**** BEGIN LOGGING AT Mon Oct 06 02:59:57 2008 Oct 06 04:57:02 so no multitouch? is this a hardware limitation? Oct 06 04:57:08 (for the G1) Oct 06 04:57:13 probably a patent issue more than anything Oct 06 04:58:33 that aside, multi-touch, at least on the iPhone, is quite overrated, imo Oct 06 04:58:45 agreed Oct 06 04:58:51 the pinch zoom stuff seems really nice at first, but the more I used it, the more I disliked it Oct 06 04:59:09 it really requires two hands to work well for one thing Oct 06 04:59:16 I really like multi-touch touchpads on the macbooks Oct 06 05:00:32 Oct 06 05:00:37 478 pictures left to go through Oct 06 05:01:14 summatusmentis : Totally awesome on MacBooks. I don't like having to use two fingers on phones, though. Oct 06 05:01:20 well, i saw this guitar app for the iphone that was pretty neat....can play chords Oct 06 05:01:48 not possible if multitouch is not available....so is this a hardware limitation...or are we just waiting for someone to write an app to support it Oct 06 05:02:21 WildCaterpillar: the hardware doesn't have it, and also as i said, they probably can't make it. Oct 06 05:02:26 patent issues and all Oct 06 05:02:33 ahaberlach: well, if you're using a touchscreen phone with your fingers, you're probably holding it in one hand, and using it with the other Oct 06 05:02:53 i dont' understand that patent issues...its not like multitouch is new Oct 06 05:04:39 summatusmentis: not necessarily Oct 06 05:04:53 summatusmentis: I do use my G1 a lot with only one hand Oct 06 05:05:19 i wont ask what you're doing with the other hand ;) Oct 06 05:08:58 gah Oct 06 05:09:11 I want a photos management tool that reads my mind Oct 06 05:09:53 jasta: it's not a multitouch screen? or the software isnt able to utilize it due to patents pending? Oct 06 05:10:03 it's not a multitouch screen Oct 06 05:10:10 ...possibly because of patent issues Oct 06 05:10:57 looks like the Touch HD doesnt do multitouch either. Oct 06 05:11:15 i doubt very much that you'll find any phone with it other than the iPhone Oct 06 05:12:37 meh, if something gets written to inroduce that functionality by a 3rd party... Oct 06 05:38:01 summatusmentis: most of the time I use my G1 with one hand. For instance, I was queuing up songs on Youtube while on a ride today Oct 06 05:38:11 would have sucked to have had to use two hands Oct 06 05:39:10 hmm... I suppose I use my centro with one hand most of the time (except when typing0 Oct 06 05:43:13 there isnt a soft keyboard on the g1 (yet) is there? Oct 06 05:44:15 no soft keyboard in Android 1.0 Oct 06 05:44:27 well kinda Oct 06 05:44:38 longpress gives you accent characters Oct 06 05:45:00 lol Oct 06 05:54:35 i just had a really cool idea for Five Oct 06 05:54:58 when the cache manager is purging entries to make room for new content it should truncate the old cached files instead of delete them Oct 06 05:55:00 I wish there'd be more rumors of upcoming Android phones :) Oct 06 05:55:09 so next time they come up to play, Five will have the first 500k or so to start playback instnatly Oct 06 06:01:17 I'm convinced you wont see another Android Phone till January at the earliest. Oct 06 06:38:59 im going to buy a G1 .. even though its probably a piece of crap ;) Oct 06 06:39:06 and i probably wont be able to get it working here in australia Oct 06 06:39:16 snadge: where you buy? Oct 06 06:39:27 i will be in the usa in november.. so i dont know Oct 06 06:39:36 wheres the easiest place to buy one .. without a contract and unlocked? Oct 06 06:39:54 no idea.. myself searching Oct 06 06:39:59 prolly ebay Oct 06 06:40:09 i know t-mobile sells them with or without contract Oct 06 06:40:28 and they have a policy where you can unlock any phone with them after 30 days.. as long as the account is up to date Oct 06 06:40:46 cool Oct 06 06:40:58 im pretty sure you should be able to pay a premium to get one unlocked.. it seems daft to not offer that Oct 06 06:41:09 when you could just buy a phone on contract, wait 30 days and unlock it anyway Oct 06 06:41:21 right, then it has to work with local carriers Oct 06 06:41:36 no problem in aus.. we have 3g on one of those frequencies Oct 06 06:41:46 grea Oct 06 06:41:47 t Oct 06 06:41:51 not 850.. the other one.. 1700 or whatever it is Oct 06 06:41:55 or 2100 .. i forget ;) Oct 06 06:42:06 rite.. not sure if it can fallback to 2g Oct 06 06:42:29 2g is on 1800/1900 or whatever.. isnt that mostly standard all around the world? Oct 06 06:42:50 and i dont really care about that anyway to be honest.. 3g is covered in all capital cities, and i dont intend to go bush with my google phone Oct 06 06:43:54 rite.. makes sense Oct 06 06:45:23 its unfortunate really.. out bush, telstra (now a privately owned company that used to be the property of the commonwealth of australia) Oct 06 06:45:44 dont get me started about government assets being sold off to private companies and then being royally screwed over ;) Oct 06 06:46:20 its almost as bad as this "financial crisis" which just makes me want to stab fraudulent wall street types in the eyesocket Oct 06 06:46:47 instead of talking about the bailout.. we should be talking about how we're going to make those responsible suffer, and pay for it Oct 06 06:47:28 and make their great great grandchildren pay for it too Oct 06 06:47:52 and they should have physical harm inflicted upon them ;) Oct 06 06:48:33 bailout is required Oct 06 06:48:51 required for whom? Oct 06 06:49:19 the american people? the citizens of this world? pfft.. you're so naive.. i've got a bridge for sale ;) Oct 06 06:49:30 haha Oct 06 06:49:41 required for world economy Oct 06 06:49:55 its not just US economy Oct 06 06:50:00 the world economy would recover Oct 06 06:50:16 when something collapses.. what do you do.. you go, oh well.. lets rebuild again Oct 06 06:50:47 why prop up a failed system.. why not create a new one thats fair for everybody.. i know, thats crazy hippy talk and it will never happen Oct 06 06:51:42 there will come a point where ordinary people who are struggling.. will not see the benefit of giving what little they have left, to support a system that has failed Oct 06 06:52:27 and there will be civil unrest.. i cant wait, sign me up ;) Oct 06 06:53:33 yeah, long time we saw some civil war ;) Oct 06 06:54:23 * umdk1d3 buys bridge from snadge Oct 06 06:55:00 the way i see it.. the only people who say "we need this bailout really bad or else bad things will happen" Oct 06 06:55:17 are all crooks and liars... aka politicians Oct 06 06:55:25 and people who have vested interest (ie, warren buffet) Oct 06 06:55:28 or ignorant americans Oct 06 06:55:30 mmm nope, its the bankers saying that Oct 06 06:55:36 politicians are just following Oct 06 06:55:50 sad thing is that this /wont/ solve the credit issues Oct 06 06:56:10 what it does do, is pass the mess onto obama to clean up Oct 06 06:56:30 and its going to be even messier .. but at least george wont be doing it, because he is absolutely useless Oct 06 06:56:33 to be honest, the president cant "fix things" obama or otherwise Oct 06 06:56:49 nope.. but he can remove all the republicans from the white house Oct 06 06:56:57 and replace them with democrats who have different ideas Oct 06 06:57:13 umm last time i checked everyone pretty much voted for the bailout--it wasnt partisan Oct 06 06:57:38 thats right.. but in general, its the dems who favour increased regulation Oct 06 06:58:04 its the dems who see the problems with the "free market" Oct 06 06:58:14 which the republicans think will fix anything Oct 06 06:58:41 great work george w ;) "the fundamentals of our economy are strong" ... "uhuh.. yep" Oct 06 06:58:41 and this is why we need to get rid of the federal reserve Oct 06 06:59:12 absolutely.. but how? how do we get main street Oct 06 06:59:21 (elect ron paul ;) Oct 06 06:59:37 obviously that wont work.. hes popular on the internets Oct 06 06:59:43 but obama kicked his ass on the popularity front Oct 06 07:00:12 * umdk1d3 kicks america for following popularity like their watching president idol or something Oct 06 07:00:18 i actually have a sneaking suspicion.. that obama will take on the feds Oct 06 07:00:42 but he is not saying anything about it.. because it would ruin his chances of becoming president Oct 06 07:01:14 its much easier to be like saddam hussein.. pretend to be friendly, then turn on your "friends" when you dont need them anymore Oct 06 07:02:30 obama is not stupid.. he knows what the federal reserve is Oct 06 07:02:41 and i know that he knows that its wrong Oct 06 07:04:57 that might sound ridiculous.. it certainly would be if i was talking about mccain Oct 06 07:09:23 did everyone know that obama was a member of the CFR? (the same people who own the federal reserve) Oct 06 07:10:03 so people are saying that means its 99.99% likely he will do nothing to disbandon the federal reserve.. (which i might point out is unconstitutional and hence illegal) :P Oct 06 07:13:42 obama has a tough task Oct 06 07:13:45 poor guy Oct 06 07:14:13 you don't want to be president when the economy at its worst Oct 06 07:14:27 ever.. since 1930's Oct 06 07:31:13 obama is going to love it .. theres no possible way that he could possibly do worse than george bush Oct 06 07:31:36 and this is going to give him a chance to shine Oct 06 07:31:49 hmm Oct 06 07:32:12 he is a smart man.. and knows when to get advice and how to interpret it etc Oct 06 07:32:22 george bush is basically incompetant in comparison Oct 06 07:32:33 which is good when you want to pull a swift one over your entire population Oct 06 07:32:34 yeah, but the crisis is major Oct 06 07:33:00 like invade a sovereign nation and plunder its resources under the guise of "fighting terrorism" Oct 06 07:33:12 it might not be bush Oct 06 07:33:14 i feel sorry for smart people in america, who are lumped in with all the rest of the "stupid americans" ;) Oct 06 07:33:21 may be he followed cheney Oct 06 07:33:35 bush seems to be a nice guy Oct 06 07:33:54 its just a shame hes a dumb ass who shouldn't have been elected to run arguably the most powerful nation on earth Oct 06 07:33:55 my guess is bad influence around him Oct 06 07:34:19 and cheney did very well out of iraq Oct 06 07:34:33 yup Oct 06 07:34:43 which is why its not just important to have someone smart as second in charge.. but also the president needs to be smart, so he can realise if the vice president if full of sh*t or not Oct 06 07:35:02 no argument there Oct 06 07:35:11 your president must be smart! Oct 06 07:35:21 i think bush failed on that one.. and mccain fails in the sense that palin isnt exactly someone you really want to be bouncing ideas off Oct 06 07:35:43 he picked palin to garner votes Oct 06 07:35:47 and his own ideas arn't really that brilliant either .. but then it doesnt matter, because for the most part, republicans are stupid Oct 06 07:35:48 not to be bouncing ideas Oct 06 07:35:59 and they will vote for the stupidest candidate.. since it makes them feel better or something Oct 06 07:36:05 even though that has ruined the country ;) Oct 06 07:36:30 GAH im in some sort of infinite loop, something keeps trying to start, gets an error, then tries again about 3 seconds later Oct 06 07:36:34 10-06 01:33:30.314: ERROR/dalvikvm(6580): pthread_setspecific failed, err=22 Oct 06 07:36:44 maybe the democrats should start up a "republicans are stupid" campaign Oct 06 07:36:50 logcat isnt showing anything helpful about /what/ is trying to start Oct 06 07:37:04 snadge: the election is over.. obama wins Oct 06 07:37:12 and point out how on average, republican voters have statistically significant less intelligence Oct 06 07:37:22 hehe Oct 06 07:37:28 snadge: your face has statistically significant less intelligence Oct 06 07:37:30 * umdk1d3 runs :P Oct 06 07:37:39 lol Oct 06 07:37:58 they could run an ad "do you want smart people, or dumb people to run the country?" Oct 06 07:38:04 lol Oct 06 07:38:09 dumb will win.. hehe Oct 06 07:38:14 sigh Oct 06 07:38:15 "look what a dumb president has done in 8 years, to our economy" ;) Oct 06 07:38:28 the economy is not entirely bush fault Oct 06 07:38:32 ive got an android problem :P Oct 06 07:38:43 umdk1d3: what are you running? Oct 06 07:38:59 i have no clue lol, its just sitting here dying with that err=22 Oct 06 07:39:17 it might be debugger related Oct 06 07:39:17 hmm Oct 06 07:39:43 there isnt any app-specific information showing up though--it just keeps going through the >> androidruntime start << thing Oct 06 07:39:53 and then that pthread error Oct 06 07:40:07 im wondering if there is something deeper i can force a dump on Oct 06 07:40:24 its your app causing it right? Oct 06 07:40:40 i honestly have no clue, there is a pileton of apps on this thing Oct 06 07:41:50 umdk1d3: you have any example of a custom view, with a cursor adapter? Oct 06 07:41:53 aha i think i found its process group Oct 06 07:42:13 SimpleCursorAdapter will take a view right? Oct 06 07:42:32 prolly, just want to see an example if available Oct 06 07:43:01 NotePad/src/com/example/android/notepad/NotesList.java Oct 06 07:43:06 oooh Oct 06 07:43:08 new SimpleCursorAdapter(this, R.layout.noteslist_item Oct 06 07:43:18 thx.. will check it out Oct 06 07:43:25 grep is mah friend ^.^ Oct 06 07:43:46 grep rules Oct 06 07:43:49 cntl shft F Oct 06 07:44:15 hmm does adb help give groupid info out? Oct 06 07:44:26 * umdk1d3 stops chatting and jus tlooks Oct 06 07:52:21 mornin all Oct 06 08:18:41 hmm anyone played with detecting double-taps? Oct 06 08:18:56 its possible, but im wondering if anyone has the "right way" of doing it figured out Oct 06 08:19:18 haven't tried Oct 06 08:29:28 I want to make my dopod 699 to android system, is workable? Oct 06 08:36:16 ? Oct 06 08:41:59 is the locale information available for android? Oct 06 08:42:16 to check on user's language? Oct 06 08:51:36 what you need that for? **** BEGIN LOGGING AT Mon Oct 06 11:05:36 2008 Oct 06 12:34:40 hey snadge: where are you going to be in the US? **** BEGIN LOGGING AT Mon Oct 06 12:54:21 2008 Oct 06 13:09:31 anybody awake with a device handy? ;) Oct 06 13:23:27 i'm awake looking for a device handy :) Oct 06 13:31:05 heh Oct 06 13:53:03 * umdk1d3 prepares to write piles of blog posts Oct 06 14:04:20 umdk1d3, on what? Oct 06 14:04:30 umdk1d3: ever try sleeping?! Oct 06 14:07:16 he can sleep when he's dead. :) Oct 06 14:09:57 plus and umdk1d3 - they are droids ;) Oct 06 14:10:53 these aren't the droids you're looking for Oct 06 14:27:13 I took a break from Android yesterday, for Sacred 2 :/ Oct 06 14:28:25 I need a vacation in November or something.... Oct 06 14:29:40 oh no Oct 06 14:30:11 zhobbs: ^^ we probably all need one Oct 06 14:30:55 yeah, with helloandroid, the adc, and now tunewiki....my life has been all android for a year Oct 06 14:35:00 zhobbs: thats funny you should say that... Oct 06 14:35:06 i was just laying in bed 10 minutes thinking about that Oct 06 14:35:16 10 minutes ago* Oct 06 14:35:31 that since November of last year i've been consumed by this thing Oct 06 14:35:46 android has changed our lives Oct 06 14:37:11 * Disconnect hesitates to draw the obvious apple comparison..... Oct 06 14:39:42 Disconnect: do it! Oct 06 14:39:47 uhoh. admins are after me. :) Oct 06 14:40:19 helloandroid Oct 06 14:40:23 hrm something happened to my nickname Oct 06 14:40:32 prolly splits/joins Oct 06 14:42:47 so has anyone managed (or even tried) to get a shell on a physical device? (without magic vendor tools the rest of us don't have :) ..) Oct 06 14:43:37 i haven't manged to get a device.. Oct 06 14:44:50 what's the difference between posting a Runnable and a Thread to a Handler? Oct 06 14:45:34 there's a post(runnable) Oct 06 14:45:58 zhobbs: what do you mean posting a Thread? Oct 06 14:46:33 handler.post(new Thread() { public void run() { ... } ); vs handler.post(new Runnable() { public void run() { ... } ); Oct 06 14:47:34 i'd have to say it's that handler.post can't take a Thread :) Oct 06 14:47:40 me too :) Oct 06 14:47:43 so we don't know wth you're tlaking about Oct 06 14:48:12 thread is a runnable Oct 06 14:48:19 hehe...Thread implements Runnable...anyways, yeah, it's a bad idea Oct 06 14:48:32 its all the same Oct 06 14:48:38 Thread is probably more overhead Oct 06 14:48:47 zhobbs: thread implementing runnable doesn't mean it is a runnable. Oct 06 14:48:54 (a bit) Oct 06 14:49:05 jasta: WHAT? Oct 06 14:49:12 zhobbs: I'd forgotten it was legal type wise! Oct 06 14:49:14 i mean they are not interchangable ideas. Oct 06 14:49:26 It's an unfortunate legacy of the java 1.0 library design Oct 06 14:49:27 a runnable is just java's form of code enclosure Oct 06 14:49:29 a thread is not. Oct 06 14:49:34 it caused an Activity to leak when I passed in a Thread, changed it to Runnable and the Activity doesn't leak anymore Oct 06 14:50:56 any of you have any good reading material on threads in Java in general? any must-reads? with all this UI stuff you get to deal with them quite easily Oct 06 15:02:34 tethridge: for one, magic auto-paging lists that "grow" to grab the next page of results when you hit the bottom Oct 06 15:02:45 its not too hard, but still cool to write Oct 06 15:02:53 that is nice Oct 06 15:03:01 umdk1d3: cool, that's one on my todo list Oct 06 15:03:45 its not too hard, just override onscrolllistener and addFooterView if you want a nice spinning thing down there Oct 06 15:14:12 Disconnect: physical devices can run shells all right, but the environment is locked down quite a bit more than the emulator Oct 06 15:14:43 Disconnect: for instance, there's no 'su', and the security permissions prevent you from doing much more with the shell than looking at the SD card Oct 06 15:14:47 using the unsupported JNI or is there an easier method? Oct 06 15:15:11 its field-upgradable, root access is not a difficult problem :) Oct 06 15:15:50 Disconnect: true, but at that point you have far more than shell access and your question is moot. I'm just answering it as you asked it :) Oct 06 15:16:01 * Disconnect is much more familiar with that side of things than java, although my time-to-relearn-java books start arriving today Oct 06 15:16:06 yah Oct 06 15:17:35 i've got 2 not-incompatible goals - basic user shell (with busybox tools at least) - doable if the shell can be gotten to without reflashing - and actual full access, which is probably fastest wth a reflash) Oct 06 15:18:46 trying to decide where to focus my efforts. (i'll probably hit the terminal emulator first anyway, just cuz i can do that on the emulator while waiting for my phone) Oct 06 15:20:19 morrildl: i'm happy to say i finally got all my work arounds in place and have put Five's main music playing service back together again Oct 06 15:22:30 jasta: local web server workign? Oct 06 15:22:33 jasta: so ready to go on 22? Oct 06 15:22:51 zhobbs: yessir. Oct 06 15:22:54 muthu: what/ Oct 06 15:23:15 are you putting it on market on 22nd? Oct 06 15:23:47 oh, no. Oct 06 15:23:57 though i am hoping it will be "available" then. Oct 06 15:24:12 why not launching? Oct 06 15:24:17 for testers and whatnot Oct 06 15:24:52 because it's not ready. i've spent the last 2 weeks working around bugs. and ever since 1.0 came out i've been doing nothing but rewriting code. Oct 06 15:25:22 besides, i can't use the Android market anyway, so no need to rush into that. Oct 06 15:25:54 you can't use? Oct 06 15:26:07 he can't make it free Oct 06 15:26:08 no, how would the market help the user get the server installed on their PC? Oct 06 15:26:12 it would use too much bandwidth too Oct 06 15:26:24 oh ok Oct 06 15:26:30 Dougie187: that's not it at all...it's just an issue of distribution. five needs more than the phone apps. Oct 06 15:26:31 he would have to pay 2 bucks per user. Oct 06 15:26:52 Dougie187: that doesn't apply to the Android Market Oct 06 15:26:58 i guess i could distribute kind of a dummy package that just says "go download five server!" Oct 06 15:26:59 oh right. thats the tmobile one. Oct 06 15:27:02 but that would be stupid Oct 06 15:27:15 Dougie187: and as far as I know the T-Mobile store is not even for Android anyway Oct 06 15:27:18 romainguy: how does the android market handel free apps? Oct 06 15:27:34 handle* Oct 06 15:27:35 Dougie187: what do you mean? Oct 06 15:27:54 well, i guess the same was as paid apps? esp since paid apps don't come until an update. right? Oct 06 15:28:15 i think im just confusing myself from some article I read a while ago. Oct 06 15:28:20 I think so :) Oct 06 15:28:35 it happens. Oct 06 15:28:41 it was a very confusing article. Oct 06 15:28:41 lol Oct 06 15:28:52 one more :) Oct 06 15:29:19 are you guys planning to release the android source on the 22nd as well? Oct 06 15:29:37 we said that the source would be available around the time the first handsets are available Oct 06 15:29:41 so wait & see :) Oct 06 15:29:41 pppp Oct 06 15:29:48 ok mr. vague. Oct 06 15:29:50 lolk Oct 06 15:30:12 sorry Oct 06 15:30:35 i have clumsy fingers today. Oct 06 15:31:31 Dougie187: source code will be released in Q4, as soon as possible, though we have no concrete date just yet. We're treating it as a "release" just like any other, and the team working on it wants to get it out ASAP Oct 06 15:31:57 looking forward to the sourcce Oct 06 15:32:21 Hope it will live up to your expectations :) Oct 06 15:32:47 ha! Oct 06 15:33:24 i like the android design Oct 06 15:33:33 just 4 things to remember Oct 06 15:33:34 * Disconnect would expect that a release, esp a 'release like any other', would have meant source+bins together as 1.0.. is delayed source gonna be the norm? :( Oct 06 15:35:42 Disconnect: there's no delay so far Oct 06 15:36:14 there's not too much (open) source around from us users/devs either atm, so I wouldn't put the "blame" on anyone too easily Oct 06 15:36:56 Disconnect: do you work on proprietary code as your day job? Oct 06 15:38:03 romainguy: thought the question was coming up because the 1.0 sdk didn't have (complete?) sources yet.. rather than the (technically unreleased) device firmware. (although - again, technically - anyone @ tmob retail could request gpl etc etc.. not necessarily -reasonably- but technically.) Oct 06 15:38:27 Disconnect: the 1.0 release is the availability of the phones, not of the SDK :) Oct 06 15:39:11 cbeust: i'm the only sysadmin for a big internet community site (30 million active members, something like 50 million monthly uniques, etc) .. the guys next to me do the coding, i keep it running. Oct 06 15:39:15 "anyone @ tmob retail could request gpl etc etc.. not necessarily -reasonably- but technically" << sure but all the GPL code has already been released Oct 06 15:39:23 ah ok Oct 06 15:40:00 pjv: speak for yourself, i've produced tons :) Oct 06 15:40:40 sure, I'm not saying there isn't any at all Oct 06 15:41:11 but yes, i actually haven't found any major open source projects so far. Oct 06 15:41:15 (other than my own) Oct 06 15:41:38 I've browsed the Five source code once... Oct 06 15:41:49 ...and? Oct 06 15:42:32 not seen any .apk for 1.0_r1 then so... Oct 06 15:42:59 no Five APKs have been released to date for any version of the emulator Oct 06 15:43:03 also thought it wasn't quite ready to run yet so didn't try it Oct 06 15:43:17 oh sorry Oct 06 15:44:33 it's actually going to get packaged back together again in the next couple of weeks Oct 06 15:44:45 speaking for myself: https://launchpad.net/androidsfortune, and https://launchpad.net/moneypenny, and hopefully soon: https://launchpad.net/collectionista Oct 06 15:45:01 but these are very small projects (as I don't work full-time) Oct 06 15:45:41 I would be a terrible dev for anything media/graphics so can't really judge Five Oct 06 15:45:42 i don't work on android full-time either. i have a day job. Oct 06 15:47:06 I will try Five when you've packaged it though I think, soon ... Oct 06 15:47:39 bbl, shower Oct 06 15:49:53 what's Five? Oct 06 15:50:06 http://code.google.com/p/five/ Oct 06 15:50:44 ah yes this. why are you calling it five? Oct 06 15:51:00 it's jasta's, not mine Oct 06 15:51:35 romainguy: Are there some security mechanisms included in Android protecting the personal data except the screen lock mechanism? Oct 06 15:52:01 Or are there thoughts about integrating such things. Oct 06 16:09:49 wastrel: I named it Five after the movie Short Circuit, if you must know ;) Oct 06 16:11:13 anotherCaterpill: what do you mean by "protecting personal data"? Oct 06 16:11:57 bah Oct 06 16:12:02 anotherCaterpill: sorry Oct 06 16:32:57 gdsx: as history should have (but didn't) teach phone sw vendors, "the phone is locked" is hardly secure enough to prevent theft of data. even "I ran the data deleter" isnt' enough on many platforms (iphone failed both of those tests not long ago, iirc..) Oct 06 16:43:18 no rss on andappstore? :( Oct 06 16:43:45 ooh neat, every single link requires javascript. how quaint. Oct 06 16:45:14 Disconnect: ? what are you looking at Oct 06 16:45:20 andappstore.com Oct 06 16:47:23 Disconnect: eh, okay Oct 06 16:47:41 Disconnect: yeah that's not an ideal user experience :) Oct 06 16:48:06 no rss on androidapplications.com either .. so just ooc where are people listing most of their apps? Oct 06 16:49:06 morrildl: hey Oct 06 16:49:51 gdsx: hi Oct 06 16:50:22 Disconnect: there's obviously a tradeoff between security and convenience, though. The question is really "if the lock screen does its job, how likely is it that folks will get access to your data?" Oct 06 16:51:10 gdsx: there are a bunch of assumptions there, chiefly that there are no flaws in the lock screen, device or apps (including 3rd-party) that would allow unauthorized activity Oct 06 16:51:11 Disconnect: and, IME, phones are about convenience. This obviously changes when you're marketing more toward enterprises (like the Blackberry stuff), but look at how many iPhones have no lock screen at all Oct 06 16:51:23 Disconnect: ultimately the android market is going to be the most central place to list apps Oct 06 16:51:27 so, just wait :) Oct 06 16:51:42 Disconnect: yes, but how much convenience are you willing to lose? Oct 06 16:51:50 i'm going to need an encrypted password storage app Oct 06 16:51:53 Disconnect: do you want to type in a password every time you look at email/calendar? Oct 06 16:52:01 preferably with desktop sync and a desktop app Oct 06 16:52:04 gdsx: it can be done transparently Oct 06 16:52:37 Disconnect: but if it's transparent, then you lose the extra security Oct 06 16:52:41 add "read[/write] calendar access" as a per-app permission (if its not already) and use a mediator daemon to crypt/decrypt the data. (or contacts, more valuably..) Oct 06 16:53:10 Disconnect: wait, are we talking about aps or physical phone access, here? Oct 06 16:53:34 right now a crashing/hacked browser could shuffle off all my contacts.. if there was a mediator it would either find them encrypted (no good) or pop up "Browser wants to steal your contacts. Allow? Oct 06 16:53:41 gdsx: both Oct 06 16:53:42 Disconnect: that's not true Oct 06 16:53:57 err... I don't think that's true Oct 06 16:54:21 Disconnect: Browser would first need permission to read your contacts, which it doesn't have Oct 06 16:55:11 romainguy_: if i chuck an app up there that grabs the contacts without using the api (say, using jni - if we're postulating code injection then that is a valid test..) i'd bet they are in a readable/usable format Oct 06 16:55:24 ("up there" onto the phone, obviously, not marketpalce :) ..) Oct 06 16:55:25 Disconnect: how would you grab contacts without the api? Oct 06 16:55:29 Disconnect: "UNIX perms" Oct 06 16:56:16 you saying the app runs with different uid based on whether its allowed access to contacts or not? Oct 06 16:56:19 Disconnect: except the contacts are not readable by any process Oct 06 16:56:22 that doesn't sound reasonable Oct 06 16:56:41 Disconnect: there's an API for exchanging data Oct 06 16:56:52 Disconnect: if you don't go through the API, you don't get the data Oct 06 16:56:54 it's that simple Oct 06 16:58:28 looking at the api its all stored in sqlite, which is readable by the user account.. Oct 06 16:58:58 (and a million little utils, including - for reasons unknown to me - a firefox extension) Oct 06 16:59:14 Disconnect: there is no user account Oct 06 16:59:23 Disconnect: each application installs into its own user ID Oct 06 17:00:46 * Disconnect hadn't found the security doc yet - poor google-fu today - but i'm reading it now.. Oct 06 17:28:15 hehe, it's so pointless searching for re-usable third party libraries for stuff i'm trying to do on Android Oct 06 17:28:25 everything i find is so terribly inefficient Oct 06 17:29:22 this last.fm library i found doesn't even have a way through its API to submit a hashed password. you can only give it the password in plain text and it'll hash it for you. Oct 06 17:36:48 writing working & efficient code take some time Oct 06 17:49:01 jasta: thats like pidgin. Oct 06 17:49:11 pidgin stores all passwords in plain text. Oct 06 17:49:36 basically an easy way to steal friends passwords from their laptops. Oct 06 17:49:36 lol Oct 06 17:53:24 im actually going to be having the Five server send the last.fm credentials to the phone so that the user only has to register the account once at the server Oct 06 17:53:45 but im sending down the credentials as a hash, which is how the last.fm service accepts them Oct 06 17:54:19 but im not doing encryption at all between the phone and the server, because that would be too heavy. so eavesdropping would allow someone to hijack some portion of your last.fm profile Oct 06 17:55:07 can you have any sensitive information in your last.fm profile? Oct 06 17:58:33 haha.. your music history Oct 06 18:04:54 Dougie187: well, no, but they can do things like scrobble a bunch of lame music on your behalf :) Oct 06 18:05:38 its better to have mitm attacks possible than to suffer the terrible burden of encryption Oct 06 18:06:20 true Oct 06 18:06:21 lol Oct 06 18:09:15 ...but if the hash drops straight into the api is it any safer than sending it in clear? Oct 06 18:09:55 wow popular room Oct 06 18:10:54 ok question folks, been searchin online for places to start takin up android but havent found any good resources, have DLed eclipse and the adb and th been goin thru the examples, but I want better source of info... any suggestions? Oct 06 18:12:04 what were you looking for beyond good documentation and examples? Oct 06 18:12:06 YanivC, code.google.com/android *is* a good source of info imho Oct 06 18:12:23 apps-for-android.googlecode.com Oct 06 18:12:40 yes, apps-for-android is a good additional resource. but ultimately, docs + examples is a winning combination. Oct 06 18:13:23 YanivC: if you have a specific question, this channel can be a great resource as well. odds are any problem you're trying to solve has already been solved by one of us :) Oct 06 18:13:35 .. or not ;-) Oct 06 18:14:29 jasta ya thanks :) Im familiar with IRC, in fact I think its bar none one of the best resources for any developer (seasoned or beginner) Oct 06 18:14:40 but Im a VB.net/C# developer Oct 06 18:14:42 well, i don't agree, but ok :) Oct 06 18:14:54 so migrating back to Java is a bit painful lol Oct 06 18:14:59 u dont agree? whys that? Oct 06 18:15:30 YanivC: heard C# is java clone Oct 06 18:15:50 not really Oct 06 18:16:00 very similar in syntax but thats about it Oct 06 18:16:14 also getting used to eclipse is taking some time Oct 06 18:16:47 yeah, eclipse takes some time Oct 06 18:17:21 been using MS Dev for so many years that eclipse is actually biting me back :) Oct 06 18:17:39 and honestly... no offense to anyone...... but the MS Ide is far superior to eclipse Oct 06 18:17:56 then again for a free IDE eclipse is awesome Oct 06 18:18:04 agree, MS Ide is superior to a lot of other ide's Oct 06 18:18:41 lol just putting my opinion out there, but the MS IDE sucks, and nothing is better then vim. but its all preference. Oct 06 18:18:42 lol Oct 06 18:18:45 anyways im out. Oct 06 18:19:17 ok so heres a question..... from my early days (cough cough lol) java app starts with public void main correct? wheres that in android app>? Oct 06 18:19:30 I seeonCreate Oct 06 18:19:46 but..... wheres the main entry point? Oct 06 18:20:06 oh i think i see it.... Oct 06 18:20:14 is that the Manifest file? Oct 06 18:20:34 YanivC: You should go through http://code.google.com/android/intro/hello-android.html Oct 06 18:20:35 yeah kinda Oct 06 18:21:22 YanivC: the entry point is onCreate, but it is not useful to think of this as an analogy to main. Read the docs on Activity Lifecycle. Oct 06 18:21:29 there isn't really a "main entry point" it's all heavily componentized and object oriented Oct 06 18:21:31 went thru it.... poorly commented in my honest opinion Oct 06 18:21:43 rayado ya but there HAS to be a main entry point Oct 06 18:21:56 no, there really isn't Oct 06 18:22:06 how? whats the first screen that shows? Oct 06 18:22:16 how does the vm decide which view to show first? Oct 06 18:22:25 or which intent gets fired first? Oct 06 18:22:27 well, I guess a process starts somewhere, but that's all library code Oct 06 18:22:31 lol Oct 06 18:22:32 hahaha Oct 06 18:22:35 that was funny Oct 06 18:22:44 somewhere... ya i suppose somewhere too :) Oct 06 18:23:09 thats my point.... the documentation doest really go into that Oct 06 18:23:14 or at least not from what i found Oct 06 18:23:32 so for someone thats just starting with android.... it can seem weird Oct 06 18:23:41 indeed, it doesn't. But it doesn't because it's not helpful for writing apps. Oct 06 18:23:44 Yeah, it's a different model Oct 06 18:23:55 you split up your app into the different activities Oct 06 18:24:02 yes understood Oct 06 18:24:09 and then you designate via the manifest which ones show up in the launcher Oct 06 18:24:21 actually i think they did a GREAT jib with how codependant it is on XML Oct 06 18:24:42 and.... i like how theyre using the intent model/state Oct 06 18:25:01 but.... still..... theres always an entry point.... I think thats what the manifest is saying... Oct 06 18:25:19 your application entry point is your manifest Oct 06 18:25:24 right Oct 06 18:25:30 exactly thats what I can tell so far Oct 06 18:25:39 so the activity in the manifest dictates the intent Oct 06 18:25:55 yeah, you start with launcher Oct 06 18:25:58 then go from there Oct 06 18:26:00 and the filter i spose triggers the launcher Oct 06 18:26:02 exactly Oct 06 18:26:27 i tell ya what tho...... android leaves no room for daydream coding Oct 06 18:26:35 sorda. the library code uses reflection to find the class listed in the manifest Oct 06 18:26:40 uve really got to plan stuff out before you start Oct 06 18:26:44 and creates an object of that Oct 06 18:26:50 then starts the activity lifecycle on that Oct 06 18:27:01 reflection? in java? Oct 06 18:27:05 cool Oct 06 18:27:20 yeah, it's not midp Oct 06 18:27:54 ahhhhhhhhhhh ok me thinks me understands... so the launcher is my entry point, the intent filter within the activity tag dictates the view/intent/class that will be called Oct 06 18:28:15 yeah Oct 06 18:29:07 so ..... then ..... what if i placed in my manifest 2 activities each witha filter calling the launcher....?? Oct 06 18:29:15 you can get 2 icons Oct 06 18:29:16 is that plausible? Oct 06 18:29:22 lol Oct 06 18:30:04 AHA! so the category launcher belongs to the launcher icons view? Oct 06 18:30:11 yep Oct 06 18:30:14 coooool Oct 06 18:30:19 see... that makes sense Oct 06 18:30:21 the launcher just queries for all of the activities in that category Oct 06 18:30:26 gotcha Oct 06 18:30:51 so... more than one launcher entry in the xml would cause more than one ico... each hittin that particular view/class/intent Oct 06 18:31:08 yep Oct 06 18:31:13 awesome Oct 06 18:31:15 i like Oct 06 18:31:24 so then..... whos gonna police all this? Oct 06 18:31:47 Well... if I download an app that puts 50 icons in my launcher, I'll probably delete it pretty fast Oct 06 18:31:51 see....... IRC rules! :) Oct 06 18:31:55 lol Oct 06 18:32:04 ya ummmm I would have to agree with you Oct 06 18:32:37 but that was my point.... theres NO WHERE i found online that explains what you and I just discussed.... which saved me proly hours in hair tearing Oct 06 18:33:53 indeed Oct 06 18:33:58 with all due respect, there is discussion of application entry points here: http://code.google.com/android/intro/appmodel.html Oct 06 18:34:21 yeah, that's a little more in depth than he wanted Oct 06 18:35:11 what comes after hello world is tough, because with hello world, you just kinda type it in, and don't worry about what's really going on Oct 06 18:35:25 hope some nice books come out Oct 06 18:36:28 muthu actually stadler is correct... I must ave missed this Oct 06 18:36:41 "one of which is a top-level entry point (via an intent-filter for the action android.intent.action.MAIN and category android.intent.category.LAUNCHER" Oct 06 18:37:02 no one reads the docs ;) Oct 06 18:37:39 so in terms they did say it.... but thats not a really relevant way of saying... HEY ... this is android.... in java it all starts with public void main, in adnroid it starts with Manifest.xml Oct 06 18:37:46 muthu AMEN to that! ;) Oct 06 18:38:06 We should just archive this conversation into the docs Oct 06 18:38:11 lol Oct 06 18:38:39 actually one of the ops should prolly concise some of the questions here and it would prolly present itself as a great starting point Oct 06 18:39:06 I actually wasn't kidding Oct 06 18:39:23 no if WinMo would just follow suit with the M$ way of memory mgmt...... Oct 06 18:39:45 rayado..... how do you archive it into the docs? Oct 06 18:39:59 well, I'm not sure where it would fit Oct 06 18:40:12 but there is a faq section Oct 06 18:40:12 well how about.... Hello World? Oct 06 18:40:29 Hello World... I am Manifest :) .... Oct 06 18:40:46 and I are ... R.Java... that magic Oct 06 18:40:52 DOH! Oct 06 18:41:06 haha Oct 06 18:41:16 13:04 jasta its better to have mitm attacks possible than to suffer the terrible burden of encryption Oct 06 18:41:26 jasta needs to get schooled on user privacy obligations Oct 06 18:42:17 HA! it worked... Oct 06 18:44:09 ok anyone know what the buffer size for undo is in eclipse? and is there a way to enlarge it? Oct 06 18:46:28 yes Oct 06 18:46:34 preferences Oct 06 18:47:16 yup found it thanks Oct 06 18:47:25 huh it was set to 100? Oct 06 18:47:31 thats kinda low for default no? Oct 06 18:47:43 not really Oct 06 18:48:16 100? dude thats like nothing Oct 06 18:48:25 100 levels of undo? not really Oct 06 18:48:26 that's fine Oct 06 18:48:32 ummmmmmmmmmm Oct 06 18:48:38 i dont think its levels Oct 06 18:48:45 what is it Oct 06 18:48:47 100 characters? Oct 06 18:48:52 ya i think so Oct 06 18:48:54 fail Oct 06 18:48:56 it's not Oct 06 18:49:09 well it depends Oct 06 18:49:16 if you type really slow, then probably it could be characters Oct 06 18:49:16 ummm ok but i just typed 2 lines of code and tried to go back and it went back half a sentence Oct 06 18:49:20 not sure how the undo system works ineclipse Oct 06 18:56:11 is it possible to build extensions for the broswer? Oct 06 18:56:17 like, port a ff2/ff3 extension? Oct 06 18:59:35 sure, but not until you get the browser plugin SDK and/or permission/mechanism to load native plugins Oct 06 19:00:01 i think the browser plugins are based on the netscape plugin architecture (used in ff, mozilla, etc.) Oct 06 19:00:14 but they're native code Oct 06 19:02:00 there is unlikely to be an XUL interpreter tho, since istr it uses webkit Oct 06 19:02:11 so plugins, maybe, but extensions, almost certainly impossible Oct 06 19:04:47 hrm Oct 06 19:04:48 http://code.google.com/android/reference/android/webkit/Plugin.html Oct 06 19:15:59 I hate to jinx it, but I think I have fixed my memory leaks.... Oct 06 19:16:34 I hope the Android phone and app buyers are shorts. :-( Oct 06 19:17:37 huh? Oct 06 19:18:45 Dow is way down again today. :-( Oct 06 19:19:05 end of world, we're doomed, etc Oct 06 19:19:14 was just looking at my portfolio dmoffett Oct 06 19:19:16 it's horrible Oct 06 19:19:51 it's pretty end of the worldish Oct 06 19:19:54 or coming up on it, at least Oct 06 19:19:55 So has anyone spent much time looking at getting elements of Android up on (jailbroken) iPhones? Oct 06 19:19:59 I have been set back quite a few years. I will be working when I am 90. Oct 06 19:20:14 The trick is to wait until the squeamish have left the building and then start buying. Oct 06 19:21:07 I don't know much about Android, though -- how much of the SDK is in JVM classes that are portable, versus OS-level libraries that are less so? Oct 06 19:21:09 Of course, if I could identify that point, I wouldn't still be working. Oct 06 19:27:26 f00f-: i hope you were joking, being that i was a network security consultant for 2 years :) Oct 06 19:28:44 also, in this case, a mitm attack would be impossible to avoid since there is mutually trusted authority which would know the servers key. Oct 06 19:29:17 even with SSL, you couldn't avoid it. that's the whole reason that certificate authorities exist. Oct 06 19:30:00 forget the mitm, i'm shocked that you would send passwords in the clear? Oct 06 19:30:01 also, mitm attacks are only possible through another type of security failure, possibly even physical, beyond the scope of my application :) Oct 06 19:30:14 f00f-: i'm not sending passwords in the clear, i'm sending the hash. Oct 06 19:30:35 do you protect against replay attacks? Oct 06 19:30:35 which isn't reversible to the password, but it is usable to access the web service in question Oct 06 19:30:48 oh, so it's as good as a password then Oct 06 19:31:16 yeah, really the web servicres should offer stronger authentication options Oct 06 19:31:19 well, in a sense. it's much more secure than transmitting plain text passwords as the password itself can be used to accomplish more and could also be used to infer more about the user. Oct 06 19:31:40 f00f-: we're talking about interaction between five server and the phone client. Oct 06 19:32:18 which could happen over wifi or the data network i assume? Oct 06 19:32:20 five server will transmit your last.fm hash to the client, which allows for an unavoidable mitm attack. Oct 06 19:32:27 f00f-: public internet mostly. Oct 06 19:33:01 oh, so Five on the phone needs last.fm credentials? Oct 06 19:33:14 fwiw in moseycode I generate a timestamped, versioned, opaque authent tokens and pass those around Oct 06 19:33:43 that way I don't send the password - slightly different situation though Oct 06 19:34:15 yeah, basically preventing replay attacks Oct 06 19:34:20 as long as old tokens can't be reused Oct 06 19:34:55 f00f-: ah well, there's the compromise - tokens are usable for a certain amount of time Oct 06 19:35:34 but the user, by 're-associating' their device, instantly invalidates all outstanding tokens Oct 06 19:36:11 f00f-: do you know what prevents mitm attacks btw? Oct 06 19:36:27 most people have no clue, and mistakenly assume that encryption is "perfect" when only 2 peers are involved. Oct 06 19:36:57 jasta: some HMAC type mechanism? Oct 06 19:37:10 plus some certification/trust Oct 06 19:37:13 so to prevent mitm in this case, there would need to be a third party trusted authorited to exchange key information about the server. this means that the user would be required to either purchase a CA or get a free one that i hardcode like cacert.org Oct 06 19:37:32 this is an absolutely unacceptable requirement to avoid an attack which can let someone scrobble songs as you. Oct 06 19:38:02 on top of the fact that this would require encryption now, which would be an enormous processing burden on the phone to protect against an unlikely attack on barely useful information. Oct 06 19:39:10 f00f-: the reason mitm is possible is because if you don't know the server's key ahead of time, the client must *ask* the server for it. a mitm attack would just receive the server's real key, and instead send the client the attacker's key. Oct 06 19:39:34 moseycode permits mitm attacks, I had similar reasoning to jasta, I designed it so that the credentials so gained were as limited as was practical Oct 06 19:39:52 so, the prevention of this attack is if there is a third party involved which both parties (server and client) trust already and have keys for, then the client would verify the server's key and find it to be the attacker's, not the server's. Oct 06 19:39:56 and shut down the connection Oct 06 19:40:18 so the prevention of mitm is extremely difficult to provide, and should be considered as part of your design whether you even care to prevent it. Oct 06 19:40:51 don't you have some sort of central service for Five that could be used as a trusted party? Oct 06 19:41:11 nope Oct 06 19:41:29 there are a host of reasons why i want to avoid that: namely the legal concerns of proxying any of this info Oct 06 19:41:58 the RIAA would swarm on me ;P Oct 06 19:42:23 Hey guys, I just downloaded my app from the Market Place, and I get an error about my SQLite database. The app force quits and I'm not sure how to fix it. Oct 06 19:42:38 yes mitm should always be considered a possibility in most systems, my rule of thumb is don't allow the information leaked by a mitm attack to expose valuable information (eg. transmit a password hash, not the password) or to last indefinitely (time-limit the credentials) Oct 06 19:42:51 When I install the apk via adb, everything is fine. Oct 06 19:42:57 harrdawg: how do you have access to the market? Oct 06 19:43:22 harrdawg: what is *your* app? Oct 06 19:43:31 tomgibara: exactly, the password hash is important as it is "like" a password, but since it was not reversed it cannot be use dot infer additional infromation about the user. Oct 06 19:43:36 AccuWeather Oct 06 19:43:36 for example, if they use this password for other services Oct 06 19:43:59 or in last.fm's case, the web service uses the hash but the web site uses the password, and only the latter can be used to change the password Oct 06 19:44:03 so no permanent hijacking would be possible Oct 06 19:44:13 f00f-: remember that the only reason SSL is secure is because the trusted authorities are distributed with the browsers Oct 06 19:44:20 /nick poetic_folly Oct 06 19:44:22 yes Oct 06 19:44:46 so for jasta to avoid mitm attacks he needs a distribution model that is safer than that for the five app itself Oct 06 19:45:08 eg. having a certificate distributed w/ android - obviously a non-starter Oct 06 19:45:17 and again, it's all about how sensitive the information you're transmitting is. a last.fm password hash is not sensitive enough. Oct 06 19:45:18 what about some pairing process between five server and client Oct 06 19:45:34 true, all this isn't that sensitive Oct 06 19:45:39 f00f-: there is no model in which 2 peers can avoid mitm without a third. Oct 06 19:45:54 no matter what you call it, it's not possible :) Oct 06 19:46:38 jasta: maybe quantum encryption, but that's not coming to mobile devices any time soon Oct 06 19:46:43 hehe Oct 06 19:46:50 T-mobile G2 will have it Oct 06 19:46:53 also, the other thing to remember is that mitm attacks are very hard to target Oct 06 19:47:06 jasta: no, i mean like bluetooth-style pairing Oct 06 19:47:06 usually requiring some type of physical access. Oct 06 19:47:09 :) Oct 06 19:47:45 f00f-: how is bluetooth pairing immune to eavesdropping? Oct 06 19:47:55 (hint: it's not) Oct 06 19:47:56 hehe Oct 06 19:49:05 so even if you use symmetric crypto with a shared key entered physically once by the user, it's not secure enough? Oct 06 19:49:46 well, the encryption is extremely weak. to the point that breaking it would be trivial. Oct 06 19:50:17 think about it. if the user enters a 4 digit number to scramble the data, how hard do you suppose it would be to eavesdrop and attack that later with every possible combination? Oct 06 19:50:35 little to no effort Oct 06 19:50:38 exactly Oct 06 19:51:14 even with a longer password, it's easily predicted. the keys involved in SSL are much, much larger. Oct 06 19:51:26 and with much more entropy Oct 06 19:51:43 could you use a combination of passwords and say an image that you transfered from your phone to the server? Oct 06 19:51:59 image as a keyfile? Oct 06 19:52:19 you'd need the image on both machines. Oct 06 19:52:44 if thats what youre talking about then there's a better way: just use a real key and have the user provide their own mechanism to get it there (over usb or whatever) Oct 06 19:53:41 the mitm attacks require a third party because they are all over the same network. if you transmit the keys outside of the compromised network, then it's secure of course. Oct 06 19:53:58 but the amount of work involved to hide this from the user would be staggering, and for naught in my mind. Oct 06 19:55:47 but yes, your thinking was on the right track. shared, strong secrets distributed outside of the network is how it's done :) Oct 06 19:56:08 or with a third party over the same network that both mutually trust. Oct 06 19:56:24 neither of which im going to provide :) Oct 06 19:57:12 i am certain there is no overlap between the group of people who would be bothered by this approach and those that are using Last.fm in the first place :) Oct 06 19:57:14 yeah, ok i get it now. it seems like a good compromise then :) Oct 06 20:00:57 teh real absurd behaviour is to transmit passwords in clear text Oct 06 20:01:05 since that one is so easy to avoid Oct 06 20:01:19 even if you are transmitting something with as much power as the password itself, its still stupid to transmit the password :) Oct 06 20:02:05 sensible security involves authenticating with a hashed password and then using a strong cryptographic random number as a session key Oct 06 20:02:26 which is what five will use :) Oct 06 20:08:43 hehe, i should probably build in logic for my playlist service to stopSelf() at some point :) Oct 06 20:09:02 maybe after idling for 10 minutes or something Oct 06 20:09:31 speaking of passwords... are there guidelines on how android apps should manage credentials or session keys for online services they use? Oct 06 20:10:53 what does the amazon app do? do you login from the app and it stores your pw in some settings db or what? Oct 06 20:13:24 Thats something I would be intersted as well Oct 06 20:13:45 taaz: as i just said, the sensibl approach is to store a hashed version of the password, but not the passowrd itself. Oct 06 20:13:51 Because I would never store my amazon password long lasting on such a device Oct 06 20:13:59 then the service you are connecting to *should* if properly designed offer to let you authenticate with the hash Oct 06 20:14:16 Well but even the hash could be missused if the device is stolen Oct 06 20:14:35 I wouldnt count on the pretty safe locking screen :-) Oct 06 20:14:35 yes, but you can and should then change your password so the hash becomes invalid. Oct 06 20:14:43 Thats true. Oct 06 20:14:58 for example, if your wallet is stolen, your cards protect themselves only if you call your bank :) Oct 06 20:15:09 :-) Thats true. Oct 06 20:15:09 I think services should go further and establish time-limited tokens Oct 06 20:15:25 tomgibara: yes they should, but how does that "go further"? Oct 06 20:15:43 the hashed password would still be stored on the device unless you wish to prompt the user periodically. Oct 06 20:15:51 But well I dont carry as much private data with me as I would with the G1. So there should be some more protection than just the simple locking screen. Or not? Oct 06 20:16:14 jasta: it means that a compromise only lasts for a fixed period of time Oct 06 20:16:18 (I dont have a solution for that just a thought) Oct 06 20:16:39 tomgibara: not true, unless outside of that fixed period you require manual re-authentication Oct 06 20:16:45 as with the password entered into a dialog Oct 06 20:17:29 which will drive mobile users bonkers and is, imo, not worth it. i favor the solution where if your phone is lost/stolen, you should simply re-secure all the services for which it was configured to use. Oct 06 20:17:45 okay - we're talking about end-to-end security here? Oct 06 20:17:46 think about google's services for instance. do you think you will need to reauthenticate manually ever? Oct 06 20:17:54 tomgibara: we're talking about if the phone is stolen Oct 06 20:17:55 Where the device itself is compromised? Oct 06 20:17:58 yes. Oct 06 20:18:09 sorry, missed that (disclaimer: am v. tired) Oct 06 20:18:12 if the device itself is compromised, you need to go change your passwords, because apps will have stored the hashed pass Oct 06 20:18:24 so a time-limited token will do nothing to save you, since the hashed pass will still be on the device Oct 06 20:18:44 unless you periodically prompt the user, which would be infuriating. Oct 06 20:19:04 or you could have a time-limited token that lasts way too long, and would actually be less secure that way :) Oct 06 20:19:08 But well reconfiguring everything can be a pain. I'm just thinking about it right now. What do I have on the phone. IM, Email, PIM, a lot of website account passwords, etc. Oct 06 20:19:32 anno^da_: all of which you would want to re-secure if stolen. Oct 06 20:19:41 http://www.biowallet.net/ Oct 06 20:20:07 jasta: Just thought about the timeframe that I have for doing that. Oct 06 20:20:33 Perhaps there could be some SMS or message based possibility to destroy the data remotly after it gets stolen. Oct 06 20:20:50 anno^da_: pretty sure that's patented by RIM Oct 06 20:20:53 anno^da_: that's pretty weak security actually. if the attacker knew about such a feature, they would disable the radio immediately Oct 06 20:21:02 True. Oct 06 20:21:20 tomgibara: Well they cant force me not to write it for myself ;) Oct 06 20:21:30 btw, this does imply that the attacker can defeat android's built-in security. Oct 06 20:21:40 :) not entirely true, but they wouldn't know Oct 06 20:21:42 since they'd need privileged access to the internal storage in order to do anything useful Oct 06 20:21:47 What is android in built security ? Oct 06 20:22:01 If the get my lock gesture. Oct 06 20:22:06 android's built-in security is based on the notion that each app is isolated by UNIX privileges Oct 06 20:22:10 They have access to my services. Oct 06 20:22:13 Yeah well sure. Oct 06 20:22:14 http://code.google.com/android/devel/security.html Oct 06 20:22:24 so with limited access to the internal storage medium, you couldn't get stored hashed passwords directly Oct 06 20:22:28 so you could only do what the device lets you do Oct 06 20:22:31 and nothing more Oct 06 20:22:34 True. But you could use the services. Oct 06 20:22:42 whereas with open access you could do lots more evil things Oct 06 20:22:46 I did think about adding some form of bricking option to my pinpoint app, but didn't want to get into any legal wrangles Oct 06 20:22:52 like use the amazon credentials to buy bigger things than mp3s :) Oct 06 20:23:15 Well ok. You are right. Oct 06 20:23:26 i'm not a big fan of remote wipe or anything like that. i would just immediately re-secure any services my phone could access. Oct 06 20:24:01 so... back to credential storage. where do you store whatever you are storing? Oct 06 20:24:09 Hmm. I'm not a big fan of private data like pictures in foreign hands. :-) Oct 06 20:24:11 jasta: Without it you can't stop the attacker accessing the information that's resident on the device Oct 06 20:24:15 taaz: in your apps dir Oct 06 20:24:21 in a database or a flat file or whatever you want Oct 06 20:24:43 is there anything in place that will force apps to use internal flash for config/password-hash/etc? cuz there's a -real- easy way around all this... Oct 06 20:24:47 tomgibara: Thats what I meant with security in that case. The unix security doesnt help me in that point. Oct 06 20:24:48 anno^da_: well, yes, but again intelligent hackers would immediately swithc off the radio Oct 06 20:25:12 ('all this' being 'working security') .. and even if its not there now, it'll need to eventually - the unit hasn't got a whole ton of storage onboard iirc Oct 06 20:25:28 jasta: its significantly less useful with the radio off tho Oct 06 20:25:32 And complete encryption after the device is locked ? Is something like that possible or is it too slow. Oct 06 20:25:37 Disconnect: not to an intelligent hacker. Oct 06 20:26:02 jasta: I know nothing about blackberries other than my wife has one for work. perhaps they only grant access to your contacts after they have contacted RIM hq Oct 06 20:26:07 for example, if i was going to intentionally run amok, i would steal someones phone, switch the radio off, open up the device and get access to internal storage, then i'd find your amazon hashed password, and i would buy a plasma TV. Oct 06 20:26:52 Not completely hacker proof but certainly enough for enterprises who's staff leave their phones in other people's offices Oct 06 20:26:53 more to the point - and the reason behind the blackberry security features - is open it up and steal all your internal emails about how the g2 comes out in feb with 2x the ram for free and even makes coffee just the way you like it.. Oct 06 20:27:01 and i would rewrite all the girl's phone numbers on your google account to dial your mom. Oct 06 20:27:04 hehe Oct 06 20:27:35 none of which would require access to the phone's radio Oct 06 20:27:58 blackberry works moderately hard (on some models) to prevent that sort of thing - case switches, epoxy over the flash, etc.. Oct 06 20:28:10 remote wipe is a fine solution to get rid of local data like pictures. but for online services, you'd better just change your damn passwords Oct 06 20:28:17 Whats with encryption of the data after locking the phone ? Too slow? Oct 06 20:28:43 jasta: True. But pictures and other data can be very sensitive as well. Oct 06 20:28:56 sure, but the point is that remote wipe will only work if the attacker is a total idiot Oct 06 20:29:06 :-) Oct 06 20:29:16 and if they aren't a total idiot, then you really had better change your passwords :) Oct 06 20:29:22 Or if he is too slow. But yeah you are right in that point. Oct 06 20:29:40 Chaning youre password is something you have to do no matter what. Oct 06 20:29:59 random side note, i may have to do something like this for android: mobilesite.net (webserver/python blog app for s60 phones) Oct 06 20:30:32 yah but at least he won't have all my contacts and those pics from the nude beach last summer that i thought i deleted (or whatever..) Oct 06 20:30:43 So the best thing would be storing everything remotely. Oct 06 20:30:57 i think bb got people used to the "x retries before suicide" method Oct 06 20:31:12 * Disconnect sometimes takes pictures in locations that have no coverage (esp with tmob) .. Oct 06 20:31:21 So the attacker has to leave the radio switched on. ( I could now destroy the hashed passwords for the online service I'm storing data in) Oct 06 20:32:06 and even without that, i trust (to a point) that while its in my pocket, i know who has access to those pics. (anyone in my pocket) vs the web, where its "anyone who can pretend to be me or find a hole in the online app, or find a cache in an inappropriate place, or sniff, or.." Oct 06 20:32:10 Wouldnt that be the solution. (Ok it is not usable at the moment because of slow internet connections but it would be more secure) Or do I forget something? Oct 06 20:32:59 ...ok so this might be a stupid question, but doesn't gsm include a proprietary hashing method? (not full-on crypto chip, just a way to generate one-way hashes) Oct 06 20:36:33 and for that matter, if tmob was willing to do imei banning this would be a moot point. let android go "OMG i'm bannernated!" and suicide Oct 06 20:40:05 Next doping guy from Germany caught by retesting the tests from the Tour 2008. Oh I like this sport soo much. Next year we will see the Armstrong doping show again. *rolls eyes* Oct 06 20:43:20 anno^da_, who got busted? Oct 06 20:45:03 Stefan Schumacher. (He won the 2 time trails) Oct 06 20:45:17 nice Oct 06 20:45:25 EPO CERA again :-) Oct 06 20:48:12 http://www.lequipe.fr/Cyclisme/breves2008/20081006_181532_schumacher-aussi-positif_Dev.html <- thats the original news from the french lequipe Oct 06 20:48:12 Disconnect: http://www.gsm-security.net/faq/gsm-encryption.shtml Oct 06 20:48:18 So now back to android :-) Oct 06 20:48:21 anno^da_: L'Équipe :) Oct 06 20:48:34 strangely enough, i just read that :) Oct 06 20:49:00 romainguy___: Oohhh I'm sorry for that Romain. :-) Oct 06 20:49:01 I'd like to think that we won't see the doping charges against lance next year Oct 06 20:49:14 anno^da_: just teasing you :) Oct 06 20:49:20 I cant type the accent that fast :D Oct 06 20:49:21 he seems to have a good plan of attack by putting all of his tests online for the public Oct 06 20:49:35 But I know the name of the accent. Oct 06 20:49:38 anno^da_: it's easy if you have a Mac :) Oct 06 20:49:46 I have one :P Oct 06 20:49:50 biking is a doped sport Oct 06 20:49:54 then that would be alt-e shift-e Oct 06 20:50:19 alt+e is the euro for me :D Oct 06 20:50:30 most of them "have" asthma Oct 06 20:50:31 on a qwerty Mac keyboard? Oct 06 20:50:32 weird Oct 06 20:50:43 yeah querty one :-) Oct 06 20:50:48 qwerty Oct 06 20:51:01 ah no qwertz Oct 06 20:51:01 :D Oct 06 20:51:12 German keyboard? Oct 06 20:51:36 the temptation is in all pro sports Oct 06 20:51:44 it's the money! Oct 06 20:51:44 Yeah german keyboard Oct 06 20:51:53 hehe, business types are so funny ;) Oct 06 20:51:54 anno^da_: at least you can ß easily :p Oct 06 20:52:02 Anyone know if Android has been ported to other languages other than English? Oct 06 20:52:03 * tethridge channels Jerry Maguire, "Show me the money!" Oct 06 20:52:11 ßßßßß ;) Oct 06 20:52:19 i just talked to some dude we're having issues e-mailing beacuse their server is some non-compliant piece of shit Oct 06 20:52:32 dvorak keyboard ftw Oct 06 20:52:48 i specifically said "your server is violating the standard" and the word violate really popped out to him. he suddenly thought that something illegal was happening Oct 06 20:52:58 and asked if he should contact the authorities hehe Oct 06 20:53:03 what a doofus Oct 06 20:53:09 HTTP police Oct 06 20:53:24 ahhh L`Équipe :-) Oct 06 20:53:56 no, L'Équipe Oct 06 20:54:17 L'Équipe - copy and paste :D Oct 06 20:54:22 lol Oct 06 20:54:45 anno^da_, your encoding must be wrong :) you give me garbled text Oct 06 20:55:02 romainguy: do you get encoding errors as well ? Oct 06 20:55:09 not at all Oct 06 20:55:21 is it so hard to type L'Équipe? Oct 06 20:55:22 pjv: You're encoding must be wrong :-) Oct 06 20:55:38 not really :-) Oct 06 20:55:43 L'Équipe Oct 06 20:55:45 :P Oct 06 20:56:17 * pjv is only seeing unicode boxed when anno^da_ speaks french Oct 06 20:56:17 Au revoir. :-) Oct 06 20:56:22 *boxes Oct 06 20:56:29 L'Équipe, french keyboard :p Oct 06 20:56:47 Hmm well it is UTF8 I dont know. So well I cant change anything about it. :-) Oct 06 20:56:55 oh well, must be my encoding then Oct 06 20:57:44 hmm yeah, I probably have iso8859-15 Oct 06 20:57:56 MIRC probably :-) Oct 06 20:59:56 http://img.skitch.com/20081006-18ietknbmnj3a4m837g4xrpefr.jpg Oct 06 21:00:02 Thats how it looks for me :-) Oct 06 21:01:07 I know how it should look ;-) Oct 06 21:02:03 So now I'm out. :-) Good night guys. Oct 06 21:02:06 Anyone writing a decent irc client for android lol? Oct 06 21:02:28 An irc client is a must besides a decent instant messaging client.. Oct 06 21:02:41 Pidgin or Adium for Android. :-) Oct 06 21:02:55 pjv: how about an ssh client? i can use screen+irssi that way Oct 06 21:03:01 pidgin would be nice, but without the plain text passwords then obviously Oct 06 21:03:39 still not convinced about terminals on android Oct 06 21:03:39 I need ICQ, XMPP, GTalk, GaduGadu :-) Oct 06 21:04:10 xmpp is gtalk. Oct 06 21:04:10 In one application, with one contact list Oct 06 21:04:15 Yeah ok. Oct 06 21:04:35 And tabbed messaging. :-) Oct 06 21:04:56 yeah I couldnt understand gnome releasing their own IM thing in 2.24 recently though: empathy Oct 06 21:05:13 I dont really care about "social" networks like facebook. Oct 06 21:05:22 okay, dumb question: how do you delete a sqlite database programmatically? Oct 06 21:05:31 What protocols does Empathy speek? Oct 06 21:05:42 Just XMPP ? Oct 06 21:05:45 and then you would think "well okay they just changed the frontend" but apparently it also doesnt use libpurple but telepathy Oct 06 21:06:03 almost as many as pidgin + sip I think Oct 06 21:06:54 tomgibara, how about deleting tables? Oct 06 21:06:57 tomgibara, isn't a database just the file? Oct 06 21:07:04 so delete the file? Oct 06 21:07:14 * tethridge is not a sqlite expert Oct 06 21:07:25 * pjv neither Oct 06 21:07:39 I think databases are only created in the databases directory Oct 06 21:08:09 (but I'm not sure about that) Oct 06 21:08:21 databases are created whereever you want them to be. it's just defaulting there because of Android's helper classes Oct 06 21:08:36 jasta: that's what I thought originally Oct 06 21:08:46 and yes, sqlite databases are just files. deleting the file will delete the database, however do note that unlink may not occur until after the file is closed by another process using it. Oct 06 21:08:56 then why when I try to pass in a file does sqlite just die? Oct 06 21:08:57 is there an Bonjour, multicast dns I think, like functionality in Android? Oct 06 21:09:01 or even the same process :) Oct 06 21:09:15 tomgibara: because it's not a sqlite database file? :) Oct 06 21:09:21 or you passed it in wrong Oct 06 21:09:25 Looked around and can't seem to see anything quite the same? Oct 06 21:09:28 hmm Oct 06 21:09:55 dmoffett: there isn't but I was able to use jmdns Oct 06 21:10:24 xavd: thank you. Oct 06 21:11:02 (these sqlite apis aren't good) Oct 06 21:11:43 dbFile = context.getFileStreamPath("caache_"+name+".sqlite"); Oct 06 21:11:49 db = SQLiteDatabase.openOrCreateDatabase(dbFile.getPath(), null); Oct 06 21:11:56 fails Oct 06 21:12:37 sqlite3_open_v2("/data/data/com.smartcapsules.cooking.android.app/files/caache_general.sqlite", &handle, 6, NULL) failed Oct 06 21:13:25 this is after a -wipe-data Oct 06 21:13:42 there are no files is the apps data directory Oct 06 21:16:49 first of all, I use .db, don't think that matters though Oct 06 21:20:55 and dbFile.isFile() is false? (youre asking it to create the file?) Oct 06 21:21:32 there are no files in the apps data directory and I want to create the db Oct 06 21:22:08 does it mention anywhere it can create the file for you? it mentions only creating the database Oct 06 21:22:26 you're right, this part of the API isn't great Oct 06 21:23:17 this must be something so blindingly obvious I can't see it... Oct 06 21:24:13 I hope Bundles are light, I'm abusing them Oct 06 21:25:00 zhobbs: to what end? Oct 06 21:25:29 well, I'm using them instead of Map in a lot of places so I can save state easier Oct 06 21:25:32 tomgibara, tried giving a path that would create the database in its default place (thats ....app/databases/ instead of ....app/files/ right?) Oct 06 21:26:11 pjv: yes, still fails Oct 06 21:26:59 zhobbs: I would guess they are heavier than maps, since they need to store (or at least check) the 'object kind' Oct 06 21:27:41 tomgibara: they don't store it Oct 06 21:27:54 they just check it with a cast Oct 06 21:28:08 when you call a get*() Oct 06 21:29:51 romainguy_: is it backed by a map, or is it its own more efficient implementation (since it doesn't need all the map semantics)? Oct 06 21:30:10 it's just a Map Oct 06 21:32:28 tomgibara, btw, I used Veecheck in Android's Fortune, and it works as far as I've tested it Oct 06 21:32:31 okay, my questions are getting dumber as I get more tired... do you need to do anything 'special' other than call: SQLiteDatabase.openOrCreateDatabase(name, null) to create a sqlite db? Oct 06 21:32:37 pjv: great Oct 06 21:33:19 I can't believe I'm asking these questions, since I've already written several apps that use them?!? Oct 06 21:33:29 is this becoming a question about succesfully creating *any* database? Oct 06 21:33:34 yes Oct 06 21:33:48 then why not do as in the Notepad sample? Oct 06 21:34:03 This fails: http://pastebin.com/m4dbacfab Oct 06 21:34:52 10-06 22:25:29.172: ERROR/Database(11630): sqlite3_open_v2("dummy", &handle, 6, NULL) failed Oct 06 21:35:36 you're using the lower level calls I've never used so can't really help Oct 06 21:35:44 win 17 Oct 06 21:35:46 how about just .create(null)? Oct 06 21:35:55 for an in-memory one Oct 06 21:36:58 or use SQLiteOpenHelper as in Notepad? Oct 06 21:38:06 pjv: I just shouldn't need SQLiteOpenHelper, it will mess with the semantics of the code I already have (which worked until it decided not to) Oct 06 21:38:15 heh there is an error in the android generated javadoc: http://code.google.com/android/reference/android/database/sqlite/SQLiteOpenHelper.html : ERROR(/com.google.provider.NotePad.NotePadProvider) Oct 06 21:38:56 I know I know, it should just work, at least if you interpret the comments the way we do currently Oct 06 21:43:46 I noticed on the sdcard is pretty much a blank file system. Is there a standard for where a particular app should put app related files? Oct 06 21:43:46 tried the full absolute path? (SQLiteDatabase db = SQLiteDatabase.open("/data/data/PACKAGE_NAME/ Oct 06 21:43:46 mydatabase.db", null); ) Oct 06 21:44:20 pjv: yes Oct 06 21:44:54 Can no one step forward and show me where the bug is in this simple example then? http://pastebin.com/m4dbacfab Oct 06 21:45:08 tried deleting the cookingwhatever dir and the files dir within? Oct 06 21:45:36 pjv: have tried -wipe-data (twice) - that should do it Oct 06 21:49:24 tomgibara: I can't really see the problem you are having but here is the code I use to open a db. Oct 06 21:49:51 http://pastebin.com/d711edadf Oct 06 21:50:23 Can't take credit for the code though. I copied it from example. Oct 06 21:50:43 dmoffett: thanks, I was trying to avoid SQLiteOpenHelper, I'm starting to think I may have to cave in on this Oct 06 21:51:23 What the hell could be simpler than: SQLiteDatabase.openOrCreateDatabase(getDatabasePath("dummy.db"), null); on a freshly wiped emulator? Oct 06 21:51:36 or wait for the source code and see how google does it in SQLiteOpenHelper Oct 06 21:51:49 maybe it has something to do with needing a context? Oct 06 21:51:53 I can't wait that long in this instance Oct 06 21:52:40 dmoffett: I should have one in the onCreate of an Application component Oct 06 21:53:18 right but I notice that DatabaseHelper seems to need a reference. Oct 06 21:53:42 yes, hmmm... Oct 06 21:54:46 I assumed that was because it needed the context to obtain the path Oct 06 21:54:59 here I'm in the context and can call getDatabasePath(...) Oct 06 21:56:19 I found your delete I think: getApplication().deleteDatabase(name); ?? Oct 06 21:56:54 tried : getApplication().openOrCreateDatabase(name, mode, factory) ? Oct 06 21:57:18 pjv: no Oct 06 21:58:35 \o/ that works Oct 06 21:59:24 it works? great, now file a bug report... Oct 06 22:01:56 Perhaps they left the static SQLiteDatabase exposed accidentally Oct 06 22:02:22 perhaps, you clearly need to call it on context Oct 06 22:03:45 I need to give credit to this guy allthough it looks like an earlier SDK: http://groups.google.com/group/android-developers/browse_thread/thread/f4c591cea63aba86/07b0a89285fba21c Oct 06 22:07:18 gtg, goodnight Oct 06 22:51:34 where can i download the android os source? Oct 06 22:51:48 You can't yet Oct 06 22:51:57 so how do i download the os Oct 06 22:52:38 Download the SDK Oct 06 22:52:46 can i download the os?...like if i build an app for android how do i test it...or if i want to port the os to a device how do i get the code Oct 06 22:53:07 or...how do i install the os on my device Oct 06 22:53:22 monstrMobile: the SDK will let you develop test apps Oct 06 22:53:28 develop/test Oct 06 22:53:30 i just downloaded the sdk...but i want the os Oct 06 22:53:37 Use the emulator Oct 06 22:53:45 how do i get that? Oct 06 22:53:53 sorry i am a noob at android Oct 06 22:54:04 I suggest searching "android" on google Oct 06 22:54:22 i have...all i can find is the sdk Oct 06 22:54:26 please help Oct 06 22:54:34 just point me in the right direction Oct 06 22:54:37 The emulator is in the SDK, did you even try to use it after you downloaded it? Oct 06 22:55:00 just unzipped it....but thank you. Oct 06 22:55:30 so how are people able to port android without the source Oct 06 22:55:57 monstrMobile, the source will be released when the phone comes out Oct 06 22:56:21 but people are porting android right now...how so Oct 06 22:56:41 some of the porting is at a low kernel level Oct 06 22:56:47 which the kernel sources are already opensourced Oct 06 22:57:04 http://git.android.com/ Oct 06 22:57:10 i see....makes sense....thank you Oct 06 22:57:52 thanks umdk1d3 Oct 06 22:59:45 umdk1d3: how's the job hunt going? Oct 06 23:00:08 lol its not really a hunt from my side of things ;) Oct 06 23:00:54 the emulator takes a while to boot Oct 06 23:02:07 im gonna get my G1 at bestbuy. whoho Oct 06 23:06:28 is it 30 or 90 days after the contract you can get them unlocked? Oct 06 23:07:09 i have a feeling there will be a real scarcity of devices, making it even harder for developers to get their hands on one Oct 06 23:07:33 i agree. i want to stay on my prepaid setup but i want data service as well Oct 06 23:07:50 and id be all for helping get a phone to another dev, if the process is pretty easy Oct 06 23:08:02 tmob kindof stiffs the prepaid guys, no data, no sms shortcodes Oct 06 23:08:20 whats a shortcode? Oct 06 23:09:05 text "OBAMA" to 55123 to vote Oct 06 23:09:55 o.o Oct 06 23:10:12 text "RONPAUL" to TUBES to vote ;) Oct 06 23:11:16 bah /me goes to find food Oct 07 00:32:28 you gotta be kidding me Oct 07 00:32:35 not once when i was writing any of this code did i bother to test with oggs Oct 07 00:32:43 and of course, it's broken. Oct 07 00:33:23 hmm. Oct 07 00:34:35 so, if you support playing oggs from disk...how is it exactly that you could manage to not support streaming them from an http url? Oct 07 00:53:58 hehe... Oct 07 00:54:06 http://www.techcrunch.com/ -- top story is my buddy's app Oct 07 01:08:05 is there a good android example of how to do that store/market style of list? icon + a couple lines of text or ratings and so on. Oct 07 01:09:32 shouldnt really need an example of that. it'd be pretty easy to do with a SimpleCursorAdapter and a LinearLayout Oct 07 01:09:42 or a couple of LinearLayouts anyway :) Oct 07 01:09:50 * taaz still a newbie with this stuff Oct 07 01:09:59 i figured that was how to do it Oct 07 01:10:50 what about loading the images from the net lazily? Oct 07 01:10:59 Api Demos has quote a few list exampes. Views/List/ Oct 07 01:11:24 taaz: that's a bit more complex a topic, but still the algorithm should be prtty intuitive Oct 07 01:12:14 taaz the api demos also has couple of Adapter demos as well. Oct 07 01:13:33 i can think of plenty of algorithms... i'm just not familiar enough with the android api to know which one(s) map well to the api Oct 07 01:15:35 taaz: set temporary images then fire off a thread doing HTTP/1.1 requests, fiting the responses back into the UI Oct 07 01:15:39 thats the best way to do it Oct 07 01:16:15 i guessed as much. was just wondering if there was any magic available. Oct 07 01:16:28 fitting the responses back can be tricky depending on your data set Oct 07 01:16:44 you can inefficiently have your adapter fire notifyDataSetChanged() and then everything will be refreshed Oct 07 01:17:08 or you can use a class i constructed called StatefulListView which will be more efficient but perhaps clumsier in some ways. Oct 07 01:17:47 along the same lines of efficiency issues... how to most mobile apps handle large list data sets? Oct 07 01:18:12 do you mean presenting them to the user or just operating on large data sets in general? Oct 07 01:18:22 like a music app or store and you list all songs with "rock" genre and get 10000 results Oct 07 01:18:31 taaz: ListView handles that properly. Oct 07 01:18:33 re: Oct 07 01:18:49 it reads only so many entries as it needs to display the ones that fit on screen Oct 07 01:19:08 so if you use a database cursor, you will be able to accomplish this effect very efficiently Oct 07 01:19:31 (or some other backing structure which will not require O(n) performance for accessing the set) Oct 07 01:20:58 There is an example of an Efficient Adapter in the Api Examples as well. Oct 07 01:21:10 i guess this will all get tricky since i'm looking at the dataset being on a server and you can only load so much at a time Oct 07 01:21:31 taaz: then implement paging. umdk1d3 has a project using this going on right now actually Oct 07 01:21:43 which i thinking would involve some extra smarts to preload things a bit Oct 07 01:21:56 he attaches a scroll listener and when you scroll to the end of the list it adds a little "loading" bar at the bottom and fetches the next page of results Oct 07 01:22:00 then expands the list when they come in Oct 07 01:22:20 jasta: yeah, this all seems like something that will be so common there should be a pseudo standard lib for it Oct 07 01:22:29 repeat for as large a list as the user wants to explore. you would implement windowed paging so as they scroll down eventually data will roll off from the beginning of the list Oct 07 01:23:13 it's not that hard to implement, but it would be difficult and somewhat bloated to generalize it into Android i think Oct 07 01:23:25 the ListView is already bloated enough as it is ;) Oct 07 01:25:11 there are lots of REST apis out there for large datasets that will need something similar. custom query, offset, limit, class to view items, and some prefetch hints. Oct 07 01:25:27 would be nice to have a common UI for such things Oct 07 01:27:16 well,maybe you could generalize it then? Oct 07 01:27:25 and distribute something yourself for other devs to use. Oct 07 01:27:47 i will need something like that for my project soon, so by all means :) Oct 07 01:28:06 ok, but don't count on "soon" :) Oct 07 01:29:52 hello Oct 07 01:30:04 had a question about communication between activities Oct 07 01:31:20 can an activity which starts another activity via intent communicate with that other activity? Oct 07 01:34:50 what are you trying to accomplish? Oct 07 01:35:16 communication directly between two activities is somewhat weak, although there is some information that can be passed. there are, however, other ways to pass information. Oct 07 01:42:13 how do you do it? Oct 07 01:43:21 jasta? Oct 07 01:43:22 just explain what youre trying to accomplish and i can offer a recommendation Oct 07 01:45:37 i getDecorView from the subactivity Oct 07 01:45:46 to display the view in the main activity Oct 07 01:45:58 i'm wondering if i can pass in parameters to the subactivity Oct 07 01:46:10 yes, through the intent Oct 07 01:46:24 what about after the activity is launched Oct 07 01:46:24 intents can carry arbitrary parameters through extras and to some extent through data. Oct 07 01:46:29 yes, i know that Oct 07 01:46:39 i meant after starting an actiity Oct 07 01:46:40 vity Oct 07 01:46:54 if two activities need to communicate then you probably need a service of some kind. please try to be more specific and i can be more helpful. Oct 07 01:47:25 okay, that's pretty much all i needed to know Oct 07 01:47:31 thx Oct 07 02:01:20 does anyone know how to use SQLite3 transactions with a ContentProvider? is that concept basically not workable? Oct 07 02:56:41 /quit **** ENDING LOGGING AT Tue Oct 07 02:59:57 2008