Dave Winer rethinks auth
Dave Winer proposes a simple solution to revoking authentication in web services:
"Now imagine that Twitter had a page that showed all the IP addresses that have used your login in the last 30 days, with a start date for each and a count of calls made. I bet you could figure out which one was The Greasy Spoon Group, pronto. Further suppose there was a checkbox next to each IP address. You could uncheck that one, click Submit, and voila, no more spam from your account."
There are important things missing here, such as not sharing your credentials, but I have to admit I do like the simplicity. If the hostnames were grouped by user agent, the UI wouldn't even be half bad. If nothing else, maybe this will light a fire under OAuth implementors to get moving. (And I count myself in that group too, since I'm involved with some services that need OAuth pretty badly.)
If you string together tweets from Alex Payne, it makes for an interesting narrative about OAuth too.
January 5, 2009 12:09 PM [link]Dan Benjamin turns it up
Dan Benjamin did something interesting several weeks ago: he took his popular blog Hivelogic, where he's been posting since 2001, and rebranded the content under a new domain, danbenjamin.com. Apparently that was just the kick he needed to get even more serious about blogging, because he's been on a roll lately.
A couple of my favorite recent posts over there include Apologize and Fake Amazon. The latter is a must-read that finally puts a name to what may be the beginning of the end of the Amazon we all know and love:
"By offering these services, Amazon has created a gigantic marketplace, while simultaneously making even the most obscure or hard-to-find items available to anybody. Just type some text into Amazon search, and you'll get results. Lots of results. Too many results, it seems, even for Amazon."
I've also been enjoying the Tack Sharp podcast, even though I hope to never pay more than $300 for a camera.
January 4, 2009 05:00 PM [link]Mike Ash on private APIs
Mike Ash has been rocking with his weekly Friday Q&As. From the latest about using private APIs:
"Remember that the cost is not just to you, but to your users. If you're really unlucky the break will be so bad that it's not even obvious that it's your fault, and they'll figure it out only after much head-scratching. Once they do figure it out, they will hate you if your fix doesn't come really fast."
My new app (not officially announced yet — more later) currently uses Quick Look as a significant part of the user interface. Quick Look is a private API on 10.5, but my hope was that surely it would be made public by 10.6. If I coded correctly for both cases (I have a 10.6 seed running here I can test against), then I could safely release the product and be reasonably certain that nothing would be break.
I'm now rethinking that, both because it looks increasingly like Quick Look will remain a private API even in Snow Leopard, and because I've gotten feedback that it's not a perfect fit for how I'm using it anyway. At the very least I will turn Quick Look into a secondary option, something that wouldn't be missed if it went away, and roll my own preview UI to be the default.
January 3, 2009 09:01 AM [link]Rails 4 years later
Blog archives don't lie. It's been nearly 4 years since I first blogged about Ruby on Rails. (Three years and 10 months, but I'm not patient enough to wait until February to post this.) Here's a portion of what I said back then:
"But the PHP people will switch, easily, and with the apparent momentum of Ruby right now, maybe it's already happening. Forget the enterprise for now. Rails is a perfect fit for anyone who develops for the web on its own terms, and the people behind apps like Basecamp, 43things, and the upcoming Odeo match that profile."
In that time I've increase my use of Rails. At VitalSource we have a bunch of Xserves running Rails applications. Mac developers have embraced Rails in the form of PotionStore. Cheap shared hosts have been replaced with virtual servers, many with an emphasis on Rails hosting.
The community is huge now. What's not to like?
Plenty! Here are my top gripes about Ruby on Rails.
Deployment. Ask anyone — even its biggest fans — and they will complain about deploying Rails applications. This stems from two points: the overhead to initializing a Rails application, meaning multiple instances have to be fired up and ready, unlike PHP which can process a script at a moment's notice; and the path of ever-changing deployment strategies littered with the corpses of FCGI, Mongrel, Passenger, Thin, and more.
Upgrades. Rails matured quickly and is constantly improving. That's great for features, great for best practices, and great for a clean API. The downside is that methods and entire chunks of the framework are deprecated and removed every major release. Forget about backwards compatibility. If you aren't reading the blogs and keeping up with the latest changes, you'll pay a price when it comes time to upgrade your application.
Attitude. David Heinemeier Hansson and the Rails core team have been outspoken in their lack of concern for end users. It's because Rails is not actually a product. It was released and is open source to benefit the community and to grow the framework, but average developers should have no misconception that anyone with Git commit access is looking out for their application. I have great respect for Hansson, as well as the other high-profile developers of Rails, but it helps set expectations to underscore that Rails is not a supported product.
Java. Developers new to Rails generally come from the two other most popular web development languages: PHP and Java. Many leaders in the community come from that latter group, some of whom I count among my friends. Chad Fowler, in his interview with Pragmatic, spoke to the baggage that developers bring to a new platform. I think some of this baggage from a more "serious" architecture is leading to new complex abstractions, such as Capistrano. Whether fair or not, I also largely blame the Java developers for using tabs-as-spaces, which is evil. ;-)
Extensibility. The Rails team wisely made a conscious effort to limit the number of features in the core of Rails, instead preferring new optional features to be implemented as gems or plug-ins. The problem is that there are limited hooks to extend the framework. Ruby is great at dynamically extending classes that weren't designed with extensibility in mind, but there is no gaurantee that one plug-in's monkey-patch will continue to work in future versions. Ironically, merging Merb into Rails 3 will bring better supported APIs for plug-in authors while no doubt breaking a bunch of old stuff.
Speed. I put this one last because I don't actually think it's as big of a show-stopper as many people think. Still, it's true that Ruby is one of the slowest languages out there, falling behind Python, Perl, PHP, Java, and enormously behind compiled languages. ActiveRecord is great, but it also makes developers lazy and requires tweaking the defaults to achieve the same performance as hand-rolled SQL. Projects like Rails Metal look very cool, though, so that's a good sign for the platform.
Even with all these critiques, there is something special about Rails and I will continue to use it for many applications. But at the same time, any shame I used to have at using PHP is gone. If I need to do something simple, I will use a simple solution. As a sort of backlash against my frustrations with Rails, I built everything that powers Riverfold (order processing, admin interfaces, the Wii Codes application and Twitter services) off of PHP.
January 2, 2009 05:45 PM [link]Sita
As we start 2009, I continue to be inspired by what independent artists and developers are able to create with limited resources. Here's one example.
Roger Ebert recently posted a thoughtful review of animator Nina Paley's independent feature Sita Sings the Blues. Paley is still in a small bit of copyright trouble with the songs and is trying to creatively find a way out. The copyright problem was news to me. I subscribe to Paley's blog but haven't been keeping up with it lately.
Early in 2008 I invited Paley to screen her films at STAPLE!, but she was busy finishing Sita and preparing for its premiere in Europe. She has some great older shorts too, including one of the first Flash to QuickTime animated shorts I remember seeing, Fetch, which was linked years ago off Hotwired's defunct animation site.
(Speaking of STAPLE!, Stan Sakai will be our guest in March. If you are in the Austin area, please stop by.)
Sita Sings the Blues will find an audience eventually. I gave some money as Paley was soliciting donations to finish the feature, and I know I'm not the only one inspired by what she's created. Making an indie feature film is an amazing accomplishment.
January 2, 2009 05:11 PM [link]The Wii fad, 2 years later
Video game console sales numbers for November are in. Two years after the Nintendo Wii was introduced — you know, the console that was derided as a gimmick, a fad, just a faster GameCube — the little white console still outsells the Xbox 360 over 2 to 1. It outsells the PS3 over 4 to 1. (Here's a 4cr post with official numbers.)
The doubters were so wrong about this one. The fans and industry experts who were quick to sell Nintendo short kept waiting for a fail that never happened. If you go into a Best Buy right now the video game section is completely owned by the Wii and DS.
Not everyone can take a risk and have it pay off so well, but it's at least important to acknowledge that conventional wisdom and focus groups (what "everyone" knows) would have doomed Nintendo. The trick is being able to tell when you've got an idea that is truly special, and not just something you are clinging on to out of a stubbornness to be different.
In related news, I imported a Nintendo DSi from Japan last month and it's a great rev to the portable system. It would be even better if I could read Japanese.
December 14, 2008 01:03 PM [link]The 99-cent message
Forget the developer perspective for a minute. Even as a user I find the race-to-the-bottom iPhone price drops completely maddening. I've bought apps for $5 and $10, and now many of those prices have either been cut in half or lowered to 99 cents. I felt like I got my money's worth at the higher price, so I'm not complaining that I was ripped off. Instead, I just feel like a fool.
But I've learned my lesson. The message from developers could not be more clear. Apparently the way to buy iPhone software is just to wait a month for the price to drop.
I realized this week that I don't consider myself an iPhone developer. Technically I've paid my $99, but I've scrapped all my ideas except a prototype I'm working on for VitalSource, and even that I expect someone else to finish and bring to market. If I was an independent iPhone developer I'd be furious at the instability of pricing on the App Store. Even to users it looks like chaos.
December 12, 2008 10:15 PM [link]Small icons
I mentioned on Core Intuition episode 11 that I've been having fun making small icons for my new app. Here are a few partial screenshots:
Some of these are just pixel-by-pixel drawings, with slight gradients in places. For other parts of the user interface I used vectors in Photoshop, which gives a nice anti-aliased look that is important for some types of shapes, but for really small icons and widgets it's pretty satisfying to just poke at things fat bits style.
Gus Mueller pointed out that I should be using PDFs or drawing them in code to be ready for resolution independence. He's right of course. Maybe Apple will announce a device at Macworld that will make that task seem more practical.
December 11, 2008 08:02 AM [link]Family packs
I rolled out "family pack" pricing for Wii Transfer over the weekend. I had to make changes to my custom PayPal integration scripts to support it, and I also modified the product page to use a simplified checkout (no standalone store page). Pretty straightforward.
I was less sure about pricing. A quick survey of other Mac developers yielded results like these (normal price / family price — all of these are for 5 users):
Radioshift: $32 / $59
Yojimbo: $39 / $69
Hazel: $21.95 / $39.95
iLife: $79 / $99
Bento: $49 / $99
TextExpander: $29.95 / $44.95
MoneyWell: $39.99 / $69.99
Additionally, some companies don't have a family pack, but offer discounts for multiple copies:
Acorn: $49.95 / 2+ (20% off)
On The Job: $24.95 / 2+ (20% off)
BusySync: $25 / 5+ (10% off)
Transmit: $29.95 / 10+ (10% off)
So 5 copies is the standard for family packs. My original idea was 3 copies for $29, so I threw that out. Five copies for only 50% more seemed way too cheap, especially since Wii Transfer is already the least expensive software of any company I found. True, this is "free" money — most customers don't buy more than 1 copy anyway — but on the other hand they are getting 5 separate serial numbers. Unlike Apple's iLife (which has no serial numbers), or Radioshift and BusySync (which allow a special serial number to be used on multiple computers), Wii Transfer's URL bookmarking feature requires each copy of Wii Transfer to have a unique serial number to identify the computer.
I think customers buying a family pack are exceptionally honest. They are going out of their way to do the right thing. But at the same time, it needs to be a fair enough price that I'm not losing anything if a few customers decide to share their "extra" serial numbers with a friend.
In the end I settled on $39 for the 5-copy family pack, essentially double the normal price of $19. The Bento pricing model convinced me that it was doable, even if percentage wise it's slightly higher than other products. I'll be watching stats over the next month to see how well it works. Decisions are temporary. I'm not afraid to change the family price or drop it altogether if it doesn't meet my expectations.
October 27, 2008 11:02 PM [link]Slow-growing trees
We planted some trees in our front yard recently. They take decades to grow, and we are under no illusion that they'll provide meaningful shade before our children have families of their own. It's easy to say: "Why should I bother? It will take too long before we can see results."
But it's like anything — the sooner you start, the less time you have to wait until that thing is mature.
If you procrastinate forever, just because you won't see results anytime soon, you'll find yourself looking back 10 years later and wishing if only I had just planted that tree / started that new software project, it would have been done by now.
In other words, don't let the weight of potential work stop you from doing the right thing.
October 20, 2008 02:48 PM [link]Campaign Monitor
Last month, on the 7th episode of Core Intuition, we talked about promotion. In particular I had good things to say about Campaign Monitor, and the folks who built it heard the episode and wanted to ask a set of follow-up questions to use on their own blog. That mini-interview with me about how I used the service is now online.
In closing out that blog post, Mathew Patterson of Freshview suggests a couple things I agree with, including sending a newsletter more frequently than once a year. In fact I would love to send another one soon, to link up a survey to get some more information about why customers are purchasing Wii Transfer.
Unfortunately my hands are tied with yearly. When I put together the Wii giveaway promotion, I specifically told users opting in that it would be about once a year. I did this to encourage people to sign up without wondering if they would be spammed all the time. And also, I doubted that I would have the time to send a newsletter much more often than every year. So it's not ideal, but there it is.
Since then we've recorded 2 more shows. The latest Core Intuition hits the lifting of the NDA, the iPhone Tech Talk Tour, and Apple's stock price.
October 15, 2008 11:54 PM [link]Favorite essays
The best essays are the ones that contain some truth or insight that doesn't go out of style months or years later. As I return to regular blogging (12 posts in September compared to about the same number of posts between all of May through August), I sometimes stumble upon older posts that have held up pretty well.
Here are 10 of my favorites over the last 6 years with brief comments on why I like them. If you've only recently started reading my blog, maybe you'll find one of these interesting.
Understanding Comics, January 2003. Probably the first of several essays where I write about art and software. Since I wrote it, Scott McCloud has finished his third book on comics.
Perfection, August 2005. Doing our best work, inspired by Tufte and the golden age at Disney.
Set unreasonable deadlines, December 2005. Code more in less time, three years ago, but still very much inspired by 37signals. I like how this post mentions my favorite animation autobiography.
Limitations in toys and software, January 2006. I connected LEGOs and toy utility with user interface design in this one.
Smart software bloat, February 2006. In a general sense, how to add features without burdening the user interface. Discoverability in context.
Mediocrity is the new application platform, March 2006. About web, native, and hybrid applications, and when to choose one or the other.
Customer support, February 2007. Sparked by a post from Ryan Carson, I write about my own experience with Wii Transfer support.
Bush veto, November 2007. I'm pretty sick of partisan politics right now, a month before the election. This post reminds me of the passion I had just a year ago.
Fancy-pants productivity, March 2008. A little bit of a rant, reacting to the opinion that code must always be beautiful.
Ollie Johnston, April 2008. Where I comment on the death of a master animator. I should re-read this one every year.
October 8, 2008 03:09 PM [link]Passion and Paul Potts
The other night I was digging around in other people's old blog posts, catching up on things I never read but should, and I found this gem on Seth Godin's blog.
Watch it on YouTube and then come back here.
Maybe the video and show is old news to everyone else, but I was stunned. A seemingly unremarkable man, by his own admission lacking confidence, the judges and audience clearly expecting the worst, expecting humiliation.
And then he is transformed. He nails it.
I consider myself reasonably competent, but not great, at what I do. My weakness is that I have my hands in too many unrelated projects to ever master one thing. The areas I am most passionate about receive a cruel pittance of attention. Not so with Paul Potts.
It's inspiring to see someone who is just freakin' good, rising above expectation out of a bland job to surprise and overwhelm everyone around him.
Oh, and the nice thing about discovering this video late? I can fast-forward to the finish. Here's the winning performance with some additional backstory.
October 4, 2008 04:49 PM [link]Gruber on The Fear
I don't link to Daring Fireball much anymore. Everyone who cares about the Mac and reads my blog, also likely reads his. I will link or write about obviously redundant topics that everyone else is also writing about only when I feel like I can add some kind of value. I felt that way with my short NDA post, putting it in the context of customers.
But John Gruber's latest, The Fear, is just too good not to link to. Many developers and professional bloggers can write passionately about rejected iPhone apps, but no one connected that to the default dock and its significance in the original device introduction by Steve Jobs. Whether the theory is true, we may never know, but man is it a good read.
October 2, 2008 11:17 PM [link]NDA and overnight optimism
Last week I blogged about my experience with a late Amazon order, commenting that I was a happy customer again after they apologized. Even after being mistreated, customers will forgive everything if only the company does the right thing in the future. It's the same way an angry customer will fire off a support email rant but then become an advocate for the company if the company responds quickly and honestly.
Thank you, Apple. Lifting the NDA has turned the whole developer community into optimists overnight.
October 1, 2008 01:55 PM [link]
