Mods - very sorry, saw the sticky too late that questions don't go in general. Please move as needed and I'll be good next time!
So, I'm trying to set up a Current Cost Envi electricity monitor to write data to the Nest platform for display in the energy history plot but have run into some difficulty and have had trouble finding anyone who'd worked with the official API and can make suggestions on how to proceed. I'm not a professional computer scientist but have some coding experience and can usually fight through learning new things but this is giving me more grief than anything has in a while!
So far I've registered as a developer with Nest and with Google, which I think is required to get an OAuth2 redirect URI, and can create a client in the Nest Developer page with thermostat read privileges, but what I really want is to make a client with product data write privileges. However, when I attempt to do so and fill in all fields except OAuth2 redirect URI (it says leave blank to use PIN and I'm still learning the ropes of OAuth so was planning to come back to this shortly after reading up some more), I get and error at the top of the screen that says "scopes.justification exceeds required maximum length of 140". According to the documentation, I should get at least as far as seeing a message telling me the Dev team will contact me in a few days to set up data storage etc, but I don't think I"m getting to that due to the error.
Am I missing something obvious that could be generating this error?
I'm wondering if it would be WAY easier and faster to just pull data from the Nest and push it to a different database of my own choosing that will also hold the energy monitor data?
Last, is there documentation on what Nest open source compliance is all about? There's a whole page with Nest open source packages but I can't for the life of me find any information to go with it.
Related
Let me start off by apologizing if this is in the wrong place. I tried to post in the Software developer forum but got a notice that I cannot as i am new and need to post here, in the general forums.
I have developed an app for the Android that is an Attorney Time Entry application. The purpose of the app is to allow attorneys to enter time entries from their phone and have them automatically show up on their time entry software on their desktop at the office. I have already deployed this to one firm and am looking now to move to making it a general application on the market that anyone can use.
Currently the way the app works is that it goes to the specified server (at the attorney's office) and downloads all the matters from there. The attorney then has a listpick of all of the matters that that specific attorney is working on. He can then enter the number of hours, activity code, task code, description, and date, and submit the information via an email. The email will go to a specified email account that on the server side it receives the comma separated values and uploads them to the internal software.
So what I am looking for is to see if there is interest in a firm, or small group of firms working with me to make this a market product. I would work with you to instruct you how to set up things on your end at the server, and you would in turn test the app on your android phones and report any bugs or feature suggestions.
This is obviously most useful for a firm that supplies its attorneys with android phones.
Bump for myself. Is thread doomed because it is in general instead of in application development? Can a mod please move it there for me?
Reporting -In this section, we rate each time tracking and management software product according to its capabilities to produce various reports. The software should produce valuable reports that aid in business and time management. Additionally, you should be able to print the reports easily, or export them as needed.
I threw a thread in Android general to bring awareness of an article about a webkit vulnerability that will be/is being demo'd on the Android platform.
Thread:
http://forum.xda-developers.com/showthread.php?p=24154035#post24154035
Article:
http://news.cnet.com/8301-27080_3-57386319-245/researcher-to-demo-smartphone-attack-at-rsa/
Discuss?
Long as people practice the same rules as receiving fake facebook,banking ,etc emails than you should be ok. One advantage to desktops is you easily can hoover over the embedded link to see if its legit,report it as spam if not,& forward it to the actual company if they have department that handles phishing emails/fraud. Also from the article it doesnt say how the message was being faked as a carrier message. I normally save the short codes I use in my address book so I know whats what but I know from working customer service alotta people skip over the users manual that list the short codes & info for online saftey etc.
Yep, absolutely some common sense and safe browsing practices are important in something that is probably linked to your identity, and likely financial information.
What got me was the control over the real-time tracking ability of the device and recordings of audio (and video would not be a stretch I bet)
I haven't had a lot of time to look into it further yet, and it is a highly focused attack that is probably not of concern to the average user just yet - but given the scope of what this attack allows it's definitely something to be aware of.
Anything that lets joe-blow become a junior On-Star type peeping tom with my Android is something to worry about.
I never use the front-facing camera for anything, so it has a little piece of electrical tape cut to fit over it. No matter of software engineering can overcome that physical obstruction, but what of the microphone, gps and so on?
I'm eagerly awaiting the chance to look into this more after work tonight, meantime just wanted to throw it out there and try to get some awareness out and see what other people had to say.
I'm glad to see the first post in response here was a reminder about user-level security and explicitly cautioning people about clicking random links!
Also:
pimppoet said:
... Also from the article it doesnt say how the message was being faked as a carrier message...
Click to expand...
Click to collapse
This is the part where you get to be creative about it - you could make it anything, that was just the method they chose to get to the needed trigger, the user clicking the link.
I'm curious how they faked the carrier message too, but that doesn't mean that's the only method of injecting the desire to click into the users head.
Good points so far!
Edit:
To be honest, if it's not a click that's needed but just a visit to the website, an injection method could be to compromise an ad-serving machine that serves ads in apps and get an 'ad' that would take the user to the website inserted to what's already served to their device.
Heck, if that's viable, then you might even get them to accidentally go there with a stray touch and bam, you win.
Identification explicitly of the problem is step 1 on the path to a solution.
i am kind of in the habit that, whether an sms message is truly from the carrier or not, it's a scam either way **DELETE**
definitely worrisome, but i guess not surprising that stuff like this exists. good tho to bring it to light so that the race for patches can begin.
i'd be more worried if there was something that can attack your device without you clinking on a link or opening a message.... wait a minute, i guess a carrier could do that! tho it seems that their main interest is gathering data as research for how to sell more stuff, or to sell the data to others wanting to sell more stuff.
Blue6IX said:
Yep, absolutely some common sense and safe browsing practices are important in something that is probably linked to your identity, and likely financial information.
What got me was the control over the real-time tracking ability of the device and recordings of audio (and video would not be a stretch I bet)
I haven't had a lot of time to look into it further yet, and it is a highly focused attack that is probably not of concern to the average user just yet - but given the scope of what this attack allows it's definitely something to be aware of.
Anything that lets joe-blow become a junior On-Star type peeping tom with my Android is something to worry about.
I never use the front-facing camera for anything, so it has a little piece of electrical tape cut to fit over it. No matter of software engineering can overcome that physical obstruction, but what of the microphone, gps and so on?
I'm eagerly awaiting the chance to look into this more after work tonight, meantime just wanted to throw it out there and try to get some awareness out and see what other people had to say.
I'm glad to see the first post in response here was a reminder about user-level security and explicitly cautioning people about clicking random links!
Also:
This is the part where you get to be creative about it - you could make it anything, that was just the method they chose to get to the needed trigger, the user clicking the link.
I'm curious how they faked the carrier message too, but that doesn't mean that's the only method of injecting the desire to click into the users head.
Good points so far!
Edit:
To be honest, if it's not a click that's needed but just a visit to the website, an injection method could be to compromise an ad-serving machine that serves ads in apps and get an 'ad' that would take the user to the website inserted to what's already served to their device.
Heck, if that's viable, then you might even get them to accidentally go there with a stray touch and bam, you win.
Identification explicitly of the problem is step 1 on the path to a solution.
Click to expand...
Click to collapse
That too. I think tools like lbe,droidwall,adaway etc should come standard but I doubt it will ever since it would cut into google profits aswell.
One ad blocker I would love to see on smartphones is ad muncher since you can see the scripts,urls,etc being loaded,set your user agent for your browser to whatever you like etc.
I don't participate much, but I've learned a great deal from this site. So I'm posting this here as GPL2 software as a way of thanking everyone. All I really ask is that it not be used in a closed-source app without talking to me first.
Can't poast URLs, because I have fewer than 10 poasts (I lurk hard). Mod, if you don't deem this to be spam, would you kindly provide the link (or allow me to do so)?
[sourceForge.net]/projects/webremote/
Basically, this was meant to be a generalized HTTP(S) client, with the URLs being assembled dynamically and under a variety of different circumstances. The server-end of the transaction is a creation of the user.
I wrote this tool to assist me with repititive tasks at work (specifically, asterisk/linux administration). I wrote a PHP page to do things like add users, check server load, trigger recordings and dialplan modes, and so forth.
I have also used it in conjuction with a Raspberry Pi to trigger relays and read sensors in my home from wherever I happen to be at that moment.
There are lots of things I want to do with this app...
Implement GPS, so I can trigger URLs at waypoints.
Tie into NFC and make a bitcoin wallet that you can "bump" or scan a QR code to pay someone.
Implement Trigger packages to support one-click importing of Triggers for a specific task (IE, minecraft server administration)
Use BouncyCastle to encrypt the DB.
Hook into the camera and fire triggers using snapshots (or image files) as arguments.
Actually cause the HTTPS Receivers to validate certificates. Presently it does not (although the traffic is still encrypted).
I will take requests, questions, and bug reports at the sourceforge page, but how fast things get done will directly correlate to how much interest the project attrracts (which may very well be none).
For those learning how to program and trying to learn something by reading the source, I'm sorry.
I've tried to keep things hygenic. I come from a C/Java background, so Android was a bit of a leap, with respect to its organization. This program is a work of evolution.
To check out the source, use subversion:
svn checkout svn://svn.code.sf.net/p/webremote/code/trunk webremote
My working copy is also my Eclipse directory, so importing it with Eclipse should be minimal trouble.
If anyone *really* wants to thank me, I am a bitcoin user:
12rA36FH4NUFZojxyxQgWmQm6WUnzfQ1yR
Or you could buy the version I have up at google play (but I consider this a donation):
Can't poast URLs.... Search the Play store for WebRemote.
Thank you all again for sharing your knowledge.
Pronounced "say candy", the goal of SecAndy is to come up with as secure and private of an OS as possible. So as not to reinvent the wheel, we'll base this initiative on our open source code of choice (Android or maybe other developers' choice).
I am not a developer myself but I can without a doubt, because of former professional experiences, organize a project and gather the right people together as a community in order to make sure that project sees the light of day after it has acquired a life of its own if needed, which I think we will agree is something that this kind of project requires because of the scrutiny it will quickly attract.
I am officially calling upon this post all interested developers that could help us fork Android or other open source OS.
Let's get a kickstarter funded and let the party begin. I will update you later today on the advancement of such.
This thread welcomes constructive ideas and developer participation, but here are beginning requirements we'll need to fulfill eventually to privatize and secure android :
- default browser allowing custom search engines such as https://ixquick.com or duckduckgo
- default system search pointing to those custom engines for online component
- control of gps at firmware level to allow full disability
- peer to peer file exchange (think BitTorrent sync) with 1024 to 2048 bit encryption
- implementation of secure sms and mms exchange (think textsecure)
- implementation of encrypted voice channels (think redphone or SIP with end-to-end encryption)
- root vpn for all online access
- systemwide warning of insecure solutions (example : wanting to use gmail or regular email)
- PGP transparent email solution
- Tor option for root vpn (subject to mitm attacks but more on that later)
- peerguardian type auto-updated database to identify suspicious IP address ranges
- systematic in-out firewall control auto updated with peerguardian database and community based rules database
- hardened malware protection and app permissions with automatic permission audit based on application type
- full device encryption and lockup (in case of unauthorized user)
- full remote wipe out and bricking with auto IMEI reporting (in case of theft, might have to be amended because of attack vector)
- full remote location capability with real time tracking (that one might have to be scratched, high security risk because of attack vector)
This obviously doesn't cover all the bases but would be a good start... I know a lot of these options can be implemented with a mismatch of apps and custom Roms but having it all at an OS level AOKP style would greatly help in building an android by the people for the people community that could eventually loosen the stranglehold of less than transparent corporations.
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
e-motion said:
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
Click to expand...
Click to collapse
I don't want to be insulting, but no programming work has been done on your part, and you're just asking for people to dive in this project to get managed by someone they never heard of. It's not really surprising no one has commented yet.
I understand what you're saying but any comment, even if only just to show interest in such a project, will be key to drive developers to it.
I might not have started any development but I have clear understanding of how to design secure solutions. I can't go into details of why that is, however you can clearly see with my 2nd post that some research has been done. If I wanted a solution for me alone, I could just go on with my own little pudding of custom ROM and security apps.
However, because of the recent news events that SHOULD have awaken this population, I thought now might finally be the right time to try to get such a project off the ground. But without anyone even showing any interest, why would any developer be drawn to it ? If people would rather focus more on content consumerism than on what might happen under an umbrella of spooks that they're paying for with their taxes, then they have learned nothing from history and deserve what's coming to them, simple as that.
This is NOT a development thread in case you haven't noticed, so telling me I haven't developed anything yet is not even relevant.
In case anyone cares, this will be moved shortly in the t-mobile Note 2 Android development thread as a Touchwiz proof of concept ROM. Little steps, little steps...
Sent from my SGH-T889 using Tapatalk 2
mobile sec
While I am not a developer I would be interested in this project. I've been thinking about this a bit lately given recent events. I think a useful privacy preserving security related app and phone combo might have these features:
-some way to separate the baseband processor (radio) from the OS. It seems most phones share memory with the radio and this fact can and has been exploited. Own the bb processor and you own the phone. Perhaps a 3g dongle plugged into an android phone in host mode would work. Some of these usb "data only" radios can be unlocked for voice too. I believe a rooted phone with IP tables/firewall running would be much more secure than a conventional mobile phone.
-an anonymising network for connecting to servers/peers. I think the i2p network is well suited for this purpose. Rather than connect to services that are not designed with your anonymity/privacy in mind, connect to hidden/darknet servers that make it extremely difficult to ascertain your real IP and location. Perhaps an i2p router running on your home computer relaying i2p traffic while also maintaining a long lived encrypted connection to your mobile in order to "push" data to it. In this way the user benefits from the anonymising network, contributes to the network, but doesn't have the battery drain of relaying packets from the phone (if this is even possible).
-end-to-end encryption. Perhaps OTR messaging for texting and perhaps openPGP for transferring binary files as I don't believe file transfer in OTR is available at this time.
-an app that uses the above network that is capable of sending/receiving encrypted text, audio, video, gps location etc and does not leak any personal information that you don't want leaked. XMPP might be a good choice (with perhaps out-of-band binary transfers for efficiency). Giving your unique identifier to another person that is using the same app would allow you to communicate with them while not revealing your phone number, imei, imsi, etc. There would be some latency in the communication especially with binary transfers but I would gladly accept that for the added security.
anyway, just wanted to add this to the conversation and hope to see this project take shape as we definitely need more security enabled os's and apps.
Hello everyone! I am new to the forum. Been thinking of joining for a while but my current issue has been the push I needed to join. I have looked high and low for the answer but to be completely honest I am not entirely sure what to look for. Not sure what my question is. I have also looked around this forum for a a good little while stopping on this thread to ask my question. I hope it's the right place to start. I will try to ask this in a way that is understandable and relevant. In your answer please take into consideration that I am new-ish to Android Development. =) (I can do the basics, Root, hack, crack, etc,.) I know enough though I think to follow your answerer and understand it.
** Question: For my Project should I go with a full Android App, go with a website that can be viewed on a mobile phone, or should I build the back-end on a web server and have an android app that delivers the front-end? (Front-end being the login, the styling of the pages, where the interaction between users take place, etc,. ) I'll elaborate on my question below. **
Alright. I started building a website. Conceptual anyway. I have been designing it on paper, white board, Photoshop etc,. The website is going to be a social site of sorts. Unique in it's own way. At first I was going to do just a website. Then I realized as my creation grew that I wanted it to be an App. Then decided, due to all the back-end server programming and functionality required, I would most likely have to build it as a website or web application. To give a brief summery of the site. There will be a login system with profiles, instant messaging. video chats, group chats, ability to play simple games like cards, chess, and more. I will also need to be able to control sessions. Write new session information on the fly based on certain actions the users take.
My problem, I think, is that i'm not sure the most efficient or effective way to go about doing this. If it was going to be on a computer I would write it up in PHP and obviously display the site with HTML/CSS. The display part I think is where I am at a loss. At least one of my issues. Since I would like for this to be an app for Android I may need a new way to display the 'site' if that's what It will even be called once it's an app. If I'm going to shoot for it to be on mobile phones then I'm thinking I can get the cosmetics looking good as well as using it to my advantage. I prefer the 'app-like-interface' rather than scroll with mouse and click on the page as if it were a website. ( 'app-like-interface': I am referring to buttons, and menus, and a overall 'pretty' interface. touch screen etc,.)
So should I write it as a website in it's entirety and just display it as a mobile site?
Should I completely trash the idea of doing this for mobile phones?
Should I (if it's possible) write everything on the back-end with PHP but create an app with java to display the styling and build the interface?
Or should I do something else entirely that I've not mentioned?
My apologies if this question was a bit to long. Tried to be thorough. Thanks so much in advance as well. This answer is something I need before I can even consider continuing. Thanks!
Az Tek