Building PasswordSafe for the Mac: Lion development hassles

I am doing some work on a Mac at the moment. On Windows I store passwords in PasswordSafe, an open source utility that works well, so I wondered if I could access my PasswordSafe database from the Mac.

image

I could have run the Windows version in Parallels, which I have just installed, but I figured a Mac version would be more convenient. I didn’t see a Mac build among the downloads, but PasswordSafe is cross-platform, so I downloaded the source to do a quick compile.

I was glad to find README.MAC.DEVELOPERS.txt in the PasswordSafe source and set to work. The first task is to download wxWidgets, a cross-platform GUI library, so I went off to download that. Ran the osx-build-wx script as instructed. Result: error message stating C compiler cannot create executables.

The problem seems to be that PasswordSafe expects GCC 4.0 but the latest Xcode installs GCC 4.2. The solution suggested here is to remove Xcode 4, install Xcode 3, and then reinstate Xcode 4. There are related issues concerning PPC fat binaries and older versions of the Mac SDK.

That solution seemed risky and ardous to me, and I remembered that I still had an old Mac Mini from which I was forced to upgrade in order to install Lion, the latest OS X. I hooked it up, removed Xcode 4, installed Xcode 3, and set to work again.

I get the impression not many people build PasswordSafe for the Mac. The first issue I discovered was that the steps in in the README.MAC.DEVELOPERS.txt don’t mention that after running osx-build-wx you also have to run make in order to build static libraries. That was easy though. The next thing is to load the supplied PasswordSafe project into Xcode and build.

I did that but got an error – the linker could not resolve SizeRestrictedPanel. The fix was to add SizeRestrictedPanel.cpp and SizeRestrictedPanel.h to the project. PasswordSafe then built and seems to work fine, on Lion as well as earlier versions of OS X, though there are a few cosmetic issues. You can see from the image that the caption for the New Database button is slightly awry.

If anyone wants my build, it is here. There is also a Java version, and some people have success with that on the Mac.

Mozilla to take on the cross-platform app challenge

Mozilla is facing an uncertain future. Its problem: basing a business (even a non-profit one) on being the alternative to Microsoft’s Internet Explorer is no longer sensible, given that Apple and Google are now doing this too, and even Microsoft is now investing in HTML 5. I discussed these issues in more detail here.

So what is Mozilla to do? Mozilla Chair Mitchell Baker has posted about a possible new approach, based on being the alternative to Apple for apps. She lists some of the problems with the current “app experience”. Apps are device-specific, require permission at many levels, and a few App Store owners (mainly Apple but also Google) control the business model and customer relationships.

Mozilla is proposing what I presume is a new app platform, which will be cross-platform and cross-device. Instead of discovering apps in a single app store, she envisages multiple providers and the ability to find apps in the same way we find web content.

In other words, if the old Mozilla was about freedom from Microsoft and allowing web technology to progress, the new Mozilla might be about freedom from Apple and allowing app technology to progress.

It is a bold vision and one that in principle would be welcome. That said, Mozilla cannot change the control Apple has over its platform, and its insistence that apps are installed only through its own App Store. Maybe she has in mind a cross-platform toolkit, or browser-based apps, or some combination.

Another snag is that whereas there was widespread dissatisfaction with Microsoft’s Internet Explorer back in 2004 when Firefox was launched, this is not the case with Apple and its app platform today. Apple’s App Store system undoubtedly has a dark side, but the user experience is good and developers are making money, some of them at least. Apple’s control over app installation and the constraints imposed on what apps can do are also good for security.

Nevertheless, having looked at a number of cross-platform mobile toolkits, from PhoneGap to Appcelerator Titanium to Adobe AIR, I can see both the significance of this kind of development and that there is plenty of scope for improvement.

Parallels Desktop 6 for Mac: nice work but beware Windows security settings

I’ve just set up Parallels Desktop 6 on a Mac, in preparation for some development work. Installed Parallels, created a new virtual machine, and selected a Windows 7 Professional with SP1 CD image downloaded from Microsoft’s excellent MSDN subscription service.

The way this works is that you install the Parallels application and the create a new virtual machine, selecting a boot CD or image. Next, you have a dialog where you select whether or not you want an Express installation. It is checked by default. I left it checked and proceeded with the install.

image

The setup was delightfully smooth and I was soon running Windows on the Mac. I chose a “Like my PC” install so that Windows runs in a window. The alternative is to hide the virtual Windows desktop and simply to show Windows applications on the Mac desktop.

Everything seemed fine, but I was puzzled. Why was Windows not installing any updates? It turns out that the Express install disables this setting.

image

It also sets user account control to an insecure setting, where the approval dialog does not use the secure desktop.

image

The Parallels Express install also sets up an Administrator account with a blank password, so you log on automatically.

No anti-virus is installed, which is not surprising since Windows does not come with anti-virus software by default.

These choices make a remarkable difference to the user experience. Set up was a pleasure and I could get to work straight away, untroubled by prompts, updates or warnings.

Unfortunately Windows in this state is insecure, and I am surprised that Parallels sets this as the default. Disabling automatic updates is particularly dangerous, leaving users at the mercy of any security issues that have been discovered since the install CD was built.

In mitigation, the Parallels user guide advises that you set a password after installation – but who reads user guides?

If you uncheck the Express Install option, you get a normal Windows installation with Microsoft’s defaults.

These security settings are unlikely to matter if you do not connect your Windows virtual machine to the internet, or if you never use a web browser or other Internet-connected software such as email clients. If you do real work in Windows though, which might well include Windows Outlook since the Mac version is poor in comparison, then I suggest changing the settings so that Window updates properly, as well as installing anti-virus software such as the free Security Essentials.

Book Review: The Book of Ruby by Huw Collingbourne

“The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to fall into,” says author Huw Collingbourne in his introduction to this guide to the Ruby language. He should know; he is co-founder and Technology Directory of SapphireSteel Software, which makes Ruby in Steel, an add-in for Visual Studio that enables Ruby development. He is also a technology journalist and writer of long standing, and specialist in explaining software development to a wide readership, and as you would expect this is a book with a clear and easy going style.

The Book of Ruby is a language guide. It takes you blow by blow through Ruby, starting at the beginning with strings, numbers, classes and objects. Despite Collingbourne’s background, there is little or nothing on tools, user interfaces, databases, or other development essentials; the focus is firmly on the language. There are plenty of short code examples but these are snippets to illustrate a point. There is a single chapter on Rails, the popular Ruby web development framework, but you have the sense that it is included because the author felt it had to be covered; it is the briefest of introductions and you will need another book if you want to know about Rails development.

A sharp focus on the language is a good thing, but it does make this a dry read, or possibly something you are more likely to dip into than to read end to end. You may find yourself thinking, “Remind me how Ruby does threading,” and read through chapter 17 on Threads to get a quick guide to threads, mutexes and fibers.

There are 20 chapters in all, with subjects including Arrays and Hashes, Loops and Iterators, Exception Handling, Blocks Procs and Lambdas, Modules and Mixins, YAML, Debugging and Testing, and Dynamic Programming.

Collingbourne knows his subject and if you are a software developer wanting to learn more about Ruby there is plenty of valuable material here.

That said, I have a couple of reservations.

First, I would have liked the author to tell us more about the why rather than the how of Ruby. Describing how a language works is all very well, but what are the things Ruby is particularly good for, and within Ruby, what are the techniques and features that make it a fantastic choice for certain kinds of development? What is the philosophy behind Ruby? I was expecting the author’s enthusiasm for Ruby to shine through, but it does not.

Second, the book is not long enough to be a comprehensive programming guide in the manner of David Flanagan and Yukihiro Matsumoto’s book The Ruby Programming Language (Matsumoto, or Matz, is the creator of Ruby). Nor is it suitable for a programming beginner, who is going to need more help with basic concepts than can be found here. In other words, it is not an advanced book, and it is only an introductory book in the context of someone who is already a seasoned developer, but not with Ruby. That is a narrow target.

On the other hand, I enjoyed the author’s pragmatism and direct, readable style. If you do fit the target readership, take a look; the Amazon links below include a complete list of contents and some sample pages.

 

Charlie Kindel leaving Microsoft

Charlie Kindel, Windows Phone 7 developer champion at Microsoft, is leaving to start a new company, though he is vague about exactly what it will be:

Charlie will be staying in the Seattle area building a new tech company. The new company will be in stealth mode initially but involves advertising, mobile, cloud computing, and youth athletics.

says the press release.

He goes back a long way at Microsoft, 21 years to be precise. Among the accomplishments he claims:

  • Built ActiveX and DCOM
  • Shipped Internet Explorer 3.0
  • Drove the development of the home networking features in Windows XP
  • Founded eHome and shipped the first version of Windows Media Center
  • Drove the invention of Windows Smart Displays and Windows Media Center Extenders
  • Was the driving force behind Windows Home Server.

I remember IE 3.0 coming out. Surprising though it may seem today, it was an impressive achievement, though history has not been kind either to ActiveX or to DCOM.

Real-world Microsoft Team Foundation Server: Not very good, says ThoughtWorks

I spoke to Sam Newman, who is European Continuous Delivery Practice Lead at ThoughtWorks, a software development company. Needless to say, we talked extensively about Continuous Delivery and I will be reporting on this separately; but I was also interested in his comments on Microsoft’s Team Foundation Server (TFS).  He told me that ThoughtWorks teams often end up working with it at their .NET clients, but it is problematic. In one case, he said, 6% of productive time was absorbed dealing with TFS.

What was the problem, performance, bugs, features lacking?

When we’ve looked at the problems we’ve had, a lot of it unfortunately comes down to the version control system. It’s not very good. It’s slow, you can’t do rollbacks, sometimes things go missing, you get locks. When we talked about 6% of time, they were things like waiting for a solution to expand in Visual Studio. A lot of those issues are in the version control system.

A frustration is that you cannot use TFS with any version control system other than its own.

Every other build server in the world, from Anthill to Go to Cruise Control to Hudson, you can put in at least 10 version control systems. In TFS they are all coupled. So you can’t take the version control and point it at Subversion. That might resolve a lot of the issues.

Why is TFS so widely used? It is because it comes in the box, says Newman.

I can’t think of a single client that wanted a tool, went out into the marketplace, and selected TFS because it is the right tool for them. Most clients use TFS because it comes with their Enterprise MSDN licence.

I have tried TFS myself and found it pretty good; but then I am just testing it on small projects as a solo developer, so it is hard for me to replicate the experience of a real-world team. You would have thought that performance issues, such as waiting ages for a solution to expand in Visual Studio, could be solved by tracing the reason for the delay; but apparently this is not easy.

This is anecdotal evidence, and of course there may be plenty of TFS installations out there that work very well; I would be interested in hearing of counter examples. I am also not sure to what extent the problems apply to all versions of TFS, or whether there is improvement in TFS 2010.

Newman recognizes that anecdotal evidence is not much use: he says ThoughtWorks is trying to collect some solid data that can be used both to discuss with clients making version control and build system choices, and with Microsoft.

Performance is a feature, and makes a large contribution to user satisfaction. The first release of Outlook 2007 was extraordinarily slow in some setups, and I remember the pain of clicking on a folder and then waiting tapping my fingers while it thought about expanding. It sounds like some TFS users are having a similar experience but in Visual Studio.

Amazon.com offers U2 band members for sale

The last throes of physical media for music has spawned the appearance of fabulously expensive box sets which include a little bit of what fans want – like rare concerts, outtakes or new surround mixes – and a lot of what they probably will look at once and put away for ever, like paper memorabilia, badges and trinkets. In many cases vinyl records are included. It is all in the box, so if you want that little something, you have to get the lot, even if you do not have a turntable.

An example is David Bowie’s Station to Station box set, currently £96.92 at Amazon’s UK site, which has badges, vinyl, cards and a fan club certificate, and is also the only official source for a 5.1 mix of Bowie’s classic album on DVD.

Another is the Who’s Live at Leeds 40th Anniversary Special Edition, which includes vinyl album and single, poster and book, along with the only release on CD of the Who’s 1970 performance at Hull. Originally released at around £80, it sold out and now commands high prices on the collector’s market.

Now it is U2’s turn, and the band or its label seem determined to out-do the others in both unnecessary packaging and extravagant price. The Achtung Baby 20th Anniversary Über Deluxe Box Set, due in October, is £329.99 in the UK or $588.57 on Amazon’s US site. You get a magnetic puzzle box, 6 CDs, four DVDs, 5 vinyl singles, 16 prints, a book, a magazine, badges, a sticker sheet, and a pair of sunglasses.

However, it seems someone at Amazon has a sense of humour. Check the last words of the editorial description:

image

Curiously those words do not appear in the UK description.

Delphi for Windows, Mac and iOS: screenshots and video of cross-platform development

Embarcardero is drip-feeding information about its forthcoming RAD Studio XE2 in an annoying manner; nevertheless the product does look interesting and promises cross-platform native code apps for Windows 64-bit, Windows 32-bit, Mac OS X and Apple iOS. I have grabbed some screens from a video recently posted by Embarcadero’s Andreano Lanusse; the video is also embedded below.

Here is Delphi XE2 showing a FireMonkey application in the designer. FireMonkey is a new cross-platform GUI framework.

image

Note the list of target platforms on the right. If you squint you can see 64-bit Windows, OSX, and 32-bit Windows.

image

How do you compile for the Mac? It is clear from the demo that Lanusse is running in a VMWare virtual machine on a Mac. He also has a Remote Profile option set to target the host Mac:

image

He then refers to a “Platform assistant” which you can see running in a terminal window on the Mac.  He is then able to compile and run from the Windows IDE:

image

Finally, he targets iOS, though this is a separate project, not just another target. The process exports the project to Xcode, Apple’s Mac and iOS IDE:

image

Next, we see the app running on the iPad simulator:

image

The ability to target the Mac is nice to have, but I suspect it is iOS that will attract more interest, given the importance of Apple’s mobile platform.

Here’s the complete video where you can perhaps puzzle out a few more details.

Update: there is also some Q&A in the comments here.

Graphics rendering is Direct2D or Direct3D on Windows, OpenGL on Mac. FireMonkey renders all components through the graphics API, it does not support use native OS components, though Embarcadero’s Michael Swindell says:

FireMonkey client area controls are rendered by OpenGL on Mac, but appear and work just like Cocoa controls – or however you want them to. There are many different Cocoa UI styles in OSX apps, and Firemonkey can render any of them – including iTunes, or Prokit which is an Apple UI style for Pro apps like Final Cut, not available to devs via Cocoa. Windows are Cocoa Windows and the client areas and all user controls are rendered by OpenGL in HD(2D) or 3D. Menus are std and rendered by Cocoa in the menu bar, and common dialogs are rendered by Cocoa. If the “true OSX” look isn’t for you, you’re welcome to use any included Style, download a custom style, or create your own custom style.

Swindell also addresses the matter of Linux and Android:

We do plan Linux and Android. But no eta yet until we get Win/OSX/iOS out. We would also like to provide language bindings for other languages.

Finally, a bit more about that Platform Assistant:

Developer requires a PC and a Mac (or Mac with VM running Windows). You will develop on Windows, and use the platform assistant (PA running on your Mac) to compile natively to your Mac and the PA handles debugging communication between the Mac and your IDE running on Windows. Delphi (or C++Builder) and Firemonkey create compiled stand alone OSX executables that you can sell/distribute to your users. They are native Mac apps. They “copy install” and run like any other Mac app, or you can use a Mac installer if you like.

PhoneGap is at version 1.0

I’ve just spotted that PhoneGap has reached version 1.0. The release was announced at PhoneGap day in Portland, on Friday 29th July.

I have spent some time trying out various cross-platform mobile development tools. PhoneGap is among the most interesting and popular, and is also open source and free to use. If you believe that using the browser engine as an application runtime is the most sensible route to cross-platform mobile applications, then PhoneGap is the leading contender. It wraps your application to look like a native app, and also provides ways to call the native API when necessary.

PhoneGap received a boost when Adobe built it into Dreamweaver 5.5. I tried it out and was impressed with the design environment, but I am not sure how serious Adobe is about PhoneGap since there is no documentation on how to package your PhoneGap app for release, and my post has comments from puzzled users. My solution was to export the project to Eclipse and the standard PhoneGap tools, which misses part of the value of having it integrated into Dreamweaver.

Adobe installs PhoneGap into the Dreamweaver directory, so another issue is how to take advantage of the latest version if you are using Adobe’s tools. Overall I would suggest that using the PhoneGap SDK and Eclipse is a better option, though there is no problem with bringing in Dreamweaver for parts of the design.

I interviewed Nitobi president André Charland about PhoneGap earlier this year.

Monitor your home when away: Jabbakam IP camera service reviewed

About to head off for your summer break? What may happen back home is always a concern; but if you want a bit more piece of mind, how about a live webcam view of what is going on in places you care about?

Of course you can easily purchase a security camera kit from your favourite electronic hobbyist store, but it is not a complete solution. Recording video to a hard drive is all very well, but what if the thief takes a hammer to it or even nabs it? Further, returning home to find two-week old footage of a break-in is of limited use compared to a live alert.

In other words, you need not only a camera but also a service. This used to be expensive, but does not need to be in the internet era. What about a cheap camera that sends images to a web site, enabling you to log in from anywhere and check what is going on? And how about an email or SMS alert triggered by motion detection?

This is exactly what Jabbakam does. The basic kit costs £59.95 and £5.95 per month, for which you get an IP camera and 14 days of video footage stored online. You can also use your own camera if you have a suitable one; the main requirement is that it supports motion detection, enabling the alerting feature, and reducing the number of images that need to be sent to the web service. More expensive subscriptions store video for longer; £13.95 per month gets you 90 days. SMS alerts cost extra.

Developed by a company based in Guernsey, the product is not so much the camera, but rather the web application and service. The camera itself is a simple but well-made affair, with a wall-mountable bracket and a swivel joint that lets you angle it. You can also adjust focus by twisting the lens.

image

Under the webcam are ports for wired Ethernet and power.

image

Given that the serial number starts YCAM I have a hunch it may be made for Jabbakam by Y-cam.

The camera must be wired to your broadband router. If you are on a business network you may have firewall issues; I tried on my own network and found it did not work behind the firewall, but have not investigated in detail.

So how about the service? I signed into Jabbakam and found that set-up was pretty much IJW (It Just Works). The camera was detected and I could view live images. Video is a slightly generous term, since each image is one second apart, and the quality is not fantastic, but gives you a good idea of what is happening. You can add additional cameras if you want fuller coverage of your home or workplace.

I also set up email alerting. This seems to work well. When the camera detects movement you get an email with a still image attached. Click the link in the email, and you can view the video. There is also an iPhone app that shows recent images. Advanced settings let you schedule alerts, for example to avoid having them active when you yourself are moving around.

image

Jabbakam is not just intended for security. The web service also has the concept of networks, which enable you to share your camera with others. The number is small at the moment, but I did see one called Birdboxes of Jabbakam which I guess is for ornithology enthusiasts.

There was one aspect of Jabbakam that I found troubling. A mash-up with Google Maps lets you see where cameras of other users are installed, and clicking on a camera gives you the name and address of the user and a link to send a private message:

image

I discovered that this information sharing is on by default:

image

This surprised me, as I would have thought that a typical Jabbakam user would be sensitive about sharing these details.

Finally, I should mention that Jabbakam has a RESTful API for developers, though the documentation is incomplete at the moment and the application showcase is empty. Apparently this is being worked on, so watch the space if you are interested.

A good buy? On the plus side, Jabbakam seems to me nicely done, easy to set up, and delivers what is claimed: remote video monitoring of any indoor location. The alert service is particularly useful, though this only works if the camera is pointing somewhere that should normally be motion-free. For example, pointing the camera at a car parked on the street outside your home might seem a good idea, except that the alert would go off every time someone walked by. I should also observe that the supplied camera only works indoors, so it would need to be at a window.

There are questions of course about the effectiveness of CCTV security. Blurry pictures of hooded figures may not do you much good in terms of identifying the villains, though the alert service could be an advantage.

What are the social implications if large numbers of people choose to stick surveillance cameras all over their homes? I am not sure, but it is a question worth reflecting on.

That said, for someone on holiday who would like the ability to check that everything is in order at home, this seems to me a neat and smart solution.