Jun 16 | 3:45 PM |
Mark M. | has entered the room |
Jun 16 | 3:55 PM |
Mark M. | turned on guest access |
Susheel C. | has entered the room |
Susheel C. |
Hi Mark
|
Mark M. |
hello, Susheel!
|
Mark M. |
how can I help you today?
|
Liam | has entered the room |
Liam |
Hi GUys
|
Mark M. |
hello, Liam
|
Mark M. |
Susheel: you arrived first, do you have a question?
|
Susheel C. |
So my question is we can define an onclicklistener for a button in a class that extends activity. Is it possible for me to define the same onclicklistener in another class that does not extend activity?
|
Mark M. |
you can implement the OnClickListener on pretty much anything you want
|
Mark M. |
some of my examples implement it on a Fragment, IIRC
|
Jun 16 | 4:00 PM |
Susheel C. |
can i also use settext from another class?
|
EGHDK | has entered the room |
Mark M. |
if "another class" has access to an object that is an instance of a class with a setText() method, then yes
|
Mark M. |
(hello, EGHDK, be with you in a bit!)
|
Susheel C. |
ok
|
Mark M. |
Susheel: let me take questions from the others, and I'll be back with you shortly
|
Mark M. |
Liam: your turn -- do you have a question?
|
Susheel C. |
sure
|
Liam |
I am following up on a question that you answered on stackOverflow. You suggested that I Add a constructor to GetDataCallback.
|
Liam |
The problem it is telling my my method is undefined
|
Mark M. |
OK
|
Mark M. |
there is not a lot that I can do to help you
|
Liam |
Is there a way to share some code? Maybe just paste
|
Liam |
I am wondering if I am adding the constructor incorrectly
|
Mark M. |
you are welcome to paste in a URL, or upload a file (there's an "Upload a file" link on the right)
|
Liam |
Okay, thanks. Lets move on to someone else while i do that
|
Mark M. |
OK
|
Mark M. |
EGHDK: do you have a question?
|
Jun 16 | 4:05 PM |
EGHDK |
yes
|
EGHDK |
I received an email from an "Android pen tester" and he basically decompiled my application, and provided me with some "solutions" on how to secure it. I was wondering if theres any way to see if my applications has any fundamental security holes.
|
Mark M. |
let me guess -- this was unsolicited by you?
|
EGHDK |
Yes
|
Mark M. |
great
|
EGHDK |
But I looked into it and he seemed to have valid points.
|
Liam | |
Mark M. |
I'm just not much of a fan of the "squeegeeman" approach these people take
|
Mark M. |
but, in general, it's not like there's a magic button somewhere that you use to make your app secure
|
Mark M. |
I cover a number of security issues in my book
|
Mark M. |
and there are books on Android security
|
Mark M. |
and so there's a fair amount that you can read up on the subject
|
Mark M. |
beyond that, there's not a lot that I can do for you in the abstract
|
EGHDK |
Well I was looking if there should be anything that I could look at to make sure none of my intent are leaking data
|
Mark M. |
back in the day, we called it "desk checking"
|
Mark M. |
IOW, you look at your code
|
Mark M. |
and see what you are putting in your Intents
|
Mark M. |
and where you are using them
|
EGHDK |
Like, he said in my manifest I was export=true a reciever, which I did by accident.
|
EGHDK |
Which I didn't realize. Then The person that emailed me said that my sendBroadcast should be LocalBroadcastManager.sendBroadcast()
|
Mark M. |
the export=true might have been caught by Lint -- I forget what it complains about with respect to a receiver
|
Jun 16 | 4:10 PM |
Mark M. |
in terms of whether LocalBroadcastManager is appropriate for your use case, I can't say
|
Mark M. |
as I don't know your app or how you were using the broadcast
|
EGHDK |
Yeah. I guess I realize the road I'm heading down is "read more on security" I just wish there was a basic mark down of things that are dangerous.
|
Mark M. |
I seem to recall that there are some published checklists out there
|
Mark M. |
though I don't have any URLs handy
|
Mark M. |
besides, "dangerous" is relative and indeterminate in general
|
EGHDK |
Okay, I will try to look into them. Any specific google search you think I should try... besisdes "Android app security checklist"?
|
Mark M. |
that one sounds fine
|
EGHDK |
I guess so.
|
Mark M. |
let me take questions from the others, and I'll be back with you in a bit
|
Mark M. |
Susheel: do you have another question?
|
Susheel C. |
Coming back to my question, is it possible to just send the reference of the button to another class and then define the onclicklistener there? Can I also send the reference of the textview to the new class and then use settext from the second class?
|
Susheel C. |
Could I do this without using fragments?
|
Mark M. |
barring garbage collection issues, yes
|
Liam |
EGHDK also maybe make sure you are obfuscating the code. Or was he still able to de compile that?
|
Mark M. |
Button and TextView are just Java classes
|
Mark M. |
their instances are just Java objects
|
Susheel C. |
ok
|
Mark M. |
if you want to create a SusheelController that manages the button events and updating the TextView, go right ahead
|
Susheel C. |
I would need to pass the references for the objects, right? like R.id.button1
|
Mark M. |
probably not
|
Mark M. |
I mean, you could, but then you may not have any way to access those via their IDs
|
Mark M. |
in general, your question is very abstract
|
Mark M. |
there may be specific Android things that are bad practices in this area, but I cannot tell you if what you are going to do violates any of those, as I have no idea what you are trying to do
|
Jun 16 | 4:15 PM |
Mark M. |
outside of that, these are just Java objects
|
Jun 16 | 4:15 PM |
Susheel C. |
Ok let me point you to my stackoverflow question if that is ok...http://stackoverflow.com/questions/2423500...#
|
Jun 16 | 4:15 PM |
Susheel C. |
ok
|
Mark M. |
but you don't have another class there
|
Mark M. |
I do not know what you are expecting people to tell you
|
Susheel C. |
Sorry for not asking you a clear question....my project has too many buttons in the layout and I have many onclicklisteners to implement. I don't want to implement them in the same class as it is becoming lengthy code wise...
|
Mark M. |
so, write a class that implements OnClickListener
|
Mark M. |
and do what you want
|
Susheel C. |
I am not just implementing onclicklisteners for each button but also onlongclick and ontouch too..
|
Mark M. |
and create an instance of that class and associate it with the button via setOnClickListener() in your activity or fragment, as you are wiring up the events
|
Susheel C. |
ok
|
Mark M. |
then write a class that implements OnClickListener and OnLongClickListener and OnMotionEventListener (or whatever the last one is)
|
Susheel C. |
Perfect....sorry I didn't ask my question clearly
|
Susheel C. |
Gotcha
|
Mark M. |
Liam: your turn
|
Liam |
OKay, thanks Mark.
|
Mark M. |
you have two constructors on your GetDataCallback class
|
Liam | |
Mark M. |
yes, I found that via a search
|
Mark M. |
you do not appear to need, or want, the zero-argument constructor
|
Liam |
Yeah, I dont need that one.
|
Jun 16 | 4:20 PM |
Liam |
But same problem even when i remove it
|
Mark M. |
and what is the problem, specifically?
|
Liam |
When i instantiate an instance it tells me that it does not recognize the constructor
|
Liam |
by it I mean eclipse
|
Mark M. |
are you getting an error at compile time?
|
Liam |
Nope. I won't even let me get there
|
Liam |
Eclipse*
|
Mark M. |
that means that you are getting an error at compile time
|
Mark M. |
where and how are you creating the GetDataCallback instance
|
Liam |
O sorry. Yeah, then I am.
|
Liam |
I will upload that too. Might want to move on again for now
|
Mark M. |
and are you *sure* that you are using the *right* GetDataCallback class?
|
Mark M. |
actually, that's your problem
|
Mark M. |
*your* class is not named GetDataCallback
|
Mark M. |
your class is named DataCallback
|
Liam |
Hmm okay. I will look at that. Thanks
|
Mark M. |
EGHDK: do you have another question?
|
EGHDK |
Eh. I was just going to say. So Android Apps have 4 main components correct?
|
EGHDK |
With activities... can another app start any of my activities?
|
Mark M. |
only if those activities are exported
|
Mark M. |
activities are exported by default if they have an <intent-filter>
|
Mark M. |
otherwise, they are not exported by default
|
EGHDK |
Okay, so thats where export comes in.
|
EGHDK |
What about services?
|
Mark M. |
you *could* override that via android:exported, but that's not a good idea
|
EGHDK |
Same thing?
|
Mark M. |
same as activities
|
Mark M. |
receivers are the same as activities
|
Jun 16 | 4:25 PM |
EGHDK |
Got it.
|
EGHDK |
So this same guy said to register my broadcast, and sendBroadcast with LocalBroadCast manager, then he goes on that I should create a signature level permission
|
EGHDK |
and then registereciever with my permission...
|
EGHDK |
So which one should I do? Custom permission with signature protection level... or LocalBroadcastManager... or does it seem to do the same thing?
|
Mark M. |
um, if this is all for the same receiver/broadcast, then this guy is just tossing random concepts together
|
EGHDK |
Yeah it is.
|
Mark M. |
if you are trying to communicate within your process, you are better off using an in-process event bus
|
Mark M. |
LocalBroadcastManager is one such bus
|
Mark M. |
I have a chapter on event buses
|
Mark M. |
and I will be switching more of the book over to using them as part of this summer's Big Book Pivot
|
Liam | |
EGHDK |
Okay great Mark. Thanks. When is that pivot due to hit?
|
Mark M. |
partly in Version 5.9 (after Google I|O), partly in Version 6.0 (early September)
|
EGHDK |
An android application is fairly well sandboxed (from what I've read) so it seems like the only loop holes will have to be if broadcast are global, and if activities and services are exported... right?
|
Mark M. |
EGHDK: let me take questions from the others, and I will be back with you in a bit
|
Mark M. |
Susheel: do you have another question?
|
EGHDK |
Alright. Thanks
|
Jun 16 | 4:30 PM |
Susheel C. |
No Mark. Thanks for your help, I just understood what you meant finally. Thanks :)
|
Mark M. |
OK, if you come up with another question, let me know and I'll add you back into the rotation
|
Mark M. |
Liam: your turn
|
Liam |
Mark. I am not sure if I am understanding that I am using the wrong GetDataCallback
|
Mark M. |
your constructor is on a class named DataCallBack
|
Liam |
I just uploaded an example of how I am trying to use the class
|
Mark M. |
and there you are not using GetDataCallback
|
Mark M. |
however, you may not be able to use an anonymous inner class there
|
Mark M. |
I cannot recall trying that with an object without a zero-argument constructor
|
Mark M. |
put your logic inside the DataCallBack class itself, in whatever sort of method(s) you need
|
Liam |
Okay, just taking a second to digest that
|
Liam |
So i have DataCallBack extends GetDataCallBack
|
Mark M. |
right
|
Liam |
I was thinking that I my constructor needs to match the name of the class " DataCallBack"
|
Mark M. |
correct
|
Liam |
Then when i go to instantiate it tells me that I dont have a constructor defined
|
Liam |
which it looks like i do
|
Jun 16 | 4:35 PM |
Mark M. |
what is the **exact** error message that Eclipse gives you?
|
Liam |
The constructor DataCallBack() is undefined
|
Mark M. |
that gets back to my point from just above -- I do not think that you can use your anonymous inner class syntax (in your second uploaded file) for a class without a zero-argument constructor
|
Mark M. |
since the anonymous inner class syntax is just syntactic sugar, you will need to do something else, such as either putting your business logic in DataCallBack, creating subclasses of DataCallBack that contains the logic, etc.
|
Liam |
okay, sorry. I am still learning the lingo. I think I am with you. I need a full instantiation then
|
Mark M. |
I am not completely clear on what "full instantiation" means in this context
|
Mark M. |
ponder this for a bit, and I'll be back with you after another question from EGHDK
|
Liam |
sounds good thanks
|
Mark M. |
EGHDK: your turn! do you have another question?
|
Jeff G. | has entered the room |
Jeff G. |
Hello, everybody.
|
EGHDK |
An android application is fairly well sandboxed (from what I've read) so it seems like the only loop holes will have to be if broadcast are global, and if activities and services are exported... right?
|
Mark M. |
(hello, Jeff -- I will be with you shortly!)
|
Mark M. |
that certainly goes a long way towards helping
|
Jun 16 | 4:40 PM |
EGHDK |
My last question regarding security is that this person said that when I'm uploading a file, I put up a notification, he said that he can get the app notification to go away.
|
Mark M. |
so?
|
EGHDK |
So my file is still uploading, but the notification gets cleared... so are notifications a threat because they provide another way to get into my application?
|
Mark M. |
not really
|
EGHDK |
It's definitely a "so?!" vulnerability... but it just got me thinking of what else is a problem with notifications.
|
Mark M. |
that is a bit open-ended for the purposes of this chat room, especially when it is crowded
|
Liam |
Thanks for the help Mark. I am going to do some reading and be back!
|
Liam | has left the room |
EGHDK |
Oh wait. Last thing, I have my GCM reciever export=true. It wouldn't work if it was false... right?
|
Mark M. |
right
|
EGHDK |
Sorry this (It's definitely a "so?!" vulnerability... but it just got me thinking of what else is a problem with notifications.) wasn't a question. Just a statement.
|
Mark M. |
OK
|
EGHDK |
Thanks
|
Mark M. |
Jeff: your turn! do you have a question?
|
Jun 16 | 4:45 PM |
Jeff G. |
Yes.
|
Mark M. |
Jeff: go ahead
|
Jeff G. |
Currently, I am wrestling with a focus issue. I have a ListView with rows that each contain an EditText used only for numeric data. If I touch on one of the EditText elements when the keyboard is already displayed the keyboard remains numeric. However, if the keyboard is hidden and I touch on one it doesn't work properly.
|
Jeff G. |
What happens is suddenly the keyboard will switch to QWERTY and the actionbar "steals" focus.
|
Jeff G. |
I tried disabling the Actionbar's "home" button, but it just continues to steal focus by highlighting the first tab.
|
Jeff G. |
I have tried dozens of solutions I found on SO but nothing seems to let me try to keep focus on the touched EditText element.
|
Mark M. |
this is why I avoid EditTexts in ListView rows
|
Jeff G. |
I had a feeling you would say that.
|
Mark M. |
or, rather, this sort of thing is why I avoid EditTexts in ListView rows
|
Mark M. |
as to why the action bar is getting involved, I haven't a clue
|
Jeff G. |
Personally, I agree with you, but this was a requirement given to me.
|
Mark M. |
out of curiosity, which action bar implementation is this?
|
Jeff G. |
API 19
|
Mark M. |
and with respect to the requirement, if the requirement is "a vertically scrolling thingy with EditText widgets", consider a LinearLayout in a ScrollView, if there won't be all that many rows
|
Mark M. |
by "API 19", you mean the native action bar implementation? (versus AppCompat or ActionBarSherlock)
|
Jeff G. |
This only happens if the keyboard wasn't already visible. What happens is the numeric keyboard gets displayed, but then it gets replaced by the QWERTY keyboard a second later. If I try typing I can see that my first tab gets highlighted.
|
Jeff G. |
Yes, native.
|
Jun 16 | 4:50 PM |
Mark M. |
do you happen to have any EditText-ish things in the action bar, like a SearchView?
|
Jeff G. |
Yes, I have a searchview. I tried setting it to be unfocusable but that didn't work.
|
Mark M. |
try temporarily removing it and see if it helps -- it might narrow down your problem somewhat
|
Mark M. |
off the cuff, this feels like a platform bug
|
Jeff G. |
I was hoping to find a way to set each tab to be unfocusable as well, but I haven't been able to yet.
|
Mark M. |
but one that doesn't get run across much because, like, who uses EditTexts in ListView rows? :-)
|
Jeff G. |
I'll explain the requirement to see if there is a better solution.
|
Jeff G. |
The user needs to be able to update a list of things and then send them off for server processing as they go. Sort of like a checklist. I originally had it where a dialog would pop up to allow them to update the field in question, but it was determined this was too tedious; it is preferred to just update the fields all on the listview and then submit them in a batch.
|
Jeff G. |
I know I will have to handle saving the updated data as the rows get scrolled off, which I am not looking forward to doing but...
|
Jeff G. |
I'm open to alternatives.
|
Mark M. |
how big is the list of things, in terms of number of rows?
|
Jeff G. |
user specific. the data comes from a database which could potentially be very large.
|
Mark M. |
I'd mock up a LinearLayout in a ScrollView and see if it gives you the same behavior
|
Mark M. |
if it does not, you then have a choice of attacking your current problem (and I haven't a clue what to do other than try removing the SearchView)
|
Mark M. |
or cooking up your own "row recycling"
|
Jun 16 | 4:55 PM |
Susheel C. | has left the room |
Jeff G. |
I have read several people on SO mention that suggestion. I might just do that. (linearlayout + scrollview).
|
Jeff G. |
Is there any tool that would allow me to view what's getting focus?
|
Mark M. |
you seem to know what's getting the focus
|
Mark M. |
what you don't know is why
|
Mark M. |
and I don't know of a tool that will be able to tell you why
|
Jeff G. |
I'm just guessing because when the QWERTY keyboard comes up I try to type and the first tab gets highlighted in blue.
|
Mark M. |
Hierarchy View should have focus information in it
|
Jeff G. |
I was hoping to find some way to disable focus to the tabs but I can't seem to find a method for that.
|
Mark M. |
and perhaps uiautomatorviewer
|
Mark M. |
bear in mind that all this focus shenanigans will screw with your accessibility
|
Jeff G. |
I'll try disabling the searchview first.
|
Jeff G. |
I'm fortunate in this situation as it is an "internal" app and will only be used on one device by a limited number of users.
|
Mark M. |
give 'em all devices with physical keyboards :-)
|
Jeff G. |
lol.
|
Mark M. |
EGHDK: do you have another (quick) question?
|
EGHDK |
Reading thorugh my java 101 books, I highlighted some things and wrote down some questions that I had when reading. Sorry if they are super simple/stupid questions. Why do arrays have length and arraylist have size and not getLength or getSize?
|
Jeff G. |
Is there anything I can read online explaining the case against EditText in ListView?
|
Mark M. |
Jeff: beats me -- I haven't thought about EditTexts in ListView rows in ages
|
Jeff G. |
ok, thanks.
|
Mark M. |
arrays are primitives, not objects
|
Mark M. |
length is a property (a.k.a., field, data member)
|
Mark M. |
for whatever reason, the authors of Java elected to go with size() on collections like ArrayList
|
Mark M. |
possibly to help distinguish them
|
Mark M. |
but, you'll have to ask Bill Joy or one of the Java creators
|
EGHDK |
Numeric primitives in java are all signed. What does that mean?
|
Jun 16 | 5:00 PM |
Mark M. |
they can be negative
|
Mark M. |
and that's a wrap for today's chat
|
EGHDK |
So signed means they can have either 10 or -10?
|
Mark M. |
the next one is Wednesday at 10am US Eastern Time
|
Mark M. |
EGHDK: yes
|
EGHDK |
Alright, I'll continue on wednesday with my list. Hah. Thanks commonsware!
|
Mark M. |
the transcript for this chat will appear on http://commonsware.com/office-hours/ shortly
|
Mark M. |
have a pleasant day!
|
EGHDK | has left the room |
Jeff G. | has left the room |
Mark M. | turned off guest access |