I attended a talk about this very topic over the weekend. The presenters started off with a lot of great ideas (their product is in development), and decent stats.
Designed for 'low and slow', < 25000ft, < 250kts
Bypass Ratio of 7, fuel consumption was about 40 gal/hr for 500ish pounds of thrust.
FADEC controls, integrated starter/generator, all electric pumps, 5 hour strip down time.
Turbine is a non-cooled blisk.
Fan is an aluminum blisk.
So, all this sounded great, then things started to fall apart in the second half.
Combustion chamber takes 18 months to make (or for them to get the turn around on one unit), to me thats a red flag, any single part that is that complex must be stupid expensive, or they need to find another supplier.
Certification won't be ready until 2015 at the earliest.
Cost: US$250,000 , and they expect people to buy two. Really? For $500,000 I can get a used King Air, *today*. Even some Lears and other 80's era jets are in this price range nowadays.
I really don't see where this engine fits in. I'm grateful they revealed their stats, (just try to find stats or costs on a PW610 or Williams FJ-33), but this is still way out of the range of 'general aviation'.
Granted, these guys aren't Innodyn (who imploded without ever delivering anything and made promises they couldn't keep), and they were rather humble, and made no real claims to anything. Everything was an estimate.
GA really does need an affordable turbine, and by affordable, that means "the price of a nice car", not 'the price of a mansion'.
A new O-360 runs at around $50,000, (most of which probably goes to pay lawyers and paperwork), and people do buy these, so lets stay that's affordable.
Perhaps I'm wrong, but with CFD and simulator power available, wouldn't starting a new engine (or taking a APU design and adapting it), be 'relatively' easy? Fabrication has come a long way, parts can be milled on a 6-axis mill, Sintered with lasers, and so on. Turbines also have fewer parts, so it should be less to certify, if one is going that route.
Still incredibly disappointed this hasn't happened, is there not really a market? is it actually way more harder to make an engine than I realize?
One of these days I'd certainly like to try.
Monday, December 5, 2011
Monday, July 25, 2011
Giving up on HTML5 file drag and drop.
I had a solution that 'mostly' worked in chrome, and 'mostly' worked in firefox, and then I find out safari, as usual goes off and does its own thing.
I then read QuirksMode multi-page rant on how bad this API is, and realized the real problem was trying to support this mess.
I'm pretty sure I had safari drag and drop working at first, but now? It refuses to accept files, my code never even gets the chance to 'accept' or 'reject'. Maybe I'm doing it wrong (though FF and chrome both work), though its so hard to tell. This whole API is a terrible terrible mess with no clear examples on how to use it, nor any sort of standardized test suite to prove it works on any given browser, which makes it even more likely that a bug was introduced, made me realize its a waste of my time trying to deal with it.
As I dig more into web development, it certainly seems like no one is at the helm, or whoever is at the helm of this crazy ship certainly has no interest in consistency, or even 'looking out' for the web developers.
If the W3C is really in 'charge' why aren't there a proper set of test suites that are run, (maybe they exist, but they must not be thorough with all the crazy nonsense I've seen between chrome and firefox.)
So for now, I went back to the <input> type everyone loves to hate, and that's type='file'.
Which in itself, is another big mess.
On chrome and safari, there is an 'OS' styled button that says "Choose file", with some room for the filename on the right.
On firefox, it is an old school square button that says 'browse', which has a text entry field on the left.
Chrome and safari (via webkit?) allow a user to drop a file from their desktop onto the button.
Firefox does not allow this.
In firefox, the <input> can be sized with style, but then the button just gets bigger.
In webkit, the area gets bigger, but the button remains the same size. Most other styles are ignored.
Safari will never give you the results from multiple files being selected, only the first one.
Safari never sends the mime type in the POST, so, good luck with trying to figure that out, Firefox and Chrome bother to suss this out and report it.
I then read QuirksMode multi-page rant on how bad this API is, and realized the real problem was trying to support this mess.
I'm pretty sure I had safari drag and drop working at first, but now? It refuses to accept files, my code never even gets the chance to 'accept' or 'reject'. Maybe I'm doing it wrong (though FF and chrome both work), though its so hard to tell. This whole API is a terrible terrible mess with no clear examples on how to use it, nor any sort of standardized test suite to prove it works on any given browser, which makes it even more likely that a bug was introduced, made me realize its a waste of my time trying to deal with it.
As I dig more into web development, it certainly seems like no one is at the helm, or whoever is at the helm of this crazy ship certainly has no interest in consistency, or even 'looking out' for the web developers.
If the W3C is really in 'charge' why aren't there a proper set of test suites that are run, (maybe they exist, but they must not be thorough with all the crazy nonsense I've seen between chrome and firefox.)
So for now, I went back to the <input> type everyone loves to hate, and that's type='file'.
Which in itself, is another big mess.
On chrome and safari, there is an 'OS' styled button that says "Choose file", with some room for the filename on the right.
On firefox, it is an old school square button that says 'browse', which has a text entry field on the left.
Chrome and safari (via webkit?) allow a user to drop a file from their desktop onto the button.
Firefox does not allow this.
In firefox, the <input> can be sized with style, but then the button just gets bigger.
In webkit, the area gets bigger, but the button remains the same size. Most other styles are ignored.
Safari will never give you the results from multiple files being selected, only the first one.
Safari never sends the mime type in the POST, so, good luck with trying to figure that out, Firefox and Chrome bother to suss this out and report it.
Thursday, April 14, 2011
IE9 - did they just stop trying?
IE9 was supposed to embrace html5/css3 and so on. I fired it up and pointed it my new website, thinking maybe it'll 'just work' (much like how FF and chrome 'just work').
The result was a train wreck. I don't think any XMLHttpRequest fired, the CSS was pretty much ignored. I found a setting to switch it out of 'quirks mode' (Why default to this?) but the result was still pretty bad.
Maybe if MS would stop concentrating on "hundreds of fish" demos and get CSS working right, they'd have something.
Generally, WebKit and Firefox both just seem to work. The main inconsistencies are a few javascript quirks, but at least they can render bog standard tables, which apparently IE9 can't.
If IE9 (or IE10) end up 'mostly working' like the other two do, I'll consider supporting it, but it's in such a bad state that its currently not worth my time to support any IE browser.
The result was a train wreck. I don't think any XMLHttpRequest fired, the CSS was pretty much ignored. I found a setting to switch it out of 'quirks mode' (Why default to this?) but the result was still pretty bad.
Maybe if MS would stop concentrating on "hundreds of fish" demos and get CSS working right, they'd have something.
Generally, WebKit and Firefox both just seem to work. The main inconsistencies are a few javascript quirks, but at least they can render bog standard tables, which apparently IE9 can't.
If IE9 (or IE10) end up 'mostly working' like the other two do, I'll consider supporting it, but it's in such a bad state that its currently not worth my time to support any IE browser.
Sunday, March 27, 2011
PreparedStatements escape their arguments.
String sql = "select * from myTable where sometext=?";
PreparedStatement prep;
...
prep.setString(1, "I'm in yur SQL");
out.println(prep.toString());
>select * from myTable where sometext='I\'m in yur SQL'
I was 'pre-escaping' the 'sometext' string before hand, which means a 'double' escaping happens, causing the query to break.
I originally thought it magically stored the string and I didn't need escaping at all, but I messed up another part of the query, leading me down the wrong path. Argh!
Pro-tip, use TOAD, or similar tool (MySQL Workbench) to verify your queries. The preparedStatement.toString() will spit out the query for you.
Wednesday, March 23, 2011
Firefox vs Chrome - Event variable names
Works in chrome, not firefox:
<button onclick="Foobar(evt);">
In order for firefox to work as well, the event variable MUST be named 'event'.
<button onclick="Foobar(event);>
I'm guessing webkit assumes the first arg is for the event data, and firefox probably matches the string with 'event'.
No big deal, using the word 'event' is probably a better style guide anyway.
<button onclick="Foobar(evt);">
In order for firefox to work as well, the event variable MUST be named 'event'.
<button onclick="Foobar(event);>
I'm guessing webkit assumes the first arg is for the event data, and firefox probably matches the string with 'event'.
No big deal, using the word 'event' is probably a better style guide anyway.
Sunday, March 20, 2011
Caveat emptor: AWS requires apache commons
specifically:
commons-logging-1.1.1.jar
commons-httpclient-3.0.1.jar
commons-codec-1.4.jar
The SDK does not include these.
No where in the docs does it say these are required.
I wasted some time figuring this out.
My friend Trimbo says that I should be using 'maven', which would have fetched these JARs magically from the intrarwebs.
I remain skeptical, I have yet to figure out how to get my project set up correctly, its complaining it can't find a server, even though tomcat has been registered globally with Netbeans.
This list of JARs is just for S3, I have no idea what other jars might be needed if other parts of the AWS SDK are touched.
commons-logging-1.1.1.jar
commons-httpclient-3.0.1.jar
commons-codec-1.4.jar
The SDK does not include these.
No where in the docs does it say these are required.
I wasted some time figuring this out.
My friend Trimbo says that I should be using 'maven', which would have fetched these JARs magically from the intrarwebs.
I remain skeptical, I have yet to figure out how to get my project set up correctly, its complaining it can't find a server, even though tomcat has been registered globally with Netbeans.
This list of JARs is just for S3, I have no idea what other jars might be needed if other parts of the AWS SDK are touched.
Saturday, March 19, 2011
Website Security
In building one of my first true 'internet facing' sites from the ground up, both client and server side code, I have started to put lots of thought into possible attack vectors. I'm also pretty new to this stuff, so I ask advice from my friends who have been doing this thing for longer, then I wonder why other sites I visit seemingly ignore basic security measures.
To gain some focus, I'll limit security to API and man-in-the-middle snooping. I really can't do much about 'over the shoulder' peeks or key loggers on a user machine, or someone on the console. I can minimize impact to the system, hopefully confining the security problem to a single user.
Obfuscation and Salting
Data flows from the server to the client, and unless its a really boring static page, there is likely to be javascript running, and nowadays, some XMLHttpRequests doing GET and POSTS on a servlet API, which means data is going in both ways. Also, 'anyone' can view page source, and probably deduce how to use my servlets.
Obfuscating my APIs is probably not worth my time, though I can try to make them limited to specific functions (no running of arbitrary SQL via a 'POST" for example), and have them require validated sessions/logins.
I can however mangle or obscure the data flowing out of the server to the client, as long as the client simply relays that back without requiring any transforms on it.
For example, the client can request the top most purchased items from a store website. The server can send back 'salted' keys that only it knows how to decipher. The key space can be sparse and large, which would hopefully limit 'just add one' kinds of snooping if using a in-the-open auto-incremented key. The actual SQL tables can have regular ol' integer auto_increment keys though.
Require valid sessions to do any changes. Using HttpSession in java, this is pretty easy. I can set any arbitrary data into the session, but this is all server side. The client doesn't know I put a user name, or access level, or anything at all into the session attributes. Once past a typical login/password exchange, a valid session is created, and any further servlet POSTs then require a valid session.
Use HTTPS to protect sensitive data: A certificate costs money, but if you are serious about security, fork up a few bucks a month to get a certificate. HTTPS is 'the' way to stop man-in-the-middle snooping, which is dirt simple nowadays. Anyone visiting Starbucks with a laptop and some easy-to-find software can grab all the data being sent and received from everyone else in the room. There are bound to be other points around the internet that might also be 'wide open' for data trawling.
But don't just stop at HTTPS for a simple login/password exchange or a credit card number. Be sure to wrap any Personal Identity data exchange in HTTPS as well. Any time a user edits or views their address, phone number, 'real name' or similar information, make sure its on HTTPS.
On the subject of passwords, never store a password as plain text in your database. Store a large hash of it instead, for example, SHA-1 or MD5. Gawker learned this lesson last year. Any website that can email you your login AND password information is storing things as plain text. Sites that have a 'reset' password option are probably storing only the hash. And of course, never send the password out to the client. You may also encourage your users to choose 'better' passwords by requiring numbers, punctuation, upper and lower case, while also reminding them not to share passwords across multiple websites.
Run a security audit: I'm gonna at least have some friends look at my code, and if the stakes were high, I might even go to a 'white hat' security firm to let them analyze code and/or try to hack their way in. A small development team might want to occasionally 'abuse' their APIs while in testing, or even hire on a smart QA person who will play the part of a malicious user.
Saturday, March 5, 2011
Submitting a hidden form with javascript on Firefox
Chrome is either more lax, or there isn't standard covering this.
In firefox, make sure the form has a name attribute, does not have a submit button named submit, and lastly, the form must have a parent element. This last bit was a bit of a guess on my part, but this was the solution I needed.
The other two tips are from elsewhere on the web.
Chrome
var f = document.createElement("form");
//... ( add stuff to form )
f.submit();
Firefox is a bit more picky, it must have a parent, and a name:
var f = document.createElement("form");
f.name="myForm";
f.style.visibility="collapse";
document.body.appendChild( f );
//... ( add stuff to form )
f.submit();
In firefox, make sure the form has a name attribute, does not have a submit button named submit, and lastly, the form must have a parent element. This last bit was a bit of a guess on my part, but this was the solution I needed.
The other two tips are from elsewhere on the web.
Chrome
var f = document.createElement("form");
//... ( add stuff to form )
f.submit();
Firefox is a bit more picky, it must have a parent, and a name:
var f = document.createElement("form");
f.name="myForm";
f.style.visibility="collapse";
document.body.appendChild( f );
//... ( add stuff to form )
f.submit();
Tuesday, March 1, 2011
How to make the GAE blobstore upload be a bit more pretty.
It was really odd to see the rather clunky blobstore 'API' amidst the rather clean APIs that make up the rest of the Java Google App Engine SDK.
While I can add an entity to the regular datastore with a few lines of code, getting a blob (1MB+) of data into the blob store is a pain.
1. ask GAE to serve up an upload URL string.
2. shove this URL into a form 'action' field.
3. attach a File Input element to the form - let the user interact with it.
4. submit the form
5. watch in horror as your 'web app' redirects after the upload completes.
So, no way to get callbacks or events to show a progress bar. My first thought was to emulate the form post with XmlHttpRequest, but send() only takes a string or a File object, not both.
One of the arguments to that "give me an upload URL" call is a callback URI. What it does is reflect your form back this URI (a servlet), but it replaces the file contents with a blob key.
However, that means a redirect, actually two, since once your servlet grabs the form data, one would probably want to go back to the main JSP or servlet page and get on with the rest of the app.
Then I remembered a dirty (?) little trick - IFrames.
The form can have a 'target' attribute set, which means that when done, it 'dumps' the results (in this case, the redirect) into the iframe, and not 'document'.
Make the iframe small and invisible, and no more 'full screen' redirects. One can then hook into the "onload" event of the iframe, and have this tell the 'parent' document that a particular file upload has completed with any javascript tricks one could want.
Even with this, there is no feedback to the user as to when things will get done, only exactly when they are done.
What this should have been is a way to get a XmlHttpRequest URL, which could then directly feed a file to the blobstore with a 'prebaked' URL containing just enough data to get the job done. it would then kick back a XML or JSON object with a blob key in it. I could then hook into the client side events, and track progress and show feedback to the user. Banging through one or two redirects is very 1998.
Amazon S3 does this better, including a groovy UI for managing content. Unfortunately, GAE does not have anything so slick.
At least fetching a blob from the blobstore is easy to do in java, and it appears to support the streaming case of fractional data fetches. Thats good because I have podcasts to serve up.
Sunday, February 13, 2011
USB Keyboard on Vegan/G-Tablet
Yup, it works. Plug-n-play. Writing this using a USB keyboard I had laying around.
I switched to Vegan as TnT Lite was constantly hanging (some sort of notification issue?)
Saturday, February 12, 2011
The Tablet Life - first few hours
I grabbed a Viewsonic G-Tablet today from Office Depot. Its a Tegra 2 Android Tablet with decent specs. I wanted to find out how viable it might be for day-to-day use, and to use as a development platform for my avionics software.
The first step was to put an unskinned Android on it. I randomly chose TnT Lite, as I couldn't quickly find a stable cyanogen 7 for it. This is pretty simple, a few reboots later, I had a 'fully functional' Android 2.2 environment. Market, Google Apps, and so on.
I can tell you right now that Docks or stands must be a hot seller for iPad owners and soon to be Xoom owners, as I wanted to prop this thing up practically every where I went. I think I'm gonna get some cardboard and an X-Acto knife to carve up a cheap stand.
The G-Tablet unfortunately has a low end notebook display on it. while it is 1200x600 resolution with decent enough colors/brightness, it falls down with anything other than a 'straight on' viewing angle. This shows itself mainly when watching video, as a shift in angle can increase contrast to the point where every compression artifact is magnified 100x, making the image look blocky. Reading black text on white background in Google Books or an RSS reader doesn't show this off as much. My HP TM2T also has this problem of really bad viewing angles, which was surprising, and its also a tablet, albeit a convertible.
The build quality seems decent enough, I don't see any gaps in the seams nor do I feel any flexing. It has a similar backing to what my EVO has, it doesn't have 'slippery bar of soap' feel like my old Palm Pre did. The tablet is about 1.5 pounds. Which is light compared to the TM2T at 4, but still 'too heavy'. I feel like a one hand grip may be too tenuous (or tiring) at times.
Touch response is top notch. Just like my EVO or any capacitive, I do end up with 'too light' of a touch at times, causing things not to register, but I have this same problem with every screen I've came across. Any time I do properly register a hit and receive feedback, the tablet is very prompt to respond. Note that this is all with a near 'stock' Android 2.2. running here. My very limited experience with the shipping viewsonic skin left me with feelings of revulsion. They do their customers a disservice by shipping such poorly performing and buggy software. The first time I booted resulted in every application (including Wi-fi or other settings) causing crashes. The performance in the viewsonic skin was right out of a memory starved Win95 machine from 1997. Switching to TnT cured every problem.
Once 'upgraded' to stock android 2.2 with all the google apps and what not, I could run though the old standbys to be treated to very smooth performance. Scrolling is smooth everywhere, (Gmail, Reader, Books, Web Browsers) Angry Birds works flawlessly, and video playback from the multiple sources I tried is stutter free. Google Maps 5.1 and its vector graphics are all here and running fine, though it the 3D buildings show up as solid, instead of 'ghostly'. Flash performance is decent, but not stellar. Video is ok, but many flash heavy sites are already at a disadvantage due to lack of mouse over.
I attempted to load marvel digital comics, (all flash), but the flash plugin died after it loaded the first page.
This comes to the next bit of quick impressions... The world isn't quite ready for tablets yet. Many sites just don't like them (prefer mouseovers and hovers), or have CPU crushing flash. In that regard, some of these sites even fall down on my PC. I'm not sure how iPadders cope. At least I can SEE the Flash controls and what not. The other side of this is the content providers themselves. I recently switched my AOPA magazine over to the 'digital' edition, which I attempted to read on the tablet. While this site is all HTML, its very quick and dirty. Its simply the pages of the paper magazine scanned and saved as images. I know this as the text refuses to scale well, and nothing is selectable. There are a few hyperlinks in the table of contents, but other than that its the same content as before.
The other big issue that I believe will keep coming up for me is the lack of content creation ability on these tablets. On my Win7 convertible, I have the pressure sensitive stylus and a full keyboard, which lets me create things quickly. Not only that, but I have compilers, IDEs and 3D editing packages and can install things like web or SQL servers. This is nearly impossible on 'pure' tablet form factors, even for something as open/flexible as android. Sure, there are a few finger painting apps, but a finger is not a good instrument for content creation. Typing long emails is also out of the question, although I do find the dictation decent enough and a bit of a time saver, as long as I speak one sentence at a time very clearly. I also can't see composing a webpage on these.
Where a tablet would seem to shine is a long plane trip, or a 'just got up in the morning and don't wanna get outta bet' sorta thing. Grab the tablet, its 'on' in 1 second, and start reading the mornings RSS feeds, or peeking at emails.
I'm spoiled, used to, and own other better displays, so for movie watching I'm more likely to fire up the desktop PC or the projector. Other than using this as a display in the plane, I'm not entirely convinced that any tablet (even the XOOM) really fits in in my life. I say this knowing that most people aren't me. In fact, most people would LOVE to 'ditch the PC' (or mac for that matter), and be able to get near instant access to content. Most people simply want to consume content such as video streams or read a book. It might be slightly more difficult for a heavy email user, but at least with the case of android, pairing a keyboard (or plugging one in if a USB host is available) is an option for those people.
I'll be trying out a few of these scenarios, perhaps even write my next Tablet Life blog post from the viewsonic.
Monday, January 31, 2011
Python blows, why do people use it?
At work, its no secret we use python and C++. The python is used to do stuff like guide the initialization of the game, and set up things, like graphics.
The python advocates claim the following:
- Its script! Just change it and you can see things right away, its great!
- Type safe coding is sooo 20th century.
- Compilers are lame.
- No large projects are written in C++ any more.
Heres what really happens:
I get the C++ code to compile, then I have to make another stop in python code to write the 'glue'.
If the C++ code crashes, I can attach a debugger, this might be because the python is all jacked up.
The python code may not 'compile', which is a runtime step... It might even not compile 'later', or it throws an error after 5 minutes of running the game/app. Then guess what, I'm screwed. There is no reloading of that script.
How would I debug python? There is no debugger for it. I'm back to putting in print statements.
It's like I've stepped back in time to 1983, and BASIC.
Then there is the whole "white space defines scope', which turns out to cause no end of trouble. It basically feeds back into the "Oh, you ain't done until the code is executed"
Also, being one of these languages where everything is an object and dynamically mutable, there is no IDE that can provide any help for me, like auto-complete. Working on a large python project is a nightmare.
I cringe every time I have to delve into the python code. Hopefully that will be less and less as time goes on.
Cyanogen on my EVO
After a bit of white knuckle 'clear all data' panic attacks, I got CM6 on my EVO. The process is actually quite easy, but there was a bit of 'read between the lines'.
Good riddance to HTC Sense.
Oh, and HTC, please stop developing Sense. It's terrible. I love your hardware, but if you keep shipping this crap, I'll have to look elsewhere.
So, I'm a web guy now?
Since my last post, I've been busy. I finished the video indexing website, and from that, I got another job building a 'kiosk' like application using tomcat/js/chrome, then my pet sitter had me update her website for payments. It's not quite paying all the bills (I do have a regular day job), but it's a nice chunk of extra money.
I've also helped out here and there with other sites, and dang, people really suck at HTML. I was poking around a website made for UGA, to see if I could help out my girlfriend, and was aghast at how poorly designed it was. It was made by a local web services company, to the tune of $5000. Thing is, it looked like it was a 'template' that they simply copied over. If thats what people are paying for, then maybe I should try to ramp up a bit more business and see what happens.
I also finally started android development, and the first thing I'm doing there is to do a port of sorts of my windows EFIS software, but update the UI to fit the android platform of course.
This is quite an interesting time to work on android. We've seen 2.3 pop out, and within a month, 3.0 announced and demoed. Its still unclear as to what the 'line in the sand' is between the two. Are phone devs supposed to target 2.3, or skip it for 3.0?
We'll find out tomorrow I suppose, there will be a Honeycomb launch at 1pm EST.
Subscribe to:
Posts (Atom)