Archive for December, 2011

Building Apps and deploying them from GitHub

Those guys at GitHub have always been forward thinking and Open friendly !

So you ave probably heard that Mozilla is getting into “Apps” in a big way (

There are couple of things about HTML5 apps that are different than conventional native apps.

First, because they are web technology they want to live somewhere on the web. Second, each app has a manifest ( and that manifest needs to be served with a new, specific MIME type.

Now, if you self host on Linux this is trivial. You can just add an entry to the .htaccess file, but if you don’t want your app to have it’s own web presence there is another option.

This clever guy on my team, Rob Hawkes ( is the Developer Community Gaming Lean on my team and he  worked with GitHub to add the ability to serve Mozilla Apps Manifests directly from your GitHub repository.


Then, an independent game developer, Jerome Etienne ( tested it by publishing a game in the Mozilla Labs Developer Preview Apps Store.

The game is called marbleSoccer and the GitHub is here –

To install and run the game, start by installing the Mozilla Labs Apps  Runtime (we’re in preview, this step won’t always be necessary)

Then you need to log in to the store at :

You need a BrowserID to log in (which everyone should want to have, anyway) 🙂

After logging in search the store for MarbleSoccer.

Once you have it installed you’re good to go.

There you go – game installed and running – hosted at GitHub

Great job guys !


I Moved ! – Selecting a New Hosting Provider

I woke up this morning to a series of email and Twitter messages letting me know that my web site ( was gone !

My site was (until this afternoon) hosted at Site5. ( Now, I’m going to tell you what happened and how Site5’s process makes them an undesirable choice for my needs. Before I do that – a disclaimer. Site5 is a pretty good service with good folks working there. They did restore my site and engaged me in public discussion on Twitter about the event and their desire to help me. I don’t “blame them” per se. They have emailed asking to discuss what happened and how they could improve their services.

Running a high quality, low cost hosting service is very difficult, especially the “service” part. The hosting business is based on low margin and high volume. Each support person on parole causes a distinct increase in the shared hosting site density required to turn a profit. I do sympathize.

So here is what happened.

After receiving notices from my Tweeples that my site was down I logged in to my Site5 hosting account and they had opened a support ticket telling me they had turned off web access to my site due to “excessive CPU utilization”.

My Site5 account is “Unlimited” storage and bandwidth, but it’s a shared account, so if my disk space / band width use causes too much CPU use – it’s a problem.

There is no phone number for direct support so I went to the Site5 site to use “on-line” chat. Unfortunately, Site5’s on-line chat was “not available”.

So I added a reply to the support ticket and waited.

Site5 later replied that my site was turned off due to too many requests for the index.php page of my WordPress blog from a single IP address in Hungary. They explained that they only turn off a site as a last resort and they had to do it because it was a shared account and the CPU use was effecting the performance of other sites on the machine.

Fair enough.

Now, my web site isn’t important, like, say FEMA or CNN, but it’s part of how I feed my family so a default support policy of unplugging my site because ONE IP ADDRESS is spamming my site with requests seems like a really poor support policy.

It’s also not the first time I’ve experienced a DoS attack against one of my blogs and I’ve never had a host simply turn off my site as a result. While Site5 support said it was a “last resort” no one could tell me what steps had been made BEFORE turning off my site to attempt to solve the problem.

Not only was my site unplugged, but it was done in an “ugly” way. Visitors did not get a temporary landing page telling them there was a temporary problem, visitors didn’t even see an error. It just looked like the site had been deleted.

Site5 first suggested that the inex.php page was the problem and it was probably because I had added a new plug-in to my WordPress instance. They instructed me to try installing a cache plugin for WordPress. (I hadn’t added a plugin to WordPress since it’s original installation.)

Then they explained that they had identified the inbound request flood from a single IP address – which again made me wonder what other actions had been attempted before executing the “last resort” of unplugging my site.

I later got a detailed explanation of how difficult it is to identify attacks in real time. I’m sure the person who emailed me was not aware that 5 of my 10 years at Microsoft were spent focusing largely on cyber-security and I thought offering to help him implement a strategy to identify such attacks would not be well received. In fact, when I ran Microsoft’s ASP.NET site we identified DoS attempts on an almost daily basis and other “entry level” hosting providers have been able to do so with my accounts as well.

I was also told that even if they had identified the source of the issue they would block an IP address because that could be “bad”.

Still, it wasn’t this one time issue – in and of itself – that caused me to change service providers.

I was worried about the NEXT TIME.

Site5 turned my site off as a “last resort” but wasn’t able to explain what other steps were attempted.

Visitors to my site received NOTHING – no, “Temporarily Off Line” message, nothing !

Doesn’t that mean that anyone who was so inclined could cause anyone else’s site, if it was hosted at Site5, to be turned of by simple flooding it with requests. Even when the requests stop, my site is still down. Why not block the IP spammer ?

Anyway, I kept trying to gat someone on support chat, sometime later I did. I was told that Tier 1 did not have authority to actually make changes to my account (like turn web access back on) and that someone else was “looking into” what was going on, but customers weren’t allowed to talk to “those” support people.

I also found it bothersome that the problem was being looked into only AFTER turning my account off.

After some dialog I understood that the on-line support people serve as middle-men who can not touch an account and that “higher level” support staff and managers do not talk to customers on the phone or chat with them directly. My only recourse was to wait until someone replied to my question on the support ticket.

After complaining via the support ticket system and an ongoing conversation on twitter, the service manager emailed me to say that he was sorry and he explained that, while they could tell the problem was coming from a Hungarian IP Address after the fact, apparently their real time monitoring is not sophisticated enough to identify such an attack in real time. He also told me that they wouldn’t block an IP address under such circumstances as that might have negative results, though I can’t see how they feel turning of my entire site was a less negative result that blocking a single IP address that had been identified as flooding my site.

As I’m 100% focused on the HTML5 Apps space this is especially problematic for me. Turning a site off completely could have cascading negative effects if I’m using that site to host an App being distributed through store and would make it easy for competitors and objectors to kill my App’s success simply by spamming my home page. (Which, by the way is so trivial easy to do, and script kiddie can do it and it’s pretty easy to do it anonymously as well.)

So, while the folks at Site5 were very nice, the fact that turning off a site in this manner, in response to a fairly common issue – coupled with the fact that there is no way to interact in real time with someone who has the authority to make a change on my account – simply makes this level of service less than my minimum requirement.

This is especially true as I start developing guidance for Apps developers and making hosting recommendations.

I don’t mean to sound overly harsh about Site5. Most people wouldn’t ever experience this problem. My Mom’s blog doesn’t get that much traffic and she’s not likely to attract the attention of someone who would try to mess with were web site. I wouldn’t hesitate to recommend Site5 with those criteria.

But, service needs vary.

So – I’m researching a number of options for hosting HTML5 “Apps” but in the mean time I needed to move my site to a host where the events I experienced today would not be repeated.

Over he past decade I’ve used hosting services from more than a dozen companies, most of the economically priced ones have been poor performers in the customer service and up-time departments.

Though I already have a reseller account at another hosting provider (which I’ve had for 6 or 7 years) I originally set up an account at Site5 because they advertised unlimited bandwidth and I was leaving Microsoft so I needed a place to host podcast audio files.

I made a list of features I wanted in a hosting company and discovered that one of my existing hosts already met my criteria and I’ve had 7 years of great service experience with them.

So, what is my hosting criteria ?

  • A wide variety of Individual Shared, Reseller, Virtual Private and MANAGED Virtual Private, and Dedicated account options with multiple levels for each and reasonable pricing at each level
  • The ability to move domains between account types and assistance available to do so.
  • The ability to have my own custom NDS names.
  • Support for developing apps with PHP, Python / Django, Perl, Ruby Rails, and NODE.js
  • Multiple Database options
  • A guaranteed service level (99% up time, etc)
  • A support ticket system.
  • On-line chat support that is ALWAYS manned.
  • Telephone support options for when things are really critical.

Then there are some additional “nice to have” items.

  • Shared SSL Support
  • Individual SSL options
  • Source Control Hosting Options
  • Free default WebMail
  • Customizable Control Panel
  • Some kind of domain / account manager
  • SSH access

It turns out that I’m already using a hosting company that meets all those critera – though I didn’t realise it until yesterday.

The company is A2 Hosting –

Now let me be clear. I’ve been using A2 for 6-7 years. I started using them while working at Microsoft so I kept my use of their Linux based hosting pretty quiet. A2 has never provided me with any incentive to endorse them in any way, they don’t know I’m writing this, and I have always paid full retail prioce for the services that I have received from them – so my experience as a customer has been the same that you or anyone else is likely to experience.

When I signed up for my A2 “reseller” account it was because I wanted to host a bunch of little web sites and didn’t want to have a bunch of different accounts. Though I have a reseller account, I only use it to host my own sites. I choose A2 because I though their reseller account offered a lot for a very reasonable price. Because of the way that I started with them I guess I always thought of them as a “low end” provider.

I signed up for Site5 because of their unlimited bandwidth option.

As I started yesterday researching an alternative, I remembered the great service I’ve received from A2.

My A2 account is a “low cost” account, and there HAVE been issues and down time. But in all the years I’ve used them any issue has been solved quickly.

There is always someone in the on-line chat support and that someone can actually solve problems. IN fact, the chat based support people are so good – in all the years I’ve hosted with them I’ve never had to call the 24/7/365 phone based tech support.

They have always known what was happening and what the eta to fix it was – or they could do it themselves.

I couldn’t remember the last time I had been to the A2 web site – they’ve added lots of services.

They now have hosting starting at $3.35 a month (unlimited disk and bandwidth) all the way up to high end, managed, dedicated servers with Cloud options.

So I moved my blog before it was even back on line at Site. It took me about 30 minutes to get all the content,the code and the database moved. There was one thing I couldn’t figure out because the DNS change had not propagated yet, but I chatted the on-line support and Erin had the answer (thanks Erin) !

My web sites are often PHP apps like WordPress or Drupal but my Apps stuff is moving towards Node.js and Python – I was thrilled to discover that A2 supports both. 🙂

So for now I’ve consolidated all my hosted stuff to A2. (I still need to choose a Cloud based PaaS provider for some work.)

I’ll be using A2 for a bunch of my Apps learning content since my account gives me the flexibility to create sub domains for all the test apps I want to build. Heck, with Virtual Private instances starting at $13.95 per month I could even host test Apps with Java back ends if I really wanted to.

Anyway, I though this was a fairly significant experience and that sharing it might be useful to some of my readers.

Choosing a hosting company is a bit like cheering for your favorite sports team.

Either : Mine is the best and yours sucks!

Or: Yours sucks and mine sucks TOO !

And: If you ask me tomorrow I may feel differently about mine !

Choosing a CSS Framework

I’ve been building web applications since the beginning of the World Wide Web and yet I’ve never become very knowledgeable about CSS.

I’ve listened to the arguments about page layout (styles versus tables) and hacked my way through enough CSS but always found myself more frustrated than enthralled.

JavaScript frustrated me in the early days too. Compared to C++, Java, C#, etc it left “dirty” to me but I’ve grown to enjoy and embrace JavaScript and I know that I need to do the same thing with CSS.

CSS is very powerful but you need embrace it to really Grok ( it.

But, I have some issues :

  • I’m in a hurry – I need to be building apps now.
  • I don’t think aesthetically – I’m a bits and bytes guy.
  • I’m a pragmatist – I don’t care about purist type elegance.

So I’m choosing a “CSS Framework”.

If you search the web you can find lots of discussions about why NOT to use a CSS framework. Purists say that a CSS Framework is a contradiction in terms, but I suspect that 99% of developers doing significant client side work are using a CSS framework, even if their framework of choice is a collection of code that they wrote themselves (as opposed to someone else’s formal framework).

There are some basic criteria when choosing any framework.

  • Rich Functionality
  • The flexibility to extend and modify features
  • Understandable code
  • Good Documentation
  • Good usage examples
  • A vibrant community
  • An implementation that works the way I want to work

When it comes to choosing a CSS framework there are some additional criteria.

  • Reset Strategy
  • Typography Implementation
  • Semantic Naming

Especially “Semantic Naming” becomes incredibly important the more complex your markup becomes.

There is a cyclic relationship between HTML Elements as Identified by “Id”, CSS Classes that are applied to those elements and the JavaScript code that is executed against those elements, often that are found by way of the classes assigned to them.

Random naming of CSS classes or a set of naming conventions that lack logical value can turn the whole stack into a mess.

So, good naming strategy is crucial to a usable CSS framework and a way to customize naming in conjunction with your application’s problem domain is even better.

There are LOTS of CSS frameworks to choose from and several dozens of blog posts on the web listing the popular ones.

Rather than enumerate all the ones that I did NOT choose, I though I’d share some reasons for choosing the one that I did choose.

My criteria seems to be best met by Blueprint CSS (

  • A CSS reset that eliminates the discrepancies across browsers.
  • CSS Reset based on Eric Meyer’s (
  • A solid grid that can support the most complex of layouts.
  • Typography CSS that implements a baseline grid.
  • Form styles.
  • Print styles.
  • A Plugin model and a collection of available plugins.
  • En ecosystem for use in different development. (WordPress, Drupal, etc)
  • Tools, editors, and templates.

While the checklist seems complete is the combinatorial effect that we end up being interested in.

For example, using a CSS reset by itself nullifies browser defaults (which all tend to look different to the user) but using a CSS reset by itself, especially one as complete as Eric Meyer’s, means there is a lot of default behavior to be re-defined. Of course Blueprint CSS handles this for us.

For my needs there is one more very important feature of using Blueprint CSS.
Blueprint CSS comes with a Ruby script that lets you customize Blueprint style sheets using your own semantic class names.

This isn’t a matter of purism for me. UI code and markup can get very complex and maintainability, as well as debugging, can be drastically effected by semantic naming.

Standard framework names like these :

<div class="span-9 last">
<div class="grid_6 alpha">

… are learn-able, but just have no RELATIVE meaning inside our own application.

Here is some good information on CSS Semantics and using the Blueprint CSS customizer.

More to come…..

Building Apps with HTML5 – Desktop, Tablet, Phone !

Disclaimer : As a reminder, this post represents only my own personal opinion and is not presented as an endorsed or official position by anyone but myself.

Few evolutions of developer technology have resulted in as much discussion and speculation as “HTML5”.

In this post I’m going to write about building APPLICATIONS with HTML5, not sites or pages.

Two weeks ago I was in London at the Apps World Conference where I witnessed an interesting dichotomy.  The few HTML5 sessions were PACKED. There wasn’t even standing room left. But, almost every other session included commentary to the effect that HTML5 is “nor ready for prime time, though it is going to be really important in two or three years.

If you’re a cross platform tools vender, out-source developer, or consulting shop working in the mobile application space, then that’s probably what you want to believe. (Or at least what you want the industry to believe.) If you’re a  “native” developer you’re probably in the same boat.

I’ve talked to many “Native” / desktop application developers over the years who just don’t like the “Web Stack”.  They tend to discount HTML5 out of hand.

You hear one liners like :

HTML5 Apps can’t get good performance.
JavaScript sucks !
You can’t access the necessary hardware in HTML5.
You can’t optimize battery life in HTML5.

There is no question that there are some kinds of applications that you would not try to write using Web development technologies. You wouldn’t write Adobe Photoshop, Apple Final Cut Pro, or Audacity in JavaScript for example.

But I believe there are LOTS of applications that can be written in HTML5 / Web technologies and that there are significant advantages to doing so when your application scenario makes a Web stack appropriate.

Lets first fix what I think is a problem with the vocabulary.

“HTML5” is not really HTML 5.0. “HTML5” is a wave of technologies of which version 5 of the hypertext Markup language is only one part.

You can read the W3C HTML5 Draft Specification here :

While the HTML5 specification enhancements are important we, should be equally interested in the work being done by the What Working Group –

But to get the whole picture we need to consider other evolutions in web technology as well.

There is the CSS3 specification – which is part of the wave.

I also think that jQuery is in important part of the piece, especially now that browser venders are leveraging the performance experience of other scripting language makers and building significant optimizations into their respective “Web Stacks”.

So, in this post I will refer all of the technologies that we would use to build a Web Standards Based Application collectively as “The Web Runtime”.

Before I start to talk about what we can to with The Web Runtime, let me suggest that none of the corporate entities will want you to believe that you can build great  applications that will thrill customers by using only standards based technologies.

Why ? Because web technology runs on every platform that matters, is not controlled by any single entity and can be delivered by a wide variety of mechanisms.

Apple wouldn’t be thrilled by the success of The Web Run Time. Apple changed both the phone and the information industry with iOS, but their sustained success is, at least partially, predicated on the head start they achieved by being first to the market space.

While (in my opinion) iOS, as a device operating system, is still slightly better than Android at this stage of Android’s evolution, it is only marginally so and Android is evolving rapidly. What’s more, the iPhone is no longer the number one phone from a hardware perspective.There are many Android phones that are more advanced. (Like the Galaxy S2 Skyrocket). Apple can’t innovate on the hardware as quickly as the entire phone and tablet manufacturing industry and folks have angst over whether or not Apple can keep up with the pace. Expected announcement of the iPhone 5 this fall never materialized.

Still, the iPhone is staying strong in the market because the “Apps” are there. iOS is a proprietary platform. Apps that run on iOS do not run anywhere else. For most consumers, the only way to get Apps on your iPhone or iPad is through the Apple store where Apple gets a good percentage of the purchase price, subscription fee or in application purchases. (Yes, we geeks can jailbreak or iPhones, but that does cause other concerns.)

If Web Runtime Apps started to enjoy adoption Apple would loose it’s head start as well as it’s monopoly on the sales and distribution process. Developers could build an application once and consumers could run that app on whatever great bit of hardware they wanted. Moving from one platform to another would be FAR less painful.

It’s been suggested to me that the performance of HTML/JavaScript in Safari on iOS has intentionally been made slower than it needs to be in order to help maintain the disparity between “Web Apps” and native iOS apps.

Microsoft probably wants “Web Runtime” applications to succeed even less.

Though Microsoft has more than one profitable product, Windows is still the mainstay of Microsoft’s revenue stream and the combination of Windows and Office (which has almost no success outside of Windows) probably still represent more than half of Microsoft annual revenue (thought that is a guess on my part).

Operating systems have nearly no direct value to the average consumer of computing devices (Servers, Laptops, Tables, Phones, TVs, etc) An operating system is only as interesting as the applications that are available to run on it.

In the early days of Microsoft Bill Gates and company had a brilliant long term success strategy of embracing developers and the development process to get them to target Windows for all kinds of applications.

That strategy has worked well. We had and CP/M and Apple computers well before the first PCs hit the street and the IBM PC with MS-DOS surpassed them all. We later got IBM’s OS2 and NextSTEP, which were technically better than the versions of Microsoft Windows that were available in their day, but did neither succeeded against Windows.

Even today, Apple’s OSX is a more consumer friendly Operating System than Windows,  and Linux is far more performant and stable than Windows, but yet Windows is far more popular than both OSX and Linux combined on the consumer’s desktop – why?

There are three reasons.

Application Availability. Microsoft has done a better job than Apple, or the Linux community, of exposing a set of developer technologies that make developing Windows Desktop applications easy enough for a broad variety of developers.
Microsoft has grown monopolistic market share and successfully maintained it which makes Windows the largest potential market segment for application developers.
They have leveraged their monopoly market share to manipulate the hardware OEM space to propagate that majority market share.
Read the rest of this entry »