|
I/O ticket confirmations are reportedly rolling out now. May take a while since they have to charge four and a half million dollars worth of credit cards
|
# ? Apr 21, 2014 19:25 |
|
|
# ? May 27, 2024 01:58 |
|
I'm curious, what's the appeal of going to IO? All the content is streamed online very soon after the conference (is it even streamed live during it?). If you just want to network you don't even need to buy a ticket, kind of like GDC you can just hang out in the bars and areas around the conference. I can only assume the insane feeding frenzy for tickets is that people want some free hardware? Given all the other expenses of going it doesn't really seem worth it to me, especially considering the giveaways have kind of fallen off (like who is actually using that weird music orb or chromebook pixel they gave away a few years ago?).
|
# ? Apr 21, 2014 20:11 |
|
In the past there have been code labs where content has not been streamed or published after the fact. The labs were pretty helpful for learning some concepts; maybe they were just beefier versions of the tutorials published on their website but when I have paid $1K to be there I am going to be a hell of a lot more motivated to sit there and learn jt than if I am at home. They've also got office hours with the devrel people and product teams so you can take nitty gritty questions to people who are in the best position to answer. The lunch meetups are handy, in that on more than one occasion I have serendipitously sat down next to someone who is the maintainer of an open source component I used, or was on the development team of an app that I really liked and wanted to know more about how they put it together. I have gone 3x before and this sort of stuff is worth the price of admission. I really could not care less about the free stuff. Especially considering I used to do mobile work on a hobby/freelance basis, but now that I am on a mobile team at a publicly traded company and they are paying my way, the free poo poo basically belongs to them anyway. I guess that's really the draw to any of these conferences, given WWDC is basically the same idea except for free poo poo and they don't stream immediately.
|
# ? Apr 21, 2014 20:30 |
|
Rejection emails are going out, so if you haven't seen anything yet you're probably SOL. This is the third year in a row I haven't been able to get a ticket.
|
# ? Apr 22, 2014 00:45 |
|
Uncomfortable Gaze posted:Rejection emails are going out, so if you haven't seen anything yet you're probably SOL. This is the third year in a row I haven't been able to get a ticket. Yep. Got my rejection just now. I went 2010 through 2012, and then have lost out since then. They really need to jack up the price to maybe $1500 and stop handing out free poo poo.
|
# ? Apr 22, 2014 00:57 |
|
A question about learning Android development. I'm looking for a starting point. Is it better to learn the Java programming language before doing absolutely anything (ie. through Udacity's Programming course), or is it better to start from the developer.Android site?
melon cat fucked around with this message at 19:45 on Apr 27, 2014 |
# ? Apr 27, 2014 19:33 |
|
If you're familiar with programming, especially any managed language like C# or even a scripting language like Python, I would just skim some Java learning resources to learn the important syntax and pitfalls. If you're new to programming I would go through a basic Java course to learn the ropes. When you're working on Android code it will help to be familiar with object oriented programming, since a lot of operations amount to calling methods and changing properties of objects in a big hierarchy. It will also help to get some basic familiarity with UI programming and multithreading, but you can learn some of that as you go.
|
# ? Apr 27, 2014 19:50 |
|
mod sassinator posted:If you're familiar with programming, especially any managed language like C# or even a scripting language like Python, I would just skim some Java learning resources to learn the important syntax and pitfalls. If you're new to programming I would go through a basic Java course to learn the ropes. When you're working on Android code it will help to be familiar with object oriented programming, since a lot of operations amount to calling methods and changing properties of objects in a big hierarchy. It will also help to get some basic familiarity with UI programming and multithreading, but you can learn some of that as you go.
|
# ? Apr 27, 2014 20:17 |
|
Learn the core java concepts first, so that some of android's concepts make sense.
|
# ? Apr 27, 2014 23:01 |
|
I'd do the Trail because it's pretty good: http://docs.oracle.com/javase/tutorial/java/index.html That will give you a handle on what's going on, you're probably best skipping generics when it first comes up though. Just bear in mind that developing in Android isn't exactly Java. Some things aren't available, and Android does a few things differently. So once you have the core concepts down, start referring to the Android Reference instead: http://developer.android.com/reference/packages.html You can filter that by API level on the side too, so if you're developing for a particular platform (like ICS and above) you can make sure it doesn't show you stuff that's only available on later APIs like Kit Kat. There are a lot of tutorials out there, so you just need a grounding in Java really, but a lot of Android development involves knowing what the gently caress is going on with Android, which is a world in its own
|
# ? Apr 28, 2014 03:24 |
|
Thanks a lot for these resources, guys.
|
# ? Apr 28, 2014 04:08 |
|
While we're talking about Java stuff, can you guys help me understand the difference betweenJava code:
Java code:
|
# ? Apr 28, 2014 05:57 |
|
Karthe posted:While we're talking about Java stuff, can you guys help me understand the difference between 'this' is just an explicit reference to the member variable, where 'mTitle' is just an implicit reference. The 'mVariable' pattern is just a variation of the application hungarian naming scheme, Google tends to follow it within their own code. One benefit of that naming scheme is that you don't have collisions that would otherwise require 'this'.
|
# ? Apr 28, 2014 06:01 |
|
Uncomfortable Gaze posted:'this' is just an explicit reference to the member variable, where 'mTitle' is just an implicit reference. The 'mVariable' pattern is just a variation of the application hungarian naming scheme, Google tends to follow it within their own code. Somewhat related, is there a reason why an 'm' is used as the prefix when naming class variables like 'mVariable'? Based on a quick perusal of Wikipedia's article on Hungarian notation the prefix can denote something about the variable. However, throughout most of the tutorials and open source code I've read, the 'm' prefix is near constant and gives no indication of the type of information stored in the variable.
|
# ? Apr 28, 2014 06:25 |
|
Member variable. Sometimes you'll see variables prefixed or postfixed with an underscore _ to represent member variable too--this is more common in C++ or python.
|
# ? Apr 28, 2014 06:29 |
|
Karthe posted:Ah, thanks for confirming my suspicions. 'm' is for member variables, 'a' for argument variables, and sometimes 's' for static variables. There might be more but I can't think of them offhand. There's a distinction between system hungarian with type-based prefixes like i, l, s and app-hungarian where the prefix defines the functionality of that variable. Since Java IDEs display variable types and alert common type-based errors system hungarian is kinda useless.
|
# ? Apr 28, 2014 06:31 |
|
Also, in case it was not clear, mTitle and this.title do not point to the same variable. The "this" operator is most useful to understand in the context of scoping. E.g. code:
If this isn't clear, please study Java until it is before proceeding. This is pretty important.
|
# ? Apr 28, 2014 10:57 |
|
I'm developing a game in HTML5/JS and want to port it to Android. This should be pretty straight forward (putting the html in asset and load it with Webview) but will my HTML/js-code be visible for the end user (I guess yes?). If so, is there any way to get around it? If not I might considering porting my code to native android code instead. TIA
|
# ? Apr 29, 2014 12:45 |
|
serious norman posted:I'm developing a game in HTML5/JS and want to port it to Android. This should be pretty straight forward (putting the html in asset and load it with Webview) but will my HTML/js-code be visible for the end user (I guess yes?). If so, is there any way to get around it? If not I might considering porting my code to native android code instead. Your code will not be visible to an end user unless they open up the apk (not that easy if distributed via Google Play) and extract it. You should also look into PhoneGap/Cordova or something similar before writing your own wrapper.
|
# ? Apr 29, 2014 13:01 |
|
Sereri posted:Your code will not be visible to an end user unless they open up the apk (not that easy if distributed via Google Play) and extract it. Cool. I think I somewhat misunderstood the process. Thanks for the advice!
|
# ? Apr 29, 2014 13:57 |
|
Sereri posted:Your code will not be visible to an end user unless they open up the apk (not that easy if distributed via Google Play) and extract it. While there's no simple "view source" that any casual user could see, it's still fairly easy on a rooted device to extract an apk if someone with technical knowledge (or the ability to run a script) wants to get at your apk and the code. You also may as well assume it is a certainty that before long your apk will get extracted and wind up on various sharing sites where people can bypass the Play store. Even if you write it natively and obfuscate your code, your assets are still going to be out there in the clear for people to steal. So either way you're somewhat exposed, you just get to pick how much risk you feel like taking. kitten smoothie fucked around with this message at 14:49 on Apr 29, 2014 |
# ? Apr 29, 2014 14:46 |
|
Is it possible to get the height of a potential horizontal scroll bar in a WebView? Edit: Android 4.4 WebView has the scroll bars overlaying the webpage, which means I don't need the height to do a hack. Jarl fucked around with this message at 17:37 on Apr 30, 2014 |
# ? Apr 29, 2014 15:43 |
|
Does anyone have any advice concerning obfuscating sensitive data, such as URLs to servers, login passwords, etc. which needs to be hard-coded within the app? I understand that ProGuard is meant to handle this sort of thing to an extent, but is there anything else I can be doing which is reasonably straight forward to implement?
|
# ? May 1, 2014 00:30 |
|
Even with proguard, hardcoded strings are pretty vulnerable. All you need to grab strings is an APK depacker and JD-GUI. The variable names will be a little hard to follow, but anyone can figure it out pretty quick. This kind of thing is true of pretty much any language, stripping strings from C executables, iphone apps, or anything else is pretty easy. Whatever you do, do not include hard-coded passwords, and try to design your app to avoid including anything else sensitive.
|
# ? May 1, 2014 00:39 |
|
Yep, credentials are not terribly hard to de-obfuscate, case in point: http://blog.trustlook.com/2014/03/31/critical-vulnerability-bad-practice-leads-to-aws-credential-disclosure/ If you're using AWS and need to include a secret in your app, there's the Amazon token vending machine service. It'll allow you to create scoped AWS tokens on a per-user basis rather than giving away free bitcoin mining services to the internet by bundling the tokens in your app.
|
# ? May 1, 2014 01:13 |
|
Uncomfortable Gaze posted:Even with proguard, hardcoded strings are pretty vulnerable. All you need to grab strings is an APK depacker and JD-GUI. The variable names will be a little hard to follow, but anyone can figure it out pretty quick. How can you avoid situations like hard coding a url to a server that your app connects to though, for example?
|
# ? May 1, 2014 12:31 |
|
GorgeOnMySyphilis posted:How can you avoid situations like hard coding a url to a server that your app connects to though, for example? Keep in mind that it is absolutely trivial for anyone with some technical knowledge to determine what server(s) your app is connecting to. This isn't an Android thing, it's just true of anything that makes a connection. SSL can protect the content, but the URL is always visible because otherwise how would anything route the traffic properly?
|
# ? May 1, 2014 13:31 |
|
Tunga posted:Under what circumstances would a URL be considered sensitive? What about more sensitive information such as a private key which could be used to encrypt data between your app and a server?
|
# ? May 1, 2014 13:50 |
|
GorgeOnMySyphilis posted:What about more sensitive information such as a private key which could be used to encrypt data between your app and a server? Well, in this particular example, you shouldn't be bundling critical private keys with the app anyway. You generate one keypair for the server, and distribute its public key with the app. Any data you transmit from the device gets encrypted with that public key. You also generate a keypair on the device for the user, and send the server the public key from that pair when the user logs in. Any payloads sent back in server responses are encrypted with that public key. Set up this way, if you reverse-engineer the app you get a key that can be used to encrypt data for the server's eyes only, but nobody can else can decrypt it. You can't reverse the app and get any keys to harm other users. Bottom line is don't bundle anything that can't be taken by a third party and used to cost you money, impersonate you, or compromise another user's data. A URL should not be sensitive; authenticate any requests to it. Don't bundle an authentication credential for it with the app, you should register per-user credentials and use those. If you need access to resources on Amazon, use their service to download scoped credentials that are specific to the user and use case (they can post their pictures to S3 and nobody else can read them, but they can't spin up EC2 instances). If there are other services who have API keys that can cost you money, proxy them via an authenticated service of your own if you can. If you're making an app that texts other users via Twilio, don't bundle your Twilio key in the app, for example. They should need to login to your backend (so you can revoke their account if need be or apply rate limiting) and your backend should make the Twilio call on their behalf.
|
# ? May 1, 2014 14:52 |
|
I agree with most other advice given to you here, GorgeOnMySyphilis. Obfuscation is not really protection. It is a speed bump, and generally not a very big one at that. One of the core principles of security is the principle of least privilege - don't give a user access to anything beyond that which is necessary for the user to have. For example, my final group CompSci project in school was to design a file submission database with user registration and management features for both of these aspects. This was a web-based project, with an additional requirement to have a mobile app tie-in. My group was a bunch of slackers, so I ended up coding drat near the entire thing, but I was also taking Network Security at the time. My group leader wanted to access the database directly from the app. This is an absolutely insane idea, because that gives any sufficiently curious app user access to the database under this principle. Instead, I wrote the web PHP interface to support calls from a custom Android app (that I ended up also writing, lazy bastards). So the app talks to the PHP, and the PHP talks to the database. This shifts who needs to access the database to your control rather than any old user.
|
# ? May 1, 2014 22:46 |
|
kitten smoothie posted:Well, in this particular example, you shouldn't be bundling critical private keys with the app anyway. Very informative, this should solve my issue perfectly. @ Evil_Greven - I'm using the same approach for my current project. GorgeOnMySyphilis fucked around with this message at 14:39 on May 2, 2014 |
# ? May 2, 2014 13:12 |
|
This is also obvious but at a higher level picture that you might be thinking of - don't store anything with private information (like keys) in a public GitHub repo. Even if you remove it later, the commits are still there.
|
# ? May 2, 2014 15:09 |
|
Saw a friend post this: https (friend of friend is author) http://github.com/facebook/proguard Apparently, it's 2.5x faster than upstream proguard, or so they claim.
|
# ? May 3, 2014 09:28 |
|
Is there any good libraries or guides at this point for handling turn-based games? I have been kicking around a concept for a game that would have ~12 rounds, but a different person plays each round and at the end everyone can see the results. I saw the google play articles here, but it seems it's limited to 8 players and requires a Google+ account which seems problematic since I'll probably want to expand to iOS at some point. It also seems to be built around getting all the players matched before it let's anyone start which may also cause issues.
|
# ? May 6, 2014 04:53 |
|
"Why developing for Android is challenging," explained in video vignette form.
|
# ? May 11, 2014 06:16 |
|
I've literally never owned a phone or tablet with a compass that worked properly.
|
# ? May 11, 2014 11:09 |
|
Tunga posted:I've literally never owned a phone or tablet with a compass that worked properly. It's tough to calibrate a compass and they can be sensitive to even a little bit of metal nearby.
|
# ? May 12, 2014 06:25 |
|
http://lucasr.org/2014/05/12/custom-layouts-on-android/ Neat article on making custom views on Android. Particularly interesting to me was the custom async view bit near the end inspired by the async node framework the Facebook Paper team did.
|
# ? May 12, 2014 17:46 |
|
My app is doing something odd with JSON parsing when adding my JSON items to an ArrayList<HashMap<String, String>>. I'm getting a nullpointer exception (see below) when I look at my app's logcat, and I think it has something to do with this. code:
I'm puzzled where I'm getting a nullpointer when trying to start Results.java from an intent.. For my full code, see here: https://gist.github.com/verkaufer/ee6f244097d80e00fabb
|
# ? May 14, 2014 03:29 |
|
|
# ? May 27, 2024 01:58 |
|
In Results' onCreate method: This isn't the resource ID for a ListView. It's not even a resource ID for a view at all, which is why it's returning null. That is why your list.setAdapter call is blowing up. code:
|
# ? May 14, 2014 03:41 |