2012-07-10

The Retina MacBook Pro

I got me one of them there new “retina” MacBook Pros. It’s the stock 2.3GHz 15” model with 8GB of RAM and a 256GB SSD. Here’s a miniature review. Disclaimer: it’s a work-supplied computer, so I’m using it exclusively for development and didn’t have to pay for it myself.

First off, the bad. Finder won’t start with my Acer monitor plugged into the HDMI socket; the screen turns blue and the computer hangs. This is odd, as the monitor works fine with my previous 2009 MacBook Pro, and works fine with the retina model if I plug it in once the computer has finished booting.

It occasionally does weird things to the iPhone simulator. This may or may not be related to the new hardware. Xcode is so relentlessly buggy that it is difficult to tell. However, I haven’t experienced these particular problems on any of the other 3 Macs I use for development, so that narrows it down a little. The iPhone-style surrounding skin sometimes disappears, leaving me with a title bar informing me of the simulator’s build number. It also has a habit of placing the iPhone’s screen about 100 pixels below and to the right of where it’s supposed to be, which looks odd when the surround does actually appear. In Xcode itself, hovering over a keyword results in the tooltip floating somewhere near the top of the screen instead of next to the mouse.

The lack of an eject button means the Ctrl-Shift-Eject shortcut I’ve used for the past year or so no longer puts the display to sleep, so I’m forced to use the keychain app to lock the computer instead.

The massive resolution seems to tax the GPU when it has to throw a lot of pixels around. Scrolling a webpage within a large Safari window is noticeably jerkier than doing the same on either my personal 2011 13” MacBook Pro or the 2009 15” MacBook Pro I was previously using at work.

The keyboard is somehow different. I’m not sure if it’s that the keys have a different texture than my previous Macs or if they have an even lower profile, but I’m finding it a little awkward to type on.

Now the good!

This computer is fast, mostly due to the SSD. It boots in seconds, and apps typically load before their icons have finished their first bounce. It compiles my current project in half a dozen seconds, compared with roughly a minute on the 2009 laptop. VMWare resumes a suspended Windows session in no time at all. This is the first SSD I’ve owned and the performance is really stunning. I’ve held off from buying one because I’m tired of being an early adopter and getting hardware that’s unreliable or overhyped, but seeing this drive in action has convinced me to get one for myself.

The screen is gorgeous. I was concerned that non-retina apps would look horrible on the upscaled display, but although there’s a difference it isn’t one that bothers me. It manages to make the Xcode storyboarding system even more awesome than it was before, by making it possible to see each iOS view clearly even when zoomed out to 25%. Text is amazingly crisp, which is marvellous when you spend 8 hours a day in front of a text editor.

It’s now possible to use the iPhone simulator in retina mode and have it appear on-screen at the same size as the standard mode. Dragging it over to a standard-resolution second monitor causes it to automatically halve its resolution but stay at the same physical size. Handy. If the simulator starts up on the second monitor it adopts the same enormous proportions as it would on a non-retina Mac.

And now for the indifferent.

The built-in HDMI port means I’ve ditched the DisplayPort to HDMI adaptor that I was using previously. However, as the new model doesn’t include an ethernet port I’ve got a Thunderbolt ethernet adaptor plugged in instead.

As it’s a work machine I’ve no use for the USB3 or other updated sockets, so I can’t comment on whether they’re an improvement or not. Ditto for new speaker design; I don’t use them. The same goes for the new lightweight form factor, too. I prefer the 13” models, so for me a 15” laptop is oversized no matter how thin it is (and it is very thin). When Apple get around to releasing a 13” Pro with a retina screen I’ll probably end up getting one for myself.

Is it worth buying over the standard resolution model? Yes. Being able to test websites and apps on the latest displays is definitely worthwhile. You’ll lose the optical drive, but that’s mostly worthless now anyway. You can always get an external drive if you really need one. You’ll also lose the ability to upgrade the RAM or replace the battery. I’m not concerned about the battery life - I’ve treated my 2006 white MacBook’s battery well and it’s still working after 6 years - but the RAM might be more of an issue. I got the 8GB retina model, which runs Windows 7 x64 and Visual Studio 2010 in VMWare and Xcode with no issues at all. However, if I were stumping up my own money for the laptop I’d have opted for the 16GB model. I’ve had to upgrade the RAM in all of the Macs that I’ve owned in order to keep the hardware viable over time, so the extra is undoubtedly worth it.

Is it worth it if you’ve already got a decent Mac that doesn’t waste too much of your time while it compiles? Honestly, not really. The most impressive difference between the new model and my own laptop is the I/O performance, which is solely down to the SSD. My next Mac will have a retina display, but for the moment I’m just going to fit an SSD to my current laptop.

2011-11-29

Enterprise iOS Apps

Recently I’ve been looking into the potential of iOS devices in the enterprise, which is surprisingly zeitgeisty. Computer users in enterprises typically have to deal with laptops that take 10 minutes to boot because they’re old, running Windows XP and laden with crufty enterprise junk. Users can’t install anything because they don’t have admin rights, and the IT department doesn’t want to spend its time uninstalling the Bing toolbar and Bonzi Buddy from the computers of techno-illiterates who, like magpies, are attracted by anything that blinks, flashes, glows or moves. They have to deal with IE6 and a virus killer that saps their CPU time and their will to live in equal measure.

A few people within enterprises have bought iPads or iPhones and suddenly find themselves with a computer that doesn’t have IE, doesn’t have viruses, allows them to install whatever they want and is always ready to use. They’ve realised that they can do most of their work with nothing more than an iPad and a Bluetooth keyboard. If only there was “an enterprise app for that” they could dump their bottom-of-the-range Dells with their oversized bag and carry around their iPads instead; hence the need for enterprise iOS applications.

The average enterprise application consists of:

  • An enormous, badly-designed database written by guys who didn’t know how to make databases but who once met the brother of a friend of an acquaintance who’d seen a SQL query a few years ago, didn’t really understand it, but thought it was pretty neat;
  • A vile, enterprisey “business logic” layer, with interfaces that describe factory classes that produce factories that produce classes that aren’t used anywhere in the codebase, because all of that clever planning and abstraction was a counterproductive waste of time;
  • A dumb web UI that allows CRUD operations on the database, cunningly designed to be 100% compatible with Internet Explorer 5 and 6 and utterly unusable in anything else, possibly even implemented as an ActiveX control masquerading as a website for marketing purposes.

Enterprise iOS apps will typically replace this last tier of the application stack. At the very least, apps need to be able to interact with the business logic layer to perform CRUD operations.

If you’ve been smart when putting together your existing systems, you’ll have followed Steve Yegge’s advice and built everything as a service. Want to know which user has the network ID “elb”? Point your web browser at your RESTful HR web service and query /employees/elb. The user’s details will be output in easy-to-parse JSON format.

In that case, you can give yourself a congratulatory pat on the back and go grab copies of ASIHTTPRequest and JSONKit. All of your systems are already set up in such a way that you can interact with them from pretty much any device that supports HTTP. It’s even easier if they can perform asynchronous requests and parse JSON.

If you haven’t built a service-oriented architecture, or were misguided enough to use WCF and SOAP - perhaps because you wanted to add a piquant dash of vendor lock-in to an architecture designed for heterogeneity - you could do far worse than take a look at Nancy. This is a micro web framework for C# based on Ruby’s Sinatra that will allow you to create RESTful web services, and indeed full websites, with astonishing ease.

The next issue you’ll have is security. What you really don’t want to do is expose your databases to the internet, particularly if those databases contain sensitive data such as employee details, client data, etc. If your iPhone needs to interact with a web service behind a firewall, what can you do?

You have 3 options:

  • Ignore the security issues and expose your web services to the internet;
  • Only allow the app to work when the iPhone is connected to the corporate network;
  • Connect the iPhone to the corporate network via a VPN.

I like to think of the first option as “the Sony approach”. If you don’t particularly value the privacy of your employees or your clients, don’t mind months of downtime when you try to shoehorn security features into a live system and aren’t embarrassed by publically demonstrating your astounding ineptness, this is a very worthwhile choice. On the other hand, you might recognise it as a security disaster waiting to happen.

The second option introduces some complexities. The whole point of a mobile app is that it’s, well, mobile. A mobile app that can only be used at a single location is obviously not amazingly useful. One possible workaround would be to cache relevant chunks of the database’s data on the iPhone. All CRUD would be performed on the cache. Any changes would get replicated to the master database when the device next connected to the corporate network. Obvious downsides are the need to deal with conflicting edits, either by automatic/manual merging or by asking the user if he wants to overwrite the remotely-edited version with his own changes.

It’s a tidy solution, but it introduces another security risk - your sensitive data is now stored on a highly desirable and easily mislaid phone. You could consider encrypting data stored on the iPhone. More extreme possibilities for securing the data include requiring a username and password to start the app (which would be a massive detriment to usability) or setting up the device in Exchange so that it can be remotely wiped if lost.

The third option is the best tradeoff between usefulness and security. VPN traffic will be encrypted, there’s no need to punch holes in the corporate firewall, and the VPN can be accessed from any location with internet connectivity. The iPhone has an excellent built-in VPN client that appears to offer identical functionality to the client in OSX. This solution obviously relies on the company having an existing VPN infrastructure or being open to the idea of implementing one.

The downside is that a lost device now has access to not only any enterprise apps but the VPN too. The risk associated with this can be mitigated by using a username/password combo to authenticate with the VPN instead of using a certificate. Certificate-based authentication happens automatically, whereas username/password-based authentication requires the user to type in his password every time he tries to connect. This might be the most appropriate approach to adopt anyway, as corporations are fond of implementing expiry policies that would necessitate the creation of new VPN certificates every few months. However, the user would need to manually sign on to the VPN each time they used the app. Worse, the iPhone has a habit of dropping VPN connections whenever it feels like it. How often do you want your users to enter their passwords?

The best approach is probably a mixture of the above:

  • Encrypt all local data
  • Set up all iOS devices in Exchange so that they can be remotely wiped
  • Allow read-only access offline by caching data on the device
  • Require a VPN connection for editing data

The VPN can authenticate via certificate for ease of use or via username/password for heightened security/to appease the password policy patrol.

Our enterprise iOS app architecture now looks like this:

  • MSSQL database used as storage
  • .NET-based business logic layer
  • RESTful Nancy web service exposing CRUD operations of business logic layer
  • VPN connection for encrypted, authenticated communication with the web service
  • iOS UI app that caches data locally for offline browsing and allows the user to interact with the web service via ASIHTTPRequest and JSONKit

Vaguely related to this, I’ve added a simple website/web service for distributing enterprise iOS apps to my BitBucket page:

It presents a list of iOS apps in an iOS-friendly website and allows them to be downloaded straight to the device. It can also be used by apps to determine the latest version number should they want to update themselves automatically.