Feb 2013

Scottish Darlings

My Dad’s been working on family genealogy. One of my ancestors — George Darling, born 1615 in Midlothian — was sent to America by Cromwell. Dad writes:

The 3rd Civil War (1649-1651) pitted Scottish backers of Charles II against the English led by Oliver Cromwell. On September 3, 1650, Cromwell seized on an unexpected battlefield opportunity at Dunbar and destroyed the opposing Scottish Army taking an estimated 5,000 prisoners…

After being pronounced guilty at his “trial” in London, George was indentured to John Bex (Beax) and Company and sent to serve at the Lynn Ironworks in Lynn Massachusetts for an 8-year term of bondage…

One wonders, given his age in 1650, whether George didn’t leave an entire family back in Scotland? Did he have a wife and children in Midlothian? We’ll probably never know for sure, but we do know the families of the captured Scots never knew exactly what happened to them. They were not informed if their sons and husbands had been captured or died on the march back to London. They were never told whether their loved ones had been shipped an entire world away.

Anyway — if you’re a Scottish Darling, I can tell you what happened to George.

Stop When It’s Time to Stop

Dave Winer reminds me of a lesson I’ve learned and forgotten and re-learned a zillion times: stop programming when it turns into a slog.

The funny part to me is his description of his schedule — not because it’s funny but because it’s so unlike mine:

Finally, you give up after a couple of hours of spinning your wheels, eat some dinner, watch a little basketball, have a glass of wine, read a little and crash for the night.

I usually start programming in the afternoon and work after dinner. I’ve learned that that’s when I’m at my best: awake and relaxed, free of distractions, with a quiet mind.

But still, I don’t go on to 1 or 2 or 3 am anymore. I used to. These days I stop around 10 pm — 11 pm at the latest — no matter what.

Security bug?

When Twitter was recently hacked, I was among those who got an email saying I was affected. So I changed my password.

But here’s what I’ve noticed: changing my password does not cause any of the Twitter clients on my iPhone to ask me again for authentication. They just keep working normally.

So here’s the scenario I worry about. I don’t know if this is accurate or not, or if it applies only to Twitter or is a more general OAuth issue.

  1. Somebody gets my Twitter password.

  2. They login using the same client I use, but on their iPhone. The client starts working.

  3. I change my password.

  4. They’re unaffected — that client continues to work on their iPhone, just as it does on mine.

Is this true?

If so, I don’t like it.

Update 5:50 pm

I should say what bothers me.

Yes, I can go into my Twitter settings and revoke access to any one or more apps. And: I’m a developer, and I’ve written OAuth client code — I’ve even written Twitter-specific code.

But here’s what normal people think: I’ll change my password and everything will be okay.

And I admit to having changed my password recently and been surprised that my Twitter client kept working, even though I should have known that it would keep working (had I thought about it).

Here’s the first paragraph of that email Twitter sent to a bunch of folks a couple weeks ago:

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.

Which would lead a normal person to believe that resetting your password would prevent other people from accessing your account in any way. But it’s not true, not if they’ve already accessed your account.

That email also says, near the end:

Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don't recognize, click the Revoke Access button.

That’s good advice. However, if somebody else is using the very same client I use, or a client I used previously, I won’t see any apps I don’t recognize. (It could be a long list of apps, all recognized.)

I understand that OAuth is a security win in some ways. But implementors should, I think, be mindful of what normal people expect — which is that changing your password locks out every app until you re-authenticate.

Cocoa to HTML

Intel has a tool that “helps mobile application developers to port native iOS* code into HTML5, by automatically translating portions of the original code into HTML5.”

I don’t know why.

Searchpath

Manton Reece just announced Searchpath:

It’s search for your web site or blog with an innovative “popover” UI. Simple, fast. With better control of your search results, and no need to link to Google or show ads to your readers.

Sounds cool.

Interview with Me

David Smith interviewed me for his Developing Perspective interview series: The Village Toymaker.

RSS Sync Apocalypse Preview

Google Reader has been having some issues.

Here’s the thing: a bunch of RSS readers rely on Google Reader for syncing — but Google Reader is not a syncing service, and its APIs are undocumented and unsupported.

TechCrunch describes Google Reader as “benignly abandoned” — which, for native RSS readers that use it, is worse than actual abandonment, because broken syncing is worse than no syncing.

My friend Jake asks if Google could spin off Reader. My guess: it’s not worth their time to pursue. What they’d get for it isn’t worth the time to consider it. (And that’s before you factor in the difficulty of transferring it.)

Google has learned to focus, and they’re doing some great work. (I especially like Google Maps for iOS.)

Part of learning to focus is learning how to shut things down. Google has done well at that — but I’m surprised that Google Reader hasn’t been shut down yet. Better a clean shut-down than an ungraceful end.

Yet More on iCloud Core Data Syncing

The MOApp weblog:

It may work most of the time. Until it doesn’t. Without any chance to understand why. Your users will blame you and I don’t blame them.

(Via halfliterate.)

With this issue I used to just worry about my friends shipping their apps. Now I worry about the entire ecosystem. Mobile apps require syncing.

There are three things Apple could have done:

  1. Not provided a syncing system.

  2. Provided a syncing system.

  3. Provided a syncing system that doesn’t work.

Of all the options, #3 is the worst, because it leads developers down a bad path, and because it makes users expect developers to use that syncing system.

Things That Are New

The last time I was an indie developer was 2002-2005. It’s interesting (to me, at least) to note what’s new since then. A partial list:

  • iPhone
  • iPad
  • App Stores
  • Twitter
  • Facebook
  • git, Mercurial; GitHub, Bitbucket
  • Stack Overflow
  • The podcast renaissance
  • Dropbox

It’s not like I was asleep the whole time, but I do feel a bit like a Rip Van Winkle. (I also feel like a Pappy Van Winkle.)

There’s never been a better time to be an indie developer.

Indie Life Day Three

It’s day three of sitting at my computer as a returned-to-indie-life developer. Here’s what I’ve noticed so far:

  • I get eight hours of sleep.
  • My calendar is suddenly very much not full. There are many expanses of days with nothing on them. (No meetings; nothing about when co-worker X is going on vacation.)
  • I still have trouble writing code until after dinner. I think this may be a temperament issue more than a scheduling issue.
  • But I’m enjoying writing code more than I have in a long time.
  • And I’m super relaxed. Zaphod-level relaxed. I chalk this up to happiness.

What I Love About February in Seattle

Any day now — maybe even today — I’ll see my first crocus of the year.

How I Work with Other People These Days

I no longer work on Glassboard, and don’t get any benefit at all if you use it.

So I feel totally comfortable telling you that I use it all the time. I do.

I have a few projects going with other people. Some are software projects and some aren’t. Here’s the mix of apps we use:

Back in the ’70s and ’80s I was obsessed with hi-fi systems. In those days there were lots of all-in-one systems: tuner, amp, turntable, cassette deck, and speakers. (Sometimes the speakers were detachable.)

But those were the crappy, cut-rate systems. A real audiophile would buy separate components — the best components they could afford — and create their own system.

What I like about this mix is that we could swap out any part of it — GitHub instead of Bitbucket, for instance, if we liked it better. Just like buying a better tuner.

* * *

Note one thing not on the list: nothing real-time. No chat, no irc, no Skype.

If you’re a larger company like Omni or Black Pixel, a full-time chat room might make sense. But for groups of two or three people, when is everybody in front of their computer and in a state where they could be interrupted? Not that often.

Also not on the list: shared calendar. That may need to change, at least for some of the projects. I find shared calendars a pain. (I have a hell of a time figuring out how to make Google calendars work, at least.)

Gone Indie

I have some cool personal news: I’m restarting Ranchero Software.

Yesterday was my last day at Sepia Labs. We had a great team and I loved working on Glassboard — and I remain a Glassboard user. I rely on it, even.

And even though I’ve left, I trust the team to continue to do the right things. Everybody at Sepia Labs shares the same vision. (Privacy. No ads. Nothing creepy.)

But it was time for me to return to my natural habitat as an indie developer.

I feel like the not-quite-domesticated dog who’s been given to live on a farm. Tell the kids I’ll be happier there — tell ’em how I’ll chase rabbits and sleep in the sun and run off into the woods whenever I want.

* * *

I’m working on cool new things. It’s too early to talk about the things — but I can talk about my goals. I have two:

  1. Make great software on my own.

  2. Make great software with other people.

The first goal is a given — the second one is interesting.

I’ll turn 45 in a couple months. I realized that the next 10 years of my career will be the highlight: partly because the app world has matured so much, and partly because I’ll be at my personal best. (And maybe it’s really the next 15 or 20 years.)

I’d hate to look back and regret not getting to work with talented people. There are so many, and I’ve found that I love working with other people.

* * *

I am ridiculously, staggeringly, over-the-moon excited.

P.S. Gus Mueller — President of the Internet — proclaimed that this is National Indie Developer Day.

Archive