Tag Archives: programming

Trying To Try Out Google’s App Inventor

Android, google, , , ,

The recently released Google App Inventor is a web-based software program that allows anyone to develop an app for the Android operating system.

I am still kicking around my Windows Mobile 6.1 smartphone, but I have dreams of an Android-based phone when my contract is up in November.  I played with a Droid X today, but by the time my contract is up, who knows what will be out?!

That’s actually one of the drawbacks of Android – it’s coming too fast.  Who would have thought that would ever be a problem?!  But, with a new “greatest” phone almost weekly, and so many different phones running so many different versions of the OS, it’s becoming a problem.  You have people who bought a phone a few months ago that is running 1.6, who are angry about today’s buyers getting phones running 2.1, or even 2.2.

I decided to try out App Inventor, but apparently there’s a long waiting list to get in!  I don’t get this.  Google, of all the tech companies, have virtually unlimited resources.  Why are they always releasing software in such limited betas?!  They did this with Gmail (although they were a younger company then) and Wave.  They even did with Google Voice, which was a technology they bought (formerly Grand Central) which had been open when they purchased it.  On the other hand they rolled out Buzz to everyone with no warning….oh wait, maybe the results of that have made them cautious again.

I understand that some companies have limited resources when they start out, and therefore need to limit early users or that some companies want to test for serious bugs before they let everyone in – thereby limiting the number of potential bad experiences.  But if Microsoft can give an unlimited number of users the chance to beta test Windows 7 then the bar has been raised.  I mean, that’s a full-blown operating system for crying out loud!  The potential for catastrophic failure with that had to scare the Redmond execs half to death.

At any rate, I have signed up for an invite to App Inventor and maybe one day soon I’ll be able to test it, take some screenshots and let everyone know what it can do.  My hopes for both Android and App Inventor are high.  Android is already living up to those expectations, App inventor on the other hand is still in the wait-and-see category.

Top 25 Coding Errors

Security, Technical, ,

The Mitre Corp has produced the 2010 CWE / SANS Top 25 Most Dangerous Programming Errors which identifies the most commonly encountered coding errors that can potentially lead to web sites being hacked or PCs being compromised.  Some of the errors are well-publicised in the technical press, e.g. “cross-site scripting”; some are downright stupid, e.g. “use of hard-coded credentials” and others are the results of carelessness, e.g. “improper validation of array index”.

However, what makes this document better than the usual Top-X lists is that it provides guidance to programmers on how to prevent or mitigate the errors.  For example, to avoid cross-site scripting it suggests, “Use languages, libraries or frameworks that make it easier to generate properly encoded output.  Examples include Microsoft’s Anti-XSS library, the OWASP ESAPI encoding module and Apache Wicket“. There’s additional information for the technically-minded that goes through the different stages of software development starting with initial design, through to compilation, implementation and testing.

One of the best pieces of advice is in the discussion around checking for unusual or exceptional conditions, “Murphy’s Law says that anything that can go wrong, will go wrong. Yet it’s human nature to always believe that bad things could never happen, at least not to you. Security-wise, it pays to be cynical. If you always expect the worst, then you’ll be better prepared for attackers who seek to inflict their worst. By definition, they’re trying to use your software in ways you don’t want.”

So, if you are into web programming in any way, this has to be mandatory reading to keep the bad guys at bay.  Even if you are not, the discussion elements for each of the errors is illuminating in showing exactly what is going wrong and why it’s bad.  Just skip over the technical bits in between.