Java Wins Programming Beauty Pageant, But C and Objective C Gussy Up

admin    IT News, Programming    

The Java programming language, bolstered by the adoption of Android-based smartphones and tablets in the market, has regained the crown as the top language in the Tiobe Programming Community Index put together by programming tool maker Tiobe Software.

The index is based on a number of different factors, including the availability of courses and training, the popularity of searches in Google, Bing, Yahoo, Amazon, YouTube, and Baidu search engines, and the number of engineers with specific programming skills based on their employment and job searches. The Tiobe Index has been around for more than a decade, and it is as much for fun as it is for information.

Java was the number one language in the Tiobe Index for February, with a rating of 18.4 percent, up 1.34 points over the past year. C was second with a 17.1 percent rating and climbing 56/100ths of a point, followed by Objective C, with a 9.8 percent rating but climbing 2.74 points. (Objective C is the variant of C that is used on Apple iOS.) Objective C has jumped two spots, passing by C++, the new-and-improved, object-oriented version of C that stopped short of becoming Java, and C#, which is Microsoft’s Java-C mashup for its Common Language Runtime that was supposed to be enough like a JVM to make everyone happy except Sun Microsystems (now Oracle) and IBM. Python, Ruby, VisualBasic.NET, Pascal, Bash, Matlab, and Assembly are all climbing among the top 20 programming languages in the February ranking.

Venerable COBOL has a rating of 0.514 percent among the top 50 languages and ranked just behind the SAS statistical programming language and just ahead of Fortran (used in supercomputers) and the R open source statistical language. Good ole Report Program Generator for IBM i and OS/400 ranked number 38 on the February 2013 list, with a rating of 0.247 percent. It jumps around a lot, sometimes kissing 1 percent. This time around, it is behind Smalltalk and ahead of OpenCL.

My guess is that there are around 15 million or so programmers in the world–meaning people who get paychecks for their work–so if you apply the Tiobe numbers to this figure, you won’t get anything that makes sense. It is commonly believed that there are around 10 million Java programmers in the world, and if you multiplied the Tiobe index against the raw population, you would bet something on the order of 2.7 million Java programmers. Like I said, this is more for fun than fact.

As for RPG, if there are 150,000 customers worldwide as IBM has told us, and the average shop has between two and three programmers (with the so-called CIO being a programmer with system administration and budget responsibilities), then there should be maybe on the order of 300,000 to 450,000 RPG programmers in the world (okay, so maybe 5 percent to 10 percent of them are actually COBOL programmers on the IBM i platform. If you use the Tiobe numbers percent against the raw number of 0.247 percent for RPG, you get a number that is an order of magnitude lower than this. Again, this was meant to be fun.

[itjungle]

Using YAML for Java Application Configuration

admin    IT News, Java, Programming    

YAML is well-known format within Ruby community, quite widely used for a long time now. But we as Java developers mostly deal with property files and XMLs in case we need some configuration for our apps. How many times we needed to express complicated configuration by inventing our own XML schema or imposing property names convention?

Though JSON is becoming a popular format for web applications, using JSON files to describe the configuration is a bit cumbersome and, in my opinion, is not as expressive as YAML. Let’s see what YAML can do for us to make our life easier.

For sure, let’s start with the problem. In order for our application to function properly, we need to feed it following data somehow:

• version and release date
• database connection parameters
• list of supported protocols
• list of users with their passwords

This list of parameters sounds a bit weird, but the purpose is to demonstrate different data types in work: strings, numbers, dates, lists and maps. The Java model consists of two simple classes: Connection

and Configuration, both are typical Java POJOs, verbose because of property setters and getters (we get used to it, right?).

ow, as model is quite clear, let us try to express it as the human being normally does it. Looking back to our list of required configuration, let’s try to write it down one by one. 1. version and release date

version: 1.0
released: 2012-11-30

2. database connection parameters

connection:
    url: jdbc:mysql://localhost:3306/db
    poolSize: 5

3. list of supported protocols

protocols:
   - http
   - https

4. list of users with their passwords

users:
    tom: passwd
    bob: passwd

And this is it, our configuration expressed in YAML syntax is completed! The whole file sample.yml looks like this:

version: 1.0
released: 2012-11-30

# Connection parameters
connection:
    url: jdbc:mysql://localhost:3306/db
    poolSize: 5

# Protocols
protocols:
   - http
   - https

# Users
users:
    tom: passwd
    bob: passwd

To make it work in Java, we just need to use the awesome library called snakeyml, respectively the Maven POM file is quite simple:

Please notice the usage of Java 1.7, the language extensions and additional libraries simplify a lot of regular tasks as we could see looking into YamlConfigRunner:

The code snippet here loads the configuration from file (args[ 0 ]), tries to parse it and fill up the Configuration class with meaningful data using JavaBeans conventions, converting to the declared types where possible. Running this class with sample.yml as an argument generates the following output:

Version: 1.0
Released: Thu Nov 29 19:00:00 EST 2012
Connecting to database: 'jdbc:mysql://localhost:3306/db' with pool of 5
Supported protocols: [http, https]
Users: {tom=passwd, bob=passwd}

Totally identical to the values we have configured!

[dzone]

PHP 6 Features

admin    IT News, PHP, Programming    

PHP 6′s Status

Several books have already been written and published about PHP 6, such as Professional PHP6 by Edward Lecky-Thompson & Steven Nowicki. Despite this, PHP6 does not exist yet. There is no PHP 6 beta or even alpha. PHP 6 does not exist.

To see that PHP 6 doesn’t exist yet, see PHP’s official Subversion page. Subversion, or svn, is the source code control software used for the development of PHP. There are instructions for getting the code for PHP 5.3 or 5.4, but not for any newer version:

PHP 5.3: svn checkout http://svn.php.net/repository/php/php-src/branches/PHP_5_3 php-src-5.3
PHP 5.4: svn checkout https://svn.php.net/repository/php/php-src/branches/PHP_5_4 php-src-5.4

As you can see here from the branches in the PHP source code the newest branch is PHP_5_3:

  FIRST_UNICODE_IMPLEMENTATION/	 296285	 16 months	 derick	 - Committing my session cookie patch; it's a bug fix and good to have in the h…
...
  PHP_4_4/	 295390	 16 months	 derick	 - Set-up externals for the Zend engine so 4.4 can at least be build from SVN a…
  PHP_5_0/	 284180	 2 years	 gwynne	 one more attempt at ridding us of some of those annoying mime types
  PHP_5_1/	 284180	 2 years	 gwynne	 one more attempt at ridding us of some of those annoying mime types
  PHP_5_2/	 311125	 2 months	 dmitry	 Fixed crash on recursive error handler invocation
  PHP_5_2_WITH_DRCP/	 284180	 2 years	 gwynne	 one more attempt at ridding us of some of those annoying mime types
  PHP_5_3/	 313616	 31 hours	 scottmac	 When we have a blocking SSL socket, respect the timeout option. reading from SS…
  PHP_5_4/	 313646	 3 hours	 stas	 No E_STRICT in production

(Older code branches omitted for brevity.)

There’s no PHP 6 code branch yet. Notice the FIRST_UNICODE_IMPLEMENTATION branch – the story behind this code branch, and why it delayed PHP 6 follows.

What does exist is an official todo for PHP 6, authored by Andrei Zmievski, which includes a rough list of PHP 6 features in the PHP Wiki.

UPDATE 21 July 2011: Now the PHP 5.4 Alpha has been released, a PHP 6 branch may exist for PHP’s developers without showing up on PHP’s public subversion. The code for PHP 5.4 did not show up on the sites above until the PHP 5.4 Alpha was released.

Reasons for Delays to PHP 6

The reasons for the delay to PHP 6 appear to be:

1. Issues with Unicode support: The development team initially decided to use UTF-16 internally in PHP 6. This causes double memory usage for strings, more CPU usage and increased complexity of coding PHP 6. Using UTF-16 apparently took a lot of fun out of developing PHP, caused tension amongst PHP’s developers and slowed development. The choice to use UTF-16 was aborted by Rasmus Lerdorf, creator of PHP, in 2010. The developers restarted the Unicode implementation.
2. PHP 5.3 took some PHP 6 features: PHP 5.3 included many of the features slated as desirable for PHP 6. This removed a lot of momentum for PHP 6.
3. High Hopes: PHP 6 is a major version number change. It’s possible in a major release to make significant changes, including making breaks from the past. Agreeing and delivering major changes can take some time.
4. Feature Set Not Finalized: Agreement hasn’t been reached on the features in PHP 6.0.
5. Lack of Urgency: PHP works very well. There are no burning issues forcing the release of PHP 6.
6. PHP 5.4 takes some PHP 6 features: Rasmus Lerdorf previously stated, when he scrapped PHP 6′s original Unicode implementation, that there may be a PHP 5.4 yet, or PHP may go straight to version 6. Jani Taskinen created a PHP 5.4 development branch on 11 March 2010, but this appears to be due to frustration as being able to move PHP’s development forward. The PHP 5.4 code branch is no longer there. There is however an official PHP 5.4 todo wiki, with Stanislav Malyshev as the tentative release manager. So it looks there will be PHP 5.4, which would push out the PHP 6.0 release further. UPDATE on 24 July 2011: The PHP 5.4 Alpha has been released, and it includes some features originally targeted for PHP 6.0, such as traits and the removal of register_globals and safe_mode.

PHP 6 Features

The likely set of PHP6 features is:

1. Internationalization: Native Unicode – UTF-8 – to the core (strings, APIs).
2. Performance: Page level (opcode) caching through moving Alternative PHP Cache (APC) into the PHP core. Native application caching.
3. Break to label: Sending a break to a label (like a goto).
4. Enhanced array indexing: Array indexing can be used to substring or take an array slice.
5. Removed features: Magic quotes will be removed.

The are quite a few more minor features and changes in PHP 6.

[smartwebdeveloper]

5 Rules For API (Application Programming Interface) Management

admin    IT News, Programming    

APIs are the glue that connect apps. It’s as true for consumer apps as it is for the enterprise. API management platforms have come into vogue as apps proliferate across the enterprise.

As APIs rise in importance, so has the need for better practices in their creation, development and management. All the major API management services have built strategies that they use as guiding principles when working with customers.

Mashery CEO Oren Michels provided me with an overview of API management that I think also applies to other service providers such as Apigee, Layer 7, Mashape and SOA Software.

These five rules are by no means the final say on API management, but they do provide context for the overall market:

1. Design

Make the APIs accessible to different classes of developers and partners. Develop security policies, usage policies, selective access to data and services. Both Layer 7 and SOA Software cite the need to serve the different constituencies of the enterprise.

Layer 7 Co-Founder and Chief Strategy Officer Dimitri Sirota:

It needs to address each constituency or user group engaged in building and running an API. These include API Architects / Developers, Security Architects, IT Operations and Business Analysts (API marketers). The Layer 7 platform has a product component that addresses each of these stakeholders (API Gateway, API Identity Broker, API Service Manager, API Developer Portal).

A platform by definition needs to be extensible. There needs to be a way to build on top of it. This requires both product APIs and SDK (developer toolkit). Layer 7 supplies both.

Michels adds that it is less about the IT person than the partnerships between IT and the business groups:

Enterprise API Management must include the entire Enterprise, not just the techies in IT. The SOA solution, and the other gateways as well, is focused on the IT person and not the business owner of the API program. This is reflected in the UI that they present in their free version as well as their language that includes things like “policies”; too much of the business rules are codified in complex policies that require a technical expert to really use.

The latter point is particularly important. We’ve been selling API management into the enterprise for five years, and we have yet to see a situation where the tech people are not partnered with business people who have a vested interest in – and will need to manage a big part of – the API management platform.

2. Documentation

To make APIs accessible, offer documentation and communication tools to make it easy to create and manage the applications built on the API itself. Twitter did this very well as a young company but has faltered in its developer communications.

API Evangelist Kin Lane:

Communication, communication, communication! Twitter started fumbling here in March 2010….and continued to do so with each release.  What Twitter is doing is speaking to their developer ecosystem, not communicating with.  We are in the age of social media, we need to have conversations not just an outward broadcast of information.

Include developers in the API roadmap.  If your going to do an API, have a process for bringing the heavy consumers into the product development process.  You don’t have to do everything they say, but make the process inclusive.  Otherwise they will revolt.  Twitter used to be good about this until Dick took over.

You can’t reap the benefits of an API ecosystem, and not return value to the community.

3. Analytics

Michels said to think about the collection and processing of all the statistics associated with the use of the API, with an eye toward supporting and encouraging effective usage and discouraging/limiting usage that is counter to your business or technology goals.

Apigee has focused significant efforts on its data analytics practice as illustrated in its most recent focus on building APIs for software-defined networks. Here is what I wrote earlier this Fall about the Apigee strategy:

Apigee’s API platform for multi-vendor SDN is stand-alone software that can integrate network management systems with SDN controllers from multiple vendors through real-time API transformations. This software includes network analytics, enabling dynamic policies on the controller itself, as well as network-based programs that can use trends to trigger a change in network behavior. Apigee’s software reads network traffic into a domain model and publishes network traffic analytics as an API.

Sam Ramji, vice president of strategy at Apigee, maintains that analytics will help determine how the infrastructure adapts to different data flows. It’s a view that reflects how software is replacing hardware and the role that data plays in the way apps are calibrated.

Mashape takes a different view, seeing itself as a Google of APIs, offering analytics as a commodity service. CEO Augusto Marietti:

For us the analytics, and all the management things are more like a commodity that we give it for free, just to have more and more distribution and more and more consumption. It’s like Google, that gives you Google Analytics for free, because it helps AdWords as side effect. We’re like an object broker for the cloud computing era. We unify the jungle that the API world is. API consumers have one single API key, consumer console and credit card to consume them all, in the same way.

4. Universal Access

Provide seamless and simple support of the various architectures used by the enterprise, whether public cloud, private cloud, on-premise, or a hybrid of several of these.

5. Uptime

High uptime, easy scalability, and redundancy that handles traffic spikes, works around temporary failures in the enterprise backend, and fails gracefully in the event of a backend outage. SOA Software’s Ian Goldsmith said this for a post I wrote this week about the company’s new enterprise API management platform:

SOA fits the needs of enterprise architects and developers – people who have spent years building extensive infrastructures that can encompass hundreds of software stacks. How to access the data from these stacks is a challenge. Many were architected before APIs emerged as common ways to integrate applications. SOA, as expressed in the name itself, comes out of that age when the principles of “service-oriented architectures” were viewed as the most modern way to integrate multiple on-premise applications into a web environment.

 

[techcrunch]

Kelebihan fitur dari di HTML 5

admin    IT News, Programming    

Apakah anda sudah menggunakan HTML5?  mungkin kita punya beberapa alasan untuk belum menggunakan HTML5 ,yaitu tidak bekerja di IE. HTML5 adalah revolusi kebutuhan web yang dibutuhkan oleh pengguna. Faktanya adalah, HTML5 adalah masa depan apakah kita suka atau tidak, kita harus tetap mengikuti perkembangannya. Sebenarnya  HTML5 tidak sulit untuk digunakan atau dipahami. Beberapa  alasan untuk mulai menggunakannya sekarang.

1. Accessibility

HTML5 membuat membuat situs lebih mudah diakses karena dua alasan utama: semantik dan ARIA. Tag Baru (beberapa) untuk HTML pos seperti <header>, <footer>, <nav>, <section>, <aside>, dll memungkinkan browser untuk mengakses konten dengan mudah. Sebelumnya, kita hanya menentukan hal tersebut dengan tag <div> dan menggunakan atribut id ataupun class. Dengan tag html5 yang baru browser dapat memeriksa dokumen HTML dengan lebih baik.

ARIA adalah spesifikasi W3C yang mempunyai peran spesifik dalam mengatur elemen-elemen dalam dokumen HTML. Untuk lebih dalam diskusi mendalam tentang HTML5 dan ARIA silahkan kunjungi url WAI ini.

2. Video and Audio Support

HTML5 membuat video dan audio anda benar-benar diakses dengan tag <video> dan tag <audio>.  Tag video dan audio ini dibuat hampir sama dengan tag untuk image/gambar yaitu :<video src=”url”/>.  Tapi bagaimana dengan semua parameter seperti tinggi, lebar dan autoplay? Jangan khawatir sobat, kita tinggal mendefinisikan atribut-atribut dalam tag seperti halnya elemen HTML lainnya : <video src=”url” width=”640px” height=”380px” autoplay/>.

Meskipun HTML5 telah dikenal luas oleh para pengembang web sejak lama, HTML5 baru mencuat pada April 2010 setelah CEO Apple Inc., Steve Jobs, mengatakan bahwa dengan pengembangan HTML5, “Adobe Flash sudah tidak dibutuhkan lagi untuk menyaksikan video atau menyaksikan konten apapun di web”.

Tujuan dibuatnya HTML5 antara lain:

Fitur baru harus didasarkan pada HTML, CSS, DOM , dan JavaScript. Mengurangi kebutuhan untuk plugin eksternal (seperti Flash). Penanganan kesalahan yang lebih baik. Lebih banyak markup untuk menggantikan scripting. HTML5 merupakan perangkat mandiri.

Fitur baru dalam HTML5:

Unsur kanvas untuk menggambar.Video dan elemen audio untuk media pemutaran.Dukungan yang lebih baik untuk penyimpanan secara offline. Elemen  konten yang  lebih  spesifik, seperti  artikel, footer, header, navigation, section. Bentuk kontrol form seperti kalender, tanggal, waktu, e-mail, URL, search.

Beberapa kelebihan yang dijanjikan pada HTML5:

Dapat ditulis dalam sintaks HTML (dengan tipe media text/HTML) dan XML. Integrasi yang lebih baik dengan aplikasi situs dan pemrosesannya. Integrasi (‘inline’) dengan doctype yang lebih sederhana. Penulisan kode yang lebih efisien. Konten yang ada di situs lebih mudah terindeks oleh search engine.

Saat ini HTML5 masih dalam pengembangan, namun hanya beberapa browser sudah mendukung HTML5. Beberapa browser tersebut seperti Safari, Chrome, Firefox, dan Opera. Kabarnya IE9 (Internet Explorer) akan mendukung beberapa fitur dari HTML5.

HTML5 adalah sebuah prosedur pembuatan tampilan web baru yang merupakan penggabungan antara CSS, HTML itu sendiri dengan Java Script. Teknologi ini mulai diluncurkan pada tahun 2009, namun sampai saat ini masih dalam tahap pengembangan. Beberapa kelebihan yang dimiliki oleh HTML5 (sebagai hipotesis awal) adalah:

Cleaner code, karena sebagian besar kode telah termasuk di dalam sintaks html5, maka kode nampak terlihat lebih sederhana daripada penggabungan antara html, css dan java script.

Greater consistency, HTML5 telah melakukan banyak sekali penambahan sintaks yang dibuat dalam struktur lebih baik dan lebih sederhana daripada sintaks-sintaks sebelumnya. Hal ini membuat developer terbantu dalam meningkatkan konsistensi dalam membangun sebuah web.

Improve Semantics, dengan berbagai elemen kode di dalam html5 yang telah distandarisasi, maka nilai semantik dari sebuah web dapat lebih ditingkatkan. Itu berarti bahwa bagian-bagian dari web seperti header, nav, footer dan beberapa bagian lainnya terdefinisi dengan jelas maksud serta tujuannya selain itu juga terbentuk dalam sebuah “machine readible format”

Improved Accessibility, dengan teknologi HTML5 yang memudahkan struktur pembangunan sebuah web, maka developer dapat membangun pemahaman yang lebih detil mengenaik halaman web.

Client-side Database, HTML5 menyediakan model database SQL yang baru dengan API yang dapat dibangun dalam konsep lokal, dalam hal ini di sisi client.

Geolocation, HTML5 mempunyai API yang terintegrasi terhadap geolocation, fasilitas tersebut dapat diakses melalui GPS atau fasilitas lain seperti Google Latitude pada iphone.

Offline Aplication Cache, pengguna dapat terus melakukan interaksi dengan aplikasi meskipun mereka terputus dari jaringan internet.

Smarter Forms, terdapat semacam reguler expression (regex) yang membuat form mampu mengenali secara lebih baik tentang input, validasi data dan interaksi dengan elemen lain (misal : format email, password dll)

Sharper focus on Web Application Requiments, HTML5 membuat sebuah mekanisme yang lebih mudah dalam hal pembuatan front end, aplikasi chat, tools drag and drop, video player, pengolah grafis dan masih banyak lagi.

[eximiusmedia]

25 web development tips to boost your skills

admin    IT News, Programming    

Professional developers share tips and tricks from an accumulated century of hard won experience

It’s often said that there’s no substitute for experience – but there are shortcuts to it. We spoke to seasoned developers; people who toil over loops and slave over attributes day in and day out. This collection of tips comes straight from the code-face.

Overflowing like an inadequately specified buffer, a googolplex of know-how has been filtered to bring you 25 fine features, tricks and tips. There are open source services that developers keep quiet about, mobile programming hacks and responsive development tips.

We’d heard a few of these stellar secrets before, but many were brand new even to us. We’re sure that you’ll find more than one or two to add your toolbelt.

Coding

1. Clear lists

Clearing floating elements is part of the grind for most web developers. We can still get caught out though. For example, how do you clear floated list elements without setting a height? “The answer to this little dilemma is actually really simple,” says Rhys Little of Plug and Play, “Just add the following two CSS properties to any list container with floated list elements.”

If you check the list container now with any DOM inspector you’ll find that the height attribute has automatically been calculated – and that fixes the issue.

2. Sandbox

If you want to develop techniques, CSS effects or new kinds of transition, for example, do it as a sandbox project. “Keeping experimentation uncluttered by outside influences makes the code much easier to debug if something isn’t working as expected,” says Creative Director Shane S. Mielke.

3. Web inspectors

Developers differ on which web inspector is best, but they all agree that we struggled before our favourite browsers had them.  New Context’s Paul Wilson points out that you can preview CSS changes live in Chrome or Safari. Right click on an element, and choose ‘Inspect Element’, says Wilson, “All the applied CSS will be shown in the right inspection pane. You can edit or add new elements here, to see the effects of your changes.”

The web inspector isn’t accessible by default in Safari on the Mac. Enable it by going to Preferences >Advanced>Show Develop menu in menu bar.

4. Firebug and beyond

Chrome and Safari have a web inspector built in, but Mike Ballan, Digital Designer at Jellyfish stands by the original Firefox Developers Toolbar. “It’s the perfect thing to detect those little CSS problems when testing your site in multiple screen sizes,” says Mike.

“Firebug has just added the ability to display multiple screen sizes in one browser tab too – which means you will never need to change your browser’s width to test your site again.”

5.  One thing at a time

Ben Howdle, developer of Didlr at wapple.net, says he cannot stress the importance of the Single Responsibility Principle enough. “Every object in your code should have one function. Even with CSS. Don’t put all styles onto a .button class. Split it into .button-structure and .button-face and so on…”

Why? Because if you don’t do that and something breaks, you’ll have a heck of time tracing back through your code, finding which object is the problem – and whether the bug is inherited from higher in the DOM.

6. Can you code it?

Ben also thinks that falling back on frameworks and libraries isn’t always the best answer. “If you’re coding a small project and always, for example, include jQuery, think ‘Can I do this with Vanilla JS?’” You may find that, indeed, you can do it in JavaScript, better and faster.

Project Management

7. Get Git

If you’re working on big projects, you need a robust versioning system. Many devs swear by GitHub, but there’s a downside if your project is private. Your code is hosted on GitHub’s servers and publicly available. The folks at Plug and Play recommend GitLab.

“GitLab is very similar to GitHub but is completely open source and free to set up on your own servers,” says Rhys Little. “The best set-up for GitLab is to use NGINX with Unicorn to improve performance and speed – but Apache with Passenger will work as well.

“The biggest advantage of this arrangement is that all your code is backed up each time you commit, with a really useful diff viewer so you can see what has been changed on each commitment.”

8. Commented code

Team workers in particular, remember that other people need to understand your code – use your resources and work through your files. “Don’t be Lazy,” says Shane S. Mielke. “Always comment your code, name your layers and organize your PSDs and FLAs. The more organised your files are the easier it is for you or others to jump in and understand where things are at and how they work.”

9. Secure your site

Before you go live with a website, be sure to run it through ASafaWeb.com (pronounced A-Safer-Web). “This site, written by Microsoft MVP Troy Hunt, scans ASP.NET websites for a range of common security issues,” says .NET dev Macs Dickinson. “Should you fail any of the tests, it will advise you how to resolve the problem.”

10. Automate

“Don’t waste time deploying or manually running unit tests. Automate it,” says Macs, “Time spent getting to grips with NAnt or MSBuild is time well spent as it will decrease the number of hoops you need to jump through when that deadline is looming.”

11. Team tracker

The team at Unboxed Consulting use Pivotal Tracker and Pivotal Booster for project management and feature/bug tracking. “There are other tools for this but Pivotal Tracker is a the simple, lightweight options,” the team told us. “We regularly use it to track progress through projects.”

12. Perfect pictures

Pixel Perfect is a tool Unboxed use for comparison of initial designs with the actual front-end that the development process spits out. “This little Firefox plugin allows you overlay a jpeg version of your designs right on top of the page,” say the Unboxed team. “You can check down to the last pixel that everything lines up!”

13. Dotted lines

Unboxed has a smart, intuitive idea for tracking progress in coding pages. “Sometimes working on the front end we use an ‘incomplete’ or ‘todo’ CSS class which gives a dotted outline to elements which don’t work or are unfinished,” the team tells us. “We can clearly see what needs work before going live.”

Mobile

14.  Active phone numbers

“Most mobile devices have the ability to make calls, so take advantage of that in your page code,” says Mike Ballan. Wrap the number in the <a href> tag. Instead of http:// as the protocol you use “tel:”

Here’s what that might look like:

15. High or low?

Is your site ready for retina screens? Don’t think you’re OK just because the numbers are on your side right now, because it won’t stay that way forever.

“There are a couple of solutions for switching images depending on response to screen resolution,” says Mike. “There’s the JavaScript framework retina.js which uses Apple’s @2x naming convention to swap out standard images with hi-res versions.

“It’s also possible to supply high-res images to iOS devices using webkit-image-set”. Here’s how:

16. Fixed position

Want to have fixed navigation or a contact bar at the bottom of your site? When it comes to mobile, you’ll have to keep in mind that only a few browsers support the ‘fixed’ class. “Windows Phone 7 will replace the ‘fixed’ class with ‘static’ – which isn’t a good thing,” says Mike.

Here’s his list of mobile operating systems that support the ‘fixed’ attribute in CSS:

• Mobile Safari iOS5 and above
• Android 3 and above
• Blackberry 7.0 and above

Shortcuts

17. Sprite me

Turn buttons, icons and backgrounds into sprites to speed up page downloads. Combining multiple images into one file reduces the number of requests the client must make to your server. “Some developers will group images by type,” says Rhys Little, “Others will just combine everything into one file”.

You then use the CSS background-position attribute to just show the portion of the image you want. The image downloads once, is cached once and requested once. If that sounds like too much hard work, use online tool SpriteMe to do the donkey work. It scans your page for images it can combine and generates the CSS for you.

18. White space

“Shrinking down the white space and even function names of your JavaScript and CSS will greatly reduce your page load times,” says Rhys. He suggests combining all your JavaScript and CSS into one or two files, then passing those files through YUI Compressor.

19. Actions

Even designers forget how easy Photoshop Actions can make their lives. Developers won’t forget this one: Photoshop Web Workflow.

“Once installed, you click on any layer in Photoshop and hit the F1 key,” says Paul Wilson, “This grabs the layer, puts it in a new document that is the exact dimensions and brings up the Save for Web window”.

A simple sounding sequence, but one that will make background creation, prototyping and sprite making much faster

20. If then

Keir Whitaker of Viewport Industries can’t live without Mac application TextExpander: “It allows you to assign shortcuts to big chunks of text. For example if I want to output the WordPress loop in my code editor I simply type // loop. It works system wide and is a great tool for  building time consuming code structures, like nested lists.

21. Refreshed

Keir is also a fan of CodeKit “If you are on a Mac then CodeKit is a must,” he says, “ The browser reloading feature is worth the small cost alone. It’s also great for image optimisation, and compiling Sass and JavaScript.

22. You’ve all got mail

“It’s a full-time job maintaining your app’s mailing function, so save yourself a headache and outsource it,” says UX Developer Will Grant. Services like SendGrid or Mandrill handle deliverability, spam protection, bounce reports – the lot. “These things are super-cheap or even free for your first few thousands mails.”

Responsive sites

23.  Media queries

“When building responsive sites, media queries are the backbone of the process,” says Mike Ballan, “They match the media type of your device and display the CSS you have declare”. For example:

The code above traps screen resolutions at 1200px or higher and applies the colour red to all body text on the page. If the screen size is less than 1200px it will display black body text.

So far, so simple – but seasoned devs know that this process can soon get cumbersome as you struggle to please all of the people all of the time.

“Use a CSS Framework like Amazium” says Mike. It replaces the need to write a billion different media queries with simple, semantic classes

24. A heavier choice

If a more heavyweight framework is required then Twitter’s Bootstrap or ZURB’s Foundation might do the trick.

25. Turn things off

“When making responsive sites, you don’t really want users to be able to double tap and zoom, as all your content should be visible,” says Mike Ballan, “To do this you will need to add some code that disables user zooming and scaling”.

This code will also enable iOS device to display sites more elegantly when the iPad or iPhone is rotated.

[netmagazine]

SQL Injection Hacker Attacks Are On The Rise. Here’s How To Defend Your Servers

admin    IT News, SQL    

Last week, a hacker group claimed that it breached computer systems at 100 major universities. Team GhostShell gained access to servers at Stanford, Harvard, and the University of Michigan, among others. The technique used, SQL injection, is not new or complex, but reportedly it’s becoming increasingly common. Here’s a quick guide to defending your servers.

Basic Basics

We asked researchers at security firm Sophos to explain what an SQL injection is and how it can be stopped. Before launching into that, though, for laymen, here are a couple things you need to know about an SQL injection before learning how to stop one.

• SQL stands for Structured Query Language. It is an international standard for interacting with databases.
• Statements in SQL can retrieve, insert, create and otherwise change data in a database.
• Code injection is a technique used by hackers to exploit vulnerabilities in a website.

“SQL injection is an old, well established method of attacking systems,” said Sophos threat researcher Fraser Howard. “It consists of inserting malicious SQL statements into an application to cause it to perform some undesirable function.”

Mechanics Of An Attack

Undesirable action sounds nasty. What does it mean exactly? Here are a few examples:

• Dump table (i.e., return a dump of the entire contents of a database table). This is a great way to steal data. Could be used to gain access to a system (dump admin password, then access the system etc.)
• Drop table (delete table contents). Destructive. Attackers do not necessarily gain access to the data, but they can break the system. Data may be irretrievably lost.
• Modify table. Insert additional data into the database table.

Basically, once a SQL injection has its hooks in your database, it can do whatever the heck the malicious hacker behind it wants. Steal your data (most commonly), delete your data, change your data.

“Imagine a website where page contents are stored in a database,” Howard wrote. “When you browse the site, the database is queried, and the page shows you whatever information is relevant. For example, a shopping site. You search for carrots, it queries the database and gets the price. The page you view displays this price.” A malicious hacker using SQL injection could download the store’s entire stock list, wipe it out, and/or change all the prices (or any other category of information).

One further problem with SQL injection not related to theft: Hackers can change the query instructions for a Web application. So instead of the application querying its own server and obtaining information, the query can be sent to a server of the hacker’s choice. This can lead to malware infecting a user’s computer.

Scary stuff, huh?

How To Defend Your Servers

According to Howard, defense against this type of attack is all about the Web application that is the door to the server. Protect that application and you protect the server. In theory, at least. Most organizations likely will remain vulnerable to a dedicated, sophisticated hacker no matter what they do.

Not all hackers are so single-minded, so it makes sense to be prepared. Here are the steps Howard recommends to defend against SQL injection attacks:

• Secure programming. Design applications securely from the start. SQL injection is not new, and there are many books and online resources to help developers build applications that are secure against this attack. The most common vulnerability is an application that doesn’t sanity-check user input such as data entered into Web forms. If the input is not checked, an attacker can use such forms to inject malicious instructions.
• Firewalling. This does not replace secure programming. However, it can add a layer of defense in front of your Web server. Web application firewalls can help to block most attacks.

Many organizations are vulnerable to SQL injections because they outsource their Web application development, rush production, test poorly and take little regard for security. “Recipe for disaster,” Howard said. “Lots of easy targets out there.”

In security, the guidelines are usually pretty simple: Take your time, factor security into everything you do, and use common sense. Security might seem like the boring part of what you do, but if you do not pay attention to it, there is a hacker just waiting to break into your databases and steal, destroy, or alter your data.

[RWW]

Microsoft’s TypeScript Fills A Long-standing Void In JavaScript

admin    IT News, Microsoft, Programming    

The latest language from the company once identified for its programming languages seeks to bring a higher class of developer into the Web apps space, without changing the foundation of the Web… even if such a change wouldn’t be such a bad idea.

Let’s be frightfully honest: JavaScript probably should not have been the first choice for the language of all Web functionality – at least, not without some serious reworking. It became standardized long before it was ever rationalized.  And had rationality been the goal, it should have looked much more like Java than script.

As with so much else on the Web, platform engineers are largely of the mindset that it’s too late to do much about it now. The exceptions are companies whose backbones still have some swagger to them, especially in the face of something new called “competition.” While Microsoft has been taking fewer risks quantitatively of late, the risks it does take have been bigger: the Start Screen in Windows 8, the expansion of Xbox into a media platform, the splicing of Windows Phone with Windows PC, the abandonment of Silverlight in favor of WinRT.

One Giant Step Up From Level II BASIC

Microsoft’s introduction of TypeScript is not that big, and is not really a risk. In terms of product, it’s a free Visual Studio add-on (downloadable here) that enables more learned, professional developers to adopt more formal approaches in producing code for the Web. In terms of marketing, it’s a nearly no-cost way for Microsoft to put its stake in the ground in territory Google has been working to claim for itself.

As a language interpreter, every browser’s JavaScript works like something you’d find embedded in the ROMs of a 1978 hobby shop microcomputer. For example: To have the interpreter hold a value in memory, you declare a variable. The interpreter doesn’t have any idea what to expect for that variable, so it just sets aside a big block of space in anticipation of anything that comes along. Then when you set the variable’s value to “Obama” instead of 8, or instead of $13.50, the interpreter deduces you meant to store a string of text.

This is how a weakly typed interpreter behaves, and it does so supposedly as a favor to you, to save you steps.  The problem is, adding “2012” to “Obama” is a very different thing than adding 2012 to 8.  So if you’ve gathered the contents of a text box named year using something like document.GetElementByID(‘year’).value, and used a + operator to tack that onto your variable, despite the fact that the property is called .value, the likelihood is that it contains text.  So how you use the + operator (as addition or to append) depends on how you used the variable.  If you flip your types, there’s a good chance the interpreter will respond by doing what all JavaScript interpreters do instead of alerting you with error boxes: stop dead cold and do nothing.

TypeScript operates under a different theory:  Let’s presume JavaScript was strongly typed to begin with.  From now on, it’s up to you to explicitly declare your variable types up front before you use them, especially in the context of a function whose arguments or whose interfaces (a concept familiar to C# and Java veterans) are discrete elements of data. If we simply endow the development environment (in Microsoft’s case, of course, Visual Studio) with the rules for strong typing, then it can enforce those rules while you’re coding, instead of setting up a scenario where a misused type could derail the interpreter.

“What TypeScript does is, it basically formalizes a static type system that describes JavaScript’s dynamic types, but it describes them at development time,” says Microsoft Technical Fellow Anders Hejlsberg (known as the “father” of Microsoft’s other big language, C#), in a demonstration video released Tuesday. “And then it can offer excellent tooling on top of that information.” By that, Hejlsberg means that TypeScript presents a method for the developer to express variables, arrays and properties in a non-standard JavaScript way, ignoring JavaScript’s allowances that variables can be basically anything until they’re put to use (“dynamic types”), but whose product is still interpretable by any JavaScript-capable device.

Making The Editor The Enforcer

Here’s the subtle genius of the system: Only the developer uses TypeScript; nothing changes on the client side. The TypeScript rule enforcer in Visual Studio produces JavaScript code, which is then guaranteed not to derail the interpreter with a type mismatch. That code is then embedded into the webpage or the Web app just like any other JS code, because that’s what it is.

This way, as most professional JavaScript developers do, you can use JQuery, Node.js (for server-side code), or any of the functionality libraries that add real value to JavaScript, while adding the ability to call their functions safely. You do need to add interface declarations files to your TypeScript project, but their entire purpose is to ensure that inputs and outputs match the types these libraries expect.

Most object-oriented languages today utilize some notion of class – reusable components made up of functions with specified inputs and outputs, and data with specified types. JavaScript is not object-oriented, which is not really a fault since, arguably, an object-oriented programming interpreter would have been much more complex for Netscape to have implemented. TypeScript adds class, including class constructors, but in such a way that member functions compile down into methods on the prototype, which are JavaScript workarounds.

This sample, from a frame of Anders Hejlsberg’s demo video, shows a column of TypeScript code on the left being live-compiled into JavaScript on the right. Here you see where what a Java or C# programmer will recognize as a member function dist() being rephrased as a member method on the prototype Point.prototype.dist for JS.

TypeScript is far from the first effort engineers have made to add classes and types to JavaScript without impacting what some still call lovingly (for their own reasons) the “standard.” Last year, Google introduced Dart as a kind of JavaScript turbocharger. From the developer’s perspective, Dart would substitute for the JavaScript language, re-introducing aspects of class and typing from Java into the mix; while from the browser’s point of view, the Dart virtual machine would supplement its existing JavaScript VM rather than replace it. The Dart VM “digests” Dart language and produces JavaScript code, so instead of replacing your browser, you add onto it. As its name suggests, Dart is also sharp, providing applications developers with the clarity and exactitude they come to expect from a language capable of running a word processor.

But for developers to get behind any language – even a supplemental one – they need a rich development environment that understands it natively, as rich as Eclipse for Java.  Progress on that front for Dart has been mixed, which is not uncharacteristic of projects at Google.

By comparison, TypeScript has the virtue of inserting itself into an development environment that’s already somewhat rich: Visual Studio. Once the add-on is plugged in, VS 2012 recognizes TypeScript as a formal file type.

Then as you’re developing the script, as this sample from VS 2012 shows, the editor keeps track of the proper types of each variable, even when in this case, it has yet to be assigned a value. Here, pointing to member function getDist() reveals a tip showing it to be a function (the closed parentheses) whose return value is of type number.

Insert Devious Plot Here

Outside of development circles, the conspiracy theory of the day is that Microsoft is seeding the market with proprietary technologies in order to bind them to the company. It is for things such as this that the Recycle Bin was invented. Inside development circles, the allegation is that Microsoft is trying to recast Web standards in its own image, and is demonstrating its disdain for standards by rebuilding them. Such allegations ignore an obvious fact: The caretakers of the JavaScript standard (who use the term ECMAScript to avoid stepping on a trademark that now belongs to Oracle) are doing exactly what Microsoft is doing, and for that matter, Google as well: namely, retrofitting an under-qualified language for Web applications with the tools and reliability features that developers require.

Besides, TypeScript is not the first JavaScript recompiler with type and class support, including within the open source community. CoffeeScript is a highly praised project that expresses statements using tighter code. Meanwhile, Smallscript is a recompiler that borrows elements of Smalltalk, including for expressing data as objects; and the Script# extension for Visual Studio compiles actual C# source code into equivalent JS. None of these are perceived as covert conspiracies.

If Microsoft is guilty of falling into any familiar pattern with TypeScript, it’s that it’s not the first product in its class. What TypeScript has going for it, though, is no particularly good reason not to be adopted by Web apps developers, except for the possibility of a preferable alternative. Standards are for communications systems and interfaces; options are for people. TypeScript is one more option, and in my view so far, a sensible one.

[RWW]

Android Programming with App Inventor

admin    Android, IT News, Programming    

MIT App Inventor, re-released as a beta service (as of March 5, 2012) by the MIT Center for Mobile Learning after taking over the project from Google, is a visual programming language for developing applications for the Android mobile computing platform. It is based on the concept of blocks, and applications are designed by fitting together blocks of code snippets. This may sound like a very childish way of programming, especially for seasoned readers of Linux Journal. But then again, App Inventor will tickle the child programmer in you and make you chuckle at the ease with which you can develop applications for your Android device. In this article, I describe how to use the camera on the Android device, develop e-mail and text-messaging-based applications and also show how to use location sensors to retrieve your current geographical location. Let’s get started.

Getting Started

App Inventor has minimum setup requirements and is completely browser-based. You need a working Java installation on your system, as it uses Java Web Start for its functioning. Point your browser to http://appinventor.mit.edu, and once you sign in with your Google account, you should see a screen as shown in Figure 1. This is called the Projects Page where you can see your existing projects and create new ones.

Figure 1. App Inventor’s Projects Page

Now, let’s develop and deploy an Android application using App Inventor and in the process learn the basic development-deployment cycle. Create a New Project using the New Project button, and enter a name for your project, say “Project1″. Now you should see the Designer window for your project. The Designer window is composed of four sub-components. The Palette on the leftmost side of the window is the placeholder for all the available components for your project. The Viewer is where the application will be designed by placing together various components (this is where you design the user interface for your application). The Components show the currently used components in your project, and the Properties column is where you assign the properties of the components.

First, let me briefly explain the notion of components. An App Inventor project is made up of building blocks called components, such as a text label to display text, a text box to take user inputs, a camera component to click pictures and so on. Currently, you will see a few categories of components—basic components, such as those for user input and display of text to more specialized components, such as those for displaying media and animations, and components acting as an interface to the device sensors. A complete reference for all the components is available at http://appinventor.mit.edu/learn/reference/index.html. Components have associated behavior, methods and properties. Some of the properties can be set; whereas others can be only read.

In this first project, let’s use the following components: Camera, Button and Image. The code usually shows it better, but briefly here is what you’re going to do: clicking the button starts the camera on your device, which you use to click a picture, which then is displayed using the Image component. Here are the steps:

1. Drag a Camera component from the palette to the Viewer. It should show up under Non-visible components below the Viewer. By default, it will be named as Camera1, which you can, of course, change to something else.
2. Drag a Button to the Viewer, and from the Properties, change its Text to “Click”.
3. Drag an Image component onto the Viewer.
4. You can play around with the Screen properties to set things like title, background color and orientation. For the purpose of this project, set the Title to “Click!”.

Figure 2. User Interface for Project1

That completes the design of the user interface (Figure 2). Next, let’s program the components using Blocks.

Open the Blocks Editor, which should start downloading the JAR file for the editor. It will ask you for the location of the App Inventor setup commands if you have not installed them in the standard location under /usr/google. The Blocks Editor for the current project will look like Figure 3. Going back to the description for this project, the goal is to activate the device camera when the button is clicked. This is done with the code block “When Button1.click”, which you dragged from the Blocks pane on the left. When the button is clicked, you want the device’s camera to be activated, so drag the “call Camera1.TakePicture” block inside the previous block. Once the picture is taken, you will want it to be displayed using the Image component. So, insert the block “when Camera1.AfterPicture” into the editor, and then set the “Image1.Picture” to the location of the saved image.

Figure 3. Blocks Editor for Project1

Now that you have designed the user interface and programmed the application’s logic, you’re ready to test it. Go back to the Designer window, and on the right, click on Package for Phone→Download to this Computer. That should initiate the download of the Android package (.apk file) for your project. Now, transfer this file to your Android device, and install it. Then, try it out.

A Peek under the Hood

Now you have designed and deployed your first Android application, and you have used components (the camera component and the image components), assigned them behavior and set properties. If you are familiar with the idea of event-driven programming, you already will have realized that App Inventor is an event-driven programming framework. The event can be the user clicking a button or the reception of a text message. For example, when the button is clicked, an event is said to have occurred, and in response to this event, the camera is activated. Again, when the camera finishes capturing a picture and saving it, the response code uses the image location to display it using an image component.

Earlier, I mentioned that components have associated behavior, methods and properties. You can find these for a component by clicking the component in the Blocks Editor. For example, Figure 4 shows the method available for the Camera component (Camera1.TakePicture) and the behavior (Camera1.AfterPicture).

Figure 4. Blocks Available for the Camera Component

Besides the blocks associated with components, more fundamental programming blocks are available: Math blocks, Logic blocks, Control blocks and others. (I’ll demonstrate using a few of these in one of the projects later in this article.)

Now that you have a basic idea of developing applications using App Inventor, let’s look under the hood a bit, starting from the source. Download the source code for “Project1″ by going to the Projects Page and selecting Project1 and clicking on More Actions→Download Source. That should start downloading the sources in a zip file. When you unzip the file, you will have two directories: src and youngandroidproject. Under the src directory, you will have a subdirectory called appinventor, which houses the subdirectories, and then ai_droidery/Project1 (note that “droidery” is my Google user name). In this directory, you will see the source files Screen1.blk, Screen1.scm and Screen1.yail. Screen1.blk is an XML-based representation of the visual blocks that was created earlier; Screen1.yail is an intermediate language based on the Scheme language used by App Inventor, which is then fed to Kawa to create the Android package for installation on Android devices. The Screen1.scm file is a JSON representation of the components used in the project with details about the components, such as the version information. If you are keen to understand how App Inventor really works, you also may want to check out App Inventor’s source code (see Resources).

Sensing the World Using Sensors

Sensors, true to their names, are the eyes and ears of your Android device. They allow your device to sense the world around it. For example, the location sensor on your device keeps track of your current location information using your mobile and Wi-Fi signal information and GPS data. Other sensors on your Android device include proximity sensors and motion sensors. In this section, let’s use the location sensor on your Android device to write two simple applications that can be used on their own or as a starting point for something more useful and customized. In the process, you’ll learn to make use of a couple more App Inventor components.

E-mail Your Current Location

Consider a not-so-fictional scenario when you might want to tell your friend exactly where you are at the moment so that she can drive down to meet you. Or, you simply may be lost. Either way, the Location Sensor can help. Let’s call this project “LocationOnClickEmail”. The user interface for this project looks like the one shown in Figure 5. Besides the basic components, such as text labels and buttons, add the LocationSensor component (found under the Sensors category) and an ActivityStarter component (found under the Other Stuff category). The ActivityStarter component, which has been named “MailAppStarter” will be used to start the e-mail application on the Android device. For details on the ActivityStarter Component, refer to http://appinventor.mit.edu/learn/reference/other/activitystarter.html.

Figure 5. User Interface for the LocationOnClickEmail Project

Now you need to add the project logic using the Blocks Editor as before. Figure 6 shows the final state of the Blocks Editor for this project.

Figure 6. Final Blocks for the LocationOnClickEmail Project

The application logic can be divided into two steps—obtaining the location using the Location Sensor when the Get Location button is clicked. This is done in the “when GetLocationButton.Click” code block. When this button is clicked, the Location Sensor is enabled. Once the Location Sensor has been able to obtain the location information, it invokes the “when LocationSensor1.LocationChanged” method where the text labels are updated with the location data. Next, when the Email Location button is clicked, the MailAppStarter component’s DataUri property is set to start the mailing application. Here, the recipient is set to “droidery@gmail.com”, the subject to “My Location” and the body of the message to the obtained address. The recipient and subject can be changed in the mailer application on the device.

That completes the current project. For more details on using the Location Sensor and the App Starter components, refer to the App Inventor Reference (see Resources).

Text-Messaging-based Location Sensor Application

In the last application, you initiated the location sending event. What if you want to design an application that will run as a service, such that when it receives a request via text message, it sends your current location to the sender? Even with privacy being such a sensitive issue in today’s connected world, such an application can be useful if you want to make sure your not-so-grown-up kid isn’t lost, for example. In addition to the Location Sensor component, you will become familiar with the Texting component in this application.

Here is the idea: on receipt of a text message with “location” in its body, the application replies with the current location as a text message. The actions taken upon receipt of a text message are shown in Figure 7. This is the core logic for the application. In the “Texting1.MessageRecieved” procedure, the “number” and “messageText” are available as arguments. If the “messageText” is “location”, then check whether the location has been obtained. If yes, then construct a reply using the address and send the text; otherwise, send an error message back as the reply.

Figure 7. Action Taken When a Text Message Is Received

The complete application, along with others, can be downloaded from https://bitbucket.org/amitksaha/articles_code/src. You can upload the source (.zip) archives to App Inventor directly and try out the applications after packaging them. In this article, I have strictly concentrated on using an Android device for testing the applications. For basic uses, you also can use the emulator that is available in App Inventor and also use a live development methodology where you can install the application directly to your device. See the App Inventor Web site to try these out. I tested these applications on my Samsung Galaxy-SII running Android 2.3, but I hope there won’t be any issues with running them on other devices running Android 2.2 and higher.

Looking Ahead

I started this article with the intention of having some fun programming for the Android platform, and I hope it has been so thus far. If you’re interested in looking into App Inventor further, the first things that you might want to check out, apart from extending the projects to something more fun and useful, are the various other components. Of special note is the Data Store component that allows you to store data on the device, the Web components for interacting with remote Web content, other Sensor components and Media components.

App Inventor is fun, but you might feel that although it’s good as a starting point, you would prefer a more traditional programming language as you become more familiar with Android development. Instead of completely throwing your App Inventor project away, consider using the App Inventor Java Bridge to use your App Inventor components while you write Android applications using the more traditional way of programming in Java.

If you feel the need to run your own App Inventor service, the MIT Center for Mobile Learning has made available the App Inventor JARs to enable you to host your own service (see Resources).

If you want to keep exploring App Inventor itself, two excellent books are available: David Wolber, Hal Abelson, Ellen Spertus and Liz Looney’s App Inventor: Create your own Android apps (O’Reilly) and Jason Tyler’s App Inventor for Android: Build Your Own Apps—No Experience Required! (Wiley).

If you enjoyed App Inventor, you might want to look at some other tools for programming your Android device visually, such as DroidDraw and Corona. And if you want to program Android visually on the device itself, check out Catroid.

Resources

MIT App Inventor: http://appinventor.mit.edu

Setting Up Your Computer: http://appinventor.mit.edu/learn/setup/index.html

App Inventor Reference: http://appinventor.mit.edu/learn/reference/index.html

APK File Format: http://en.wikipedia.org/wiki/APK_%28file_format%29

Under the Hood of App Inventor: http://googleresearch.blogspot.com/2009/08/under-hood-of-app-inventor-for-android.html

App Inventor Open-Source Project: http://code.google.com/p/app-inventor-releases

Activity Starter Component: http://appinventor.mit.edu/learn/reference/other/activitystarter.html

App Inventor Java Bridge Project: http://groups.google.com/group/app-inventor-instructors/browse_thread/thread/10a64e64b7886afb

Running Your Own App Inventor Service: http://appinventoredu.mit.edu/developers-blogs/andrew/2011/nov/running-your-own-app-inventor-service

App Inventor Course: http://sites.google.com/site/appinventorcourse

“Android App Development” presentation by Peter McNeil: http://www.cjugaustralia.org/September+2011

Catroid Project: http://code.google.com/p/catroid

Code for This Article (available in the appinventor_article subdirectory): https://bitbucket.org/amitksaha/articles_code/src

[linuxjournal]

New Java Zero-Day Exploit Added to Metasploit and BlackHole Exploit Kit

admin    IT News, Java    

Soon after the world learned about the existence of a new zero-day that affects all the latest Java run-time environment (JRE) versions, researchers started analyzing the exploit, trying to figure out a solution to protect computers against it.

Security experts from Deep End Research have come up with a patch that they’re willing to share with anyone who’s in charge of administrating company networks. In the meantime, until Oracle comes up with a permanent patch, users are advised to disable Java in their web browsers.

In case they need Java, internauts are recommended to use two different browsers, but only one of them with Java enabled. The one with Java should be utilized for operations that require the component, and the browser without Java should be used for regular tasks, such as reading emails (the malicious exploit might arrive via email).

These pieces of advice are very important for the following reasons: the exploit has become public and it has been added to Metasploit. Furthermore, according to Brian Krebs, it’s about to be added to the infamous BlackHole exploit kit as well.

The developer of the BlackHole has told Krebs that the price for such an exploit would be around $100,000 (€80,000).

There is one more noteworthy thing about the new exploit. According to Deep End Research, it doesn’t affect Chrome, but Rapid 7 experts – the ones who contributed to adding the exploit to Metasploit – claim that on Windows XP it works not only on Internet Explorer and Mozilla, but also on Google’s web browser.

“Don’t know, maybe Rapid 7 ‘improved’ the exploit and you can send them your thanks if you wish, but the original exploit does not work on Chrome,” Andre M. DiMino and Mila Parkour of Deep End Research wrote in a post.

[softpedia]