Office Hours — Today, February 27

Yesterday, February 26

Mark M.
has entered the room
Mark M.
turned on guest access
Feb 27
9:05 AM
ndrocchietto_ivano
has entered the room
ndrocchietto_ivano
HI Mark
Mark M.
hello, Ivano!
how can I help you today?
ndrocchietto_ivano
View paste
On a long recycler view list(ex 60 items) in more activities, I need to add a progress bar at end of  a long list(ex 60) but also after a number of items( for instance , at number 10, 20, 30 etc till 60)
Then once I am at the end of the list have to disappear the progress bar( of course)

I obtained this finding an abstract recycler view implementation on an internet page was recommended me by a team colleague, but then we end up changing the logic in all the recycler views.
Mark M.
are you saying that you show 10 items + a progress bar, then replace the progress bar with the next 10 items after they are loaded?
ndrocchietto_ivano
yes I am using an InfiniteScroller
Leora
has entered the room
ndrocchietto_ivano
but the implementations I can find are for infinite views, not for just long lists that have to retrieve data by a web service
Mark M.
wouldn't it be better to try adding in the Paging library, so you can avoid the progress bars?
9:10 AM
Mark M.
(BTW, hello Leora -- I will be with you shortly!)
ndrocchietto_ivano
\Paging library?
Mark M.
yes, it's part of the Architecture Components
Leora
Hi everyone :)
Mark M.
it's designed for this sort of scenario
ndrocchietto_ivano
OK thanks I will look into!
Mark M.
I show how to use it in the context of Room, though it also can be used for Web services or other slow data sources
ndrocchietto_ivano
dank je
thanks
Mark M.
showing progress bars in a scrolling list is doable, but it is very much an approach from, say, 2010
let me take a question from Leora, and I will return to you in a bit
Leora: how can I help you today?
Leora
Hi Mark, I had bumped you a question regarding the best way to encrypt an upload key if checked in to git, and you answered in an email that you haven't done the google app signing...
and we also decided not to do it
Mark M.
OK
Leora
so how would you recommend encrypting a key.properties file that is stored in our (private) git
9:15 AM
Leora
the file of course contains the alias and passwords to our keystore
Mark M.
if it is in a private git repo, does it need to be encrypted?
conversely, if it is that sensitive, I would not put it in git
Leora
I dunno, I assumed yes
Mark M.
I usually consider git to be for stuff that is viewable by anyone with access to the repo
Leora
I thought i was making a good move by taking the passwords out of the build.gradle file...
Mark M.
yes, but that does not necessarily mean putting the resulting file into git
ndrocchietto_ivano
( and btw Hi Leora)
Leora
yes it's fine for any client developer to access...we are a small company
Hi Ivano :)
Mark M.
by "private", do you mean "on GitHub/GitLab/other hosted thing, but marked private", or do you mean "a git repo on our own hardware"?
Leora
We don't want to leave it on 3-4 local machines
github private
Mark M.
and what is going to sign the app, when it is time to sign your release builds? do you have a designated machine for that, and will that be done using Android Studio or something else?
Leora
I have scoured the internet for a preferred method for storing the file...can't find!
AS yes
Mark M.
if you will sign from inside Android Studio, you do not necessarily need signing information in Gradle at all
just use Build > Generate Signed Bundle/APK
it has its own spot for getting your signing keystore and credentials
9:20 AM
Mark M.
putting signing instructions in Gradle is mostly there for command-line builds or builds from some server (e.g., a CI server set up to handle release builds)
Leora
ohhhhhhhhh
Mark M.
so, I'd consider whether you need any of this
Leora
then i guess the next question would be - where to store the keystore file and an additional file with the passwords so it won't be dependent on the laptop environments
Mark M.
if there is one magic machine to do the signing, have the file be on that magic machine, or on a thumb drive or something that can be plugged into the magic machine
make sure you have a secure backup of the stuff, though
Leora
i would want the backup to be in the cloud...
and then i'd have to encrypt it i assume
Mark M.
I wouldn't want the backup to be in the cloud, though I would want to encrypt the backup
Leora
so back to square 1
so can you recommend an encryption method?
Mark M.
however, now you are not dealing with git
I use Linux, so my backups are on encrypted filesystems
9:25 AM
Mark M.
IOW, I'm not worried about encrypting the file; I'm worried about encrypting the whole backup drive
ndrocchietto_ivano
Manjaro?
Mark M.
Ubuntu
ndrocchietto_ivano
(bloatware)
Leora
hmmm
Mark M.
anyway, this is starting to get a bit far afield from Android app development
Leora
and i'm assuming that all this is because build.gradle files can be reverse-engeneered to find out the passwords?
Mark M.
I'm not sure what "all this" is, but if you only want one machine to be able to make release builds, you need to prevent other machines from making release builds, which means the git repo cannot have all the pieces to make release builds
Leora
Misunderstanding - we don't mind that ANY of the developers can make a release
the question is - how secure is a private github repo
Mark M.
well, at minimum, GitHub/Microsoft can get to it
and you're one accidental screwup away from somebody making the repo public, or granting access to the wrong people
Leora
so what do you recommend (aside from moving to linux)?
9:30 AM
Mark M.
if I were in your shoes, I would keep the keystore and passwords out of the repo and have them on the minimum number of machines needed to sign builds
ndrocchietto_ivano
(that would be a good thing I guess)
Mark M.
and there are plenty of encrypted backup solutions for other operating systems
personally, I don't like cloud backups, unless I'm doing the encryption myself, but if you're into cloud backups and trust the provider, you could do that too
Leora
ok, all things to consider
Mark M.
let me take another question from Ivano, and I'll be back with you shortly
Ivano: back to you! do you have another question?
Leora
sure
ndrocchietto_ivano
yes
you use the page library with live data and room
I do it with RXJava2(that is not a big deal) but to fetch a network request
Mark M.
yes -- I had planned on covering more uses of Paging, but I got caught up in too many other things
ndrocchietto_ivano
what if I get delays from the network(that you do not get with Room)
Mark M.
the idea behind Paging is that it will show placeholder rows that get filled in when the data becomes available
so, if your full data set is 60 items, and you only have data for 10, it will try to start fetching other pages, but if the user scrolls past 10, rows 11-60 are created but as placeholders
and Paging will help you swap in the real data as soon as it arrives
ndrocchietto_ivano
so is sorted by definition
Mark M.
not necessarily "sorted", but Paging does rely on stable IDs and things like that, to know which row is which
ndrocchietto_ivano
and I do not have to take care of network delays because automatically would be showed a progress bar
I see thanks
9:35 AM
ndrocchietto_ivano
have a pleasant day you and Leora
Mark M.
you too!
Leora
thanks you too Ivano!
Mark M.
Leora: back to you! do you have another question?
Leora
yes, just the question about why it was advised to take the passwords out of the gradle file in the first place
because it can be reverse-engeneered?
and why is the gradle file in the build anyway if it's just compiling instructions
Mark M.
if by "reverse-engineered" you mean "looked at directly", then yes
Leora
hhahahaha
Mark M.
if the passwords are in build.gradle, anyone with access to build.gradle can see them
Leora
but that means anyone with an apk??
Mark M.
no, anyone with access to build.gradle
so, in an open source project, that could be everyone on the planet
Leora
but that's just employees
and we're not open source
Mark M.
advice tends to focus on worst-case scenarios, such as publicly-visible repositories instead of private ones
Leora
i see
Mark M.
plus, as I mentioned, a private repository can be made public by accident
Leora
so the gradle files are NOT in the apk..
Mark M.
correct, they build the APK, but they are not packaged into the APK
Leora
ok, well that's much clearer now.
Mark M.
so, it's a question of risk
9:40 AM
Leora
Thanks so so much Mark. Your support has been invaluable :)
Mark M.
with a git repo on your own hardware in your own office, I would not worry about the passwords, as that's as secure as your file server
Leora
ok, risks, got it
Mark M.
as you start moving into cloud solutions, now you're increasing the odds of accidental disclosure
Leora
then i will bring it up with the server crew
Mark M.
sounds like a plan!
Leora
i just heard them say linux server in the background here
:)
Thanks a gagillion
Mark M.
you're welcome!
Leora
Take care!
Mark M.
you too!
Leora
has left the room
9:50 AM
ndrocchietto_ivano
has left the room
10:00 AM
Mark M.
turned off guest access

Yesterday, February 26

 

Office Hours

People in this transcript

  • Leora
  • Mark Murphy
  • ndrocchietto_ivano