Forem: apchapcomputing

Who is going to make Vision Pro apps with Unity?

apchapcomputing — Fri, 19 Apr 2024 13:45:21 +0000

I fear for the VisionOS developer ecosystem.

The Apple Vision Pro relies on new immersive apps for its success.

But Apple partners with Unity, so developers access VisionOS tools directly within Unity.

This is a big deal to me because:

Developers hate Unity. Unity raised prices to force developers pay per game install (even retroactively). Due to intense backlash, Unity walked back this change. Still, many game devs swear to abandon the game engine for all new development.

You'd think Apple would partner with the other big game engine, Unreal, to keep developers happy.

Epic makes Unreal (and Fortnite). Epic and Apple are NOT friends.

Epic and Apple have been feuding in lawsuits since 2020. Epic doesn't want to pay Apple's 30% platform fee for every transaction on Fortnite mobile. Epic thinks Apple is a monopoly while outright ignoring Apple's terms of service.

Epic's animosity towards Apple puts Apple in a tough spot.

Apple is not going to give up the 30% platform fee to Epic. It'd completely break their revenue share from all iOS apps.

Instead Apple teams up with Unity, who the entire gaming community despises.

I don't see game developers willingly working with Unity after the stunt the company pulled.

I have serious questions about the development ecosystem for VisionOS and VR.

Apple Vision Pro was cool, but it's nothing without more apps. It's a platform. It needs developers to bring it to life.

Apple does incentivize new development if it's asking developers to work with Unity.

The best SWEs need SCA

apchapcomputing — Tue, 16 Apr 2024 02:35:35 +0000

The best developers work smarter, not harder. They are lazy.

They don't build a tool from scratch when it already exists. They don't duplicate coding efforts.

Instead, the best software engineers use third-party packages, libraries, frameworks, and tools.

Yet, they don't blindly trust these third-party tools. Someone else wrote it. Something could be wrong with it. Open-source doesn't mean secure--consider the log4j vulnerability. The best engineers double-check the open-source tool is secure and maintained before they develop and deploy their app.

How do they know if the open-source package they want to use is secure? They use a SCA (software composition analysis) tool to check. SCA is an automated way to ensure any code you use that someone else wrote is okay.

Let's cook

Imagine you are a chef at a restaurant.

You need to know what ingredients to order, where they come from, and if they are safe to eat. Also, you can't rip off all the recipes from the last restaurant you worked at.

Security

Contaminated ingredients make people sick. Although I don't know anyone who actually got salmonella from eating bad eggs.

Software can also have contamination--weaknesses, vulnerabilities. A misconfigured network. A direct insert into the database from a user form.

Licenses

Upon writing I discovered you can't copyright a recipe. But if you opened a restaurant and took all the recipes from the last place you worked, your boss could sue you. You infringed on trade secrets. You don't have permission to cook their food.

You must also make sure you have the proper license to use the open-source tool. Sometimes open-source tools are free for individuals but an expense for enterprises. Open-source maintainers deserve to eat too.

Outdated

Ingredients rot. Bananas go brown. Avocados get squishy.

Software can also become obsolete. The people who developed the tool no longer work on it or maintain it. They have other priorities.

Unmaintained dependencies makes it harder for you to maintain your own app. You never know what introduces a breaking change. What seems like a small upgrades breaks the whole app.

Shift Left

So you've heard of DevOps. Developers are taking more responsibility for how their code operates in production.

Developers secure their applications as they write code by using only secure tools. Why wait until production to find out your application has a vulnerability?

Automated security tooling, such as SCA, enables developers to address security concerns sooner. Some tools include Black Duck by Synopsis and Syft.

SCA tools identify known vulnerabilities in the tools you use. It even suggests which version to upgrade your insecure package to.

CVE

CVEs are common vulnerabilities and exposures. It's a huge list of known vulnerabilities that the SCA tool checks your dependencies against.

That's all, folks

Completing a SCA scan is common in massive enterprises to ensure:

The company stays compliant with their licenses
The tools used are actively maintained
Developers don't introduce known vulnerabilities into a production app

Bad actors check for these to exploit

If you are using code someone else wrote, you should scan it.

What is a search problem?

apchapcomputing — Wed, 10 Apr 2024 13:14:29 +0000

Bad news! Within the last 2 days, someone stole your bike.

You want to find out when.

If you can find the timestamp, you can identify the thief (and maybe the police can arrest them). However, there are 2 days worth of CCTV film to watch to pinpoint the time of the theft. ¹ ²

That's your search problem -- you need to find 1 thing in an ocean of data.

Instead of watching every minute of CCTV recording, you use a search algorithm to find the time the thief struck.

You pull up the halfway point in the recording. Is the bike still there? Was it stolen yet?

No, your bike is gone.

Now you know that your bike was stolen within the first day of CCTV footage. There is no point in looking for the thief in the second half of the recording. The theft already happened. The thief isn't coming back.

In one simple check, you halved the amount of information we had to search through. You started with 2 days (48 hours) of film, and now know you only need to look through the first 24 hours.

Let's repeat that search technique.

You know the bike was stolen in the first 24 hours of the recording. You jump to the 12 hour mark in the recording. The bike is where you left it. The theft hadn't occurred yet.

The thief stole your bike between the 12th and 24th hour in the CCTV footage.

In 2 steps, you quartered the amount of time you had to search. You repeatedly check the halfway point in the possible period of the theft. Quickly, you discover when the thief stole your bike.

In this example, you see the binary search algorithm in action to crack the search problem.

Here's what you need to know to address a search problem:

set of states
the start state
the goal state
how to get to the next state (a function)

When searching for your bike, you know the bike could either be:
1) where you left it
2) actively being stolen
3) missing
You are starting with your bike missing and what to find the start, the time, when the thief stole your bike. You use the binary search algorithm to move through the film recording to find a change in the bike's state.

Search problems are unique because you often have heaps of information, but don't know how to sift through it.

You know all the possible states you could end up in. You know which of those possible states you want. The problem is you don't know how to get there.

What steps should you take? How do you pick what step is best when you have many options?

In many problems, you might not know what end state you desire? You don't know what you are pursuing. The challenge here instead is knowing what path to take.

Simply: a search problem is how to find Y in X ³.