Tag Archives: The Guardian

Now, 2011, is a great time to move into Windows Phone development

Earlier this week, over at The Guardian, Matthew Baxter-Reynolds essentially asked the question: Where do the Windows Mobile developers go now?

Except that the article was actually called Why Android is the natural alternative to Windows Mobile for developers. The strapline for Matthew’s article added a little more meat to that statement: “When Microsoft killed off Windows Mobile, it left would-be developers with experience in its tools who wanted to build ‘line-of-business’ apps with a problem: what could they target?”

Matthew’s article covered many topics. It touched on:

  • fabrication of Windows Mobile and Android devices
  • line of business application development using the iPhone, Android and Windows Phone
  • patents
  • BlackBerry and RIM

It’s a well-written piece and I would urge you read it and Matthew’s other material.

I’d like to focus on one small piece of Matthew’s article. Specifically the piece about Windows Phone:

Windows Phone is also a pain because no one has them and no one (yet) wants to buy them. I believe this will improve when Windows 8 hits the market next year, but until then it’s difficult to pitch to customers. Plus you would think migrating software and apps from Windows Mobile to Windows Phone would be easy. It’s not, because of the radically different Silverlight-based user interface model. Windows Mobile is .NET-based and Java-esque.

It is fair to say that much has been written [during 2011] about the uptake of Windows Phone devices. The phone manufacturers [HTC, Samsung, LG, etc.] must be furious with the way the phone carriers [the likes of O2, Vodafone, T-Mobile, Orange, Three] have failed to market their Windows Phone products. It wasn’t until I was at DDD North on the 8th of October 2011 that I saw more than one Windows Phone device in the same place. In fact, as @scottisafool noted, by virtue of there being a handful of Windows Phone devices in the same place, it put many High Street stores and supposedly phone-savvy supermarkets to shame.

Every market has to start somewhere. Windows Phone is the new kid on the block and it has moved into a block that’s already very well established; current residents include Android, iOS and to some extent BlackBerry. Given that major pundits are referring to Windows Phone as the third member of the mobile ecosystem, I believe it’s fair to follow Matthew’s recommendation to ignore BlackBerry. Unless RIM have an ace up their sleeve, I have to agree with Matthew.

Despite this apparent low uptake, it hasn’t thwarted the application developers. As of today there are some 35,000 applications in the Windows Phone Marketplace. Many of the reputable news sources for Windows Phone report that about 90% of the core apps and games that “the others” have on their iPads, iPhones and Android tablets are available for Windows Phone devices. Whilst that suggests the market is pretty much sewn up, there are still gaps that need filled. Contrast this with the fact there are over 500,000 applications available for iPhone and Android devices and it’s fair to say Windows Phone has some catching up to do. Assuming, of course, that you believe catch up is required. One has to ask how many of the 500,000 or so applications are unique or are so trivial that calling them an application is an overstatement.

Nokia’s presence in the Windows Phone ecosystem should not be under-estimated. Rumours about their device line up have been rife. Leaked photographs of their proposed Windows Phone device(s) have been published, analysed and analysed again. This weekend, October 21st and 22nd 2011, TV viewers in the UK started to see subtle hints from Nokia, the Sea Ray made very short but pointed appearances between adverts in major shows on Saturday evening. This advertising, albeit very short, is very welcome. Windows Phone marketing has been beyond disappointing, a fact that cannot be denied and a fact that isn’t UK-specific. I would hope that advertising picks up as we get closer to Nokia World, October 26th 2011, when Nokia’s devices will be revealed to the public for the first time. Nokia have the ability to produce, market and sell millions of devices. In Europe, they are virtually independent of any particular demographic: kids, teenagers, housewifes, workers / business users, pensioners, the military…they all use Nokia devices.

Whilst Matthew believes no one has them [Windows Phone devices], he does believe that people will want to buy them in the future. And that’s the key: the future. The future for Windows Phone isn’t 12-18 months away, or further. It’s between now and Q1 2012. It’s now. Microsoft’s careful approach, whereby they built Windows Phone version 7.0, used customer feedback to refine it with NoDo and subsequently with Mango, mean they have an operating system that is a first class citizen in the mobile space. It can compete, and win, against the likes of iOS and Android.

Windows Mobile developers will continue to have their market in line-of-business applications for as long as there is demand and device availability. Where should they turn to next? Matthew believes that Windows Mobile developers should be focusing their future development efforts in the Android space. I have to disagree with that thought! The Android market is saturated. Android is an operating system that suffers from considerable fragmentation; there are many versions of Android, spanning major version numbers, still in use today. Examining the various platform versions, I see there are only a few flavours of Android that are “accepted” as primary development targets, which is a step in the right direction. Even if you target the three major versions of Android, the open source nature of Android means that developers might find themselves having to work around issues that are very device-specific.

Windows Mobile developers will find themselves moving from Microsoft’s .NET platform over to Java, which is means moving away from Visual C++ and the Visual Studio IDE. Thankfully, the existence of third-party tools such as MonoDroid, allow us to write C#/.NET code that can be deployed to the Android platform. However getting started with MonoDroid will cost you at least $399, which is very much worth it if you wish to avoid entering the Java camp. On the plus side, once you’ve written your application, it can be submitted to the Android Store and available for sale within hours. Ultimately, moving from Windows Mobile to Android should be considered a complete platform change: all of the tools, software development kits (SDKs), frameworks and deployment targets have changed. You could be buying into a whole new set of problems.

Windows Mobile developers who are considering a move to iOS are in for a similar surprise. Apple’s iOS relies on the Objective-C programming language. I won’t go into Objective-C in this post, but if you need to read more, there’s good content in this article over at The Guardian. Whilst iOS developers don’t suffer from Android’s OS fragementation, they do suffer from Apple’s lengthy application submission process. I’ve heard some developers say the application submission process can take weeks. I’ve also heard that Apple can reject applications without providing any reasons as to why the rejection occured – I believe Apple have gone as far as to ignore some Google application submissions! Not surprisingly, tools such as MonoTouch exist, whereby we can write C#/.NET code that runs on iOS. If I was developing for iOS, I’d be seriously considering the $399 cost for MonoTouch. Again, moving from Windows Mobile to iOS should be considered a complete platform change and one that may have a significant cost attached to it.

Contrast Android and iOs with the Windows Phone modus operandi. Windows Phone applications can be developed using a tool that Windows Mobile developers should be reasonably familiar with: Visual Studio. Windows Mobile developers have been used to working in a managed code environment for some time now and they are particularly comfortable with the Visual C++ language. Windows Phone development will mean developers use their choice of C# or Visual Basic – this shouldn’t be a major undertaking as it’s not a complete platform change. Windows Mobile developers should have a good grasp on the .NET framework. The move from Visual C++ to C# is, in my opinion, fairly painless. Yes, they will have to contend with a new deployment target, however it’s not a case of “all change” as it would be for Android and iOS, developers get to stay in the overall Microsoft ecosystem. And or course, the Windows Phone development tools are free, which is always good.

Many businesses are already allowing Windows Phones to form part of their device portfolio, whether the device is on the corporate asset register or simply owned by an individual. Once the consumer market opens its mind to the fact there are alternatives to Android devices, iOS devices, BlackBerry devices, the business space will see similar such uptake. Consumers have day-jobs, they don’t want to find themselves using a state-of-the-art Windows Phone device to manage their personal life and then to have to use a candy bar to make phone calls in their corporate life. Nokia used to be in the candy bar market, especially for corporate customers…I still have a Nokia 6021 gathering dust! Ironically, I carry a Palm Treo 750 (Windows Mobile 6) instead of the Nokia 6021. I also carry an HTC HD7 Windows Phone – it’s my personal phone. The HD7 gets more use than the Palm does – putting Windows Phone aside, the screen size makes it so much more useable.

Whether Windows Mobile developers choose Android, iOS or Windows Phone, they will still find themselves building their line-of-business applications using a new user interface metaphor – gone are the small buttons and stylus-inspired Windows Mobile user interfaces. Windows Phone, like the iPhone and Android is all about touch, sliding, pinching and tapping. Despite the ease at which I believe a Windows Mobile developer could pick up the Windows Phone development environment, it’s not the main reason I believe that they should move into Windows Phone application development. The ease at which a Windows Phone application can be developed is certainly a very important reason, however it’s not why I’ve written this article.

The primary reason is the exponential growth that we are about to see in Windows Phone uptake, particularly in the consumer space. As noted earlier in this article, during the week leading up to Nokia World, the commercial UK TV channels carried a number of subtle adverts. Even today, Monday 24th October, the free Metro commuter newspaper carried an advert for the HTC Radar – granted it could have done with having more than a “cake” on the screen, it could have showed off the OS! Assuming Nokia World proves to be the catalyst that Windows Phone needs and deserves, Q4 2011 and Q1 2012 are going to see massive uptake in the Windows Phone space. Demand for Windows Phone applications is going to go through the roof early next year, 2012. We need to be developing applications to meet that demand and we need to be doing it now. Rarely do we get a moment like this, we have six months notice that good times are coming: action, now! The Windows Phone market needs you!

So, you see, now, 2011 is a great time to move into Windows Phone development.

Passwords alone, are not enough. Even if they were, are they hard to break?

[As quoted in the Guardian: http://www.guardian.co.uk/technology/blog/2008/nov/23/technology-letters-blogs]

Relying on a single password for more than one purpose, e.g. logging on to your web-mail, instant messaging service, Facebook, Bebo, etc. is probably very commonplace.  Indeed, exposés such as Twitterank, and even it’s parody site TwitterAwesomeness, highlight the ease at which folks will essentially surrender their username and passwords.  Twitterank didn’t just catch the unsuspecting Internet user, they also caught a number of people who really should have known better. 

Sites that do need your Twitter username and password, such as BrightKite, use it in order to post tweets on your behalf.  In BrightKite’s case, it tweets each time you “check in” to their “where am I” service.  The check-in process involves you telling BrightKite where you are, it then sends out a Tweet telling the world.  Such sites make their intentions very clear in the Terms Of Use, Code of Conduct and Privacy pages. 

However, so did Twitterank. The site made it clear what it wanted you to believe it was doing with your username and password.  Even if you didn’t read the Twitterank terms of service or FAQ, it was embedded within the source code, as Barry Dorrans carefully points out.  The speed at which the Twitter population flocked to Twitterank suggests that were there any ulterior motives, the site would be well placed to exploit a significant portion of the Twitter accounts that it had opportunity to harvest.

Twitterank was different.  It relied on our instinctual want to graded or rank ourselves amongst our peers.  No matter how hard we try, we’re all competitive by nature.  We want to know where we stand/sit in relation to our peers.  Some services, such as Twitter Grader have managed to achieve this without the need for a Twitter password.  Granted there’s only so much Twitter Grader can do, however it’s a polite service that has introduced me to a number of Twitter users in Scotland – users that I may not have discovered.

There was little indication whether a Twitterank of 100 was good or bad.  Some users reported ranks of over 200, others, as we’ve seen already, received a rank of zero.  The mathematics behind the site were reported via a comment in this blog as being “Real Math(tm)” and were comparable in accuracy to Google’s PageRank mechanism.  I’m not a mathematician so I won’t be debunking any formula, algorithm or approaches.  Well, not just yet at least.  For Twitterank to have been useful, it would need to allow us to determine whether our rank was better or worse than other Twitterankers (there it is again, I do apologise).

Twitterank didn’t really try to hide its intentions, however because of the the site’s ease of use, instant gratification and rapid publicity, its uptake was huge (it trended TweetStats and Twitter Search, and at the time of writing, continues to do so – outdoing “Obama” and “James Bond”).  The publicity was part of what made it so popular – it sent out a Tweet announcing your Twitterank, including a link back to the site thus encouraging users to discover their own ranking.  In most cases, this would probably be fine, however spare a thought for the Twitter folks who received a ranking of zero – and there where many of them!  Indeed, many Twitterankers (can I really get away with saying that?  Too late now!) tweeted their dissatisfaction at their ranking. 

Amusingly, Twitterank’s creator (@ryochiji) reported on his Twitter feed that low rankers should try again tomorrow.  Oh, so that’s how it works – everybody’s Twitterank will improve over time, that’ll work, great system, yes?  Further information may be found on the Twitterank blog, assuming WordPress haven’t deemed it necessary to close it down.

It’s not all about gullible users though
This morning, at the time of writing, a few hours after Twitterank was exposed for the social experiment that it probably is (or was), saw me reading Bruce Schneier‘s Read me first column in the Technology section of The Guardian.  Bruce writes a great piece explaining how passwords don’t need to be broken per say, but that they are inherently easy to guess.

Without spoiling the article too much, assuming that you are going to read it, Bruce highlights our password selection techniques.  One such method, and one that is certainly very familiar to this writer in his corporate environment, is the keyword+appendage approach.  Users often take their child’s name, their dog’s name, etc. and add a numeric digit or two after the name, e.g. frank01 or rover12. 

Today’s processing power means that software can intelligently guess huge combinations of keyword+appendage passwords in a relative short and acceptable period of time.  Gone are the days when passwords would take days or weeks to crack.  If you need more convincing, think about how long it takes the average WiFi hacker to crack your wireless router/modem WEP encryption keys.  Or even your WPA encryption?

Bruce makes the suggestion of using a personal sentence as your password.  Not the sentence itself, but an obfuscated version of the sentence.  His example (yes I’m spoiling the original article, sorry) uses “This little piggy went to market” – it creates an obfuscated password of tlpWENT2m.  Such as password would take a significant amount of time to be guessed using processing power alone.  Just in case you were tempted, Bruce rightfully advises that we don’t use tlpWENT2m ourselves…oddly enough.

Increasing security, some options
With the ease at which Twitterank coaxed visitors into typing in their username and password, it seems the days of the password as a single source of authentication are numbered.  We need to be considering more secure alternatives that involve “levels of authentication”.  Usablity is the key to widespread acceptance, any product in this space must be easy to use; its interface must be fundamental such that selection of a secure-level authentication token requires little more effort than offering a basic-level token. 

With Twitterank-like incidents becoming more common, I predict that during 2009 we will see the general acceptance and widespread uptake of such authentication mechanisms such as OpenID, and CardSpace (further reading here and here).  You should familiarise yourself with these mechanisms because major web-sites such as Yahoo are gradually introducing them as part of their login process.  Indeed, even the likes of Facebook, where you can be whoever you want to be, may have to succumb and implement a more secure user registration and identity verification process.

Beyond authentication into verification
Going beyond authentication, we need to consider verification, particularly of identity.  The internet has little in the way of process that can help us confirm an individual’s authenticity and identity – how do you know that the person your are tweeting with or Facebooking is the person they say they are?  Twitter had the great fake Sarah Silverman incident of October 2008.  Facebook has many impersonation cases, a few of which I discuss in elsewhere on this blog

Firms, such as NetIDme are well placed to take advantage of the needs of the authentication and identity verification marketplace.  Identity verification through NetIDme processes involves a combination of stages, if you’re in the UK or US they boast a 95% “automatic verification” rate. The remaining 5%, or if you are a child, requires some form of personal contact with the NetIDme team – whether it is a fax or a phone call.  However, prior to the personal contact, you are invited to provide such things as your Driving Licence Number, National Insurance number, Social Security Number or Passport number in order for third party checks to take place.  Obviously this is much more involved and potentially more invasive than a simple username/password combination. The fact we are now able to authenticate and verify who we are, including how old we are, is a key step forward in the growth and maturity of the Internet.

And finally…
At the time of writing Twitterank is still up and running, whilst there appears to be no malicious intent on the creator’s part, the whole debacle in the social engineering space has left a bitter taste in the mouths of many people.  I am sure that no ill intent was ever on the cards, however Twitterank has proven that everybody needs to think about their own on-line security and the implications of password surrender. 

Just think what might have happened to your Twitter feed? “Ah,” you say, “but it’s just my Twitter feed, I don’t really care if somebody hacks it and owns it.”  That’s fine, but a lot of users have a single password, and that is where the problem stems from.  Identity theft often starts from the smallest thing.  I have a colleague whose identity was stolen simply because she left her name on the door bell of her previous house. The house had been sold to a gentleman who then let / rented the house.  The new tenants used the knowledge of the previous owner’s name to start off the identity theft process.  It is that simple.

I’ll leave you with advice that is mentioned elsewhere in this blog:

  1. Don’t use the same password for social networking sites and services that are more important to you such as your on-line bank or your web-mail.  If your password is harvested, as Twitterank could have done, you may find yourself compromised in more than one way.
  2. Avoid simple passwords such as “password”, “itsasecret” or “letmein”.  Amazingly, during my university days somebody actually told me their password was “itsasecret”.  Indeed it was…I logged in and was later accused of cracking the said password.  A little trouble ensued but it was soon dropped when I explained that i had actually been given the password in the first place! 
  3. Consider “upping” your levels of security your OpenID – there are plenty of providers.  Yahoo, MyOpenID and NetIDme to name just a few.  Any progress in this direction, is good progress. Of course, you could always demand OpenID!

Safe and happy surfing!

Further reading:

Password security – even big names fail
Twitterank – celeb or peon? @t_rank