NerdCast #85: Targeted Cyber Crime – Discussing BlackPOS

NerdCast Album ArtOn this episode of the NerdCast we interview security experts Chris Wade and Jason Herbst from the Nerdery QA team. We look at the malware that was used to target high profile retail companies in a massive case of stolen data. The software called BlackPOS is a brilliant piece of software and in another context is genius in its design. Hear more about how the malware works, what it can reportedly do based on security research firms, and what Jason and Chris think of our current state of security.

Host: Ryan Carlson (Tech Evangelist)

Guests: Chris Wade and Jason Herbst (QA Department)

Listen Now: Running Time: 0:23:13 / Subscribe on iTunes


When does purchasing a premium WordPress theme work?

Premium WordPress LogoWordPress has built a great community around their open source platform, and they’ve made it really easy to customize a site with just a few clicks. Users can install plugins and themes all without having to leave the WordPress administrative panel.

Because of this, developers have created premium themes which can be purchased for a nominal fee. These premium themes are often seen as a cheap and quick way to forego the theme design and build process and spin up sites quickly, but it’s not always the best way to go.

Purchasing a WordPress theme is great in some scenarios. For some, budget and/or timeline is a big concern. In this scenario, picking a pre-existing theme works great. You can save time and money by foregoing the graphic design and theme-building process. The only thing you really need to do is figure out what you want out of a theme and then find it.

We’ve done a number of projects at The Nerdery where the client wanted to use a purchased theme. These projects have worked very well as long as the client expectations are set. The theme chosen should meet your needs. Don’t assume you can get close and then easily add in the rest.

We work with the clients to figure out must-have features and nice-to-have features. If we can get all the must-haves but some of the nice-to-haves don’t exist, we’re in a good spot.

If you’re not flexible about what you’re getting, purchasing a theme is not for you.

Purchasing themes work great when you are willing and able to work with the features and functionality that come with the theme. Where the problem comes in is when you want to customize that theme.

It’s good to understand that purchasing a theme is like buying a house. If you purchase a house with two bathrooms, but you really want three, that third is going to be more work – a lot more work. If you want to change the colors of the walls, that’s not a big deal. Bad carpet is usually easy to replace. Want that window moved? Well that’s not going to be cheap.

With most purchased themes, changing fonts, colors, and widgets is relatively easy. Some even have advanced functionality that let you create some complex layouts relatively easy. However, if the theme doesn’t allow you to customize something you want, you’re looking at additional development time and costs. Some themes can make additional customization extremely difficult. Read more

Filed under Technology

The Moment I Realized Testing and QA Are Entirely Different Things

I’ve been a web developer for many years and I didn’t really know what “QA” was before I came to the Nerdery. I did a little browser testing sometimes during the later stages of development or after my project was live. More often than not I either didn’t have the time or wasn’t being paid enough to do specific “Quality Assurance” on the sites I built. In all honesty, the result was obvious.

When I sent my first project to QA at the Nerdery I was nervous and excited. I felt very thorough clicking through the site trying to see what they would find; I’d checked the site on a bunch of browsers; I read the Test Plan – we call them “TPS” reports – and felt like my bases were covered. By that time I’d heard tales of the tenacity of our Quality Assurance department but I was confident I’d done my diligence. Then the first “Ticket” came in…

113 Tickets Later and my notion of professional web development was changed forever. It was humbling and exhilarating to read the “Tickets” that were submitted. They were insightful, comprehensive, user-focused insights into the project I was sure I’d nailed. They saw things I didn’t and brought them to my attention with detailed precision. They evaluated every part of the website whether I thought it was relevant or not and reported exactly what someone – not me – would experience. They took the time to test and retest until everything – EVERYTHING – was correct.

Through this process it was evident that our QA Engineers had a deep understanding and enduring passion for “assuring” extraordinary user experiences on the web. Their patience, attention, and creativity were a perfect reflection of the planning and design effort put forth at the beginning of the project. The result was obvious.

In our industry we elevate the designers, user experience teams, and the developers as the artists and engineers in the interactive space, and we should because we are those things. But after design and development wind down a whole new group is there to make sure everything is done, done well, and done right. 113 tickets later and I was a raving fan of our Nerdery QA team. They are the ones that are the truly indispensable artists and engineers in the interactive space.

Filed under Tech Tips, Technology

Bitcoin Wallet Development Using Javascript and HTLM5 with Kyle Drake

Kyle Drake came to The Nerdery to share with our developers (and former co-workers) his next big venture into the world of Bitcoin development. Kyle tells the story about how the idea came about for Coin Punk (, a new way of managing a Bitcoin wallet with browser-based Javascript and HTLM5 for handling crypto. He proposes this as a safer and more secure way of managing public and private Bitcoin keys after centralized Bitcoin wallet services suffered from millions of dollars in theft due to security breaches on the centralized servers.

So, who is ready to invest in Bitcoin?

Filed under Tech News, Tech Talk

iOS App Submissions After February 1st Will Require iOS 7 Compatibility

Building a new App for iOS or planning on submitting an update to your existing iOS App? The clock is ticking if you are not already fully iOS 7 compatible. According to Apple, starting February 1, new apps and app updates submitted to the App Store must be built with the latest version of Xcode 5 and must be optimized for iOS 7.

This could cause some waves for organizations with an App that requires included support legacy iOS devices. Rebuilding everything in Xcode 5 has it’s advantages with access to new APIs and code libraries. This shift in development environments may not be an option right now if your App has a substantial number of legacy iPhone 3 and iPhone 3S devices in circulation.

How do I know what version of the SDK was used to build my App?

ProTip: If your App has the option to enter text with the onscreen keyboard you can identify whether or not it is using the latest SDK based on the keyboard user interface.

Below is an image of the new keyboard-style:

image of the new keyboard compiled with the new SDK

Below is the keyboard compiled under the older versions of the iOS SDK:

image of the old iOS keyboard style

Why is upgrading to the latest SDK so important?

After February 1st Apps using the older versions of the iOS SDK will be unable to:

  • Make fixes to typos
  • Make bug fixes
  • React to 3rd party platforms like Facebook that makes a change to their API
  • Update an App that falls out of compliance for payment acceptance, accessibility, and other legal issues
Filed under Tech News, Tech Tips

Webinar: Leveraging Emerging Technology in 2014

Looking Forward to the Technology of Tomorrow

As 2013 draws to a close, we are eagerly anticipating how our partners will use emerging technologies in new and innovative ways. Looking ahead at some of the exciting new possibilities, Nerdery Developers Ryan Deluca, Scott Bromander and Jon Rexeisen share what cutting-edge technologies they’ve been working on and what’s piqued their interest.

Topics include:

  • Location-tracking technology
  • Activity-tracking technology
  • New virtual and digital experiences
  • Integrating technologies into mobile and wearable experiences
  • Privacy concerns surrounding emerging technologies

A Design and Developmental Journey

Development in general can be difficult, fun, troublesome, rewarding, and many other things – all at once.  If you add in an additional level to consider, such as an external piece of hardware to utilize or interface with, the highs and lows experienced are magnified.  Sometimes, we find ourselves feeling limited during design and development.  Other times, we feel free.  I’ve recently had the pleasure of working on what is, at least in my mind, a developer’s dream: an R&D project with new technology, and seemingly no limits.

The Goal

My overall goal can be fairly simply stated:  “Utilize technology X, bring it into a web browser, and do so in a way that’s intuitive and relevant.”  Simple enough, right?  Of course, I was given a bit more detail on general tasks to individually attempt to accomplish, but the overarching goal has simultaneously been difficult, engaging and rewarding – but so rewarding that it’s been some of the most enjoyable programming I’ve ever done!

Enough fluff, lets get down to it.  Technology X, as alluded to in the previous paragraph, was to be some sort of 3D body-tracking hardware.  Which hardware you may ask?  That’s a great question!  It’s one we asked ourselves more than a few times.

Leap Motion

When first researching the available technology/devices, the Leap Motion was on the verge of public release.  The Leap Motion is a device specializing in extremely fast and accurate tracking of hands and tools (such as a pen, for instance) within a short range.  Since we already had a few test devices laying around The Nerdery, this seemed like a decent place to begin our testing.  The Leap Motion has a readily usable JavaScript API, and integration is pretty straightforward.  Thus, from a development perspective, it’s pretty easy to get up and running.

Early prototyping with the Leap Motion device was a ridiculous amount of fun.  As the person having all the fun controlling objects on the screen with my hands, my awestricken reaction was shared vicariously with by similarly awestricken passersby.  Though hand/body tracking technology has been available at a consumer level for a few years, it’s something most people don’t come in contact with all that often – especially not on the PC, let alone in a web browser.

Read more

Filed under Technology

The Underdog Features of iOS 7 Overlooked By The Media

icon-sdkSince the release of iOS 7 the media has been quick to cover all of the consumer facing features like flat design and new navigation. As a mobile developer I’ve been thinking about these features since I attended WWDC and now post-release. iOS 7 SDK changes are more than just skin deep. The many, less-discussed API improvements and additions will help your app stand out.

There has been a lot of talk about the new look of iOS 7, which Apple describes as a focus on “Clarity, Depth, and Deference [to user content],” but there are many other features added or improved in the SDK Apple gives developers to create apps for the App Store. I’d like to elaborate on a few of the changes here, now that the details are no longer covered by an NDA, as some of them haven’t gotten much attention but are just as exciting as the new UI polish.

iBeacons: iBeacons are inexpensive, small Bluetooth LE devices (slightly larger than a coin cell battery), which can be hidden throughout a location and detected by an app, with approximate distance values — kinda like GPS for indoor locations. There are many potential applications — Apple was fond of describing stores as a use case at WWDC in June (e.g. welcome the customer to the store at the front door, pull up their loyalty card at the cashier, etc.), as well as art galleries and zoos (walk up to a painting/animal and a description/photos/etc. pop up automatically). I think we’ll see some really cool applications here, for instance the rumored implementation at ballparks by MLB:

Text Kit: While apps on iOS were always able to create complex text layouts, many of the built-in views made it complicated to do, requiring more time, code, and complexity that it should have. With Text Kit, an iOS 7 addition, Apple has finally given us classes for managing fine typography. Apple describes the new framework well: “Text Kit can lay out styled text into paragraphs, columns, and pages; it easily flows text around arbitrary regions such as graphics; and it manages multiple fonts. Text Kit is integrated with all UIKit text-based controls to enable apps to create, edit, display, and store text more easily—and with less code than was previously possible in iOS.” Apple focused on typography for iOS 7, and they’ve given us the support to do the same in our apps.

M7 motion coprocessor: The M7 motion coprocessor that is new in the iPhone 5S enables the collection of more accurate motion data for apps, as well as support for step counting in a battery-efficient way (even when your app is not running), and the ability to distinguish between different types of motion, for instance walking, running, or driving. This new chip should enable apps that give fitness wearables (like the Fitbit and FuelBand) a run for their money, but it can also be used in apps not related to health tracking, such as a navigation app that can change its directions based on the mode of transportation (the user has gotten out of their car — time to switch to walking directions).

New Background Modes for Fetching Data: Apps that regularly update their content from a server can register with the system to be launched periodically in order to keep content up-to-date. iOS attempts to intelligently schedule this to minimize battery drain by watching the user’s behaviors and giving the app background time before it would normally be launched by the user (think updating a weather app every morning before the user gets up). Another background data fetching API added is “silent push notifications”. These enable a server to send a push notification to a user’s device when there is new content. The push notification would not actually appear to the user, instead acting as a trigger to give the app some background time to fetch new data from the server. These new APIs will allow content-based apps to always appear fresh.

Improved View Transition Animation Support: Apple has added APIs to allow for better animated transitions between views — in a more supported/easier manner than previously available. At WWDC for example, Apple demoed some fun fold transitions in a mapping app. I’m excited to see what people come up with (though overuse of this could also be annoying).

Peer-to-Peer Connectivity: Apple added a new framework that supports “the discovery of nearby devices and the direct communication with those devices without requiring Internet connectivity… With this framework, your app can communicate with nearby devices and seamlessly exchange data.” Additionally, Apple provides a view for discovering nearby devices. The opens up the possibility for devices to communicate faster than they could have over bluetooth, without the requirement of joining the same WiFi network (also helpful when there isn’t a WiFi network around to join, but you want to share data).

Improved Camera APIs: Apple’s camera APIs had the ability to detect faces in previous versions of iOS, but with iOS 7 Apple has added the ability to detect if the faces in the picture are smiling or if the subjects have their eyes closed. Apple has also added many other minor camera improvements, such as improved video recording, image stabilization, and smooth autofocus.

Dynamic behaviors for views (UIKit Dynamics): You know that parallax effect on the home screen when you rock your device from side to side on iOS 7? Apple has given developers APIs so that we can easily implement the same effects, and others, including gravity, collision, push, snap, and attachment (e.g. spring) behaviors. This provides a way to mimic the real world with the views in your app. Want to have views fall in and bounce? Easy.

Sprite Kit: Sprite Kit is a new framework that provides a hardware-accelerated animation system optimized for creating 2D and 2.5D games, including a graphics rendering and animation system, sound playback support, and a physics simulation engine. While there are some good third party libraries for this, it’s great to have something provided by Apple, reducing setup time and complexity.

Inter-App Audio: Apple has added the ability for apps to send MIDI commands and stream audio between apps on the same device. This will enable a new category of apps that previously couldn’t exist — for instance a mixing app processing the output of a musical instrument app.

Game controllers: There are a few existing game controllers out there for iOS, but each has its own library that game developers have to integrate, and they never really took off. With iOS 7, Apple has added a framework and has partnered with hardware companies to create Made-for-iPhone/iPod/iPad (MFi) game controller hardware. With a standard, Apple-provided API, I expect to see many games in the app store support game controllers. It seems like every gaming Nerd I talk to is excited about this. The game controllers aren’t out yet — expect to hear more about this at the rumored October iPad event.

Barcode/QR code scanning: Barcode scanning is now included by Apple in the SDK. There were a few good non-Apple libraries to enable support for this, but it’s nice to have it built in.

Text to Speech: Text to speech is now built-in. Want your app to talk to your users? You no longer need to use a third-party library, saving on cost and complexity.

These new features and improvements will enable the creation of apps that are better than ever, and in some cases allow for new apps that were technically infeasible before iOS 7. My fellow Nerds and I can’t wait to work with these new features (in fact we’ve already started playing with iBeacons), and are excited integrate these new APIs into your app.

Filed under Technology

Apps That Know Where You Are: Our Experimentation With Apple’s iBeacon Technology

Introduction to the Lab Program:

Earlier this year, The Nerdery unveiled its Nerdery Labs program. It’s an opportunity for employees to submit ideas for projects demonstrating cutting-edge technologies. Those Nerd’s ideas which show the most potential are given a week of time to pursue it and produce something to show to other Nerds and the world at large.

I have a strong personal interest in extending user experiences beyond the bounds of traditional mobile apps by interfacing with external technologies. I saw the Nerdery Labs program as the perfect opportunity to pursue that interest…so I submitted a proposal to show the possibilities of Apple’s new iBeacon technology. I was tremendously excited when I heard my idea had been selected and as soon as I wrapped up the client project I was engaged with, I got to work!

Introduction to iBeacon

Buried in the ballyhoo surrounding the radical visual changes to iOS 7 was an all-new technology introduced by Apple: iBeacon. What it lacks in razzle-dazzle, it more than makes up for in enabling entirely new interactions and types of applications!

It is important to understand that iBeacon is not a device or a new piece of hardware like the TouchID thumbprint scanner. Instead, it is a public protocol or “profile” built on top of the Bluetooth LE (Low Energy) technology which has been present for several years in iOS devices: iPhone 4S and later, iPad 3rd Gen and later, and the 5th Gen iPod Touch. Bluetooth LE was released in 2010 as a lower-power, lower-speed alternative to traditional Bluetooth; devices broadcasting infrequently using Bluetooth LE can run for up to two years on a single coin-cell battery. Any device that announces itself using the iBeacon profile is an iBeacon, whether it is a small, dedicated radio device or an iDevice configured to broadcast as an iBeacon. Apple will not be producing any dedicated iBeacon hardware – that will be left to third parties. Android support for Bluetooth LE was added in 4.3 (Jelly Bean) so there will likely be Android iBeacons in the near future, too.

How iBeacon works

Figure 1-1. How iBeacon works

At its core, iBeacon is simply a “HERE I AM!” message broadcast roughly once per second to other devices within range of the Bluetooth radio (Figure 1-1). It has a few identifying characteristics so that apps can distinguish the iBeacons they’re interested in from a crowd. iBeacon broadcasts have no data payload; they simply identify themselves via a UUID (unique identifier) and 2 numbers, dubbed “major” and “minor”. You can think of the UUID as the application identifier: each app will use a different one (or more). An app can only listen for specific UUIDs provided by the developer, there is no way to see a list of all iBeacons visible to the device. The major and minor numbers have no intrinsic meaning, they are available for the app to use as the developer sees fit. A common scheme is to designate the major number as the general region and the minor as a specific location within that region. As an example, in an app for Macy’s, the UUID for all iBeacons in all Macy’s stores would be identical. The major number would refer to a particular Macy’s store (22 = San Francisco, 1 = NYC, etc.). The minor number would represent the different departments within the Macy’s store (14 = Women’s Apparel, 7 = Bedding, 29 = Men’s Shoes, etc). The numbers represent whatever what you decide as you plan out the app. The point is, major and minor could be used to identify more than just physical locations; people, pets, containers, kiosks, luggage, and many other objects that you want to keep track of as they are on-the-go could benefit from the technology.

Read more

Why Developers and Consumers Should Care About The Android 4.4 (KitKat) Announcement

android-kitkat-google-surprise-chocolate-key-lime-pie-370x229Google quietly revealed the latest version of Android (4.4) today almost two months after announcing that this version would be nicknamed KitKat. Unlike the latest version of Jelly Bean (4.3), which didn’t introduce many new features features for consumers and developers, KitKat brings along a huge variety of improvements to the operating system.

The good news for developers and businesses with Android apps is that the vast majority of apps on the Play Store will not break in 4.4, and there are no major design changes that will make your current applications look out of place on a device running KitKat.

Let’s dive in and examine some of the new features!

For Android Users:

Fighting Fragmentation

The biggest change that Google is touting for KitKat is its ability to run on a wide array of devices. Thanks to a focus on slimming down the operating system and introducing new memory management techniques, Android can run on devices with as little as 512MB of RAM. This means that you will start seeing Android on more devices. Manufacturers have been making a big push with smart watches lately, and Google has been working on Google Glass for a while now, so we already have an idea of what low-memory devices running Android might look like.

Updated System UI

A more obvious change that users will start seeing as KitKat begins to roll out is that the system UI is getting out of the way. The status bar at the top of every Android device is now translucent, putting a bigger focus on your content and applications. KitKat also introduces a new “Immersive mode” for application that allow application to hide both the status bar and the navigation buttons. Videos, photos, games, and books can all take up 100% of your device’s screen.

Magic-Enhanced Search

Though consumers are using their smartphones as actual phones less and less these days, Google has given the boring dialer a push into the future with some Google search magic. Contacts are now sorted in the dialer by who you talk to the most and who is nearby, and local businesses will also be included in your search. When you receive a call from an unknown number, Google will use Google Maps listings to try to pair the caller with a name.

Integrated Messaging

Finally, Google has taken a page from Apple’s popular iMessage service by integrating SMS and MMS in the hangouts application. All your chats, SMS, MMS, and hangouts will be in one place on your phone.

Check out the complete introduction Android 4.4 for consumers here.

For businesses and developers:

The first new feature that businesses can leverage is the new printing framework. The printing framework allows applications to send content to printers that users have connected to their devices via WiFi or cloud printing services. If you are taking your application to a trade show, maybe you want to set up your application to print customized brochures, name tags, or other such items. Apps that allow users to create their own content (such as painting applications or photo-editing applications) can leverage these APIs to allow their users to print their content at home.

Animation Support

One area that Android has been consistently lagging behind iOS is in supporting animations. Though the animation APIs improved a lot in Android 3.0, Android has taken another huge step forward in 4.4. Developers can now define animation “scenes” that will make grouping animations for UI changes simple. Android 4.4 also provides default animations for scene changes, so developers may not even need to worry about creating their own animations.

Cross-Platform Solutions

Cross-platform solutions for mobile applications are very popular due to their ability to lower development time in some cases by keeping a single codebase for multiple mobile platforms. These applications typically run in a WebView in Android, which is essentially a miniature web browser in your application. These can be difficult to debug, and do not always conform to the same web standards that your desktop browsers follow. This is changing in KitKat with WebViews based on Chromium. These new WebViews provide support for HTML5, CSS3, and most modern JavaScript APIs, along with an updated JavaScript engine for better performance. Even better, WebViews are now debuggable remotely with Chrome DevTools.


Debugging all applications for businesses has become easier thanks to screen recording. You can now take a video of your screen and send it to the developer to help demonstrate how to reproduce bugs. Businesses can also leverage this tool to help create promotional videos for the Play Store, giving users valuable insight into how the app looks while running.

As a part of KitKat’s focus on support for low-memory devices, developers also now have access to powerful memory diagnostic tools to see how much memory their app is consuming over time. This should lead to better app performance and fewer crashes.

This is just the tip of the iceberg for new developer features in 4.4. You can find the complete list of new features for developers here.

Potentially breaking changes:

There are a few changes that could cause some applications to behave unexpectedly in Android 4.4.

  • If your application reads from the public external storage directories, your application will need to request a new permission from 4.4 devices.
  • Applications that use WebViews will want to ensure that everything looks and behaves as expected with the new Chromium-based WebViews.
  • AlarmManager alarms may not fire quite when you expect them to, as alarms are now batched together with all apps that have alarms set to fire within a reasonably similar time frame.
  • Similarly, ContentResolvers that sync periodically will sync within 4% of the period you specify, so you shouldn’t rely on the sync occurring at a specific time.
Filed under Tech News, Technology