The Right Moment to start over with Visual Studio and .NET

Yesterday, Somasegar, corporate vice president of the Developer Division at Microsoft announced Microsoft is going to open source the .NET platform. Since I left Microsoft in 2011, this is one of the moments I am most stunned. There is a fully featured community edition of Visual Studio, Android emulator, .NET open sourced under the MIT License, support for Linux and Mac OS X. Further background information can be found on my former colleague Immo’s post over here.

I went from Windows to Mac once I left, dug into Python, Java, a lot of Apache projects and somewhat C++ and JavaScript, developing for the new Jolla and Sailfish OS and contributing to the IoT project  OpenHAB. Anyway, I never really was that overwhelmed by the dev ecosystem as I was with Microsoft.

It does not look like the Microsoft I left at all, however, with these major changes, I will be definitely one of the first nailing .NET on my Mac OS X.  I am looking forward for this. For today, I will install the new Visual Studio Community 2013 on my virtual Windows, though.

Time to Switch off SSLv3

You probably have heard of the SSL 3.0 vulnerability aka Poodle. So if you haven’t or if you have and haven’t done anything about it, it’s definitely time to switch it off.

I simply went though my browsers and turned it of, as nowadays it should not be used anymore. To check if your browser is vulnerable, just check out the Poddle Test. If it does look like below, follow the instructions to make it look different.

Poodle TestFirefox

In Firefox you simply type in

about:config

in the address bar of the browser. In the configurations settings you now need to set the value for security.tls.version.min to 1.

Firefox TLS 1Once done, you should be safe, I was told. However, using Firefox ESR 31.1.1, the Poodle Test above still indicates vulnerability.

However, with version 32.0.3 on Mac OS X, setting the minimum TLS version works as a charme.

Poodle TestInternet Explorer

For IE, you should check out Microsoft Security Advisory 3009008 giving a workaround how to turn SSL 3.0 off.

Tools / Internet Options / Advanced got ot the Security category and uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

IE TLS SettingsAgain this should at least give you the feeling of security.

NDepend v5 Article Published

Already some days overdue, it’s worth a note, that we have published an article about the new features in NDepend v5 in issue 10/2014 of the German magazine dotnetpro.

NDepend v5

The article covers most of the new features in v5, including CQLinq, the Dashboard, an first glance of the new API and some interesting details.

Check and Fix the Shellshock Exploit on Mac OS X

Since I switched to Mac in 2011, I do not keep that much track of vulnerabilities as I did running Windows as my main system. However, the recently announces Shellshock exploit got my attention. As Apple has no patch in place by today, I went for a manual path of the bash shell. Only precondition is Apple’s Xcode being installed on your system.

First, checking whether your  system is vulnerable, you simply need the following bash script being run:

env x='() { :;}; echo not' bash -c 'echo safe'

In my case, unfortunately, I got a

not
safe

on my shell, running Mac OS X 10.9.4. Checking the version is simple done as following:

bash --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.

In case you passed the check, you should run a second one, as since Thursday, there is a second attack vector knwon

env X='(){(a)=>\' bash -c "echo date"; cat echo; rm -f echo

The good news, not vulnerability from this vector.

date
cat: echo: No such file or directory

In case one would get the current date and time, there would be vulnerability, too.

As there is no patch from Apple right now, there is an possibility to build an update manually from the GNU repositories.

mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
cd ..
sudo xcodebuild

In case you are vulnerable to the second vector, there is a another path to be applied:

mv build/bash.build/Release/bash.build/DerivedSources/y.tab.* bash-3.2/
cd bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
cd ..
sudo xcodebuild

By running

bash-fix/bash-92/build/release/bash --version 
bash-fix/bash-92/build/release/sh --version

you should be able to verify the version of the fix.

GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.

Before replacing the old version, I backup the original bits.

sudo cp /bin/bash /bin/bash.3.2.51.bak
sudo cp /bin/sh /bin/sh.3.2.51.bak

Now you can replace the original ones by

sudo cp bash-fix/bash-92/build/Release/bash /bin
sudo cp bash-fix/bash-92/build/Release/sh /bin

Once this is done, you can check for the exploit again

env x='() { :;}; echo not' bash -c 'echo safe'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
safe

Once verified, you can get rid of the bash-fix folder and your system should be safe from this exploit.

 

Miataru Update 0.2-16

The latest update on the Miataru SailfishOS client just landed on OpenRepos.net. The latest version just introduced some baby steps. The settings page was finally activated and settings for the server data retention time were introduced.

SettingsCurrently, SSL based server URLs are not supported, yet. Using the original Miataru server, you need to fall back to http://service.miataru.com instead.

Data server retention time is specified in minutes, currently 1minute to 24 hours (1440 minutes) are supported and sued with the update location requests.

More to come…

 

Miataru Updated v0.2-15 – Colorized Devices

Today, yet another update of the Miataru Client for SailfishOS went public. As the basic functionality finally works, it was time for some feature update. First of all we introduced the possibility to update the device information. Beside changing he name, choosing a particular color for the map indicator is now available.

Device DetailsTo access the detail page, press and hold a device on the device page, and choose Details afterwards.

Changing Device DetailsFinally, the chosen color will be used to display the device on the map.

0.2-15_map

The new features ware available from version v0.2-15 on.

Next improvements will probably consider the maps, displaying additional device information as well as a improved way of displaying the devices on the map.

Next Miataru Update

Tonight, we managed to remove the most issues with the Miataru SailfishOS client. With v0.2-14 the location information of the device gets finally used, the location of the current device as well as other devices are displayed correctly, the map is centered to your actual location and some more minor issues got fixed.The latest version is available at  OpenRepos for JailfishOS via Warehouse.

In addition, we added a page displaying some debug information. Current location, as well as the most recent requests and responses from to and from the Miataru server. By this it’s completely transparent what information is exchanged between your device and the server. Actually, this is possible because the protocol of Miataru is completely open, no secrets, traps and hidden information are sent to the server.

Debug InformationThere are some known issues you should be aware of. However, please bear in mind at the current version it is still an alpha version of the software, though.

  • Communication with the Miataru server takes place only on the map page, location information is not updated in the background
  • Most recent requests on the Debug Information page are only displayed when the Map was used before.
  • Accuracy on the Debug Information page is not displayed. It is used in the requests though, as you can see in the requests.
  • When upgrading from an earlier version, some settings (Server URL, Devices etc.) might get lost. This is due to an arrangement of the settings database, however, it’s an alpha. We introduced some process to avoid those braking changes for the future (hopefully).
  • The map indicators might overlap when providing common coordinates. While two or more devices are on close together, it might look on the map as there is only one device as the indicators on the map overlap.

Said that, you should be able to use it from now on. As the basic feature now work proper, we will start pimping the app by adding more features and fancy stuff over time.

Stay tuned…

 

 

SailfishOS Miataru Client 0.2 available

Today, we pushed version 0.2 of the SailfishOS Miataru client to the OpenRepos. From there it’s available via the Warehouse app.

First of all, Cyril Lintanff took some effort and came up with an awesome logo for the SailfishOS app.

Miataru IconWe took the the original Miataru M from the iPhone app, and used it with well aligned with the SailfishOS guidelines. If you check the M it is a marker on a map, where the SailfishOS logo is used as contour map. All the credits for this mind blowing design belong indeed to Cyril.

With version 0.2 we fixed the recent start up issue, where as the app did start once and only once. We also introduced some kind of a database revisioning which makes it simple to update databases from any version you are currently running to any higher version. The first start might take a second or so more, however, we save some milliseconds when switching pages within the app.

Miataru First PageIn addition, thanks to Daniel for a bunch of live debugging on the Miataru server, we were able to fix some malformed requests (which ended up in new test cases for the Miataru server as well ). We now can display all devices you added to the device list on the map in the SailfishOS Cllient. Unfortunately, your own device does still stick on the coordinates of Karlsruhe, Germany, where the app is currently developed. I haven’t managed to fully access the internal position API of the Jolla phone, yet – however this is the next bit we are currently working on.

Miataru Map on SailfishOS There’s no dedicated discussion forum or bug tracker yet, however the easiest way to send in any requests or questions regarding the app is the OpenRepos page of the app. It’s currently open for comments and being read frequently.

Stay tuned for the next update, though…

Miataru for SailfishOS and Jolla

A couple of months after Daniel came up with Miataru, I finally extendet the Miataruniverse with a native SailfishOS app.

What’s all About

After Google Latitude went down, he was looking for a new solution how to exchange location information with others. Basically, Miataru let you know where other devices are. That’s all. With an unique identifier, the device submits its location on a regular base. If you know the device identifier, you can show the location on your map.

The Jolla App

Beside native apps, Jolla can run Android apps from Google play. Anyway, native apps  simply look much better. As the SailfishOS SDK is still in its alpha, its quite an adventure to develop for it.

Miataru for iOSMiataru for iOS

Miataru for SailfishOSMiataru for SailfishOS

Where to get it

Despite all issues, we just pushed the very first version of the Miataru for SailfishOS on OpenRepos. From there, you can install and updating it using Warehouse for SailfishOS.

Early Alpha

The version available is an early alpha, with very limited functionality. It is basically intended to test the communication between the app and Miataru server as well as the OpenRepos setup. Also due to limitations in the current version of the SailfishOS SDK, the positioning functionality is not yet supported.

Updates will be released on OpenRepos based on the further progress of the SailfishOS SDK. News about the releases will be published here.

Fighting Qt Creator develpoing for SailfishOS

Prologue

For some days, I fight quite an epic battle with Qt Creator. A battle, I am losing right now. I recently started developing a SailfishOS app though. A spare time project which actually drives me mad. To be fair, one should say SailfishOS is quite at an early stage compared to other platforms. However, the SDK, the tool chain, including Qt Creator, VirtualBox integration, build and deploy process already work as a charm. It works out of the box. Even for someone like me, pampered by Visual Studio, Eclipse and corresponding platforms existing for a decade and more.

There are some shortcomings in documentation, though. As a developer myself, I know how hard it is to get some good documentation in place. Therefore, kudos for everything available already. Although, I spend 95% percent in digging the darkest places of the internet to find some information. I have to move out of my comfort zone, which is good. I learn a lot by digging around, which is even better. However, I do not get my project out of the starting blocks, which is bad.

Teh Facts

Following the tutorials available, I tried to create a SailfishOS dialog with two text fields as below.

import QtQuick 2.0
import Sailfish.Silica 1.0

Dialog {
    id: addDeviceDialog
    property string deviceName
    property string deviceIdentifier 

    anchors.fill: parent

    DialogHeader {
        title: qsTr("Add a Device")
    }

    TextField {
        id: deviceNameField
        placeholderText: qsTr("Device Name")
    }

    TextField {
        id: deviceIdentifierField
        placeholderText: qsTr("Device ID")
    }

    onDone: {
        if (result == DialogResult.Accepted) {
            deviceName = deviceNameField.text
            deviceIdentifier = deviceIdentifierField.text
        }
    }
}

Qt Creator, however, responds with

Could not resolve the prototype ‘TextBaseItem’ of ‘TextBase’. (M301)

I encounter this issue wit both, TextField and TextArea.

M301

I can remove this issue by adding

import QtQuick.Controls 1.0

But then Qt Creator responds with

Qml module not found

Modules seem to be installed and paths are set. I probably miss something over here or I do deal with the IDE in a terrible wrong way.

QtQuick.Controls 1.0I will dig further and contact the SailfishOS mailing list, looking forward to get some help there to update this article soon.

[Update, 13.07.2014]

There was an almost instant reply on my request on the mailing list, though. You can completely ignore this issue. Gt Creator will build and deploy without any issues. In my very case, I had an additional issue, where I forgot to set the width property of the text field. Once I did this, I was able to see the text field on my deployed app.