A (very) opinionated guide to MSBuild and Project FilesDavid Wengier
This document discusses project files and MSBuild. It explains that project files are MSBuild files that define properties, items, imports and targets. It compares legacy project files to SDK-style project files. It also discusses how MSBuild works by parsing the project file and evaluating properties, items, imports and targets. Finally, it recommends using build logging to see how MSBuild evaluates the project file.
This document discusses using Firebase services for backendless mobile apps. It covers using Firebase Authentication to allow anonymous and social logins. It also covers using Firebase Cloud Firestore for content storage and realtime data, Firebase Cloud Functions for backend logic, and Firebase Cloud Messaging for push notifications. Code snippets in Kotlin demonstrate integrating these services, such as authenticating users anonymously, uploading and downloading files, listening to database changes, and writing Cloud Functions with Kotlin.
This document discusses different options for saving application data in Android. It covers SharedPreferences for saving key-value pairs, internal and external file storage, and SQLite databases. For SharedPreferences, it shows how to get a SharedPreferences object, write and read preferences. For files, it explains internal and external storage and permissions. For SQLite databases, it discusses the SQLiteOpenHelper class, content values for inserting data, and querying data. It also briefly introduces the ObjectBox ORM library as an alternative to SQLite.
Vaadin is a Java-based web application framework that allows building rich client-side web applications without JavaScript. The presentation discusses new features in Vaadin 7 including a renewed windowing API, Sass support for styling, redesign forms, improved RPC and state handling, and new JavaScript add-ons capabilities. It also outlines the roadmap for upcoming releases that will add server push, new charts, touch support, and integration with CDI.
The document discusses the mobile backend platform Parse and its features. Parse provides a complete backend for mobile and web applications, allowing developers to store and query data, implement user authentication and authorization, and more. It supports numerous platforms including Android, iOS, JavaScript, and embedded devices. Some key features covered include object modeling and storage, queries, user management, file storage, and security configuration via access control lists.
The document discusses Apple's search APIs and how they enable apps to provide rich content to Spotlight, Siri and Safari search results. It covers three APIs - NSUserActivity, App Search and CoreSpotlight - that allow indexing app content and activities to make them discoverable in searches. The document also discusses how to index web content to drive traffic to mobile apps and optimize search results through techniques like keywords, structured data and fast deep linking to improve an app's relevance ranking.
A (very) opinionated guide to MSBuild and Project FilesDavid Wengier
This document discusses project files and MSBuild. It explains that project files are MSBuild files that define properties, items, imports and targets. It compares legacy project files to SDK-style project files. It also discusses how MSBuild works by parsing the project file and evaluating properties, items, imports and targets. Finally, it recommends using build logging to see how MSBuild evaluates the project file.
This document discusses using Firebase services for backendless mobile apps. It covers using Firebase Authentication to allow anonymous and social logins. It also covers using Firebase Cloud Firestore for content storage and realtime data, Firebase Cloud Functions for backend logic, and Firebase Cloud Messaging for push notifications. Code snippets in Kotlin demonstrate integrating these services, such as authenticating users anonymously, uploading and downloading files, listening to database changes, and writing Cloud Functions with Kotlin.
This document discusses different options for saving application data in Android. It covers SharedPreferences for saving key-value pairs, internal and external file storage, and SQLite databases. For SharedPreferences, it shows how to get a SharedPreferences object, write and read preferences. For files, it explains internal and external storage and permissions. For SQLite databases, it discusses the SQLiteOpenHelper class, content values for inserting data, and querying data. It also briefly introduces the ObjectBox ORM library as an alternative to SQLite.
Vaadin is a Java-based web application framework that allows building rich client-side web applications without JavaScript. The presentation discusses new features in Vaadin 7 including a renewed windowing API, Sass support for styling, redesign forms, improved RPC and state handling, and new JavaScript add-ons capabilities. It also outlines the roadmap for upcoming releases that will add server push, new charts, touch support, and integration with CDI.
The document discusses the mobile backend platform Parse and its features. Parse provides a complete backend for mobile and web applications, allowing developers to store and query data, implement user authentication and authorization, and more. It supports numerous platforms including Android, iOS, JavaScript, and embedded devices. Some key features covered include object modeling and storage, queries, user management, file storage, and security configuration via access control lists.
The document discusses Apple's search APIs and how they enable apps to provide rich content to Spotlight, Siri and Safari search results. It covers three APIs - NSUserActivity, App Search and CoreSpotlight - that allow indexing app content and activities to make them discoverable in searches. The document also discusses how to index web content to drive traffic to mobile apps and optimize search results through techniques like keywords, structured data and fast deep linking to improve an app's relevance ranking.
The document discusses three APIs - NSUserActivity, CoreSpotlight, and web markup - that app developers can use to make their app content searchable on iOS devices. It provides details on how to index app data, activities, and web content to improve discovery and bring users into the app via search and Siri suggestions. Best practices are covered such as supporting deep links, using descriptive attributes, and optimizing the app launch experience from search results. Known issues with some search integration features are also mentioned.
The document provides an overview of a lecture on Eddystone beacons from Google. It introduces beacons and Eddystone specifications, including packet types, hardware support, and use cases. It then covers coding examples to scan for beacons and extract telemetry data like temperature from Eddystone packets.
This document provides guidance on creating a workout tracking app for the Apple Watch using HealthKit. It outlines how to use the HealthKit framework to access fitness data, start and stop workout sessions, save workout data, and handle common issues like debugging on device and infrequent data updates. The main steps are initializing HealthKit, requesting authorization, querying for data during workout sessions, and saving workout objects on completion. Challenges discussed include debugging directly on the Apple Watch, keeping the app in the foreground during workouts, and managing battery usage.
The document discusses how to programmatically make URL requests in Java. It covers using the URL and URLConnection classes to (1) parse URLs, (2) retrieve URL contents by opening connections or streams, and (3) get header information. It also provides examples of how to fake GET and POST form submissions by encoding parameters and sending requests via URLConnection.
The document discusses how to implement Google Cast into Android apps. It covers connecting an Android app to a Cast receiver app, launching the Cast app, and interacting with the Cast app. It provides code examples for initializing the Cast SDK, adding callbacks to handle Cast device selection and deselection, and starting discovery of Cast devices.
Thinking about free marketing ? Want to give the opportunity to your user to share your app with their friends ? Maybe you just need more downloads ? Not sure where to start? Android App Invite is one of the answer you were looking for.
You will learn more about app invite is all about and why you need to care about. This talk will teach you exactly what you need to know to integrate app invite in your application.
At the end of this class, you will learn how to:
- integrate app invite in your app
- test your app invite for sending and reception of invites
- Manage invites tracking using Google Analytics API
Servlets are Java programs that run on a web server and generate dynamic web page content. Servlets receive HTTP requests and return HTTP responses. They provide an interface between web clients and web servers. Key points:
- Servlets run on web servers like Tomcat and handle HTTP requests/responses dynamically.
- They extend the HttpServlet class and implement doGet() and/or doPost() methods to process requests.
- Servlets can access request parameters, headers, cookies and generate HTML responses by setting headers and writing to the response.
- Servlets are configured in the web server and mapped to URLs to handle requests for those URLs dynamically.
Sebastian Schmidt, Rachel Myers - How To Go Serverless And Not Violate The GD...Codemotion
As your mobile users get accustomed to advanced features that require Cloud support, it becomes increasingly hard to protect their privacy while staying up to date with data protection regulations such as the GDPR. We would like to show you how you can continue to use cloud-based SDKs and employ Firebase to create an experience that pleases both your users and your newly hired data stewardship team.
- Parse is a backend as a service (BaaS) platform that provides tools and support for iOS, Android, and JavaScript development.
- It offers features like data storage, user authentication, push notifications, and integration with social networks through a simple API.
- Developers can store and query data, manage user accounts, send push notifications, and build mobile and web apps using Parse's SDKs and REST API.
This document introduces CardioMerkari Inc. and their Cardio health kit wrapper library. Cardio is an open source Swift library that provides a simple interface for accessing HealthKit functionality related to workouts. It handles authorization, reading workout data from sensors, and saving workout data to HealthKit. The document provides information on using Cardio such as initializing it with a context, setting up authorization, starting and ending workout sessions, handling sensor updates, and saving workout data.
This document introduces Jua Alice Kim, a student at Dongduk Women's University who placed 3rd in the Windows Metro style App Challenge. She has experience as a Microsoft Student Partner and interned at Microsoft R&D. The document provides code samples for building a Windows Metro style app that retrieves and displays RSS feeds, including classes to store feed data, methods to asynchronously get feed data from a URL, and handling user clicks on feed items.
This document summarizes an Android application that was created to receive data wirelessly from an eyelid scanner device. The application uses Bluetooth to connect to the device and receive accelerometer data. It can function as either a client or server to send and receive data. The main activities allow selecting client or server mode and scanning/connecting to Bluetooth devices. Client and server activities then manage the connection and transfer of data over Bluetooth. The application demonstrates using Android Bluetooth APIs to set up the wireless network and communication between devices.
Async/await is a new language feature that will ship with Swift 5.5 this year. There’s no doubt it will have a significant impact on how we write asynchronous code.
In this talk, we’re going to look at some use cases for async/await, how we can call existing Swift APIs using this new feature, and why your decision to write your SDK in Objective-C might turn out to have been a very clever move.
We’ll also have a look at the refactoring support Apple is adding to Xcode and how it will help you migrate your existing code base.
Parse: A Mobile Backend as a Service (MBaaS)Ville Seppänen
Parse is a mobile backend as a service (MBaaS), a subcategory of PaaS. This is a presentation evaluating the service for a post-graduate seminar course.
Firebase and ng2
This document discusses Firebase and AngularFire/AngularFire2. It summarizes that Firebase is a backend as a service that provides realtime database functionality. AngularFire/AngularFire2 are wrappers that make the Firebase API accessible to Angular applications. Key features covered include authentication, authorization, data validation, and working with data through observable references and promises. Best practices like shallow data structures and avoiding deep nesting are also highlighted.
This document summarizes Paco de la Cruz's presentation on Azure Durable Functions. The presentation covered the evolution of application platforms from on-premises to serverless. It then discussed Azure Functions and some challenges it faces with stateful orchestrations. Durable Functions were introduced as an extension of Azure Functions that uses a Durable Task Framework to implement stateful workflows in a serverless manner. Key patterns demonstrated include function chaining, fan-out/fan-in, and using an orchestration client to start and monitor orchestrations. Code samples and demos were provided to illustrate approval workflows using Durable Functions.
This document discusses the history of asynchronous programming and how reactive programming with RxJS addresses limitations of previous approaches. It covers callback hell with nested callbacks, promises, and async/await. RxJS introduces Observables that allow streaming and combining of asynchronous data over time. The document demonstrates building basic Observable and Observer classes as well as an operator. Reactive programming with RxJS makes asynchronous code more readable and addresses issues like cancellation and error handling.
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
The document discusses certificate pinning and provides information on implementing it for Android, iOS, and Windows platforms. It describes certificate pinning as associating a host with an expected certificate or public key to prevent man-in-the-middle attacks. The document outlines pros and cons of certificate pinning, and provides code examples and links to resources for implementing pinning on different mobile platforms.
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
The document discusses three APIs - NSUserActivity, CoreSpotlight, and web markup - that app developers can use to make their app content searchable on iOS devices. It provides details on how to index app data, activities, and web content to improve discovery and bring users into the app via search and Siri suggestions. Best practices are covered such as supporting deep links, using descriptive attributes, and optimizing the app launch experience from search results. Known issues with some search integration features are also mentioned.
The document provides an overview of a lecture on Eddystone beacons from Google. It introduces beacons and Eddystone specifications, including packet types, hardware support, and use cases. It then covers coding examples to scan for beacons and extract telemetry data like temperature from Eddystone packets.
This document provides guidance on creating a workout tracking app for the Apple Watch using HealthKit. It outlines how to use the HealthKit framework to access fitness data, start and stop workout sessions, save workout data, and handle common issues like debugging on device and infrequent data updates. The main steps are initializing HealthKit, requesting authorization, querying for data during workout sessions, and saving workout objects on completion. Challenges discussed include debugging directly on the Apple Watch, keeping the app in the foreground during workouts, and managing battery usage.
The document discusses how to programmatically make URL requests in Java. It covers using the URL and URLConnection classes to (1) parse URLs, (2) retrieve URL contents by opening connections or streams, and (3) get header information. It also provides examples of how to fake GET and POST form submissions by encoding parameters and sending requests via URLConnection.
The document discusses how to implement Google Cast into Android apps. It covers connecting an Android app to a Cast receiver app, launching the Cast app, and interacting with the Cast app. It provides code examples for initializing the Cast SDK, adding callbacks to handle Cast device selection and deselection, and starting discovery of Cast devices.
Thinking about free marketing ? Want to give the opportunity to your user to share your app with their friends ? Maybe you just need more downloads ? Not sure where to start? Android App Invite is one of the answer you were looking for.
You will learn more about app invite is all about and why you need to care about. This talk will teach you exactly what you need to know to integrate app invite in your application.
At the end of this class, you will learn how to:
- integrate app invite in your app
- test your app invite for sending and reception of invites
- Manage invites tracking using Google Analytics API
Servlets are Java programs that run on a web server and generate dynamic web page content. Servlets receive HTTP requests and return HTTP responses. They provide an interface between web clients and web servers. Key points:
- Servlets run on web servers like Tomcat and handle HTTP requests/responses dynamically.
- They extend the HttpServlet class and implement doGet() and/or doPost() methods to process requests.
- Servlets can access request parameters, headers, cookies and generate HTML responses by setting headers and writing to the response.
- Servlets are configured in the web server and mapped to URLs to handle requests for those URLs dynamically.
Sebastian Schmidt, Rachel Myers - How To Go Serverless And Not Violate The GD...Codemotion
As your mobile users get accustomed to advanced features that require Cloud support, it becomes increasingly hard to protect their privacy while staying up to date with data protection regulations such as the GDPR. We would like to show you how you can continue to use cloud-based SDKs and employ Firebase to create an experience that pleases both your users and your newly hired data stewardship team.
- Parse is a backend as a service (BaaS) platform that provides tools and support for iOS, Android, and JavaScript development.
- It offers features like data storage, user authentication, push notifications, and integration with social networks through a simple API.
- Developers can store and query data, manage user accounts, send push notifications, and build mobile and web apps using Parse's SDKs and REST API.
This document introduces CardioMerkari Inc. and their Cardio health kit wrapper library. Cardio is an open source Swift library that provides a simple interface for accessing HealthKit functionality related to workouts. It handles authorization, reading workout data from sensors, and saving workout data to HealthKit. The document provides information on using Cardio such as initializing it with a context, setting up authorization, starting and ending workout sessions, handling sensor updates, and saving workout data.
This document introduces Jua Alice Kim, a student at Dongduk Women's University who placed 3rd in the Windows Metro style App Challenge. She has experience as a Microsoft Student Partner and interned at Microsoft R&D. The document provides code samples for building a Windows Metro style app that retrieves and displays RSS feeds, including classes to store feed data, methods to asynchronously get feed data from a URL, and handling user clicks on feed items.
This document summarizes an Android application that was created to receive data wirelessly from an eyelid scanner device. The application uses Bluetooth to connect to the device and receive accelerometer data. It can function as either a client or server to send and receive data. The main activities allow selecting client or server mode and scanning/connecting to Bluetooth devices. Client and server activities then manage the connection and transfer of data over Bluetooth. The application demonstrates using Android Bluetooth APIs to set up the wireless network and communication between devices.
Async/await is a new language feature that will ship with Swift 5.5 this year. There’s no doubt it will have a significant impact on how we write asynchronous code.
In this talk, we’re going to look at some use cases for async/await, how we can call existing Swift APIs using this new feature, and why your decision to write your SDK in Objective-C might turn out to have been a very clever move.
We’ll also have a look at the refactoring support Apple is adding to Xcode and how it will help you migrate your existing code base.
Parse: A Mobile Backend as a Service (MBaaS)Ville Seppänen
Parse is a mobile backend as a service (MBaaS), a subcategory of PaaS. This is a presentation evaluating the service for a post-graduate seminar course.
Firebase and ng2
This document discusses Firebase and AngularFire/AngularFire2. It summarizes that Firebase is a backend as a service that provides realtime database functionality. AngularFire/AngularFire2 are wrappers that make the Firebase API accessible to Angular applications. Key features covered include authentication, authorization, data validation, and working with data through observable references and promises. Best practices like shallow data structures and avoiding deep nesting are also highlighted.
This document summarizes Paco de la Cruz's presentation on Azure Durable Functions. The presentation covered the evolution of application platforms from on-premises to serverless. It then discussed Azure Functions and some challenges it faces with stateful orchestrations. Durable Functions were introduced as an extension of Azure Functions that uses a Durable Task Framework to implement stateful workflows in a serverless manner. Key patterns demonstrated include function chaining, fan-out/fan-in, and using an orchestration client to start and monitor orchestrations. Code samples and demos were provided to illustrate approval workflows using Durable Functions.
This document discusses the history of asynchronous programming and how reactive programming with RxJS addresses limitations of previous approaches. It covers callback hell with nested callbacks, promises, and async/await. RxJS introduces Observables that allow streaming and combining of asynchronous data over time. The document demonstrates building basic Observable and Observer classes as well as an operator. Reactive programming with RxJS makes asynchronous code more readable and addresses issues like cancellation and error handling.
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
The document discusses certificate pinning and provides information on implementing it for Android, iOS, and Windows platforms. It describes certificate pinning as associating a host with an expected certificate or public key to prevent man-in-the-middle attacks. The document outlines pros and cons of certificate pinning, and provides code examples and links to resources for implementing pinning on different mobile platforms.
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
CocoaConf Austin 2014 | Demystifying Security Best PracticesMutual Mobile
This document provides 14 security best practices for building secure mobile software:
1. Limit logging to prevent leaking sensitive data.
2. Hide sensitive data when the app enters the background.
3. Use SSL pinning to prevent man-in-the-middle attacks.
4. Leverage features like ARC and PIE to prevent memory attacks.
5. Use the keychain instead of NSUserDefaults to store sensitive data.
6. Be careful when collecting and storing sensitive information in text fields, pasteboards, and local storage.
7. Ask for permissions politely and explain why they are needed.
8. Consider encryption, whitelisting domains, and other techniques when using technologies
Доповідач: Остап Андрусів - інженер R&D відділу компанії ELEKS, палкий прихильник Java & Android. Остап є організатором GDG подій у Львові та активним учасником технологічних конференцій по всьому світу.
Основні тези:
0. Ключові особливості UI/UX Google Glass.
1. Способи програмування під Google Glass.
2. Огляд Mirror API.
3. Огляд GDK.
4. Приклад нескладної програмки під GDK.
International business english (Workshop, part 3) Svitlana StetsyLviv Startup Club
The document provides tips and guidelines for effective international business writing. It recommends simplifying sentence structure, using simple verbs and verb tenses, avoiding idioms and cultural references, and using short paragraphs, lists and graphics. Specifically, it advises breaking long sentences into shorter ones, using transition words, sticking to simple verb forms and one-word verbs, writing in the active voice, and structuring information in an easy to understand way. The overall aim is to make written communication clear and accessible for international readers.
Сергій Фіцак “Як вирости від фрілансера до керівника” Lviv Freelance Forum ...Lviv Startup Club
Сергій Фіцак “Як вирости від фрілансера до керівника” Lviv Freelance 2014 Autumn
Сайт події - http://freelance.lviv.ua/
Доповідь ґрунтується на досвіді здобутому за останні 10 років. Тому крім корисних порад Ви отримаєте можливість почути і про власні “секрети”. А також зможете зрозуміти чи готові Ви вийти за межі себе і створити власну фірму.
Віктор Кривизюк «Боротьба за місце під сонцем в розподіленій команді (США, Ін...Lviv Startup Club
Віктор Кривизюк «Боротьба за місце під сонцем в розподіленій команді (США, Індія, Україна)»
Сайт конференції: http://pmday.com.ua
Youtube: http://bit.ly/PMDayVid
Linkedin: http://bit.ly/PMDayLin
This document discusses topics related to effective team management and decision making such as building trust within the team, handling conflicts, defining roles like the project manager, making decisions at the right time while allowing for uncertainty, and focusing on customer success. It recommends literature on team dynamics and project management to reference.
Стиль Навчання: Опитувальник (анг.мова). (додаток до презентації Дмитра Бібік...Lviv Startup Club
Learning Style Questionnaire
(Peter Honey and Alan Mumford/Takhir Bazarov)
Honey and Mumford are best known for their learning style questionnaire. This self-administered questionnaire determines your preferred learning style.
Knowing your learning style can accelerate your learning as you undertake activities that best fit your preferred style.
Knowing your learning style can also help avoid repeating mistakes by undertaking activities that strengthen other styles For example, if you tend to “jump in at the deep end”, consider spending time reflecting on experiences before taking action.
The document discusses SOLID principles of object-oriented design. It provides examples of code that demonstrate poor adherence to SOLID and ways the code can be refactored to better follow SOLID. Specifically, it shows how to apply the single responsibility principle, open/closed principle, Liskov substitution principle, interface segregation principle and dependency inversion principle to structure code for flexibility, reusability and maintainability.
This document discusses various techniques for working with multimedia in Android applications, including detecting device capabilities, loading images from local storage and remote URLs, playing audio files from assets and raw resources, and improving performance through caching and asynchronous loading. It provides code examples for checking if a device has a front-facing camera, loading images while avoiding out of memory errors, playing audio files from assets, and using an AsyncTask to load images asynchronously to avoid blocking the UI. It also discusses potential memory leak issues and strategies for building an image cache.
This document summarizes new features and changes in Android 2.2 Froyo. It includes improved support for Bluetooth, Exchange, camera, music apps, and tethering. It also describes new developer features like apps on external storage, data backup, device policy manager, cloud to device messaging, and UI improvements like car and night modes. Key infrastructure changes include JIT compilation, V8 JavaScript engine, and support for over 256MB RAM.
The document discusses Retrofit, a type-safe HTTP client for Android. It describes how to initialize Retrofit by defining interfaces for APIs, creating a Retrofit instance, and making network calls. It also covers using interceptors to log requests/responses and add authentication headers to requests. Custom interceptors allow controlling the behavior of authentication based on internal request headers.
This document discusses architecture components for building modern Android applications. It covers common app architecture problems and principles like separation of concerns. It introduces key Architecture Components like Activities, Fragments, Services, ContentProviders, ViewModels and LiveData. It also discusses architectural patterns like MVC, MVP, MVVM and recommendations like clean architecture. The document emphasizes principles like modularity, separation of concerns, and testability. It provides an overview of alternatives like Room, Paging Library, and recommendations for legacy apps.
This document discusses architecture components for building modern Android applications. It covers common app architecture problems and principles like separation of concerns. It introduces key Architecture Components like Activities, Fragments, Services, ContentProviders, ViewModels and LiveData. It also discusses architectural patterns like MVC, MVP, MVVM and recommendations like clean architecture. The document emphasizes principles like modularity, separation of concerns, and testability. It provides an overview of alternatives like Room, Paging Library, and recommendations for legacy apps.
The document provides an overview of advanced Android Wear development techniques including:
1) Customizing notifications by creating a custom activity displayed as a notification, handling notification data changes, and building notifications with custom backgrounds.
2) Advanced UI techniques such as disabling swipe to dismiss, adding long press to dismiss interactions, and using round and rectangular layouts.
3) Transferring bitmap images between handheld and wearable devices using assets, Volley, Picasso, and data syncing APIs.
4) Techniques for voice input using the speech recognizer, networking on Wear using libraries, and avoiding data caching issues.
Apache Wicket is constantly growing in popularity throughout all kinds of projects. However Wicket doesn't come out of the box with a built-in Java EE support. Integration to CDI is missing and the same is valid for Bean Validation support for example. This session demonstrates how you can user CDI, Conversations and Bean Validation together with Apache Wicket. The first part of the talk will consist of a small slide-driven theoretical part whereas the second part will consist of a coding session that demonstrates hands-on how to hook everything together.
Windows 8 Pure Imagination - 2012-11-25 - Extending Your Game with Windows 8 ...Frédéric Harper
This document discusses extending games for Windows 8 and includes demos of various features. It covers designing for touch, using the accelerometer sensor, snapped views, user profile data, contacts, sharing, settings, live tiles, monetization through in-app purchases, and advertising. It provides code examples and resources for creating Windows 8 games.
The document discusses various aspects of building RESTful web APIs with ASP.NET Web API, including content negotiation, model validation, serialization, and self-hosting. It provides code examples for adding validation filters, configuring formatters for different content types, and setting up a self-hosted API server. The document also references resources for learning more about RESTful architecture and building hypermedia-driven APIs with ASP.NET Web API.
Using the SharePoint Framework as a surface to express yourself through client side solutions is great but at some point in time, you will require that this beauty you built interacts with APIs holding data that lives within the Office 365 environment. In this session, you will learn how to utilize and optimize your calls to SharePoint via its REST APIs, to the Microsoft Graph and to external services that you might find useful to deliver a rich experience in your solution. You will also learn about how to simplify those calls using the Community-Driven library PnP JS Core that aims to save your time (and sanity) by simplifying the access to the SharePoint REST APIs and to the Microsoft Graph. Goodbye URLs, hello intellisense!
Mobile Software Engineering Crash Course - C06 WindowsPhoneMohammad Shaker
The document provides an overview of mobile software engineering for Windows Phone, discussing tools and frameworks like the Windows Phone SDK, Silverlight, MVVM, data binding, navigation, and WebClient; it also mentions game development with XNA and using touch events to control a particle engine. Code samples demonstrate common tasks like data binding, navigation, and downloading data with WebClient.
This document provides an overview of ASP.NET Web API, a framework for building HTTP-based services. It discusses key Web API concepts like REST, routing, actions, validation, OData, content negotiation, and the HttpClient. Web API allows building rich HTTP-based apps that can reach more clients by embracing HTTP standards and using HTTP as an application protocol. It focuses on HTTP rather than transport flexibility like WCF.
The document discusses networking on mobile devices. It covers supported networking technologies like cellular data, WiFi and Bluetooth. It discusses required permissions for network operations and that networking should be performed on a separate thread to avoid blocking the UI. It provides an example of using AsyncTask to perform networking operations asynchronously. It also covers best security practices, checking network connectivity, and using Firebase Cloud Messaging as an alternative to polling for updates.
The document discusses networking on mobile devices. It covers supported networking technologies like cellular data, WiFi, and Bluetooth. It discusses required permissions for network operations and the need to perform networking operations on a separate thread to avoid blocking the UI. It provides an example of using AsyncTask to perform networking operations asynchronously. It also covers best security practices, implementing a network security configuration, checking device connectivity, and using Firebase Cloud Messaging as an alternative to polling for updates from a server.
Using the SharePoint Framework as a surface to express yourself through client side solutions is great but at some point in time, you will require that this beauty you built interacts with APIs holding data that lives within the Office 365 environment. In this session, you will learn how to utilize and optimize your calls to SharePoint via its REST APIs, to the Microsoft Graph and to external services that you might find useful to deliver a rich experience in your solution. You will also learn about how to simplify those calls using the Community-Driven library PnP JS Core that aims to save your time (and sanity) by simplifying the access to the SharePoint REST APIs and to the Microsoft Graph. Goodbye URLs, hello intellisense!
This document discusses various approaches for connecting to and interacting with SharePoint data from a SharePoint Framework web part, including using the SharePoint REST APIs, SharePoint Search, Microsoft Graph, custom APIs, and the PnP JS Core library. It provides code samples for retrieving, creating, updating, and deleting list item data from a SharePoint list using these different approaches. It also covers topics like authentication, permissions, and limitations of each approach.
The document provides an overview of basic Android application development concepts including getting set up with the Android SDK, creating a "Hello World" app, and exploring core application components like Activities, Services, Intents, and the AndroidManifest file. It describes setting up the development environment, building a simple app, and diving deeper into how Activities, Services, Intents, and the manifest are used to build the user interface and functionality of an Android application.
This document provides an overview of Firebase and how to use it with Android applications. It discusses Firebase features like the realtime database, authentication, and hosting. It then covers how to set up a Firebase project in Android Studio, write and read data from the Firebase database using the SDK, handle different types of read events, query data, and secure data with security rules. Authentication options like custom authentication are also explained. Code samples are provided for common tasks like writing, reading, and querying data.
Лаконічні та елегантні автоматизовані тести? Безболісний (майже) тестовий стек для UI веб-додатків? Більше часу, щоб випити кави/пограти у Cuphead/ подивитись у порожнечу?
Ми поговоримо про Lombok, Vavr, Owner, чому вам варто використовувати готові рішення та як зробити тести більш лаконічними та читабельними. Вам знадобиться Vaper та/або гіроборд.
Similar to Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікаціях” (20)
Artem Bykovets: Чому люди не стають раптово кросс-функціональними, хоча в нас...Lviv Startup Club
Artem Bykovets: Чому люди не стають раптово кросс-функціональними, хоча в нас Agile? (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Natalia Renska & Roman Astafiev: Нарциси і психопати в організаціях. Як це вп...Lviv Startup Club
Natalia Renska & Roman Astafiev: Нарциси і психопати в організаціях. Як це впливає на розробку продуктів та реалізацію інноваційних рішень (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Igor Protsenko: Difference between outsourcing and product companies for prod...Lviv Startup Club
Igor Protsenko: Difference between outsourcing and product companies for product managers and related challenges (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Anna Kompanets: Проблеми впровадження проєктів, про які б ви ніколи не подума...Lviv Startup Club
Anna Kompanets: Проблеми впровадження проєктів, про які б ви ніколи не подумали (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Anton Hlazkov: Впровадження змін – це процес чи проєкт? Чому важливо розуміти...Lviv Startup Club
Anton Hlazkov: Впровадження змін – це процес чи проєкт? Чому важливо розуміти різницю і як це впливає на результат (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
2. Agenda
1. When it’s public - people WILL use it
2. SSL and its problems
3. And how to fix these problems
3. When it’s public - people WILL use it
Bad things are always going to happen
in life. People will hurt you…
… By exploiting vulnerabilities in you
applications!
4. When it’s public - people WILL use it
Bad things are always going to happen
in life. People will hurt you…
… By exploiting vulnerabilities in you
applications!
5. Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService" >
<intent-filter>
<action android:name=
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA"/>
</intent-filter>
</service>
...
</manifest>
6. Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService" >
<intent-filter>
<action android:name=
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA"/>
</intent-filter>
</service>
...
</manifest>
7. Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService" >
<intent-filter>
<action android:name=
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA"/>
</intent-filter>
</service>
...
</manifest>
8. Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService" >
<intent-filter>
<action android:name=
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA"/>
</intent-filter>
</service>
...
</manifest>
9. Update Data Service
public class UpdateDataIntentService extends IntentService {
private static final String ACTION_UPDATE_DATA =
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA";
private static final String EXTRA_URL =
"com.epam.itweek.commonsensesecurity.extra.URL";
public static void startDataUpdate(Context context, String url) {
Intent intent = new Intent(context, UpdateDataIntentService.class);
intent.setAction(ACTION_UPDATE_DATA);
intent.putExtra(EXTRA_URL, url);
context.startService(intent);
}
@Override
protected void onHandleIntent(Intent intent) {
...
if (ACTION_UPDATE_DATA.equals(action)) {
final String url = intent.getStringExtra(EXTRA_URL);
performDataUpdate(url);
}
...
}
}
10. Update Data Service
public class UpdateDataIntentService extends IntentService {
private static final String ACTION_UPDATE_DATA =
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA";
private static final String EXTRA_URL =
"com.epam.itweek.commonsensesecurity.extra.URL";
public static void startDataUpdate(Context context, String url) {
Intent intent = new Intent(context, UpdateDataIntentService.class);
intent.setAction(ACTION_UPDATE_DATA);
intent.putExtra(EXTRA_URL, url);
context.startService(intent);
}
@Override
protected void onHandleIntent(Intent intent) {
...
if (ACTION_UPDATE_DATA.equals(action)) {
final String url = intent.getStringExtra(EXTRA_URL);
performDataUpdate(url);
}
...
}
}
11. Update Data Service
public class UpdateDataIntentService extends IntentService {
private static final String ACTION_UPDATE_DATA =
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA";
private static final String EXTRA_URL =
"com.epam.itweek.commonsensesecurity.extra.URL";
public static void startDataUpdate(Context context, String url) {
Intent intent = new Intent(context, UpdateDataIntentService.class);
intent.setAction(ACTION_UPDATE_DATA);
intent.putExtra(EXTRA_URL, url);
context.startService(intent);
}
@Override
protected void onHandleIntent(Intent intent) {
...
if (ACTION_UPDATE_DATA.equals(action)) {
final String url = intent.getStringExtra(EXTRA_URL);
performDataUpdate(url);
}
...
}
}
12. Update Data Service
public class UpdateDataIntentService extends IntentService {
private static final String ACTION_UPDATE_DATA =
"com.epam.itweek.commonsensesecurity.action.UPDATE_DATA";
private static final String EXTRA_URL =
"com.epam.itweek.commonsensesecurity.extra.URL";
public static void startDataUpdate(Context context, String url) {
Intent intent = new Intent(context, UpdateDataIntentService.class);
intent.setAction(ACTION_UPDATE_DATA);
intent.putExtra(EXTRA_URL, url);
context.startService(intent);
}
@Override
protected void onHandleIntent(Intent intent) {
...
if (ACTION_UPDATE_DATA.equals(action)) {
final String url = intent.getStringExtra(EXTRA_URL);
performDataUpdate(url);
}
...
}
}
13. Update Data Service
public class UpdateDataIntentService extends IntentService {
...
private void performDataUpdate(String url) {
Request request = new Request.Builder()
.url(url)
.addHeader(TOKEN, AuthManager.getInstance().getToken())
.build();
OkHttpClient client = new OkHttpClient();
Response response = client.newCall(request).execute();
String newData = response.body().string();
storeDataInDb(newData);
}
...
}
14. Update Data Service
public class UpdateDataIntentService extends IntentService {
...
private void performDataUpdate(String url) {
Request request = new Request.Builder()
.url(url)
.addHeader(TOKEN, AuthManager.getInstance().getToken())
.build();
OkHttpClient client = new OkHttpClient();
Response response = client.newCall(request).execute();
String newData = response.body().string();
storeDataInDb(newData);
}
...
}
15. Update Data Service
public class UpdateDataIntentService extends IntentService {
...
private void performDataUpdate(String url) {
Request request = new Request.Builder()
.url(url)
.addHeader(TOKEN, AuthManager.getInstance().getToken())
.build();
OkHttpClient client = new OkHttpClient();
Response response = client.newCall(request).execute();
String newData = response.body().string();
storeDataInDb(newData);
}
...
}
16. Update Data Service
public class UpdateDataIntentService extends IntentService {
...
private void performDataUpdate(String url) {
Request request = new Request.Builder()
.url(url)
.addHeader(TOKEN, AuthManager.getInstance().getToken())
.build();
OkHttpClient client = new OkHttpClient();
Response response = client.newCall(request).execute();
String newData = response.body().string();
storeDataInDb(newData);
}
...
}
17. Update Data Service
public class RegularDataActivity extends Activity {
private static final String URL_PRODUCTION_BACKEND = "http://google.com";
...
@OnClick(R.id.update) void onUpdateDataClick() {
UpdateDataIntentService.startDataUpdate(this, URL_PRODUCTION_BACKEND);
}
}
18. Update Data Service
public class RegularDataActivity extends Activity {
private static final String URL_PRODUCTION_BACKEND = "http://google.com";
...
@OnClick(R.id.update) void onUpdateDataClick() {
UpdateDataIntentService.startDataUpdate(this, URL_PRODUCTION_BACKEND);
}
}
19. Update Data Service
public class RegularDataActivity extends Activity {
private static final String URL_PRODUCTION_BACKEND = "http://google.com";
...
@OnClick(R.id.update) void onUpdateDataClick() {
UpdateDataIntentService.startDataUpdate(this, URL_PRODUCTION_BACKEND);
}
}
34. Do Not Export Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService"
android:exported="false" />
...
</manifest>
35. Do Not Export Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService"
android:exported="false" />
...
</manifest>
36. Do Not Export Update Data Service
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.epam.itweek.commonsensesecurity.downloader" >
...
<service
android:name=".UpdateDataIntentService"
android:exported="false" />
...
</manifest>
37. Attack Not Exported Update Data
Service
08-02 17:22:00.720 11702-11702/
com.epam.itweek.commonsensesecurity.downloaderattaccker.notexported
E/AndroidRuntime﹕ FATAL EXCEPTION: main
Process:
com.epam.itweek.commonsensesecurity.downloaderattaccker.notexported,
PID: 11702
java.lang.SecurityException: Not allowed to start service Intent {
act=com.epam.itweek.commonsensesecurity.action.UPDATE_DATA
cmp=com.epam.itweek.commonsensesecurity.downloader.notexported/com.epam.itw
eek.commonsensesecurity.downloader.UpdateDataIntentService (has extras) }
without permission not exported from uid 10191
at
android.app.ContextImpl.startServiceCommon(ContextImpl.java:1639)
at android.app.ContextImpl.startService(ContextImpl.java:1616)
at
android.content.ContextWrapper.startService(ContextWrapper.java:505)
at
com.epam.itweek.commonsensesecurity.downloaderattaccker.AttackDownloaderAct
ivity.onAttackClicked(AttackDownloaderActivity.java:30)
...
42. Attack Update Data Service With
Permission
08-02 17:26:08.350 12460-12460/
com.epam.itweek.commonsensesecurity.downloaderattaccker.withpermission
E/AndroidRuntime﹕ FATAL EXCEPTION: main
Process:
com.epam.itweek.commonsensesecurity.downloaderattaccker.withpermission,
PID: 12460
java.lang.SecurityException: Not allowed to start service Intent {
act=com.epam.itweek.commonsensesecurity.action.UPDATE_DATA
cmp=com.epam.itweek.commonsensesecurity.downloader.withpermission/com.epam.
itweek.commonsensesecurity.downloader.UpdateDataIntentService (has extras)
} without permission
com.epam.itweek.commonsensesecurity.downloader.permission.UPDATE
at
android.app.ContextImpl.startServiceCommon(ContextImpl.java:1639)
at android.app.ContextImpl.startService(ContextImpl.java:1616)
at
android.content.ContextWrapper.startService(ContextWrapper.java:505)
at
com.epam.itweek.commonsensesecurity.downloaderattaccker.AttackDownloaderAct
ivity.onAttackClicked(AttackDownloaderActivity.java:30)
...
43. Reference: Real-life vulnerabilities
● Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation
o academic paper - http://goo.gl/4wAO93
o Ars Technica article on the topic - http://goo.gl/3KXUVD
o Developer’s point of view - http://goo.gl/X2tETV
● Android OEM’s applications (in)security and backdoors without permission
o http://goo.gl/0eHVnx
o by Andr´e Moulu from QuarksLab
o interesting starts at slide #75
o read from beginning if you want to know why Samsung software is crap low quality
44. SSL and its problems
There are 3 types of software:
data producers, data consumers and
bad guys in between them
45. SSL
● Encrypts network communication
● with a generated session secret
● using server’s X.509 certificate
● relies on Certificate Authorities for certificate validity
Designed for use in general purpose network communication tools:
● Browsers
● Email clients
● IM clients
46. SSL
● Encrypts network communication
● with a generated session secret
● using server’s X.509 certificate
● relies on Certificate Authorities for certificate validity
Designed for use in general purpose network communication tools:
● Browsers
● Email clients
● IM clients
47. SSL
Client makes sure that certificate:
● has a verifiable chain of trust back to a trusted (root) certificate
● matches the requested hostname
And this is good!
Browsers verify website's identity via trusted CAs because they simply don’t
know whom they will be communicating with the other day.
But this is also bad!
Client does not check if it is your certificate, the one you uploaded to your
server.
48. SSL and its problems
● Man In The Middle (MITM) Attacks
○ Hacked CAs (Comodo, DigiNotar, TurkTrust)
○ Social engineering ("Free wifi! Just add this root cert to your device!")
○ NSA
● Complex nature, so implementations are sometimes buggy
● Others?
53. Google Play Services
The Security API allows you to easily install a dynamic security provider.
New versions of Google Play Services will keep the security provider up-to-date with the latest
security fixes as those become available.
54. Google Play Services - Security API
ProviderInstaller.installIfNeeded(getApplicationContext())
56. Pinning
A pin is a hex-encoded hash of a X.509 certificate's SubjectPublicKeyInfo.
Library is available for your needs:
dependencies {
compile 'org.thoughtcrime.ssl.pinning:AndroidPinning:1.0.0'}