how cool is electron?

I’ve been working the past couple of days with Electron, a Node.js cross-platform desktop app tool which uses JavaScript, HTML and CSS to create what look like native OS-style applications for Windows, OS X and Linux.

electron_atomelectron

Cool stuff, indeed. Out-of-the-box, it looks like you publish your Electron-based app like you would anything on github:

git clone https://github.com/Somebody/Repository.git
cd Repository
npm install
npm start

But there’s also a way of downloading OS-specific images and then adding your own app into this subdirectory structure. The result is a stand-alone EXE and folderset which reasonably looks like a drop-in replacement for something you normally would build locally using Microsoft Visual Studio perhaps. In this version though, you’d run Electron.exe but there are instructions on their website for renaming your application, updating the icon’s, etc.

I’ve just used it today to build a basic music player. I wouldn’t say that the layout is as responsive as a typical mobile app’s ability to move content but I did tweak things so that it can squash down to a mini-player and it stills looks great.

mplayer

I can thank KeithIG/museeks for the open-source code behind this. They have several OS-specific downloads available if you don’t want to build this yourself.

Pros

  • This allows you to build cross-platform desktop apps in much the same way that you’d use Adobe PhoneGap, say, to build for mobile apps.
  • You code in the familiar HTML/JavaScript/CSS trilogy of disciplines and it’s Node.js centric. It is also React.js-friendly, as I’m finding on this project.
  • So far, it seems to be well-behaved.
  • If you don’t want others to easily see your code, there’s a step where you can use asar to zip-up everything into a tidy package.
  • I didn’t have to digitally-sign anything like you might have to for a Windows 10 application or for OS X, say.
  • For people who have git and npm, the install is as easy as anything you’ve seen in the open-source space and a familiar workflow.

Cons

  • Currently, I don’t see any support for mobile platforms.
  • The complete foldedset comes in a 216MB which strikes me as a little big for what it’s doing.  The app itself for the music player weighs in at 84MB of this so the remainder is everything that Electron is doing to present all this.
  • You would need to setup three different build sites to maintain a specific download for your own app.  (It’s not like PhoneGap in which you just submit the common code and Adobe builds it in the cloud.)
  • Given that you’re not digitally-signing your code, you might have to talk your users through the hurdles of having the user “trust” the content within their particular OS.
  • This might be so popular soon that none of us can really afford to just use Electron.exe by default to serve up our app; we’ll need to rename it before publishing, in other words.

Overall

I can see myself wanting to really learn this one deeply. It has a lot of potential for delivering a more native-app experience for users.

iphone without itunes

You know how Apple can be sometimes; they feel the need to control everything. So for a Windows-based computer, they want to force you to install the entire iTunes collection of software just so that you can get to your files on your iPhone. As an I.T. person, to me that’s just way too much software to be adding to someone’s computer setup.

Why not?

You might just ask “why not?”  Why not just install iTunes? One of the subtle changes that iTunes makes in terraforming your Microsoft computer for its own needs is to install a variety of software to make things more Apple-friendly.

For example, in an Apple-based network the Bonjour service allows lookups for printers normally but allows for almost any device to broadcast its existence on your network. The downside to adding a different printer lookup service is that you might have a number of printers already which broadcast via Bonjour and can now be seen by your computer this way.  And yet, you might not have a working Microsoft driver installed to make all this happy. The printer when added simply doesn’t work and yet it seems to work for everyone else on the network who didn’t install iTunes. Rule of thumb for success: don’t arbitrarily add services and things unless you exactly know the ramifications for doing so.

Rule of thumb for success: don’t arbitrarily add services and things unless you exactly know the ramifications for doing so.

The problem

If you simply plug in your iPhone into a Windows 7—based workstation you’ll see it download and install a default driver. Unfortunately, the Internal Storage section of this device won’t show anything in it.

iphone-no-driver-yet

The fix

Unbelievably, the fix is much easier than I’d imagined. Immediately upon tethering the iPhone the very first time to the Windows computer the iPhone will buzz twice (telling you not that it’s now charging but it’s trying to tell you that it’s displaying a notification).  The message is crucial to your success but Apple in its infinite wisdom doesn’t decide to wake the phone up for you.  You need to manually wake it up first to see it:

allowthisdevice

Select the Allow option here and suddenly Explorer will now present you with a DCIM folder, below this a 100APPLE folder which contains your images.

iphone-after-allow

Why is this considered a smartphone?

That’s a good question to ask. Why would Apple decide to block access to the phone on a Windows computer by burying its head in the sand when an important access message is being hidden behind a sleep state? I suppose they could suggest that if the phone is sleeping then the rightful owner may not be in control of it and that nobody should have access as a result.

But why not simply bubble that information up to Explorer with a dialog box so that the user will know the status? It just silently doesn’t see anything at all for the device.

If you read the many support threads on the Apple site nobody ever mentions such an easy solution. The reason of course is that Apple wants you to install all of their software on your Windows-based computer, too. The biggest reason is that the iTunes application is a shopping cart and you’re a consumer to them.

sexism in the codespace

Lately, there’s been a push to convince girls to learn how to be software developers. Inside these initiatives, the individuals who are part of the movement are attempting to empower people to achieve more with their lives. I would suggest that this is the best part of this new idea.

But what if you pulled back the curtain to reveal that there’s a secret business reason behind all of this outside these initiatives? What if big business is the real driving force here? What could they possibly want out of potentially doubling the workforce within the software development space? Obviously they want what they already have in the clothing industry: sweatshops.

“What could they [big business] possibly want out of potentially doubling the workforce within the software development space? Obviously they want what they already have in the clothing industry: sweatshops.”

sweatshopnoun

A factory, especially in the clothing industry, where manual workers are employed at very low wages for long hours and under poor conditions.

Think about it for a moment. Is Google [US$90B/year] such an Andy Griffith—friendly company that it wants to empower young girls to realize their potential… or does it want more profits?

Simple economics at work

The economics of supply and demand suggest that if you double the supply of software developers then the price for software development projects will reasonably be half. If Google can flood the marketplace with coders then the price for development should plummet as a result.

The following photo is a typical Nike factory. You might ask yourself why all of the factory workers are young girls. Well, they work for a fraction of the cost of their male or older counterparts in the workforce. And given what we know about dominance and submissiveness, young girls will more likely just do what you tell them to do without rebelling (against horrible working conditions, for example).

nike

Sexism

Imagine how you’d feel if suddenly boys and men were being “sold” this idea that they should be coding right now at the same rate that young girls are being advertised to. It would seem weird and creepy, actually. A quick Google search will show you just how many of these girls + coding websites, organizations and meetups have recently been spawned.

A great litmus test for sexism, racism or any “-ism” is to just change out the race and gender, for example. If the result sounds wrong then by definition the original was also wrong for the same reasons.

Examples from actual websites

Here, I make those changeouts to highlight what I’m seeing:

http://www.girlswhocode.com => http://www.boyswhocode.com

http://www.girldevelopit.com => http://www.boydevelopit.com

http://www.blackgirlscode.com => http://www.whiteboyscode.com

If the changed-out version sounds politically-incorrect then the original is by definition just as wrong.

Who to trust

So who do you trust at the end of the day? On one side you have a number of friendly-sounding organizations who seem to be working to make things better for girls and women. On the other side you have a collection of corporations who have a habit of maximizing their profits by using unsustainable working conditions.

Feel free to join the software development field regardless of your gender or race. Just don’t be fooled by big business into working in a coding sweatshop, if you will, because you’re desperate for work and because you lack the confidence that some of your co-workers possess.

what myspace’s mistake means to us

You might not have heard about this but someone internally back in 2006 stole a huge password file for all known Myspace accounts at the time. It would takes years for this knowledge to be known by Myspace themselves at which time they then forced a password reset for everyone on their site. In their minds at least, the problem was solved.

Unfortunately for the world, a much bigger problem was born.

Password hacking

Back in World War II, for example, what was essentially a form of hacking (decrypting encoded text) would actually mean the difference in saving lives, well at least for one side of the game. You could easily suggest that it also cost lives for those whose secrets were now known by the opposition.

In today’s war against cybercrime, identity theft, credit card fraud, espionage, stalkers, blackmail and such, there are people who wish to know your secrets.

Using a file which contains a dictionary of words and adding to this the available numbers and symbols, hackers have written code to auto-generate a password and then programmatically compare the results with something that’s stored in these administrative files. If things match then they know your password and then they can log into a remote website or system as you. If that website is your checking account or PayPal then the damage could be more than just your pride; you could actually lose money.

Password hashing

Most modern websites and computer systems don’t actually store your password. They routinely create something called a hash from it. So what’s actually available in the public domain now is a few hundred million usernames + hashes of their passwords.

Immediate progress

In no time at all, very nearly every single password from that list was cracked using these hacking programs. We’re talking at least 400 million passwords. And yet, still, people don’t understand just how very terrible it is to be us now.

What this really means to us now

Several things can be learned here from this second-generation database (now with the known passwords).

  • In this database is a known list of usernames that the Internet at large has used at one time. This alone should scare you. Hackers now don’t need to try 36^8 combinations of characters and numbers to try to generate what could be a username. Their search space just became a lot smaller.
    • Having a list of several hundred million usernames means that cryptographers can use something called frequency analysis to determine which characters are more likely to appear in the next username you might create.
  • In this database is a known list of passwords that the Internet at large has used at one time. I would suggest that the average user has re-used a single password at least ten times across most websites and computer systems which they use.
    • Again, cryptographers now may do frequency analysis on characters we use to create passwords. So they know that the lowercase letter ‘a’ is used 7% of the time, roughly. In other words, it’s no longer necessary to try perhaps 50^8 combinations of characters + numbers + symbols; they can now just use this database as a simple dictionary attack!  Four hundred million may seem like a large number but it’s very much smaller than 39,062,500,000,000 (39 quadrillion).

In other words, hacking passwords just got infinitely easier due to Myspace’s mistake.

Could it get any worse?

Yes, actually. With a database this large, someone could create an artificial intelligence program which could then describe how we humans generate them in the first place. Presumably, it would look for patterns in the same way that hackers do, for example, we are often faced with the challenge of creating a password that would make Microsoft’s websites happy.

From Microsoft’s website:  “Passwords must have at least 8 characters and contain at least two of the following: uppercase letters, lowercase letters, numbers, and symbols.”

So this AI program would then look at the database and announce:

AI computer program output:  “Humans are lazy and stupid therefore they will do the following…”

  1. The password will have a length of eight or nine
  2. The first will be an uppercase character
  3. The second thru sixth/seventh will be lowercase characters
  4. 30% of the time the next will be the number one, in 20% the next will be four, in 8% the next will be two, etc
  5. 40% of the time the last will be an exclamation point, in 30% the last will be an asterisk, in 10% the last will be an ampersand, etc

The bad part is that this would be correct for about half of the passwords on the planet. And the other half would probably be the 1337 (leet) version of this where someone thinks that they’re being clever by substituting in numbers which each resemble a character:

  • zero looks like the uppercase letter ‘oh’
  • one looks like the lowercase letter ‘el’
  • seven looks like the uppercase letter ‘T’
  • three looks like a backwards uppercase letter ‘E’

All this is the fruit of crypanalysis. It tells you how to make your problem easier by restricting the search space. But if it’s now easier for hackers it’s now much harder for us, the people who want to keep our secrets and our money intact.

What if we let systems generate our passwords for us?

There are many that would suggest that this is our future. We let the system auto-generate a seemingly-random password for us and then we store that somewhere. We’d then copy/paste that when prompted. In fact, I see this done within the I.T. administrative space and each person who does this probably feels secure.

And yet, someone wrote that password generator routine. What if this person “salted” 75% of the so-called randomness with a string of characters known only to them? The NSA routinely forces big business to build things like this into cryptography so that—for the NSA at least—the problem becomes infinitely easier.

The real problem is that we believe in the security of these systems and perhaps we simply should stop believing.

What do we do now?

The cost of running many computers (virtual or real-metal) keeps going down. The cost of terabytes of storage in the cloud is still expensive ($3,000+/TB) but there are people who have ten computers in their basement each with a terabyte drive.

In the past, the search space would have required perhaps 300TB of database space to “brute force” and store the combination of all possible passwords plus their hashes. The knowledge made available from Myspace’s mistake, once fully realized, now might mean that in practical terms somebody with 10TB of space could essentially own the actual password space we use.

I wish I had some practical advice for you. The only takeaway lesson from this is that we have to do something completely different when generating passwords or we have to stop storing our secrets and our money as we’re doing now.

og and the sensory-deprivation tank

Well, that was interesting. I had an opportunity this weekend to go visit a sensory-deprivation tank in Ocean Beach. Having recently watched a season of  Stranger Things on Netflix, the concept seemed cool enough: float in a body-temperature, salty bath without any lights or sound and you can go places in your head. (Sure, sign me up.)

For those of you who haven’t done this before, the chamber is about the dimensions of a king-sized bed, the ceiling in this case was something over 6′ high and the water came to just 12″ deep. They probably use epsom salts as the buoyancy agent so you seriously float in such a way that you’re not in fear of sinking at all. The cost for a 90-minute session was a mere $50 and since they only have a single tank at this facility and two employees, you kind of wonder how they stay in business. The entire process was a two-hour slot.

Feel free to Google-Image the term “sensory deprivation tank” but if the sight of nekked people bother you then make sure to cover one eye, maybe.

Sounds

Doctors would suggest that tinnitus is a malady characterized by a ringing sensation in your ears, say, because you went to too many rock concerts. Honestly, I hear that 24×7 and I don’t believe their reasoning.

In the tank, it was easier to focus in on different high-pitched tones. I don’t believe that these are/were a figment of the imagination. I would consider myself as someone with above-average hearing in the upper range. I normally sense (hear?) incandescent and fluorescent lighting and a lot of electric circuits, to be honest.

Lights

This was the most interesting aspect of the session. From the first moments in I could swear that I saw a red blinking light somewhere over my head but the actual position would change from time to time. This went away after a couple minutes, however.

Next, I began seeing something that is best described as…

Imagine that you take a large cylinder and use it to cut out some of the aurora borealis and then your head is falling backwards through this cylinder and you’re watching the vivid green and purple colors go by, only it’s the same whether your eyes are open or closed.

cylinder.jpg

With a little practice and perserverance, I was able to focus in such a way that I could get the purple color to reasonably fill my perspective with some black, almost silhouette-like cutouts near the bottom. But if I lost my focus and tried to make out the silhouette then I lost everything and had to start over.

Motion

After a bit, it was like my motion-detection abilities became confused. In biological terms, the inner ear is responsible for your sense of balance and the detection of movement (whether it’s linear or rotational). I’m guessing that we truly do rely upon vision as well to adjust the inner ear’s data because in the tank I had the following observations:

  1. I had a nearly continuous feeling that my body was shifting to the left.
  2. If I moved my (usually clasped) hands in different positions it would result in my body adjusting slightly higher/lower in the water, say, where my head was and yet… the feeling was as if my entire body was rotating 45 degrees in space.

With respect to the first observation, I later reviewed the placement of the building on a map, the orientation of the tank and my own orientation within that tank. It’s entirely possible that my body could feel the rotational movement of the Earth around its axis. If so, that would be really amazing. Note that in the northern hemisphere here we all move about 18 miles per second as our planet spins wildly in place every day.

Reviewing with their staff

I spoke with the people who ran the place afterwards and asked them what they experienced (not mentioning my own yet). The guy starts out saying “it’s difficult to describe but…” and then he made this round hand gesture with his fingertips and thumb together out in front of him and I knew immediately that he’d seen the same sort of light show that I had. We compare colors and they appear to be a common experience from others as well.

Ideas

You have to wonder if the observable phenomena is magnetic in nature (as in the magnetic lines of flux which are responsible for the way a compass orients itself) or if there is another explanation. Personally, I don’t think that this is something that’s merely imagined by the psyche. If that were the case then why do two different people see the same thing? So I think I can personally rule that out as an explanation.

It may be that our pineal gland (third eye) can “see” or otherwise detect changes in the electromagnetic field and then route these changes into the area of the brain where it normally just interprets what we see from our eyes. I think this version is more likely to be the truth since it would corraborate the claims of those who see auras, for example.

It’s not that far-fetched of an explanation to suggest that the pineal gland is useful in some way. Bats and whales can do echo-location with their particular physiology. Squids and chameleons have surfaces which can be changed at the pixel level to mimic their surroundings. Honey bees have tiny magnetic beads in their abdomens which they use to sense their orientation in the magnetic field. And it has been suggested by at least one person that the scarab beetle’s outer wings produce an electrogravitic effect to generate antigravity so that this over-sized bug can actually fly.

I would suggest that we have hidden capabilities which remain mostly dormant because we live in a world in which we have too many artificial lights and distractions most of the time.

despicable me—themed supercomputer

I gave a talk on Tuesday to an eager group of 155 attendees at the monthly SanDiego.js meetup on the topic of “Supercomputing in JavaScript”. I had an opportunity to show the new Raspberry Pi 3 supercomputer which I’d built and took it through its paces.

I think they mostly loved the audio events for assembling the minions and sending them to bed (shutting off the remote nodes). There was just enough time to also show the obligatory “Hello, Minions!” demo program to exercise the Message Passing Interface. I received a wide variety of questions and compliments from the group. And of course afterward, everyone who owned a Raspberry Pi came over to discuss their own projects, which was cool.

Here’s the PowerPoint presentation from that talk, in case you’re interested.

e-mc2 repository with step-by-step instructions

nostradamus, the java-killer

Oh snap! Did I not call this one in my earlier post from twelve months ago pre-dating their announcement?

Riddled with security bugs, an A-list of browsers disabling it by default and the smack-down from the Dept. of Homeland Security advising everyone to disable it, Oracle is licking its wounds in this war-of-the-big-boys.

“Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.”

Show me the money

There are some big players in the development platform space. And they’re up against the world of open source now and I’m sure that’s got them running a bit scared, even if they are huge in size.

showmethemoney

Each of these players is pushing their own ideas about how the future coder will do their job. At stake are monies in the advertisement space (search engines, for example); streaming and provisioned content (iTunes); as well as the very tangible aspects of software compatibility with their collection of products.  And of course, there’s Amazon, eBay and even Wal-Mart who each have their own ideas about all this.

Trust me, these players are obsessed at the moment with the world of open source and it wouldn’t be surprising to me if, say, Google or Apple were to buy out jQuery or MongoDB or even MySql. To own the tiny development company behind something like this is to own its future. Think about it, if you were John Resig of jQuery and Google opened up their checkbook would you roll over on the community and sell out? How many millions would it take before you did?

Strategy

I guess my advice is to learn and use several good platforms and keep them in your toolbelt, so-to-speak. But don’t embed everything you do with any single tool or you will find yourself obsolete as a coder.

In my past I’ve learned MS-DOS, assembly language, BASIC, ARCnet, WordPerfect, NetWare, the earliest Microsoft Windows, Token-Ring, OS/2, Ethernet, Borland Pascal, C programming, etc, etc, etc. As indicated though, some of these skills are no longer useful so it’s important every month of your career to look for the signs of a dying technology. The way I do this is to follow the big money, watch these “poker players” for any tell-tale signs that they’re about to make a bold move. Obviously, most of the big players didn’t like Java and it was only a matter of time. If you were cynical you could even imagine Microsoft paying security companies to find and publish Java-related flaws.

Read more

Oracle says they’re pulling Java • Oracle’s blog entryAn embarrassing/deleted blog post from Oracle’s CSO

puppy farms and programmers

You’d think the two topics wouldn’t be related but you’d be wrong.

pup•py farm

noun derogatory – also “puppy mill”

“an establishment that breeds puppies for sale, typically on an intensive basis and in conditions regarded as inhumane.”

How on Earth could a puppy farm be related to software developers? Everyone loves puppies and everyone loves new software developers. Each are enthusiastic, energetic and fun to be around.

The ASPCA indicates that there are an estimated 10,000 puppy farms in the U.S. today. A recent survey published on coursereport.com indicates that the “coding bootcamp” market is growing by a factor of about 3 x per year. Their estimate of the average tuition price for these coder factories—if you will—is about $10k for the nation. The high-end cost of these camps is $20k, however.

Like those puppy farms, these code bootcamp businesses are wooing people from a variety of career fields with the promise of a job in the software development industry. As someone who’s been a long-time programmer I could suggest that the software development industry as we knew it crashed in the year 2000 and has not recovered yet. The reason? It crashed because the nation suddenly outsourced work overseas; suddenly, there were too many coders for the number of available jobs.

“…the software development industry as we knew it crashed in the year 2000 and has not recovered yet.”

And yet, we have monied corporations like Google who seem to be wooing children with programs like Made w/Code. And then there’s Hour of Code which is targeted to everyone of all career fields. The latter indicates that they have over 160k events around the world they’ve sponsored and tens of millions of students.

I’ll be the first to admit it: puppies are awesome. But when too many puppies are bred they end up hating their lives, often ending up in cages or at the dog shelter.

“We can’t all be heroes, because somebody has to sit on the curb and applaud when they go by.”

~ Will Rogers

I suppose there’s some wisdom in that Will Roger’s statement but where do you draw the line? As an existing programmer I can’t suggest that someone else also can’t choose this as a career field. That would be a similar (faulty) argument from U.S. citizens whose ancestors migrated to the states and then they themselves are against immigration since the country’s now too populated.

As the number of programmers increases, the natural laws of supply and demand kick in. In the graphic below, think of the number of programmers to be the Supply, the green line and we’re seeing a rapid increase in that number. The red Demand line should then be rapidly going down in response which has at least two results: there aren’t enough jobs and the price for software development will dramatically be less.

supplyversusdemand

So are these coder factories telling the truth to their students when they suggest that their certificate can land them a six-figure salary? No. The days of making $100k/year writing code are over thanks to the unending influx of new coders.

Possible solutions to the problem

  1. Give away a free puppy to every new coding academy graduate
  2. Kill all coders over the age of 24 across the planet
  3. Prevent companies from buying off-the-shelf software or from using open source
  4. Make Github pay-per-view

Final thoughts

I don’t want all this to seem like I don’t like or appreciate new coders. I love coding and I wouldn’t deny anyone else the right to do so. But when I got my start there were literally no jobs programming so we did it merely for the fun of it.

So my advice to the new coder is: do it merely for the fun of it, don’t think that you’ll land a paying job. And when eventually someone sees you having so much fun at what you love doing naturally, they’ll finally offer you a job and you’ll get to code in such a way that they’ll effectively remove great amounts of that fun from the activity. But at least they’ll pay you for it.