ANTIVIRUS FOR ANDROID HAS A LONG, LONG WAY TO GO

ANTIVIRUS PROGRAMS ON PCs have a mixed track record. While generally useful, they still have to play catch-up with evolving threats–and their deep system access has on occasion enabled even worse attacks. Now, as antivirus products gain in popularity for Android devices, they appear to be making many of the same old mistakes.

A key part of the current shortcomings stems from relative immaturity in Android antivirus offerings. Researchers at Georgia Tech who analyzed 58 mainstream options found that many were relatively easy to defeat, often because didn’t take a nuanced and diverse approach to malware detection. Taking on the mindset of an attacker, the researchers built a tool called AVPass that works to smuggle malware into a system without being detected by antivirus. Of the 58 programs AVPass tested, only two–from AhnLab and WhiteArmor–consistently stopped AVPass attacks.

“Antivirus for the mobile platform is really just starting for some companies—a lot of the antivirus for Android may even be their first iteration,” says Max Wolotsky, a PhD student at Georgia Tech who worked on the research. “We would definitely warn consumers that they should look into more than just AV. You want to be cautious.”

Modern antivirus uses machine-learning techniques to evolve with the malware field. So in creating AVPass, the researchers started by developing methods for defeating defensive algorithms they could access (like those created for academic research or other open-source projects) and then used these strategies as the basis for working out attacks against proprietary consumer antivirus—products where you can’t see the code powering them. The team will present on and release AVPass at the Black Hat hacking conference in Las Vegas on Thursday.

Free Pass

To test the 58 Android antivirus products and figure out what bypasses would work against each of them, the researchers used a service called VirusTotal, which attempts to identify links and malware samples by scanning them through a system that incorporates dozens of tools, and offering results about what each tool found. By querying VirusTotal with different malware components and seeing which tools flagged which samples, the researchers were able to form a picture of the type of detection features each antivirus has. Under an academic license, VirusTotal limited the group to fewer than 300 queries per malware sample, but the researchers say even this small number was adequate for gathering data on how the different services go about detecting malware.

Before this reconnaissance, the team developed a feature for AVPass called Imitation Mode, which shields the test samples submitted for antivirus scanning so the snippets themselves wouldn’t be identified and blacklisted. “The Imitation Mode is for our malware obfuscation,” says Chanil Jeon, another researcher who worked on the project. “We extract particular malware features and insert them into an empty app, so we can test which feature or which combination is important for malware detection.” The team worked with mainstream malware samples from malware libraries like VirusShare.com and DREBIN.

AVPass is an open source prototype, part of broader Georgia Tech research into machine-learning algorithms (like those used in antivirus) and the extent to which they can be manipulated and exploited. But it also serves as commentary on the evolving landscape of mobile defense.

Room To Grow

If there’s a silver lining here, it’s that Android antivirus tools have an easier job than their PC equivalents, at least for now. “Android malware is not much of malware at all compared to PC malware,” says Mohammad Mannan, a security researcher at Concordia University in Montreal who has studied antivirus vulnerabilities. “They are just rogue apps in most cases, so they are far easier to detect.” And Mannan notes that though Android antivirus apps have a lot of leeway in the system, they aren’t as privileged as antivirus apps on PCs, which could potentially cut down on concerns that antivirus can sometimes be exploited as a security vulnerability in itself. “Mobile AVs run like a privileged app, but are still just an app in the end, not part of the operating system or kernel,” he says.

For now, though, the potential advantages seem overshadowed by the immaturity of the market. The AVPass team says that Android antivirus developers need to build out their products so the programs are looking for multiple malicious attributes at once. It’s much easier to sneak past one security guard than 10. And they note that their research would have been much more difficult and time-consuming if tools like VirusTotal were less specific in the information they disclose about each service.

“These results aren’t the most surprising,” Wolotsky says. “We knew going into this as security researchers that the mobile domain is much less advanced. We hope AVPass will give [antivirus developers] a way to see what works and what doesn’t, because I’m not sure they’ve had that.”

[“Source-wired”]

ANTIVIRUS FOR ANDROID HAS A LONG, LONG WAY TO GO

ANTIVIRUS PROGRAMS ON PCs have a mixed track record. While generally useful, they still have to play catch-up with evolving threats–and their deep system access has on occasion enabled even worse attacks. Now, as antivirus products gain in popularity for Android devices, they appear to be making many of the same old mistakes.

A key part of the current shortcomings stems from relative immaturity in Android antivirus offerings. Researchers at Georgia Tech who analyzed 58 mainstream options found that many were relatively easy to defeat, often because didn’t take a nuanced and diverse approach to malware detection. Taking on the mindset of an attacker, the researchers built a tool called AVPass that works to smuggle malware into a system without being detected by antivirus. Of the 58 programs AVPass tested, only two–from AhnLab and WhiteArmor–consistently stopped AVPass attacks.

“Antivirus for the mobile platform is really just starting for some companies—a lot of the antivirus for Android may even be their first iteration,” says Max Wolotsky, a PhD student at Georgia Tech who worked on the research. “We would definitely warn consumers that they should look into more than just AV. You want to be cautious.”

Modern antivirus uses machine-learning techniques to evolve with the malware field. So in creating AVPass, the researchers started by developing methods for defeating defensive algorithms they could access (like those created for academic research or other open-source projects) and then used these strategies as the basis for working out attacks against proprietary consumer antivirus—products where you can’t see the code powering them. The team will present on and release AVPass at the Black Hat hacking conference in Las Vegas on Thursday.

Free Pass

To test the 58 Android antivirus products and figure out what bypasses would work against each of them, the researchers used a service called VirusTotal, which attempts to identify links and malware samples by scanning them through a system that incorporates dozens of tools, and offering results about what each tool found. By querying VirusTotal with different malware components and seeing which tools flagged which samples, the researchers were able to form a picture of the type of detection features each antivirus has. Under an academic license, VirusTotal limited the group to fewer than 300 queries per malware sample, but the researchers say even this small number was adequate for gathering data on how the different services go about detecting malware.

Before this reconnaissance, the team developed a feature for AVPass called Imitation Mode, which shields the test samples submitted for antivirus scanning so the snippets themselves wouldn’t be identified and blacklisted. “The Imitation Mode is for our malware obfuscation,” says Chanil Jeon, another researcher who worked on the project. “We extract particular malware features and insert them into an empty app, so we can test which feature or which combination is important for malware detection.” The team worked with mainstream malware samples from malware libraries like VirusShare.com and DREBIN.

AVPass is an open source prototype, part of broader Georgia Tech research into machine-learning algorithms (like those used in antivirus) and the extent to which they can be manipulated and exploited. But it also serves as commentary on the evolving landscape of mobile defense.

Room To Grow

If there’s a silver lining here, it’s that Android antivirus tools have an easier job than their PC equivalents, at least for now. “Android malware is not much of malware at all compared to PC malware,” says Mohammad Mannan, a security researcher at Concordia University in Montreal who has studied antivirus vulnerabilities. “They are just rogue apps in most cases, so they are far easier to detect.” And Mannan notes that though Android antivirus apps have a lot of leeway in the system, they aren’t as privileged as antivirus apps on PCs, which could potentially cut down on concerns that antivirus can sometimes be exploited as a security vulnerability in itself. “Mobile AVs run like a privileged app, but are still just an app in the end, not part of the operating system or kernel,” he says.

For now, though, the potential advantages seem overshadowed by the immaturity of the market. The AVPass team says that Android antivirus developers need to build out their products so the programs are looking for multiple malicious attributes at once. It’s much easier to sneak past one security guard than 10. And they note that their research would have been much more difficult and time-consuming if tools like VirusTotal were less specific in the information they disclose about each service.

“These results aren’t the most surprising,” Wolotsky says. “We knew going into this as security researchers that the mobile domain is much less advanced. We hope AVPass will give [antivirus developers] a way to see what works and what doesn’t, because I’m not sure they’ve had that.”

[Source:-Wired]

You Might Own A Software Company, You Just Don’t Know It Yet

Image result for You Might Own A Software Company, You Just Don't Know It YetAs an entrepreneur, whether you’re big or small, there’s a good chance you’re sitting on a successful software idea. You’d be surprised at how easy it is to develop software that can maximize the value of the business you’re already doing.

For Dan Martell, who was named Canada’s top angel investor in 2012 and is the founder of three successful companies, one of his biggest ideas came out of a small fix he created for his everyday work life. Dan would spend hours responding to professionals who were trying to network with him—and the process of scheduling a time to talk was a hassle. So Dan created some simple software that solved the problem.

The result was an award-winning software application called Clarity.

“It was never meant to be an ‘idea,’” Dan says. “Clarity was just a way for me to schedule phone calls from people who were emailing me asking to pick my brain… and then it became a 50,000-person expert network.”

Your idea is what counts. You don’t need to be a technical person or a computer programmer to come up with the next big software solution. Given today’s easy-to-use, pre-built software building blocks, just about anyone can assemble a new application.

Dan continued, “The technology has become essentially ‘modularized.’ When Clarity was built, the first version, we used just three API modules: Stripe for payment, Facebook for the account, and Twilio for the connectivity. That was it…and it was built within a day.”

Those three pieces were all it took for professionals to connect, setup a meeting, and pay each other for the expert advice they needed. Dan is confident you can bring your idea to life with the same ease.

You Need a Microscope, Not a Time Machine

Contrary to popular belief, you don’t have to go back to 1999 to turn a simple idea into a success. Today’s business environment is just as fertile. Dan says that’s because each level of innovation “unlocks” the next one.

“That’s what gets me excited,” Dan explained, “because I believe most companies have an opportunity to look at software. If you’re a successful company, then there’s something you’re doing—a process, a system, a methodology—that’s working for you.”

It’s just a matter of figuring out what you’re already doing right, picking apart why and how it works, and then developing that into a platform other businesses can use. Most important of all, when you craft your idea, avoid the distraction of the digital.

It’s About Solutions in the Real World, Not Programming

The technical term for this kind of business model is SaaS—Software as a Service.

Cloud-based service companies have been the textbook examples for this kind of service, and yet the definition has continued to widen as new types of businesses expand into the digital realm.

This even includes the now-famous taxi service Uber. “A lot of people didn’t think Uber was a big idea, since it was such an analog, off-line interaction,” Dan says. “People were [obsessed with] the ones and zeros,” instead of the world-changing potential of drivers and riders physically meeting up in the real world. The software just initiates the connection and secures the payment.

So find the idea first, then attach the digital relevance. You also don’t have to worry about fulfilling everything yourself. Dan says it’s key to remember that Uber is the world’s largest taxi service, but it doesn’t own any taxis. Just as Airbnb works like a massive hotel chain, but doesn’t own any rooms or hotels. That’s what makes service-based software so efficient at solving problems.

Dan says creating this kind of software is within anyone’s reach, especially if you have experience or already own a business. “If you already have a customer base, then build software that’s relevant to them… and then you have ready, built-in customers.”

Use SaaS to Boost the Value of Your Company

Dan is walking proof that software builds up business value. In 2009 he decided to expand the reach of his consulting business, which he did by creating a software platform that made it easy to network with other small businesses in San Francisco. The result was his first SaaS company, called Flowtown, and its value grew over three years as it added more than 50,000 users.

This value can add a consistent boost to your revenue, especially if you’re in a cyclical or seasonal business. Or you can cash it out completely, as Dan did when he sold Flowtown for a tidy sum to Demandforce.com.

Now it’s your turn. SaaS could be the perfect opportunity for you to take what you already know and transform it into software.

Even though people tend to fixate on the legendary stories—like the 18-year-olds who built Facebook—Dan wants to assure seasoned entrepreneurs that hard-won business experience is still the best path to success.

“It’s not about being technical anymore,” Dan says. “It’s about do you know how to build a business, do you know how to present a compelling offer to the right customer in the right market. I think software enhances all of your current business efforts by adding a much better upside.”

For more valuable insights, check out Dan Martell’s popular Youtube channel.

Garrett Gunderson is the founder and Chief Wealth Architect of WealthFactory.com, and a financial advocate for entrepreneurs.

[“Source-forbes”]

Slow Mac? Could be a hidden memory gobbler in macOS

macos sierra homescreen

Just hours into using my new 27-inch iMac with 32GB of memory, the system felt sluggish. I checked memory usage via the top -u command in Terminal, which showed all 32GB was full. Exclamation point, I said aloud, and launched Activity Monitor to dig in more easily than at the command line.

Sure enough, all memory was in use, and the culprit was something I’d never seen before: com.apple.MediaLibraryService. Turns out that this service relies on Apple plug-ins to make music and other audio, photos and video, and GarageBand files available throughout macOS, including via the options in the Media section of the Open dialog box’s sidebar.

For some (like me), this service goes out of control and consumes all available memory. It may be related to how large your various libraries are. I have over 50,000 images (225GB) in my Photos Library, 120GB in my old iPhoto library, and 240GB in iTunes (including video recorded over the air).

The amount of memory this service consumes is clearly the result of a memory leak—software that loses track of what memory it’s employing, and keeps burning up more—or out of control activity that’s also a bug. Some folks started reporting problems back in 2014 with the then-new versions of Pages and Numbers.

Fortunately, you can at least halt the runaway train, even if you can’t solve why it’s happening.

  1. Launch Activity Monitor.
  2. In the Memory tab, click the Memory column. That’s where you’ll find any service if it’s eating memory. (You can also use Process Name to find it alphabetically.)
  3. Select the process and click the X button in the upper left.
  4. When the confirmation dialog appears, click Force Quit.

This calms things down for the moment, though it may respawn or become a problem anew the next time you restart your Mac. For a longer-term solution, follow these steps, which will disable some of the import/export options and the Open dialog’s Media browser:

  1. In the Finder, select Go > Go To Folder.
  2. Enter /Library/Application Support/iLifeMediaBrowser/ and press return.
  3. In that folder, you’ll find a Plug-Ins folder. Rename it to Plug-Ins (Disabled).
mac911 media plug in library items

The iLifeMediaBrowser folder has a bunch of plug-ins to help import and export files from Apple software.

Now macOS won’t be able to find and load these plug-ins. If you find you’re missing a media-handling feature you rely on, some people have reported success with re-creating the Plug-Ins folder and only moving selected plug-ins back in to see which is required.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.

[“Source-macworld”]

Moto Z2 Play review: Best software experience and a good camera

Image result for Moto Z2 Play review: Best software experience and a good camera

NEW DELHI: Lenovo-owned Motorola recently launched a new device, the Moto Z2 Play, as a sequeAt Rs 27,999, Moto Z2 Play continues to support Moto Mods — attachable modules that transform smartphones into a projector, a speaker or a camera.

Let us see what works for this dual-SIM, 4G/VoLTE device.

Encased in a metallic body, Moto Z2 Play is thinner and lighter than its predecessor. The device has its antenna redesigned which enhances connectivity.

The device sports a 5.5-inch super-AMOLED screen with Corning Gorilla Glass 3 protection that displays vibrant colours and plays videos without stuttering.

Moto Z2 Play review: Best software experience and a good camera

The screen has good viewing angles. It offers “Standard” and “Vivid” output modes for display. The touch-screen too responded well.

The volume keys and power button are also metallic while the rounded home button also performs as fingerprint sensor, Google Assistant launcher and as a navigation button (it might take users some time to understand how to use the button).

The fingerprint sensors worked fine and unlocked the device in a jiffy.

The 16-pin connector at the back supports Moto Mods well.

Motorola has managed to keep the hardware and software in an equilibrium. The device is powered by Snapdragon 626 SoC, clocked at 2.2GHz and has 4GB RAM and 64GB internal storage which can be extended up to 2TB. It runs on Android Nougat 7.0.

Moto Z2 Play does not make you wait even for a second when you shuffle between multiple apps. If you are playing high-resolution videos or games, using social media apps for long hours or clicking pictures around, it will not make you suffer while choosing between an app from the background.

What is more fascinating in the device is its split-screen function. You can pin an app in the upper-half of the screen and add another below.

For example, you can watch a YouTube video in half of the screen while keep WhatsApping your friends in the other half.

The complaint some users had with Moto Z Play regarding Wi-Fi connectivity has been resolved in this device.

Powered by a 3,000mAh battery, the device can last for up to 30 hours and supports “TurboPower” charging technology that offers up to seven hours of back up with a 15-minute charge.

The premium device offers a 12MP rear camera that has a combination of laser autofocus and dual autofocus pixel technology.

The laser autofocus has an expanded range of up to five metres so a user can focus on objects three times further in a virtually dark environment.

The device also has a 5MP front shooter with dual colour-corrected flash which performs well.

What did not work?

The photos captured a fair amount of detail but like most devices, low-light images did not retain much of those details. Also, When you zoom into the subject, the photos lose detail and texture.

But if you want to enhance the camera experience, you may wish to add a Mod to it.

You will also notice that the phone heats up during charging and playing games.

The rear camera protrudes out by few millimetres and is an eyesore on an otherwise premium design.

Conclusion: Moto Z2 Play is a decent phone in the premium category and offers the best hardware and software experiences.l to its Moto Z Play which was well received in the Indian market.

[“Source-economictimes”]

Technology a ‘massive opportunity’ to save lives in every work place

Blerter founder Richard Gill says health and safety is becoming more important in low risk workplaces such as retail ...

Blerter founder Richard Gill says health and safety is becoming more important in low risk workplaces such as retail stores and corporate offices.

Apps, the Internet of Things (IoT) and robotics could prevent the disturbing number of deaths happening in workplaces due to staff complacency, the creator of an acclaimed solution says.

Founder of health and safety social app Blerter​, Richard Gill said employers needed to change their “19th century mindset” around health and safety compliance.

Technology was the answer, he said.

The Blerter app had not yet been put to the test by a major natural disaster, but its founder says its roll call feature ...

SUPPLIED

The Blerter app had not yet been put to the test by a major natural disaster, but its founder says its roll call feature helps managers find out if staff are in danger in the event of an earthquake.

According to Worksafe statistics, 28 people have died at work this year. Most of the deaths happened on farms, construction sites or in transport warehouses.

READ MORE:
* Agriculture accounts for more than half of NZ workplace deaths
* Woman dead in workplace incident at poultry farm in Broadfield, Canterbury
* Man dies in Hamilton warehouse accident
* Man dies in workplace accident involving forklift in Penrose, Auckland

“We see a massive opportunity to move the dial on those statistics … Digital provides a way to make it [health and safety] personal,” Gill said.

Worksafe statistics suggest that Police and Work Safe vehicles are most present at agriculture and construction sites.

ALDEN WILLIAMS/STUFF

Worksafe statistics suggest that Police and Work Safe vehicles are most present at agriculture and construction sites.

He said lengthy paper processes to report potential safety hazards and near miss incidents prevented staff from filing reports and created a tick-the-box health and safety culture in all workplaces.

He said his app could drive a culture change in less dangerous workplaces such as retail stores and corporate offices, not just sites where staff work at great heights or operate heavy machinery.

His app’s blert feature allowed any full time or contracted staff to privately notify management of a health and safety risk or of an incident.

In the event of an emergency or natural disaster, managers could use it to send a roll call to all of its staff.

Technology was cheaper too, meaning a faster return on investment, he said.

While it is not the most deadly industry, at least one person has died at a manufacturing site here every year since 2011.

New Zealand Manufacturers and Exporters Association chief executive Dieter Adam said having robots carry out dangerous tasks near machinery in factories could also prevent future deaths.

Adam said IoT, machinery that is connected to the internet, was also a good solution because data could tell managers what the most dangerous hazards on their factory floor were.

A Worksafe spokesman disagreed that technology was the sole answer to preventing workplace deaths, but he said it did play a part in bettering health and safety overall, especially robotic automation.

The spokesman said technology was already improving safety in the forestry industry.

[“Source-stuff”]

A political solution in Syria? How the latest ceasefire deal suits Vladimir Putin, Bashar al-Assad and Iran

Image result for A political solution in Syria? How the latest ceasefire deal suits Vladimir Putin, Bashar al-Assad and IranRussia hopes the “breakthrough” Syrian ceasefire it brokered this week will align the US with President Vladimir Putin’s plans for the war-torn country.

Details of the agreement between Putin and US President Donald Trump Friday to create a de-escalation zone in southwestern Syria remain under negotiation. But scepticism abounds on whether the plan to end a war that in which an estimated 470,000 people have died can succeed where others failed.

Yet something has changed, as US Secretary of State Rex Tillerson said in his comments on the deal, which starts on Sunday with a preliminary ceasefire in areas along the Jordanian border.

Describing the deal with the US as a breakthrough, Putin said at a news conference in Hamburg Saturday that it should become a prototype for a series of zones across Syria that would be administered in coordination with the government in Damascus.

“If we succeed in doing this, we will create an undoubtedly good base and the prerequisites for a political solution in Syria in general,” he said.

Assad is going to retake most of Syria, and there is nothing the US can do about it
JOSHUA LANDIS, UNIVERSITY OF OKLAHOMA

Although Putin and all sides are committed to Syria’s territorial unity, the plan would temporarily lead to something like Germany after the second world war, when the allied powers divided the country into four administrative zones, according to Fyodor Lukyanov, who leads Russia’s Council on Foreign and Defence Policy.

“This is the beginning of the soft partition of Syria,” he said. “De-escalation is a euphemism for zones of responsibility, where the different sides will agree which power is responsible for which part of the country.”

The outlines of the Russian proposal approved in Friday’s meeting between Trump and Putin were borrowed from talks between Iran, Russia and Turkey to create de-escalation areas in other parts of the country, Lukyanov said.

Taken together, the two plans represent the Russian military’s strategy for exiting the conflict, Lukyanov said.

They also show how the situation on the ground has transformed over the last year. Syria’s second city, Aleppo, fell back under regime control and the US-led campaign to drive Islamic State (IS) from its self-declared caliphate advanced significantly.

That has left the US with a decision to make on what to do once IS is defeated.

It can wrestle with Iran, Russia and Syrian President Bashar al-Assad for control of recaptured areas of Syria.

Or it can declare mission accomplished, agree to oversee the security of zones near the borders with its core allies, Israel and Jordan, and leave most of Syria to Assad, said Joshua Landis, director of the Centre for Middle East Studies at the University of Oklahoma. Both Russian and US Syria analysts believe Friday’s decision indicates the latter.

There is a new security architecture being imposed in the Middle East and Iran is the beneficiary
JOSHUA LANDIS, UNIVERSITY OF OKLAHOMA

“Assad is going to retake most of Syria, and there is nothing the US can do about it,” Landis said. “There is a new security architecture being imposed in the Middle East and Iran is the beneficiary.”

Tillerson said clearly in his remarks after the Trump-Putin meeting that the Syria deal was a starting point for a wider cooperation with Russia after IS’s defeat. The issue then, he said, would be to pacify other areas of the country.

“By and large, our objectives are exactly the same. How we get there, we each have a view,” Tillerson said. “Maybe they’ve got the right approach and we’ve got the wrong approach.”

The agreement could fall apart quickly. The forces who are not party to the deal – including Assad’s forces, Iranian-led militias and al-Qaeda-linked rebels – exist on the ground in southern Syria as well in the North, where a ceasefire crafted by the Russians and the Americans last year collapsed within two weeks.

In addition, so far the only monitors on offer to police the de-escalation zone are Russian. How others might become involved and in what capacity is under negotiation, the State Department official said. The Russian view of how the zones will work is also minimalist and favourable to the Assad regime.

[“Source-“]

VertxUI: Java as a front-end language

© Shutterstock / Grumble

Why waste time on learning new language features and lots of frameworks, taking the risk that you’re learning tools that won’t ever be updated again? There is a language that can run anywhere too, except directly in a browser. What if Java could directly run in a browser? In this article, Niels Gorisse, a senior full-stack Java developer, presents the benefits of VertxUI.

Yesterday I had a job interview for a senior Java back-end job. They asked me whether I was a full-stack developer or not. Although my answer was a proud yes, I stated that I don’t really like JavaScript, but I can find my way through HTML/CSS and JavaScript code. Then I had to explain why I don’t like JavaScript.

I said I don’t like it because of many reasons. JavaScript doesn’t – or actually: didn’t – work the same on all browsers, there is a global scope with all variables in it, and besides that, there are thousands of libraries fixing missing language and API features. Even worse, it seems none of them can be considered to be ‘default.’ So, there is no chance of knowing whether you’ve picked the lasting libraries. I guess I did not get the job.

Just like most senior Java developers, I wrote my first JavaScript lines of code well before 2000. Of course, that is the reason for my grunge against it. But things have changed. Nowadays, after more than ten years of browser disaster, ECMAscript5 has become the standard: more than 97% of all browsers in use support it. Yes, JavaScript still has the ugly language features, but you can write a piece of JavaScript code that works anywhere. And JavaScript is becoming a decent language complete with classes, exceptions, lambda notation, worker thread, packaging, annotations, futures, library management, and much more.

But why waste time on learning new language features and lots of frameworks, taking the risk that you’re learning tools that won’t ever be updated again? There is another language that can run anywhere too, except directly in a browser. What if Java could directly run in a browser?

Mind you, many features which are fairly new to JavaScript have been added to Java many years earlier. In almost every case, this means they’ve become pretty stable and mature over the years:

VertxUI and Fluent

VertxUI is a 100% Java library which tries to answer what if we could run Java directly in the browser. And because pure HTML with CSS is enough to build web pages, VertxUI provides – besides low-level access to the browser – also a lightweight fluent API called Fluent, which simplifies building HTML and CSS with code only. Fluent works with method names corresponding to HTML tags. The first argument of these methods is always a CSS class. So VertxUI does not have any templates, just code. Consider a menu in bootstrap. Using HTML, we’d define a Bootstrap menu like so:

1
2
3
4
5
6
7
8
9
10
11
12
<ul class="nav navbar-hav">
  <li class="active"><a href="#home">Home</a>
  <li><a href="#about">About</a>
</ul>
Using Fluent, we can use to generate the same HTML code like so:
...
Fluent ul = body.ul("nav navbar-nav");
ul.li("active").a(null, "Home", "#home", controller::onMenuHome);
ul.li(null).a(null, "About", "#about", controller::onMenuAbout);

The variable body is a static import from the class Fluent. Similarly, you can also use the methods console, document, and window.

Actually, the Java source code generates code doing slightly more than the HTML snippet above. It also shows how to call Java code when clicking a menu entry. In our example, an instance of a controller (controller::someMethod) takes care of the event handling.

Although not displayed in the previous snippet, there is also a class Store, maintaining a list of class Model. This traditional MVC (model-view-controller) setup is not necessary, but it turns out to be useful when writing JUnit tests.

Of course, you can also use the lambda notation too. For example, let’s create a Bootstrap form. The methods .css() and .att() are also used to show you how they work. This is basically all you need to write HTML and CSS:

Desired HTML snippet:

1
2
3
4
<div class="form-group">
  <label style="font-size: 200%" for="n">Wat</label>
  <input class="cssClass" type="text" id="n">
</div>

Generating the some code using Fluent:

1
2
3
4
5
6
7
8
Fluent div = body.div("form-group");
div.label(null, "Wat")
   .style(Style.fontSize, "200%")
   .att(Att.for, "n");
div.input("cssClass", "text").id("n").
    keydown( (fluent, keyEvent) -> {
      console.log("You typed: " + fluent.domValue());
    });

How it’s done

Of course, the Java code isn’t run in the browser. It’s compiled to JavaScript before. At this point, people often get a wrong impression when they hear which compiler is used, so let’s mention first that VertXUI has been developed using TeaVM. However, TeaVM wasn’t without flaws. In particular, there were a couple of bugs concerning Lambdas. So now VertxUI uses the cross-compiler of GWT to do that, but without using the original GWT toolkit. Don’t confuse it with Vaadin or GWT itself. VertxUI is a completely different, unique approach.

View on … model

The real power of Fluent shows when you are about to change the DOM – because you don’t have to. Changes are updated as efficiently as possible, comparable to ReactJS (from Facebook) which makes sure that your Facebook list of friends does not get completely re-rendered when one online status changes.

You can create a ViewOn<Model> with the .add() method. This takes two arguments: an initial model (or reference to a model) and a method translating this model to a Fluent object. For example:

Result

1
2
3
4
5
6
7
8
9
<table>
  <tbody class="striped">
  (per subscribed person:)
  <tr>
    <td class="fat">*name*</td>
    <td>*quantity*</td>
  </tr>
  </tbody>
</table>

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
public View {
  private ViewOn<List<Person>> table;
 
  public void start(Controller controller){
    List<Person> initialPersons = controller.getPersons();
 
    Fluent middle = body.div();
    ...
    table=middle.add(initialPersons, persons -> {
      if(persons == null || persons.isEmpty()) {
        return Span("big","No people yet");
      }
      Fluent result = Table().tbody("striped");
      for(Person person:persons) {
        if(person.isSubscribed()) {
          result.tr(
              Td("fat",person.getName()),
              Td(null,person.getQuantity()));
        }
      }
      return result;
    });
  }
 
  public void syncPersons() {
    table.sync();
  }
}

You probably noticed the syncPerson() method. This redraws all ViewOn objects having a link to the Person entity. As said previously, you do not need a controller, but here the controller calls that method after a change. Note that it is quite easy to write quite complex user interfaces (like wizards) because you’re just declaratively writing down what your UI should look like. You can even nest ViewOn objects.

All code is pure Java, so if you prefer streams, then that is no problem. The tbody – just like a lot of other containers like tags – takes a CSS class and a list or stream of Fluent objects.

1
2
3
4
5
6
7
8
9
10
table = middle.add(initialPersons, persons -> {
  if (persons == null || persons.isEmpty()) {
    return Span("big", "No people yet");
  }
  return Table().tbody("striped", persons
      .filter(person -> person.subscribed())
      .map(person -> Tr(
          Td("fat", person.getName()),
          Td(null, person.getQuantity()))));
});

View on … state

In the previous Bootstrap menu example, the CSS item which has the “active” class should switch to the selected one when you click on it. This is what we can call a ‘state.’ It is handy to recognize a state and to treat it as an entity which happens never to be saved into a database. You can also use ViewOn<> for a state:

1
2
3
4
5
6
7
String initState = "home"; // or something else which you have extracted from the URL
...
Fluent menu = body.add(initState, state -> {
  Fluent ul = Ul("nav navbar-nav");
  ul.li(state.equals("home") ? "active" : null).a(null, "Home", "#home", controller::onMenuHome);
  ul.li(state.equals("about") ? "active" : null).a(null, "About", "#about", controller::onMenuAbout);
});

JUnit – unit testing

Because Fluent has a virtual DOM internally, you can easily ‘abuse’ this for JUnit testing without firing up a browser. This is extremely fast because there is no compilation to JavaScript and there is no starting and stopping of a browser in the background.

In practice, the class Store is often mocked in JUnit tests to prevent network traffic, but in the next example we mock the Controller call directly:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
class Test {
 
  @Test
  public void test() {
    // Fake result after some network traffic
    List<Person> persons = new ArrayList<>();
    String name = "John " + Math.random();
    persons.add(new Person(name, 2000, true));
   
    // Startup sequence
    View view = new View();
    Controller controller = Mockito.spy(Controller.class);
    Mockito.when(controller.getPersons()).thenReturn(persons);
    view.start(controller);
   
    assertEquals("1 row",1,VirtualDomSearch.getElementsByTagName("TR", body));
    List<Fluent> tds = VirtualDomSearch.getElementsByTagName("TD", body);
    assertTrue("2 columns", 2, tds.length());
    assertTrue("name test", name, tds.get(0).txt());
  }
}

JUnit – integration tests
As your project grows and starts using external JavaScript libraries, integration tests get more and more important. In Fluent you can perform dual-language tests in a headless browser with a ‘register-and-run’ construction. You have slightly more control over your runtime environment than with Selenium because you can easily run and combine JavaScript assets and Java assets together in one test-run.

As an example, we take that dull first Bootstrap menu example, and we simulate a menu click by directly calling controller.onMenuAbout(). Let’s see whether the previous example, which changes the content of the ‘active’ class, actually works. The following code is really all you need. The Java-to-JavaScript compilation happens on the fly:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
class Test extends TestDOM {
 
  @Test
  @GwtIncompatible
  public void test() throws Exception {
    System.out.println("Java");
    runJS(100); // run slot '100'
  }
 
  @Override
  public Map<Integer, Runnable> registerJS() {
    Map<Integer, Runnable> result = new HashMap<>();
    result.put(100, () -> testWithDOM()); // register slot '100'
    return result;
  }
 
  public void testWithDOM() {
    console.log("JavaScript");
     
    View view = new View();
    Controller controller = new Controller(new StoreEmpty(), view);
    view.start(controller);
 
    // search the active menu item
    NodeList actives = document.getElementsByClassName("active");
    assertEquals("quantity test 1", actives.length(), 1);
    assertTrue("titletest 1",((Element) actives.item(0).getChildNodes().at(0))
      .getTextContent().equals("Home"));
     
    controller.onMenuAbout(null, null);
     
    // search again
    actives = document.getElementsByClassName("active");
    assertEquals("quantity 2", actives.length(), 1);
    assertTrue("titletest 2",((Element) actives.item(0).getChildNodes().at(0))
      .getTextContent().equals("About"));
  }
}

Notice that this example could have been put in a non-DOM test, which runs a lot faster.

VertX

You can run VertxUI in any back-end software, but together with VertX, it provides several facilities like FigWheely and POJO traffic. VertxUI with VertX is easier than easy: just start the main() and point your browser to http://localhost. You don’t have to install any IDE-plugin. Neither do you have to deal with a *.war or *.jar. Just start the main class, and you’re good to go!

VertX is completely asynchronously and works with callbacks, just like JavaScript. So, for example, it doesn’t block until TCP data has arrived, but instead it will continue to run the stack when something has arrived. The big difference is that because Java is a very structured language, you’ll never get a callback hell like in JavaScript. You will probably call another method in another class when something asynchronously has happened.

VertX – FigWheely

FigWheely is the runtime helper of VertxUI. It keeps a WebSocket open with the browser and receives notifications when files have changed on the server. If the files that have changed happen to be .java files, FigWheely will recompile your browser code and notify the browser too.

FigWheely works -just like VertxUI- without any IDE-plugin because the compilation to JavaScript happens when you start the (VertX) server and when the source code is found. During startup, a one-line index.html is also generated, but you can also turn this off to use an existing website. Or you can use HTML itself as HTML template when using jQuery Mobile.

VertX – POJO

VertxUI facilitates POJO traffic between server and browsers for ajax calls, WebSocket, sockJS, and the VertX event bus. This means strong-typed traffic, even though JSON is used underneath. Having the client and server in the same language has quite some nice advantages: when you want to add a table column, it might just be adding one line of code to the entity and one line for an extra ‘TD’ in the view.

Here is a client-side example of a chat application with a POJO receiver:

1
2
3
4
5
6
7
8
9
10
WebSocket socket = window.newWebSocket("ws://localhost/chatWebsocket");
socket.setOnmessage(event -> {
  // POJO: receive the a color and put it between a new <li>...</li>
  if (POJOfy.socketReceive(urlPOJO, event, POJOMapper,
    pojo -> messages.li("colored", "Received: " + pojo.getColor()))) {
    return;
  }
  // otherwise, receive the text and put it in a new <li>..</li>
  messages.li("flat", ((MessageEvent) event).getData().toString());
});

and here is the server side, which can also receive a POJO. It looks so simple that you might forget that this is an extremely powerful web server, more powerful than a regular locking multithreaded servlet environment:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
List<String> ids = new ArrayList<>(); // all ids
vertx.createHttpServer().websocketHandler(socket -> { // entering
  String id = socket.textHandlerID();
  ids.add(id);
  socket.closeHandler(data -> { // leaving
    ids.remove(id);
  });
  socket.handler(buffer -> { // receiving
    if (POJOfy.socket(socket, View.urlPOJO,buffer, Dto.class,aService::handle)){
      return;
    }
    String message = buffer.toString();
    ids.forEach(id -> vertx.eventBus().send(id, message)); // broadcasting
  });
}).listen(80);

Wrapping it up

No matter what happens in the future with the client side and the JavaScript language, you can already create very well testable single page web applications in the very grown-up language Java backed by the well developed VertX server environment and backed by any well-developed CSS framework like Bootstrap. The test facilities of VertxUI alone should be interesting enough to try out VertUI for a new project. Let alone the POJO traffic, strong-typed code, a well developed IDE, and so forth, in other words: Java.

JavaScript and its libraries will grow up, but this will take years, and the chances are small that you can pick the right libraries now and prevent refactoring and learning new language features that get deprecated before you’re used to them.

If you’re familiar with React.js or Angular, you’re used to just changing the model to update the view. Actually, this seamless integration between the view and the model made React and Angular popular. It was a major improvement over the older approach modifying the DOM manually. Changing the DOM is error-prone. Using a framework for that makes you write clean code. VertxUI brings this idea to the Java world.

This article was originally published on Beyond Java. 

[“Source-jaxenter”]

Monument Valley vs Framed: A Tale of Two Sequels

Monument Valley vs Framed: A Tale of Two Sequels

At WWDC 2017, a little over a week ago, Apple announced Monument Valley 2 for iOS. The original was highly acclaimed, and even found prominent mention in the Netflix series House of Cards. In the past, developer Ustwo has spoken out against a sequel, but a fresh team with new concepts and features changed things, the company said.

The game – out now for iOS, with an Android version in the works – is available for Rs. 400 ($4.99 in the US), and most of the early reviews were extremely positive. The original was also one of our favourite mobile games, thanks to its gorgeous design and intelligent gameplay. So it was obvious that we were going to give Monument Valley 2 a shot as well.

The sequel is – obviously and predictably – gorgeous and the delight of exploring the pastel worlds it presents alone is worth the price of entry. But the “freshness” that’s promised is nowhere to be seen. The game has changed, yes, but only in the most basic sense. As an experience, Monument Valley 2 remains much the same as the original, only it doesn’t even have the appeal of being something completely original and, thus, delightful.

When Monument Valley came, it had the advantage of there never having been anything to compare it to. Playing Monument Valley 2, you get a clear baseline to measure it against, and while the second game is still enjoyable, it’s less satisfying nonetheless.

monument valley so much colour monument valley

Monument Valley 2 is a gorgeous game that pairs impossible geometry with beautifully laid out landscapes, and characters who start off as ciphers and slowly gain in personality. Much like the original, the pastel colour palette stands out, and the now familiar towers are filled with strange systems to get you from point A to point B. Without spoiling things, the game features a series of puzzles – that are largely simpler than the original – as you work your way through a series of impossible buildings, slowly unfolding the story just like the structures themselves. It’s all very pleasing, if familiar.

It’s possible that people won’t agree with this – we’ve seen vicious Twitter battles play out on this topic already – but Monument Valley 2 feels more like an expansion pack, rather than a new game. Both Monument Valley titles are short games that offer up a beautiful world for you to inhabit, but at this point, and after the hype of the WWDC reveal, perhaps our expectations were simply at the wrong place for this game to be worth the asking price.
This becomes clearer when you compare Monument Valley 2 to another iOS sequel that just released recently – Framed 2. The game released this week, also at Rs. 400 ($4.99 in the US), which makes for a good comparison. Framed is another one of those “concept” games you’ll find on iOS; the original game from two years ago has a unique premise – you’re shown a series of comic-book frames, and if you change the order of the panels, you can change the outcome of the story.

Pop art colours, sharp lines, and retro background music all come together to make Framed an engaging buy, though the concept wears a bit thin by the end of the game. Framed 2 recognises this, and fine tunes the game, elevating it from quirky and interesting, to must play.

framed game framed game

The story of Framed 2 features the same characters and it’s again told without any dialogue, but there’s a lot of drama and emotion nonetheless. The different settings are dynamic, while the core mechanic of rearranging panels remains. You will rearrange the frames to determine what happens next, and find ways to evade capture using the environment.

The difference between these two sequels can not be overstated. Framed 2 is the result of a developer taking a hard look at its game, deciding it could do better, and delivering on that thought. Monument Valley 2 claims to be the same thing – but feels more like a developer looked at its output, and thought, “this is great”.

As a result, where Framed 2 has not been afraid to change things up, making the police more effective and the storytelling crisper and more fulfilling. On the other hand, Monument Valley 2 tries to be a more faithful sequel, and in the bargain, misses out on building on the original.

As the reviews have pointed out, whether you’re new to the series or a big fan of the original, Monument Valley 2 is well worth your time and money. But given how original the first game felt, we can’t help but feel a little disappointed.

 

 
[“source-gadgets.ndtv”]

LinkedIn app for Windows 10 Mobile gets a stealth “upgrade”

Earlier this month we reported on the disappearance of the LinkedIn app for Windows 10 Mobile from the Windows Store.

Microsoft never made an official announcement regarding the disappearance of the app, but we assumed Microsoft intended Windows Phone users to use the Edge browser to access their own enterprise social network.

It seems this was not far off the mark, even when the app has recently been updated.

We have received a number of messages today, and there have also been other posts on various web forums, that the app, which can still not be found in the Windows Store, has been updated.

The new app has a whole new look, and closer scrutiny reveals the old app has been replaced with a link to the LinkedIn Mobile website, still prominently displaying a banner linking to the Google Play Store urging users on more vibrant platforms to download “a faster” mobile app.

Beggars can of course not be choosers, and we assume after paying $26.2 billion for LinkedIn Microsoft did not have any spare change left to develop a proper UWP app.

The LinkedIn app for Windows 10 Mobile can not be found (but may make a reappearance) at the link below.

[“Source-mspoweruser.”]