HTML5 vs. Native Mobile Development

I just prepared this new slidecast.  It provides a comparison between HTML5 and Native way of development.

It is available at Youtube:  http://www.youtube.com/watch?v=JuFqUspiR8g

As always, look forward to your feedback, suggestions and comments.  Please feel free to leave your comments inline at YouTube.

Microsoft Webcamp summary

Last week I attended Microsoft WebCamp here in their Silicon Valley Campus.  The event was a two day, totally hands on, delivered and attended by developers.  According to my estimates there were around three hundred attendees. May be more.

Microsoft showed 3 things:
1. HTML5 and IE9
2. WebMatrix
3. Microsoft Azure


Let us try to take a deeper look:
 I.  HTML5 and IE9
IMHO, Microsoft with IE9 has worked very hard to catch up with competition (Apple, Google and Mozilla) and in a few cases really surpassed.  I started paying attention to HTML5 from April of 2010 when Steve Jobs banished flash from iPad.  Samples and demonstrations from Apple with HTML5 support and hardware accelerated CSS on the Mac  seemed mind-blowing.   Chrome seemed like a good second runner and IE8 was no where in the picture.  Since then Chrome has very aggressively riding the HTML5 wave.  I almost wrote off Microsoft during summer of 2010. However, I am somewhat amazed that within a short period of 12 months Microsoft bridged that gap.  Even though they still  lag behind Chrome and FF they have come a long way in html5test  (http://www.html5test.com ) and W3ctests (http://w3c-test.org/html/tests/reporting/report.htm).

IE9 is holding the lead in several performance metrics.  Since this area is highly debatable and contentious I will stay away from this.  But the point is. IE9 holds a commanding position in the leaderboard which IE8 could not.   They definitely have sped up the Javascript engine!

Also just like Apple and Google Microsoft has put together a site called BeautyOfWeb ( http://www.beautyoftheweb.com/) where they are show-casing some of the coolest items.  One area where IE9 pushed the envelope is in hardware acceleration.   Fully utilizing the modern day GPU, running significant amount of graphics functions on these chips, getting away from general purpose CPUs and a single-threading model, IE9 is capable of outstanding graphics, animations and smooth transitions.    Take a look at IE Test Drive:  http://ie.microsoft.com/testdrive/

The other area where they have excelled is full SVG support.  Applications like mapping and charting for dashboard applications where zooming in and out without pixilation and quality loss is critical remain strong candidates of such technologies.  One site which caught my attention was http://www.highcharts.com/

Please note, IE9 is not for everyone.   It is available only for Vista and Windows 7 users.  Sorry XP!

II. WebMatrix
Microsoft has really tried to simplify web development with this toolset.

WebMatrix is a free web development environment.     This tool comes with a compact IIS web-server, a compact database (MySQL or SQLServer) and plugins to hook up external modules called helpers (e.g.  FaceBook, PayPal, Twitter, Amazon).   It was instant love for me!   Here is why.  Traditionally, when I setup an environment, I fought for setting up and installing/configuring Apache, installing/configuring mySQL and fighting setup for a day or two. What a waste of time when I would rather be working on my application!   Using WebMatrix,  just opening a new folder, creating a few pages, creating a data-model and serving up a dynamic page was quite impressive.

What attracted me even more was the ease with which we can put together a FaceBook or a Paypal integration.   Now, my friends, I have always needed these in recent web apps and slated 1-2 days to accomplish these aspects.  WebMatrix can remove that CRUD!
WebMatrix provides Helpers so that Common Scenarios (e.g. FaceBook Likes, Twitter posts and Paypal payments) are as easy as the following:
@Facebook.LikeButton()
@SimplePay.Execute()

If you like this, please read on.   WebMatrix also has hooks to  several open source site builders like Orchard, Joomla and Drupal.  That way, these site builders can be configured and manipulated from the WebMatrix environment.  Web Matrix has about 60 open source templates to build from.  WebMatrix also works with PHP.

WebMatrix also provides a special markup syntax called Razor.  This makes combining front end code (HTML, Javascript) and backend code (PHP) very simple and readable.

Watch the video in this page for a good idea on WebMatrix:  http://www.microsoft.com/web/

In Summary: Microsoft is doing what they do best!  Come up with Development tools which are very easy to use and can be democratized.   The fact that they are leveraging open source is really a very interesting phenomena.


III.  Azure
They made a presentation on Azure.  Well, this is a topic for another post.



Best Regards, Somnath

S3Tonik- Making Amazon Simple Storage Service even Simpler

This week our iOS Application S3Tonik made it to the Apple App Store.  This is Version 3.0 of the application and this one is an Universal application.  That means the same binary runs on both iPhone and iPad.  In case someone has already bought it for the iPad, they should be able to upgrade to the new version at no cost.

Speaking about cost, the application (S3Tonik) is modestly priced at $0.99c.

At this price what you get is access to a demo account (Amazon Simple Storage Service account) where we provide key documents, materials, audio and video content on modern technology topics like Mobile, Web 2.0, Cloud, Green Computing. Topics like Security, computing in different government departments are also of key interest to us.  We constantly scour the web, collect publicly consumable materials on these topics and bring them together at one place for you to consume.  Now whether you are waiting at the doctor's for the next appointment, or in that airport terminal you should not get bored as long as you carry an iPhone or an iPad with a dosage of interest in these topics.

Now if you really like the content and want to save it, you can download the files to your briefcase (a feature brought to you by S3Tonik) and carry them for offline access.  So your browsing will not stop even when you board that long flight or even after you enter the doctor's chambers where WiFi signals thin out.  Comprende?

If you wanted to share a key document with a friend, colleague or loved one, you can do so with email share option.  And if you are rushing for the next key client meeting and have found a statistic from our content, whcih you wanna share with your client for convincing, you can always choose the PRINT option and make use of a network printer.

Like it so far?

Well, if you do, you might want to go tell your head IT guy at the corporate that the easiest way for him to disseminate key documents (sales collaterals, brochures,  product videos) is to cycle it through Amazon S3.   It is inexpensive ( costs around 20 cents a GB per month for storage and 10 cent a GB for bandwidth) and durable.  Also, if you choose the proper Security options, you can make it really Secure.  Hey, even the government people are using Amazon.  No Kidding!

So now, if your corporate central guys decide to do this, you can always access the S3 account which your office guys have setup by configuring your own account in S3Tonik.  It will need a complex Access/Secret Key which you can hand enter from the setting screens of S3Tonik.   If you find hand entering cumbersome, well... you are not alone!  We found it tough too and hence we provided a second option. You can setup your access/secret key pair in a XML file, make it accessible behind an URL. S3Tonik will access the url, parse the keys and setup your account.  Not too bad!

Now, with your own account setup, ALL those sales collaterals, brochures, product videos are accessible with a flick of a finger, a quick touch and a pinch.  Magic!  Right?

You never have to go through the document dis-array or suffer version anxiety  (hey , did I send the right version to the client or will I face the music tomorrow morning when I reach corporate?).  Sweet, isn't it?

Well, we also thought so.  Hence we call S3Tonik,  the Tonik that you have been waiting for to make Amazon Simple Storage service even Simpler.

Now, if you want even more complicated stuff like versioning, auditing or 2 factor authenticating,  feel free to send us an email at support@s3tonik.com

And if you like the app, do not forget to rate or even review the App.

Our Facebook page is http://www.facebook.com/s3tonik

Our Twitter hashtag is #s3tonik
Our Website is http://www.s3tonik.com 

Best wishes and Best Regards,  Tonik Team!

p.s.  I forgot to tell you that we will be keeping the screencasts at http://www.youtube.com/s3tonik

Windows Phone7 for iOS Developers

This evening I attended a very interesting event. Microsoft hosted Windows Phone 7 for iPhone OS Developers. This was our regular Silicon Valley iOS Group meet-up. But today it was held at Microsoft headquarters at Mountain View. No I am not dreaming. This actually happened!

Microsoft wanted to present Windows Phone 7 to iPhone developers and attract them to port their applications to Windows Phone 7. Microsoft presented the tools, the overall development methodology and constructed an application on the fly. That was quite impressive. They also brought in a third party development team who develop on iOS, Android and Windows Phone and had them show their app and share the development experience across platforms.

Nice touches:

• The development environment was based on regular VisualStudio and SQL Server 2008. They showed the development using C# and XAML.
• Two primary development frameworks are XNA (for game development) and SilverLight.
• There was a visual design environment where you could drag and drop design elements on a canvas and then program the events (OnClick etc.) and edit the code-behind. This metaphor is already very well known to many developers.
• It was very simple to develop using a DB on the local machine and then pushing the DB over to a remote Azure Cloud. The migration of local data to the cloud (at least for small example) was nice. Support for SQL Azure and Migration tools finally seems to be coming together.
• The programming model was built around developing Against Web Services which made it very simple to change.
• Unlike Android, submission to Windows Market Place needs to be vetted by Microsoft and hence there is tighter control over security. Pretty much like Apple.
• There are some really innovative controls like Panorama which shows Microsoft has tried to set itself apart and not just copy iPhone, the way Android has been doing.

The rough edges:

• Windows Phone 7 has no enterprise distribution model. The Application market place is only for the consumer. So if a corporation wanted to build an Application and distribute through a store they cannot do it today. Please note that Apple has an enterprise version of their developer license which allows a corporation to distribute their apps.
• It did not seem to me that Windows Phone 7 has true multitasking for applications. An incoming phone call would send a running app to tombstone. Which means it is where iOS was in the previous generation.
• Windows phone has to support multiple devices and form factors (for example phones can come with or without sliding keyboard). Although this is nothing compared to the dreaded Android fragmentation, but this puts an onus on QA. Here are some choices: http://www.microsoft.com/windowsphone/en-us/buy/7/default.aspx
• They do not have the concept of an ADHOC build. This is used to give iPhone Applications to BETA testers without cycling through the store.
• When asked “What are the top selling Apps in your marketplace?” there was no clear answer.

My take
Overall Windows Phone 7 seemed behind iOS and will continue to do so. However, they have a few things. The widely known and understood development model and the foothold in the enterprise. Also, with the recent success of Kinect they seem to have their mojo. Time will tell whether the Nokia marriage will last happily ever after or end in a messy divorce. But it does seem like they are making a sincere effort to win the hearts and minds of developers.

Tidbits

• When asked whether they would port their apps to WP7 several developers raised hands.
• Flurry is reporting a sharper increase in developer interest with WP7.http://wmpoweruser.com/after-nokia-deal-flurry-confirms-windows-phone-7-overtook-blackberry-in-developer-interest/
• If you want to remember one link, keep this in mind: http://create.msdn.com/en-US/

Thought I would share this with you all.

Best Regards, Somnath

Enterprise Mobile Security

Industry analysts and security experts believe that as smart-phone adoption increases within the enterprise, attacks and malwares will also increase. Smart phones may become conduits to breaches of corporate data. Malwares and viruses will masquerade as apps and may compromise both personal and corporate data. 2010 saw a huge rise in such instances of targeted malware.

2011 is really a year to watch for mobile attacks. With WikiLeaks and StuxNet, fear is looming in everyone’s mind regarding what and how the next attack will be. Let us try to imagine and understand the surface of potential risks. We will focus on risks related to large businesses and enterprises.

I) Data breach as a result of lost/stolen device
A lost device means potential for loss/theft of sensitive information and also enabling unauthorized users to gain access to ENTERPRISE networks. Remember the hapless Apple engineer losing the iPhone 4 prototype in a bar? In case you are rolling your eyes, please remember, that over a six month period, 3,000 laptops were lost in London cabs. Compare that to 55,000 phones lost during same period!

Also, when individuals lose a device it is a personal loss. When enterprise devices are lost it is a much bigger affair. Some experts put the total cost of a lost laptop to be around $49,000. This cost reflects the enterprise wide effort (corporate, legal, purchasing, admin, etc.) required to deal with a lost laptop.

A sophisticated approach is to use a service such as “remote-locate-and-lock” which will remotely locate the phone using built in GPS service and lock out a lost phone. Even more stringent policies of “remote-wipe” can be enforced to remove all sensitive data from a misplaced phone. There are several vendor software options which are emerging. For iOS there is “Find My Phone”, for Android there is Lookout .

Additionally, it is important that key content be encrypted and stored in a fashion so that even a device loss does not compromise key information using a proper standard like AES-128 or AES-192.

II) Malicious code attack coming from masquerading applications
This usually happens after downloading an application, which in-spite of masquerading as an innocuous app, actually engages in nefarious activities (keyboard logging, transmission of private information secretly, etc.). In July 2010, The ‘Carrot App’ for Android was disguised as a calculator application. The malicious application was programmed to email to the attacker of transcripts all text messages, both sent and received by the infected device.

Due to Apple’s stringent application review and publication process these problems are less common in iOS, but are still an area of concern. Android, due to its open publishing policy can be more prone to such attacks. Please refer to the recent in-depth study on App genome.

III) Mobile device OS, Applications or protocol vulnerability
Software vulnerability at this level is hard to fend off and can only be mitigated by constant study of and vigilance against security threats. It is advised to ensure that the latest versions and patches of the OS & development environments (Apple XCode or Android SDK) are applied carefully and security patches are taken seriously. Remember the chain is only as strong as the weakest link!

IV) Weak or non-existent mobile device authentication

This is a double-edged sword. Having a very hard pass-code is easy to forget and hence affects the usability. On the other hand, having something straightforward like “1234” or “admin” is easy to guess and easy to crack. The long-range solution for this is using some form of biometric or fingerprint based authentication. However, until these are refined we should have a TWO FACTOR AUTHENTICATION (a combination technique of something you know, e.g. pass-code and something you have, e.g. a CAC reader). In many cases a simpler variant of CAC Reader can be adopted, e.g. a token code which is distributed via SMS. Such two-factor authentication schemes are proposed by large organizations such as Google and Microsoft. Such options will provide additional protection against phishing and malware attacks, as the one-time token codes are valid only for a limited duration of time and are deactivated automatically, thus preventing access to any sensitive information.

There can be additional attack surfaces which we have not thought about yet. After all, a “Hacker’s mind” has a different orientation than a “Builder’s brain”. Constant vigilance can never be overstated in today’s world, specially when you adopt more modern means to conduct your business.