Office Hours — Today, January 17
| Jan 17 | 7:25 PM |
| Mark M. | has entered the room |
| Mark M. | turned on guest access |
| EGHDK | has entered the room |
| Mark M. |
howdy, EGHDK!
|
| Mark M. |
how can I help you today?
|
| EGHDK |
Hey, more questions I have written down while on public transportation. That's all.
|
| EGHDK |
Hahaha.
|
| Mark M. |
go ahead with your first one
|
| EGHDK |
View paste
|
| Mark M. |
most of the time, yes
|
| Mark M. |
if you call finish() in onCreate(), it might not
|
| Mark M. |
and, if you crash with an unhandled exception in onCreate() or onStart(), it won't
|
| EGHDK |
True.
|
| Jan 17 | 7:30 PM |
| EGHDK |
Lets say I have an application with private
information in it, and I would like to implement a password to enter the
application after a certain timeout.
|
| EGHDK |
The timeout calculation would have to be done in
onResume() right? That makes sense to me, but wouldn't that possibly
show private information since it could've been created already?
|
| Mark M. |
onResume() is called before the user sees anything (or at least close enough that it won't matter)
|
| Mark M. |
you could use onStart() too, for a microscopically quicker check
|
| EGHDK |
Does that mean, in this application, it would make
sense to move all of my code gui code into onResume() after the timeout
code is run?
|
| Mark M. |
you could if you wanted
|
| Mark M. |
but that may not be a good idea
|
| Mark M. |
bear in mind that onResume() is not *only* called when the activity is created
|
| Mark M. |
it is called when the activity comes back to the foreground
|
| Mark M. |
in which case, you already have your UI
|
| EGHDK |
true.
|
| Mark M. |
so, I'd just do a normal onCreate() setup of the UI
|
| Mark M. |
in onResume(), check your credentials
|
| Mark M. |
and if they are OK, refresh your UI if needed (e.g., changes that went on while you were not in the foreground)
|
| Jan 17 | 7:35 PM |
| EGHDK |
View paste
|
| EGHDK |
But even then, there's still a chance of this super secret information to be seen then right?
|
| EGHDK |
or actually... no it wouldn't?
|
| Mark M. |
if you are concerned about speed, I wouldn't be
|
| Mark M. |
if you are concerned about dialogs not filling the screen, that could be an issue
|
| Mark M. |
personally, I'd use an activity
|
| EGHDK |
because after you come back from onPause() it doesn't create the layout because that's done in onCreate().
|
| Mark M. |
correct
|
| EGHDK |
But onResume() still displays the content... no?
|
| EGHDK |
super.onResume(); //Is that the code that displays the content back again?
|
| Mark M. |
but you will be either navigating to another activity or displaying a dialog
|
| Mark M. |
in which case, all (or, in the case of a dialog, most) of the UI cannot be seen, because it is not on the screen
|
| Jan 17 | 7:40 PM |
| Mark M. |
if you're worried about stuff possibly being
visible for a millisecond or two, you are at a level of paranoia that
will result in a LOT of extra work
|
| Mark M. |
that work may be worth it, depending upon the nature of the app
|
| EGHDK |
What do you mean though? Would it really be that difficult?
|
| Mark M. |
that depends on what "it" is
|
| Mark M. |
there are many better attack vectors than to try to see something that is on-screen for a couple of milliseconds
|
| Mark M. |
(if it even *is* on-screen for a couple of milliseconds -- it might not be, as I haven't tried testing this scenario)
|
| Mark M. |
but it is pointless for you to worry about the
couple-of-milliseconds scenario unless you are *also* going to worry
about all the other, better attack vectors
|
| Jan 17 | 7:50 PM |
| EGHDK |
Sorry, had to step away for a second.
|
| Mark M. |
I figured the bad guys got you
|
| Mark M. |
I was keeping my head down
|
| Mark M. |
:-)
|
| EGHDK |
Hahah. Can you explain what you mean by this
"there are many better attack vectors than to try to see something that
is on-screen for a couple of milliseconds"
|
| EGHDK |
or this " better attack vectors"
|
| Mark M. |
give me a rough idea of what you are trying to protect, and from whom (the user? the bad guys who steal the user's device?)
|
| Mark M. |
by "what" I mean: stuff you have stored locally, stuff you are downloading on the fly from the Internet, etc.
|
| EGHDK |
Well, I'm studying security at college, so I guess
it would just be for general information. I'm just interested in
security in android, and how can an application have it's data stolen
|
| EGHDK |
So "stuff" I mean stored locally.
|
| Mark M. |
um, well, that's a fairly broad topic, and there's been a lot written about it
|
| EGHDK |
/data/
|
| EGHDK |
Any books or articles you can point me to at the top of your head?
|
| Mark M. |
but it'd be way quicker for somebody to root the
device and grab the data than to try to read a bit of it in the span of a
few milliseconds
|
| Mark M. |
there's a book on Android security, published by Apress
|
| Jan 17 | 7:55 PM |
| Mark M. |
you can read what the Guardian Project works on to try to secure stuff (https://guardianproject.info/)
|
| Mark M. |
you can read a book that you own, for chapters like "Tapjacking"
|
| EGHDK |
Yes this is true. I was also watching the
developer office hours yesterday, and aparently there is a simple way to
use adb on a non rooted device to grab an applications data.
|
| Mark M. |
if USB debugging is enabled, adb backup works
|
| Mark M. |
you may also be interested in this workshop that I delivered at AnDevCon IV in December: http://www.slideshare.net/commonsguy/sqlcipher-...
|
| EGHDK |
So technically, I can grab the data that a game makes and restore it onto a different phone in my possession?
|
| Mark M. |
if you have the technical skills, probably
|
| Mark M. |
usually, people in this space are worried about things a bit... less frivolous, to be honest
|
| EGHDK |
What do you mean by that last statement ?
|
| Mark M. |
um, transferring game data from device to device
is going to be considered more frivolous than, say, protecting
dissidents in dictatorships
|
| Jan 17 | 8:00 PM |
| EGHDK |
Also true. Haha. I think that's all I need for now on this topic. Thanks!
|
| EGHDK |
Okay, next question I thought of while taking the train this time...
|
| EGHDK |
Do you read theverge.com?
|
| Mark M. |
not regularly, but I'll occasionally click on a link that leads to one of their articles
|
| EGHDK |
They've got a fairly good android app, and I was
wondering if there was any distinct way to tell if they were using
webviews to display their articles.
|
| Mark M. |
by and large, if it looks like Web content, it probably is
|
| Mark M. |
however, there's no good way to analyze this on a production device
|
| Mark M. |
mostly for security reasons, getting back to the previous thread of discussion
|
| EGHDK |
Hmm... yeah because I have used some webviews in
some sample apps and the dead giveaway is usually slower scrolling than a
native app.
|
| Mark M. |
looking at the screenshots, that wouldn't have to be a WebView
|
| Mark M. |
TextView, coupled with Html.fromHtml(), can handle basic formatting
|
| EGHDK |
But the scrolling in the verge it looks native
|
| Jan 17 | 8:05 PM |
| Mark M. |
to put it another way, given what I see in the
screenshots, if that's all they need for formatting for the article
body, I'd use TextView
|
| Mark M. |
now, TextView can't handle CSS, JS, iframe, etc.
|
| EGHDK |
I guess I'm still fascinated on how to get data
from the web into an application. I know a ton of apps do it, but I
haven't done it. Even though I have access to a server and such.
|
| EGHDK |
But I'm going to try the JSON method you recommended.
|
| EGHDK |
I guess I'm just intimidated by JSON. But honestly, I haven't even looked at it.
|
| Mark M. |
you're certainly welcome to use XML, if you are more comfortable with that
|
| EGHDK |
I would have to look into them both.
|
| EGHDK |
I would like JSON because I think it also works in iOS.
|
| EGHDK |
And I've been trying to pick up iOS development on the side.
|
| Mark M. |
oh, I'm sure iOS can parse XML too
|
| EGHDK |
Good to know.
|
| Jan 17 | 8:10 PM |
| EGHDK |
This leads me into my next question because Android Design in Action had a pretty nice presentation a few days ago.
|
| Jan 17 | 8:10 PM |
| EGHDK |
They showed of a fairly basic news/article reader app.
|
| EGHDK |
But, it's something I think I would like to accomplish on my own.
|
| EGHDK |
But, I'll look into that as well.
|
| EGHDK |
What I really (and finally) mean to get to is the
way the guys at google described the main chuunk of content in the
article reader.
|
| EGHDK |
They said that the article was simply a textView, but I don't understand how that's possible.
|
| Mark M. |
read the chapter on Rich Text in the book
|
| Mark M. |
(honest, there's 2,000+ pages for a reason! :-)
|
| Mark M. |
View paste
|
| Jan 17 | 8:15 PM |
| EGHDK |
Yes, I've been slowly reading through and I didn't know there was a way to accomplish that though, so that's good to hear.
|
| EGHDK |
You don't mind if I keep shooting off from this list of questions right?
|
| Mark M. |
nobody else is here, so fire away
|
| Mark M. |
I just want to make sure everyone has a chance when there are more people in the chat room, that's all
|
| EGHDK |
Of course, that'd be no fun if you just payed attention to one person.
|
| EGHDK |
I have a fairly large sqlite database. Like 1,000
entries. What would be the most practical way to include this into an
android app?
|
| Mark M. |
"include" meaning that you have the database that
you prepared on your development machine, and you want to ship it with
the app?
|
| EGHDK |
I have a database on my laptop, but I would like
to ship it with the app, and make it searchable. Lets say my database is
a whole bunch of baseball players, but I want to create an app where
you can search through these "baseball" players.
|
| Mark M. |
use SQLiteAssetHelper
|
| Mark M. | |
| Mark M. |
also covered in the book
|
| Aaron | has entered the room |
| Mark M. |
in the "Packaging and Distributing Data" chapter
|
| Mark M. |
howdy, Aaron!
|
| Jan 17 | 8:20 PM |
| Aaron |
whats up.
|
| Jan 17 | 8:20 PM |
| Aaron |
:)
|
| Mark M. |
Aaron: do you have a question?
|
| Mark M. |
(besides "whats up" :-)
|
| Aaron |
yes it is actually something that i posted on stack overflow a day ago or so.
|
| Aaron |
It is about times.
|
| Aaron | |
| Mark M. |
I guess I don't understand the question
|
| Mark M. |
the "times fed in" seem to match the "times retrieved"
|
| EGHDK |
Thanks Mark!
|
| Mark M. |
22:00:00 is 10:00pm
|
| Aaron |
mmmm bannana bread Home made from my GF i wish i could share with you gyz around this awesome campfire.
|
| Aaron |
hmm.
|
| Mark M. |
?
|
| Mark M. |
oh, well, OK, 0:01am is a bit off
|
| Aaron |
when i convert to the 12 hour format shouldnt it replace the 00 hour with 12?
|
| Mark M. |
to be honest, you should have tagged this 'java'
|
| Aaron |
ahh i will.
|
| Mark M. |
I just re-tagged
|
| Mark M. |
it
|
| Aaron |
i forgot that SDF is all java.
|
| Aaron |
oh you must have special powers :)
|
| Mark M. |
I would assume that there's a way to accomplish what you want, but I don't have a recipe off the top of my head
|
| Mark M. |
(you'll have "special powers" on SO eventually too, once your karma has climbed a bit)
|
| Mark M. |
date parsing is a pain
|
| Mark M. |
you could try Joda Time, which I *think* works on Android
|
| EGHDK |
Yeah... tell me about it.
|
| Mark M. |
it has a good reputation, though I haven't used it personally
|
| Jan 17 | 8:25 PM |
| EGHDK |
I have an instance where I'm trying to calculate
the response time of a button being hit, but I can't figure out how to
subtract two times from each other.
|
| Mark M. |
EGHDK: what Java class are your times in? Date? Calendar?
|
| EGHDK |
Let me double check. I have the code right in eclipse.
|
| EGHDK |
View paste
|
| Aaron |
kk. ill try it out. time parsing sucks. I looked
at Joda time but i was trying to use android native. I might actually
just parse the string ands change the 00s to 12.
|
| Mark M. |
Aaron: brute force is sometimes handy for edge cases
|
| Mark M. |
EGHDK: that is formatting a Calendar object
|
| EGHDK |
I then get end time when the button is hit, and I try to toast the time difference, but I couldn't get it to work.
|
| Mark M. |
call getTimeInMillis() on each Calendar object and subtract them
|
| Mark M. |
that will tell you the time difference in milliseconds
|
| EGHDK |
...
|
| Aaron |
:) i like it. Well happy coding to you gyz. I had another question earlier today but i solved it. Thankyou
|
| EGHDK |
I posted that on stack overflow a while ago, and I
remember I never got an answer. And your solution seems oh so simple.
Let me try it really quick.
|
| Mark M. |
chat's almost over -- any last questions?
|
| Aaron |
Do you ever get tired of answering everyones questions?
|
| Aaron |
:)
|
| Mark M. |
sometimes, but I get better
|
| Mark M. |
:-)
|
| Jan 17 | 8:30 PM |
| EGHDK |
Oh! It was a calender object. I somehow was always looking at SimpleDateFormat.
|
| EGHDK |
Thanks Mark! Catcha on Tuesday!
|
| Mark M. |
well, that's a wrap for today's chat
|
| Aaron |
nice thats how i feel. Awesome. Have a good night.
|
| Mark M. |
the transcript will be posted shortly on http://commonsware.com/office-hours/
|
| Mark M. |
next chat is Tuesday, 10am Eastern
|
| Mark M. |
have a pleasant day!
|
| EGHDK | has left the room |
| Aaron | has left the room |
| Mark M. | turned off guest access |
Office Hours
People in this transcript
- Aaron
- EGHDK
- Mark Murphy