Office Hours — Today, January 17

Tuesday, January 15

Jan 17
7:25 PM
Mark M.
has entered the room
Mark M.
turned on guest access
EGHDK
has entered the room
Mark M.
howdy, EGHDK!
how can I help you today?
EGHDK
Hey, more questions I have written down while on public transportation. That's all.
Hahaha.
Mark M.
go ahead with your first one
EGHDK
View paste
Just want to get a few things straight with Activity lifecycle actually.
Is onResume() always called after the first onCreate()?
Mark M.
most of the time, yes
if you call finish() in onCreate(), it might not
and, if you crash with an unhandled exception in onCreate() or onStart(), it won't
EGHDK
True.
7:30 PM
EGHDK
Lets say I have an application with private information in it, and I would like to implement a password to enter the application after a certain timeout.
The timeout calculation would have to be done in onResume() right? That makes sense to me, but wouldn't that possibly show private information since it could've been created already?
Mark M.
onResume() is called before the user sees anything (or at least close enough that it won't matter)
you could use onStart() too, for a microscopically quicker check
EGHDK
Does that mean, in this application, it would make sense to move all of my code gui code into onResume() after the timeout code is run?
Mark M.
you could if you wanted
but that may not be a good idea
bear in mind that onResume() is not *only* called when the activity is created
it is called when the activity comes back to the foreground
in which case, you already have your UI
EGHDK
true.
Mark M.
so, I'd just do a normal onCreate() setup of the UI
in onResume(), check your credentials
and if they are OK, refresh your UI if needed (e.g., changes that went on while you were not in the foreground)
7:35 PM
EGHDK
View paste
Okay so onCreate() I setup my UI.
In onResume() I check if the timeout has been reached, and if it has, I want a dialog to appear to request the password.
But even then, there's still a chance of this super secret information to be seen then right?
or actually... no it wouldn't?
Mark M.
if you are concerned about speed, I wouldn't be
if you are concerned about dialogs not filling the screen, that could be an issue
personally, I'd use an activity
EGHDK
because after you come back from onPause() it doesn't create the layout because that's done in onCreate().
Mark M.
correct
EGHDK
But onResume() still displays the content... no?
super.onResume(); //Is that the code that displays the content back again?
Mark M.
but you will be either navigating to another activity or displaying a dialog
in which case, all (or, in the case of a dialog, most) of the UI cannot be seen, because it is not on the screen
7:40 PM
Mark M.
if you're worried about stuff possibly being visible for a millisecond or two, you are at a level of paranoia that will result in a LOT of extra work
that work may be worth it, depending upon the nature of the app
EGHDK
What do you mean though? Would it really be that difficult?
Mark M.
that depends on what "it" is
there are many better attack vectors than to try to see something that is on-screen for a couple of milliseconds
(if it even *is* on-screen for a couple of milliseconds -- it might not be, as I haven't tried testing this scenario)
but it is pointless for you to worry about the couple-of-milliseconds scenario unless you are *also* going to worry about all the other, better attack vectors
7:50 PM
EGHDK
Sorry, had to step away for a second.
Mark M.
I figured the bad guys got you
I was keeping my head down
:-)
EGHDK
Hahah. Can you explain what you mean by this "there are many better attack vectors than to try to see something that is on-screen for a couple of milliseconds"
or this " better attack vectors"
Mark M.
give me a rough idea of what you are trying to protect, and from whom (the user? the bad guys who steal the user's device?)
by "what" I mean: stuff you have stored locally, stuff you are downloading on the fly from the Internet, etc.
EGHDK
Well, I'm studying security at college, so I guess it would just be for general information. I'm just interested in security in android, and how can an application have it's data stolen
So "stuff" I mean stored locally.
Mark M.
um, well, that's a fairly broad topic, and there's been a lot written about it
EGHDK
/data/
Any books or articles you can point me to at the top of your head?
Mark M.
but it'd be way quicker for somebody to root the device and grab the data than to try to read a bit of it in the span of a few milliseconds
there's a book on Android security, published by Apress
7:55 PM
Mark M.
you can read what the Guardian Project works on to try to secure stuff (https://guardianproject.info/)
you can read a book that you own, for chapters like "Tapjacking"
EGHDK
Yes this is true. I was also watching the developer office hours yesterday, and aparently there is a simple way to use adb on a non rooted device to grab an applications data.
Mark M.
if USB debugging is enabled, adb backup works
you may also be interested in this workshop that I delivered at AnDevCon IV in December: http://www.slideshare.net/commonsguy/sqlcipher-...
EGHDK
So technically, I can grab the data that a game makes and restore it onto a different phone in my possession?
Mark M.
if you have the technical skills, probably
usually, people in this space are worried about things a bit... less frivolous, to be honest
EGHDK
What do you mean by that last statement ?
Mark M.
um, transferring game data from device to device is going to be considered more frivolous than, say, protecting dissidents in dictatorships
8:00 PM
EGHDK
Also true. Haha. I think that's all I need for now on this topic. Thanks!
Okay, next question I thought of while taking the train this time...
Do you read theverge.com?
Mark M.
not regularly, but I'll occasionally click on a link that leads to one of their articles
EGHDK
They've got a fairly good android app, and I was wondering if there was any distinct way to tell if they were using webviews to display their articles.
Mark M.
by and large, if it looks like Web content, it probably is
however, there's no good way to analyze this on a production device
mostly for security reasons, getting back to the previous thread of discussion
EGHDK
Hmm... yeah because I have used some webviews in some sample apps and the dead giveaway is usually slower scrolling than a native app.
Mark M.
looking at the screenshots, that wouldn't have to be a WebView
TextView, coupled with Html.fromHtml(), can handle basic formatting
EGHDK
But the scrolling in the verge it looks native
8:05 PM
Mark M.
to put it another way, given what I see in the screenshots, if that's all they need for formatting for the article body, I'd use TextView
now, TextView can't handle CSS, JS, iframe, etc.
EGHDK
I guess I'm still fascinated on how to get data from the web into an application. I know a ton of apps do it, but I haven't done it. Even though I have access to a server and such.
But I'm going to try the JSON method you recommended.
I guess I'm just intimidated by JSON. But honestly, I haven't even looked at it.
Mark M.
you're certainly welcome to use XML, if you are more comfortable with that
EGHDK
I would have to look into them both.
I would like JSON because I think it also works in iOS.
And I've been trying to pick up iOS development on the side.
Mark M.
oh, I'm sure iOS can parse XML too
EGHDK
Good to know.
8:10 PM
EGHDK
This leads me into my next question because Android Design in Action had a pretty nice presentation a few days ago.
8:10 PM
EGHDK
They showed of a fairly basic news/article reader app.
But, it's something I think I would like to accomplish on my own.
But, I'll look into that as well.
What I really (and finally) mean to get to is the way the guys at google described the main chuunk of content in the article reader.
They said that the article was simply a textView, but I don't understand how that's possible.
Mark M.
read the chapter on Rich Text in the book
(honest, there's 2,000+ pages for a reason! :-)
View paste
quoting that chapter: "Fortunately, Android has fairly extensive support for formatted text, before you need
to break out something as heavy-weight as WebView. However, some of this rich text
support has been shrouded in mystery, particularly how you would allow users to
edit formatted text."
8:15 PM
EGHDK
Yes, I've been slowly reading through and I didn't know there was a way to accomplish that though, so that's good to hear.
You don't mind if I keep shooting off from this list of questions right?
Mark M.
nobody else is here, so fire away
I just want to make sure everyone has a chance when there are more people in the chat room, that's all
EGHDK
Of course, that'd be no fun if you just payed attention to one person.
I have a fairly large sqlite database. Like 1,000 entries. What would be the most practical way to include this into an android app?
Mark M.
"include" meaning that you have the database that you prepared on your development machine, and you want to ship it with the app?
EGHDK
I have a database on my laptop, but I would like to ship it with the app, and make it searchable. Lets say my database is a whole bunch of baseball players, but I want to create an app where you can search through these "baseball" players.
Mark M.
use SQLiteAssetHelper
also covered in the book
Aaron
has entered the room
Mark M.
in the "Packaging and Distributing Data" chapter
howdy, Aaron!
8:20 PM
Aaron
whats up.
8:20 PM
Aaron
:)
Mark M.
Aaron: do you have a question?
(besides "whats up" :-)
Aaron
yes it is actually something that i posted on stack overflow a day ago or so.
It is about times.
Mark M.
I guess I don't understand the question
the "times fed in" seem to match the "times retrieved"
EGHDK
Thanks Mark!
Mark M.
22:00:00 is 10:00pm
Aaron
mmmm bannana bread Home made from my GF i wish i could share with you gyz around this awesome campfire.
hmm.
Mark M.
?
oh, well, OK, 0:01am is a bit off
Aaron
when i convert to the 12 hour format shouldnt it replace the 00 hour with 12?
Mark M.
to be honest, you should have tagged this 'java'
Aaron
ahh i will.
Mark M.
I just re-tagged
it
Aaron
i forgot that SDF is all java.
oh you must have special powers :)
Mark M.
I would assume that there's a way to accomplish what you want, but I don't have a recipe off the top of my head
(you'll have "special powers" on SO eventually too, once your karma has climbed a bit)
date parsing is a pain
you could try Joda Time, which I *think* works on Android
EGHDK
Yeah... tell me about it.
Mark M.
it has a good reputation, though I haven't used it personally
8:25 PM
EGHDK
I have an instance where I'm trying to calculate the response time of a button being hit, but I can't figure out how to subtract two times from each other.
Mark M.
EGHDK: what Java class are your times in? Date? Calendar?
EGHDK
Let me double check. I have the code right in eclipse.
View paste
SimpleDateFormat sdf = new SimpleDateFormat(
				"MMM dd, yyyy, HH:mm:ss.SSS");
		start_time = sdf.format(cal.getTime());
Aaron
kk. ill try it out. time parsing sucks. I looked at Joda time but i was trying to use android native. I might actually just parse the string ands change the 00s to 12.
Mark M.
Aaron: brute force is sometimes handy for edge cases
EGHDK: that is formatting a Calendar object
EGHDK
I then get end time when the button is hit, and I try to toast the time difference, but I couldn't get it to work.
Mark M.
call getTimeInMillis() on each Calendar object and subtract them
that will tell you the time difference in milliseconds
EGHDK
...
Aaron
:) i like it. Well happy coding to you gyz. I had another question earlier today but i solved it. Thankyou
EGHDK
I posted that on stack overflow a while ago, and I remember I never got an answer. And your solution seems oh so simple. Let me try it really quick.
Mark M.
chat's almost over -- any last questions?
Aaron
Do you ever get tired of answering everyones questions?
:)
Mark M.
sometimes, but I get better
:-)
8:30 PM
EGHDK
Oh! It was a calender object. I somehow was always looking at SimpleDateFormat.
Thanks Mark! Catcha on Tuesday!
Mark M.
well, that's a wrap for today's chat
Aaron
nice thats how i feel. Awesome. Have a good night.
Mark M.
the transcript will be posted shortly on http://commonsware.com/office-hours/
next chat is Tuesday, 10am Eastern
have a pleasant day!
EGHDK
has left the room
Aaron
has left the room
Mark M.
turned off guest access

Tuesday, January 15

 

Office Hours

People in this transcript

  • Aaron
  • EGHDK
  • Mark Murphy