What a week it’s been!
There were at least 2 major issues facing FlashUp development this past week.
- The App’s 3rd party cloud database service provider made an unannounced change that broke all versions of FlashUp in the field
- How FlashUp responded to Tester’s inputs while setting up and calibrating aircraft needed to be a lot smoother
Let’s start with the good news
I undertook a hefty overhaul of FlashUp’s design and code to better support Testers in the field actively trying to experiment with the app and help it succeed. I’ve been getting so much positive feedback, Q&A and collaborative time with Testers, I just couldn’t let this go. Out of appreciation for the amount of personal time that the Testers are taking to help with the app’s development, I wanted to help them the best way I can right now.
There have been no major changes in the user interface, save for two exceptions:
- Adding a satellite layer to the map that helps you set your aircraft’s location
- Making the Aircraft Select screen appear first at startup, instead of the list of recorded flights.
However, the behaviour now when changing your aircraft’s location, and arming/disarming Location Monitoring, all happen reactively and cleanly. Now you can arm or disarm each aircraft manually to allow you to ‘activate’ when you’re about to go flying instead of running the app in the background if you so choose.
To summarize, a lot of effort went into making sure the core functionality of the app was solid, and the Testers will use less effort to get much better results.
And the bad news
Developers with early beta programs that are in active development commonly use the most basic form of authentication they can at the start of development to allow them to prioritize tasks ahead of this need. After all, with an app that so few are even aware of, and data that is not dangerous or considered private, the security risks, as well as consequences – are low enough to postpone implementation of these security features until closer to a production-level launch of the final app – version 1.0.
FlashUp uses a 3rd party cloud database service who last week – due to security concerns – revoked this basic authentication scheme without telling any of their developers. Not even bothering with why the decision was made in the first place, I swiftly wrote their support team to ask why there was no advance notice? Here is a snippet of their response:
You’re right. When I approached the team on this to check why this was, there were various reasons, but the largest is actually a security concern.Realm.io Support
For example, suppose you were in production and you did not remove the `nickname` provider. Any person could connect to your server, and grant themselves admin rights. We removed this feature so the vulnerability did not rely on developers remembering to remove it.
So we chose to remove the issue and deploy it publicly before drawing attention to it.
To anybody still reading this: the implication here is that because it’s possible that some developers have never moved beyond this basic setup (which is very hard to justify) and put their user’s data at risk, the best decision they could come up with was to break any developer’s app who used it – including FlashUp.
The result of this was that Testers had their aircraft and flights disappear. And then, if they recreated them and then installed the emergency update I released shortly after, then what they had redone got eaten up too, and presented them with a possible 3rd instance of having no data.
Now nothing says “stop testing this piece of junk app” like going through that experience. I greatly appreciate everybody’s patience and help working through some of these challenges!
Finally, if they did update to 0.1.2 (4). the app’s behaviour was still in unknown territory – and a side effect of this whole debacle for me was that I lost visibility of operations of the apps in the field – so I wouldn’t know if anything were even wrong.
Although the heart of FlashUp is an app that you don’t even need to look at to work, I think it is time to begin adding more useful graphical elements to the interface. Leading up to that, I will be petitioning Testers for input on what they think would be useful.
But first, we’ll need to take care of the essentials. The next batch of updates will introduce a new user-centric data design and authentication scheme. It will involve the user’s email address and a password the first time they launch the app. That part probably doesn’t seem that hard – but what is a royal PITA is that Testers may likely have to go “back to square one” (to quote a FlashUp Beta Tester group member) and recreate their aircraft and calibration profiles. Thankfully, this has been made easier due to the “Good News” section above.
So long as we’re in Beta, I can’t faithfully guarantee that data will not be lost. But please know that all efforts are being made to avoid it where possible.
If you made it this far – thanks for reading and enjoy the coming weekend ✈️