I just discovered a Firefox plugin called FireSheep, which sniffs the local wireless network for session cookies to common sites and allows you to sign in as anybody it finds. This is a trivial hack, and anybody with an understanding of wireless networks and how session cookies work can figure it out - and it's fairly easy to explain to anybody who doesn't have an understanding of them.
I dug a bit into their code, they have easy access to these sites:
- Amazon (which saves your credit card info, so they could potentially buy stuff on your card)
- DropBox (lots of people use this one to backup files, this would give you access to all their stuff)
- Facebook
- Github
- Google (fortunately Gmail has an option to always use https)
- Live (aka Hotmail)
- Twitter
- and many more!
So long story short, remember that if you're using your laptop on a public network you should be using https:// and not http://.
This reminds me of a program I found that is kinda neat called STunnel. This program creates a tunnel using SSL to any server that supports an SSL connection. So if you have a program that can't use SSL for whatever reason, you can just connect it to the STunnel service on your local machine and have it forward, encrypted, to wherever you are trying to connect.
Oct 25, 2010
Oct 22, 2010
5 Weekends
Seems like a lot of people are excited that this month has 5 Fridays, Saturdays and Sundays. They say that it hasn't happened in <some large number> of years (every time I see it, the number is different).
Except, you know, January of this year. Or May last year. So, fail.
Maybe they all meant that there hasn't been any Octobers with 5 Fridays, Saturdays and Sundays (FSSs) in that many years. My answer: go go gadget Ruby! Here's a little script that will find the last October which had 5 FSSs:
Except, you know, January of this year. Or May last year. So, fail.
Maybe they all meant that there hasn't been any Octobers with 5 Fridays, Saturdays and Sundays (FSSs) in that many years. My answer: go go gadget Ruby! Here's a little script that will find the last October which had 5 FSSs:
i = 2009
# a month with 31 days will have 5 FSSs iff the first
# day of the month is a Friday
begin
day = Date.parse("#{i}-10-01")
i -= 1
end until day.wday == 5
puts day.yearTurns out the answer is....2004! Sure enough looking at the calendar for October 2004 it does indeed have 5 FSSs. Before that? 1999. Before that? 1993. I could go on but I'm getting bored of this.Oct 21, 2010
Building Webapps in No Time
One thing that I've been thinking about is very small web apps, and how to get them out there quickly without having to do a whole lot of work. These are some tips with some arguments behind them and may not work for you, but I'm assuming that you're all smart here anyway and can decide on your own whether or not you should listen to them.
This guide is mainly targeted towards developers who are interested in building their own apps, but others can probably benefit from some of these too.
Tip 1: Screw IE6. Supporting IE6 can be a down-the-road feature (or v2.0 feature, however you want to call it) but for now it's going to consume much more time than it's worth. Too many web companies say, "oh, but the 10-15% of people still using IE6 are so important to me that I need to double my front-end development time just to make sure my site works in their browser."
No.
Tip 2: Choose a technology that is quick for development. Anything with a build cycle is out - one of the major issues I have working with C# these days is that I have to compile my code and restart the app, which takes long enough to break my concentration and I have to spend time re-focusing before I can be productive again (it doesn't help that I'm a bit of a space cadet and it really doesn't take long for me to find something shiny and distracting while the code is compiling). With stuff like PHP, Ruby, Python, etc. I can make my change and do a quick Alt-Tab + Ctrl-F5 to see the updated change.
Note: this also applies to front-end stuff. CSS Frameworks like Blueprint and Javascript libraries like jQuery will help you out there.
Tip 3: Use other people's code. Package management systems (Rubygems, PyPI, PEAR, etc. - is there something like this for jQuery plugins?) have many many libraries available for you to use that are built by guys who have faced the same problems as you and have made their solutions available so that you don't have to reinvent the wheel. In economics it's called capital accumulation, and you're much better off using it.
Tip 4: Use low-risk hosting. The difference between low-risk and low-cost hosting is that if your idea turns out to suck (like most of mine do) then you don't actually lose anything, where a low-cost host will charge you say $4/month regardless of what happens. An example of such a host is NearlyFreeSpeech.NET, who doesn't charge you for hosting if nobody goes to your site. It is free to sign up and create sites, and you get charged solely on the bandwidth that you use - there are a couple gotchas, I've written about them before if you want more details.
In short, you can pay as little as $5 for the hosting in the initial stages, which is less than the cost of your celebration beer when you launch your site.
Tip 5: This one is going to be a bit touchy for some folks, but it will help you get the app launched sooner. Use Facebook Connect as your authentication system. Seriously. While not everybody is on Facebook and others have privacy concerns and don't really want to sign up on sites that use Facebook Connect, there are two good reasons from a business perspective to use it for your site:
1) You don't have to build your own authentication system (or if you are following guideline 3, you don't have to integrate a library like devise to handle it). You'll probably still need to keep a users table in your app, but you won't need to handle the annoying aspects of password retrieval, profile pics, friends management, etc.
To support Facebook Connect with PHP is simple:
If your app goes anywhere, then you can start thinking about supporting non-Facebook accounts. But for your initial launch you want to do the least possible work, and using something like Facebook Connect will help you achieve that goal.
Tip 6: Choose a design and stick with it. Reworking a design can be costly, especially if you're using a lot of Javascript. Do a single design and unless it is absolutely horrible, just stick with it and rework it further down the road once you have actually launched your site.
Of course, some of these tips don't always apply: if you're building an app targeted toward businesses then Facebook Connect isn't really an option. I'll repeat myself: it is important for you to judge how these points might influence the way you are doing things, and to act accordingly.
This guide is mainly targeted towards developers who are interested in building their own apps, but others can probably benefit from some of these too.
Tip 1: Screw IE6. Supporting IE6 can be a down-the-road feature (or v2.0 feature, however you want to call it) but for now it's going to consume much more time than it's worth. Too many web companies say, "oh, but the 10-15% of people still using IE6 are so important to me that I need to double my front-end development time just to make sure my site works in their browser."
No.
Tip 2: Choose a technology that is quick for development. Anything with a build cycle is out - one of the major issues I have working with C# these days is that I have to compile my code and restart the app, which takes long enough to break my concentration and I have to spend time re-focusing before I can be productive again (it doesn't help that I'm a bit of a space cadet and it really doesn't take long for me to find something shiny and distracting while the code is compiling). With stuff like PHP, Ruby, Python, etc. I can make my change and do a quick Alt-Tab + Ctrl-F5 to see the updated change.
Note: this also applies to front-end stuff. CSS Frameworks like Blueprint and Javascript libraries like jQuery will help you out there.
Tip 3: Use other people's code. Package management systems (Rubygems, PyPI, PEAR, etc. - is there something like this for jQuery plugins?) have many many libraries available for you to use that are built by guys who have faced the same problems as you and have made their solutions available so that you don't have to reinvent the wheel. In economics it's called capital accumulation, and you're much better off using it.
Tip 4: Use low-risk hosting. The difference between low-risk and low-cost hosting is that if your idea turns out to suck (like most of mine do) then you don't actually lose anything, where a low-cost host will charge you say $4/month regardless of what happens. An example of such a host is NearlyFreeSpeech.NET, who doesn't charge you for hosting if nobody goes to your site. It is free to sign up and create sites, and you get charged solely on the bandwidth that you use - there are a couple gotchas, I've written about them before if you want more details.
In short, you can pay as little as $5 for the hosting in the initial stages, which is less than the cost of your celebration beer when you launch your site.
Tip 5: This one is going to be a bit touchy for some folks, but it will help you get the app launched sooner. Use Facebook Connect as your authentication system. Seriously. While not everybody is on Facebook and others have privacy concerns and don't really want to sign up on sites that use Facebook Connect, there are two good reasons from a business perspective to use it for your site:
1) You don't have to build your own authentication system (or if you are following guideline 3, you don't have to integrate a library like devise to handle it). You'll probably still need to keep a users table in your app, but you won't need to handle the annoying aspects of password retrieval, profile pics, friends management, etc.
To support Facebook Connect with PHP is simple:
<?= $facebook->getLoginUrl() ?>2) Free advertising and market feedback. When people use your app, you can post stuff to their wall saying something like, "so-and-so did X on MyAwesomeApp.com!". Their friends will then see the post and (hopefully) say, "whoa sweet, let's go check that out." You can take advantage of Facebook's already-established network for marketing, or for learning what people have to say about your app.
If your app goes anywhere, then you can start thinking about supporting non-Facebook accounts. But for your initial launch you want to do the least possible work, and using something like Facebook Connect will help you achieve that goal.
Tip 6: Choose a design and stick with it. Reworking a design can be costly, especially if you're using a lot of Javascript. Do a single design and unless it is absolutely horrible, just stick with it and rework it further down the road once you have actually launched your site.
Of course, some of these tips don't always apply: if you're building an app targeted toward businesses then Facebook Connect isn't really an option. I'll repeat myself: it is important for you to judge how these points might influence the way you are doing things, and to act accordingly.
Oct 8, 2010
PHP Preprocessor
I've thought of a random cool project, but this time instead of starting out on it, getting halfway through and then abandoning it, I figure I'll put it up for public discussion where others can throw in their two cents, tell me if such a thing already exists, or tell me I'm a moron and that it's a stupid idea (actually there will be people who will always say this, regardless of what the idea is).
I want to add some sort of preprocessor to PHP, to extend the power of the language. It seems a bit silly to add a preprocessor to something that is already a preprocessor, but I figure it is more practical to build this thing as something that outputs a language that is already very widely supported - my main incentive for this project is to then use it for PHP sites and put onto servers that already support PHP without needing additional software.
My main inspiration for such a project is from Ruby on Rails. See, Rails has a lot of good ideas, but many of them are easily translatable to PHP and other languages. You can use PHP's __call(), __get() and __set() methods to mimic a lot of the things that Rails does - I do this in MinMVC for model objects already.
What I think is much more powerful is the ability to use code to manipulate classes (aka metaprogramming). In Ruby I can do stuff like this:
What this preprocessor would do is scan for files that end with .m.php and convert them to .php files. The project would involve writing a parser that would scan for preprocessor blocks and execute them. The code in the preprocessor blocks would also be PHP, so you can do whatever you like in there. The key difference would be the use of $this: if you're inside a class, $this would refer to a Class object that represents the current class. So you would write something like this:
Quick aside on the use of the extension: I use .m.php instead of .phpm or something because Apache has a tendency to just serve files if it doesn't recognize the extension, which is a security risk. If it ends with .m.php, Apache will just execute it as a PHP file and fire out a PHP error when it sees weird stuff.
I'm still thinking about the details as to how you might add methods to $this, so that people can write add-ons. It might look something like this:
I want to add some sort of preprocessor to PHP, to extend the power of the language. It seems a bit silly to add a preprocessor to something that is already a preprocessor, but I figure it is more practical to build this thing as something that outputs a language that is already very widely supported - my main incentive for this project is to then use it for PHP sites and put onto servers that already support PHP without needing additional software.
My main inspiration for such a project is from Ruby on Rails. See, Rails has a lot of good ideas, but many of them are easily translatable to PHP and other languages. You can use PHP's __call(), __get() and __set() methods to mimic a lot of the things that Rails does - I do this in MinMVC for model objects already.
What I think is much more powerful is the ability to use code to manipulate classes (aka metaprogramming). In Ruby I can do stuff like this:
class MyClass awesome_function_that_manipulates_MyClass ... endIn PHP you can't do this. While PHP has a reflection API (I haven't actually used it much, so I can't comment on how good it is) it appears to be a read-only API. You can get information about classes and methods, but you can't modify them. You can't stick random methods into a class at run-time (unless I haven't read the PHP Reflection documentation properly). So you can't do something like this in PHP:
class MyClass has_many :usersThe has_many method would add certain methods to MyClass to make it nice and easy to interact with the users that this class has. While you can mimic this functionality using some __call() hackery, I think adding some sort of metaprogramming capabilities would make this much simpler and more maintainable.
What this preprocessor would do is scan for files that end with .m.php and convert them to .php files. The project would involve writing a parser that would scan for preprocessor blocks and execute them. The code in the preprocessor blocks would also be PHP, so you can do whatever you like in there. The key difference would be the use of $this: if you're inside a class, $this would refer to a Class object that represents the current class. So you would write something like this:
class MyClass {
#begin
$this->has_many("users");
#endIt's not nearly as elegant as the Ruby version, but that's ok. What this would do is the PHP preprocessor would execute the code in between #begin and #end and output some sort of PHP code to affect MyClass, like add methods called getUsers(), addUser(...), etc.Quick aside on the use of the extension: I use .m.php instead of .phpm or something because Apache has a tendency to just serve files if it doesn't recognize the extension, which is a security risk. If it ends with .m.php, Apache will just execute it as a PHP file and fire out a PHP error when it sees weird stuff.
I'm still thinking about the details as to how you might add methods to $this, so that people can write add-ons. It might look something like this:
class_function has_many($what){
...
}Who knows. Any comments on this idea?
Oct 5, 2010
Sep 29, 2010
On C# and .NET
At my current job I've been using C# and VB.NET for development, which are two technologies that I had never used and really shied away from as they are "corporate" technologies. I always figured that C# was just like Java and since I hated Java when I was in university I would have the same reaction when trying out C# for the first time.
Turns out I was wrong. In a nutshell, I would describe C# as "Java done right". The extra features that come with C# are little things that make the language as a whole more pleasant to use, and doesn't make me want to cry when it takes forever to do something simple - as I usually felt when working with Java.
Here's a few of the things I like:
Type Inference - some people will probably hate my code. I use var everywhere. My code looks like Javascript! It's especially useful in foreach loops over dictionaries (aka hashes, I'm so used to using Ruby that I tend to overuse this class): whenever I want to iterate over the collection.
Functional Abstraction - this one is also known as anonymous functions. Check this one out:
Events - this is the observer pattern built into the language. I won't go too much into this as you can just learn about it from the Wikipedia page. This is actually something that would be useful in Ruby (probably not that hard to implement as a gem) and is implement in Rails.
There are a number of things that I don't really like - the system is closed and very much owned by Microsoft. While they have their community promise thing going that means they say they won't sue the Mono guys for reimplementing their platform, you never know when they might try to exercise their muscle.
A quick note on Mono: it's great. The executables it produces are binary compatible with Windows, so you can pull the Java-style compile-once-run-everywhere thing - build an executable with Mono in Ubuntu, and it will execute under Windows - provided you're not using any specific libraries. Compile a .dll on Windows with Visual Studio and you can use it just fine in Mono under Ubuntu. I'm impressed.
Turns out I was wrong. In a nutshell, I would describe C# as "Java done right". The extra features that come with C# are little things that make the language as a whole more pleasant to use, and doesn't make me want to cry when it takes forever to do something simple - as I usually felt when working with Java.
Here's a few of the things I like:
Type Inference - some people will probably hate my code. I use var everywhere. My code looks like Javascript! It's especially useful in foreach loops over dictionaries (aka hashes, I'm so used to using Ruby that I tend to overuse this class):
foreach (var pair in myHash){
...
}This way if my hash has some complicated type I don't need to put KeyValuePairFunctional Abstraction - this one is also known as anonymous functions. Check this one out:
CSV.Open("mycsv.csv", "r", row => {
.. do something to row
});This is valid C# code! And it works great! It isn't exactly the same as blocks in Ruby (break/next/redo/return don't work the same) but it accomplishes a lot of what I use blocks for.Events - this is the observer pattern built into the language. I won't go too much into this as you can just learn about it from the Wikipedia page. This is actually something that would be useful in Ruby (probably not that hard to implement as a gem) and is implement in Rails.
There are a number of things that I don't really like - the system is closed and very much owned by Microsoft. While they have their community promise thing going that means they say they won't sue the Mono guys for reimplementing their platform, you never know when they might try to exercise their muscle.
A quick note on Mono: it's great. The executables it produces are binary compatible with Windows, so you can pull the Java-style compile-once-run-everywhere thing - build an executable with Mono in Ubuntu, and it will execute under Windows - provided you're not using any specific libraries. Compile a .dll on Windows with Visual Studio and you can use it just fine in Mono under Ubuntu. I'm impressed.
Sep 24, 2010
Whiny Programmers
This post is in response to this rant here. If you don't feel like reading it that's ok, it is about a programmer who is annoyed about the following scenario:
1) Business Guy (BG) has an idea (I say Guy here because I've only ever been approached by guys with business pitches, but you can easily replace the G with Girl if that's the case).
2) BG finds Programmer (P), offers no pay but 50% equity.
3) P does all the coding, late nights, etc.
4) BG makes all the decisions, takes all the glory, no mention of P in press releases, etc.
5) P gets annoyed.
This is a common scenario, and a lot of programmers have seen it (I was lucky, when I went along with this scenario I was actually getting paid, although the equity part was lower).
My problem with this type of rant is this: what is stopping P and BG from being the same person? Why can't programmers come up with business ideas, and do all the marketing/PR/etc. as this rant describes as "the easy part"? This guy seems to come to the false dichotomy of "programmer in startup" vs. "programmer in big company", when there are plenty of other options available.
Now of course the obvious answer is this: there is not enough time for P and BG to be the same person. It's time-consuming enough to do all the coding, you want to do all the marketing and product pitches and all that too? On top of that, BG often has this thing called "charisma" (known to geeks as CHA) which is a thing that geeks often neglect or marginalize but is quite important when it comes to making people want to give you money for stuff (whether it's VC funding or selling your product).
Not only that but there is all this other business stuff that needs to be done like:
Market research: does anybody actually want your product? How often do us geeks embark on an awesome project only to find out that nobody actually wants it? /me raises both hands and would raise more if had more hands
Sales: how do you make more demand for what you're selling? People might not care at the moment, but could be convinced to care. How do you do that?
Financing: how are you going to pay the bills before the company turns a profit? Unemployment benefits? Not likely. Often you might have to get a loan or sell some equity to a VC/angel so that you can eat while you get the ball rolling.
Etc.: there are a lot of other things that come into play here, but I won't bore you with all those details since I think the three above are enough to make the point.
In short, my point here is that business is not as easy as this guy makes it sound.
What do you do when a business guy comes to you with a pitch? You might as well hear his idea out, it might actually be worth something - although if you're young like me your sense of what is worth something might not be fully developed yet, so keep that in mind as well. Sign the NDA if you need to, but don't make any commitment until you know what you're getting into. However the most important thing is to set a precedent: be assertive at the beginning. Say that if you're getting 50% of the equity then you're actually getting 50% of the company which includes 50% of the decision making, 50% of the exposure, etc.
Keep in mind though that this requires 50% of the responsibility - if the business fails, it's 50% your fault. If the business guy is doing something obviously stupid, it is your responsibility to let him know and work with him to make a better decision (or realize that maybe what he is doing isn't so stupid). You can't expect to be treated like a partner if you don't act like a partner.
Anyway, the two points I have are:
1) When you're in that situation where you're the developer of a 2-guy startup, assert your position as a partner or you won't be treated like one.
2) Remember that there are more options than "work as programmer for startup" or "work for big co" - namely, the "start your own startup" is a viable option. I think a lot of people forget about this when thinking about finding jobs.
1) Business Guy (BG) has an idea (I say Guy here because I've only ever been approached by guys with business pitches, but you can easily replace the G with Girl if that's the case).
2) BG finds Programmer (P), offers no pay but 50% equity.
3) P does all the coding, late nights, etc.
4) BG makes all the decisions, takes all the glory, no mention of P in press releases, etc.
5) P gets annoyed.
This is a common scenario, and a lot of programmers have seen it (I was lucky, when I went along with this scenario I was actually getting paid, although the equity part was lower).
My problem with this type of rant is this: what is stopping P and BG from being the same person? Why can't programmers come up with business ideas, and do all the marketing/PR/etc. as this rant describes as "the easy part"? This guy seems to come to the false dichotomy of "programmer in startup" vs. "programmer in big company", when there are plenty of other options available.
Now of course the obvious answer is this: there is not enough time for P and BG to be the same person. It's time-consuming enough to do all the coding, you want to do all the marketing and product pitches and all that too? On top of that, BG often has this thing called "charisma" (known to geeks as CHA) which is a thing that geeks often neglect or marginalize but is quite important when it comes to making people want to give you money for stuff (whether it's VC funding or selling your product).
Not only that but there is all this other business stuff that needs to be done like:
Market research: does anybody actually want your product? How often do us geeks embark on an awesome project only to find out that nobody actually wants it? /me raises both hands and would raise more if had more hands
Sales: how do you make more demand for what you're selling? People might not care at the moment, but could be convinced to care. How do you do that?
Financing: how are you going to pay the bills before the company turns a profit? Unemployment benefits? Not likely. Often you might have to get a loan or sell some equity to a VC/angel so that you can eat while you get the ball rolling.
Etc.: there are a lot of other things that come into play here, but I won't bore you with all those details since I think the three above are enough to make the point.
In short, my point here is that business is not as easy as this guy makes it sound.
What do you do when a business guy comes to you with a pitch? You might as well hear his idea out, it might actually be worth something - although if you're young like me your sense of what is worth something might not be fully developed yet, so keep that in mind as well. Sign the NDA if you need to, but don't make any commitment until you know what you're getting into. However the most important thing is to set a precedent: be assertive at the beginning. Say that if you're getting 50% of the equity then you're actually getting 50% of the company which includes 50% of the decision making, 50% of the exposure, etc.
Keep in mind though that this requires 50% of the responsibility - if the business fails, it's 50% your fault. If the business guy is doing something obviously stupid, it is your responsibility to let him know and work with him to make a better decision (or realize that maybe what he is doing isn't so stupid). You can't expect to be treated like a partner if you don't act like a partner.
Anyway, the two points I have are:
1) When you're in that situation where you're the developer of a 2-guy startup, assert your position as a partner or you won't be treated like one.
2) Remember that there are more options than "work as programmer for startup" or "work for big co" - namely, the "start your own startup" is a viable option. I think a lot of people forget about this when thinking about finding jobs.
Subscribe to:
Posts (Atom)
