be that it copies the whole disk, not just the used parts. Also there has to be enough space left on the external disk. Not sure if copying less could be achieved with some dd magic. I am pretty sure one could just copy individual partitions with dd, but not sure how to copy the disks partition table, master boot record and what not then.

Whether they loved it or hated it, all reviewers of the iPad agreed that usability of “normal” PCs for average users is atrocious. And I have to agree: whenever I take a look at the PC of a friend or relative who is not a “computer freak”, they are always riddled with spyware and malware or at least ladden with useless software that draws away time and energy of the user (examples are “Toolbars” like the Google Toolbar or the Yahoo Toolbar). This is not only because they might have downloaded or installed bad software from questionable sources, but because even vendors or seemingly trustworthy businesses have no qualms to sell their customers. Usually a new PC is already messed up by the software the vendor has preinstalled. If not that, then the new gadget (camera, navigation system, whatever) might come with crappy software.

But I don’t want to rant about the various ways today’s PC software and hardware vendors mess up the PC experience. The point is, by many reviewers the iPad has been hailed as the savior from this hell of malware and overly complicated software. What I want to mention is that the “geeks” (computer savvy people) have actually been aware of this problem for a long time, and they have invented a solution long before Apple’s App Store. It is called APT.

APT is a front end to the package managers of some Linux distributions, most notably Debian and it’s derivative Ubuntu. By using it you can install software from a trusted repository of open source applications (trusted because it is open to peer review). It is not the only way to install software on these Linux systems, but usually if you opt to install software from another source, you end up feeling slightly icky and dirty, as you should.

To avoid icky spyware, malware and so on, just stick to the official repositories of your Linux distribution. It is as simple as that - no debilitating iPad required.

Now I have to go ahead and admit that I am not even that well versed with Linux and apt. I know how to find, install and remove programs, and some other internals that are not really important. But isn’t that kind of the point: you can use Linux and apt even if you are NOT a “computer freak”. There are simple front ends that enable you to use it without using the command line. The main difference to Apple’s App Store is that it is still open - using apt is entirely optional, but recommended.

Of course, things on Linux don’t always run as smoothly as with a Mac (although I have whole lot of things to complain about with Macs, too). Not all the software in the repositories is very polished or even bug free. But neither is software in the app store.

As for stability, it helps to look at the hardware Apple has on offer: presumably they only actually sell three or four different kinds of computers (a laptop, which includes the iMac and the Mac Mini which are also based on laptop internals, the Mac Pro, and the iPhone/iPad). Most Linux distributions try to support a far wider range of hardware and therefore are less optimized for any specific piece of hardware. But it would be possible even today to launch computers with a Linux distribution optimized just for these computers. They should have no troubles achieving adequate stability.

Anyway, maybe you get the idea, maybe you don’t, all I want to say is this: the App store model is NOT our only salvation.

Software Development has taken a lot of inspiration from architecture. Seems to build stable buildings, you have to plan as much as possible beforehand. Once things are put in concrete, it is too late or very expensive to fix mistakes and bugs. In analogy most IT companies try to do a lot of planning before sitting down to code.

I believe they might have drawn the wrong analogy, though: the final piece of software is not like the building. The proper analogy for the software is the final plan the architect emits. Building the building is more like then running the completed software on the computer, it happens when the work of the architect is already done. To be sure, while building buildings or running software, you’ll still notice the one or other flaw that you have to fix “on the fly”. But that doesn’t contradict the general notion.

Why does it matter? Because this misguided paradigm is stifling software development and turning it into an expensive and arduous chore. It is very difficult and therefore expensive to plan everything in software development beforehand.

Unfortunately I don’t know much about how architects really go about drawing their plans. There might be some interesting lessons there. To be sure there has to be some structure (a building needs windows, doors, stairs, toilets, …), but I suspect overall it is much more free form and creative than misguided software development. For now I just felt like throwing that thought snippet out there… Please comment.

I finally managed to set up a git repository on my debian server that can be accessed via http WebDAV. Since there were a few stumbling blocks I could not find any information on, I thought I should blog a quick note. This won’t be interesting to many visitors of my blog, but perhaps it can save some people a bit of time if they run into the same problems as I did.

First I have to say that I don’t know very much about the ins and outs of git yet (and the same goes for WebDAV). I merely tried to follow some tutorials for setting up a central git repository. I am not even sure if access via http is a very good idea. But I am sharing the server and before git we used subversion via WebDAV, so it seemed like the most consistent way to go the same route for git.

For the most part I followed the instructions found in this “git server over http tutorial” on kernel.org

This almost worked, but left out issues with https and a strange command named “git update-server info” that needs to be run on the server after each commit. Luckily it will be run automatically eventually, but the first time it has to be run by hand (or so it seems).

Since the tutorial at kernel.org covers most steps, I’ll describe the problems I had first and then try to give a very brief summary of all steps in at the end of the article.

git update-server-info, file ownerships and update hooks

One issue I ran into was that after trying to push to the server, git push would end with

Updating remote server info
PUT error: curl result=22, HTTP code=403


And after that I could still not pull the changes from the server into another clone.

I could not find any info on this on the net. It turned out that there were some files in the git repository that were not owned by www-data (the apache2 user). I suspect it happened when I executed

git update-server-info

on the server, which I was supposed to do once in the beginning (according to a website I unfortunately can’t find anymore now). So making www-data the owner of all files by executing

chown -R www-data /path/to/git-repo

fixed that.

As for the initial call of git update-server-info, I am not sure. Maybe it would not have been necessary had the “hook” worked from the beginning. But in case there are problems, it is probably worth executing.

git update-server-info


in the root directory of the git repository once. After that, check again that all file permissions are correct (www-data should be the owner of all files).

It seems in subsequent git push calls git triggers the update-server-info hook automatically.

Frankly it makes me feel a bit uneasy - it seems WebDAV allows writing to the git repository and executing files - could it overwrite the executable and then execute it? A bit more than what I would like to allow guest users. But WebDAV and git where implemented by smart people, so for now I’ll assume that it is going to be OK (and I don’t have guests on there yet anyway).

HTTPS, self-signed root certificates and curl+ssl on OS X with MacPorts

The other problem I had was that I wanted to allow HTTPS access only. Our apache server uses a self signed root certificate that somehow had to be made known to git. Otherwise git operations would fail because it could not validate the certificate. The tutorial on kernel.org writes that you can disable the validation, but that is a temporary solution at best.

Apparently git uses libcurl, so making the certificate known to curl fixed the problem. However, by default curl on OS X does not even have ssl support built in if it is installed via MacPorts. I found a blog article on enabling https support which explains that the remedy is to install curl with options as follows:

sudo port install curl +ssl


First the old version has to be uninstalled, though (or MacPorts has to be convinced in some other way to do the upgrade - Update: via Twitter @MacPorts told me to use “sudo port -fn upgrade curl +ssl”). This turned out to be very complicated for someone who does not know MacPorts very well. Simple port uninstall commands would fail because of dependencies, and even

sudo port uninstall --follow-dependents curl


Would fail because sometimes there would still be multiple versions of packages around and MacPorts would then not know which ones to uninstall (yeah right, because I want to keep the outdated package??).

After a bit of Yahoogling I found that I could purge all the outdated packages with the command

sudo port -f uninstall inactive


The -f is for force, however, so it uninstalls even if there might be some dependencies. I have not yet checked if any other packages have stopped working. Also, for the future I know to run “port -u upgrade” instead of “port upgrade”, as the -u flag is supposed to tell MacPorts to uninstall the outdated versions right away.

With that cleared up, I could uninstall and reinstall curl and curl +ssl. One more thing to do about the certificates problem: make it known to curl. Our certificate was already in PEM format, so all there was to it was to add the text from the PEM certificate to /usr/share/curl/curl-ca-bundle.crt and git stopped complaining about the certificates. curl will name the location of it’s ca-bundle, in case it is located elsewhere on your system. I really added the certificate manually by opening curl-ca-bundle.crt in a text editor and copy+pasting the root certificate text (UPDATE: I just realized that MacPorts replaced that file when updating curl+ssl - looking for workaround). There are tutorials for importing the certificates from Firefox, but I don’t think they necessarily work for OS X. However, Firefox might provide an easy way to convert certificates to PEM, as it lets you choose the format for exporting certificates (in “Preferences”->”Advanced”->”View Certificates”).

Update: on Ubuntu 9.04 I also had problems to let curl know about the certificate. What worked where the instructions found at help.ubuntu.com for “Importing a Certificate into the System-Wide Certificate Authority Database”.

However, somehow git on Ubuntu does not ask me for a password and just fails with error code 22 (unauthorized). As a workaround for the time being I tried to hardcode my password into the remote URL (username:password@url), but that led to an error message (same as this one). Putting my login information into ~/.netrc as follows worked:

machine domain.name
login foo
password bar


I am not very happy with that, though, as it puts my password into a file in clear text.

quick steps summary (on Debian Linux)

Create directory for repository, either below apache2 DocumentRoot (usually /var/www) or some other lcoation you deem suitable

mkdir myproject.git

Init git repository with –bare option (apparently to make sure it never gets into unclean state - it should not be used the same way a local git repo is being used). Make accessible to www-data (apache user).

cd myproject.git
git --bare init
git update-server-info
chown -R www-data.www-data .


(note: install git with apt-get install git-core, the package “git” seems to be something else). Enable WebDAV (it seems I did not need the dav_fs as suggested in the kernel.org tutorial)

a2enmod dav

Configure apache for allowing WebDAV to the git repository. I also require SSL - however I won’t go into this. The infrastructure already existed on my server and I don’t want to search for tutorials now. There should be plenty of tutorials on setting up SSL for apache2. The same goes for setting up BasicAuth. Also I did not add my changes to /etc/apache2/httpd.conf but to the respective VirtualHost config file for my domain in /etc/apache2/sites-available (as our apache2 serves multiple domains).

My config looked something like this:

Alias /git/myproject /path/to/git/repo/on/server

<Location /git/myproject>
SSLRequireSSL
DAV on
AuthType Basic
AuthName "yourDomainForBasicAuth"
AuthUserFile /etc/apache2/path/to/password-file
Require user username-in-passwordfile
</Location>


Restart apache2 with /etc/init.d/apache2 restart and things should be ready to go. As described at kernel.org, configure the remote location for your local git repo as follows

git config remote.upload.url https://<username>@<servername>/git/myproject/


I suppose “upload” is actually an arbitrary name you can choose. The trailing “/” is important. From then on you can just

git push upload master

to the repository. (If the project is not yet in git, execute “git init” in the top level directory of the project first).

On the other hand, to check out the project from the server into a new working directory (let’s call it “my-project-dir”), I did

git clone https://<username>@<servername>/git/myproject/ my-project-dir


Not sure actually if that is the best way - git has so many variations. But when I had done it like that, the way to push changes to the server would be

git push origin master

I suppose because I pulled the project from the server, the server repo is now known as “origin”, no need to configure anything else. There is a certain logic to it apparently.

I have not yet set up passwords via .netrc as described in the kernel.org tutorial, so that step is optional.

To jump to the link generator directly, scroll down or click here. Note that the form only works on my blog, on blog aggregators the JavaScript will probably be missing.

Nicole Simon has brought to my attention that creating “Twitter This” links is not as trivial as it might seem. I hope to remedy the situation by providing a simple tool for creating such links.

What is a “Twitter This” link? Simply, a link that brings the user to the Twitter page with a prepared status text field. All the user has to do to tweet your prepared text is to click the “Update” button. For example, if you click this link, you should be transferred to Twitter with the prepared status message

A handy form for generating “Twitter This” links, created by @Fractality : http://bit.ly/twitterthislinks

(Following this link does NOT tweet the text, you still have to press “Update”. Why don’t you go ahead and just tweet it - thanks! :-)). It even works if you are not currently logged in to Twitter. After you login, you should also see the prepared status update form. Alas, it does not (yet) work if the user has no Twitter account yet and decides to sign up on the spot. After the signup process, the text is lost (but if the user clicks on your link again, it will then work).

In my opinion, this is the preferred way to encourage users to tweet about you. Many Twitter applications ask for the user’s login credentials instead and then proceed to post in the user’s name. Admittedly, sometimes that might seem more effective because users might not even realize it is happening at first - so they will tweet about you even if they never intended to do so. But I consider it a slightly dirty trick, which might alienate users in the long run. Also, personally I have never given my login credentials to a Twitter app (OK, maybe once or twice, but I regret that now), and many users might feel the same.

How does one create such links? It is rather simple: add a parameter named “status” to the Twitter URL, like this: http://twitter.com?status=your_message, where your_message is your message. The minor issue is that your_message has to be URL encoded. That means certain characters in the message have to be escaped, for example “<” becomes “%3C”. Most programming languages have utility methods to do this. For example you could simple paste the following snippet into your browser’s URL field and press return:

javascript: encodeURIComponent('a text that needs encoding');

(except you have to be careful about ‘ and “, so that approach is not 100% failsafe).

To make it easier for you, I have created a simple form for creating such URLs. Enter the text you want to be tweeted in the “Text To Tweet” field. In “Link Text” you can enter a text that should appear as the name of the link. If you then press “Create Links”, the “Twitter This URL” field should contain the “Tweet This” link. For your convenience the “HTML Link Code” field contains a full HTML link element you can Copy+Paste into your web site (make sure you copy all of it, I recommend right clicking into the field and choosing “select all”). “Link Preview” shows you how the link should look on your web site.

Finally, if you liked this post and/or find the link generator useful, please twitter this. Also follow me on Twitter @Fractality.

I have created a new Twitter bot: @OfficeWorkout tweets a random workout suggestions every 30 minutes. It should remind you to move your body occasionally if you are a screen worker.

I am looking for more suggestions for workouts that mesh well with office life. Best way to tell me would be to tweet them to @OfficeWorkout (”suggest @OfficeWorkout yourWorkoutIdeaHere”).

Hopefully I won’t embarrass myself too much with this post, because I haven’t really researched the ins and outs of OpenID. From using it a couple of times I got the impression that the concept has a big flaw, though.

Usually what happens when I try to sign up to a site with OpenID is that the site forwards me to my OpenID provider. Then I have to login to that OpenID provider’s site and confirm to the OpenID provider that I want to login to the original site.

And that is the problem right there: some random site of the internet forwards me to my OpenID provider, where I proceed to enter my login credentials. That is a classic phishing scenario.

How can I be sure that the site I am being forwarded to is really the site of my OpenID provider? Phishers are experts at mimicking other sites. They could forward me to another site that looks almost the same as the site of my OpenID provider. Often this is done by slightly misspelling the name of the site, in some cases the name even looks the same because there are different letters in other languages that look the same, so it is impossible to spot the difference.

There are some mechanisms that try to prevent site spooking, such as HTTPS, but I think the reality is that none of them really are good enough. The only way to make sure you are on the site you want to be is to type in it’s url by hand, without making any spelling mistakes (even then it is probably not 100% sure, because the domain name resolution system could also be tampered with - but that is another topic altogether, and I don’t know much about it). For the same reason one shouldn’t click on links in emails, for example if you get a link by (supposedly) ebay to check your auction, that email could be from a fake ebay linking to a spooked ebay that will phish your ebay login.

But I don’t want to educate about phishing, there is enough information about it on the internet already. I just wanted to raise my concerns about this problem with OpenID.

Many might feel that the problem is not really severe, or maybe it is just a problem of the particular implementations of OpenID that I have used. My own feeling is that as web developers we have a responsibility to not encourage dangerous behaviour on the side of our users, therefore OpenID in it’s current form has lost a lot of appeal to me.

One possible way to deal with the problem would be to always stay logged in to one’s OpenID provider and never log in when being forwarded to it. Hopefully if you are already logged in, you don’t need to login when being forwarded, you only have to confirm the authentication request of the original site.

Please leave comments and correct me if I am wrong. Thanks!

The bad news is, Apple needlessly slapped a “confidential” sign across the tech talk today, so nobody is allowed to write anything about it or post any pictures.

I think I can nevertheless write some thoughts I took away, without giving away anything about the content of the sessions. So what I write might have been inspired by the lectures, or by something completely unrelated, like surfing a web site or talking to people.

Some things to know first: I left early because I got bored, so I missed roughly the last two lectures. Also, I don’t have an iPhone myself yet, and my friends would perhaps even describe me as an Apple hater. I really don’t like Apple’s restrictive policies, and I don’t even like OS X, but that is a story for another post. The iPhone is nice enough to make me overlook the general flaws of Apple. For one thing, I gave up on mobile games development with Java because it became too tedious to support all the available devices. The iPhone is one device (OK, strictly speaking three: old iPhone, iPhone 3G and iPod touch) that has sold several million times, making it possible to develop useful applications targeted at one device only. And Apple really got a lot of things right, I don’t think any other phone comes close in usability.

If I don’t have an iPhone yet, it is because I don’t like the conditions of the T-Mobile Germany contracts. Specifically the UMTS bandwidth limitation seems silly, since the iPhone makes it possible to surf normal web sites. So I would expect the T-Mobile bandwidth to be consumed rather quickly.

Without a doubt, a lot of fun can be had with the iPhone, and a lot of fun applications already exist.

What follows is mostly me venting my frustration about having to use Objective-C. I had to say it somewhere… It is not the only thing I took away from the tech talk, but it was a tech talk after all, so you can guess about the main topics. I had a nice idea for a possible iPhone app while dozing in the lecture, and I also met some nice people, so going there was not all in vain. Oh, and I got a T-Shirt, too.

Objective-C, the strange beast

My main gripe, however, is the programming language. Most people I talked to say that it is not so bad, but my programmer instincts make me shy away from Objective C for several reasons. Granted, most of them probably sound like nitpicking and my objections might make me seem petty. But I have become a programmer out of laziness, and so I absolutely can’t stand it if a programming language is making me do stuff that isn’t necessary.

Header files (Shudder!!!)

Objective-C seems to be a strange beast: on the one hand it apparently is “fully dynamic” (Apple speech), meaning among other things that methods are not statically linked at compile time. On the other hand it borrows from C and C++, with ugly pointers cluttering the code, but much, much worse, forcing you to write header files for your classes.

I am not a language designer, but for the life of me, I can not get these two aspects combined in my head (dynamic linking and header files) - either one feature seems to make the other one pointless. Dynamic means you can modify classes at runtime, so what is the point of the header files?

I have programmed in languages without header files for 10 years now, so I can confidently say that there is no excuse for header files. I think they only exists because of the laziness of the developer of the compiler. But then again, those guys had several years to improve their compiler. What is up with that?

For the non-programmers: a header file basically means that I have to program every object and method in my program twice. Once to tell the compiler that it exists, and once to actually implement it.

It is certainly not difficult, but just as certainly it is not fun. For someone with my condition it becomes very difficult to do because I generally have a very hard time doing things that I see no point in doing.

No garbage collection

Another gripe is that Objective-C for the iPhone does not have garbage collection, so the developer has to take care of erasing objects by himself. Curiously, many people I talked to seemed to agree that this makes sense for a mobile device, because resources are so limited. Well, it seems the recommended maximum memory consumption for an iPhone app is 25MB. I have developed games for mobile phones in Java that had only 800KB available as runtime memory, with garbage collection. No problem whatsoever. A slightly more plausible explanation: garbage collection usually runs in a background thread, and having that thread constantly running might consume more energy. But honestly, I don’t believe it, that is just a weak excuse.

Also, you don’t even manage memory directly in Objective-C, but you have to manually take care of the reference counters. This makes even less sense to me, because I don’t think that is what makes garbage collection difficult. Rather, I would expect counting the references to be compiled into the executable. There might even be garbage collection going on in Objective-C, something still has to free the memory when the reference count has reached zero, after all. Again, this just reeks of laziness on behalf of the developers of the compiler.

Maybe inserting the reference counting into the executable would inflate the memory footprint marginally, but honestly, these days the size of the code is never the problem. Most memory is consumed by the data, for instance images that are being loaded by the application.

Hungarian Notation (Shudder!!!)

One more unbearable thing I have seen in code snippets from Apple: it seems it is customary in Objective-C to use the useless kind of hungarian notation. That means it is customary to call a widget UIWidget instead of Widget, because it belongs to the UI. Joel On Software has the ultimate essay on hungarian notation and how it should be done, mandatory reading for every programmer in my opinion.

Again, this might sound like a non-issue, but it makes me feel almost like the heroine of William Gibson’s “Pattern Recognition” upon seeing the Michelin Man: it is almost as if I am psychologically allergic to this ugliness and extremely bad taste. It sounds innocent if you see just one line, but imagine thousands of lines of code littered with hungarian notation. It is unreadable, unless you train your brain to just not notice it. But why should I have to do this to my brain?

More ugliness

I have mentioned the pointers, something I also haven’t seen in years. Going back to using pointers makes me feel like coding in the stoneage, and they also look ugly. In the same category as the header files fall the interfaces (forgot their real name, but they work exactly like the interfaces in Java). I see no need for them in a dynamic language, so please don’t make me use them. At least possibly one really can get away with not using them, I don’t know for sure.

Hope in the form of alternative programming languages?

Which brings me back to my original gripes with Apple. Is there hope of relief in the form of alternative programming languages coming to the iPhone eventually? Apple certainly hasn’t leaked any plans, and worse, they officially outlaw interpreters of programming languages. The reason is clear: with an interpreter of another programming language (for example a Java virtual machine), people could circumvent the Apple AppStore and get applications from other sources.

This alone does not prevent other languages, though, at least I don’t think it does. I think it would still be legal to use an interpreter just for one’s own application, without exposing it to other applications. Or one could use another language that compiles to Objective-C. One such language seems to be Objective-J. Still, I think the rule against interpreted languages at least slowed development efforts for alternative programming languages for the iPhone.

There are rumors that there will be an adapted (=restricted) version of Flash eventually, but it is not yet clear if it will be possible to write iPhone applications with it, or if it will just enable web sites.

I have found a Lua bridge to Objective-C, but it doesn’t sound as if the iPhone is supported so far.

Personally I still have some hopes for Javascript. There already is a Javascript interpreter in the iPhone, coming with Safari, that can also be instantiated from within an iPhone application. I don’t know yet how much one can interface with the usual iPhone features from Javascript, and if it is possible to run Javascript without actually displaying the WebView (Safari/WebKit). Most people I talk to about this are of the opinion that one should write iPhone Apps in Objective-C to get to use all the fancy features, but I am not fully convinced yet. I hope at least for some apps on can get away with Javascript (obviously not if you are writing a 3d game), so it might be sufficient to get one’s feet wet in iPhone development. Even just to be able to write some parts of the application in JavaScript would be a relief.

Meanwhile, I keep hopes for finding alternative languages for iPhone development. Please let me know if you find any. I probably won’t use Objective-J, though, because it seems too proprietary for my taste. If I learn a new programming language, I want it to be as universally useful as possible.

Ultimately it is the end product that matters, of course. I have programmed in the Linden Scripting Language for Second Life before, which is the crappiest language I have ever seen. Nevertheless it was fun, because the things you could achieve with it were so much fun. Probably it will be the same with iPhone development. Once I really get started and get to see results on the phone, Objective-C won’t feel so painful anymore. Still, I wish there were other options. Options makes me remember: I have also heard people say that XCode is not all that great either, and apparently it is not so easy to use alternatives. Too bad.

Thanks to the Deutsche Bahn, who cancelled my trains to Munich that I wanted to take this weekend, I got to attend the community camp 2008 in Berlin instead. Basically, the community camp was like a Barcamp, but with a special focus on (online) communities. (Of course I also got to attend it thanks to the organizers who made it happen in the first place - a big thanks in their direction, it was great!).

It has been over for almost five hours now, but somehow I feel like I can’t think clearly at the moment. Since I can’t do any other work, I’ll try to gather some impressions from my notes and jot them down for the blog. Andreas has also written about the last session we attended, mobile communities.

I’ll try to be briefer than with my Barcamp Leipzig recollections. The main effect of barcamps on me is to fill me with all sorts of ideas, that might not even be directly related to the sessions I attended.

A/B testing for websites

The first session I attended was about the site relaunch of friendscout24 and how the used A/B testing to increase their conversion rate of new users by 10%. It was interesting to see an example of applied A/B testing. They used a tool called “Optimus” (apparently not exactly cheap) to automatically test variations of images, texts and structure of their start page. Optimus automatically finds the best combination. For example, allegedly the image on the start page did not make much of a different (variations like blond woman, dark haired woman, couples, romance, etc.) in Germany, but a huge difference in Italy.

It got me thinking about ways to integrate A/B testing into existing web frameworks like Ruby On Rails. It is a bit of a pity to have to resort to an external tool, if you know in advance that you’ll need it anyway. Maybe a lot of time and effort could be saved by integrating the possibility of A/B-Testing from the beginning.

Tchibo Ideas

The next session I attended was a presentation by the Tchibo Ideas page, an attempt at crowdsourcing ideas for new products that Tchibo could produce and sell. This interests me greatly, because there is hardly a product that I am fully satisfied with. I constantly wonder about processes that would enable “common people” to affect the products they can buy. I find it very frustrating to own a faulty product and not be able to do anything about it (sadly, the odds that the producer will listen to my complaints are very slim).

Personally, I have great hopes for Rapid Prototyping in the future, which means that hopefully people can produce the things they want in the form of Open Source Hardware. Open Source Hardware means that everybody can change the things they annoy him. It already works for Software - personally I am a Linux user because in many ways it supersedes other operating systems. But for non-programmers, it is still too difficult to change anything about Linux, so it is more tailored towards geeks (oversimplified - actually Linux is already very good for non-geeks, too). So it is very interesting how to make it easier for everybody to improve the products they use by themselves.

But I disgress - to my disappointment (but also relief, because it means I can still become a pioneer in that area), Tchibo doesn’t offer any special tools for ideas shaping. They offer the basic features you would expect: people can propose “problems” and “solutions”, that can be rated by the community. Similiar things were already seen at Cambrian House among others (famous examples include Dell’s ideastorm or Ubuntu brainstorm).

Usually I am very wary concerning creativity competitions where you might end up giving away your idea for a couple of hundred € (I think the most you can win at Tchibo is 10000€), because I fear the other party might make a whole lot more money from my idea. However, Tchibo seemed surprisingly fair - I am not sure if the option still exists if you submit an idea the normal way, but you can also opt to submit your idea to Tchibo privately first, in which case they evaluate it and secure all kinds of rights for you. They might end up producing your idea and giving you a share, which is the way it should be.

Also, it might be worth considering that even if your idea is potentially worth a lot of money, if you were never going to realise the idea, a couple of hundred bucks might still be better than nothing.

Also Tchibo wants to include the designers in their marketing campaign, that is, their picture might be on the final products and so on. Of course I can’t vouch for them (check out their terms for yourself), but it really sounded as if they were genuinely trying to be fair. I signed up for their service, even though reception in bloggerland was mostly bad - I think a lot of prejudice against Tchibo, but who knows.

A bit disappointing: most “problems” and “inventions” on Tchibo Ideas so far are really unattractive, for example when I checked yesterday somebody proposed a device for cutting spaghetti. For me, such a device is an abomination. There is already so much useless crap in our world, that I think we are doing a better deed by reducing the clutter in our households than by adding to it with luxury junk. On the other hand, maybe I should really get some of those clips for washing socks, because I truly hate sorting socks. (I plan to build a Lego Robot for doing that one of these days, but who knows when I’ll find the time - the clips are an easier solution).

I had to leave early on Saturday, so I missed out on a couple of sessions and the party. Although that reminds me, one big inspiration from the community camp and also the recent Barcamp Berlin: BEAN BAGS! They had bean bags (provided by CrownCrow), and it was a good reminder about how comfortable they are. I must get one eventually (Andreas recommends checking out the bean bags from Muji).

Support for communities, example “wer-weiss-was.de”

Impressive track record, apparently wer-weiss-was.de have been operating for 12 years now. To put that into perspective, according to Wikipedia the Mosaik browser by Netscape was released on October 13, 1994, marking the beginnings of the usable internet.

Anyway, they told some stories about their experiences with maintaining and supporting a community. I took away the recommendation of a tool called “OTRS” as an open source ticketing system, and got the idea to use Amazon’s Mechanical Turk for some moderation task (for example checking the safety of uploaded images). A lot of discussion was about the volunteering moderators. A recommendation for reading was A Group Is It’s Own Worst Enemy, but I haven’t read it myself yet. Another thing that might be worth considering is Slashdot’s fully automated moderating system, that assigns moderator powers and meta-moderator powers semi-randomly to it’s users. It might be too complicated for non-geeks, though.

Weltverbesserer-Communities (safe-the-world communities)

Next up was a session about communities that want to help making the world a better place. Again I have a special interest in that, not only because I would like to help make the world a better place, but also because I have proposed such a project at the StartupWeekend Hamburg last year: Debug The World. I would still be interested in doing that one of these days…

Unfortunately the session left me a bit unsatisfied. I jotted down a lot of links to existing “save the world” communities, but learned little about their inner workings. Ideology was a topic, but again little was learned on how to keep the ideologies on a site in check.

I felt reminded of a recent sociological experiment that showed how it was completely random what piece of music would become a hit, if users get to see other users preferences (Update: found article describing it, among other things, search for Salganik). The same could happen with a newly launched “save the world” site: the ideology of the first users might repel other users, so you are stuck with the ideology of the first users.

Ultimately I guess if you launch such a site, you have your own ideals, and will try to steer your community into that direction. I would not want fascists to use my tools to plan for their own idea of a better world, for example.

I am currently too lazy to copy all the links that came up in the session, so I can only hope sombody will eventually update the Community Camp Wiki. The speaker was working for Utopia.de, and I think two founders of Weltretter.org were in the audience sharing some interesting experiences. I wish them luck with their efforts…

Managing friends in social networks

PaulinePauline hosted a session about managing one’s friends in social communities. From the subject, I was hoping for something else: how to find new friends in social networks. Sometimes there are interesting web projects that I can not use for lack of participating friends. I have written about Twitter, another example would be Google Reader. I am curious about the sharing of blog articles among friends that Google Reader provides, but I can not benefit from it because I don’t know anybody else who uses it.

Pauline was talking about another problem, though: how to maintain your friends lists across social networks, and do’s and don’ts of the friend search in such networks. A major gripe is seeing immediately who you are already friends with in search results, but also being able to check out somebody’s profile from within the search results without having to leave the results list.

A nice touch is to use special information, for example “people that have many friends in common with you” or “people who have attended the same events as you”.

Discussion also touched possible solutions to the multi-account problem. Some networks already offer to import your friends from other networks. It seems quite feasible to attempt to copy someone’s friends from Twitter, for example, as many people show their real name in their Twitter profile. Another nice touch is to just assume a user is using the same username everywhere.

On the other hand, admitting to knowing too much about a user might creep them out. For example, it is possible to discover a users rough location by analyzing their IP address, but showing a user “people online near you”, many might be shocked that their location is known.

Another nice touch: Facebook for example tells you to connect a new user with some friends, if you invited them to the network. That way, the new users have an easier start.

I also had the idea for a service that registers your username on all new social networks. A problem could be that people could use the service to squat on usernames (like domain name squatting).

Mobile Communities

The last session I attended was the second part of a session that started the day before (which I had missed) about mobile internet and mobile communities.

Some tidbits: automatically logging one’s status might lead to a couple of problems. For one thing, if you suddenly stop logging (for example your location), it might arouse suspicion (jealous spouse). But even though, for example I would be a bit confused if I saw a friend was visiting my city and didn’t even call me. Or somebody is online at ICQ and doesn’t chat with you. Another interesting aspect: people like to start conversations from trivial things (like bad weather). If you already automatically log all trivial things automatically, you might take away some possible conversation starters. For example, you might not call a friend to say “hi, I am in Berlin” if your phone has already automatically logged the fact.

Qype was mentioned as a solution for discovering cafes nearby while on the road, but I am not sure if it can also filter for individual taste, which would be more community like.

I am interested in seeing product ratings on the go (for example by photographing a barcode of the product with my phone), and Kooaba was mentioned as an image recognition technology that might even make barcodes unnecessary. I was also shown BdSave$, which is apparently a product ratings app for the iPhone.

Talking about “augmented reality” was also interesting, Google Earth already recognises if you hold your iPhone vertically and switches to a horizontal viel of the location around you. So in the mountains, it might really be possible to see names above the summits of the mountains around you. And presumably, soon this technology combined with Google Street View will allow for advertising in the augmented real world.

That’s it for now…