Monat: März 2013

href-tag hack to trick users to different target

hack_aSee here „Hacking the <a> tag in 100 characters“ what Bilawal Hameed found out:

A short while ago, I discovered that JavaScript allows you to change the <a> href after you click on it. It may not seem that serious at first glance, but rest assured, it can trick customers into giving in their details to fraudsters.

Thx, to @_funkyboy for the tweet pointing to this flaw.

mdevcon 2013

mdevcon_1On last friday i visited for the first time the mdevcon 2013 in Amsterdam. The conference is by mobile developers, for mobile developers. Day 1 (thursday) was reserved to people which wanted to get handson experience and getting down into code and learning in a tutorial day. Several high profile developers did offer top notch know how to developers in this tutorial day like e.g. Big Nerd Ranch.

Day 2 had a speaker schedule with multiple tracks, designed in such a way that whether you were an android, iOS or other mobile platform developer, there was always at least one session that should have been of interest. The venue took place in the 1920?s classic Tuschinski Theater in Amsterdam and had around 250 attendees.

mdevcon_2I went there with two of my CocoaHeads Fellows from Bremen, Karl (@kpbode) and Jonas (@jojppa), both are into iOS and ANDROID Development. We took the train which was the best choice we could have taken. It is so much nice to do some coding already on the train together and exchanging tricks. Usually nobody of us has time for doing this, but the train was the perfect place (thx to Jonas for a reservation of the tableplace for us three in the InterCity train).

Highlights of the conference

My favourite lectures/talks were the following (in that order):

  1. iOS and Android Security Mechanisms and Exploit Mitigations by Mike Arpaia
  2. Mobile Application Design Patterns by Saul Mora (Magical Panda)
  3. The Dialogue Is Broken by Martin Legris
  4. and Effective iOS Network Programming by Ben Scheirman

@1: Keeping data safe and secure is what keeps any mobile OS a trusted piece of everyday technology. Everyone should spend some time on development to especially simply turn security ON. This was a pretty dense talk about the possible ways you could ensure more security of data in every app.

@2: Was simply great, because it reminded me to invest some time in refactoring of my own habits of coding. As soon as you succeed with an app you start forgetting about keeping up the learning and shaping of your skills. This was a wakeup-call to me doing some analysis of my coding style.

@3: Martin gave a whole new perspective on the way we could create apps. He used the metaphor of a dialogue between customer/consumer and the business/developer’s app. And he was damn right about a lot of things.

@4: Was good to listen to, because I still hog on the ASIHTTP-classes and need to transition all my stuff soon to AFNetworking.

I really missed Objective-C’s Dark Arts by Mikey Ward (Big Nerd Ranch), who did not make it to the venue. I was really curious what he might have been presenting to us. Perhaps he will be there next year with some more black arts extreme. :-)

Was it worth it?

Absolutely! I enjoyed meeting different people from all kind of businesses. I also liked the venue, which was kind of really cool. And this venue actually offers so much space for chilling on sofas around the lecture halls. mdevcon 2014 should make better use of these areas and allow for some small hackerspaces there or some small fair-like exhibition of cool stuff. Karl, Jonas and me we had a nice hotel only 15 minutes walk away from the venue at a reasonable price and a fine travel by train. I will come back next year.

Special wish for next year?

Offer a developer driven „Lightning Talks Slot“ at the smaller lecture room in the afternoon. This should be only about real code. Displaying source code hacks in 20-24pt fontsize and telling best-of-class-tricks-only in 5 minutes. (see Lightning Talks and have a look at how this is done at xxc3-congress e.g.).
(btw: i really was very disappointed by the „Mobile Musical Instruments“-talk which did not refer to ANY one LINE of code EVER, but for me was like a product promotion talk. #FAIL).

Update 18.3.2013:
I did not forget about Matt Gemmels‘ lecture. Here is my visual summary on that one…

gemmell_value_you
gemmell_what_you_do gemmell_time_value
gemmell_autocratic gemmell_care
gemmell_self_respects


I appreciated the perspective Matt took here. He is pretty damn right, that we all do in a way kind of rocket surgery and it is far from given, that all these wonderful apps work like they should and like users expect it. In fact it is damn hard work, often not valued by either the boss, or the consumer or even both.

Though this talk felt a lot like a psychologist talking to his client… Matt gave a valuable perspective on these skillful individuals which give birth to so many creative ideas and products. Thx for that!

Arbeitsplätze der Zukunft und so…

yahoo_styleMit einigem Interesse hab ich verfolgt, wie Marissa Mayer bei Yahoo! (schreibt man das so?) grade mit dem eisernen Besen aufräumt. Als eine der ersten größeren Aktionen hat sie jetzt erstmal allen Mitarbeitern, die Teilzeit und/oder Vollzeit von zu Haus arbeiten angesagt, dass das fortan der Vergangenheit angehört.

Hach, mal wieder ein Chef, eh, eine Chefin, die sich so richtig um die Mitarbeiter kümmert! Weil die positiven Effekte liegen ja auf der Hand:

  • Keiner kann sich mehr den herrlich nutzlosen & zeitverschwendenen Meetings entziehen, soweit kommt es noch!
  • Endlich müssen alle gleichberechtigt unter der Großraumbürolautstärke leiden, ohne Ausnahme!
  • Jeder Mitarbeiter kann endlich wieder durch jeden anderen jederzeit bei der Arbeit gestört werden, so muss es sein!
  • Die Mitarbeiter zu Hause die waren ja allesamt unkontrollierte, faule Säcke, da kommt jetzt endlich mal fett Kontrolle rein, denn jetzt kann man ja SEHEN, dass der Mitarbeiter wirklich DA ist! Präsenz FTW!11!!
  • Die Qualität der Arbeit wird endlich wieder richtig dolle ansteigen, denn wenn einem 3-4 statt nur 0 Personen reinreden, wird eine Software in der Regel zu einem harmonischen, perfekt funktionierenden Uhrwerk eines Ganzen und nicht so einer verkleisterten monolithischen Patchwork-Vaporware
  • Die Blame-Latenz wird effektiv gesenkt: Man kann jetzt auch die Mitarbeiter viel direkter zur Sau machen, per Mail geht das immer nur so subtil und mit soviel Zeitverzögerung!

Hier hat das mal ein Systemadmin schön zusammengefasst. Ich pack‘ das mal in die Kategorie „Best Practice & Leadership“, aus Gründen!

Update 10.3.2013:
Wie wir ja alle wissen, kann man Unternehmenserfolg ausschließlich am Aktienkurs ablesen. Alle anderen Kriterien wären ja auch Ketzerei. Wie unglaublich erfolgreich Yahoo jetzt ist, zeigt uns also sehr schön der Aktienkurs. Alles dufte! Alles richtig gemacht! Keine Zweifel! Gratulation!
yahoo_success_2013