2017-04-03
Applications should not have access to proxy credentials
If you need to access the Internet through a proxy, you should not provide proxy credentials to the applications. Applications should always connect to the Internet through a transparent proxy or using a local proxy with authentication for each application that connects to the required proxy without having to configure the application with the remote proxy credentials.
2017-02-09
Many NoSQL databases are not fit for purpose
MongoDB still has bugs that prevent it being used for production if you care about it. MongoDB developers are having a hard time fixing bugs like SERVER-14766 Indexed queries should not miss documents where neither the queried nor indexed fields change during the life of the query open since August 2014.
Cassandra is not row level consistent, so it cannot be used for production either.
A good page to know about important database issues is Jepsen Analyses.
Cassandra is not row level consistent, so it cannot be used for production either.
A good page to know about important database issues is Jepsen Analyses.
2017-01-31
Why Microsoft is doomed to fail
Microsoft tried to compete with Android and iOS with the Windows Phone/Mobile operating system, but failed,
because they cannot compete if they do not offer a better more
innovative product. If Microsoft wants to compete with Android they need
to release Windows Phone/Mobile as open source, otherwise they will be
doomed to fail again. By failing, Microsoft certified that they are incompetent or that monopolies are not easy to overturn, either way is bad for Microsoft.
Microsoft search (aka bing) is unable to compete with Google. Microsoft tried to push their Internet search web three times with different brands but failed every time. So, why they keep trying? I think they try to show that powerful applications can run using their software but they demonstrate that they can not.
Microsoft business model of changing file formats to force users to buy upgraded products is probably not going to work in the future, so they will have a hard time being competitive in an open ecosystem.
Microsoft seems to be trying to bring back their failed Windows RT with the new name Windows Cloud. Microsoft will fail again.
Microsoft really needs to start recruiting better developers, better designers and start listening to the users requests.
Microsoft search (aka bing) is unable to compete with Google. Microsoft tried to push their Internet search web three times with different brands but failed every time. So, why they keep trying? I think they try to show that powerful applications can run using their software but they demonstrate that they can not.
Microsoft business model of changing file formats to force users to buy upgraded products is probably not going to work in the future, so they will have a hard time being competitive in an open ecosystem.
Microsoft seems to be trying to bring back their failed Windows RT with the new name Windows Cloud. Microsoft will fail again.
Microsoft really needs to start recruiting better developers, better designers and start listening to the users requests.
2009-12-19
On Question/Answer social applications
I like question answer social applications like StackOverflow.com because most of the times they are a better alternative to a forum. One of the creators Joel Spolsky explains the success at Learning from StackOverflow.com video.
The ideas that make StackOverflow.com so great are summarized at:
The ideas that make StackOverflow.com so great are summarized at:
- Voting: There needs to be a way to rank answers to a question up or down so you can see the best answer the first.
- Tags: Hierarchical categorizing fails where tagging works wonderfully.
- Editing: You need to be able to edit both questions and answers so they do not become obsolete.
- Badges: Users should gain status by completing actions on the site that gain knowledge on the site features and make people use them.
- Karma: Users should gain status by asking good questions and replying with good answers.
- Pre-search: Asking a question needs a search first. It really prevents duplicates.
- Google is UI: Google should be able to index the whole site for users to access questions.
- Performance: A performant site is used.
- Critical Mass: Users will only use sites that trust on. And stackoverflow.com was developed by two very influential IT bloggers.
2009-07-12
Web Applications should always use UTF-8 charset
I have seen that iso-8859-1 encoding in HTTP is broken as some "genius" from Microsoft decided to encode non iso-8859-1 characters using HTML entity encoding without using proper escaping, thus making non iso-8859-1 characters unusable and iso-8859-1 encoding for web applications not useful. FORM submission and i18n
Being Windows-1252 a superset of iso-8859-1 has made every browser and most other programs interpret Windows-1252 when iso-8859-1 is specified. Even the HTML5 standard states that iso-8859-1 should be interpreted as Windows-1252.
Apache Tomcat needs to use UTF-8 instead of iso-8859-1 by default. Here are some tips on working around this bad Tomcat default: Tomcat/UTF-8.
Always use UTF-8 as the encoding of any HTML page and especially of Web Applications.
Being Windows-1252 a superset of iso-8859-1 has made every browser and most other programs interpret Windows-1252 when iso-8859-1 is specified. Even the HTML5 standard states that iso-8859-1 should be interpreted as Windows-1252.
Apache Tomcat needs to use UTF-8 instead of iso-8859-1 by default. Here are some tips on working around this bad Tomcat default: Tomcat/UTF-8.
Always use UTF-8 as the encoding of any HTML page and especially of Web Applications.
2009-04-18
On Web bookmarking
The use cases I need for a web bookmarking application are:
- Quick button or key combination to bookmark an URL.
- Review bookmarks for obsolescence. Each bookmark should be checked periodically to find if the resource still exists and have a notification when it does not exist. Bookmarks should have attached a review date to be able to review bookmarks one by one.
- Retitle bookmarks. (Many times the title on the page is not the one I want)
- Classification. I do not like hierarchical classification because many bookmarks may own to more than one category and hierarchical classification can only have one folder structure. (Example: low fat meals/fish or fish/low fat meals) (tags also have problems as it is common to tag an AJAX tutorial as "AJAX,JavaScript" but AJAX already contains JavaScript implicitly on it but I want to get that page when I look for the broader term like JavaScript resources)
- As bookmarks refer to online resources they may only be accessed online, but I still need transparent backups in case the online resource that hosts my bookmarks accidentally removes them or just disappears.
- Pending revision. I sometimes see something that I need to review but I still do not want to publish in my public bookmarks.
2009-03-29
Blogs worth reading
This is a list of blogs I read and recommend:
2009-03-17
On filesystem usage patterns
The ext4 data loss bug leaved some changed files with zero size in the case of a crash, making the API not transactional. The bug was fixed, not in the side of the application, but in the ext4 code itself with fixes to other delayed allocation filesystems like XFS and BTRFS to maintain semantics compatibility. I started to think about use cases both in servers and laptops to investigate if the current POSIX API of Linux and if the internal Linux filesystems implementations cover these use cases as best as possible.
- Copying, moving, creating or replacing a huge file while saving a minor setting or browsing the Internet should not ever block your GUI application noticeably.
- Modifying a file should always leave either the old one or the new one. (but never a zero length file!)
- Small file change (substitution) atomic. Transaction complete should be notified but can be delayed for some amount of time like when in laptop mode.
- Writes on the hard drive should always transition stable states to prevent any loss of prior data. As much only recent changes should be lost but old data should always be preserved.
- Streaming
- RDBMS tables
- Laptop-mode: the system should be able to delay writes to disk to save power by only spining the hard drive each few seconds.
2009-03-11
On Self-extracting archives
Microsoft is still favoring self-extracting archives over normal archives. They probably want to sustain the antivirus software market by providing files capable of containing computer viruses and not having a sandbox to run these files by default in their badly designed "operating" systems.
Microsoft goes over to extremes like having a self-extracting EXE file that contains a CAB file that contains a ZIP file that contains the actual files (see for example Microsoft KB 303436 where they distribute such a file) (maybe they are so clueless that they think developers do not know what a ZIP file is and how to unpack it)
One way to prevent Microsoft incompetence (or maybe corruption) is to have in proper operating system never execute EXE files outside a sandbox and by default detect self-extracting archives (by file contents inspection instead of just only the file extension) and unpack them directly by the installed unarchiving software.
Microsoft goes over to extremes like having a self-extracting EXE file that contains a CAB file that contains a ZIP file that contains the actual files (see for example Microsoft KB 303436 where they distribute such a file) (maybe they are so clueless that they think developers do not know what a ZIP file is and how to unpack it)
One way to prevent Microsoft incompetence (or maybe corruption) is to have in proper operating system never execute EXE files outside a sandbox and by default detect self-extracting archives (by file contents inspection instead of just only the file extension) and unpack them directly by the installed unarchiving software.
Etiquetas:
archives,
microsoft,
self-extracting
2009-03-01
Why compatibility with Microsoft may lead to legal problems
Microsoft sued TomTom (Microsoft sues TomTom over Linux and other patent claims) for patents like 5,579,517 and 5,758,352: "Common name space for long and short filenames". When TomTom was just using the badly designed FAT from Microsoft for compatibility with Microsoft products. TomTom (like other flash storage users) could just have used a decent flash filesystem like YAFFS. This is just another example why software patents lead to fragmenting compatibility between systems.
2009-02-28
On Integrated development environments
The main problems I find with the Eclipse IDE are:
- Eclipse does not remove whitespace at end-of-line. It seems the eclipse based JBuilder does this flawlessly.
- Eclipse does not have a good spaces vs tabs behavior. I think if eclipse it is not going to stick to 8 spaces indentation by default it should be using spaces everywhere by default instead of changing a well defined a tab is 8 spaces de facto standard.
- Eclipse is still using non standard character encodings on some platforms like MSWindows. Change the default encoding to UTF-8 in Eclipse. (If you read this bug thread you will see how old fashioned an IBM engineer can be)
- Eclipse does not recognize new JARs of Java EE applications in WEB-INF/lib until you restart eclipse.
- Code refactoring: I want to be able to rename a method or variable without renaming other different equally named variables.
- I need to know the callers of a function to know the consequences of changing its behavior.
- I need VCS integration to know the current changes and be able to quickly change branches to develop new features.
- I need automatic compilation and verification.
2009-02-08
Duplicate action detection and correct response
To prevent any action from being duplicated due to communication errors at the first try it is needed to identify the first communication with an id that the server has to verify to not duplicate the action.
The common case is like this:
A client sends a communication to a server requesting a new order. The communication has an orderid. The server gets all the info and performs the action. But that communication fails to get a response because of a network problem like loss of connectivity. Since the client is not sure the communication was totally OK the client must retry back the communication. Since the communication has an orderid there is no problem in sending it again (no risk of duplication). Since the server already performed the action, this second time the response code should be either just the same as the first case "OK - accepted" (for simplicity) or "OK - already accepted". It is critical this response be understood by the client as OK, otherwise the client will retry forever.
I am explaining this because I have had problems trying to make understand people about this problems that made some orders, although correctly sent to the server, never marked as OK on the client system and thus retried forever making the user unhappy since his order was like not being sent.
The common case is like this:
A client sends a communication to a server requesting a new order. The communication has an orderid. The server gets all the info and performs the action. But that communication fails to get a response because of a network problem like loss of connectivity. Since the client is not sure the communication was totally OK the client must retry back the communication. Since the communication has an orderid there is no problem in sending it again (no risk of duplication). Since the server already performed the action, this second time the response code should be either just the same as the first case "OK - accepted" (for simplicity) or "OK - already accepted". It is critical this response be understood by the client as OK, otherwise the client will retry forever.
I am explaining this because I have had problems trying to make understand people about this problems that made some orders, although correctly sent to the server, never marked as OK on the client system and thus retried forever making the user unhappy since his order was like not being sent.
2009-01-06
Social Bookmarks Friend Finder (for delicious.com)
I am quite interested in social networks as they allow you to get in contact with people with similar interests.
I found some time ago a social bookmarking site called delicious.com that allows you to have all you public bookmarks tagged. I liked to find similar users to me but the site had no option for that and I found Find Similar Users on del.icio.us but it had some problems like excessive memory usage, no continue and the need to provide user and password to access the data. So I developed a similar Java program without those problems called Social Bookmarks Friend Finder (for delicious.com). It is coded in Java, using the embedded H2 database by default (being able to use most compatible JDBC databases). Please try it if you want and report any issues. I would like to hear if it was useful to you!
I found some time ago a social bookmarking site called delicious.com that allows you to have all you public bookmarks tagged. I liked to find similar users to me but the site had no option for that and I found Find Similar Users on del.icio.us but it had some problems like excessive memory usage, no continue and the need to provide user and password to access the data. So I developed a similar Java program without those problems called Social Bookmarks Friend Finder (for delicious.com). It is coded in Java, using the embedded H2 database by default (being able to use most compatible JDBC databases). Please try it if you want and report any issues. I would like to hear if it was useful to you!
2009-01-01
URLs should never have the server side technology
URLs should never have the server side technology used in them. Because it is just marketing for that technology and it does not just identify a resource.
Technologies that are shown in the URL but should not (with URL examples):
You should also prevent using the technology name in the URL as in:
Technologies that are shown in the URL but should not (with URL examples):
- CGI https://bugzilla.mozilla.org/show_bug.cgi?id=249338 my suggestion https://bugzilla.mozilla.org/bug?id=249338 or https://bugzilla.mozilla.org/bug/249338
- PHP http://www.facebook.com/home.php my suggestion http://www.facebook.com/
- JSP https://issues.apache.org/jira/secure/Dashboard.jspa my suggestion https://issues.apache.org/jira/
- ASP http://www.microsoft.com/en/us/default.aspx You should not ever have to refer to a default.aspx as http://www.microsoft.com/en/us/ should always be enough (ASP.NET also has problems rooting in the ancestor of the current MSWindows CP/M)
You should also prevent using the technology name in the URL as in:
- http://help.open.collab.net/servlets/tracking
On Programming Languages
Business code should never be developed using a non memory managed programming language. Being either reference counting or garbage collection (although reference counting is time predictive it can make your application more laggy and can not alone detect object cycles so garbage collection is the winner nowadays as Jamie Zawinski says). When writing business code you should not lose time managing memory when the computer can do it better for you.
The programming languages I recommend are:
The programming languages I recommend are:
- Java (for most applications including business or enterprise applications)
- Python (for any small application for computer administration)
- C/C++ (only for low level or computing intensive code)
- JavaScript is the web browser programming language. There are alternatives like Google Web Toolkit that allows you to translate Java to JavaScript. I still have to take a look at Google Web Toolkit. The main reason I use JavaScript is because it is the browser programming language and client applications are finally settling. But JavaScript has some problems like the lack of a native (fast) function to know the length of an Associative array in contrast with Java's java.util.Map size() method and python's dictionaries len(). GWT implements java.util.HashMap with its own implementation in JavaScript instead of using its own maps because there is no fast size() function. What other people think about JavaScript.
- PHP is a specialized programming language for web applications that is currently powering huge sites like Facebook, Flickr and Wikipedia. It still lacks unicode support among other things, but it is quite easy to deploy since most commercial web application servers support PHP. As a weak typed programming language you may get lots of problems like PHP's handling of numeric values in strings. Anyway PHP has lots of design errors so you may want to skip it for any important website. PHP Sucks, But It Doesn't Matter. I just do not use PHP because I do not feel safe with a weak typed language and so many design errors.
- Ruby with its Ruby on Rails and great OO syntax it is a language that might have a bright future. It was used for sites like Twitter but ruby on rails has scalability problems that make it not ready for large sites. Twitter changed its core from Ruby to Scala. Ruby 1.8 lacks a bytecode interpreter, Ruby 1.9 transition will take some time as there are important changes and lacks Unicode support. These Ruby problems might get fixed in the future, but right now Ruby's not ready.
- C# is a Java clone so it is also quite a good alternative but lacks lots of opensource frameworks to base your software on. So it is only an option if you do not mind the Microsoft only lock-in.
2008-12-11
On Graphical User Interfaces
Apple Inc. has always been the leader in graphical user interfaces. Apple have always know very well how to create intuitive user interfaces. Apple has always know the difference between a document and an application and has centered the user interface around the document while Microsoft has done the same around the unintuitive and computer specific software application.
Users should not need to know about applications (they do not need to know they have to open the spreadsheet application to create a spreadsheet document) they just need to know about documents or objects and actions (they just need to know that they can click somewhere to create a new document and just clicking on a document it is opened for viewing, editing or printing). Applications should be hidden totally from the user.
I really hate applications that use multiple document interface mostly because they force the user to understand what an application is, instead of just focusing on the object (text document, spreadsheet, image, video, song, ...). It seems Microsoft Office 2007 has finally done some progress to stay away of MDI but Excel still has an internal close button (x).
Users should not need to know about applications (they do not need to know they have to open the spreadsheet application to create a spreadsheet document) they just need to know about documents or objects and actions (they just need to know that they can click somewhere to create a new document and just clicking on a document it is opened for viewing, editing or printing). Applications should be hidden totally from the user.
I really hate applications that use multiple document interface mostly because they force the user to understand what an application is, instead of just focusing on the object (text document, spreadsheet, image, video, song, ...). It seems Microsoft Office 2007 has finally done some progress to stay away of MDI but Excel still has an internal close button (x).
2008-11-27
On Google Technologies
Google is currently the information technology leader because most of their systems are better engineered than the competence (like Microsoft or Yahoo). Here is a list of technologies that Google uses that you should be using too.
- Linux is used on all the servers of Google datacenters
- GCC for C++
- A Servlet Container. Although Google uses its own Google Servlet Engine they recommend using Apache Tomcat and Jetty
- Java used at least in Google AdWords, Gmail and Google Calendar and with all Google XMLHttpRequest web applications with Google Web Toolkit (Google does not like coding directly in JavaScript so they use GWT to translate Java to JavaScript)
- Eclipse for any Java development
- Python used at least in Youtube
- Protocol Buffers instead of the slow to generate and parse and difficult to use correctly XML
- Subversion and Git (Git is used, at least, for Google Android development)
2008-11-18
On SQL Databases
Choosing wisely a SQL database is a very important step for any software project that needs permanent storage and efficiently querying that data. So, here is my view of the current SQL databases.
MySQL vs PostgreSQL - WikiVS
- Oracle Database. The leader in SQL databases. It is expensive. But most other databases are catching up.
- Microsoft SQL Server. Only an option if Microsoft lock-in is worth for you. It is expensive but quite good and easy to use and maintain. A big competitor for Oracle.
- IBM DB2. Not a big contender for new systems nowadays. It has cryptic error messages. It is mostly used in mainframes and banking. DB2 does not have Regular Expression support yet.
- MySQL. The most popular free Open Source SQL database that nowadays is also ACID compliant. MySQL still has many bugs that will bite you when you most need it like MySQL Bug #10327: Can't reopen temporary table - should be allowed and does not yet report the cause of many errors like MySQL Bug #24413: Misleading error message when hard drive is full or like Can't create table (errno: 150). MySQL also has some non standard SQL extensions that will make some statements not fail but will probably get you error results. MySQL lacks full text search indexing on transactional tables. MySQL and MariaDB fixes bugs by saying they are annoying but documented (that way I fix bugs too ;-) (see MySQL Bug #53356: Character set bug at server with utf8 column and latin1 connection). MySQL has some SQL extensions that are quite useful like INSERT IGNORE and ON DUPLICATE KEY UPDATE. Anyway, MySQL is a quite good SQL database and has great documentation (concise and complete).
- PostgreSQL. The original free Open Source ACID SQL database that now is fast and stable. PostgreSQL is nowadays faster, more stable and with more features than MySQL. PostgreSQL has no bugtracker so you may have a hard time looking for problems and their status. I am waiting for PostgreSQL to include MERGE or MySQL's INSERT IGNORE and ON DUPLICATE KEY UPDATE.
- Apache Derby. An embedded free Open Source Java SQL database. Since IBM bought it, it keeps all IBM DB2 semantics that can bite you if you also use other databases. (for example "user" is a reserved word and it will not let you use it as a column name and derby has still many bugs like [#DERBY-3436] Embedded closes all open ResultSets on failure in auto-commit mode, whereas client keeps them open or [#DERBY-160] Foreign key constraint failure closes the cursors in embedded mode but not in Network Server mode that will bite you when you most need it) These kind of bugs make Apache Derby not production quality yet. Apache Derby is mostly used as IBM DB2 marketing tool, so its peace of development is slow.
- HSQLDB. A free Open Source Java embedded database for testing purposes. It should not be used in production since all the data is kept in volatile memory (instead of non-volatile memory) and needs to process all the SQL statements on startup, making it unsuitable for large amounts of data. It also has bugs like: ID: 1615886 - Not in aggregate function or group by clause
- H2. A free Open Source Java embedded database of the same creators of HSQLDB, but better designed, faster and with decent storage that it is production ready.
- SQLite. The most popular SQL embedded database. It is free Open Source. Used in products like Mozilla Firefox, Mac OS X, iPhone, Skype, Symbian OS, Android, and many others. SQLite lacks full unicode support on most systems since the full unicode support module (ICU) is optional. SQLite also has many bugs (like SQLite dynamic typing) that the official developers consider as features, but differ from most other SQL databases and even the SQL standard.
MySQL vs PostgreSQL - WikiVS
2008-09-27
Why you should buy Linux compatible hardware
I have always recommended buying Linux compatible hardware.
I have also seen along the years that most Linux supported hardware has more quality than hardware not supported by Linux because most Linux users choose wisely what is the best hardware to buy and they only develop drivers for them.
Always take a look at the level of support of any hardware prior buying it:
I have also seen along the years that most Linux supported hardware has more quality than hardware not supported by Linux because most Linux users choose wisely what is the best hardware to buy and they only develop drivers for them.
Always take a look at the level of support of any hardware prior buying it:
- Image scanner: SANE: Supported Devices
- Printer: OpenPrinting database - Printer Listings
- Sound card: ALSA SoundCard Matrix. Most cheap sound chips are supported in Linux. You will not need anything else unless you are a musician.
- Video Display: X.Org Video Drivers. I do not recommend any make other than Intel GMA. Intel also has very good Linux support having various engineers working full time resolving issues to make their hardware more Linux compatible. Intel Centrino hardware is always a good bet as all their components are supported by Linux. Nvidia has very bad support for Linux (they only provide closed source drivers and of much less quality than MSWindows ones). If you are a gamer you have to stick with MSWindows and pay for it or just buy a recent video game console and just be safe.
- Wi-Fi: Linux wireless LAN support. If you stick with Intel Centrino you should not have any problems.
2008-09-18
My ideal mobile device
Hardware requirements:
Smartphone OS comparison
- Small enough to put it on my jeans front pocket and always be with me.
- GSM and UMTS (to make phone calls and be always connected to the Internet) with efficient and well designed antenna+radio, Wi-Fi (to use high speed and low cost networking when available), Bluetooth (to transfer files to other mobile devices on the go)
- Wireless modem with USB to connect it to my computer and with Hayes command set. Computer to phone Internet connection is also known as Tethering. (iOS, Symbian and Android have Tethering)
- Assisted GPS to be able to know my position to show a map and be notified when I am near some place.
- Non-volatile memory (keep memory without the need of a battery) (preferably flash memory instead of hard disk because flash is more resistant to being dropped)
- External storage memory cards (microSD preferred) (iPhone does not have external storage memory cards) I also like being able to change the memory card without having to shutdown and remove the battery (many BlackBerries have the memory card bellow the battery)
- Sliding Full keyboard. I like to sense the keys with my fingers to be able to type quickly and not make lots of errors. (My first impression of the iPhone keyboard was quite bad, but after having used my iPhone4 for some time I find it quite good. Anyway most people agree that iPhone's keyboard is not as good as a physical full keyboard like BlackBerry's. BlackBerry Pearl half keyboard is also not enough for me. Everyone that has tried the half keyboard of the Pearl and the full keyboard of the curve prefers the full keyboard.
- High resolution (no less than 150k pixels) full-color display to be able to see at least one paragraph of text and photos that uses all the phone area (so I need a sliding keyboard). I do not like PenTile matrix family displays like the one at the Nexus One. I prefer rectangular matrix displays like the one at the iPhone4.
- Good enough photo camera with acceptable flash to take the occasional photo or video. The camera startup time has to be fast otherwise the moment to take the photo may be gone. Nexus One camera is faster and better than iPhone 3GS one, but iPhone camera is faster than Motorola Droid. Also the camera should be good enough to not have issues with the white balance like the iPhone4 or the Nexus One that also have issues with white balance under dim light conditions. I do not need too many megapixels but good performance and quality (HTC seems to be degrading quality in latests phones like the HTC Droid Incredible that has a worst camera than the Nexus One)
- Loudspeaker for the ringtone and hands-free operation.
- Vibrator with different vibration modes for different notifications (I keep most of the time my phone silent to prevent bothering others and preventing others knowing when I am being called or texted)
- Standard micro-USB or mini-USB data and power adapter (iPhone has the proprietary iPod connector, but all Androids and BlackBerry have standard USB power connectors) It seems the better designed micro-USB will be the standard data and power connector for European phones.
- Standard 3.5mm headphone, microphone and control TRRS connector (BlackBerry, iPhone and new Androids like Nexus One have a standard TRRS connector)
- FM radio receiver (many Nokias and Androids have FM radio reception but neither iPhones nor Blackberries have FM radio)
- Touchscreen I do not find having a touchscreen improve usability too much (in presence of a full keyboard) (current Blackberries are quite usable without having a touchscreen), but I found the touchscreen should be capacitive (like iPhone or most Androids) and not resistive (like new Nokias or most MSWindowsMobile based phones) as resistive touch screens require a stylus, have less resolution and do not support multitouch.
- Trackball is very useful when you need to select a link on a web page or move around with precision (all Androids have it).
- I do not want a proximity sensor that does not work correctly (I prefer not having a proximity sensor at all). Both the iPhone4 and the Nexus One has issues with the proximity sensor where it is easily unlocked when speaking and you can accidentally hang up.
- Exceptional Usability in every application and overall. Nokia engineers do not put much effort in usability of current phones (like in network connections or calculator) where both Android and iPhone excel Nokias by far. Blackberries are also very usable. I also need to disable every time consuming animation that some users like.
- Phone calls :-)
- SMS and MMS
- Web browser (preferably based on WebKit) that allows saving and offline HTML reading of content stored on the memory card (Madrid subway network has large sections without cell coverage) (iPhone, Android and Nokia have browsers based on WebKit, but none of them allow neither saving nor visualizing saved content), be able to find-on-page (iOS and Android 1.5 browser has find-on-page) and keep open URLs/windows on shutdown or crash (Nokias and Android at least does not keep them)
- HTTP Proxy server configuration. Many corporate Wi-Fi networks need a HTTP Proxy to access the Internet. Most phones do not allow HTTP proxy configuration (Android makes HTTP proxy configuration hard, Blackberry neither (you may set up the proxy only in the BlackBerry Enterprise Server), but most Nokias and iOS have proxy configuration)
- User data encryption using the password that unlocks the phone. (Microsoft Windows Mobile has user data encryption, Android has internal data encryption but not for external storage, BlackBerry has user data encyption also for external storage, Apple iOS has user data encryption)
- Audio and video player without DRM (MP3, AAC and H.264 or similar for high quality audio and video) (iPhone has DRM)
- Stopwatch and countdown timer.
- Calculator and spreadsheet
- E-book reader with standard format support like EPUB or FictionBook (in Android you have the great FBReaderJ) (PDF support is not needed since PDF is designed for printing, so it is not easily reformatted to view in different devices)
- PDF reader for slide watching (not for ebook as I already said)
- Simple Note taking (no titles in notes, just body)
- Voice call (AMR) and sound (higher quality) recorder (Most Nokias have a voice recorder, Android can record voice but you have to access it using AnyCut application from the market, does not record voice in background and does not record calls (Android Feature Request 2117: Call Recorder), Blackberries need the latest OS 4.5 to have a voice recorder and iPhone 3GS has a Voice Memo application and the Apple Store has a call recorder)
- Video recorder and editor to trim large videos must be available. iOS has a video editor but Android does not have basic video trim functionality.
- Voice commands ("call ...", "pick up", "hang up", "record voice memo", "play ...") with speech synthesis to not have to touch or see the phone while not possible to (driving) (iOS has voice commands but lacks "record voice memo", Voice Actions for Android are not usable because of Android issue #11062 voice commands do not work offline (they need a good internet connection), BlackBerry Voice Commands, Nokia Voice Commands allow to set voice commands for any application)
- Voice to text transcription (not required)
- Task list manager
- Formated text editor (either HTML or office word processor)
- On-the-Fly Spell checker being able to choose language from the text editor (iOS, BlackBerry, and Android have an spell checker).
- copy/cut/paste (Android has copy/paste but Android fragmentation make some phones have decent copy/paste in the browser while others not and Google is aware of Android Issue 3190: Improve copy-paste in Browser/WebView, iOS has very good copy/paste, and Microsoft Windows Phone 7 just added basic copy/paste support)
- Data stored in an efficient SQL embedded database (SQLite is being used on iPhone, Android and Symbian OS 9.4)
- Full text search for any data stored on the phone (most importantly: calendar entries, tasks, and notes). The use case I need is this one: I just realized I need to buy milk so I click on "new task", type "buy milk" and save. Later on, I save some other tasks and then another "buy oranges". When I get to the supermarket I just want to click on "search", type "buy" and see all the things I have to buy and check then off (or delete) as they are done. Using a phone without full text search I would have to browse through all the tasks to see which of them are buy ones. iOS has search, but it will not search in contacts notes field, as Apple states, so you need third party apps. BlackBerry fails at search by not finding contacts by the notes field. Nokia supports search if you install Nokia In-device search. Anyway Nokia is not a solution since if you have to search you may have many items and if you have many items you get Nokia memory full problems. Incredibly, with Android you can not search in the calendar nor in all the fields of contacts. (search is better in iOS than Android because it searches more fields and has Unicode support, but neither searches notes field in contacts)
- Good background and parallel applications support to be able to browse emails or tasks while listening to music or receiving messages (Nokias Symbian S60 will not let you browse photos while listening to music, iOS and Android have multitasking)
- Good memory management. Neither Microsoft Windows Mobile (you can see how badly Microsoft Windows Mobile manages memory by looking at the limits they impose on the system) nor Symbian (you can see how badly Symbian manages memory by looking at my crashy Nokia N80) based phones have good memory management leading to high memory usage, crashy applications and reduced performance over continuous usage. Android has good memory management because it uses Linux and Java with Android advanced memory manager.
- Offline usage. I need all my important data to reside in the flash memory of the device so I can work offline when there is no wireless coverage or I just do not want to pay. It seems some terminals require you to have wireless connection for most operations even if the information could be locally stored. (Google Applications like calendar, gmail and maps work badly or not at all, like maps, if you are not online. Nokia Ovi Maps, TomTom for MSWindowsMobile, TomTom for iPhone and the old TomTom for Symbian work offline. Android (Android Issue #4471: Downloadable maps for offline navigation/location) and BlackBerry do not even have an offline GPS navigator application so they are not ideal for decent navigation)
- Model-view-controller widget toolkit that comes with a Table widget with TableModel as good or better than that of Swing or GTK+
- Alarm clock with sound and vibration with GSM either turned off or muted to be able to have the phone wake me up without having a out of hours phone call wake me up. (Some phones do not have this functionality, but Android, iOS and Symbian do.)
- Quick guest accounts to allow any person make a call or browse the Internet with my device being almost locked to any other information like contacts, bookmarks, browse history. It would be great to be able to create various accounts on the mobile just like in UNIX.
- No spyware. (Apple iOS 4 allows fine grained permission to access location to applications and Android has a global setting)
- Encrypted communication. Like when accessing your email.
- Publicly available issue list. Like Android issues list. But Symbian, iPhone, Microsoft Windows Mobile and BlackBerry being closed platforms do not have public available issue lists
- Easy and Smooth Upgradeable Operating System. (Google Android has too many quirks when upgrading like the problems with the inverted colors on the camera of the Nexus One on the 2.1 to 2.2 update. Google Android just do not seem to take much care of upgrades)
- iPhone: Yes. Apple iOS 4 added missing the features that make iPhone a usable phone like multitasking and spell checker (take a look at Apple iOS 4 Keynote). Still you may want to read: Top 10 Reasons Why the iPhone Is NO BlackBerry. iPhone is an extremely closed platform that is not worth following. Apple App Store does not even allow GPL software. Just, be aware the way Apple sells their products.
- BlackBerry: Yes. BlackBerry Torch 9800 is the first BlackBerry to have a decent WebKit based browser based on BlackBerry OS 6. There is also Linux Syncing for BlackBerrys. crackberry.com is a good site for blackberry news.
- Nokia: No. Nokia seems to not target high demanding users. It is not acceptable to have memory full crashes of applications because of bad memory management done by Symbian phones. I tried some things to workaround Nokia Symbian memory problems with no luck. They are going to feature efficient data storage using SQLite in Symbian OS 9.4 or later but it is too little too late. Symbian OS became open source but they are not really trying to build a community as their bug tracker requires registration, most bugs are restricted and they only keep new bugs instead of importing all the old ones. Nokia kills Symbian OS for their high end phones. Now that Nokia releases N900 that seems like a decent mobile phone. They declare the underlying platform is dead. Now with Windows Phone they are entering a dangerous path because of the lack of features of Windows Phone.
- Microsoft Windows Phone: No. The old Windows Mobile failed to compete with BlackBerry and Microsoft decided to discontinue it. Microsoft agrees Microsoft Windows Mobile is a failure. Microsoft Windows Phone seems to have lagged behind the other players and lacks a lot of important features other makes have. Microsoft Windows Phone 7 lacks too many features to even look at it right now, so they better hurry up or the may have to quit the smartphone market for the second time.
- Motorola: No, as Motorola does not allow people to customize their smartphones. Motorola Tells Customer to “Buy Elsewhere” if They Want Custom ROMs.
- Sony Ericsson: Since Sony Ericsson moved away from Symbian and Windows Mobile towards Android, they seem to have a competitive edge again. Sony Ericsson does not follow any standards so they lose many points for power users. There are some phones that use standards, like using microSD instead of Sony proprietary Memory Stick.
- Google Android Yes, Android 4 almost catch up to iOS, but before you buy an Android device be aware of the huge list of bugs that Android needs to fix so you can know if it fits your needs. Google wasted too many resources on things like live wallpapers, cool startup and shutdown animations, 3D galleries, improving support for games and trying to replace Java with native code because of the Oracle lawsuit, but that made them lag too much from iOS because Google did not fix bugs or added requested features. Android seem to not target the enterprise or high demanding users (Android lacks external storage encryption support and backup/restore). Google should not allow carriers to use the Android brand on crappy products (Why My Mom Bought an Android, Returned It, and Got an iPhone). Some Android Google Applications have less functionality than the Web ones (Contacts lacks birthdate edit), I also miss notifications since I mostly have the phone sound turned off and the vibration is so sort and not repeating that I miss reminders and some minor clicking sound when playing low samplerate MP3s like voice. Google misses to implement search for all the information stored in the phone, the only one thing you would expect from Google. Android also has some major bugs like Issue 2719: Issues with character encoding of non-ascii multi-message SMS and useful ones like per connection HTTP Proxy configuration. Also, it is too common for Google sync to have problems. Android also lacks a month view datepicker (with the current android datepicker it is difficult to pick a date).
Smartphone OS comparison
2008-09-11
Microsoft Internet Explorer Bugs
Most clients still have Microsoft Internet Explorer 6 as required web platform and I have to support it for web applications. Being Microsoft Internet Explorer such a badly designed browser have lots problems that make developers do workarounds to make the code run and prevent any crashes on MSIE. Microsoft will support MSIE6 until 2014 so the future of web innovation is endangered by Microsoft.
This is a (growing) list of bugs of Microsoft Internet Explorer make my life harder:
Please, STOP using Microsoft Internet Explorer NOW! or at least Bring Down MSIE6! Google is already taking steps by unsupporting MSIE6 soon. You may want to use IE6 Update to make your users upgrade.
Can Microsoft get any lower?
This is a (growing) list of bugs of Microsoft Internet Explorer make my life harder:
- XMLHttpRequest MSIE Caching Bug
- createElement is broken in MSIE
- Many XMLHttpRequest related bugs like MSIE "crashes" on close of window.
- Lack of integrated spell checker for textareas. You can download ieSpell but you should be using Mozilla Firefox that already has integrated spell checker.
- Memory leaks in MSIE in circular references between JavaScript and DOM objects.
Please, STOP using Microsoft Internet Explorer NOW! or at least Bring Down MSIE6! Google is already taking steps by unsupporting MSIE6 soon. You may want to use IE6 Update to make your users upgrade.
Can Microsoft get any lower?
2008-09-08
C Libraries
These are some of the C libraries that I use and I recommend:
- GTK+ my preferred open source GUI widget toolkit (used in the GNOME desktop)
- SQLite best embeddable SQL database (take a look at File Locking And Concurrency In SQLite Version 3 so you can be sure that your data is safe with SQLite) (It is used in products like Mozilla Firefox, Google Android, iPhone and new Symbian based phones)
2008-08-31
On Mozilla Firefox
I do not understand why Mozilla Firefox developers are so slow to fixing some usability bugs like:
Mozilla has also do some changes like unverified SSL-Certificate management UI that may not be in the users interests but in the CA industry ones. That UI has been thought to make users life much difficult when using non CA signed SSL-Certificates thus having websites pay for CA certificates. They could have just issued a big warning every time the user browses a non CA signed website instead of the ugly UI that may have been paid by the CA industry.
Mozilla has historically not collaborated with the libre opensource community, making Mozilla code huge, thus needing many developers to properly maintaining it. Until Firefox3 it had an in house graphics renderer but switched to the powerful cairo. Same with data storage where it used the braindamaged Mork file format (as Jamie Zawinski rightfully calls it) but switched to the powerful SQLite.
If Mozilla wants to succeed in the long run, they must collaborate with the libre opensource community by depending on other projects (and supporting them) instead of developing all their software in-house.
Mozilla Firefox now also has to compete with Google Chrome as it seems like Google, that pays up to 80% of Mozilla Firefox development, will cut the funding when Google Chrome surpasses in users to Firefox. Google would not have started Google Chrome development if they thought Mozilla developers would be good enough to deliver a quality browser and Google will not backup their plans since Google Chrome is already out of beta and bundled with other Google tools.
With all these problems Mozilla Firefox future seems to be quite unclear. I think Firefox will start losing all the users when Google Chrome has all the features that Firefox users currently have and a Linux and Mac OS X port is released.
This is the list of add-ons I consider a must have for Firefox:
- Bug 249338 – progressbar doesn't indicate upload progress
- Bug 123913 - [RFE] tab-specific alerts are window-modal and should be tab-modal (need "sheets" widgets on non-MacOSX).
Mozilla has also do some changes like unverified SSL-Certificate management UI that may not be in the users interests but in the CA industry ones. That UI has been thought to make users life much difficult when using non CA signed SSL-Certificates thus having websites pay for CA certificates. They could have just issued a big warning every time the user browses a non CA signed website instead of the ugly UI that may have been paid by the CA industry.
Mozilla has historically not collaborated with the libre opensource community, making Mozilla code huge, thus needing many developers to properly maintaining it. Until Firefox3 it had an in house graphics renderer but switched to the powerful cairo. Same with data storage where it used the braindamaged Mork file format (as Jamie Zawinski rightfully calls it) but switched to the powerful SQLite.
If Mozilla wants to succeed in the long run, they must collaborate with the libre opensource community by depending on other projects (and supporting them) instead of developing all their software in-house.
Mozilla Firefox now also has to compete with Google Chrome as it seems like Google, that pays up to 80% of Mozilla Firefox development, will cut the funding when Google Chrome surpasses in users to Firefox. Google would not have started Google Chrome development if they thought Mozilla developers would be good enough to deliver a quality browser and Google will not backup their plans since Google Chrome is already out of beta and bundled with other Google tools.
With all these problems Mozilla Firefox future seems to be quite unclear. I think Firefox will start losing all the users when Google Chrome has all the features that Firefox users currently have and a Linux and Mac OS X port is released.
This is the list of add-ons I consider a must have for Firefox:
- Adblock Plus prevents advertisements
- Tabberwocky opens new tabs just next to the current one.
- FlashBlock only runs flash content when clicked on it
- livehttpheaders see HTTP headers of all the requests. This is for developers mainly
- Firebug is the best companion to help develop web pages. It lets you see the DOM, CSS, JavaScript, HTTP requests. This is also for developers mainly
2008-08-28
On Version Control Systems
Using a Version Control System is a must for any software development right from the start (even if your boss denies it). Here are some of my reviews:
This is a list of features I need in a VCS (I got most from Version Control System Comparison):
- Microsoft Visual SourceSafe is a so bad product that anybody will tell you to use at least the basic CVS.
- Serena Dimensions PVCS is outdated and dysfunctional. I have used it in some projects but it causes more problems than it tries to solve. The horrors of PVCS Version Manager is a good thread to get a fell of the problems. Among the problems I found when using it were excessive bureaucracy that slowed development too much (PVCS needs a full time administrator even for the most simple projects). PVCS needs training to use it as it is quite different from other VCS. PVCS being lock based slows down development a lot. And finally no good merge functionality. Most PVCS users are migrating to either Perforce, Subversion or Git.
- IBM Rational ClearCase has no atomic commits, is no distributed, the license is quite expensive and requires a qualified administrator.
- Perforce. I have not used perforce ever but the only one open source project I knew, Perl, was still using Perforce switched to Git.
- SourceGear Vault just does not get any better than subversion.
- CVS is not appropriate these days because it does not save changesets of all the changed files in the server (CVS saves changes on each file separately making it hard to know all the changes made on other files at the same time) and predates defaults that are not useful today (like not using unified diffs by default)
- Subversion is an improved CVS with current defaults and true changesets of a set of files, but make branching and merging quite hard and is not well suited for disconnected or distributed development.
- Git is steadily becoming the de facto standard VCS (used in projects like the Linux kernel, X.org, Samba and GNOME) that makes distributed and disconnected development much easier than subversion and is steadily taking subversion users. Git allows you doing things that other VCS just dream of, like git rebase --interactive. Why Git is Better Than X. Anyway, Git still has a difficult to use command line interface.
- Monotone is a DVCS inferior to git: MonotoneLimitations
- Mercurial is Git big contender. It is also used in many important projects. Mercurial was suggested for Linux kernel development but Git instead was created. Google has chosen Mercurial for Google Code instead of Git because Mercurial command set is more similar to Subversion, it is written in Python that is supported in Google infrastructure and has efficient HTTP based transport, but they recognize Git has more features.
- Quilt is a great simple tool to maintain a set of patches that can make your life much easier when you have a set of patches applied to upstream software that you want to keep updated for any new upstream version.
This is a list of features I need in a VCS (I got most from Version Control System Comparison):
- See what is going to be commited (aka the full changeset) instead of just the modified, added, deleted files. With most VCSs I have to command diff and then command commit. This of course needs to allow aborting the commit operation. This feature is most useful to newbies that do not know that they always have to diff prior to commit to see if they see the changes they really want to commit or not.
- Atomic commits (aka Changesets) are a must. CVS and the crappy Visual Sourcesafe do not have atomic commits. Most modern VCSs have atomic commits.
- Files and Directories Moves or Renames. CVS does not have moves or renames but subversion and git do. Handling renames: svn vs. git vs. mercurial.
- Remote repository replication. To be able to browse the history while offline. CVS and Subversion have some external programs to be able to do that. But you need a modern VCS like git to be able to get the history and work with it natively.
- Propagating Changes to Parent Repositories and Disconnected operation. Be able to commit many changes without being online and be able to submit these changes upstream when I become online. CVS and subversion only support on-line operation so they are discarded.
- Tracking Line-wise File History. I want to know who and when changed some line. cvs annotate, svn blame, git blame, ...
- Networking support with HTTP and HTTPS to be able to access the repository behind a HTTP proxy. subversion and git can support it while CVS does not.
- Easy branching, merging and rebasing: When I need to code a new feature or fix a new bug I want to base my new code in the latest stable code, not in the work-in-progress feature that it is not finished yet, and be able to work on many features in paralell without any interference between them. Whenever these features are ready and tested I want to easily merge them to mainline. This means being able to change branches quickly is a must. Since mainline could have been changing I want to be able to rebase my changes to the latest mainline. CVS, Subversion and perforce make merging painful so they are discarded. git is great for this kind of operation.
- Easily revert a merged feature. I do not mind losing the history of the coding of the feature but it must be easy to revert them.
- I want to easily make changes to upstream projects that are constantly changing and rebase my changes easily whenever I want.
- Partial Pull: Be able to get just the last revision instead of the whole history of a project, just like CVS and subversion do. Monotone is not able to work just with the last revision and you have to get the huge whole history of the project.
- I want to see merge requests from my developers and with a click accept the merge request or reject it with a comment. So developers should be able to submit merge requests. I do not want to lose any merge request and multiple merge requests of the same branch should be merged (so email will not work here).
- Be able to completely remove a commit or file, committed by error or that may contain confidential information that should never be in the history. Subversion has problems with this use case (How to remove an accidentally put large file (4GB) from Subversion repository) but git lets you rebase the project history quite easily (Collapsing a git repository's history)
2008-08-07
On JavaScript WEB Application Frameworks
I have found jQuery to be the best library for JavaScript web development. jQuery has the biggest community, more high quality plug-ins than any other JavaScript library and I have found it is the best designed library. Most projects are moving to jQuery from other JavaScript libraries like Prototype JavaScript Framework (See this article of a developer that migrated from Prototype to JQuery and this ticket about the midgard migration from prototype to jQuery) or like Dojo or YUI (Ning moved from Dojo to jQuery Djblets and Review Board moving from YUI to jQuery anyMeta moves from Dojo to JQuery). I still have to check out Google Web Toolkit (it seems like the ideal bet, but it uses its own GWT-RPC protocol by default that is not a standard web service interface). (See this Evaluation of JavaScript Libraries and reddit comments on it). Now, that Microsoft and Nokia are supporting jQuery it is by no doubt the best option to choose. Why does everyone like jQuery more than prototype/script.aclo.us or mootools or whatever?
Comparison of JavaScript frameworks
These are my favorite jQuery plugins:
That means that Client Web Applications will run much faster and will allow for much more than is currently possible. So, it is time to start betting for a future of JavaScript Web Applications that contact the server using XMLHttpRequest and REST WEB Services. I also bet this will put dynamic server web pages technologies (like JSP, PHP, ...) on extinction (also because these technologies do not use DOM to manipulate XHTML and I think it is the only correct way).
A web indexer (like Google) just needs to access the raw resources using REST. It should not crawl any web application. And these resources should be raw (without any decoration like navigation menus) and just one resource per URL.
Comparison of JavaScript frameworks
These are my favorite jQuery plugins:
- jQuery UI high quality basic widgets
- Tablesorter makes any HTML table client sortable
- History prevents the client application from breaking the back button
- Form Deserialization deserialize JSON to a HTML form
- Form makes any form AJAX ready with little code
- Autocomplete text input autocompletion (both local and remote even using JSON)
- Mozilla's SpiderMonkey TraceMonkey for Firefox 3.5
- WebKit's JavaScriptCore SquirrelFish is starting to get results
- Google Chrome's V8 already is quite optimized for JavaScript
That means that Client Web Applications will run much faster and will allow for much more than is currently possible. So, it is time to start betting for a future of JavaScript Web Applications that contact the server using XMLHttpRequest and REST WEB Services. I also bet this will put dynamic server web pages technologies (like JSP, PHP, ...) on extinction (also because these technologies do not use DOM to manipulate XHTML and I think it is the only correct way).
A web indexer (like Google) just needs to access the raw resources using REST. It should not crawl any web application. And these resources should be raw (without any decoration like navigation menus) and just one resource per URL.
2008-08-04
My Boycotts
This is the list of my boycotts:
- Microsoft for the development of alternative and bad designed file formats like OOXML, XML Paper Specification and Extensible Application Markup Language (XAML was a failure and Microsoft is trying to embrace and extend SVG to make it fail) when there are already standards like OpenDocument, Portable Document Format and Scalable Vector Graphics respectively. You can laugh or cry at Microsoft's Ethical Guidelines?. There They Go Again: It's Time to Just Say No to Microsoft and Ecma. The worst part is that people that buy Microsoft products pay them so they can change they formats and have their costumers buy the same software again and again. Microsoft is also using outdated file formats like BMP (by default in Microsoft Paint). Microsoft still does not know how important a Backup is, losing people data.
- Sony for the development of alternative technologies like Memory Stick instead of using de facto standards like Secure Digital card
- Airis is synonymous of bad design. I have had an Airis DVB-T receiver where the remote control worked extremely bad in comparison with other products and this DVB-T finally exploded (thank god the case contained the explosion). You can find lots of criticism of www.airis-computer.com out there.
- El Mundo Spanish newspaper. El Mundo publishes manipulated graphs provided by the Partido Popular political party.
On Authentication
I think public-key cryptography authentication will be the only authentication system used in the future, totally replacing user name/password authentication.
Currently we have to keep lots of passwords in mind or in a password manager because every site needs a different one (you can not use the same password on every site since if someone has access to your password at any site he would have access to any of your sites).
Public-key cryptography authentication also allows us to not require the usage of public key infrastructure and be able to have a decentralized web of trust. Privacy-enhanced Electronic Mail will not work in a hierarchy of trust.
To replace user name/password authentication with public-key cryptography authentication in the web the first step would be making it easier to generate and use key pairs in the web browser.
Public-key cryptography authentication also has the advantage of being single sign-on as you only has to type the password of your private key once for all the session.
Cryptographic smart cards are the most secure way of authentication as they keep the private key always on the card and are also password protected.
Van Jacobson is currently leading this Copernican Revolution to make the Internet a Content-centric networking by disassociating the network from the data. He explains it in A New Way to look at Networking.
Currently we have to keep lots of passwords in mind or in a password manager because every site needs a different one (you can not use the same password on every site since if someone has access to your password at any site he would have access to any of your sites).
Public-key cryptography authentication also allows us to not require the usage of public key infrastructure and be able to have a decentralized web of trust. Privacy-enhanced Electronic Mail will not work in a hierarchy of trust.
To replace user name/password authentication with public-key cryptography authentication in the web the first step would be making it easier to generate and use key pairs in the web browser.
Public-key cryptography authentication also has the advantage of being single sign-on as you only has to type the password of your private key once for all the session.
Cryptographic smart cards are the most secure way of authentication as they keep the private key always on the card and are also password protected.
Van Jacobson is currently leading this Copernican Revolution to make the Internet a Content-centric networking by disassociating the network from the data. He explains it in A New Way to look at Networking.
2008-07-25
On Server side WEB Application Frameworks
Server side web application frameworks are a dead end.
Now that most mobile phones have good JavaScript support (mostly by the use of WebKit in them) and are not just dumb terminals, it is time to develop only client side web applications and stop using the page-per-request web application model.
The future is REST (to let web crawlers index the web) or maybe other Service-oriented architecture protocol and XML or JSON for the data.
The main problem with server side web application frameworks are the load that impose HTML generation on the server and also the long waits to process an action that maybe the server does not need to deal with.
Struts (both Struts1 and Struts2 aka WebWork) have a problem with its design since although there is a controller that forwards actions to views you already need to know what view you are going to render since you have to pass the correct beans to it thus breaking the Model View Controller (MVC) architectural pattern.
Most server side MVC (like Struts and JavaServer Faces) frameworks are just anachronistic by not supporting REST Web Services and need to be replaced by implementing the controller in the client with JavaScript with XHTML for the view and accessing the data model using REST Web Services.
Now that most mobile phones have good JavaScript support (mostly by the use of WebKit in them) and are not just dumb terminals, it is time to develop only client side web applications and stop using the page-per-request web application model.
The future is REST (to let web crawlers index the web) or maybe other Service-oriented architecture protocol and XML or JSON for the data.
The main problem with server side web application frameworks are the load that impose HTML generation on the server and also the long waits to process an action that maybe the server does not need to deal with.
Struts (both Struts1 and Struts2 aka WebWork) have a problem with its design since although there is a controller that forwards actions to views you already need to know what view you are going to render since you have to pass the correct beans to it thus breaking the Model View Controller (MVC) architectural pattern.
Just by having to obtain a bean and attach it to the request for the view to render it you are associating a defined view, making
public class MyAction extends ActionSupport
{
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception
{
...
request.setAttribute("myBean", myBean);
return mapping.findForward("success");
}
}
mapping.findForward("success");
unneeded as you could just specify the actual view.Most server side MVC (like Struts and JavaServer Faces) frameworks are just anachronistic by not supporting REST Web Services and need to be replaced by implementing the controller in the client with JavaScript with XHTML for the view and accessing the data model using REST Web Services.
- Model: REST with JSON (with XHTML for documents)
- View: XHTML
- Controller: JavaScript
2008-07-15
On Surrogate keys
I am against the usage of surrogate keys when you have a natural key even being it of type VARCHAR.
There should not be a problem using a VARCHAR as a primary key since if the database is correctly architected it may use internally an integer index to join to other tables. And anyway you always have to lookup the surrogate key from the natural key as the surrogate key should never be exposed outside of the application. You still have to declare UNIQUE the natural key and that will hurt the same (or even more), as having it as PRIMARY KEY, on INSERT.
Is there a REAL performance difference between INT and VARCHAR primary keys?
There should not be a problem using a VARCHAR as a primary key since if the database is correctly architected it may use internally an integer index to join to other tables. And anyway you always have to lookup the surrogate key from the natural key as the surrogate key should never be exposed outside of the application. You still have to declare UNIQUE the natural key and that will hurt the same (or even more), as having it as PRIMARY KEY, on INSERT.
Is there a REAL performance difference between INT and VARCHAR primary keys?
2008-07-13
On Database Persistence
Following the great failure of Java EE 1.4 Enterprise JavaBean 2.x Entity Bean (Bean-Managed Persistence & Container-Managed Persistence) (now deprecated). Please, read Expert One-on-One J2EE Development without EJB to understand why EJB 1.x and 2.x has hurt so much Java EE reputation. Also watch Rod Johnson - Lessons Learned from Java EE to understand the dangers of design by committee.
I do not use any ORM tool in my Java projects as they create more problems than they try to solve. Hibernate vs JPA vs JDO - pros and cons of each?
Object-Relational mapping is the Vietnam of Computer Science
ORM is an anti-pattern
Using an ORM or plain SQL?
If you insist on using an ORM, here are two strong free implementations of the Java EE Java Persistence API (Java Persistence/What is JPA?) to choose from:
What Java ORM do you prefer, and why?
JPA Implementations - Which one is the best to use?
I do not use any ORM tool in my Java projects as they create more problems than they try to solve. Hibernate vs JPA vs JDO - pros and cons of each?
Object-Relational mapping is the Vietnam of Computer Science
ORM is an anti-pattern
Using an ORM or plain SQL?
If you insist on using an ORM, here are two strong free implementations of the Java EE Java Persistence API (Java Persistence/What is JPA?) to choose from:
What Java ORM do you prefer, and why?
JPA Implementations - Which one is the best to use?
Etiquetas:
database,
java,
orm,
persistence,
programming
Subscribe to:
Posts (Atom)