2013/07/29

My thoughts on Android Studio

I implemented a small project using Android Studio to get an impression how it works out for me, compared to Eclipse. This post is not meant to start a flame towards IntelliJ, it's meant as a discussion starter. 

My Eclipse install is heavily customized, just like my OS. I use a VIM plugin, a ton of auto formatting and a lot of the settings that are by default turned off (some of them, like the auto complete popup delay are beyond any reasoning).

I invested a lot of time to configure Android Studio in the same way (using Google and the settings search bar) but I am still missing a few things. I also deliberately did not change the default keybinds - switching IDE but keeping keybinds seemed like a stupid idea to me.

After working about 40 hours with Android Studio I have to say that it's a nice IDE but I don't really like it. A list of reasons and things that I really miss compared to Eclipse follows below. Note that I'm not (knowingly) talking about things that are still buggy (but being worked on) like multi project support. I am just talking about fundamental Android Studio/IntelliJ flaws. Some of them could be remedied by supplying a better default config, some of them will require further development of Android Studio.
  • It does not support save actions like Eclipse does. You can do stuff on VC commit but that would require me to use a gui for git (which I refuse)
  • The method signature default popup timeout is 1 second (!)
  • Methods are auto completed with foo(); even if they have a signature. Pressing autocomplete (ctrl+space) inside the parentheses will not give any suggestions.
  • Completion is case sensitive on the first character by default.
  • New file is bound to alt+insert (instead of ctrl+n like everywhere else) and creates a file in a random folder (90% of the time it's the bin folder) it can also not be done while the focus is in the code area. That's not a good thing if you try to avoid the mouse as much as possible.
  • There is no way to make it insert semicolons at the end of a line (like in eclipse). This is the second best setting eclipse has to offer (after save actions). Pressing magic complete (ctrl + shift + space) is not an option for me (3 keystrokes instead of 1).
  • Most keybindings are considerably longer than their eclipse counterpart.
  • It sometimes refuses to show javadocs when using the keybind and gives no reason why it does so.
  • Logcat has no columns and does not support filtering by application via double click. Also, the window gets cleared immediately when disconnecting a device. This is absolutely NOT acceptable and does not provide any benefit to a developer.
  • package / app renaming is a HORRIBLE, HORRIBLE experience. After figuring out what the difference between folder and module renaming is, you still have to update a trillion things by hand (like gradle files). Also, when restarting Studio 
  • Package moving and renaming is absolutely counter intuitive. I have not found a way to rename foo.bar.baz to wtf.omg without using 2 gui windows (one for rename, one for move). Eclipse rename is not that intuitive either but at least it works.
  • Mouse over tooltips (in the IDE, not the editor) take way too long to show.
  • IntelliSense is supposed to be nice but it does not really help a lot when you have to manually start it with ctrl+shift+space all the time (Eclipse autocomplete with a-zAZ09.( as hot chars and 0 ms delay is way better).
  • It requires OracleJDK or will not start up without a warning. When started with OpenJDK, fonts are rendering like crap.
  • When used with awesome WM it requires a random combination of change screen, fullscreen and change screen layout so that the right mouse menus and so on are on the correct screen. So far I had NO application that had those problems (see screenshot below). It also does not label the sub windows (seems not to register them with the Window manager).
  • Deleting modules from a project is sometimes not possible. Removing via shell requires to restart intellij so it figures out what is going on (seriously, "remove module" is greyed out), and they sometimes remain as empty arrows. (see screenshot below)
  • It comes with it's own Android SDK folder and cannot be changed globally.
The menu is on the wrong screen
Empty entry in the Project structure

Overall I don't see the benefit of using Android Studio over Eclipse. Granted, it's a bit faster than Eclipse (but using Linux drives down my compile times to a level where I barely notice them), XML editing works a lot better and seeing the drawables on the side of the editor is a nice idea. Seeing the actual strings instead of R.string.foo is... okish, but it confuses me a lot more than it helps - I guess that's something to get used to. Gradle has a lot of potential and is an extreme improvement over ANT, but it misses things like git dependencies (bundler ftw). 

2013/07/08

Cryptography for Everybody: Introduction

The latest stories about governments spying on pretty much everybody sparked my interest on privacy and cryptography again. I will be writing a series of blog posts about tools and methods that make life a lot harder for NSA and friends, focusing on easy to use apps and easy to follow tips for everybody (and not just computer science experts). I will not go into much technical detail if it can be avoided (you will not see math at all!).

Problems with cryptography

I'll start off with a list of problems that I see why cryptography is not used. This list is later used to evaluate the tools and methods that I will suggest.

It's complicated

If you don't do cryptography correct, it almost immediately becomes pointless or vulnerable to some form of attacks. The math that's involved behind every cryptographic procedure is seriously hard and must be followed exactly. This is also a problem for people developing tools in this area (see the history of cryptocat).

It's cumbersome

Nobody wants to enter passwords all the time, nor does everybody have the ability to remember over 9000 passwords. Cryptography must never be in the way of the object the user is trying to accomplish or it will be disabled immediately.

It's irritating

People that don't know about cryptography often don't know what to do with cryptographic software or encrypted information and the internet is not really helping them either. Also, many people think that cryptography is only for people that do something illegal and if you don't do anything wrong you don't have anything to hide. In fact everybody has something to hide and should do that as much as possible.

It's frustrating

When you get an encrypted message that you can't - for any reason- decrypt, you feel like you lost something. It sucks to lose messages of friends, family or even business partners, but on the other hand it would be absolutely idiotic if you could decrypt the message with easy methods - others would be able to do the same.

It's not used

Most of my emails are written to other people that are in the software business as well - and less than 1% of them ever bothered to install any cryptographic tool for their email. Cryptography is not in widespread use and this is used as an excuse for not using it. The thing with problems is this: they normally don't go away by themselves. This circular reasoning is used in many discussions and never helps to solve the problem.

Benefits of cryptography

Since there is quite some bad stuff, what's the good stuff?

It keeps things private

Privacy is a fundamental human right that is violated all the time, without the victim noticing it. The EU has implemented a data retention directive that was just recently installed in Austria. Most people think that it's not a big deal when their communication metadata is stored. What they do not realize is that this makes them trackable close to 90% of the time. Imagine there's a guy standing at virtually every corner in a whole state, no matter where you go, that writes down who comes past, where he came from, where he's going to and who he is talking to. Sounds scary, right? That's exactly what data retention does - it keeps track when and where your cellphone is connected and who you are talking to.

I know who I am talking to

Cryptography can also be used to make sure that somebody on the internet is indeed the person he claims to be. Faking the sender address of an email is a very easy task and less experienced users will have problems noticing the difference and signs. However, when your email program tells you in big red letters "signature verification failed", even them will have a closer look at what is going on and hopefully ask somebody (or call the "original" sender by phone) before sending out personal data.

It brings peace of mind

If you set up your cryptographic tools once and do it correct, you will have a lot more security on your side immediately. It will be a lot harder for anybody to attack you, which in term will make it less likely to happen. If you use the right tools you will not face a lot of overhead and will, after a while, not even notice the fact that your life got a lot more secure.

What does this teach us?

I am 100% sure that I did not list all negative aspects of cryptography, nor all the positive ones. The interesting thing is this: The good stuff is about your life and security, the bad stuff is about the work and the effort needed. This means that your life will get better, which is great,  but some of the tools are bad - they must be substituted with something usable. I will therefore focus on easy to use tools that are secure in the next posts.