Multi User Connecting to 1 Mac (or mini) using PCs

Hi,
We have a Mac Machine with us on the floor that we want to be shared by multiple users.
One way that it can be used is by installing the  Vine Server (VS)for OSX on it , and installing the a Client on the Dextops.
Vine Server is :
1.       Completely free
2.       Not dependant on OSX Server
3.       Multiple, simultaneous, independant users
VS tweaks the Multi user sharing feature of Mac OS X that allows multiple users to connect to the same Mac simultaneously. (http://9to5mac.com/2011/02/27/10-7-lion-allows-multi-user-remote-computing/)
The Client (VNC Viewer on the PC (or any other vnc viewer)) installed on the dextop then allows multiple users to connect to the same mac (running VS) on different ports.
1/ Turn on Fast User Switching so that multiple users can share the Mac.
2/ Log in on the actual Mac console as an admin user that you also want to grant remote access to. Launch Vine Server as that user, and check the “Open at Login” preference.
3/ Open Vine Server Preferences and note the port number assigned to this VNC server instance. Manually re-enter that number to “pin” this instance to that port for subsequent launches. Also recommend that you set the password here for this unique user session.
4/ Go to the Sharing tab and make sure you check “Allow multiple user sessions”
5/ Go to the Startup tab and check the “System Server…” button. Start the system server instance on the default port (5900). This will be your console VNC server to use. (I recommend that you set a password on this)
6/ Close the preferences window and click Restart Server button.
You should now be able to log into two VNC user sessions: one as the Console on port 5900 and one as the admin user you just logged in as.
Now, for each user, have them log in and add Vine Server to their dock and repeat steps 2, 3 and 4 above.

Sencha App Deployment on iOS Device as Packaged App (ipa) Part 1

Hello,

Being obedient i followed this doc: ( http://ux.saggezza.com/articles/sencha-touch-2-hello-world-app/#pack) to the word in order to package my app for iOS deployment.

And then i followed these steps :

from here : http://ux.saggezza.com/articles/sencha-touch-2-1-0-beta-3-package-to-native-ios/

And the app finaly ran after 4 hrs of hard work

But today whe i wanted to deploy the next build of the app on iOS, i couldn’t imagine repeating yesterday’s exercise …so i tinkered around with the final build that was working on the iPhone simulator and finally after hit and try, found that these are the only steps that need to be performed for running on iOS Simulator using Sencha Cmd

( Note that, if all you want to do is see the look and feel of the app on the simulator, i suggest you simply do the step 1 below and them rt. clk. on the html and open with the simulator…. next clk on the  options icon on the safari (on simulator) and select “Add to home screen”. It will always open without the address bar etc. from next run )

Step 1 :

On the sencha architect select Publish and it will save the app in : C:\Docs\MOBILE PROJECTS\Sencha\Publish

Step 2 :

Change your main html file xyz.html to index.html

Step 3 :

On the cmd, cd to the path above

Step 4 :

run : sencha package generate iossim.json

Step 5:

run : sencha package run iossim.json\    (THIS STEP HAS TO BE DONE ON THE MAC)

voila….your app is installed and running on the simulator

As for packaging it into an ipa, i’m on it..will keep you posted

AJAX

1. create a handler for the event of the control on the page
2. in that handler, create the xmlhttpobject
3. also send the aync req to the server url using POST of Query Srting
4. register a callback handler for the xmlhttpobject
Eg. Xmlhttpobject.onreadystatechange = cityStateReadyStateChange;

5. Define the fn() :
 function cityStateReadyStateChange()

{}


SEE : http://www.brainjar.com/dhtml/ajax/default2.asp

Next :

 zipCodeLookup.onreadystatechange = zipCodeReadyStateChange;
zipCodeLookup.open("GET", url, true);
zipCodeLookup.send(null);

<zipCodes city="Las Vegas" state="NV">
<zipCode>89101</zipCode>
<zipCode>89102</zipCode>
<zipCode>89103</zipCode>
<zipCode>89104</zipCode>
...
</zipCodes>


The responseXML property of the XMLHttpRequest object is a DOM document. You can access all its nodes, attributes and node values within your JavaScript just like the DOM of a web page.


Given the above XML, zipCodeLookup.responseXML.documentElement will be the node for the <zipCodes> tag whilezipCodeLookup.responseXML.getElementsByTagName("zipCode") would return an array of nodes representing the <zipCode> tags.



var city  = xmlDoc.documentElement.getAttribute("city");
 document.forms[0].elements["city"].value  = city;


POST DATA

// Encode the data to be POSTed.
var city = encodeURI(document.forms[0].elements["city"].value);
var url = "getZipCodes.asp";
zipCodeLookup.onreadystatechange = zipCodeReadyStateChange;
zipCodeLookup.open("POST", url, true);
zipCodeLookup.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
zipCodeLookup.send("city=" + city + "&state=" + state);


It's important to point out that you must first call the open() method before you can callsetRequestHeader(), otherwise an error will occur.


You can use other data formats as well, even XML. It all depends on what format the target script or CGI program on the web server expects.














To see the difference between this object and the native XMLHttpRequest object, let's look at the code needed to POST some data to the web server and retrieve a response using the XMLHttpRequest object:

// Create an XMLHttpRequest object using our cross-browser function.
var myRequest = getXMLHttpRequest();

// Assign an onreadystatechange handler.
myRequest.onreadystatechange = myReadyStateChange;

function doPost()
{
// Create the post data.
var data = "...";

myRequest.abort();
myRequest.open("POST", "http://www.example.net/script/getXML.pl", true);
myRequest.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
myRequest.send(data);
}

function myReadyStateChange()
{
if (myRequest.readyState == 4)
{
if (myRequest.status == 200)
{
processResponse(myRequest);
}
else
{
showError(myRequest);
}
}
}

function processResponse(httpRequest)
{
...
}

function showError(httpRequest)
{
...
}
Note that we have to call the abort()open()setRequestHeader() and send()methods on every request. Also, as mentioned earlier, any request headers must be set after the call to open() and before the call to send().
Within the onreadystatechange handler we first need to check the ready state determine if the request has been completed and then check the status code to determine if it was successful (i.e., HTTP 200 OK).
Now look at the code required to do the same thing using an HttpRequest object:
// Create an HttpRequest object.
var myRequest = new HttpRequest();

// Assign callback functions, URL and set request headers.
myRequest.successCallback = processResponse;
myRequest.failureCallback = showError;
myRequest.url = "http://www.example.net/script/getXML.pl";
myRequest.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");

function doPost(event)
{
// Create the post data.
var data = "...";

myRequest.post(data);
}

function processResponse(httpRequest)
{
...
}

function showError(httpRequest)
{
...
}
Note that there is no need to call abort()open()setRequestHeader() andsend() on each request, instead we just call get() or post().
A call to get() or post() automatically aborts any currently active request for that instance of the object. Request headers can be set just once, so long as we do it before calling get() or post(). Similarly, the URL can be set just once, it doesn't need to be specified on every individual request via open().
Lastly, the HttpRequest object handles the onreadystatechange event internally and only does one callback, when the request completes. This callback will be to either the function specified on the successCallback property if the request successfully returns a response (i.e., the status is HTTP 200 OK) or to the function specified byfailureCallback (if the status is anything else).
Note that the terms "successCallback" and "failureCallback" are relative to the HTTP status on the response. All "success" means is that the server was able to process the request and return a response. You may not have gotten the response data you expected. Likewise, "failure" may be OK if you were simply trying to determine if a particular web page existed and it returned "404 Not Found."
Now let's see how to use this new object.
CONCLUSION
Note that in this demo, we use one HttpRequest object to handle both lookup functions. We could have used to separate objects and allowed both to run at the same time but since the two functions are somewhat contradictory, it's best to use just the one. Because the HttpRequest object automatically aborts an active request before starting a new one, using just one means we don't have to worry about one request interfering with the other. In other situations, however, it may be acceptable to make concurrent requests using multiple instances of the object.

Conclusion

AJAX is an extension of DHTML programming, adding the capability to dynamically send and retrieve data from the web server in response to user actions.
The XmlHttpRequest object provides this functionality. Although its usage may not be intuitive, we've shown how it can be extended via a user-defined JavaScript object to hide the nuances of making asynchronous HTTP requests, handling errors and obtaining response data. The end result is a relatively easy to use interface that lets you concentrate on what you can do with it rather than how to do it.
XMLHttpRequest in a standard javascript object that allows you to make HTTP Requests from the browser in javascript.
HttpRequest is a server side object that represents a request to the server.
In summary - one works in the browser, the other in the web server. They also have completely different roles. XMLHttpRequest is for fetching web resources within the browser. HttpRequest represents an incoming request.

Building and PACKAGING (Native iOS) Sencha Architect Apps using sencha cmd

Hi,

Let’s get this over with…
i’m using this ref : http://ux.saggezza.com/articles/sencha-touch-2-hello-world-app/#pack

The first thing that you need to do is to create an Application with the same name as your SA (Sencha Architect ) Application using sencha cmd : sencha generate app a ../a

Next open the dir and you’ll see that it has much more than the o/p you get on clicking the  “Publish” command on the SA.

The 1st step is to add the missing files from the cmd generated dir to the SA generated dir .. (most importantly, the .sencha folder)

Then browse to the dir of the SA app on the cmd and run  : sencha app build package..

It failed for me a few times due to reasons like file not found etc.

Then finally it generated the build dir for you and sadly for me, as i am using resoures external to the architect , the index.html first gave the resource not found error for those.

Then after adding them…

in the SA Project i’m also overriding its read-only files,

hence it’s giving : 

  1. GET file:///C:/Docs/MOBILE%20PROJECTS/Sencha/Publish/build/POCList/package/MyApp/controller/override/NavigationController.js?_dc=1358973011274 app.js:1
    1. Ext.apply.injectScriptElementapp.js:1
    2. (anonymous function)app.js:1
    3. Ext.apply.triggerReady




Error in the chrome inspector at line 1 of my app.js





this sucks


MOVING ON TO http://ux.saggezza.com/articles/sencha-touch-2-1-0-beta-3-package-to-native-ios/



Sencha Touch

Start Chrome with arguments  –args –allow-file-access-from-files –disable-web-security

http://www.youtube.com/embed/5F7Gx0-W-M4

http://www.sencha.com/learn/architect/#Xx/tutorial/date/desc

http://www.sencha.com/learn/getting-started-with-sencha-touch-2/

Sencha Default Icons

C:\MSDE\khematar\SOFTWARES\SenchaCompleteTrial-1.0.0.40-windows.exe\sencha-touch-2.1.0-gpl\resources\themes\images\default\pictos

INstall stuff from sencha complete trial + sencha cmd

make sure u take the free version of sencha sdk and no tcommercial :

What is the difference your free commercial license and the open source license?

You can use Sencha Touch under either license. Under the open source GPL v3 license, you are required to release you source code and license your program under GPLv3. Our free Commercial License allows you unlimited developers, distribution and use provided you are not using Sencha Touch for a development tool or application builder, or for native deployment on an Embedded Device.


SASS




Shortcuts
C:\inetpub\wwwroot\Sencha




http://docs.sencha.com/architect/2/#!/guide/controllers
http://docs.sencha.com/architect/2/#!/guide/interactivity

CREATE APP USING SENCHA CMD

STEPS :

1. CD C:\MSDE\khematar\SOFTWARES\SenchaCompleteTrial-1.0.0.40-windows.exe\sencha-touch
-2.1.0-gpl
2. sencha generate app MyApp ~/myapp


Custom Controls

file:///C:/MSDE/khematar/Eclipse%20Workspaces/sencha/Ext.ux.TouchCalendar-ST2/Ext.ux.TouchCalendar-ST2/examples/Ext.ux.TouchCalendar.html

Steps to attach any visual studio application to asp.net_wp

In my case the dll that’ll be run by the asp wp is in the gac. So 1st step is to add the pdb file of the dll in the gac too.
Copy the pdb file and paste in C:\WINDOWS\assembly\GAC_MSIL\dll name\dll version\

Next come to your VS App that needs to be attached to this wp

Simply goto Debug -> Attach to Process and attach it.

Then run the exe of the application….
Or it the app is web app then host it on iis and run it from there…

Make sure the dll’s project has breakpoints if u wanna debug it

Mobile Security

Top 10 Mobile Controls and Design Principles
Top 10 Mobile Risks
Risk (in Bold) & Remediation
KEYWORD
1
Identify and protect sensitive data on the mobile device
1
Insecure Data Storage
Mobile devices (being mobile) have a higher risk of loss or theft.
·         Consider using a third party container encryption API. Freely available examples include SQLcipher
·         Store min. (filtered) data on client side. Always encrypt it and protect using secure key
·         Do not use cache or temp storage
·          Schedule auto delete on exit
ENCRYPT ALL DATA
2
Handle password credentials securely on the device
9
Broken Cryptography
A user’s credentials, if stolen, not only provide unauthorized access to the mobile backend service, they also potentially compromise many other services and accounts used by the user
·         Never “hard code” or store cryptographic keys where an attacker can trivially recover them. This includes plaintext data files, properties files, and compiled binaries
·         Avoid using user credentials for every svc. Instead generate long term authorization tokens at user login that can be securely stored on the device (as per the OAuth model).
·         Encrypt the tokens in transit (using SSL/TLS). Tokens can be issued by the backend service after verifying
·          Leverage the encryption and key-store mechanisms provided by the mobile OS to securely store passwords, password equivalents and authorization tokens
USE AUTHORIZATION TOKENS
10
Sensitive Information Disclosure
3
Ensure sensitive data is protected in transit
3
Insufficient Transport Layer Protection
Sensitive data passing through insecure channels could be intercepted
·         Applications should enforce the use of an end-to-end secure channel (such as SSL/TLS) when sending sensitive information over the wire/air 
·         A secure connection should only be established after verifying the identity of the remote end-point (server)
USE A SECURE TRANSPORT CHANNEL
4
Implement user authentication, authorization and session management correctly
5
Poor Authorization and Authentication
Unauthorized individuals may obtain access to sensitive data or systems by circumventing authentication systems (logins) or by reusing valid tokens or cookies. 
·         Use authentication that ties back to the end user identity (rather than the device identity).
·         Never use a device identifier (e.g., UDID , IP number, MAC address, IMEI) to identify a user.
DEVICE IS NOT USER
6
Improper Session Handling
·         Never use a device identifier (e.g., UDID, IP number, MAC address, IMEI) to identify a session. 
·         Use only tokens that can be quickly revoked in the event of a lost/stolen device, or compromised session
5
Keep the backend APIs (services) and the platform (server) secure
2
Weak Server Side Controls
Attacks on backend systems and loss of data via cloud storage.
·         Ensure that the backend platform (server) is running with the latest security patches applied to the OS, Web Server and other application components.
·         Ensure adequate logs are retained on the backend in order to detect and respond to incidents and perform forensics (within the limits of data protection law).
·         Design and implement the mobile client and the server to support a common set of security requirements.
·         Design and implement the mobile client and the server to support a common set of security requirements.
·         Perform output encoding on untrusted data where feasible.
SERVER & CLOUD ARE VULNERABLE TOO
6
Secure data integration with third party services and applications
7
Security Decisions via Un-trusted Inputs
Users may install applications that may be malicious and can transmit personal data (or other sensitive stored data) for malicious purposes.
·         Vet the security/authenticity of any third party code/libraries used
·         Pay particular attention to validating all data received from and sent to non-trusted third party apps
·         The combination of input validation, output escaping, and authorization controls can be used against these weaknesses. 
·         Verify the caller is permitted to access any requested resources
BE WARY OF THIRD PARTY CODE/LIBRARIES
8
Side Channel Data Leakage
·         Side channels refer here to data I/O generally used for administrative or non-functional (directly) purposes, such as web caches (used to optimize browser speed), keystroke logs (used for spell checking)
·         Never include sensitive data (e.g., credentials, tokens, PII) in system logs.
·         Control iOS’s screenshot behavior to prevent sensitive app data from being captured
·         Disable keystroke logging for the most sensitive data
·          Disable cut-and-paste buffer for the most sensitive data
CONTROL APP ENVIRONMENT
7
Pay specific attention to the collection and storage of consent for the collection and use of the user’s data
 Unintentional disclosure of personal or private information, illegal data processing
·         Create a privacy policy covering the usage of personal data and make it available to the user especially when making consent choices.
·         Consent may be collected in three main ways:
1.       At install time
2.       At run-time when data is sent
3.     Via “opt-out” mechanisms where a default setting is implemented and the user has to turn it off.
MAKE THE USER AWARE
8
Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.)
Smartphone apps give programmatic (automatic) access to premium rate phone calls, SMS, roaming data, NFC payments, etc. Apps with privileged access to such API’s should take particular care to prevent abuse
·         Maintain logs of access to paid-for resources in a non-repudiable format
·         Check for anomalous usage patterns 
IMPLEMENT CONTROLS
9
Ensure secure distribution/provisioning of mobile applications
·         Most app-stores monitor apps for insecure code and are able to remotely remove apps at short notice in case of an incident
USE APP STORE
10
Carefully check any runtime interpretation of code for errors
4
Client Side Injection
Runtime interpretation of code may give an opportunity for untrusted parties to provide unverified input which is interpreted as code. It can lead to injection attacks leading to Data leakage, surveillance, spyware, and diallerware.
·         Look for any capabilities accessible via user-input data and use of third party API’s which may interpret user-input – e.g. JavaScript interpreters
·         Follow the same rules as a web app for input validation and output escaping
·         Use parameterized queries, even for local SQLite/SQLcipher calls
VALIDATE INPUT