Software Design Lessons from my Diving Computer

Hi…
As I started my new hobby diving, I was told that the first gear should be an individual mask because it would contain prescriptive lenses. Well, why having a mask when you could have a new computer?? So, I invested in a Suunto Vyper dive computer.
Obviously, it is ruggedized and has touch points that can be operated with gloves and under water. But no touchscreen, no colorful display, only a few, very basic animations. Still, there is a more or less complex algorithm running inside. While playing around with it, I found some interesting aspects.
User interface is about simplicity. Suunto uses a menu working with up/down and a select buttons. When a sub-menu is selected, it shows that you are now a level deeper in the menu tree but it keeps showing the parent menu name. Idea is to ensure you where you are. If you have understood this strategy, you are fine. Besides diving, no more functions. Everything is focused. For me, this reflects a philosophy which apps should follow: Being focused on their task.
The UI needs to work in its environment. The UI of the computer is a simple LCD which can be illuminated in the dark. Because of the LCD, there cannot be two different things in the same place if the computer is in different status. You always know where to expect what. If you go deeper in water, you lose colors down to the point where only blue is left. Without an active light source, colors play no role. Therefore, a LCD black and white display is fine. Think about the environment in which your app is used. How much of what makes sense when? Colors and strengths of ambient light, think about it. Sound and vibration, think about it.
UI should mean user guidance. One thing I am missing (and here a richer display would be a great help) is user guidance. The computer expects you to be an expert. It comes with secure defaults, so normally nothing should go wrong. But whenever you change the percentage of oxygen for a Nitrox dive, it asks you about the partial pressure of oxygen you would like to go for (the secure default is 1.4 bar). I am pretty sure that most people diving in the summer then storing the gear for the rest of the year will need a short guidance to remember the details. Here, additional interface power and the opportunity to get a short lesson would be nice.
CU
0xff

From the desk of the CTO: 40 years gone and still the same problems…

Hi…

I found this nice presentation:

The amazing thing here is, that this guy presents from a view of 1973 (please note the pens in the pocket of his shirt, really mimicking an IBM technician of that time). What is so remarkable is that the exact same problems he describes, we are still struggeling with today.

This reminded me, on the software crisis theme as stated in 1968 at a NATO conference (see Wikipedia). We are still struggeling with the amount of software we can produce in a given time. There is more software necessary than we can produce. To address this, we can increase productivity of developers or get more people into development. We are also struggeling with the quality. We learned is that a certain freedom comes with fragmentation meaning complexity meaning quality problems.

If you look on our roadmap with App Monitor, Code Analyzer, and the things we are about to release soon, you see how we want to address this.

CU

0xff

 

Global SMS – Sending SMSes in node.js

Hi…

here is a short intro into how to send a SMS by using Global SMS service of Developer Garden. I already gave a short intro to our OAuth service. You might want to have a look there to find how to resolve the credentials. Also, if you want to extend or play around, have a look at the documentation.

Update: Please be aware that there are different plans available (aka BASIC and Premium). They offer different services, as you can see in the table below.

 

 

As you can see, not all features are available in the BASIC model.

I made basically two files for node.js. The first one takes care on the OAuth part. You can find the source here (please see also update below):

All it does is to provide a functionality to acquire a client access token from the OAuth server. I am using callbacks here since we have to wait for the server to answer.
The rest is pretty straight forward.

What this file does is, first of all to get the OAuth handler described in the source above assigned. We are calling then and using the OAuth client token to build a valid header. We then build the JSON body which is shaped in an interesting fashion but at least GSMA conform (adhere global standards whenever you can). All in all, I think the code is quite self-explanatory.

The answer is something like this:

Some remarks:

  • If you have no validated sender number, use 0191011. You do not need to use the tel: prefix then.
  • In the documentation the environment is called basic. This is a bug, you need to give budget instead (we are currently fixing that).

 Update:

On some Windows implementations, the options of the request need some additional parameters (as marked below):

The first one is to switch off the global HTTPS agent, the second is to accept any SSL certificate which by the way is requested by the last new line.

We made the experience that node.js uses different default protocols. Therefore, by explicitly asking for SSLv3 you make sure it uses the right one. This was necessary on our Windows Vista based test system.

Have fun.

CU

0xff

 

OAuth beim Developer Garden

Hi…

wenn man die Developer Garden APIs nutzen möchte, muss sich per OAuth anmelden. Wie das mit node.js funktioniert, will ich im Folgenden kurz zeigen.

Zunächst braucht man drei Credentials: Die Client ID, Scope und Secret. Die finden sich im Developer Garden->My Account->Application Managent. Dort legt man eine neue Applikation an und wählt DG APIs. Im nächsten Dialog gebe ich dem Kind einen Namen und wähle welche APIs im Rahmen dieser Applikation verwendet werden können. Hier finde ich die drei Credentials:

ManageApplications

Die Credentials in die entsprechenden Lücken hier kopieren und los gehts…

Viel Spaß…

CU

0xff

Installing IBM Worklight 6 the easy way…

Hi…

I had to install IBM Worklight recently and as usual with all Eclipse stuff, it is amazing to puzzle all the different combinations of Eclipse versions, plug-in versions, and their inability to work with each other in exact that setup, you just made.

So, here is my hint of the day:

In the end, I installed Android Developer Tools  v22.0.1 as the bundle comes (do not install into c:programs path because you would need admin rights to run it later). Then go to Help -> Install new software in Eclipse. Add this server:

http://public.dhe.ibm.com/ibmdl/export/pub/software/mobile-solutions/worklight/wdeupdate/

Check what is has for you and go…

Happy Worklighting…

CU

0xff

From the desk of the CTO: Working with Partners

Hi…

I just saw a blog post by our friends of bluevia where they argued that building a brand new thing from the scratch is the best way to go. Well, I have a somewhat different opinion. Let me explain how this comes.

Our product concept is a mixed one: We build own stuff internally and provide it via APIs – such as the Global SMS API. But we also partner with companies large and small to build joined products. Examples are our IVR system or App Monitor.

We established a process for this. It starts by looking into the marketplace and thinking on extensions to our current product line that make sense. For App Monitor, we discovered the problem of an extremely diversified Android marketplace and the hassle developers have to ensure quality. Another observation was that quality already is of some importance but will become of major importance in the near future. Next step was to look around and find a suitable technology to help us and we found an Israel based company that worked in this fields for some years. Exactly for this we have a tech scout. The solution was not exactly what we needed but it was a good starting point. Therefore, we added what we as Deutsche Telekom have: New business model, some missing features, hosting and operations, data privacy, access to a large test pool of devices, and what not. We have specialists here, we have access to partners, we have architects knowing what carrier grade software means. After some months of work, we were able to launch App Monitor and are now working jointly to increase quality, add features, and sell it.

The same comes true for our IVR system. We searched for a partner and found it. But I can point out lots of things we added or changed in conjunction with the partner. We are now about to add some features… well, by adding another partner technology.

The point behind this is twofold: On the one hand, we want to be agile and innovative. Doing this all ourselves would be nice but is simply naïve to expect. There are groups within Deutsche Telekom that have the idea of looking 7+ years into the future – namely T-Labs. Our goal is differently in providing useful products within months.

On the other side, it is not that we are a supply chain in buying products and reselling them. We add goodness by means of what we can do as a large, multi-national corporation. This comes in many forms and shapes. Technically, we know what it means to operate large infrastructures in a reliable manner. We know what security means. We are providing an onboarding platform which enable partners to easily integrate into our current offers. And we can span all kinds of platforms. From an operations perspective, we do customer identity management, invoicing, and support. From a go to market perspective, we do marketing and sales. And last but not least, we have product managers who keep an eye on the market and help to shape and drive the product.

So, if you are using one of our products, you get it all: Innovation, solid technology and operations, and a reliable partner. I think this is a good offer to go for.

CU

0xff

Send SMS via Telekom Tropo

Hi…

 

da ich gerade gefragt wurde zum Thema Send SMS mit Telekom Tropo:

1. Man braucht keine überprüfte Absender-Nummer und man kann aus dem Sandbox-Mode SMS verschicken.

2. Hier ist ein Node.JS Script, das zeigt wie es geht. Es verwendet Express (installieren per npm install express) und Tropo WebAPI (installieren per npm install tropo-webapi). Ich habe in einer seperaten JS-Datei meine Telefonnummern und das App-Secret.

CU

0xff

Medical Device Security…

Hi…

hier http://spectrum.ieee.org/podcast/biomedical/devices/hacking-pacemakers ist ein Artikel, über dessen Thema wir uns wahrscheinlich zunächst einmal noch keine Gedanken gemacht hätten. In Zukunft werden wir aber in der Welt des Internet of Things leben und damit werden auch Herzschrittmacher-Hersteller sich Gedanken über Firewalls auf ihren Devices machen müssen.

CU

0xff

DG Code Analyzer your software…

Hi…

wie komme ich zum Code Analyzer?? Klarer weise beginnt alles auf der Website des Developer Gardens. Dort findet man einen LogIn-Button:

Step1_LoginDort erstmal mit seinem Konto anmelden. Danach erscheint dort der neue Link My Account. Wenn ich dem folge, kann ich Dienste ein-/ausschalten.

Step2_AccountManagementDort auf API-Management. Als neues Element seit Gestern erscheint Code Analyzer:

Step3_Code AnalyzerDamit kann ich den Dienst ein-/ausschalten. Wie man sieht, ich habe ihn bereits eingeschaltet (you guessed). Über den Link Config kann ich meinen Plan wählen. Ich arbeite derzeit auf dem freien Angebot.

Step3_ConfigDort findet sich auch der Hyperlink zum Dashboard, über das man Code hochlädt nd die Scan-Ergebnisse ansehen kann. Der Link lautet https://codeanalyzer.developergarden.com/Dashboard.aspx

Viel Spaß damit…

CU

0xff

Honey Words und Two Factor Authentication

Hi…

Gerade bin ich über „Honey Words“ gestolpert (http://www.pcworld.com/article/2038092/use-of-honeywords-can-expose-password-crackers.html). Idee ist es, einige leicht zu knackende  Passwörter in die Tabelle aller ge-salteten und ge-hashten Passwörter einzustreuen. Wenn dann diese Passwörter zum Login verwendet werden, geht die Alarm-Sirene hoch.

Scheinbar wird man zunehmend unruhig zum Thema Benutzername-Passwort. Eine kleine Auswahl von einem einzigen Portal gefällig:

http://www.pcworld.com/article/2036252/how-to-set-up-two-factor-authentication-for-facebook-google-microsoft-and-more.html

http://www.pcworld.com/article/2030175/following-breaches-experts-call-for-twofactor-authentication-on-twitter.html

http://www.pcworld.com/article/260540/how_to_configure_googles_two_step_authentication.html

http://www.pcworld.com/article/2036360/securenvoy-falls-back-on-fixed-line-to-better-twofactor-authentication-reliability.html

http://www.pcworld.com/article/258467/does_twofactor_authentication_need_to_be_fixed.html

http://www.pcworld.com/article/261476/protect_your_dropbox_data_with_two_factor_authentication.html

http://www.pcworld.com/article/2035459/microsoft-adds-two-factor-authentication-to-keep-accounts-secure.html

Jetzt habe ich Angebote gesehen, die etwas mehr wie 700 € für eine Two Factor Authentication haben wollen. Wie das auch billiger geht, kann man in meinem Blog etwas weiter unten lesen.

Update:

Gerade auf Facebook gesehen…

Two way FB

CU

0xff