Mobile application development middleware?

I am the author of an ExtJS based cluster management web-application (Scyld IMF at Penguin Computing) that allows controlling a high performance compute cluster from any web-browser, be it from your desktop or from a mobile device. This works fairly well already even without writing a special view for the mobile devices as current smartphones (iphone, android) come essentially with a full blown javascript capable web-browsers and lots of processing power. However performance still could be better by having a native app that uses the same data sources / api as the full blown web-application (javascript app running on the browser being the client to the webservice-api on the server side), but implementing the view natively.

After hacking up a proof of concept for the iphone (thanks John for your awesome iphone JSON flickr tutorial and xcode example for download) and thinking of how to do the same for android without duplicating effort, I realized that it would be nice to be able to have some kind of middleware that allows me to create and populate native gui components without code duplication.

One such middleware is phonegap which requires you to write your application in javascript and html, and allows accessing phone specific features through javascript calling the middleware. It then is bundled as a native application that can be submitted to the app store for purchase and can run completely offline once downloaded, unless the programmer chooses to access remote resources. Their initial focus seems to have been allowing access to smartphone specific features like the address book, vibrate and sound, gps location and such, but there also is code in there to use native gui components as well.

I have two problems with the approach:

1. development of javascript – while palm pre developers might tout this as an advantage, I find javascript development and debugging rather tedious and would prefer writing my code in java or objective-c and be able to run it through a full control debugger on my desktop before deploying it to the simulator. I know about and am actively using firebug, the javascript debugger for firefox, but a lot of the bugs I had to deal with were incredibly hard to hunt down and rather than the debugger it was the forums and interacting with developers on #extjs chat, as well as using jslint and manually analyzing code, that helped me figure out a root-cause, workaround or fix.

2. performance – developers report that the phonegap version of their app appears to consume more resources rather than less compared to a remotely hosted javascript app, accessed through the mobile devices web-browser. Apart from the overhead of having to parse javascript at runtime, developers sometimes need platform specific knowledge and implement different than for a web-application, i.e. iphone onclick events being much slower from the touchscreen than ontouch events.

The advantage on the other hand appears to be that it is relatively easy to add new mobile platforms to phonegap. So far they appear to have iphone, android, blackberry and some nokia platforms covered, with palm pre being on the horizon to be added beginning of next year.

And according to phonegaps website, there are already several real-world phonegap powered apps in the marketplaces of both the iphone and android.

Thoughts?

Advertisements

Python based webapplications – WSGI – state of the web 2009

I read a really interesting article by Mike Orr on http://linuxgazette.net/115/orr.html regarding WSGI / python web frameworks, dated June 2005 and wondered what had happened since then. Mike was so friendly to update me and would like to share what I learned:

I asked him: “I saw an older article of yours at linux gazette.net that had an overview of web frameworks and WSGI.  If you where trying to find an update to that, where would you look first?”
The answer:

“There is no state-of-the-web overview that I know of, but a lot has
happened since I wrote that article.  Pretty much all new frameworks
are written for WSGI, and the older ones have been retrofitted.
(CherryPy can run as a WSGI server, Plone can run as an application,
parts of Zope have been extracted to independent Repoze components,
and Quixote has a WSGI gateway floating around somewhere.)  Django
works with WSGI sort of, and has been ported to Google App Engine via
WSGI.

I’m involved with Pylons, a framework that’s fully WSGI and modular to
the core, built on top of Paste, which is a low-level WSGI library.
TurboGears 2 is being built on top of Pylons.  This means that
different frameworks with different goals and target users can share
the same technology, and essentially makes every TG developer a Pylons
developer, doubling our developer base.

There’s a group of WSGI framework developers including
Pylons/TG/Repoze.BFG that is designing a new framework to potentially
supercede all of them, with plug-in personalities to reflect their
different application styles.  This is still at the idea stage but may
have some alpha code by the end of the year.  If so it could point the
way to the next generation of frameworks.

Another big issue is Python 3.  Over the next year frameworks will
either be ported to Python 3 or replaced by frameworks written for
Python 3.  (Though the Python 2 frameworks may continue in use for
several years.)  This has to be done on a dependency basis; e.g.,
Pylons can’t upgrade until all the components it depends on have
upgraded.”

Reproduced with Mike Orr’s friendly permission.

canceling my landline, just need DSL+skype and mobile phones…

Background

Recently we have been paying between $40 and $100 for our landline to AT&T even though we barely use it. The reason is that AT&T charges $10 for the landline plus some fees and then on top of that just for being able to place long distance calls for $20 plus high (i.e. 50 cents per minute) charges for long distance calls, which means its much more expensive to call within the US than it is calling around the globe to germany.

And on top of that we are paying $60 for comcast cable and internet, which is the price already after negotiating them down temporarily on a promotion-rate. Honestly we don’t really watch TV and just have that since comcast does not offer a cheaper cable internet service without the basic tv service. On top of that we have our mobile phone plan with t-mobile ($35 for the plan plus $10 per additional phone plus $20 if you want the unlimited wireless internet on the phone as well). With three phones one of which has the unlimited internet plan we pay about $85 max per month. Because of my work I also still have an AT&T wireless plan which just recently AT&T took the liberty of increasing the cost for their already expensive unlimited internet by $20, totaling also almost $100 .So our total cost for communication lies somewhere between $300 and $400.

Once you think about it you wonder how you got there.

In the light of our current economy we are trying to consolidate that. Our current model is that we are going to cancel the landline and the wireless service with AT&T, cancel comcast cable+internet, and instead sign up to AT&T basic DSL for $25/month ($4 of that are for having DSL without having an active landline). Most phonecalls we do within our mobile phone plan, which we will leave as it is for now. Then another component to be able to call germany without a landline nor using mobile phones will be to use Skype.

Skype cost structure highly confusing

Skype is interesting as it allows free calls between skype computers, which means potentially most of our phonecalls to my parents could be free. In addition it apparantly has reasonable rates for calling international landlines in the two cents per minute range. However their pricing model is at the very least confusing. I still have to figure it out completely.

There are three to four components that I would want:

1. a skype account that allows me to make free phonecalls to other skype accounts. Done and tested, works well.

Cost: Free after internet (cant live without internet anyways, so not really additional cost for me)

2. having an account that can be charged when calling landlines – I think its called SkypeOut. They allowed me to test it with me normal skype account for 10 minutes and I was able to call my parents in germany and have a reasonable conversation with only minor quality issues.

Cost: tbd, there are connection fees of 4 cents, plus per minute fees (pay as you go) or monthly flat rate fees ($10/month international)

3. having a phonenumber that any landline can call – I think its called SkypeIn

Cost: tbd, again connection fees plus per minute fees plus a monthly fee for getting that phonenumber.

4. Luxury version would be to own a wifi or wimax phone with skype on it, i.e. the Nokia internet tablet with wimax once it comes out, that would be awesome… there already are other existing phones from NetGear as well advertised on skypes website…

Cost: $150 for the netgear phone, around $450 for the nokia internet tablet?

So the total cost summary for the Skype portion is still highly unclear to me. Once I finish my research and interpretation of all the stuff on their website I will put it into a nice table format. Feel free to comment already with additional input and ideas.

Note that I am aware that there is no 911 service on skype currently, not sure if that will have to change sooner or later or if they stay exempt. The mobile phone service typically is less reliable in terms of 911 service than the land line was, but I am not ready to pay $30 extra just for that feature…

Note also that I don’t believe I will be willing to pay an arm and a leg for apple+AT&Ts iPhone 3G service, for all the reasons I wrote down in my previous posting about why I returned my iPhone.

extjs – my favourite widget-rich javascript library de jour

extjs.com After looking at dojo/scriptaculous/yui/jquery and the like, I finally narrowed it down to extjs ( http://extjs.com ) as my favourite playground for a widget-rich browserindependent javascript library. Check out their examples to get excited quickly.

Of course there is no light without shadow: The API documentation is ‘somewhat terse’ (read: lacking links to examples) and the examples that exist outside of that are excellent for showing off what it will look like but leave out the essential pieces that would allow you to learn on how to make it useful for your own application.

I was lucky to find Sakis extjs examples website: http://examples.extjs.eu/ which does actually implement forms including the submit functionality and so I was able to glean from it how to use the ajax submit/load functionality.

Another interesting find is http://tof2k.com/ext/formbuilder/ which allows you to drag and drop forms together that you can then include in your apps.

Give it a try, if you are shopping for a javascript library that has commercial support and a free community (GPL) version, this is the way to go IMHO.

webmin 1.410 insecurities? XSS exploit

I was pondering writing a webmin module for some stuff I am interested in, since webmin looks so slick, and as of version 1.410 has fixed some of its security issues.

So I went to securityfocus.com and tried to see if there is anything that I should be concerned about and found that there is indeed still an XSS vulnerability – http://www.securityfocus.com/archive/1/487656 inherently webmin does not fix all input through a common save method, and so there are spot-fixes here and there, but they missed the module download dialog.

By writing the following into the file dialog textfield (thanks to Aria-Security reporting this in the above page), I was executing javascript in my browser generated from the response of the server:

“><script>alert(‘Discovered By Aria-Security’)</script>

I presume it should be possible to craft a URL link that would execute javascript that silently adds a second root-account and communicates the ip address of the cracked server to a public place…

Generally I found the code of webmin modules to be rather convoluted and will probably not put more time into it for now…

extjs / php4 on standard rhel4 requires installing json

I was playing with the extjs lib http://extjs.com/deploy/ext-2.0.1.zip on a standard rhel4 apache/php4 setup, and was wondering why the examples that use the jason encoding routines where not working. After sorting out all the misleading information that google came up with about json requiring php5, I finally have the solution for php4, and it is very simple:

1. Download php-json-ext-1.2.1.tar.bz2 from http://www.aurore.net/projects/php-json/

2. Extract and install: tar xfj php-json-ext-1.2.1.tar.bz2 ; cd php-json-ext-1.2.1 ; ./configure –prefix=/usr ; make install

3. Edit /etc/php.ini and add the line “extension=json.so”, then do a service httpd reload.

voila, it works: test.php can now do json_encode($arrayname), and all the extjs examples that use json to provide data to the tree-container drag and drop examples like /var/www/html/ext-2.0.1/examples/tree/two-trees.html now work.

I just confirmed it also works with the newer ext-2.1. Now all I have to do is figure out how to create proper trees from dmidecode output 😉

save flickr – save yahoo mail

Microsoft is going to attempt to incorporate flickr and the other yahoo services into its portfolio.

http://blog.wired.com/monkeybites/2008/02/what-would-micr.html

 http://wow.jules.ca/jules-dot-ca/2008/2/4/microsoft-and-yahoo-what-happens-to-flickr.html

 http://www.linuxjournal.com/content/what-happens-if-microsoft-buys-yahoo points out that multiple important open source projects that are directly competing with microsoft technology like YUI

 http://bits.blogs.nytimes.com/2008/02/01/flickr-users-consider-their-potential-microsoft-overlords/

What can we do to prevent that?

Everybody buy yahoo shares to make it go up to $40 and vote against the merger?

Everybody pull their content out of flickr when the purchase happens?

If you have a creative and smart idea, please comment…