You weren’t alone if you had trouble logging into Spotify, TikTok, or Tinder on Wednesday evening. As reported by The Verge, a backend configuration change on Facebook servers broke a widely used software development kit (SDK).
Developers of these popular apps – and many others – use the Facebook-built SDK to enable account creation and login rather than creating an account using an email address and password. Using a platform account such as Facebook, Twitter, or Google to create an account is referred to as federated login.
While it sounds familiar to enterprise single sign-on (SSO), it differs in account security and management. Single sign-on allows IT managers to restrict application and resource access at the account and group level. Federated login is a consumer-focused system that makes it easier for end users to onboard onto new services or applications.
The initial advantages that federated login delivered were speeding up the sign up time and reducing the number of passwords end users needed to remember (or write down on a sticky note next to their laptop).
The end of federated login
The risks of using federated login have now eclipsed the benefits. If an end user’s social media account is compromised, it could potentially allow a bad actor to access all the apps and services associated with that login.
Beyond that, if an end user decided to close or delete a social media account, it could break their ability to login into your app or service.
Password managers such as LastPass and 1Password have made federated login unnecessary. They provide the same benefit of password reduction that federated login provides, but without the risk of data theft and SDKs breaking functionality.
Password managers also provide browser and OS plugins that enable the quick addition of login credentials. There is no practical difference in speed when it comes to account creation using federated login versus a password manager.
Building secure solutions
Any application or service is only as stable as its weakest link. In 2016, a developer deleted a NPM module and inadvertently broke thousands of projects across the internet. One of the deleted modules included a simple function that pads out the left hand-side of strings with zeros or spaces.
At BitBakery, we work with our clients to build solutions that are not only secure, but future-proof against SDK and shared library changes. We wrote about this back in October, 2019 when Google removed the fingerprint scanner from the Pixel 4. The lack of a working facial recognition API in Android meant that end users couldn’t securely login to their financial apps. Our team constantly monitors trends and issues for our clients to make sure they’re delivering consistent, amazing experiences to their customers.
When it comes to maintaining code on our projects, we adhere to the campground rule – “always leave it better than you found it”. If you’ve ever updated a web project, you may have found some less than stellar comments and code.
One of the biggest challenges can be trying to read through undocumented CSS. You can lose valuable hours investigating design rules just so you can make a simple update and keep within the existing style guide.
There’s always the temptation to write new classes. Sometimes time isn’t on your side and the change needs to be done now. We know CSS is forgiving with redundant classes, but there are downsides to writing new classes. This is especially true when you’re using a framework like Bootstrap that provides plenty of useful utility classes.
So why do we prefer Bootstrap utility classes? Here are two ways of dealing with a change – first, by writing new classes:
When you look at both examples, they’re not all that different. One change is that the custom classes from the first example are replaced with spacing utilities like .pb-3 and .py-3 in the second example.
There’s no major difference in how browsers render these examples either. So why do it using the Bootstrap utilities?
Long term maintainability
Our Bootstrap Utility example doesn’t have any new CSS at all. This keeps your custom CSS file leaner and more maintainable over the long term.
Because it’s derived from the base spacing, the padding is consistent with the rest of the site. The padding is defined in the Bootstrap variables file. This eliminates any guesswork for how much padding or margin you should use.
These alone aren’t a reason to use a framework such as Bootstrap. If you’ve already got a framework in your project. then using its built-in utilities will save you time now – and in the future.
Want to learn more? I recommend reading through the Bootstrap documentation to see how else you can avoid rewriting CSS that’s already been written for you.
There was major news in the world of web browsers last week. Microsoft released a major update to their Microsoft Edge browser that replaces their own EdgeHTML engine with Google’s Chromium engine. It’s a massive shift for Microsoft and a significant increase in Google’s leadership of the web’s core technologies.
Our team here at BitBakery has been putting this latest Chromium-based Microsoft Edge release through its paces over the last week. Here’s what we think so far.
Simplified development and QA testing
Developers and QA testers know one universal truth of building for the web – just because something works in one browser, doesn’t mean it will work in every browser. An awesome animation built with JQuery works great in Chrome but remains motionless in Internet Explorer – yes, we’ve all been there. Moving to Microsoft Edge to be Chromium-based means more consistency in how frameworks function. Developers will find the same level of support in Microsoft Edge as they do in Google Chrome when building web apps.
The built-in Developer Tools within Microsoft Edge are also very close to those provided in Google Chrome. This means there’s no additional time needed to get familiar with a new set of dev and debugging tools.
Browser deployment and security
Google Chrome has a whopping 69% share of the browser market. If you’re developing consumer websites and applications, the new Chromium-based Microsoft Edge could potentially reduce the complexity of your dev and QA processes since it shares its core engine with Google Chrome.
Microsoft Edge is the successor to Microsoft Internet Explorer which dominated large enterprise companies for years. If your company still uses Microsoft Internet Explorer, well, Microsoft really wants you to stop. From a security and stability standpoint, Microsoft Internet Explorer has not been updated in a few years, potentially exposing your systems and data to malicious attacks. If you have internal web apps that require Microsoft Internet Explorer, Edge offers an IE11 compatibility mode for Windows that should allow those internal web apps to function. This feature isn’t available in Microsoft Edge on macOS.
The future of the world wide web
While the move to Chromium is great for developers, it does continue to solidify Google’s dominance when it comes to web standards. This increased market share means Google has an even stronger hand in directing which frameworks and tools have support.
Apple’s Safari browser and Mozilla’s Firefox are now the only two major non-Chromium browsers on the market. For developers and testers, there’s still a need to include these in your planning. There have been rumors of a switch to Chromium for Apple’s Safari, but for now the company has said they have no plans in the works.
As a trusted source for outsourced development, BitBakery is adding the latest Microsoft Edge releases to our testing plans. We’re here to answer any questions you have about this or any other outsourced development question.
Continuous learning is one of our core values. Every BitBaker brings their own unique experience to deliver for our customers’ projects.
Once a month, we get the team together for a lunch and learn series we call Knowledge Nibbles. We bring in catering from one of our favourite locals and take turns presenting a subject to the team.
The October learning session was lead by BitBakers Marcel Rusu and Pablo Morales. They presented an intro to functional programming with lunch from the Lancaster Smokehouse.
As a provider of outsourced software development, we work with a lot of different stacks. Two different customers might even use the same framework, but use different versions. We use continuous learning to build a deep understanding of the frameworks we use.
“You can learn a lot more by developing an understanding of the technology first.” said Pablo. “If you’re just running around asking questions because you don’t know the answers and not making time to learn, you’re not growing as much as you could be.”
Marcel has been following the concept of functional programming for a few years now. Both Marcel and Pablo studied computer science at Wilfrid Laurier University. “He kept talking to me about functional programming in second year and I didn’t really get it until I finally had the chance to work with React.” said Pablo.
Their talk focused on two principles of functional programming: declarative programming and immutability. Declarative programming is a shift from telling the program “what to do” instead of “how to do it”. You focus on the flow and structure of data before you type in your first line of code. Declarative programming makes it easier to see how data flows through your code. You’re also less likely to make simple errors that occur when you swap variables.
Marcel and Pablo chose the topic because of its rapid adoption in the industry. “What’s interesting is that web is leading this. It’s almost a decade ahead of mobile for moving into declarative.” Marcel feels that many people still have trouble explaining functional programming. “Many people use functional programming in frameworks like Angular and React, but I think it’s still hard for many front end devs to easily answer ‘what is functional programming?’”
Before diving into functional programming, Marcel recommends asking why are you using it. What benefits does it offer your development team?
“It’s really important to understand the technologies we use,” said Pablo. “We use a lot of different frameworks, and it’s important to build a deep understanding of them. Three months ago, I wouldn’t be comfortable explaining things to the team. Now I feel like I can really help Marcel and Edson.”
Marcel and Pablo both agreed that getting a chance to present was rewarding. “We’re both pretty passionate about talking and sharing. It’s exciting to do that here at BitBakery.” said Marcel.
we all know change is a constant, it can still be jarring when it
happens. As a business. you want to minimize the impact of that change
on your customers as much as possible. A consistent app experience —
whether on mobile or on the web — is paramount for keeping your
customers happy and your customer service calls down.
your customer upgrades to the latest phone, they expect all their apps
to work the same. Unfortunately, there are times where the manufacturer
makes a change that impacts your app experience. The most recent example
of this is with a change in the Google Pixel 4 and Pixel 4 XL. Previous
versions of Google’s flagship phone included a fingerprint scanner for
biometric security. With the Pixel 4 and Pixel 4 XL, Google replaced the
fingerprint scanner with a facial recognition scanner.
As reported in Digital Trends,
this caught many financial institutions off guard. Customers who have
come to depend on the security of fingerprint scanning now found
themselves only able to login to secure services with a traditional
password. Those once biometric-secure applications were now back to
using a system many customers were not comfortable using.
a trusted partner for outsourced development, BitBakery is constantly
monitoring device, browser, and operating system developments to ensure
your solutions work consistently for your customers. In the Pixel 4 and
Pixel 4 XL example, we let our customers whose apps relied on
fingerprint scanning know about the potential impact. We’re also already
working on getting client apps ready for the next Android update that
adds in seamless support for devices that use either fingerprint or
it’s a full MVP or support for a project with a virtually embedded
team, BitBakery works with you to make sure you continue to provide an
amazing experience for your customers.
“We’re spending 2 hours/day in apps, or one month each year.”
In a recent report, App Annie forecasted the 2018 app economy. The publication celebrates the 10-year anniversary of the Android and Apple app markets. The predictions cover consumer spend, AR, P2P, voice agents and plenty more.
1. As of November 1st, 2 and 3.5 million apps were available on iOS & Google Play, respectively.
2. In October, over 50,000 and 150,000 apps were added to iOS & Google Play stores.
3. China is leading consumer iOS App Store spend.
4. We’re spending 2 hours per day in apps, or one month each year.
Consumer app store spend will pass $100 billion in 2018?
Consumer spend will increase “30% year over year to exceed $110 billion in 2018.” Games will account for most spending. That said, the growth rate of non-game apps will exceed games, forming a larger spending share. This is largely due to subscriptions and economic maturation.
Watch China, India and Brazil
For app stores, the growth rate of Chinese consumer spend will outpace all other countries. India and Brazil will lead time-spent on Android phones. “Increases in smartphone penetration in these markets will fuel future growth of total time spent, which will lead to higher mobile commerce spend.”
App curation, more revenue and independent publisher attention
More apps can mean less discovery. Apple and Google will tackle this issue via more app curation/editorial content. These changes will impact leisure and entertainment apps, while “needs-based” apps (ie. food, banking) are “far more likely to be downloaded based on word of mouth recommendations or focused searches.” This platform will help independent publishers while boosting in-app purchase (IAP) revenue.
Facebook, Apple and Alibaba, will drive future AR efforts. They’ll enhance the developer experience and further spur consumer interest (since September 2017, there’s been a surge in AR app downloads). Harry Potter: Wizards Unite, Google Translate,MLB.com At Bat and other apps which layers into the real world are likely to boom and become the entry channel for most new AR apps.
More fragmentation of video-streaming services
Video-streaming services took off in 2017. Consumer viewing increased 85% and 70% for iOS and Google Play, respectively. Their popularity “appears to be driving the installation of multiple apps.” The result will be industry fragmentation, despite higher revenue and engagement. Eventually, consolidation will prevail, forcing some companies to succumb to profit pressures. Consumers will also rationalize about their uses of time and money.
Mobile to dominate retail
“In the US and UK, consumers spent nearly an hour on average in shopping apps each month.” More often, stores will be used as pick-up locations and cashiers will become less common. Mobile will become a core part of the shopping experience.
Restaurant aggregators and DaaS growth
Restaurant aggregators (ex. Grubhub) will continue to develop into underpenetrated markets and sway intermediary users. Delivery as a service (DaaS) providers (ex. UberEATS) will gain market share in premium markets. Rapid-service food providers (ex. QSR) will further partner with DaaS providers. Like video-streaming, this industry will see fragmentation and consolidation.
More in-home voice assistant sales
In 2014, Amazon’s Echo opened the in-home voice assistant market. Since then, Prime Day and holiday sales have skyrocketed. This year, sales will speed up during these dates (and for price promotions). Developer interest will increase, though “use cases (ex. music listening, web searching) will remain largely consistent in 2018.”
PSD 2 will let more parties “provide comprehensive, app-centric, financial-related services, while providing users with security from government oversight and legitimacy.” Wells Fargo, for example, is launching Greenhouse. This app will take a mobile-first approach to spending analytics. This directive will simplify the banking value chain globally.
Diversification of P2P Parties and Services
Venmo, and similar person-to-person payment apps, have revolutionized the exchange of money. Expect more services from these apps to decrease bank competition and improve engagement. “We expect P2P payment apps to see increased transaction volume due to growth of instant bank transfers andthird-party payments, with the latter bolstered by increasing adoption of these services as payment options by retailers and sellers.” As well, messaging and social networking apps, like WeChat, are likely to enter the space.
Consumers, developers and businesses alike have plenty to expect this year. Consider these forecasts to get the most from the app economy to aid your 2018 strategy.
“Your skeleton is your skeleton, no amount of makeup is going to change that.”
We interviewed our Director of User Experience and Interface (UX/UI), Attila Schmidt, about his work designing for web and mobile applications.
When he’s not designing, Attila spends time with his wife and two daughters. He makes a mean loaf of sourdough bread and DJs at a club on the weekend. He’s also a staunch defender of the Oxford Comma.
What are UX and UI?
“User Experience (UX) is about how you interact and flow through an application. It’s mostly independent from the aesthetics of the app. Where the goal is to help users navigate effortlessly. To do that, you need to understand a users’ intuition. UX could be how a user completes a login form or uses a chair.
“User Interface (UI) is the way something looks. The goal is to engage users with your design. Well-made UI has the ability to direct a users eyes to where you want them to go.
“To sum it up, UX is your skeleton, UI is how you look. Your skeleton is your skeleton, no amount of makeup is going to change that.
How do UX and UI overlap?
“They have to be discussed together. Both must be of a certain caliber to have a good experience. If you have a well-made UX with a UI that has tiny buttons for example, the experience will be frustrating. The UX almost doesn’t matter, because the person can barely interact with it. Conversely, if the interface is gorgeous but the UX is bad, the user will get stuck.
How do you first approach new UX and UI projects?
“With any new project, I first try to understand the requirements both for the client and their users. Then, from those requirements, provide a quality user experience. I try to wear our user’s shoes so they can traverse our designs effortlessly.
What is your core philosophy for UX and UI?
“Don’t reinvent the wheel and don’t do things just for the sake of being clever. What is well-established works. For every platform, there are patterns users expect. It makes more sense to use those patterns than something new. New ways of doing things keep people from using their instincts. For example, if you select date fields on Android and iOS, different interfaces will come up which users expect. To give them anything different is to slow them down. Give people what they already know when appropriate.
What common challenges do you run into when designing?
“There are always tensions between business needs and optimal UX. For example, sometimes business demands require users to answer more questions during the sign-up process than what’s standard because more data is needed. Finding a balance between the two is key.
“Another challenge is tackling the unexpected when deep into a project’s implementation phase. I often ask myself, how can I adjust this without upsetting the plan too much? Staying flexible is important.
What’s your take on UX and UI trends?
“They’re hard to predict. There will always be something that somebody comes up with that others start adopting. That’s when it becomes a trend. For UX, fly-out menus were once new. Now they’re common. In UI, everybody started adopting flat design, now we rarely think about it. When I have a project to complete, I’ll look at alternatives patterns or aesthetics, but I won’t use a trendy new pattern unless it solves a problem which isn’t solved better another way.
How do you approach design for web and mobile?
“For mobile design, you know how people will view it; through a small screen and probably slightly distracted. When native, I’ll often create comps, describe them and offer instructions for recreating them. This usually requires pixel peeping once implemented.
“On the web, there are many browsers and platforms so it’s harder to ensure a common experience for all. I create the front end patterns. That means developers can hook into them without recreating my designs.
Can you discuss designing for accessibility?
“BitBakery complies with accessibility standards, as outlined by the internationally-adopted WCAG 2.1. That means we describe images, use big and appealing fonts, provide lots of contrast, icons and other features for the visually impaired. Alerts, hints and errors are read aloud for the hearing impaired, as are forms with cursors hovering over them.
“When designing for iOS, we follow Apple’s Human Interface and Accessibility Programming Guidelines. For Android, we follow Android Design Guidelines. These are rules developers must follow when building for iOS and Android. We also take material design principles into consideration to improve the user’s experience.
What do awesome UX and UI look like?
“UX and UI work best when the design is seamless and mostly unnoticed. The best experiences happen when users don’t even know they’re being guided. Context matters too. You have to think about where and how a user is using your app.
“Bring! is awesome. It’s interface is simple and tile-based. It considers the context of being in a grocery store. Tiles have two different colours for what you do and don’t need. They’re organized by what you’re likely to see as you walk through the store, starting with produce. It can also link accounts. So, when my wife and I split up shopping our unified list is immediately updated.
“Other grocery apps I’ve used had long, unordered lists which require two hands. This has big buttons and needs only a thumb. When you pocket your phone, it won’t lock (because it’s annoying to unlock ten times). That UX design transcends just the screen. It’s an example of putting a thoughtful spin on something common.”
UX and UI are probably what you love about your favourite apps. They’re responsible for your experience when using them. The best apps have great UX and UI, and support your intuition.
“If not us, then who? If not here, then where? If not now, then when?”
True North was something special. Communitech CEO Iain Klugman was right, it wasn’t a conference, it was a movement. We’re stoked to be involved, to support the Tech for Good declaration and to attend next year.
Here are our five favourite highlights from last week’s event.
Tech for Good Declaration
Former Governor General David Johnston unveiled a guiding Tech for Good philosophy last Thursday. The principles are open for all to amend.
1. Build trust and respect your data.
2. Be transparent and give choice.
3. Re-skill the future of work.
4. Leave no one behind.
5. Think inclusively at every stage.
6. Actively participate in collaborative governance.
7. Continuing the discussion: Questions that still need answers.
What this means to us:
We pledge to continue to use data responsibly and to clearly tell our clients why and how their data is being used. We will meet the changing tech landscape and be inclusive. We will support this declaration to further dialogue about ethical uses of technology.
Siya Xuza’s Chant
“If not us, then who? If not here, then where? If not now, then when?”
Galactic Energy Ventures CEO Siya Xuza led audience members through this chant. Xuza asserted that everyone is capable of greatness and that “in doing what you love, the world will love what you do.” His story from a failure-stricken boy trying to fly to an engineering tycoon showed that grit and passion are essential for success. He hopes to inspire Africa with this mentality.
‘Badass’ Bozoma Saint John
Uber’s CBO showed that she honours her nickname with a discussion on human connection and motivation. She said moving to Uber was a challenge to rebuild a “lower than the bottom” brand amidst several scandals. Bozoma also explained that “talented women and people of colour” deserve more recognition for their workplace competence, “not just because it’s the right thing to do.” As well, and inspiringly, she discussed a time she brought her Uber driver to meet his favourite singer over dinner.
From Doolittle to Didlots
Robyn Doolittle, an investigative Globe and Mail journalist, passionately spoke about her article, “Unfounded.” The story featured dozens of dismissed sexual assault cases in Canada, which prompted police forces nationwide to reform their investigative practices. She’s since helped several victims receive justice. Doolittle credits data and the internet’s power to democratize for this effect.
Stranger Than Fiction Panel
“Black Mirror” creator Charlie Brooker, Oscar-winning filmmaker Spike Jonze and MIT Media Lab roboticist Kate Darling closed the event with a fun discussion on the ethics and inspirations behind technology. Each contributed fascinating insights. Darling noted that we sympathize with robots like we sympathize with other people, and suggested we consider the ethics of “torturing” machines; Jonze claimed that his movie “Her” wasn’t about the state of technology, rather, it was a product of it; Brooker responded that to “unsettle people,” it’s preferable to have “one foot based in reality.”
True North was inspiring. It was an expertly-crafted celebration of what rocks about Waterloo region. Continue to support the True North movement by following Communitech and the Tech for Good declaration.
We’re excited about the True North conference happening next week.
Next week, Waterloo Region will host one of the largest tech conferences in Canada – True North. We’re excited about joining the conversation about how to use Tech for Good. And, there is lots of good happening in Waterloo Region when it comes to tech.
1. We’re making AI our friend – 3 Waterloo companies using AI for Good
Formed in 2017, Kiite helps sales professionals to be more productive using AI. Siblings Joseph Fung and Donna Litt founded Kiite and have raised over $3 million and currently employs 15 individuals.
Greta Cutulenco co-founded Acerta to use big data and machine learning to help car manufacturers. Acerta uses deep learning to analyze the safety of each vehicle before release. Feedback is continuously processed to improve the software. In doing so, Acerta has helped clients “achieve a new standard of quality and improved KPIs.”
Emagin is another key player. Their focus is using AI to manage water and wastewater facilities. They specialize in emergency preparedness and anomaly detection. Their methods – which harness the power of the cloud, big data, and virtual assistants – have shown to reduce operational costs. Emagin was also nominated as a top ten global digital water company.
These organizations offer business advice, hands-on help for recruiting and innovating, workspaces, as well as investment and networking opportunities.
3. Fostering productive AI
The recently announced Waterloo AI institute embodies this spirit. The center intends to transform “how we work, how we travel, how we treat disease, how we communicate, and how we learn.” The research will accentuate the work of AI enthusiasts such as Dr. Alex Wong and Dr. Fakhri Karray. A core focus will be uniting disciplines, teachers, and students in the investigation of AI.
Waterloo has an important role to play as the heart of Canadian AI innovation. Moving forward, more research into machine learning will help tech advance safely and productively. This institution is well-positioned to allow Waterloo to further support its vibrant community. Learn more about it here.
4. Join the discussion at the True North conference
Waterloo Region is home to the True North conference, running May 29-31. Join other leaders to discuss the state of the tech sector and how it is impacting society and our daily lives.
The conference features Craig Silverman (the guy who coined “fake news”), Ed Catmull (co-founder of Pixar), Bozoma Saint John (CBO of Uber), Siyabulela Xuza (founder of Galactic Energy Ventures) and Spike Jonze (director).
Evenings feature #TNDTK festival events such as tours of startups and other points of interest, a concert by the Beaches and an incredible night of technology, sound, and electronics at THEMUSEUM in Kitchener.
You only need to write core logic for your server as a bunch of stateless API (application program interface) calls. The provider takes care of hosting for you, including scaling and security issues. This encourages a strict, stateless design philosophy as the server can’t manage tons of information.
This makes things simpler, except at the design and architecture stage. That’s when it becomes more interesting to design. Organizing a serverless database schema requires care because it’s more limited than standard databases.”
2. What excites you about these serverless technologies?
“Serverless makes server maintenance easier. It lessens the amount of stuff that can go wrong, and makes developing easier. People hate worrying about their servers during downtime.
3. How are these technologies influencing the world?
“A lot of companies are integrating serverless technology. It’s easier than ever to build the backend for your new app or game. This helps startups get their products out. A back-end that scales automatically means there probably won’t be a crash right after launch. User experience is improving, too.
Dedicated servers like Amazon’s or Google’s will probably mean fewer credit card hacks. I say ‘probably’ because there is risk of (unlikely) bug exploitation.
4. What are the implications of serverless technology?
“Developers won’t have to do so much back-end plumbing, scaling and security, because serverless takes care of it. More time can be spent on what matters, like UI, design and graphics.
5. Can you expand on how serverless technology helps with scaling?
“Say you write your code in a small, stateless manner. It’s Amazon’s job to deploy that to as many servers as necessary. They do have some limits, but they’re very high. Whether your app does one request per second or 500 makes no difference.
It’s also much cheaper for the developers. You pay a fixed cost to run your own server, which can be $80-100/month. Many startups spend money on inactive servers because an app or product doesn’t need much attention. With Amazon’s Lambda, the bill may only be 10 cents.
6. How would you start learning about serverless technology?
Projects have different requirements, and you should know all your options. Sometimes going serverless will be best. It’s a quick way to get moving and prototype a system.