What is Larry Thinking? #12 => More Adobe AIR

May 6, 2008

In this edition…

About this Newsletter

So it’s already been another month since my last newsletter (longer, actually). How time flies when you’re not paying attention! In this newsletter I’m going to answer a couple of good questions that I’ve received lately and highlight a couple other things. It’ll be a mixed-bag of topics, with hopefully short but useful discussions. Later this month, I’m also planning on putting together another Mac-specific newsletter (i.e., it’ll only go to those that subscribed and marked Mac OS X as an interest). As always, thanks to the feedback and questions people have previously submitted and please keep it coming! And, of course, thanks for your interest in what I have to say.

On the Web => Larry Appearing at the Voices That Matter Web Design Conference

As a reminder, I’ll be presenting a workshop entitled “Adobe AIR for Developers” at the second Web Design conference, held in Nashville, Tennessee (US) from Wednesday, June 11th, to Friday, June 13th, 2008. You can view a description of the workshop at http://voicesthatmatter.com/webdesign2008/workshops.aspx#adobeair. If you use the code WDDSPKR (case-sensitive), you’ll receive a $200 (US) discount off of the registration price. If you have any questions about this workshop, let me know.

On the Web => Q&A Session with MySQL’s CEO

The MySQL Web site posted this question and answer session with MÃ¥rten Mickos, the CEO of MySQL AB. It primarily focuses on the acquisition of MySQL by Sun. It’s a short read that should allay any concerns one might have about the future of the MySQL database application.

Q & A => What security measures do Adobe AIR applications take?

In response to my last book giveaway, some of the questions I received were about security in Adobe AIR, a critical topic. The most important thing to understand is that an Adobe AIR application will run on the user’s computer just like any other application, with the same privileges and security concerns. An AIR application can do the same things as something you download from Microsoft, Adobe, or some third-party shareware supplier that you really don’t know. And this last category brings me to my point: the ultimate security of an application depends upon the end user: no one should install applications that come from untrustworthy sources. Towards that end, the first layer of security that Adobe added is that every application is associated with a digital signing certificate. If a developer creates their own certificate (which they can do), then the application (when the user goes to install it) is marked as coming from an “untrusted” source. In other words, “Hey, you’re about to install this program on your computer and it will have the power to do some damage and no one knows anything about the person/company that created it.” Conversely, developers can spend some cash to get an official certificate from a company like Verisign or Thwate (just like buying a certificate to perform SSL connections on a Web site). When you buy and use one of these, your application will be marked as coming from a trustworthy source.

The second thing Adobe did to help prevent security failures in AIR applications is create a unique security model. I’ll explain in brief: Certain steps commonly taken in JavaScript, such as using the eval() function, can be easily exploited. In a Web browser, which limits how much impact JavaScript can have on the user’s computer, such things aren’t as potentially damaging. However, AIR applications use JavaScript to tap into frameworks that can perform standard desktop tasks, such as deleting files, downloading content from the internet, and so forth. To prevent malicious JavaScript from wreaking havoc on a user’s computer, AIR content runs in one of two “sandboxes”. Potentially dangerous JavaScript functionality can only run within the “non-application sandbox”, where it’s limited as to what it can do to the user’s computer. Conversely, content in the application sandbox, which has full power on the user’s computer, cannot invoke the risky JavaScript.

Because sometimes an application will need to take advantage of the file system while still doing potentially risky things, AIR comes with a sandbox bridge that allows content in one sandbox to communicate with content in another. In an example I put in the book, I create an HTML text editing application. It uses a Yahoo! User Interface (YUI) widget to create a WYSIWYG editor. That contents runs within the non-application sandbox: in this restricted area, the user can only edit HTML and text. Then the rest of the application runs in the application sandbox, which means that it can open files from, and save files to, the user’s computer. The text the user edits gets sent back and forth. It’s a nice example that’s practical, fully functional, cross-platform(!), and secure.

Q & A => Is it still that important for programs to be efficient?

This is a very interesting and timely question. The writer’s original question is: With the advances in processing power and memory is it really important to make programs that utilize them efficiently? Will we really notice the performance difference? This is a topic that everyone would consider. The immediate answer most people would come up with is “Of course programs should still be efficient” and naturally that’s true, but the real question is a matter of how much emphasis should be put on efficiency, and my answer is “Probably not as much as you think.”

For example, in PHP, there are certain easy steps you can take to make a program more efficient (such as only connecting to a database when necessary, caching files, etc.), but I almost always caution people against taking efficiency much past the larger picture. In all likelihood, all of the extra effort would only improve the performance by a minuscule amount. The same is true for most technologies. One of the things that makes Ruby’s approach stand out is that the creator started with the understanding that the programmer’s time is more precious than the computer’s, so he focused on creating a language that one could program in efficiently, even if that meant that it executed somewhat less so. And this leads me to another point: the technologies selected for a project will probably have a greater impact on the performance than any tweaking you do (although, to be fair, sloppy programming in any language will always be worse than good programming).

Secondarily, outside considerations can have a greater impact. I just bought a new computer and rather than spend any time trying to get it to run as efficiently as possible, I dropped another $70 (US) to double the amount of RAM from 2GB to 4GB (and getting 4GB of laptop RAM for only $70 is gluttonous).

Q & A => What technologies do you prefer to use?

Starting with the operating system, I think I’ve made it clear that I really prefer Macs. I’m not one of those evangelists that try to convince everyone to use a Mac and that Windows or Microsoft is evil, but I just prefer Macs and avoid using Windows if at all possible. I think Apple does user interface better than just about anyone and their hardware is wicked cool. Granted, it’s not cheap and you’re at Apple’s mercy, but I still think it’s the better way to go. Plus, the iLife applications for working with music, photos, videos, and DVDs are amazing. Most importantly, Mac OS X is the most accessible version of Unix around. You can use a Mac like a perfectly functioning computer right out of the box and you can go command-line, building open source software like it’s a hard-core Unix server. It’s a wonderful combination for someone with my interests and responsibilities.

My complaints against Windows and Microsoft are less applicable now than they were several years ago (namely, the instability of the OS) and part of the reason I don’t use Windows much is because I’m not as familiar with it (kind of a self-fulfilling prophecy there). It’s still a concern for me that the MS software is much more vulnerable to attacks and that there’s not nearly the range of free applications available on Windows that I can find for Macs and Linux. I will concede that Windows makes sense if you: A) are a serious gamer; and, B) are writing software for Windows. Again, I’m not trying to tell people not to use it, just explaining why I prefer not to. I do use Windows to test how things work and look on Windows, as well as for confirming code and other aspects to the books I write.

Linux is wonderful, of course, and essentially free. It can also run on pretty much any hardware. In fact, the fantastic Ubuntu Linux can run on your computer from a CD (without installing it). But the learning curve for Linux is steep, just accessing a CD-ROM or Flash drive can be a challenge and I think Linux users often end up putting in lots of time to get a full-working (or nearly-fully-working) OS that more or less mimics Windows or Mac OS X. I use Linux off and on and am somewhat comfortable with it but it’s definitely not for everyone.

Beyond the OS, what technology I use for work depends upon the project. I think a great failure of many computer people is to apply a limited arsenal of knowledge to any situation. For example, you can create command line utilities and even graphical applications in PHP, but that’s really not the best language for the job (at the very least because it requires that the end user install PHP). But for Web sites, PHP is wonderful and normally my first choice (with MySQL then SQLite then PostgreSQL or Oracle on the backend). PHP makes sense to me: simple things are easy to do and complicated things are harder to do. Second to PHP for Web development purposes is Ruby on Rails, which is a Ruby-based framework. Third, would be ASP.NET, which is also a framework. ASP.NET is impressive but requires a different mindset and, unfortunately, Windows.

For creating non-graphical utilities, I would go with C++ or Ruby first. If it’s for my own needs, then Ruby (because it needs to be installed but is so easy to use). For graphical applications, I’ve been very impressed with Adobe AIR, as I’ve written about many times in the past year.

As for development tools, I’m very much a plain text editor kind of person. I use it for everything (specifically, I use the superb BBEdit). On Unix/Linux, I go with vi (and I’m not trying to start a vi versus emacs argument either). Apple’s XCode application is an excellent IDE, if you have the need, as is Aptana Studio (which can handle HTML, JavaScript, Ruby on Rails, iPhone software, and Adobe AIR). Both are available for free.

Just to add something that may surprise people, the one technology I don’t really use (or like) is the cell/mobile phone. I’m really not as old as this diatribe will make me sound, but I just don’t get why everyone wants to be on the phone all the time: while driving, while shopping, while with other people. It’s very strange to me. In part I don’t use cell phones because I work from home and don’t travel that much, so people know where to find me. Secondarily, if I’m not at home, I probably don’t want to be bothered. And not to get all zen, but I like just being in the moment, without the distractions, even if that moment is waiting in line somewhere.

Book Giveaway => “Adobe AIR with Ajax: Visual QuickPro Guide” and others

My thanks to everyone for their interest in my “Adobe AIR with Ajax: Visual QuickPro Guide”. Most of the copies I will receive were given away, along with the few copies I had left of other books. If you have not been contacted, you were not selected, but I have a handful of translations that I intend to give away in a newsletter later this summer.

My Book News => “Adobe AIR with Ajax: Visual QuickPro Guide” Published

I am pleased to say that I just received my copies of “Adobe AIR with Ajax: Visual QuickPro Guide” today, which means it should be in book stores soon. Do note that the title has been slightly changed–the “with Ajax” phrase was added per a reader’s feedback. Amazon currently has it listed at $26.39 (US). The book is also still available to be read online thanks to the Rough Cuts series. The URL is http://safari.informit.com/9780321524614.
I’ve also just begun writing my “Ruby: Visual QuickStart Guide“. Ruby is a scripting language, like PHP, but is very different and rather interesting: Ruby takes the approach that programming should be easy and fun, plus it’s a pure object-oriented language. Ruby has really come to fame over the past couple of years thanks to the popularity of the Ruby on Rails Web development framework (which is when I started playing with it, about three years ago). I’ll certainly be writing more about Ruby in forthcoming newsletters.