Seva's notes

Wisdom, Awareness, Responsibility :)

Archive for the ‘development’ Category

Android adware removal story

leave a comment »

Yesterday started getting random spam ads on my OnePlus 2​:

  • overlay ads of certain popular junk games,
  • fake desktop icons linking to Google Play Store of same games,
  • fake missed calls linking to there.

It was virtually impossible to figure out the responsible processes without additional tools, mainly due to the hiding tactics of the adware.

To start I tried few most popular adware removers from the store, but they either didn’t detect anything, or crashed during the scan (maybe the adware killed them while they were running).

The first success was brought by Addons Detector (with all advanced detectors enabled). After another fake icon appearance it traced it to com.google.googlesearch (“Search”) which comes with AirPush component.

airpushdetector

Then I googled and found the package at AVG Threat Labs Android App Reports and used AVG to find one more malware process com.android.main.view (“Processor”) which was reported to have AirPlus in it.

The processes were installed as system apps. So the easiest way out was to use Titanium Backup Root Pro I already had installed (my phone is rooted).

After that I tried to dig further to understand how these processes appeared on my phone in the first place. I didn’t install any new apps recently, neither run any updates on root enabled apps. So the adware probably was here, but didn’t expose itself for few months.

I’m very conservative to give root access to software without trust research, but don’t rule out the chance that the junk could be injected with one of the few Aptoide originated apps I experimented with few months ago.

However, since AVG also identified 2 preinstalled bloatware apps to come with other dirty ad frameworks, my current hypothesis is that AirPush crap was on the phone from the very beginning, patiently waiting for its time to activate.

Written by Seva

2015-12-09 (December 9) at 05:33:07

Zend Framework View Script Recursion

leave a comment »

We know that in Zend Framework View Scripts it’s possible  to run in a recursion using a View Helper – either Partial, or Action, or a custom one.

However all of these become a certain execution overhead in case we need just a simple one-time tree traversal. Also for readability purpose, it would be nice to have the recursion defined inline.

Luckily, since PHP 5.3 we can use self referencing closures to define the behavior within the script:


<?php
$showTree = function(array $entities) use(&$showTree) {?>
 <?if(!$entities) return?>
 <ul>
 <?foreach($entities as $entity):?>
 <li><?=$entity->getName()?></li>
 <?=$showTree($entity->getChildren())?>
 <?endforeach?>
 </ul>
<?}
?>
<?=$showTree($this->entities)?>

Written by Seva

2013-04-03 (April 3) at 11:37:04

Making Collective Decisions

with one comment

While preparing to shrink up and replace my single role of Lead Software Architect with a Software Architecture team –

Decision Making

Making architectural decisions might seem easy and fun, but can have multiple consequences which can affect state and integrity of the software, the architecture team, the R&D teams and the whole company. We aim to make the decisions in the most responsible manner with taking all the relevant factors in consideration. Sometimes we do consult wide community of developers and PMs in early stages, sometimes we do that on later stages, but what’s very important, we never attempt to dictate our decision without majority consensus.

The common flow of taking a decision is the following (CRAFT):
  1. Collect information about the subject from provided private and public sources. If necessary, use in-company resources reuse their existing experience.
  2. Research the gathered information and prepare a draft of architectural opinion with a list of alternative solutions and their advantages and disadvantages.
  3. Acknowledge the opinion of all the interested parties. Accept and react on all the provided input.
  4. Finalize the decision and make it effective. Make sure it’s acknowledged, accepted and adopted by all the relevant parties.
  5. Track the execution of the decision. Learn from the experience, reopen the flow if necessary.

Written by Seva

2011-12-13 (December 13) at 10:49:28

Simple No-Framework Object Oriented Multi-Layer MVC Application Example

with one comment

Recently I’ve created the subj. It’s a memory game, written in pure PHP/HTML, called “PHP Memory”.

What was important for me to demonstrate is the next principles:

  1. Even if you don’t use a framework, you should write modular code with appropriate architecture.
  2. Despite that, the application design and code should match its required functionality with no overhead of unneeded patterns and abstraction or preparations for future enhancements, unless they’re planned.
  3. Nevertheless, the code should be readable and maintainable.
  4. The bottom line is – developing a framework versus developing an application are completely different tasks. The strategy and tactics should vary very much. Of course, developers should learn from the frameworks source code, since they accumulate collective experience of great coders, but the ideas implemented in frameworks sometimes not required or even harmful while developing an application.
The demo and source code can be found here.

Written by Seva

2011-08-30 (August 30) at 01:59:26

cURL HTTP1.1 empty POST bug

with 2 comments

Today we spent almost 2 hours on a weird discrepancy between our development and staging environments. It’s pretty rare, that I experience such low level issue, thus in my opinion it’s worth mentioning here.

Last weeks we were busy developing integration to a new data vendor. Everything went well until we deployed the application to stage.
Suddenly we started receiving HTTP status 411 on one of the calls. Since we work with cURL library, which we believed is stable enough, we thought the problem is somewhere between the source code and environment configuration.

Later we found that the same request gets accepted if sent from a client other than cURL (e.g. chrome-poster). The unique about this request is that it’s sent with POST method (the vendor’s strict requirement) but the content body is empty.

In the end we discovered that newer version (since 7.20) of cURL interprets missing body as a negotiation request – sends Expect: 100-continue header and Content-Length: -1.

So, the immediate solution was to send empty content body (zero-length string) to cURL, which aligned the behavior in all the environments.

On the way we discovered a useful option CURLINFO_HEADER_OUT, which enables a possibility to further retrieve the headers sent by cURL to the remote host. From now we use it in our error handling mechanism to trace the sent headers as well.

What can we conclude from this story?

  1. Try to synchronize the software of all of your environments. If possible, use exactly the same version OS version, libraries, tools, etc. It’s very easy if you host your applications on VPS and use VMs for development and staging servers. The least convenient case is when you have OSs of different architecture and (e.g. Windows for development and Linux for production).
  2. Don’t underestimate importance of error handling. Find the optimal level of handling for your application, which will be easily extended and configured.
Hope my sincere advices will help you, my dear friend, to save your precious time.

Written by Seva

2011-08-03 (August 3) at 12:47:35

PHP: array_merge versus array union operator (+)

with 2 comments

Written by Seva

2010-07-22 (July 22) at 11:10:52

Posted in development, php

Phing plugin for Eclipse PDT

with 6 comments

I love Ant integration into Eclipse JDT – it provides smart editor, handy auto-completion, and the most important – fully functional debugger.

Recently I have been laboring on porting a deployment system from shell scripts to Phing, a loose PHP port of Ant. And naturally, I miss the above. I still get a little aid from Eclipse – since Phing’s syntax is very close to Ant’s, I can at use Ant editor for Phing files to enjoy property navigation and target integrity validation.

I would be more than happy to announce that I’m going to fill the gap and implement Phing plugin for Eclipse PDT, but unfortunately – I’m too busy and too lazy. On the other hand, if you, my dear friend, will suddenly decide to accept this challenge, I can gladly invest my time in architecture, design, review & testing free of charge. 🙂 Or should I anyway try to start it myself?

Written by Seva

2010-04-15 (April 15) at 12:31:09