web development and photography
web dev
Building augmented reality layars
Jul 11th
Layar is a free augmented reality (AR) app for iPhone and Android. Unlike other apps which fulfil a specific AR need (from finding bars near you selling Stella, to shooting your friends with lasers) Layar opens things up to let developers build their own AR views and run them in the Layar AR “browser”. It looks like the image below, which shows a wikipedia layer.
AR Browser
And yes, “browser” is kind of an apt description, because when you build a Layar layer (someone should really think of better terminology than this!) what you’re really doing is providing a webservice which gets displayed in a particular way.
Building a simple layer is actually pretty easy if you have some web development knowledge, such as PHP and MySQL. In fact, if you’re ever built a simple webservice before then all you need to build a simple layer is which parameters need to be passed in, and what the output should look like. The Layar people have provided a tutorial to help you if web development isn’t your main thing, and there’s some sample code there too. I found their wiki and tutorials useful for getting started, but in my opinion their PHP code samples are a little hacky.
Developer site
So, first you need to register as a developer. This takes just a minute. Once done, you need to start building your layer definition. This sets things like the URL of your webservice, and the name of the layer. You can also use the developer area to test your layers before submitting them for publication. Again, documentation is provided. But I found it all pretty straightforward and easy to work out anyway (they could do with some better web designers though!)
Webservice
Now the key part which makes the whole thing tick. The webservice. This can be hosted on your own site, although 3rd party sites exist, such as hoppala.eu, which in effect provide the webservice hosting for you. To be honest the hoppala service seemed great at first sight – you give it the url of a google map and it does the rest – but after various unsuccessful attempts at sending them my google map url, I gave up. Your webservice needs to provide a few key pieces of data about your layer. Basically the geo-coordinates of each point-of-interest in your layer, and a title and description for each.
Google Map
Getting geo-coordinates might sound scary, but if you’ve ever made a google map, you’ll have those to hand. If you haven’t made a google map, then it really is just an easy drag and drop exercise. There’s a little RSS button at the top right of your map where you can get the url of the RSS feed of your map. This contains all the coordinates, as well as the titles and descriptions you’ll have given when you were building up your map.
It would be cool if the Layar people would accept these RSS feeds. That way you’d not have to do anything else. To me this is the biggest oversight of the whole system. The google RSS really does contain everything they need, but hey…
OK so you just have to accept that you’re going to have to take that google map RSS feed, and modify it to put it in the format the Layar people need. In effect you’re creating a chained, 2-step, webservice. This is where your PHP and webservice skills come in.
Input data
When the Layar “browser” calls your webservice, it provides three GET parameters. The user’s current longitude, latitude, and the radius the user wants to be bothered with around them. Your webservice code therefore will need to capture these paremeters and use them to generate your output. Once again, it escapes me why Layar sends this data to your webservice, rather than doing the necessary calculations in the app itself. I can only guess it’s to do with performance issues.
SimpleXML
What I did was use PHP’s built in SimpleXML features to pull the google map RSS feed apart, and take out the longitude, latitude, title, and description data out.
Doing this is pretty easy. You call something like this:
$xml = simplexml_load_file('http://maps.google.co.uk/maps/ms?.......');
and go through each point-of-interest with a loop like this:
foreach ($xml->channel->item as $entry) {....
Scary maths bit
Remember those 3 input parameters? Longitude, latitude, and radius. The reason they’re passed to your webservice is that Layar needs to tell your webservice not to bother sending irrelevant results back to them. Suppose the user only wants results in a 1km radius. Layar doesn’t want a mass of data covering most of England. It’d just be too slow.
Soooooo…. you’re going to have to do some scary maths to calculate distance from a point. All that nasty trigonometry stuff you did at school.
Don’t panic! The Layar people provide you with the formula. In case you can’t find it, here it is:
$distance = (((acos(sin(($value['lat'] * pi() / 180)) * sin(($lat * pi() / 180))+cos(($value['lat'] * pi() / 180)) * cos(($lat * pi() / 180)) * cos(($value['lon'] - $lon) * pi() / 180))) * 180 / pi()) * 60 * 1.1515 * 1.609344 * 1000);
where $value['lat'] and $value['lon'] are the user’s coordinates, and $lat and $lon are the coordinates of the point-of-interest.
You just need to compare this $distance value with the user’s radius GET parameter sent by Layar.
JSON output
Your final output, then, is nearly ready. Build a PHP array containing the layer name and a list of the points-of-interest. Each point should have coordinates, a distance from the user, and other data like title, description, image URL, etc. Full details on these can be found in the Layar wiki and tutorials.
The last thing you need to do is make sure your webservice output is in JSON format. In PHP this is too easy: just call json_encode() with your array as the parameter.
Test and publish
Once your webservice is up and running, go and test it from the Layar developer area. I haven’t as yet published a layer, but it seems to involve a fairly straightforward submission process.
One cool (although thinking about it pretty essential) feature is that you can test your layer in the Layar app itself. Once you have a developer account you get an extra “test” tab in the app. This lists all your own layers, each of which will function exactly as though it’s been published.
Summary
The Layar augmented reality app is a really nice idea, and one which allows developers to build their own layers relatively easily. You do, however, have to be a developer with some knowledge of webservices and familiarity with APIs. It’s just a shame the Layar people didn’t think to allow very small-scale layers pulled directly from, say, Google Map RSS feeds. The only reason I think they’ve not done this is for performance reasons. But if all you want to do is build a layer with a couple of dozen points of interest in a limited area, the whole radius/distance calculation thing seems a waste of effort on the developer’s part.
On the plus side, once you’ve developed one simple layer it’s incredibly easy to modify your code to build other layers. In fact, all you really need do is pass in a different Google Maps RSS URL.
Another plus, of course, is that Layar removes the need for developers to get involved in actually building their own iPhone augmented reality apps. A far scarier prospect than that distance calculation.
Flomo iphone app
Jul 12th
A few weeks ago I decided to start playing around with iPhone app development. It would, I thought, be a relatively straightforward thing. Even small children could do it.
But what to choose as a test project? Perhaps something stupid that made some kind of farty noise each time you shook your iPhone? Nah… build something useful Matthew. Something I and others like me would want to use.
Uploading images to Flickr seemed like a cool idea. There are some really nice apps out there that do this already. Hmmm…
Another thing was simple image manipulation. You know, make your crappy iPhone photos look like you took them with a Lomo ie turn them into something bad yet cool. Already done. Hmmm….
I know – combine the two! Brilliant idea! Let’s call it Flomo (flickr + lomo). Lame name – yes. Arsed to think up a better name – no. I even designed a funky logo (above).
Turning the idea into reality has proven to be somewhat more tricky than I’d thought. Trying to run before learning how to walk is a cliché that springs to mind. But it’s been a useful lesson in iPhone development.
Specifically it’s taught me:
1. How to access flickr’s API. Authentication with their API is like sticking hot pins in your arm at the best of times, never mind in an unfamiliar language (Objective-C).
2. Objective-C doesn’t have a simple way of doing MD5 hashes. It’s a pretty much build your own kind of thing. Ugh.
3. How to process images. Thanks to some online help and general banging-head-on-wall type thinking, I’ve finally realized that image processing isn’t all that hard. Neither is it easy. Finding stuff on forums like (I paraphrase) “listen you newbie scum, this kind of thing is so trivially easy I’m not even going to explain how to do it” didn’t help. But I got there. I’ll publish relevant bits of my code in the next post.
4. Multithreading is really useful. Do you want a nice spinny wheel thing while the image is uploading, so your user doesn’t think the app has broken? Well you *have* to use multithreading. Obvious if you know that it’s obvious. Like so much in iPhone world.
5. XML parsing? Not easy and not fun. Just parsing a simple web service response is bad enough. Making any sense at all of complex XML seems like far too much hard work. PHP SimpleXML – I love you!
There are all kinds of other bits and pieces which I’ve had “fun” with. I’ve probably implemented them really badly. But I don’t care. I have an iPhone app which works. Just a little more work and it’ll be ready to submit to Apple and wait months before it ever appears on the store for free.
Oh, and those news reports about small children coding for the iPhone? Two words: parental guidance.
Drupal in perspective
May 13th
Drupal prides itself on its community aspect. And so it should as a truly open source system. One of the good things to come out of this is the principle that dissenting voices should be given a platform. Hopefully what they say gets taken on board too. A talk titled ‘Why I hate Drupal’ at the recent DrupalCon in DC is a great example of this principle.
‘Why I hate Drupal’ was given by James Walker, one of the Lullabot team, and general Drupal insider and guru. It’s important to point out that this isn’t just some bile-filled sour-grapes rant. It’s a considered, insightful and eloquent discussion of some of the problems and issues with Drupal as it grows in popularity, and enters a new, more mature phase of its life.
Here’s a link to a video taken of the talk. It’s an hour long, so you may have to book out some time to watch it. It’s worth it though.
Drupal for education
Apr 27th
Just noticed a Drupal for Education event going on at Sun’s offices in London, on 14th May:
http://www.drupal.org.uk/event/drupal-education-may-2009/14-may-2009
The event is organised by Codepositive, Sun, and Acquia, and seems to be part of a series of ‘Drupal for…’ events. The last one I went to was Drupal for Enterprise, and was pretty useful – especially for those who didn’t know anything about Drupal and wanted to get a good overview.
Interestingly, they mention on the event page that the Open University is now using Drupal for its new Platform site:
http://www.open.ac.uk/platform/
This bills itself as a ‘virtual campus’ social networking and news site for staff, students, and alumni. They even have blogs, although they’ve seemingly gone for Drupal-based blogs rather than the WordPress MU we’ve chosen for blogs.kent.
Pro Drupal Development 2nd Edition by John K. VanDyk
Apr 5th
If you want to get at all serious about taking Drupal beyond a simple installation, Pro Drupal Development is going to be a massive help to you. If you’re anything like me you’ll come back to it again and again for reference and to try out some new ideas.
It covers all kinds of development areas such as building your own modules, the form API, themes, and even best practices. All this kind of stuff can be found online, but it’s a big help to have it all clearly explained in one place. Sometimes you just need someone to guide you through the maze of options that Drupal offers.
Much of the book isn’t for the faint-hearted. You need a good working knowledge of PHP and some MySQL. Most books start you off nice and easy, but here the early chapters are very much a leap into the deep-end. There’s a certain amount of reliance on just accepting fairly esoteric Drupal stuff until it’s explained more clearly later in the book.
The book also comes with plenty of examples, which you can download for free from Apress. These really help you get your head around some of the trickier ideas (I found one or two of the examples didn’t work as described – but to be fair there are some errata by the author on the Apress site).
In summary – this book is an excellent buy if you want to take Drupal to the next level but don’t know where to start.
Using Drupal by Angela Byron
Apr 5th
Using Drupal is a great little book if you’re just starting out with Drupal, and want to know which modules could be useful for you. If you’re getting into true development stuff and want to play around with Drupal a bit more, the excellent Pro Drupal Development by John VanDyk would be a much better choice.
This book was written by members of the Lullabot team, who do Drupal consulting and development work. They really know their stuff, so you feel things they suggest in this book (like choosing module x over module y) are worth listening to.
The book itself guides you through typical scenarios you might want out of a Drupal website, like wikis, a shopping cart, workflow, multilingual sites, etc, etc. Each section has some useful tips and ideas, but doesn’t go into a massive amount of depth. So again, great if you’re just starting out and want a flavour of what’s possible.
WordPress MU and user registration grief
Apr 2nd
WordPress MU (WPMU) is a great tool.
It’s basically a fork from the main WordPress software that lets you set up and maintain potentially vast numbers of blogs from a single codebase. It’s particularly popular with universities and HE institutions, such as Harvard Law School (http://blogs.law.harvard.edu), and a range of UK universities including here at Kent.
Why registration?
So, why would you want to allow user registration for blogs? Mostly, blogging is all about free commenting on posts, and the onus is on the blogger to filter out dodgy comments.
If you’re like me with just a handful of comments every month, fine.
If you’re an institution like a university, this opens up the proverbial can of worms (I’ve never seen a real can of worms, but I’m sure it’s not pretty) to do with complaints, disciplinary procedures, legal stuff. Far better to force people to register before making a comment, so there’s at least a way of telling whether they’re from the institution, or a member of the public.
No comment.
WordPress MU registration system is bad. Not in a cool sense of bad. It’s just terrible.
1. Confusing to users. You might want to register for MyHappyBlog because you want to comment on a blog post. The moment you register you’re sent on a multi-click process which takes you far, far away not just from the familiarity of MyHappyBlog, but from the post, and any memory of the stinging critique you were going to deliver. No comment, quite literally.
1a. …oh and by the way, just to make it even more confusing, the user will be sent an impossible-to-remember password after they’ve registered. Although this is touted as being secure (I’m sure it is), it’s just impractical. Either the user will forget the password, or they’ll forget to change it.
2. Confusing to developers. WordPress MU registration works fine so long as you follow the way it does things. If for some bizarre reason you want to change the way the registration page looks (you mad fool!), you have to change the core code. As any developer will tell you, this is generally a very stupid thing to do, and ipso facto a stupid thing to force people to do.
Logged out
I should just add that it’s actually not just the registration system in WPMU. Standard WordPress has a curious login page which is very hard to change. Yes, you can get round this in part with filters and plugins and whatnot. But the point is that changing the way something looks should never, never, require a developer to hack around a bit. This is what themes are for.
Summary
My advice to anyone considering user registrations in WPMU? Don’t. The fact that the registration system is so quirky might be indicative of the relatively relaxed approach most bloggers have towards commenting. You may want to ask why it is that you absolutely must have user registrations for your institutional blogs.
wordpress mu XSRF
Mar 31st
Cross-site request forgery (XSRF). It’s something that’s becoming a big issue in internet security, and yet is still relatively poorly understood by many developers. If you don’t already know what it is, you can find an excellent introduction in wikipedia:
http://en.wikipedia.org/wiki/XSRF
In a nutshell, anything on your website is a security risk if it lets someone modify something on your system (eg an entry in a database) without first making sure that the request for that modification actually came from your site. This isn’t restricted to a URL query string. Forms are probably the worst offender because many developers seem to think they’re somehow safe. They’re not.
A good way of preventing a XSRF attack is to give each form a unique identifier which keeps changing. Only your web application will know for sure that a request has come from a form on your site, because that application generated the identifier in the first place and can cross-check it against an entry in a database. Drupal does this, and so does WordPress (including WordPress MU).
Here I’m focusing on how WordPress MU does the XSRF protection. It’s called, wait for it…
Nonce?
ok, ok. Get the sniggering done now. And relax…
To the good people at WordPress (and seemingly everyone in America) nonce has only one – very unfunny – meaning: a word or expression which only ever occurs once. ie. a unique key which changes its value every time it’s used.
By default all WordPress forms use nonce values to help prevent XSRF. If you write your own plugins, to get this to work in WordPress is amazingly simple. Just put this in your home-grown form:
wp_nonce_field('my_nonce_phrase');
where ‘my_nonce_phrase’ can be any unique phrase which acts as a base for the system-generated nonce key. It’s usually a good idea to use something like plugin-name+form-name so you eliminate the risk of clashing one nonce value with one from a different form. But basically you can use any phrase you like.
If you need more info, the WordPress API listing is here:
http://codex.wordpress.org/Function_Reference/wp_nonce_field
If you want to put a nonce in a URL rather than a form, just use the very similar:
wp_nonce_url('theurl', 'my_nonce_phrase');
where this time ‘theurl’ is, predictably, the url that you want to noncify, and ‘my_nonce_phrase’ is once again your unique phrase which is going to act as the seed for the eventual nonce key.
Whitelist
There is however a slight catch. Some forms on the backend are forms where you want someone to update various options parameters. For example, if you’ve built a plugin and want someone to be able to set various plugin default options. In standard WordPress, you use options.php as the form’s action, and can use the following as a nonce field:
wp_nonce_field('update-options');
This way, when the update button is pressed the fields you’ve added to your form will automatically get updated as part of the options.php code, and the nonce system will be happy that the form came from the right website. Everyone’s smiling. Everyone’s happy.
This doesn’t work with WordPress MU, however.
Instead you need to add this to your form:
wp_nonce_field('my_nonce_phrase-options');
where adding -options to the end is crucial if you want options.php to work properly. I’m not sure why. It just is.
Finally, in your plugin you need to be able to alter the nonce whitelist ie. the list of option names which are accepted by options.php. You could just alter options.php, but that would be crazy. Instead use a filter to intercept the whitelist and add your own values to it:
function my_plugin_alter_whitelist_options($whitelist) {
if(is_array($whitelist)) {
$option_array = array('my_nonce_phrase'=>array('plugin_option_1', 'plugin_option_2', 'plugin_option_3', 'plugin_option_4'));
$whitelist = array_merge($whitelist, $option_array);
}
return $whitelist;
}
add_filter('whitelist_options', 'my_plugin_alter_whitelist_options');
Yes, it’s ugly and bad. But there doesn’t seem to be any way round this for WordPress MU and forms used for setting your own options in a plugin.
Summary
WordPress MU lets you build forms which are relatively safe against XSRF attacks. Doing this is easy, and takes just one line of code in your form. A word of warning: adding protection to forms which make use of WordPress’s options feature is more fiddly in MU than it needs to be, but still not too bad.
Review of Panic’s Coda – One-Window Web Development for Mac OS X
Feb 8th
I’ve recently been trialling Coda, Panic’s web development environment for Mac OSX. It currently costs $99 (about £65 at current rates) per licence, and offers a fully-featured 15-day trial before you burn your money. The version I’m looking at here is 1.6.2.
Coda sells itself as offering a complete environment for all-round web developers: somewhere to do your coding, a css tool for the design-oriented, and built-in subversion, FTP and SSH tools to transfer your masterpieces from your localhost to your live environment. In other words… an IDE (although it’s perhaps telling that it never uses that acronym in its sales pitch).
Coding
Coda offers a passable pure coding environment. It has all the basic text editing things: fancy colours, a certain amount of text completion and insertion (e.g. comment blocks). I don’t want to bore you with a list all the small details I found wanting in its text editor. Some of the bigger issues I had were lack of diff tool, and the inability to search across an entire project (or ‘site’ in Coda-speak). On the plus-side the editor did have a nice visual list of functions in your code. Macromate’s TextMate is often compared to Coda (a not entirely fair comparison, but anyway…), and to be honest in terms of code editing offers lots of things Coda doesn’t, and all the things Coda does. So, take your pick…
Styling
The css editor is pretty much what you get from tools like MacRabbit’s CSSEdit. You get to edit your css with a user-interface rather than hand-coding the stuff. That’s pretty much it. I’m left wondering just how useful Coda’s CSS tool is. If you’re proficient in CSS then do you really need a GUI to help you? If you’re not proficient in CSS then you’ll still be confused because Coda assumes you have some knowledge of how HTML and CSS work together. It’s a kind of irritating half-way house which I suppose might make life easier for half-way-house developers. I’m not sure.
FTP/SSH
One of the really nice things about Coda is that you can fiddle around with a local copy of your website and FTP it up to your live hosting account, all in a simple, integrated way. When you alter a file a little icon appears next to it in Coda’s file browser. Just click it, and off it goes. It really is very simple and easy to understand. So it has the same feature if you’re working in a more serious environment, where SSH is the only way to transfer? Erm… nope.
No quick-and-easy scp-equivalent? Let’s just stop here and digest what Coda’s all about. Those of you wondering what scp is will probably be ok with Coda. Those of you who know will probably realize that Coda’s aimed primarily at semi-pro developers who need to access hosting accounts with FTP. If you work in a professional environment where servers are locked down to such an extent that SSH is probably your only means of access, well one of Coda’s main selling points is lost.
To be fair there is an SSH terminal. My feelings are that this has been bundled to make Coda look more professional and justify a higher price-tag. Why is it any easier to click a button in Coda taking you to the terminal, than it is to switch to a terminal in a different window? Cmd-Tab? At best you might consider it a very, very minor advantage. At worst it confuses Coda and makes you wonder whether it’s trying to pitch itself at semi-pro or at professional developers. Is it for the Rails and Symfony developers out there? Who knows.
Preview window
Coda’s preview window lets you see your webpage as it would appear in a browser. Well, actually it shows you how you web page does appear in a browser, because the preview window is basically just a browser window. Again, I’m left asking the question: Cmd-Tab? Personally I found it more useful to analyze my CSS changes in Firefox + Firebug. Note too that the idea that you can review a single page of your website as a complete entity is a very out-dated and curiously amateurish one. The idea that ‘blah.php’ as a file actually renders a page of HTML is verging on the laughable: there will typically be dozens of files involved in rendering a single web page. Any serious (PHP) web developer would surely be using either home-grown code developed in a framework such as Symfony, or would be modifying available web apps such as Drupal or WordPress. The only way to view a ‘page’ in any vaguely sophisticated web app is to view it in a browser with a web server running. All this makes Coda’s preview window largely defunct. Once again, just Cmd-Tab to Firefox or something. Is it really that hard to do?
Subversion
A big selling point of Coda has been its inclusion of some kind of version control mechanism for your code. In this case subversion. The user interface is nice, although a little basic. Any checked-out code will display little icons next to the file name in the file browser. If you’ve made a change, you’ll see a little ‘M’ icon appear next to the file, which you can click to commit to the repository. It’s all very neat and rather lovely.
This does seem to be one area of Coda that works well. You will have to rely on terminal svn commands for some things, but most day-to-day stuff can be done very neatly and easily. Incidentally, TextMate includes very similar functionality. It doesn’t have the useful icons to let you know when something is out of sync with the repository, so for me Coda’s svn scores a point over TextMate here.
Conclusion
Coda looks lovely, and feels like something designed for semi-pro web developers. I can’t imagine hard-core designers and CSSers finding it particuarly useful, and hard-code programmers and coders won’t find its text-editing functionality up to scratch compared to much cheaper/free tools like TextMate, JEdit, or Eclipse. The preview window and SSH terminal features feel like a bolt-on, and honestly you’d have to be pretty lazy to find Cmd-Tabbing to another application much harder than pressing a button on Coda’s UI. The lack of integrated scp functionality will be annoying for many developers.
Coda costs $99, and could be a really useful value-for-money tool for semi-professional web developers who appreciate the convenience of having almost-TextMate, almost-CSSEdit, almost-web-browser, and SSH terminal thrown into one eye-candy package. Dreamweaver it ain’t. For starters Coda it has none of the HTML-building capability of Dreamweaver.
For about half the cost of Coda you can buy TextMate, CSSEdit, and use Firefox and an SSH terminal. Ok, you have to switch between them which is a slight inconvenience. But you do get more functionality for less cost. At the end of the day it’s all about what you’re comfortable with as a developer.
WordPress MU 2.7 released
Feb 1st
Finally, after much holding of breath and anticipation, WordPress 2.7 and its swanky interface comes to MU-world. Yay!
As is typical with the quasi-underground nature of WordPress MU, version 2.7 wasn’t so much announced as… became apparent. ie. if you happened to download it you’d find the version number was different. A WordPress MU forum thread showed the general confusion about whether 2.7 was still in beta, or an actual stable release:
http://mu.wordpress.org/forums/topic.php?id=10952
Anyway at first sight everything seems to be working fine after an update from WordPress MU 2.6. Plugins, even home-grown ones are doing their thing. I guess one of the main advantages of using a fork which is typically a couple of months behind the vanilla-WordPress is that any regularly-updated plugins and themes you may already be using will generally ‘just work’ with a new version of WordPress MU.
