Archive for the ‘software’ Category
Yesterday started getting random spam ads on my OnePlus 2:
- overlay ads of certain popular junk games,
- fake desktop icons linking to Google Play Store of same games,
- fake missed calls linking to there.
It was virtually impossible to figure out the responsible processes without additional tools, mainly due to the hiding tactics of the adware.
To start I tried few most popular adware removers from the store, but they either didn’t detect anything, or crashed during the scan (maybe the adware killed them while they were running).
The first success was brought by Addons Detector (with all advanced detectors enabled). After another fake icon appearance it traced it to com.google.googlesearch (“Search”) which comes with AirPush component.
The processes were installed as system apps. So the easiest way out was to use Titanium Backup Root Pro I already had installed (my phone is rooted).
After that I tried to dig further to understand how these processes appeared on my phone in the first place. I didn’t install any new apps recently, neither run any updates on root enabled apps. So the adware probably was here, but didn’t expose itself for few months.
I’m very conservative to give root access to software without trust research, but don’t rule out the chance that the junk could be injected with one of the few Aptoide originated apps I experimented with few months ago.
However, since AVG also identified 2 preinstalled bloatware apps to come with other dirty ad frameworks, my current hypothesis is that AirPush crap was on the phone from the very beginning, patiently waiting for its time to activate.
Recently I’ve created the subj. It’s a memory game, written in pure PHP/HTML, called “PHP Memory”.
What was important for me to demonstrate is the next principles:
- Even if you don’t use a framework, you should write modular code with appropriate architecture.
- Despite that, the application design and code should match its required functionality with no overhead of unneeded patterns and abstraction or preparations for future enhancements, unless they’re planned.
- Nevertheless, the code should be readable and maintainable.
- The bottom line is – developing a framework versus developing an application are completely different tasks. The strategy and tactics should vary very much. Of course, developers should learn from the frameworks source code, since they accumulate collective experience of great coders, but the ideas implemented in frameworks sometimes not required or even harmful while developing an application.
Today we spent almost 2 hours on a weird discrepancy between our development and staging environments. It’s pretty rare, that I experience such low level issue, thus in my opinion it’s worth mentioning here.
Last weeks we were busy developing integration to a new data vendor. Everything went well until we deployed the application to stage.
Suddenly we started receiving HTTP status 411 on one of the calls. Since we work with cURL library, which we believed is stable enough, we thought the problem is somewhere between the source code and environment configuration.
Later we found that the same request gets accepted if sent from a client other than cURL (e.g. chrome-poster). The unique about this request is that it’s sent with POST method (the vendor’s strict requirement) but the content body is empty.
So, the immediate solution was to send empty content body (zero-length string) to cURL, which aligned the behavior in all the environments.
On the way we discovered a useful option CURLINFO_HEADER_OUT, which enables a possibility to further retrieve the headers sent by cURL to the remote host. From now we use it in our error handling mechanism to trace the sent headers as well.
What can we conclude from this story?
- Try to synchronize the software of all of your environments. If possible, use exactly the same version OS version, libraries, tools, etc. It’s very easy if you host your applications on VPS and use VMs for development and staging servers. The least convenient case is when you have OSs of different architecture and (e.g. Windows for development and Linux for production).
- Don’t underestimate importance of error handling. Find the optimal level of handling for your application, which will be easily extended and configured.
I love Ant integration into Eclipse JDT – it provides smart editor, handy auto-completion, and the most important – fully functional debugger.
Recently I have been laboring on porting a deployment system from shell scripts to Phing, a loose PHP port of Ant. And naturally, I miss the above. I still get a little aid from Eclipse – since Phing’s syntax is very close to Ant’s, I can at use Ant editor for Phing files to enjoy property navigation and target integrity validation.
I would be more than happy to announce that I’m going to fill the gap and implement Phing plugin for Eclipse PDT, but unfortunately – I’m too busy and too lazy. On the other hand, if you, my dear friend, will suddenly decide to accept this challenge, I can gladly invest my time in architecture, design, review & testing free of charge. 🙂 Or should I anyway try to start it myself?
…When I was going to school we were always taught, “In the olden days of computing, computers were expensive and programmers were cheap. Now it’s the reverse. Therefore…” We are back to the future. At internet scale, programmers are (sometimes) cheap compared to the cost of electricity.