While this year is still is challenging, it was marginally better than last year and we have so much to be thankful for. As a quasi-tradition for being in tech, here’s the list of technologies that I am grateful for this year.

Visual Studio 2019
We finally moved from Visual Studio 2013 to Visual Studio 2019 after several thwarted attempts. The difference is night and day. We are far more productive and spend less time wrestling with the tool and more time getting our work done.

Apple Watch
My wife got me a 3rd generation Apple Watch last year. Since biking wasn’t much of a choice to do around, Apple Watch allowed me to stay conscious in being fit despite the lockdowns and restrictions.

I just got my 365 Move Goals badge!

Apple AirPods
I am a big fan of wearable computing since Windows Mobile era. I early adapted one of those dorky-looking Bluetooth headphones. I also had a Bragi—which I love but it didn’t really find its way to my routines. AirPods has become indispensable both in my work and personal communication routines. It made daily calls and meetings a little easier; it’s one less thing I had to wrestle with.

Microsoft Teams
We are now perpetually working from home thanks primarily because of Microsoft Teams. It replaced a lot of our onsite office workflow and it replaced them reliably—team communication, project workspace, issue tracking, etc. 

Office 365
This was included in my previous list but it is worth mentioning again specially with Teams. Office 365 integrations with a lot of apps made our migration from office work to remote work easily and reliably. 

Zwift
While I still use Strava for my cycling activities, Zwift has replaced it as my primary way to record my cycling activities—at least while pandemic isn’t over. I have a few gripes about it (no family bundle, Apple Watch issues, etc), but it really made me stick with indoor cycling all through out the pandemic. 

I won’t forget to mention technology categories that I am just as thankful. Video Calling platforms which kept us in touch with friends and families. Streaming Video apps that entertained us while we deal with the stress and anxiety of the pandemic. Lastly, of course, is the Internet—a lot of us take for granted how it changed and is continuously changing our lives. Imagine how this pandemic would’ve turned out to be without it. We would’ve lost our minds. 

Here’s to hoping that 2022 wouldn’t be a marginal progress. Cheers!

If you’re a Zwift user and you prefer to watch other content while indoor cycling (I do), I have a great tip for you. Right now, Apple TV supports Picture-in-picture (PiP) mode—a secondary video overlay to an active content. The feature works great—no noticeable lag, consistent high frame rate. There’s one caveat: only few apps support it—Apple TV+, Apple iTunes, and few cable apps. 

What you can do, however, is to use a secondary iOS device and Airplay the content to the Apple TV. Instant PiP while working out! It gets better, by default, Apple TV does not output the sound of the PiP. You can override this by pressing the Home button on your remote—Apple TV will switch to the PiP window and outputs the sound of the PiP content. 

Enjoy!

In the advent of streaming videos, you will be forgiven for forgetting that there’s such a time where building your own movie library was cool and awesome—a Netflix of your own—such a novel idea. It was such an appeal to me that I built my own HTPC (Home Theater PC) during its heydays. It was awesome. Windows Media Center, for all of its quirks, was a beautiful setup. Nowadays, I’m sold on Apple TV. I use it for most of my media consumption and one of my favorite Apple TV apps is Plex. Plex on Apple TV is rock solid. It’s built natively so the UI is responsive and looks fantastic.  It supports tons of file format. It has a mature networking stack so the stream is buttery smooth. 

The Case For A Local Movie Library

Let’s get this out of the way—why would you bother to build your own movie library when Netflix and Youtube scratch almost all of our video itch. The first and most important reason is offline availability. Netflix might be able to stream that Friends episode better but what happens when the internet is down. And it happens more frequently than you imagine. Second, your obscure collection of ripped Blu-ray DVD of a Van Halen concert or that bootlegged copy of your favorite artist performing at a local pub are now protected and always available for your viewing pleasure.

What You Need

The first thing you need to consider is how big is your local library going to be. If it’s just dozens of videos, an old, spare CPU (or laptop) is good enough. Disk space is the most important spec so if you have to, upgrade your storage. SSD can give you a tremendous boost in terms of playback performance. However, if you have terabytes of videos, you might consider getting a NAS (Network Attached Storage). NAS is a storage device attached to your network and can be accessed by any device that can consume your videos. Most NAS support Plex but it wouldn’t hurt to verify first.

My setup is a headless 2012 Mac Mini with 1TB of SSD and 8GB of RAM. It might not seem much but it gets the job done quite well. The only thing running here are the Plex server—which serves the videos, Team viewer—so I can configure the machine remotely—no monitor, no keyboard, no mouse. 

Plex supports myriad of platforms which is great because I consume videos using different devices. We have couple of 4th and 5th generation Apple TVs littered around the house—these are the heavy hitters. Then when we are away from home, we watch via an iPad tablet or a phone (Plex is available both on iOS and Android). I have also an Ankler Nebular Mars 2 portable projector running on Android 7.0 (ack) which supports Plex that we occasionally use for outdoor viewing (side note: also perfect for camping). 

Let’s Get It On

First, signup for a Plex account. This may seem annoying and unnecessary but it makes the setup between devices a lot smoother—instead of remembering IP addresses, network credentials, etc, the Plex account will take care of that.

So once you have your Plex machine ready, pick a folder location. Drop all of your videos there. It helps to separate them by media type e.g. movies, TV shows, home videos, etc. Download and install the Plex server. It’s a straight-up installation process so you can’t mess it up. It’s gonna ask for the location of your videos so just point it there. It’s also gonna ask for your Plex account. After the installation, Plex will start building your library. It should take a couple of minutes depending on your collection. 

Once your done with your library, you can point a Plex client—device (phone, tablet, smart TV, etc) that will consume your Plex videos—to your server. To do this, simply login your Plex account to the client device. After that, Plex will detect any media server in your account and make it available to you. Your database should now be visible to your Plex app.

Enjoy!

Building your own software is costly. Whether you assemble a team to build it or have someone else build it for you, it’s an undertaking that requires significant investment in time and resources. A lot of people assume that building your own software is like buying off-the-shelf solution. You spend the money, you get to use the software—it’s just supposed to work. That couldn’t be further from reality. Let’s unpack what really goes on with the true cost of building your software. 

There are two main components of the software cost: development cost and maintenance cost. Let’s talk about development cost for now and the things that affect it.

Scope

This is easily the most overlooked aspect when building software. Development cost is a variable cost. It is proportional to the scope—normally expressed in features—you want to build. The rule is simple: the more feature you want to bake in, the more hours it needs to be built therefore the more expensive it is. However, understanding the process is important. The more you know and understand what you want, the better you can define your scope. Identifying, prioritizing, and even skipping features can lead to better use of expensive development hours.

Let’s say you want to build an e-Commerce app with built-in payment. In an untrained eye, the payment is one feature. In reality, the hours to build the feature is equal to the number of payment providers you want to support (PayPal, Stripe, etc). The same concept can be applied to any external integration you wish to include like authentication providers (Facebook, LinkedIn, Twitter, etc). 

Distribution 

How do you plan to deliver your service or products to your customer? Through a web app? A mobile app? Via Facebook? All of the above? Each distribution channel you include incurs additional cost. Furthermore, for mobile apps, keep in mind that they are developed separately for each platform. Right now, there are only two platforms that matter: iOS and Android. Your target demographics should dictate which platform to pick. 

Developing for social media platform such as Facebook is attractive because of the instant access to millions of users. Basically, your app will run inside their platform and integrate with your backend system. However, these kind of web apps are sandboxed with stringent constraints. Tighter constraints typically means longer development timelines.

The most practical choice is web because of its ubiquity. Users can access web apps using their phones, laptops, and tablets. Additionally, web technology has become so powerful that it can offer most capability that other mediums can do.

Native apps, however, has the advantage when it comes to accessing raw compute power of a device. If your application will require performance-intensive computing like games, native app is the ideal candidate.

Technology Stack

While picking which technology stack to build your app with can affect your development cost trivially, it’s worth considering nonetheless specially if you are building your own team. Mature technologies have better tooling that speed up development tasks. They also have better community support around them thus building and troubleshooting are easier. The most frightening situation you can end up with is going with a new technology and running into a platform-level issue. This can completely derail your app. 

Technology stack can also affect how you build a capable development team. Mature technologies like Java, .NET, PHP, etc. might not sound cool and sexy but developers with varying expertise and experiences are abundant. This will give you flexibility on how you can assemble your team based on your budget. 

I plan to write a series of posts regarding the journeys of building your own software. Let me start with the oddity—when not to build your own software. Over the years, I’ve developed this informal 4-question test to help people decide whether they actually need to build their own software—whether it’s a product or a custom solution for their needs. 

Are free or ready-made software enough?

Let me just say this: most of the time, people are fine with free and/or ready-made software. You are fine to use Facebook Page or an Instagram page as your website; It’s perfectly okay to use Shopify as your e-Commerce platform. In fact, I often advise people to do so. Consumer products are often very robust, with a mature feature set, and decent support. 

Does adding staff will get the job done?

The next question you should ask yourself whenever you are tempted to build your own software is: does adding staff solves the problem? Adding people—or outsourcing work—is usually a fast way to address a growing problem. For example, keeping track of a growing inventory is a challenge for a small team and adding a few staff usually solves the problem. 

Do I have existing processes?

Whenever I ask someone whether they have an existing processes, they always answer with an emphatic ‘yes’ but in reality they confuse vaguely discern-able behavior of patterns to process—people tend to have a loose definition of it. Well-conceived processes can save you from building a costly software. Take a long, hard look and ask are there really existing processes in place (with enforceable policies and supporting documents)? Have you defined them? Do people know what to do for every scenarios in each process? 

Can I afford it?

You have tools, people, and processes in place. You feel that adding a custom-designed solution in the mix would smoothen things out and yield more productivity. You ran the numbers and you’re quite sure of the result. The last question you need to ask is: “do I have the money?” Building your own software is expensive. Development cost alone is a significant investment. Maintenance and support are even bigger chunk. Unless you have think it through and decided that the pros outweigh the cons, stretch whatever you have that’s working as long as possible. 

Answering these questions with due diligence should give you legs to stand in building your own software. Next: what is the cost in building your own software?

We are on the last leg of a project and one of the remaining tasks is to apply Cross-Site Request Forgery (CSRF) measures to all possible attack surface of the website. We normally use Google’s Captcha for this, however, this is not ideal on all scenarios. For one, adding Captcha to all forms would drive your users mad. For scenarios that require non-disruptive measure, we use ASP.NET’s built-in method: AntiforgeryTokentoken. 

AntiforgeryToken works well with HTML forms. It’s a 2-step process where you place the token inside you HTML page and decorate your handler with ValidateAntiForgeryToken. However, to make it work with AJAX calls it becomes a 3-step process. First, just like the previous method, place your token inside your HTML page. Second, read the token and build your AJAX request data with the following format:

Couple of things here, request must be POST. The name of the token must be __RequestVerificationToken. This is the name of the form field generated by @Html.AntiForgeryToken() helper which is what’s required on the the last step—decorate your method handler ValidateAntiForgeryToken attribute.

So I thought that this project was dead. Yesterday a surprise development resurrected it from the ashes. DOH provided data dump (instead of a public API) for COVID 19 cases. The data is now dumped daily in Google Drive. It’s not the method I prefer, however, most of the enterprise apps we develop and support use this method so I am well experienced here. 

This change impacted the app in two major ways: first, I need to create a CSV upload facility and completely discard the data pull from their previous API. Second, the schema and lookup values changed so I have to modify the part where it aggregates the data. This is the most tedious part, to be honest. I scrapped all previous data and I re-evaluated how I plot charts. 

I have also scrapped some of the features as the data no longer supports them. For example, the previous data includes foreigner and OFW cases. It seems those are now gone. I will update the app in case this changes.

I am now 80% done. Most left are testing. Hopefully, I can get something shipped by end of the week. Stay tuned!

I was implementing an OWIN authentication using Google Id for one of our projects when I with a wall. For some reason, Google is not returning anything despite successful authorization. I was screaming at my screen for half an hour. It turns out there’s one sneaky gotcha I would’ve never guessed.

  1. Enable the Google+ API. This is one hidden b**** of a gotcha and is the root cause of the problem in the question here – if you don’t do this, it’s easy to miss that the Request to /account/ExternalLoginCallback includes &error=access_denied, and that’s because Google said no to a permissions request OWIN made for the user’s Google+ basic profile. I can’t tell whose fault this is, Google’s or Microsoft’s.