Android and Oracle? - General Topics

Just wondered what is the long term future for the Java-ish language on android given the current case. I wrote a bit of part satire, part idea at the following address.
http://my.opera.com/jackokring/blog/java-oracle-android-and-google
Does anyone else recognize the immense opportunity opening for a new language across the mobile market for a new syntax, and rationalized smaller library?

More on supa
Apart from the following alterations to the base language and the ones proposed earlier, I'd like some feedback on what should go into the libraries...
I'd also remove short, char and byte as types, and have a PackedArray class for such needs. To muddy the base type system with anything less than an int maybe is an obscure homage to history. I'd then be left with just int and long and object pointer and void.
Any other types would be library based. For example String.
The scoping rules being strict relates to SMP. For recursive functions, the extra need to pass some extra parameters, to get extra locals is not a bad idea, as it forces an understanding that automatic synchronization, would already enforce. And would lead to simpler recursive functions using the instance variables as type 'static in the c function sense' for data pass back to the single writer previous recursion instance.
Now if your thinking how would the usual ijk for loop variables be defined within multiple methods, and not generate a 'multiple writer method error' this is just syntax, and forcing actually descriptive variable names is surely a good thing. The fact that the data segment would grow in size, as the method instance variable set grew would be more of an issue. But then again, I never suggested removing the word 'transient'. After all if a stack frame local is not transient then what is? The word volatile also becomes redundant, as all class variables are volatile.
The keyword strictfp is also useless in supa.

Related

trueffs on mars?

reading about the marsrovers operating system on
http://www.windriver.com/marsrover/index.html
I saw that it uses the same software (trueffs - by m-systems) that also drives the extended rom.
I found the documentation of trueffs rather lacking, and incorrect.
hope that is not the reason for spirits recent troubles.
many of the ioctl's described in this document work different in reality than described, mostly parts that pass a pointer to a buffer in the ioctl's 'in' parameter, pass this pointer in reality in the 'out' parameter.
return values sometimes reflect the success of a call, and sometimes are unrelated.

HTC Performance - Fact Or Fiction The True Story...

Ok, I've seen numerous questions about the app called HTC Performance & have disassembled the executable. While my knowledge of these thing is by no means great, I have found some very interesting functions.
Maybe someone with more reverse engineering & code experience can take a look, but with IDA Pro there are some very interesting functions & strings.
Some of the calls & code are deprecated & no longer used in WM6 + but some of them are.
It is possible, especially for evB equiped roms, that this prgram acts like a server of sorts for some programs & processes. But being as it is initiated with Smartphone only functions I doubt it.
some of the more interesting functions in the HTC Performance app are:
SHInitExtraControls Which appears to be for Smartphone only
GetSystemMetrics WM6 Pro valid - Gets System Width & Heigth in pixels. Posible uses include program optimization based on the appropriate pixel returns
CreateMutexW - coredll - used to connect to core via net cf for obtaining device info- Usually eVB related apps use to call coredll info
memmove = takes more memory than memcpy but may be used to ensure unicode strings not used on odd memory addresses, this could increase speed on apps that incorrectly do this.
InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, and InterlockedIncrement = functions provide a simple mechanism for synchronizing access to a variable that is shared by multiple threads. The threads of different processes can use this mechanism if the variable is in shared memory.
InterlockedCompareExchange = function performs an atomic comparison of the Destination value with the Comperand value. If the Destination value is equal to the Comperand value, the Exchange value is stored in the address specified by Destination. Otherwise, no operation is performed
YAXPAX = can speed up access of written C++ Code
ReleaseMutex = Mutex functions are used to release shared functions
EnumWindows = (..) to execute a task. EnumWindows (..) enumerates through all existing windows (visible or not) and provides a handle to all of the currently open top-level windows. Each time a window is located, the function calls the delegate (named IECallBack) which in turn calls the EnumWindowCallBack (..) function and passes the window handle to it. Not sure howthis is used though.
LoadAcceleratorsW = ??? Appears to be old CE function. Deprecated???
realloc = String Optimization
malloc = RAM Allocation
GetDeviceCaps = gets dev info, can be used to the optimize redraw based on device constraints already known
LocalReAlloc = This function changes the size or the attributes of a specified local memory object. The size can increase or decrease.
EnterCriticalSection = The threads of a single process can use a critical section object for mutual-exclusion synchronization. The process is responsible for allocating the memory used by a critical section object, which it can do by declaring a variable of type CRITICAL_SECTION. can grant exclusive access to memory
ReleaseDC = This function releases a device context (DC), freeing it for use by other applications. The effect of ReleaseDC depends on the type of device context.
Again, I am not a programmer, I know a few things, & am pretty competent with the lower operations of firmware, but the rest of the CE code is not my cup of tea. There are many more functions in HTC Performance. These are only a few functions found after a brief 20 minute peak.
But maybe, maybe, some of the function calls can help us to understand if this app can be moddified to properly function on the Kaiser.
It is possible that on some evB enabled apps, that maybe some of the HTC Performance app are retained & possibly function, that is pure speculation though, & again I doubt it.
Any CE code experts out there wanna take a look? I have, & based on what I've seen, I'll have to say FICTION!
Info
Hi,
Since I haven't really had time to see whats new and all I haven't the foggiest idea what HTC Performance is/what it is supposed to do.
But I can tell you that the functions you listed are not special in any way. Most of them would appear in every application that displays anything on the screen. For instance getting system metrics is required for any application displaying scroll bars, etc. All the interlocked and critical section stuff is just thread synchronization.
But that's OK, the use of windows APIs really doesn't mean much, other than the application runs on Windows...its the non-API stuff that defines an application. If the application you're looking at writes changes to registry keys, etc. you may want to look into that as those would be the lasting changes to the device.
Cheers,
Why is there concurrency related stuff in there? Surely that should all be handled by the operating system, rather than a running application? (That said, most of my concurrency knowledge is either theoretical or based at a high level, so I could be wrong here).
High Performance Cab
You can also check this thread...
http://forum.xda-developers.com/showthread.php?t=366792
Quentin- said:
Hi,
Since I haven't really had time to see whats new and all I haven't the foggiest idea what HTC Performance is/what it is supposed to do.
But I can tell you that the functions you listed are not special in any way. Most of them would appear in every application that displays anything on the screen. For instance getting system metrics is required for any application displaying scroll bars, etc. All the interlocked and critical section stuff is just thread synchronization.
But that's OK, the use of windows APIs really doesn't mean much, other than the application runs on Windows...its the non-API stuff that defines an application. If the application you're looking at writes changes to registry keys, etc. you may want to look into that as those would be the lasting changes to the device.
Cheers,
Click to expand...
Click to collapse
No, registry would not necesarily be the place to look. For this application the registry will only report whether or not the App is running or not. It is supposed to be a speed optimization application. My thought were that it could possibly be acting as a server of sorts, handling some thread optimization & resource allocation. Correct though, most of those API's are importing device info, beyond that, I am lost as to how it handles it, if it does at all. That said, there are many things that don't show up in the registry & many things can't be altered via the registry b'c they are set or handled before initialization or loading of the registry, possibly thru the OAL. Even tougher to say in a two chip device with as little known info as the msm7xxx processors. If anyone with real coding knowledge could take a look at the executable & see just what it's doing with the info, that would be great.
dperren said:
Why is there concurrency related stuff in there? Surely that should all be handled by the operating system, rather than a running application? (That said, most of my concurrency knowledge is either theoretical or based at a high level, so I could be wrong here).
Click to expand...
Click to collapse
That is indeed the center of my question & also what leads me to question how the app functions. Is it playing a role in thread priority optimization, & possibly redraw based on the polls, or is it just a partially gutted application miising a ton of registry data that never worked?

Newb to C# question, trying to display jpg menu

I've been posting left and right on these forums since I got my new phone (Blackstone). I've done some programming before (c/++ and java) but mainly more scripting in Matlab and maple (if you can call the latter scripting ).
But since I've gotten my new HD, I've been wanting to program for it. So I thought my first program would be a simple but fun multiplayer game, which would allow me to learn c# in the process.
I've gotten hold of VS2008 through my uni, and a few different C# books (couldn't find a specific WM6 C# book though, and MSDN is a huge mess, what with obsolete libraries, mixing WinEmbedded and WinCE with compact.NET and a mess of unusefull and incomplete pseudocode).
So I've started through the books and it all seems kinda straight forward: classes are declared with their variables, the accessors/methods and constructors; you create an instance of the class and load in it's variables, then you draw them.
And now I'm stuck trying to just displaying a goddamned jpg.
I've attached my program code (VS2008 project) and the jpgs. What I'm trying to do here (before even getting started on the game logic) is just display a form with a background image, draw three menu buttons on top and a sound on/off button.
The start/options/exit buttons will lead to their respective forms, and the sound on/off button does just that.
What I've tried to do is create a new class. ImageBtn, which implements my button behaviour (show button, if pressed display pressedversion of the button and then perform action).
The Mash2 main() directs to MainmenuForm, which loads the bckgrnd and buttons using the mainmenufoprm.designer and the imagebtn class. The rest of the forms are placeholders.
Please, could someone who knows more of C# than me (ie practically anyone ) have a look at my Mash2.cs, FormMainmenu.cs and ImageBtn.cs to see what I'm doing wrong?
Am I not loading the jpg's correctly? Is my custom class not declared correctly? Is it a problem with my use of winArray? Or how I invoke graphics.drawimage?
I just have no idea, and what's more humiliating is that everything I look up on google gives me a different, badly written and obviously syntax incorrect example of how it should be done and they're all done using very different techniques.
PS: as I've said, I've attached my project files, but if people can't be bothered I could post the code inline. Also any links to WinMobile, compact.NET C# forums which could help would be much appreciated. Hell, any help would be a life^H^H sanity saver!

Writing app, having trouble

Hey guys, I know this thread is probably better suited for the development thread, but I am not allowed to post there, so here goes:
I am working on improving the notepad app that is created through the notepad tutorial provided for android development, and at the moment I am trying to make a preferences page that allows me to enter a number, hit confirm, and the app will use that number to change the font. My approach so far has been to pass a startActivityForResult call, which returns a number, then in my onActivityResult I check for that number which should be returned. I then capture the result code, which should not be an integer, it has been parsed in the methods that were called. All that seems to be running fine, but when I try to use TextView to setTextSize my application is force closing, I have tried a few different ways of implementing this setTextSize method, including not using the variable that I am getting back (resultCode) at all, and instead just plugging in a preset number, but the application is still bombing as soon as I try to call setTextSize in any way. I wanted to see if there is anything special about the setTextSize that I may be missing, or if there is a better way of setting font size at run-time.
Thanks,
Nate
Does this help at all?
I did find that post through my searching, and even calling the setTextSize using pixels it still bombs out, here is my code for making the text larger:
fontSize = resultCode;
TextView tv;
tv = (TextView)findViewById(R.id.text1);
tv.setTextSize(TypedValue.COMPLEX_UNIT_PX, fontSize);
I do not know if this matters or not, but the view that is being used is notes_row which is referenced by id text1, more importantly, notes_row is used to display the rows on the notes_list view.
Thanks for the help, I am new to android programming, and this is something I have had trouble with for the past 2 days.
OK well what does the stack trace look like? what errors are you getting? and i know you said you plugged in an actual number in place of the variable (just for testing), but how did you plug that number in? did you just use the number or did you use the Float or Integer object or what?
Unfortunately, I do not know what a stack trace is, if you could elaborate I would be very grateful.
When I plugged the number in directly I did it both by creating a variable of type float and assigning it a value, and using that variable in the method call, as well as just putting a number directly into the method call.
Bump. Can't figure out why a simple textview.settextsize would cause a force quit.
Sitrep: I figured out the problem with my code, but in the process caused another problem. Here is the deal, I was instantiating TextView with a view object, rather than a context, after switching the line that said TextView tv = new TextView( (TextView) findViewById(R.id.text1))) to TextView tv = new TextView(this). The problem with that is, I am trying to edit data that is in a pre-existing textview, declared in one of my xmls, and therefore creating a new one does not seem like the right way to be going, or maybe I just do not understand the way to do it.
Does anyone know a way for me to access my pre-existing TextView (created in my xml file) at run-time, or even a way to apply settings that I change on my new TextView to my pre-existing one. Is this possible or do I need to be looking for a different solution (someone suggested that I create a separate view for each text size that I want to create, and then once a user selects the text they want using a menu, just call the appropriate view) I would prefer to use a more elegant solution if possible.
Thanks for all the help so far,
Nate
Doing more reading, I see that I do in fact need to make my TextView = the one that is currently defined with the program, the problem with this is that when I put breakpoints right after where I declare this statement: TextView tv = (TextView) findViewById(R.id.text1); Under variables tv shows as a null, and I believe that is the reason that I getting the crash, I think the program is seeing null.setText...... instead of view.set....
To the top

Trident Encoder : Encryption for Windows RT

I implemented a browser based encryption solution which runs on Windows RT (and many other Windows computers). All I wrote was the HTML page, I am leveraging Crypto.JS javascript library for encryption algorithm. I am using the HTML 5 File API implementation which Microsoft provides for reading and writing files.
I make no claim on this but seems to work good for me. Feel free to feedback if you have any suggestions. The crypto.js library supports many different algorithms and configuration so feel free to modify it to your own purposes.
You can download the zip file to your surface, extract it and load the TridentEncode.htm file into Internet Explorer.
If you want to save to custom directory you probably need to load it from the Desktop IE instead of metro IE (to get the file save dialog). I usually drag and drop the file onto desktop IE and from there I can make favorite. This should work in all IE 11 and probably IE 10 browsers... if you use other browsers you may need to copy paste into the fields since the File API implementation seems rather browser specific. Running the html page from the local filesystem means that there is no man-in-the-middle which helps eliminate some of the vulnerabilities of using a javascript crypto implementation. You could also copy the attached zip file to your skydrive to decrypt your files from other computers.
Skydrive files in theory are secure (unless they are shared to public) so this might be useful for adding another layer of protection to certain info.
Again, use at your own risk, but feel free to play around and test it, and offer any suggestions or critiques of its soundness, or just use it as a template for your own apps.
Ok... this is really cool! Nice idea, and a good first implementation.
With that said, I have a few comments (from a security perspective). As an aside, minimized JS is the devil and should be annihilated with extreme prejudice (where not actually being used in a bandwidth-sensitive context). Reviewing this thing took way too long...
1) Your random number generation is extremely weak. Math.random() in JS (or any other language I'm aware of, for that matter) is not suitable for use in cryptographic operations. I recommend reading http://stackoverflow.com/questions/4083204/secure-random-numbers-in-javascript for suggestions. The answer by user ZeroG (bottom one, with three votes, as of this writing) gets my recommendation. Unfortunately, the only really good options require IE11 (or a recent, non-IE browser) so RT8.0 users are SOL.
NOTE: For the particular case in question here (where the only place I can see that random numbers are needed is the salt for the key derivation), a weak PRNG is not a critical failing so long as the attacker does not know, before the attack, what time the function is called at. If they do know, they can pre-compute the likely keys and possibly succeed in a dictionary attack faster than if they were able to generate every key only after accessing the encrypted file.
2) Similarly, I really recommend not using a third-party crypto lib, if possible; window.crypto (or window.msCrypto, for IE11) will provide operations that are both faster and *much* better reviewed. In theory, using a JS library means anybody who wants to can review the code; in practice, the vast majority of people are unqualified to either write or review crypto implementations, and it's very easy for weaknesses to creep in through subtle errors.
3) The default key derivation function (as used for CryptoJS.AES.encrypt({string}, {string})) is a single iteration of MD5 with a 64-bit salt. This is very fast, but that is actually a downside here; an attacker can extremely quickly derive different keys to attempt a dictionary attack (a type of brute-force attack where commonly used passwords are attempted; in practice, people choose fairly predictable passwords so such attacks often succeed quickly). Dictionary attacks can be made vastly more difficult if the key derivation process is made more computationally expensive. While this may not matter so much for large files (where the time to perform the decryption will dominate the total time required for the attack), it could matter very much for small ones. The typical approach here is to use a function such as PBKDF2 (Password-Based Key Derivation Function) with a large number of iterations (in native code, values of 20000-50000 are not uncommon; tune this value to avoid an undesirably long delay) although other "slow" KDFs exist.
4) There's no mechanism in place to determine whether or not the file was tampered with. It is often possible to modify encrypted data, without knowing the exact contents, in such a way that the data decrypts "successfully" but to the wrong output. In some cases, an attacker can even control enough of the output to achieve some goal, such as compromising a program that parses the file. While the use of PKCS7 padding usually makes naïve tampering detectable (because the padding bytes will be incorrect), it is not a safe guarantee. For example, a message of 7 bytes (or 15 or 23 or 31 or any other multiple of 8 + 7) will have only 1 byte of padding; thus there is about a 0.4% (1 / 256) chance that even a random change to the ciphertext will produce a valid padding. To combat this, use an HMAC (Hash-based Message Authentication Code) and verify it before attempting decryption. Without knowing the key, the attacker will be unable to correct the HMAC after modifying the ciphertext. See http://en.wikipedia.org/wiki/HMAC
5) The same problem as 4, but from a different angle: there's no way to be sure that the correct key was entered. In the case of an incorrect key, the plaintext will almost certainly be wrong... but it is possible that the padding byte(s) will be correct anyhow. With a binary file, it may not be possible to distinguish a correct decryption from an incorrect one. The solution (an HMAC) is the same, as the odds of an HMAC collision (especially if a good hash function is used) are infinitesimal.
6) Passwords are relatively weak and often easily guessed. Keyfiles (binary keys generated from cryptographically strong random number generators and stored in a file - possibly on a flashdrive - rather than in your head) are more secure, assuming you can generate them. It is even possible to encrypt the keyfile itself with a password, which is a form of two-factor authentication: to decrypt the data that an attacker wants to get at, they need the keyfile (a thing you have) and its password (a thing you know). Adding support for loading and using keyfiles, and possibly generating them too, would be a good feature.
The solutions to 3-5 will break backward compatibility, and will also break compatibility with the default parameters for openssl's "enc" operation. This is not a bad thing; backward compatibility can be maintained by either keeping the old version around or adding a decrypt-version selector, and openssl's defaults for many things are bad (it is possible, and wise, to override the defaults with more secure options). For forward compatibility, some version metadata could be prepended to the ciphertext (or appended to the file name, perhaps as an additional extension) to allow you to make changes in the future, and allow the encryption software to select the correct algorithms and parameters for a given file automatically.
Wow thanks GDTD that's great feedback
Not sure about his minified sources, the unminified aes.js in components is smaller than the minified version (which I am using) in rollups. I'll have to look into what his process for 'rollup' is to see if I can derive a functional set of non-minified script includes. If I can do that it would be easier to replace (what I would guess is) his reliance on Math.random.
His source here mirrors the unminified files in components folder : https://code.google.com/p/crypto-js/source/browse/tags/3.1.2/src
msCrypto that would be great, I had no idea that was in there. I found a few (Microsoft) samples so I will have to test them out and see if I can completely substitute that for crypto.js. Would be more keeping in line with the name I came up with.
Currently this version only works for text files, I am using the FileAPI method reader.readAsText(). I have been trying to devise a solution for binary files utilizing reader.readAsArrayBuffer but as yet I haven't been able to convert or pass this to crypto.js. I will need to experiment more with base64 or other interim buffer formats (which Crypto.js or msCrypto can work with) until I can get a better understanding of it.
Metadata is a great idea, maybe i can accommodate that with a hex encoded interim format.
You seem extremely knowledgeable in the area of encryption, hopefully i can refine the approach to address some of the issues you raised by setting up proper key, salt, and IV configuration... I'm sure I will understand more of your post as i progress (and after reading it about 20 times more as a reference).
Too bad we don't a web server for RT, that would at least open up localStorage for json serialization (mostly for other apps I had in mind). I guess they might not allow that in app store though. Could probably run one of a developers license though (renewed every 1-2 months)?
nazoraios said:
Too bad we don't a web server for RT, that would at least open up localStorage for json serialization (mostly for other apps I had in mind). I guess they might not allow that in app store though. Could probably run one of a developers license though (renewed every 1-2 months)?
Click to expand...
Click to collapse
I cant comment too much on the encryption, GoodDayToDie has covered anything I could contribute and more. But there is a functioning web server on RT. Apache 2.0 was ported: http://forum.xda-developers.com/showthread.php?t=2408106 I dont know if everything is working on it, I dont own an RT device and last time I tried I couldnt get apache to run on 64 bit windows 8 anyway (needed it at uni, spent hours going through troubleshooting guides and it never worked on my laptop, gave up and ran it under linux in virtualbox where it took 2 minutes to have functioning the way I needed it to).
Curious about the performance. Speaking of encryption, 7-Zip has it built-in, and from the discuss in StackExchange, it seems pretty good.
One of the neat things about this thing (local web app? Pseudo-HTA (HTml Application)? Not sure if there's a proper name for such things) is that it runs just fine even on non-jailbroken devices. That's a significant advantage, at least for now.
Running a web server should be easy enough. I wrote one for WP8 (which has a subset of the allowed APIs for WinRT) and while the app *I* use it in won't be allowed in the store, other developers have taken the HTTP server component (I open-sourced it) and packaged it in other apps which have been allowed just fine. With that said, there are of course already file crypto utilities in the store anyhow... but they're "Modern" apps so you might want to develop such a server anyhow so you can use it from a desktop web browser instead.
Web cryptography (window.crypto / window.msCrypto) is brand new; it's not even close to standardization yet. I'm actually kind of shocked MS implemented it already, even if they put it in a different name. It's pretty great, though; for a long time, things like secure random numbers have required plugins (Flash/Java/Silverlight/whatever). Still, bear in mind that (as it's still far from standardized), the API might change over time.
Yep, I think of them as Trident apps since trident is what Microsoft calls their IE rendering engine, but I guess they are sort of offline web apps (which come from null domain). Being from null domain you are not allowed to use localstorage which is domain specific. You also are not allowed to make ajax requests. You just have file api and json object serialization to make do with I/O.
Another app I am working on is a kind of Fiddler app similar to http://jsfiddle.net/ where you can sandbox some simple script programs.
Kind of turning an RT device into a modern/retro version of a commodore 64 or other on-device development environments. Instead of basic interpreter you've got your html markup and script.
I have an attached demo version which makes available jquery, jquery-ui, alertify javascript libraries in a sandbox environment that you can save as .prg files.
I put a few sample programs in the samples subfolder. Some of the animation samples (like solar system) set up timers which may persist even after cleared so you might need to reload the page to clear those.
It takes a while to extract (lots of little files for all the libraries) but once it extracts you can run the html page and I included a sample program 'Demo Fiddle.prg' you can load and run to get an idea.
I added syntax highlighting editors (EditArea) which seems to work ok and let's you zoom each editor full screen.
The idea would be to take the best third party javascript libraries and make them available and even make shortcuts or minimal API for making it easier to use them. Common global variable, global helper methods, ide manipulation. I'd like to include jqplot for charting graphs, maybe for mathematical programs and provide api for user to do their own I/O within the environment.
These are just rough initial demos, and obviously open source so if anyone wants to take the ideas and run with them i'd be interested in seeing what others do. Otherwise I will slowly evolve the demos and release when there are significant changes.

Categories

Resources