Wednesday, November 28, 2012

Is the Free Software business model really viable or just an idealistic pipe dream?

If you listen to Richard Stallman and his legions of followers, all it takes to make money while writing Free Software is to write quality software, give away the source code, and charge for associated services. But for something that sounds so easy, it's proven amazingly difficult for anyone to actually achieve and the question could be asked if making a living writing Free Software really viable or is it just the pipe dream of someone obsessed with a weird, redefined, view of 'freedom'?

Let me tell you a story. It's a story about a man I greatly admire and who might completely disagree with this post. But it's a story I believe needs to be told. It's the story of Bryan Lunduke.

For the last several years, Bryan wrote proprietary software. During this time, he made a decent living, was able to enjoy life, and easily support his wife and newborn baby. Then, Bryan had an on-air conversation with Richard Stallman on The Linux Action Show who basically told Bryan that he was destroying society and was a horrible human being because he didn't write Free Software.

A few weeks went by and Bryan announced an experiment. If he could raise $4,000 in one week, he would open source all of his software and abandon his evil ways. The community came together, met the goal, and Bryan delivered up the source code of his apps as promised.

Then, sales crashed. Hard. Over the remaining year, Bryan tried various tweaks to his experiment. He offered compiled binaries of his software, he did a pay what you want model, he even offered to license his source code under both the GPL and BSD licenses for a fee.  It didn't matter. In the end, Bryan was forced to all but abandon the company that he worked so hard to build and take a full time job.

Though this is a bit of a sad story, I think it illustrates the point I'm trying to make quite nicely. Here is a guy with a product that sold very well when it was proprietary, a platform to push his products on (The Linux Action Show) and a passionate community of fans who claimed they were ready for him to jump in and support his Free Software reformation.

Except they weren't. The very community that 'loves freedom' so much that they are willing to call someone immoral pretty much sees their job as done when they can convince someone to give up writing proprietary software. It doesn't matter if that persons kids starve, if they can't pay their bills, whatever, just as long as they don't write a single line of non-free code.

Am I the only one who sees how freaking insane this mindset is?  You want to talk about immoral? That's immoral! Hurting society? Good example of it right there!

Now there's a lot of speculation as to what Bryan could have done differently. First, the software was written in a proprietary language (Real Studio) that has a smaller development community than languages like C or Python. Also, he didn't really make the code all that accessible. Instead of saving the source as a Real Studio version control project, he exported as one giant XML file.  Lastly, after doing an initial commit to GitHub, he left town for several weeks leaving users to fend for themselves.

Yes, Bryan could have done things differently. But I want you to remember that this software was selling well when it was proprietary. He want on vacations. He took a while to answer emails. That didn't really effect sales all that much.  And source code is generally for other developers who shouldn't need as much handholding as average users do. In reality, sales shouldn't have slumped all that much.

I believe this shows that there is no currently viable way for a software developer to make money following a strict "Free Software" model. If everything is available, then that limits how much money you're going to make on your product. Bryan's experiment has failed and, to maybe a larger extent, I believe this is a failure of the community as well. This was a time when they could have shown that what they claim is possible actually is and they didn't.

In the end, I hope Bryan goes back to a proprietary model. Or he might think about adopting a hybrid model where the source code is 'auditable' but not redistributable. Either way,  I hope that he can regain his business if he wants and make it into the success it was before the experiment.

My takeaway: free software as a business model doesn't work. Nobody has been able to make it work. It's time we accept that reality and deal with it.

What Should a Beginning PHP Developer Learn?


I've been a software developer for a long time. A good part of that time has been spent using PHP and its associated technologies to build web applications (and a few console ones too). I started with PHP in its infancy and kind of organically grew with it, learning new technologies and methodologies as they came up. For me, it wasn't so much about keeping up as it was about just doing new projects and picking up what I needed as I needed it.

But I've been getting email from junior web developers who are surveying the PHP landscape with wide eyes and wondering where the heck they should begin. PHP is a near fully object oriented language now so that seems like the logical place to start. But there's also an amazing amount of code already written, and still being written, in the old functional style so maybe they should start there.  It all can be a rather confusing mess of code for someone just breaking in to the field. So this is my attempt to add some clarity to that first look. It's my attempt to give you a starting place from which you can grow as a developer.

So here it goes:

1. Learn OOP first - While I won't get into the whole 'OOP version functional' programming debate, I do believe that, like it or not, OOP will remain the dominate way to develop quality software for the forseeable future. Not only that but almost all of the new programing paradigms are being built on top of OO concepts and it's going to get increasingly difficult (impossible?) for you to get even an entry level job without at least a basic fimilarity with object oriented concepts.

2. Be comfortable with functional - Compared to well ordered and contained OO code, functional code can look like complete chaos. But the fact remains that there is still a lot of code being written and maintained in the functional style. You will probably be called upon to either extend or maintain such code during your career so you might as well get comfortable walking between the two worlds now. And, while I know it's almost impossible for the OO diehards out there to believe, there will even be times when you will choose to write new functional code over OO code.  Learn it, get comfortable with it.

3. Learn at least one major framework - MVC programming is the way of the future. Make sure you understand it well.  There are multiple MVC frameworks out there for PHP but, for the most part, they function similarly enough where if you learn one you can quickly and easily pick up the others as you need. Some might suggest you learn Zend, I don't. While Zend is a perfectly fine framework in itself, I've always found it much like throwing a 200 ton gorilla at a 50 pound problem. Most of your projects won't require Zend. They will require something like CakePHP, Symfony, or Code Igniter. These are easier to learn than Zend and will serve you better in your day to day job.

4. Learn another language - PHP is a fine language. But it's important that you learn how other languages do things differently than PHP. Take some time to learn Python or ASP.NET, or Ruby. Take note of how each of these languages differ from PHP and what you like or don't like about them or PHP in those regards. You'd be surprised how many times I've been stuck on understanding something PHP is doing and looking at hour Python does it clarifies it for me. Trust me, this is going to be an asset in your toolbox.

5. Learn a source control system - You'd be shocked how many web developers I talk to that don't even have a basic idea about how source control works. This will come back and kill you in the job market. Technical managers will string you up, your coworkers will despise you, and you will quickly get the label of 'clueless. incompetent, newbie' if you ignore this. It doesn't matter what system you learn, just learn one and make sure you understand it intimately.

And that's it! Those five things will get you started on your professional PHP journey and will serve you well as you develop your career. Sure, there are probably a million other things I could add to this list but those five seem to be the ones I see lacking in new developers the most. Learn them and they will serve you well.

What are your 'must learn' tips for new PHP developers?

Tuesday, November 27, 2012

New, Simple, Password Hashing API Coming in PHP 5.5


Everyone who writes web applications should know by now that hashing passwords is a necessity. Storing password in plain text in the database or using a simple MD5 or SHA256 has is simply not enough in the face of video cards that can make millions of guesses per second. Unfortunately, it's also a reality that we still see many high use, high profile sites either not hashing passwords at all or doing so in insecure ways.

Thankfully, PHP has come to the rescue with new password hashing functions built into 5.5 alpha. Now, properly hashing passwords couldn't be simpler:

$hash = password_hash($password, PASSWORD_DEFAULT); 
 
The above code creates a password hash using the default algorithm (bcrypt), the default load factor (10), and a random, automatically generated, salt. The algorithm and salt will be part of the resulting hash so there's no worries about what to do with them when you stick them in the database.

If you don't want to stick with the defaults (which might change in the future) you don't have to and you can specify both the hashing algorithm and the load very easily:

$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' = 12]); 

In the example above, we've specified that the hashing algorithm used is the BCRYPT algorithm and that the load is 12 instead of 10. This gives us a lot of flexibility when we're hashing our passwords and allows for fairly easy integration with your current security setup.

Verifying passwords is almost the same as it's always been. In fact, if anything, I think it's a little cleaner and easier


// Get the password from the user and the hash from the DB

if(password_verify($password, $hash){
    // password passed verification
}
else{
    // password failed verification
}

The function returns true or false depending on if you have a match and makes creating and verifying secure hashes amazingly simple.

One thing that should also be noted is that you get the benefit of automatic hashing algorithm upgrades. When/if the PHP developers decide to change the default algorithm used to hash passwords to something other than BCRYPT, your new hashes will automatically be upgraded when you upgrade your PHP installation without the need to rewrite any code.

Overall, this is a really strong development and shows why PHP should still be a strong contender for a place in any web developers toolbox. And, with as simple as hashing and hash verification is, we'll hopefully start to see even inexperienced web developers start to take password security more seriously and avail themselves of, what I consider, one of the languages best new features.

Saturday, November 24, 2012

It's been years, but now you are mine

When I was 16 years old a friend of mine decided to start calling me "The Cajun Techie" since, well, I'm Cajun and work on computers and software. The name stuck and I've been known online as CajunTechie for the last 20 years. But one thing has always eluded me: a cool domain name.

Sure, I was able to get my last name (papillion.me) but I never really thought that it was as cool as using my online moniker as my website. Finally, yesterday, by pure happen chance, I went to GoDaddy and put in cajuntechie.org as a domain name. Imagine my surprise when it was available! Honestly, I was way too excited about it and schoolgirl squeals may have been heard coming from my home office. Finally, after 20 years, I now have a home at cajuntechie.org.

I can finally ditch the whole un-Google friendly cajuntechie.tk (yuck) and I can have a proper domain with a proper blog.

*schoolgirl squeal*

Saturday, November 17, 2012

NetFlix finally (kinda) comes to Linux

I'm a diehard Linux user. Ninety-nine percent of everything I done is done on a machine running Xubuntu 12.04. But there still is that tiny little one-percent of things I do, where I can't quite escape the stranglehold of Windows. Mostly, that's playing video games and watching movies on NetFlix.

Thankfully, with the recent announcement that Steam is coming to Ubuntu, my worries about video games might be becoming a thing of the past and with the work Erich Hoover is doing to bring NetFlix to Linux, I might just find myself living in Linux Luxery Land full time before I know it.

For those who haven't hear, Hoover has created a PPA for Ubuntu the effectively brings NetFlix to Linux. Using his PPA, Ubuntu users can use NetFlix just as easily as their Windows and Mac cousins can. Until recently, Hoover's method relied on Wine which some users didn't like, but it seems the new patches he's been uploading may just take WINE completely out of the picture. Or at least hide it really well.

To find out more about how you can run NetFlix on your Ubuntu box, check out this story and find Hoovers PPA by clicking here.

Tuesday, November 13, 2012

An Open Appeal to Real Software


Dear Real Software,

Over the last few years, I've absolutely fallen crazy in love with your product, Real Studio. As an experienced, long time, independent, software developer, I've come to appreciate the huge amount of time it saves me over competing products like C++, C#, or even Java. Since I've started using Real Studio, I've come to rely on it more and more to allow me to deliver quality software on time and within budget.

But, alas, all is not well in Developerland for me. With the current energy around tablet computing, I want a piece of the action. There's money to be made and I want some of it. Unfortunately, if I'm to go after any of this money, I'm going to have to do it without the help of Real Studio. Why? Because RealStudio doesn't compile for the ARM architecture which is quickly becoming the dominant processors these amazing devices use.

I really am confused by Real's apparent lack of interest in tablet computing. When I ask about future ARM support on the mailing list, I'm usually greeted with 'maybe one day, when we get LLVMrunning and Cocoa support on the Mac up to snuff'. Why? While I understand many developers make their living writing Mac software and you definitely should put a good amount of effort into getting Cocoa right, you're letting the foundation of an entire new market pass you by and forcing those of us who want a piece of the tablet pie to make a hard but necessary decision: stick with RealStudio and wait until ARM support comes (if it comes) or move to something else for developing on ARM devices.

Personally, I'm choosing to wait, for now. But I'm not going to wait forever. If Real continues to show no interests in ARM then I'll be forced to separate my development time: Real Studio for desktop apps, something else for tablet apps. It's a decision I don't want to make, but I have to go with what pays the bills.

Lastly, I know you say 'just develop web apps using the Web Edition' but, let's face it, we all know it's not the same. Sometimes, a web app just doesn't cut it. Sometimes, only native will do. Telling people to build web apps is a lazy, thoughtless solution to a problem that shouldn't exists (or, at least, shouldn't exist much longer).

So consider this a friendly poke by a friend. You're missing a new market and forcing developers who hitched their train to your product to miss it as well. Some of us will stick by you for now and see where things go. But you can't expect us to watch dollar after dollar go to other developers for long before we make a move. Sadly, that move might be partially away from RealStudio.

Save the day, Real Software: work on bringing ARM support to your product before you and the developers who rely on you are left behind.

Sincerely,
A Friend and A Fan

Tuesday, November 6, 2012

Seriously Reconsidering Instagram for Linux

A few days ago, I made a post saying that I was beginning work on a version of Instagram for Ubuntu. As a developer, I really like what I see coming out of Ubuntu and I'm putting a lot of my eggs in their basket. I realize that, if Ubuntu is going to take major market share, the platform is going to need good, solid, sexy, consumer applications similar to those that Windows and OS X have. I also realize that these apps, as more people seek refuge in Ubuntu from those other operating system, are going to be the primary driver of revenue for developers on that platform.

I'm a commercial developer. That means that, in order to do what I love, I need the apps I write to make money. That also means I have to be willing to walk away from an idea or project if I see it won't make money to support itself. Such is the case with Instagram for Linux.

Shortly after I posted my announcement, I saw a post by Chris Pirillo on Facebook talking about a Chrome extension for Instagram. I installed the extension and, I have to say, I really like it. In fact, it does everything I was planning for my application and does it very well. I also did some more research and found a good extension for Firefox. As such, I have to seriously consider if a desktop Instagram client is either needed or even viable.  My gut reaction is 'no' on both accounts.

So, for now, I'm going to put my client on hold and see how where the Chrome and Firefox extensions goes. If, at some point, they start to disappoint, I can always revive the project and move forward. If not, then we'll have the best of breed Instagram client in a browser extension.

I really was having fun developing this app too. Being pragmatic sucks sometimes :-)

Why I Did Not Vote for a Presidential Candidate this Election

For the first time in my voting life, I have chosen not to vote for President. While I did vote for a variety of state and local issues, I deliberately chose to leave no mark by either the name Mitt Romney or Barack Obama. I chose to do so, not because I don't believe it's my 'civic duty' to vote or anything like that. I chose to do so because I believe that I have an even higher civic duty to protect my country against harm and I believe both men are equally harmful.

I often hear 'well, I don't like either candidate but I voted for the lesser of two evils'. This year, I chose to not to vote for evil at all and, I must admit, it feels rather good.  Unfortunately, it didn't have to be this way. I could have had a third choice but the state in which I live (Oklahoma) has decided that my voice doesn't matter. Even though I have a constitutional right to vote my conscience, I am only allowed to vote for the two Presidential candidates that Oklahoma has decided to allow me to vote for. Hence, I simply chose to opt-out and not vote for either. I chose not to be part of the problem. I chose not to contribute to the destruction of my country.

Some will say that, since I didn't vote for President, I have no right to complain regardless of who wins. Think about this for a moment: if two people came to you and said 'one of us is going to ransack your house, choose which one will do it' would you choose either or neither? And, if you said 'neither' do you believe you should sit there and stay silent when one of them begins ransacking your home? Of course not! But that is exactly what the 'choose or stay silent' crowd is saying.

The truth is, since I am not part of the problem, believe both are equally bad choices, and am choosing 'neither', I feel I am in a great place to complain regardless of who wins and begins to screw things up. You might have chosen the lesser of two evils but you still chose evil. I chose not to vote for evil.

Yep, not voting for evil feels really good. Really good.

Thursday, November 1, 2012

AnonyMail 1.1.3 for Ubuntu Released

I've released AnonyMail 1.1.3 for Ubuntu.  AnonyMail is a small application that's available for Ubuntu (or any Linux that supports Gtk) and Microsoft Windows and allows you to send completely anonymous email to anyone anywhere.

While AnonyMail is not groundbreaking software, I wrote it because, as an activist, there are many times when I need to send mail quickly, easily, and anonymously. Most solutions, like TorMail, only meet one of those requirements and often require more work than it's worth just to send a single email. I hope AnonyMail addresses this and puts anonymity in the hands of the average user.

If you run Ubuntu, you can find it in the Software Center. Windows users can download it from here.