Localizing your iOS app can have a major impact on game revenue. Read on to find out how:

What is localization?
Localization is simply the process of translating your product into different languages for a specific country or region.

Why localize your app?
Localizing your app can make a huge difference in growing a loyal fan base in other countries.  The Apple App Store is available in over 120 countries with support for 40 languages.  Support for international payments, currency, and more, is already built in to the App Store.  So taking your app global is a great way to increase revenue and the process is probably more straight forward than you think.  Let’s take a look at how to bring your app to the global market place with localizations.

Getting started
The first step is to figure out which countries you are interested in marketing to.  Up to date sales data by country is difficult to come by.  That said, a good place to start is with populous countries with minimal english speaking people, who love technology.  Examples include, Japan, Korea, China, and France.  There are some sites on the web that show trends.  It pays to check this out periodically. My own research for a free ad-funded app (released earlier this year) yielded the top countries as  Korea, Taiwan, China, Japan,  Spain, France, Italy, Germany, and Russia.

Once you’ve figured out which countries you want to market to, the next step is to choose the languages for your app.  Usually country to language is 1 to 1 but that’s not always the case.  For example, there are 10 languages associated with China or Chinese.  So it pays to do some research on the country you will be targeting and figure out which language(s) make the most sense for your app.  In my case I focused on two languages for China, simplified script and traditional script.

Translating your copy
Probably the toughest aspect of localizing your app is to acquire the actual translated copy.  You can gather translations for common text items like Cancel, Ok, Continue, Back, Close, etc. by simply changing the language on your iOS device and take note of the translation for these common text items.   Using the same translation as iOS itself really helps the user and keeps your app consistent with the operating system.

For less common words and simple phrase translations, many developers use Google Translate or some other on-line translation service.  This can be problematic if you need more complex sentences or phrases translated.  Poorly translated phrases may actually hurt more than help by confusing or even insulting the user.

By far the best approach to translating your copy is to use a professional translation service.  There are a variety of translation services marketed on the web.  You probably want to focus on those that specialize in working with iOS apps.  Companies with a focus on iOS app translation often provide good documentation or tools that make the process of setting up your app for localization easier.  In most cases you can get an online estimate by pasting your copy into a form.

Tips for Localizing your App
The process for localizing your app is fairly straight forward.  Apple’s developer documentation provides a complete set of programming topics that will guide you through the process.  There are a few common pitfalls to avoid.

Complete your app (especially the user interface) before localizing.  Once you begin creating localized versions of your windows, views menus, etc., if you change the arrangement of screen items, you will find yourself tweaking multiple files (one for each language).  Completing your app also ensures that you will have all the text you need translated. Remember to include any online help text that you link to from your app in your copy for translation.

Consider alerts and dynamic text for translation as well, not just the text you see when views first load.

If your app references any locale or region formatted information like time, date, currency, or other numerical values, remember to use the locale settings of the device in calculations and text you display dynamically.  For example, if you calculate and display miles per gallon in the United States,  be prepared to calculate and display Kilometers Per Gallon if the user’s locale is set as such.

Avoid having graphics that contain text.  For example, if you use a custom button background and the title for the button is included as part of the image, you will need a version of that graphic for each language.  You can save time by keeping text out of the graphic and use the title property for text instead.

Sound files that contain spoken text will need to be available for each supported language.

One key decision is whether you will also provide translated App Store meta data (app description, etc).  This is something you need to figure out before you go live because adding localized meta data requires you submit a new version to the App Store.

Consider starting with localizing your app for one or two countries and bringing more on later.   If your product roadmap includes expanding features in later versions,  you can move additional translation costs to those versions and justify the expense based on sales in additional markets.

Testing your App
It’s important to test your app with your test device setup for each supported language.  Compared to English, most other languages will result in more characters for any given word or phrase.  You may need to adjust the size of some of your UI controls to accommodate the increased length of a word or phrase.

If possible, add testers from your target countries.  Ask for feedback specifically as it relates to translations.

Hmmm, I’m not sure just yet
Even if your still on the fence about bringing your app to international markets by localizing your app you can still help yourself by taking some basic steps in your app development right now.  Start by reading through Apple’s developer documentation as it relates to localization and internationalization.   You’ll discover, when beginning the development of your app, that you can take some simple steps that will make localizing your app later much easier and cost less.

Patrick Brennan, Senior Software Developer

Apple’s development certificate stuff can be difficult to understand, and after I recently explained it to a new team member I thought it would be a valuable topic for others.  Some of this is documented well on Apple’s site, but I will go through it and focus more on the parts that I found unintuitive.

You can download Xcode for free and start creating apps and experimenting with the iPhone/iPad simulators right away.  If you want to put anything onto a device, however, you will need to purchase a developer license from Apple.  (Note: A device is required for things like testing In-App Purchases, Push Notifications and Location Services.)

After you sign up as a developer, you have access to the developer provisioning portal where you can request a development and distribution certificate.  Apple’s site does a good job of walking through most of this process.

How to create a development/distribution certificate:

1. Generate  a Certificate Signing Request (CSR) with a public key
• In your Applications folder, open the Utilities folder and launch Keychain Access.
• Choose Keychain Access > Certificate Assistant >Request a Certificate from a Certificate Authority.
• In the Certificate Information window, enter or select the following information
• In the User Email Address field, enter your email address
• In the Common Name field, enter your name
• In the Request is group, select the Saved to disk option
• Click Continue
• The Certificate Assistant saves a Certificate Signing Request (CSR) file to your Desktop.
• The public/private key pair will be generated when you create the Certificate Signing Request (CSR) if you use the Key Chain Assistant to create the CSR.
2. Submit the CSR through the Provisioning Portal to the Admin for approval.
• Click the Distribution/Development tab
• Upload the certificate by choosing the file
• Click Submit

Once the certificate processes and downloads you can double-click it to add it to the Keychain (the login keychain by default), the part that is not clear is that this certificate is tied to the computer where you requested it.  If you ever want to sign an app with the certificate on another computer (or another OS on the same computer), you need to export your identity from Keychain Access.  The export process is pretty simple and creates a “Personal Information Exchange” (.p12) file that can be copied to another computer:

Apple's Keychain - Simple Export Process Creating a "Personal Information Exchange"

If you have e a team with multiple developers that could potentially submit an app to the App Store, then exporting the identity is a critical step. This allows other team members to import that distribution identity, download the distribution certificate and provisioning files, and sign the app for testing or submission (Ad Hoc or App Store).

Once you have a developer certificate you can activate any iOS device for debugging:

1. connect the device via USB
2. run Xcode
3. open the Organizer (Window->Organizer in Xcode)
4. go to the devices tab
5. Control-Click on your device in the list
6. select “Add Device to Provisioning Portal”

Xcode will take care of requesting a development provisioning profile (iOS Team Provisioning Profile), and install it on your device.

The next thing you’ll want to try is Creating an App ID, but be careful here – once created, an App ID cannot be changed or deleted. The App ID is comprised of a description, a prefix, and the bundle id. The bundle id is something like com.domainname.appname, and the bundle prefix can be left alone unless you are creating a suite of applications that need to
work together.  A few pieces of advice:

1. lowercase bundle id - The App ID is case sensitive, so it’s best to eliminate confusion/mistakes by sticking to all lowercase.
2. unique description - The common name (description) field shows up in a few different drop-downs, and if you create two that are similar it  can be a pain to keep them separate.
3. double check before submit – As I said earlier, this is permanent.  A misspelling here isn’t customer facing, but it can be annoying and confusing for other teammates.
4. beware enter key - The default action for the enter key is to submit.  I accidentally found this out after I entered the Description, but before I had entered the bundle id…  Duh! So now we have an empty bundle id with a valid-looking description.

Once you have an App ID you can create provisioning profiles for that app.  There are three types of provisioning profile:

1. Development - Now that Xcode manages a default development profile you shouldn’t have to worry about this.
2. Ad Hoc - This is for distributing to coworkers or team members that may need to see or test the app. If they are not registered as developers on the same account, then their device UDIDs need to be manually entered.
3. App Store - Used only for final submission to the App Store

Revoking

If you didn’t export the identity (.p12) files, and the original computer that created the Certificates is lost or wiped, you can Revoke the existing certificates and create new ones. Unfortunately this requires updating all of the active Distribution Profiles.  It’s not difficult, but depending on the number of apps it can be a tedious process.  To do this go to the Distribution tab of the Profiles section, and click Edit -> Modify next to each profile. The Modify page will not let you Submit the profile unless you make a change, so usually I just add a space to the profile name.  Once the profiles are processed they can be downloaded and added to any computer with access to the distribution identity (.p12) file.

Hopefully, this saves you a ton of stress and time.  Do you have any additional feedback on  Apple Development Certificates?   if so,
add it in the comments.

Tony Feick. Senior Software Developer

How important is system uptime to your customers? At W3i, we feel that it is of upmost importance that our systems are always up and running. This was one of the driving factors for our data center move back in March of 2010 (see related blog post here).
The move to the new data center was a much needed refresh to help strengthen our systems. Let’s be realistic, can anyone ever be up 100% of the time? We all strive for that, but system failure and human error will find a way to bring you down.

What if Bob made a change to an application that he didn’t realize would have an adverse effect on another system that Jane maintains? Or if Bill added a new feature to his application, but wasn’t aware of the system resources required to support the new feature? The new feature add resulted with everything slowing down due to CPU overload.

In the fast paced MVP to full blown product business we are in, issues like this come up all the time. How can one keep track of all these ties to identify when issues come up?

That’s easy, documentation right? Let’s be real though, who reads documentation? We should also remember that documentation is only as good as the contents freshness and relevance. Truth is no matter how much documentation, how many procedures are in place or how much testing goes into something; Murphy’s Law will always show its ugly head every now and again. So how do we make sure that everything is working and functioning as it should and there are no issues with your sites or systems?

That’s where system monitoring comes in. There are a plethora of different monitoring solutions available on the market today and each has their unique capabilities and offerings. Is there one holistic solution out that will fill all your needs? The answer is, probably not. You’ll likely have to piece together your monitor solution with several tools. Once you start to get all your systems covered you’ll begin to fill in the black holes of the unknown with visibility into the function resources that make up your infrastructure.

We at W3i utilize multiple monitoring solutions to try and grasp every aspect of every system and or application. We monitor CPU, memory, disk, and network utilization with Solarwinds Orion NPM while leveraging Solarwinds’ other modules such as Application Performance Monitoring (APM) to monitor services, exe’s and perfmon data and Netflow Traffic Analyzer (NTA) to monitor the bits that are traveling our network. To watch website availability we use a solution from ExclamationSOFT called WebWatchBot that hits our web properties and makes sure specified search terms are present along with a status code we are expecting users to get. We also use WhatsUpGold from IPSwitch to monitor our external availability. Then there are other applications specific monitoring solutions such as Quest Foglight Performance Analysis for SQL and some customer made monitoring utilizing Microsoft PowerShell and the list goes on and on.

From our experience there isn’t a holist solution, but by using many different solutions you should get the full coverage needed to monitor and maintain all aspects of your infrastructure. The goal in any alerting/monitoring solution should be to help keep you informed about potential issues proactively before they become problems. There is nothing worse than getting notified of issues from others outside of the group whom take pride in maintaining the systems. Leave a comment if you found a great solution for system monitoring.

Brad Gocken, Manager of Information Technology, W3i.  Brad has more than 11 years of working experience in IT related fields. He is from Minnesota and loves learning about new technologies. He also enjoys brewing and drinking craft beer.

As a business grows online there are some key questions you need to ask yourself. Let’s start with, how important is uptime?  Or how about, can we support the increased demand for our systems? The answer to both questions is, Yes!  W3i has seen extraordinary growth during the last several years, so I learned first hand about demand on the system.

But how do you get to that point of high availability while maintaining scalability? The easy asnwer is to throw more system resources at the problem, right? Wrong, unless you want to go with 3 tiered architecture that doesn’t really solve any scale issues and can actually make scaling and staying highly available much more difficult. Why? Well as you build up these large box systems to help solve the scaling issue you complicate your ability to stay highly available. The large SQL server you just built now needs another box of the same size to take over in the event that the first one fails. But if the one site fails, you need to have a secondary site setup to handle the full load that the primary was setup to handle. Not only that, how do you setup replication between the sites? As you can see, we aren’t really solving any problems here.

That’s where distributed computing systems come into place. Sounds well and good, right? Let’s start building this thing already! Not so fast. Before you begin to build a distributed system you should become familiar with CAP theorem first. The CAP theorem has three requirements; Consistency, Availability, and Partition Tolerance. However, it states that it is impossible for a distributed system to provide all three simultaneously. I knew this was too good to be true! Let’s take a closer look at the three requirements.

Consistency: A consistent system is one that’s either fully available or not at all. There is no in between. What’s written on one device is accessible in all other devices set to serve the same information.

Availability: An available system is one that is available and operating fully. You can’t have a service that is available, however, inaccessible do to overload.

Partition Tolerance: A systems ability to run on its own without the need of others to provide the service as intended is an example of partition tolerance.

Sweet, I want all three please! In a perfect world maybe but welcome to reality. Reality and the CAP theorem state that it’s not possible. Well why not? Let’s take a simple database example to show why.

Let’s say you have a simple DB server environment that contains multiple nodes. This covers the consistency requirement as they know and have what they need to do their job.  Let’s figure out the availability requirement. That’s simple, setup replication between the two so now they are exact replicas of one another.  You now have a consistent and high availability setup. Oops just lost the data center that hosted the DB server environment. Guess it’s not so highly available after all. Ok let’s fix that. Let’s setup another datacenter across the map that has another DB cluster setup. Ok cool now we are highly available. But what happens if you lose connectivity between the data centers?

Well that depends. It depends if your applications were developed in a way where inconsistencies are bad or not. If data
inconsistency is tolerable, then you’d be running under the partition tolerance and availability requirements, however, you would lose the consistency ability. Now if your system needed to have consistency for some reason to function (banking environments come to mind where every dollar needs to be accounted for no matter which system performed the withdrawal), then you would lose the availability piece as you would have to lock the system until a consistent state has resumed.

This simple DB example shows how it would be nice to have all three requirements built in, the truth is you just can’t do it.

So what do you do? It really depends on the system/service you are providing. When planning out a distributed system to meet scaling needs, you need to first identify which of the three requirements you need to achieve your end goal. Remember you can’t have all three; but who says certain parts of a service or system can’t be built in a way that is separated to the point that different areas use different requirements.

Happy distributed computing!

Brad Gocken, Manager of Information Technology, W3i.  Brad has more than 11 years of working experience in IT related fields. He is from Minnesota and loves learning about new technologies. He also enjoys brewing and drinking craft beer.

With Windows 8, Microsoft is taking a dramatic change in how users interact with Windows; centered on the Metro interface and application environment.  Here’s what I learned at the Microsoft Build Conference in Anaheim, California as Microsoft revealed the latest incarnation of Windows, namely Windows 8.

In Windows 8, Metro is a replacement for the Start Menu, and the normal desktop view of Windows.  When a user first logs into Windows 8, the first thing they see is the Metro interface with application tiles on the interface that are similar to the tiles seen on Windows Phone 7; these tiles are called “Live Tiles”.  Besides being interfaces to the specific application, they can display information relative to their function on the tile themselves.  For example, a weather app could display your current weather location, the Twitter app could show the latest tweets, and so on.

The Windows 8 Start screen in developer preview version (Build 8102.winmain_win8m3.110912-1733.92eb4451821f0730). It was released at the Build Windows event. Source: Wikipedia

Microsoft is heavily pushing the Metro interface; it appears that they want to use the current base of Windows-based systems to incorporate Metro, rather than having it limited solely to low-powered tablet-based systems.  Microsoft is betting that touch will be everywhere in a few years; much like the age of computers changed when the mouse was introduced.  They are counting on the fact that touch will have the same effect; every system, every monitor, will be touch enabled.  With that context, their promotion of Metro makes sense for the future of Windows.

Touch

Metro is really meant for a touch interface.  Touching a tile opens the application; swiping on the main interface scrolls the available tiles. Swiping from the right edge in any application brings what Microsoft terms “Charms”, which gives access to sharing, search, configuration options and the like. Swiping from the left edge switches between running applications; swiping from the bottom or top of an application will bring menu options available from that application.
The Metro interface is definitely a touch interface; with a touch-enabled screen it is “fluid and fast” as Microsoft described it many times during the conference.  At the same time, however, it turns into a second-rate interface with a mouse and keyboard; much like touch on the classic desktop is not ideal, keyboard and mouse on the Metro interface does not feel ideal.  Granted, many things may change before the release of Windows 8, however, I hope the interface translates better than it does currently.

The classic desktop is still there as a tile on the main Metro window.  All applications that currently run on Windows 7 should work fine under Windows 8; when those applications are launched they open on the classic desktop and work as you would expect them to.  The classic desktop will be available on any x86 and x64 systems; however with the new ARM platforms that Microsoft is targeting (light tablets like the iPad and Android platforms), the classic desktop is rumored to not be available; the only interaction will be through the Metro interface.

Metro Environment

The best way to describe the environment that Metro applications run in is comparing it to current offerings of iOS and Android platforms.  Metro is a closed environment, given only what the Windows Runtime (WinRT) allows.  All apps work within a sandboxed environment; apps have their own storage area and temporary file location.  Any access outside of these areas is only through the user specifically selecting files outside of those environments; the Windows registry and random file access is not allowed.  There is limited interaction between apps; the only way to “share” content between apps is through the use of Contracts defined by Microsoft.  These contracts define what each application shares with other applications, either as a source or a target of those given contracts.  For example, one app might be able to share pictures with another app, or another might be a target for search queries within the application.
Applications are fully managed, much like the application lifecycles you see in iOS and Android platforms.  When an app is visible, it’s in its running state; if the user switches to another application, the former app will go into a suspended mode shortly; taking memory but not able to process any data.  Eventually if the memory needs to be freed, Metro will stop the application; these situations should be handled.

Access to external services, such as querying web services and such are all managed through WinRT.  Metro apps can define background processes for performing tasks and keep the application responsive, but as always, these are all managed by the system.  Any normal service, running under the normal Windows desktop or web service, cannot assume that the Metro app is actually in a running state so any requests should come from the metro app in polling those services.
All device interaction with the computer is also managed with WinRT and Metro; any request to device capabilities, like the camera or accelerometer data, must first be declared in the application manifest.  Additionally, user confirmation must be given when the application tries to access the device module; the user will be given an option to approve the access when the app tries to access the device.

Windows Store

Like the other operating systems mentioned, all Metro apps are solely distributed through the Windows Store.  Like Apple’s App Store, all apps within the Windows Store must be fully approved by Microsoft, matching Microsoft’s design specifications for Metro apps, as well as functionality.  Given that many of Microsoft’s customers are enterprise installations, they did say that there will be enterprise installation methods available (likely through Active Directory or the like); however for all home and individual installations, Metro apps are only installed through the store, and cannot be side-loaded.  There is no actual installation executable (exe or msi) for Metro apps; a metro app is essentially a signed package and manifest, which the Metro environment loads; no custom installation options are available.

As much as has been said about Metro, very little was said about the Windows Store itself.  The current build of Windows 8 has a live tile for the store, but it only is a placeholder and is not currently available.  As mentioned above, all Metro applications must be approved by Microsoft; while the length of this approval process is unknown, they did say that the entire process will be transparent as to what stage of the approval an app is in, as well as detailed explanations as to why an app was rejected, and what needs to be changed to allow it to be approved.  There will be pricing options available, although the license options and Microsoft’s portion of the sale was not described.  It was mentioned that classic desktop applications may be available in the store, however, full details aren’t available.  Microsoft will likely release more information concerning the store when it’s available.

Overall Windows 8 Experience

 As it stands right now, Windows 8 and the Metro interface is pre-beta software; it is very buggy and experimental.  Windows 8 should not be run on production or every-day use systems; you will experience crashes and hangs; to anyone that has run pre-release software this should come as no surprise.  It is possible to run Windows 8 on some virtualization software, although the performance leaves much to be desired, as most VMs have a very basic video card driver, and all of Metro uses DirectX to run.  I would suggest a dedicated piece of hardware if one is available.
Microsoft plans to follow the same release cycle they had with Windows 7; there will be one Beta and on Release Candidate (RC) before the Release to Manufacturer (RTM), with the retail version of Windows 8 coming in the Fall 2012.  Many things will change between then and now, including the items listed above.

For more information about Metro applications and Windows 8 subsystems, visit the Microsoft Windows 8 development site at http://dev.windows.com, and all the videos of the keynotes and sessions from the Build conference can be found at http://www.buildwindows.com.

Joel Braun, Senior Software Developer, W3i

Joel has more than 9 years experience in software development focusing on native Windows development in C++.

Know the Market

It used to be that Internet Explorer was by far the dominant web browser, but these days several other browsers such as Firefox and Chrome have increased market share significantly. Statistics vary and you may find different results depending on your audience, but the top 3 browsers are growing closer in market share, as Internet Explorer continues to lose users to Firefox, Chrome and even Safari. In October, 2011, technology site ars technica recently reported that Internet Explorer dropped below the 50% mark across all operating systems.

Browser Stats According to ars technica

Other sites such as w3schools.com  and Wikipedia give Internet Explorer an even smaller share so it is a good idea to track and monitor which browsers are more common among your users. A low reading with a particular browser can also indicate a problem with your add-on.

Usage is even more splintered when taking browser version into account. Internet Explorer remains split between the last 4 major versions while Firefox is even more spread out.  By contrast, most Chrome users are using the latest version because Chrome updates automatically.

Some of the top browser makers are increasing the frequency of updates. Mozilla announced earlier this year that it will move to a rapid release cycle, with new versions coming every 6 weeks. This is similar to Google’s release cycle for
Chrome. Meanwhile Microsoft appears to be sticking with a longer release cycle for Internet Explorer, with version 10 expected early in 2012.

Recent Browser Changes

Internet Explorer 9 and Firefox 8 both introduced new confirmation prompts when add-ons are installed. This change raises a barrier for add-on distributors such as W3i’s InstallIQ. Although users go through the process and consent to install an add-on, they must consent again to accept the add-on the next time they use their browser.

IE9 displays an information bar at the bottom of the screen, and it may not be apparent to the user that it is there. Some users may miss it and after a few times IE will stop showing the bar and simply disable the add-ons. IE9 also added an Add-on Performance Advisor, which alerts the user when add-on load times exceed a certain threshold.

New Add-On Confirmation bar in IE 9

Firefox 8 has two types of add-on confirmation depending on how the add-on is installed. If you install your add-on using the common method of copying files into the Firefox extensions folder, then the confirmation prompt will open in a new tab when the browser is restarted. This prompt includes a checkbox which is unchecked by default, and is easily skipped by the user. Even worse, if multiple add-ons have been installed, Firefox will open multiple tabs, but as soon as one add-on is accepted, Firefox prompts the user to restart. Upon restarting, Firefox loses the other pending add-ons. This is a
significant barrier to installation processes that may install more than one add-on, such as InstallIQ.

New Checkbox Confirmation Tab in Firefox 8

Fortunately there is another method you can use, which should yield a higher rate of add-on enablement. You can package your add-on in an XPI file and install it on the Firefox command line. An XPI file is a Zip file containing the add-on components and an XML manifest. When add-ons are installed using the XPI method, Firefox displays a modal dialog with an “Install Now” button which is much more likely to be accepted by the user. In addition, multiple add-ons can be combined into a single install, with a single prompt to enable all of them.

New Add-on Confirmation in Firefox 8 for Add-Ons Distributed via XPI

InstallIQ now requires add-on partners to package their add-ons in XPI files so we can better manage the installation process. InstallIQ will automatically combine multiple XPI’s and install them by launching Firefox.

Looking Ahead

With browser updates coming at a faster rate and add-on installations becoming increasingly difficult for the user, it is important to keep an eye on forthcoming changes and be prepared to adjust your products.  Mozilla makes future Firefox releases available as they are being developed. They have a Beta channel for the next scheduled release, and the Aurora channel for changes that are further out.

Similarly, Google has multiple release channels which you can install for various platforms.

Meanwhile Microsoft is providing a preview of Internet Explorer 10. Microsoft has said that the Metro version of IE10 will not allow any add-ons, although the desktop version will.

Regardless of the nature of your add-on, it is more important than ever to streamline your development process and be ready to quickly make changes to adapt to the ever-changing browser platform.

Bill Zitomer, Software
Development Team Lead, W3i, LLC

Bill uses his over twenty years’ experience to build W3i’s core desktop products as well as back-end technologies.

Online Security Starts With You

This year was a very interesting year when it comes to computer security breaches. It seems like every week a new organization is hacked. You are probably aware of the Sony PSN hack that brought Sony’s PlayStation Network down for almost a month. Not only were millions of people’s personal details stolen, but Sony also took a hit in both reputation and revenue. A lot of the bigger attacks this year have come from groups like LulzSec and Anonymous. Their motives are not always understood as they sometimes claim to do it just for fun but at the same time indications point towards retaliation or just simply demonstrating how insecure the world of computers really is.

Preventing Online Fraud Begins with You

Personal Experience

Regardless of an attacker’s motives, it causes many people and companies time and money. It seems like I’m getting a new debit card every 6-12 months because somehow the number is stolen. I don’t even use this card online, only at local shops and stores. However, many people and systems have the opportunity to view my card number along the way. The cashier can easily read the numbers or have a personal scanning device nearby to swipe my number, which is why we see more and more stores requiring customers to swipe their own cards. Then once it’s swiped into the computer system it has to be authorized, possibly stored, and transmitted to a main server. Assuming everyone along the way is doing their job, this data should be encrypted and protected but that’s a big assumption. Most major card issuers require organizations to follow the PCI Compliance rules so there is some reassurance; but even if data is encrypted, it means it can be decrypted and viewed by a human at some point. Fortunately, a lot of card issuers have policies against fraud protection and will not force you to have to pay for fraudulent charges to your card.

Security, Not Just for Geeks

I recently attended the OWASP AppSec conference in Minneapolis, MN. This was a very interesting conference as I’ve been concerned about system and application security more and more lately. I didn’t so much learn about how to prevent attacks or how to do penetration tests as most of the tracks I went to were meant to build an awareness of various things hackers are doing–the tools they use, the exploits they find and the way they manipulate not only machines but humans.

I was familiar with the concepts of Social Engineering, but it became more apparent at this conference that this is becoming a common attack vector as the industry is getting better at locking the doors to their systems. Hackers are tricking employees to visit malicious websites or run infected applications that then allow the attacker directly into their internal network. It’s apparent that security is not just about closing network ports and writing secure applications, but also about teaching every employee throughout the whole organization about security. It’s everyone’s job, not just the geeks.

Making Security a Reality

I feel Information Systems (IS) needs to be the advocates of security within an organization. I feel it’s their responsibility to not only secure the infrastructure as best they can but to also teach employees about best practices and things to watch out for. IS should be defining policies and then training employees on those policies. Every IS department should appoint someone to be the security advocate. This person doesn’t necessarily need to do all of the actual work, but is actively thinking about security. Depending on the size of your organization you don’t need to dedicate all of one person’s time to this. But someone needs to spend part of their time thinking about security from multiple angles. They should be going to conferences like OWASP AppSec and helping build these policies and guidelines and giving direction.

Last year I took it upon myself to develop guidelines to improve W3i’s security. Since I presumed I wasn’t the first one to have this
concern I spent time looking around on the web for some existing guidance or information. This was the first time I had heard about OWASP and their Top 10 Project. They provided a list of Top 10 application security issues that are commonly seen in software. This list is intended to give you a starting point to build your own internal guidance for your department. Each organization has its own security needs and so certain issues may not apply or rank as high to an organization. It’s up to your Security Advocate to figure out what it is that must be protected and how to go about doing so. Again, the Security Advocate needs to go beyond IS and look at bringing awareness to the whole organization. Potential threats can be resolved by simply building awareness within the organization and establishing training for new hires.

Bringing it Home

Security breaches were a hot topic this year, and I don’t see it getting any better in the near future. There will always be vulnerabilities and someone wanting to exploit them. This is not to say that we should stop using technology or spend all day worrying about it. We should work together to build awareness by developing strategies within our organizations to educate each other. Allocating someone as a Security Advocate will help your organization make sure that your organization isn’t letting security fall to the wayside.

Jeff Smoley, Software Architect, W3i, LLC
Jeff ensures that the W3i development team produces quality solutions and maintainable code. With more than 11 years of software development experience, Jeff also sees that W3i follows security best practices.

I’ll be the first to admit that Adobe’s announcement about ending development for the mobile Flash plugin was unexpected.  It caused an uproar from the Adobe community and an equal amount of applause from the “Jobs was right” clan.  However, I think the blogosphere chose to focus on the news about the Flash browser plugin and left out the part that matters most for mobile application developers: Adobe is still fully committed to cross platform mobile Flex apps running on AIR.  Combining this commitment with the recent work that they have done.  I feel the Flex development platform is a legitimate option for cross platform mobile apps.

There are some big changes in AIR 3/Flex 4.6 that remove some of the challenges that haunt mobile developers using other cross platform tools.  The most important is support for Native Extensions. Native extensions are basically ActionScript libraries that  are implemented in native code.  It allows a developer to do anything on the device that is possible with the native development tools and leverage that functionality in the Flex app.  What this means for developers is no more waiting for the Flex SDK to support these special features.  So why go this route if it requires native code development skills?  In my opinion, it is much easier to construct an elegant user interface using Flex.  Therefore, this part can be shared and then only the device-specific parts need to be implemented natively.  In addition, many of the most common feature requests are relatively simple to implement such as access to the notification system, the phone vibration mechanism, or the gyroscope.  Finally, native extensions can be packaged separately and, therefore, third party implementations can be used for common features.

Source: Adobe Developer Connection/ Flex Developer Center, What's new in Flex 4.6 SDK and Flash Builder 4.6

Adobe also added a few mobile-optimized components in the latest release.  They are the SplitViewNavigator (for tablets), alloutButton, SpinnerList, DateSpinner, ToggleSwitch, and StageText, which exposed the native text control on each  platform.  I haven’t gotten around to using these as much as I have native extensions, but they certainly look like very useful components.  There are also many “gap-filling” improvements to the non-user interface classes.  A full list can be found here.  Adobe is also claiming some performance improvements which are always an issue with cross platform solutions.  Personally, I have found it to be okay, but not great.

Lastly, I think the tooling and packaging changes are worth noting.  I’ve been using the pre-release version of FlashBuilder 4.6 (due out later this month).  For one, it is excellent at consuming native extension packages.  However, it does not currently support building a native extension package on its own.  This is a pretty poor experience unless there is an existing extension available. On the other hand, it is very easy to create an ANT build file for creating them. FlashBuilder also now includes  support for unit testing and network monitoring for mobile projects, although I have not used those features.  The other notable is the new Captive Runtime support for Android.  Basically, this allows developers to ship AIR with the app package.  The downside is increasing the resulting .apk file size by at least eight megabytes.  It does eliminate the necessary user step which is downloading the AIR runtime app from the Android Market.

Although Adobe has signaled the end of the mobile browser Flash plugin, they have put considerable effort into making their  cross-platform mobile app development offering useful.  They vowed to keep making it better, and that’s good enough for me.

Derek Bromenshenkel, Senior Software Developer, W3i – Derek uses his wide variety of software development experience, spanning more than 5 years, to create value for W3i, its partners and app users.

HTML5:Everyone’s either talking about it, writing about or experiencing it. But who’s really using it and how?

With this post, that’s exactly what I wanted to determine.  The result as you’ll find out, is that HTML5 is at the brink of creating a shift in the way we discover, interact and share the content we love, but still has a long way to go.

HTML5-Changing the Way We Live?

In a nutshell, HTML5 is the natural evolution of HTML, the backbone of all things web. HTML4, the previous iteration of the language, debuted in 1997 and was updated, tweaked and revamped to keep up with all the changes in the web and mobile, not to mention users.

One of the biggest pro’s of HTML5 for developers is the freedom to deploy once and have their app available everywhere. From a consumers’ viewpoint, buying something once with the freedom to use it on multiple platforms is a major plus.

The HTML5 standard supports video, offline reading, touch and gestures – all functions that, until recently, were available for mobile devices on native apps. That being said, when it comes to mobile apps, native development currently wins out over HTML5, especially when trying to deliver apps that take advantage of some of the smartphone’s advanced functionality such as access to the camera.

The HTML5 Mobile App Store Landscape

Currently, the simplest way to distribute HTML5 apps is via the web, which end-users can then connect to via a hyperlink to their mobile device. This, of course, eliminates the need to go through Apple’s lengthy and somewhat confusing approval process. Alternatively, there are HTML5 app stores cropping up that are ready to make an impact in this new market. Very much like the app store, third party developers can list and sell their HTML5 mobile app modules and components in the stores, usually with the usual 70-30 revenue split.

Appcelerator just announced their new marketplace at the company’s Codestrong Developer Conference. The HTML5 app store includes mobile app modules, templates, design elements, cloud extensions and other components for the Appcelerator developer community to use.

OpenAppMkt, launched in 2010, is a web app that can be accessed from openappmkt.com. Installing it is super simple if you’ve ever added an item to you device’s home screen. You can browse through it like you would the App Store or Android market. Most of the apps are free, however, like with most good things in life, the best things cost a little money.

Openspacestore, which was recently launched at TechCrunch Disrupt, recognizes the type of website–gaming, entertainment, news, travel or other and notifies the user in real-time that new apps are available for download. A perfect example of this is a visitor going to TMZ.com and being notified of the top gaming and entertainment apps such as DailyHoroscope and Angry Birds. Another example is visitors going to CNN.com and being alerted of of CNN’s free app web app, as well as other breaking headline apps like NYTimes, Fox News, Good Morning America and others.

 In Conclusion - Future updates to HTML5 (or will it be HTML6?) will surely deliver the freedom to access the mobile devices’ advanced functionality such as storage, in-app notifications, camera access, use of the GPS and so on.  The truth is that most of this is already achievable by utilizing services such as PhoneGap. At the end of the day, it all comes down  to one thing; great apps deliver a rich, user-friendly experience, regardless of what technology is implemented.

How do you see HTML5 evolving? Share your thoughts in the comments or reach out to us via Twitter @W3i and @OrenTodoros.

Oren Todoros, Consultant, W3i, LLC
Oren has more than 9 years experience in online marketing and is now specializing in app marketing.

One of the most useful features for iOS users is the ability to have relevant content delivered right to the device.  Push notifications allow you to send messages directly to people who have installed your app (whether the app is running or not).  Sending push notifications is a great way to engage your users and provide value.

 If you’re an app developer thinking about adding push notifications (and you should be!), you may have a build vs. buy decision to make.  Is it better to purchase push notification services from a 3rd party provider or does it make more sense to build them in house?  There is a great deal to consider when making this decision and no single answer for everyone but let’s take a look at some things you should consider.

 The Basic Push Notification Architecture

There are three basic parts to push notifications: client registration, push notification provider, and the notification service itself.

 Client Registration and Tracking

The process for sending push notifications starts with some code in your app that registers the device with the notification service and acquires a unique ID for your app on a given device called a device token.  The device token is used to identify the target for your notifications.  It is the responsibility of the developer to store and manage the device tokens.  

 Push Notification Provider

The push notification provider is a server process created by the app developer to compose the notification package.  The notification package includes the device token for a client application and the payload message. The provider server sends the notification to the Apple Push Notification Service which in turn pushes the notification to the device.

 Apple Push Notification Service (APNS)

The Apple Push Notification Service sends the payload message to devices. If a notification for an app arrives when that app is not running, the device alerts the user that the application has data waiting for it.

 Feedback Service

The Feedback Service is another service provided by Apple.  You’ll need to write the software to call the feedback service and get a list of device tokens for devices that no longer respond to your push notifications.  In other words, if your app is uninstalled from a device, it will no longer respond to your push notifications and Apple gives you the device token for this device.  Apple requires that developers check the feedback service periodically to keep Apple Push Notification Service from having to process undeliverable notifications.

 Building the Push Notification Provider and Feedback Service

If you are planning on implementing push notifications in your app in house, you will need to develop the Push Notification Provider to call APNS as well as build the software to call the feedback service.  Apple’s developer site provides detailed specifications for calling this service as well as the specs for constructing the notification payload.  It’s a fairly complicated process but fortunately there are several resources available to developers to ease the development burden.

 Open Source Libraries for APNS

There are a couple of popular open source projects that may save you time and headaches implementing APNS on your server.  One of these is built with PHP whereas the other is built with Microsoft .Net (C-Sharp).  Both are solid and fairly well maintained and documented so you may want to pick one of these based on your development skill set and deployment strategy.

 For a PHP platform there is APNS-PHP (http://code.google.com/p/apns-php/).  APNS-PHP is a full set of open source PHP classes to interact with APNS.

 For a Microsoft based platform there is APNS-Sharp (https://github.com/Redth/APNS-Sharp).  APNS-Sharp is a free, open source, independent and mono compatible C#/.NET Library for interacting with APNS.

 Push Notification Service Providers

Until recently, your only option for sending push notifications to APNS was to build it yourself.  Today there are a few companies that, for a fee, make implementing push notifications much easier.

 Urban Airship Push Notifications (http://urbanairship.com/) and Xtify Push (http://www.xtify.com/) provide hosted services for sending notifications, device token management, tools for constructing your payload, and more.  Both companies provide a developer SDK for implementing push notifications.  In addition to iOS Push notifications, both of these services can target Android and RIM as well.

 Pricing varies by volume of messages sent so it’s a good idea to have an idea of how many messages you plan to send now and in the future.   All in all, pricing is very competitive.

 If you’re looking to get push notifications out quickly and avoid the development effort of implementing a push notification provider yourself, be sure to check out these companies.  If you have any additional insight on push notifications, please add it in the comments.