Two languages that software developers should be familiar with

The question that I get asked the most these days is “what development languages should I be learning [to stay competitive/excited/motivated/etc] ?” The high-tech industry, and software in particular, is changing at a ridiculously fast pace and that introduces a lot of uncertainty and confusion as well as great opportunity. My answer to this question is unequivocal: I think for the foreseeable future developers should be learning the basic concepts of JavaScript and Python. If you don’t already have these skills then you simply cannot go wrong with this approach. If you’ve been a long-time server-side developer, or you are just getting started with software development then knowing the patterns and practices for JavaScript and Python will serve you well.

Why?

There are three primary reasons and I’ll try to be short and to the point. First, there are at least 2.5 billion internet users world wide, and that number is growing. Their primary method of accessing the web is a browser and JavaScript is the lingua franca of the browser world. JavaScript is a scripting language and it is “the” fundamental building block that allows web pages to “do” things such as submitting your search request to a server, or helping to find your location from your phone. Almost all web pages being served up around the world have JavaScript in them.

Second, the majority of retail, commercial and governmental web applications have a requirement that calls for the use of “server-side” code. This is code, such as Python, that runs on a server and not in the browser application. The most common functionality of server-side code is passing data back and forth between a database and a web application. For example, if a web app asks for a username and password, that user name and password are almost always stored on a server somewhere and not, for security reasons, in the web page and on the client browser where it could be very easily stolen.

Third, you can absolutely apply these client-server patterns and practices to other languages used within the realm of web development. A User Interface designer who has been solely focused on layout and styling via Cascading Style Sheets (CSS) can now understand and appreciate how the underlying JavaScript code can affect the look, feel and behavior of a web page. Python skills can also be used a springboard for more quickly learning other powerful web development platforms such as ruby-on-rails.

The bottom line is if you understand both client development (JavaScript) and server development (Python), then you start to gain considerable value as someone who understands how to help the entire system work together in harmony.

A short note on jQuery.

Many (most?) new web developers learn jQuery first. However, even if you know jQuery you don’t necessarily understand JavaScript. The awesome jQuery libraries provide an interface that hides and simplifies a lot of native JavaScript hoopla, and in general can really make life significantly easier and save time when building modern cross-browser web apps. jQuery is built using JavaScript (and CSS3), but it is not JavaScript. Because of that, when something goes wrong or not as you expected (not if, but when!), and you have a general understanding of how JavaScript works, then you stand a much better chance of figuring out a timely work-around with significantly less stress, frustration and time wasted towards your projects deadline.

The absolute minimum recommended reading list:

JavaScript.

  • Douglas Crockford’s book “JavaScript: the good parts”.
  • Douglas Crockford’s website – He is considered a key brainchild behind the ongoing development and understanding of JavaScript.
  • W3schools – An excellent website for anyone using or learning JavaScript. It has tutorials and online Try It Yourself sample apps.

Python.

Android Privacy Part 2: App Ops & Google Play Improvements

Let me start out by saying I like my Android phones. I like developing for Android even with all the inherent version support issues, etc etc. So, in my previous post I brought up privacy issues related to installing Android apps along with a suggested fix. That post was inspired by a major change in Android v4.4.2 that removed “App Ops,” even though I didn’t mention it by name. The removal of that functionality is now a very visibility topic thanks to a number of high–profile bloggers such as the Electronic Frontier Foundation (EFF) who also have taken exception to this change.

In a nutshell, App Ops or its equivalent, would allow you to manually toggle individual application permissions on and off.  You can search for articles on what App Ops is, or read my previous post on what it should be.

I’d take the issue of “control over what applications can access” even one step further and propose that it’s well past time that Google should begin reviewing Android app submissions similar to what Apple does for the App Store.  Seriously. In combination with App Ops, or similar functionality, this could only help reduce the amount of nefarious practices, content, viruses, Trojans and more. Case-in-point: for the first this September, Kaspersky Labs reported a particularly sophisticated Trojan virus along with distribution mechanisms specially gift wrapped just for Android users. And, then again in November they announced an Android-specific financial phishing Trojan aimed at stealing banking usernames and passwords.

To get an idea of what is allowed on Google Play all you need to do is compare Apple’s App Review Guidelines with Google Play Policies and Guidelines. For example, searching the related Android Developer Content Policy for the term “review”, it only shows up once, and that is in regards to serving up advertisements.

My hope is that Google takes heed and makes some necessary and timely changes so that we can all continue to enjoy our Android devices safely and securely.

Important fix needed for Android app permissions

I believe there is a significant flaw in how permissions are set when you install Android apps. You get two options – Accept all or nothing. For readers not familiar with how Android app permissions work, there is a configuration file for each app that sets permissions for that app only. Permissions are needed for any functionality that affects how the app accesses things like sensors (e.g. GPS), SD Cards and the internet. These permissions do not affect any other app on the phone.

I propose an important change should be implemented at the operating system level — You should be able to accept or deny each privilege at installation time. This would make it an opt-in approach rather than an opt-out. Sure, some of you will say there are apps that can help you do that afterwards, but for tens of millions of consumers that’s not good enough. The vast majority of consumers simply don’t do take advantage of that for a variety of reasons, so having the option to accept/deny up front is the best way to go.

Yes, there is a good chance that many (most?) users would still simply accept all. However, I think increasing numbers of users would become aware that they can opt out of certain things and take advantage of the convenience and the potential for added security that this approach provides.

Developers and companies that build Android apps will probably yell loudly that this will affect how their apps work. Note that there are no technical reasons as to why this wouldn’t work. If someone checks “don’t allow internet access”, we developers can gracefully disable parts of the application and provide notifications when users attempt to access the internet. If someone disallows geolocation, then we do the same thing. Users can always opt back in if they need to. If some vendors take the approach that if you opt-out of certain things then the entire app will be disabled, then so be it. I personally would be wary of installing an app that did that.

Take the example of the screenshot below. This is the installation screen from a very popular sports app. I wonder why does it need access to my phone calls, my Accounts, or even contents of my USB storage? It doesn’t even provide an option to move the app to USB and there are no capabilities in the app (that I’m aware of) related to making phone calls. I would love to be able to opt out of these.

Android permissions