blog

Posts by Mark

NSW eTendering Team receive award for Excellence

April 9th, 2010 by Mark

One of Gruden’s key clients, the eTendering Team from the NSW Department of Services, Technology and Administration (DSTA), was recently awarded one of the eight DSTA Excellence Awards in the Service Delivery Community category:

For individuals or teams that directly support and deliver value to the NSW public highlighting:

  • Exceptional service to the community, in a particular incident or over a sustained period of time.
  • Enhanced quality of life or well-being for the people of NSW.

and it was awarded for:

FOI Legislation changes in 2007 resulted in a new requirement for the disclosure of all contracts between Government and the Private Sector valued greater than $150,000.

As a result of publishing contracts online, the eTendering team provided the key platform for driving transparency and efficiency across NSW Government and business. This has also delivered significant savings to tax payers and to the environment.

Gruden have worked closely with the eTendering Team for over five years and feel that the recognition of this team was highly deserved. Congratulations folks!

Posted in Gruden News Comments Off | Reply

Renaissance Art

March 29th, 2010 by Mark

The Internet continues to change the way we create & consume, but sometimes the new modes are not so new.

During the Renaissance portrait painting became popular – commissioned paintings of individuals, groups and families showing them in situ with the intent of capturing the visual appearance of the subject. It first became common among noble families, royalty and church leaders looking to have their greatness preserved for the ages, but it later became less exclusive and in the 18th and 19th centuries it’s popularity took off among middle class families.

During the 20th century portrait painting suffered a decline, largely due to the ease of photography as a method of capturing a likeness, but also because western society’s taste moved away from crafted goods to the mass produced. Painted portraits felt provincial, much like hand made furniture in the era of Ikea.

This trend had begun before Gutenberg and had the great benefit of progressively providing the masses with access to books, porcelain, transport, art, plastic, electronics, music, theatre and the Internet.

A combination of economic forces (mass-market, mass-distribution, mass-production) and the popularity of mega-brands squeezed artists out of the mainstream. The role of the craftsman, artisan and artist was greatly reduced and displaced by the factory worker, mechanic and miner and eventually by the programmer, management consultant and life coach.

Slowly bespoke artefacts have taken on a new meaning, a hand made chair became a sign of wealth rather than poverty. But for the mass-market, mass-production is it. Artists either make it big and became superstars or struggle to gain recognition. The traditional middle ground for the common artist has been lost.

One of the trends being enabled by the Internet is the breakdown of the economic factors that have caused this polarisation. Production, marketing, shipping and transactions are being commoditised and it is becoming viable for individuals to create and reach a market without having to pitch their ideas to companies with worldwide distribution and marketing clout.

Want to publish a book? Go to blurb.com and self publish. Want to market a line of unique lamps? Put them on etsy.com and buy some AdWords. Want to get exposure for your new single? Post a killer video on YouTube (10 million views in under a month, no major record label backing).

The flip side of this coin is that the market is seeking out unique, short run or hand-made products again. Sites like Threadless.com changed the way we look at T-shirts from being a vehicle for logos to a vehicle for creativity and self expression. The value people place on mass produced objects such as CDs is falling – but there is plenty of value seen in unique or limited release material.

My family recently commissioned a portrait from Nan Lawson. It wasn’t expensive and the whole transaction, from initial contact to feedback on a couple of iterations to the final payment, was conducted over the Internet. We love the personal nature of the portrait, the way it captures us, our tastes and the our time, but most of all I’m excited that the Internet is enabling a renaissance of commissioned creativity on this scale.

Posted in Industry Comments Off | Reply

Life, below 600px

February 3rd, 2010 by Mark

A nice exploration of what goes on below the fold

Life below 600px

Posted in Under The Hood Comments Off | Reply

Understanding the iPad

February 1st, 2010 by Mark

There has been a lot written and said about the iPad in the last few days, most of it by techno geeks, and much of it negative. Many people expected a laptop in a tablet form factor and set about listing all the things their laptop had that the iPad didn’t: a camera, USB ports, a big hard drive and the ability to run multiple applications at once. But I suspect geeks are missing the point that this device is not aimed at them and that that despite these apparent short comings, the iPad could be a winner.

Jeff Croft has some interesting thoughts on how the device could be used and what is really missing:

There is no excuse for this thing not to have multi-user support. This could have been the world’s greatest coffee table device, if it only had support for multiple users. Think about it: the thing sits on the coffee table. Daddy logs in. He checks his e-mail and his sports scores. He logs out and puts it down. Little Timmy logs in. He IMs a friend and plays a game. He logs out and sets it down. Mom logs in. She get a recipe from her bookmarked Martha Stewart page and forwards some totally-not-funny cat video to her best friend. And so forth. This is the new PC. But it requires multi user support. If I can’t log in and have my own bookmarks, my own email accounts, my own IM lists, and my own Twitter feed, it’s useless as a family PC.

While it may currently be useless as a family device because of the lack of multi-user support – this feature can’t be far off.

Jeff (and others) make an interesting price comparison with the Kindle – the cheapest model is also only slightly more expensive than a high end digital picture frame.

Chris Thorpe notes the impact the wii had on digital inclusion:

When the Wii launched it revolutionised not just gaming, but who plays and who buys. … The real world is all about gestures. We turn a page. We swish a piece of paper out of the way to see what is below. We press a button and the kettle boils.

The first main problem [non-technical users] have technically is that computers look complex. They have lots of things you plug into other things. Every thing has an arcane name, very few of these names really relate to their function. Each of these things causes something to happen but not in an obvious touch the thing and something happens to it way. It’s always at one removed. When you add in connecting the overarching thing to the internet then it becomes an activity of worry and confusion.

Then you look at the iPhone and iPad. It really is all-in-one. Sure it lacks USB ports, but actually lots of people don’t need them to much. It comes with a mechanism of internet access built in and the 3G one is essentially a “charge it up and play” inclusion device.

Mark Sigal at O’Rielly looks at some important numbers:

  • 125 million accounts with credit cards on iTunes – all these people are already setup to buy content for the iPad
  • 75 million people with iPhones and iPod touches – all these people are already familiar with the interface and limitations of the device
  • 140 million apps on the app store that will run unmodified on the iPad – all people already have on their iPod/iPhone can be transfered seemlessly onto the iPad. Not to mention their music, their photos, etc..

John Gruber talks about the new chip:

Lastly, there’s the fact that the iPad is using a new CPU designed and made by Apple itself: the Apple A4. This is a huge deal. I got about 20 blessed minutes of time using the iPad demo units Apple had at the event today, and if I had to sum up the device with one word, that word would be “fast”.

It is fast, fast, fast. The hardware really does feel like a big iPhone — and a big original iPhone at that, with the aluminum back. (I have never liked the plastic 3G/S iPhones as much as the original in terms of how it feels in my hand.) I expected the screen size to be the biggest differentiating factor in how the iPad feels compared to an iPhone, but I think the speed difference is just as big a factor. Web pages render so fast it was hard to believe. After using the iPhone so much for two and a half years, I’ve become accustomed to web pages rendering (relative to the Mac) slowly. On the iPad, they seem to render nearly instantly. (802.11n Wi-Fi helps too.)

The Maps app is crazy fast. Apps launch fast. Scrolling is fast. The Photos app is fast.

Apple now owns and controls their own mobile CPUs. There aren’t many companies in the world that can say that. And from what I saw today, Apple doesn’t just own and control a mobile CPU, they own and control the hands-down best mobile CPU in the world.

So we have a device that is cheap, easy to use, easy to migrate to, super fast and fun. It’s hard to see this as a desktop or laptop replacement, but it’s pretty easy to see it succeeding as a coffee table or bed side table device.

Posted in Apple, Industry | 2 Comments | Reply

2 Responses to “Understanding the iPad”

  1. Philippa says:
    February 1st, 2010 at 3:02 pm

    An interesting article ran in the SMH today (see: http://www.smh.com.au/digital-life/computers/flashpoint-as-jobs-takes-aim-at-adobe-20100201-n86t.html) about the shortcomings of the iPad in relation to Adobe Flash.

    Effectively, iPad users will not be able to access the full range of web content, including over 70% of games and 75% of video on the web.

    The true niche of the iPad will soon become apparent, and perhaps web browsing will not be the primary reason users will choose to buy one. For now, however, I feel that it doesn’t fulfil any real shortcomings of products that are currently available.

  2. Mark says:
    February 3rd, 2010 at 7:26 am

    There is no doubt that Adobe and Apple are on a collision course over this, but I wouldn’t be too quick to say the iPad will be the loser – the iPhone and IPod touch have the same “shortcoming” and they seem to be doing ok. Some interesting thoughts on how this could play out at http://daringfireball.net/2010/01/blue_boxes.

Web Directions South 09

September 17th, 2009 by Mark

October is going to be a huge month for the web in Australia with both the Web Directions South conference and the inaugural Web Week.

Web Directions brings together the many disciplines that shape the web – web design, front-end and back-end development, information architecture, interaction design, accessibility, data visualization and much more – and gives delegates four tracks of presentations to choose from. It is truly a huge event, quite likely the largest web related gathering in the southern hemisphere.

Web Week is a week long celebration of the Australian web industry with events ranging from Webjam, to art exhibitions, to meet ups, to indoor rock climbing.

dsc_0115

A very nervous Mark, speaking at the first Web Directions in 2004

I’m enormously proud to have been invited to speak at Web Directions South 09. My first large-scale public speaking gig was at this event in 2004, back when it was held in one big room with one big audience. Since then the conference has gone from strength to strength, increasing in size each year and so I’m equally daunted about speaking this time.

My talk this year is called “Speed matters”; here is the description from the conference proceedings:

As we build richer, more complex web applications it’s easy to forget that speed is the cornerstone of user experience. Bing have found that a 2 second delay reduces revenue by 4%. Google know that half a second delay drops traffic by 20%. AOL have shown that users with a speedy experience stay 50% longer than users who have to wait. The evidence is clear – speed matters.

What’s more, most latency comes from the front-end, not the backend so the fixes are not specific to a particular platform. This session will examine a range of techniques from DOM & CSS tricks to web server and HTTP tweaks that can help improve front-end performance by 25-50%.

Whether you’re looking to save bandwidth, increase your conversion rate, retain visitors, save time or just make your users happy – the speed of your site matters.

The conference is on October 8 & 9 with two days for workshops on the 6th & 7th. Tickets are still available so get along if you can.

Posted in Gruden News, Industry Comments Off | Reply

Google Wave API Day Sydney

June 29th, 2009 by Mark

On the 19th June Google held a whole-day developer event at their Pyrmont office to showcase their new Google Wave technology and Gruden were lucky enough to be invited along.

Google Wave API Day

The Day

As interesting as the technology – was the format used to showcase it.

The day started with a couple of short talks introducing the Google Waves system, the various pieces that make up the whole and Google’s vision for the technology. The 80 odd developers were then broken into small groups, each accompanied by a couple of Googlers and taken off to various corners of Google’s amazing Sydney offices for a lunch and informal Q&A.

The second half of the day was dominated by the hackathon – the idea here was for the developers to work together or alone on some wave related development of their choosing. During this extended period it seemed that the entire Wave team were on hand for discussion, brain storming, feedback and assistance. The documentation guy was there to hear how documentation could be improved, the Python API girl was immediately on hand to answer my App Engine questions, the UX guy was closely observing how people interacted with Wave and where they had troubles, the Java team were recompiling the API server to include additional dependencies. This level of interaction seemed to be a great way for the Wave team to learn how people are going to approach their product and a great way to help the developers who turned up to get up and running quickly. It was also great to see the level of talent we have locally – Google maps was developed in Sydney and it’s this same team that are behind Wave.

The hackathon culminated in people demonstrating their days’ work live in front of the group over traditional geek fare of beer & pizza. There were nearly 30 demos ranging from GPS hacks to games of connect 4 and hangman to bots that could define terms and tell you what is next on TV. The winner on the night was a shared white-boarding app implemented in Flash.

Lunch time!

What is Google Wave?

There is no simple way to explain it. The most succinct explanation is possibly phrased as a question – if email was to be re-invented today, from the ground up, what would it look like? And by “from the ground up” we’re talking client, server, protocol, the lot.

At a fundamental level, Wave is an open protocol specification. The idea is that, as with email, a variety of companies will develop competing clients (eg. Outlook, Hotmail, Mail.app, Thunderbird) and servers (eg. Exchange, Postfix, Courier) based on the Wave specification.

On a more practical level Wave is email, real-time chat and collaborative content editing & versioning rolled into one. It allows for multiple people to communicate in real time using text and rich content, while retaining the full history of the conversation and the ability to browse backwards and forwards through this history.

Wave also incorporates a framework for developers to create gadgets (client side mini-apps that run within a wave) and robots (server side applications that interact with waves in various ways).

In Google’s own words:

Google Wave is a product that helps users communicate and collaborate on the web. A “wave” is equal parts conversation and document, where users can almost instantly communicate and work together with richly formatted text, photos, videos, maps, and more. Google Wave is also a platform with a rich set of open APIs that allow developers to embed waves in other web services and to build extensions that work inside waves.

- http://code.google.com/apis/wave/

If you want to know more about Google Wave there is a fairly lengthy video of it’s unveiling during the keynote of the Google IO conference a few weeks back. This video contains a number of interesting demonstrations.

There are also a number of online resources depending on whether you are interested in the back story, the big picture, the APIs or the protocol.

Demo time

Will Google Wave change the world?

Maybe, but not any time soon. The protocols that we all depend on to send and receive email were initially developed in the early 80’s and while things move a lot faster now they still years to mature and get adopted.

Google Wave represents a major paradigm shift for end users to get their heads around which is not helped by the fact that it currently has serious usability issues. It is also very much in early beta – crashes are not uncommon and it needs some serious optimisation to avoid causing browsers to occasionally hang. Most of the time these are friendly and just require browser refreshes, but they are frequent.

But for all this it is an incredible step forward at many levels and it addresses many of the current shortfalls in current modes of digital communication. Google have shown they can address performance and usability issues in their products, so the extent to which Google open up and allow competition will probably be the deciding factor in Wave’s success.

Thanks to Jan Vaughan for the great photos

Posted in Industry Comments Off | Reply

WebDU slides: Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

May 29th, 2009 by Mark

Last week I delivered a talk at the fantastic WebDU conference which focused on an area that I have been becoming increasingly concerned about over the last while – security in the browser. Unlike other areas of the web platform that have well defined and effective security mechanisms (SSL/TLS, firewalls, strong passwords, access control) the melting pot of HTML, CSS, Javascript that runs within the browser is increasingly being shown to be a weak link.

Photo courtesy of http://www.flickr.com/photos/webdu

Photo courtesy of http://www.flickr.com/photos/webdu

The talk, aimed at a technical audience, hopes to raise awareness of the issues and solutions and makes the points that we as web developers carry a lot of the responsibility for minimising the impact and extent of the problem.

As I’ve gone through the process of publishing this presentation online I’ve been concerned about the loss of context that comes with publishing the slides alone. I’m still waiting to hear whether the conference organisers will be publishing the audio (or if it was recorded), but I will post a link if and when it is [UPDATE: Geoff has posted the link to the audio below!].  In the meantime, there are some footnotes below to give extra context, I’ve also collected up all the links I used for reseach at http://delicious.com/markstanton/js-security and comments and questions are welcome.

  • Inpsiration for this talk came from a conversation with Doug Crockford after a presentation he gave at Web Directions South last year and from another presentation by Simon Willison I stumbled across a week or two later. Both of those presentations are worth checking out if you are working in this area. Google’s Browser Security Handbook is also essential reading.
  • MySpace pursued Samy for his actions and in 2007 Samy was found guilty and sentenced to 3 years probation and 90 days community service. While this was a spectacular example of a JS based attack I’m certainly not advocating this sort of thing.
  • Developers need to think about where all their data comes from, not just focus on form and url data. If you are syndicating feeds or pulling data from some back office system it should be treated with the same care & caution as online input.
  • The context switching idea is key and needs to be clearly understood. The “I only allow some HTML” is generally a sign you need to look more closely at what you are doing. You think you’re only allowing HTML, but are you really sure? http://ha.ckers.org/xss.html is a useful resource for testing to see if context can be switched. OWASP have a good explanation of what context switching is and how it works.
  • The demo is an over simplification. Part of the points I was trying to make here is that there is a level of trust between users and the sites they use – if a site is compromised this trust is open to abuse. The greater the level of trust the higher the risks.
  • The full GMail/CSRF/stolen domain story from the victims perspective is at http://www.davidairey.com/google-gmail-security-hijack/. Scary stuff.
  • The “don’t click” story is at http://softwareas.com/explaining-the-dont-click-clickjacking-tweetbomb. This is the only case of this type of attack that I am aware of.
  • The question mark after 100% safe on the EASPI slide referrers to the fact that developers would need to use it 100% correctly 100% of the time which is unlikely unless you have good unit testing practices in place.
  • Don’t look for one way to protect your site – protect it in as many ways as you can. The landscape is changing so what works today might not be 100% fail-safe next year. Start with the things that are easiest to implement in your environment and go from there.

Posted in JS Security, Under The Hood | 2 Comments | Reply

2 Responses to “WebDU slides: Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF”

  1. Geoff Bowers says:
    July 23rd, 2009 at 11:56 am

    You can get many of the session recordings online via the webdu session podcast — including “Be Afraid, Be Very Afraid” :) Enjoy!
    http://www.webdu.com.au/mxsession/feeditunes

  2. Mark says:
    July 28th, 2009 at 8:47 am

    Thanks Geoff!

Gruden sponsors WebDU web technology conference

April 28th, 2009 by Mark

We’re proud to announce that Gruden will be sponsoring WebDU 2009 for the fourth year running. For those that don’t know WebDU is a conference for anyone at the coal face of web design & development. Bringing together Adobe, Microsoft and Google and a host of local and international speakers – including Gruden’s very own Mark Stanton (aka me) – it’s a brain melting three days of internet goodness.

If you’re involved in making websites or web apps in any way make sure you put 21-22 May 2009 in your diary and register, enter the competition or apply for a scholarship because WebDU should not be missed.

Posted in Adobe, Gruden News, Microsoft Comments Off | Reply

Swine Flu hits social media!

April 28th, 2009 by Mark

xkcd.com is as brilliant as ever today:

swine_flu

Posted in Industry | 1 Comment | Reply

One Response to “Swine Flu hits social media!”

  1. Guy says:
    April 28th, 2009 at 1:05 pm

    Actually Twitter was pretty useful during today’s uninformed panic with the Sydney blackout – I knew exactly when the power was back on!

Gruden goes Naked

April 9th, 2009 by Mark

Styles have been stripped from blog.gruden.com to mark CSS Naked Day.

Posted in Gruden News Comments Off | Reply

« Older Entries