Comments, Code and Qt. Some words about the wonderful world of software engineering

5Jan/132

Why doesn’t Windows Phone 8 support HTTPS?

Posted by kypeli

Let me start by saying that of course does Windows Phone 8 support HTTPS in the browser, but it seems some HTTP related APIs do not.

As I am developing my podcast client for Windows Phone, I occasionally get bug reports from Windows Phone 8 users that I can't reproduce on my Windows Phone 7 device. This is one of those.

I use BackgroundFileTransfer and BackgroundAudioPlayer components in my podcast client. Both of them operate on HTTP(S) endpoints as clients. But I got a bug report the other day say saying that the download failed on a file and the same (audio) file cannot be played in the player. I had to start digging deeper, as the same media file does work without issues on my Windows Phone 7 device. It turns out that the file in question is behind a HTTPS endpoint. I don't know if it matters, but the server returns HTTP code 301 (Permanently moved) which means that the server requests the client to go look for the content from another location that it specifies.

I looked at the network traffic using Wireshark. It turns out, as you can see below, that Windows Phone 8 terminates the connection after the initial SSL handshake by sending TCP package with [FIN, ACK]. Windows Phone 8 just throws in the towel and gives up.

wp8_download_fyp_cropped

On the other hand Windows Phone 7 responds at the same location with a TCP [SYN] package which means it wants to continue the communication. It gets the HTTP code 301 as response and moves happily on.

wp7_download_fyp_cropped

So why doesn't Windows Phone 8 support HTTPS?

I have made Microsoft aware of this issue by posting on to their forum a question: http://social.msdn.microsoft.com/Forums/en-US/wpdevelop/thread/f4cc446d-534c-496f-86e2-d21e72001177. I have not yet received a response.

Update: So I got a response to the forums from Microsoft saying they are indeed investigating this issue, which is very nice! Thanks :) And it also turns out that very likely, this is related to the HTTPS -> HTTP change in the connection. As you can see from the WP7 traces, it's WP7 doing the first HTTP request which means it already got the HTTP 301 response from the server - over HTTPS. Hence it's not visible in the trace.

So I think Microsoft tried to do something to enhance the security, but broke the experience. And I really hope they find this a bug, as this would be unexpected behavior from a browser, so why would these HTTP APIs behave differently and break things? At least give me an option to use this "insecure" way of communication.

Technorati Tags: , , ,

23Sep/125

Windows Phone 7.5: BackgroundAudioPlayer crashes for published apps

Posted by kypeli

I have been developing a podcast client for Windows Phone for the past few months - just for my own pleasure, to learn Windows Phone development and to have a decent podcast client for Windows Phone. Because it is a podcast client, I need the ability to play MP3 files and lucky for me, Window Phone 7.5 provides a mechanism for this called BackgroundAudioPlayer. It's a bit clunky to set up, but in the end quite straightforward thanks to some pretty good instructions. I got all the pieces of the software working together and I was pretty happy of how it all worked out for me in the end. Including the audio player was working fine.

Until I submitted the app for publishing to the Windows Phone Marketplace, that is. The certification failed because "starting to play any podcast episode resulted in a crash". I was quite baffled. I had, after all, been using my own podcast client to listen to my own podcasts for quite some time, including playing them of course. And I mean playing a lot, since I had been using the app for quite some time before I did the submission to Marketplace. This was driving me nuts because I just couldn't reproduce the issue (ok, to be frank I had other issues I had to fix too, but the root cause I couldn't reproduce). Thanks to a brave and kind beta-tester I managed to finally get closer to the truth, because he could reproduce the crash on his device and the version that was downloaded from the Marketplace through the beta-program.

Technorati Tags: , , , ,

5Sep/128

How to set up a desktop development target to contribute to Nemo apps

Posted by kypeli

If you want to contribute to the Nemo Mobile apps, you might feel like me in the beginning: a bit lost about where to start and what's needed in order to set up a development environment. Nemo has already quite a detailed wiki page, but I felt like something was missing for a n00b like me. But thanks to w00t I managed to set up a development environment on my Ubuntu desktop so that I can compile and run the Nemo QmlContacts  application. This blog post will hopefully clarify what's needed in order to contribute to Nemo apps in general. Oh, and this is for Ubuntu Linux.

In this blog post I will only go through installing the QmlContacts application. But I imagine the other Nemo apps requiring similar steps.

Technorati Tags: , , , , ,

13Feb/123

‘sudo ./script.sh: command not found’ on Ubuntu

Posted by kypeli

I am pretty sure I could run my script last week, but I cannot anymore today.

kypeli@ubuntu:~$ sudo ./myscript.sh
[sudo] password for kypeli:
sudo: ./myscript: command not found

Obviously this was very strange to me because the script was in the current working directory, all permissions looked fine and I could run the script just fine without sudo, which indicated that the shebang was ok.

kypeli@ubuntu:~$ ls -la ./script.sh
-rwxr-xr-x 1 root root 568 2012-02-13 05:49 ./script.sh

kypeli@ubuntu:~$ ./script.sh
Usage: ./script.sh [foobar] Give 'foobar' to do Baz

So what has happened? Apparently Ubuntu changed something in some update (I am still to verify this) which prevents me from running scripts as sudoer from other than sudo compile time predefined paths. You can verify this by looking at the flags that were used to compile sudo and look for the --with-secure-path option. sudo will not run any script (or command for that matter) outside of these paths. Including .

kypeli@ubuntu:~$ cat /usr/share/doc/sudo/OPTIONS
...
--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"

Give a reasonable default path for commands run as root via sudo.

Well - this was a bit annoying to me for two reasons. I am pretty sure this worked for me last week on my Ubuntu, but suddenly it doesn't work anymore. And secondly, I am not running any public server and I want to run my own scripts with root privileges (why I want to do that is a different topic :)) if I so choose. I must stress that I can see the reasons for doing this and security is always a trade off between security and usability. I would not do this on any public server, but for Ubuntu to not allow me to run my own commands as root is a bit annoying.

Luckily I found this tip from Björn Wijers' blog: http://www.burobjorn.nl/blog/2012/01/04/fix-sudo-and-path-environment-variable-on-ubuntu/

Update: Seem Björn's blog is down, so I'll post the solution here. Put the following line to your $HOME/.bashrc file:

alias sudo='sudo env PATH=$PATH $@'

And the run source $HOME/.bashrc (this will not be necessary on subsequent boots or starts of the terminal). You should again be bale to run your scripts with sudo.

This will enable the fix only for me, as I put the alias in my .bashrc file, so it's not even a terrible security risk. And that's fine.

I would also like to thank @anidel for pointing out initially this possibility.

Technorati Tags: , , , , , ,

23Jan/121

Sunday evening fun: Windows Phone 7 styled progress indicator in QML

Posted by kypeli

I started a new coding hobby project today. But instead of actually getting very far with the productive part of the project I got side tracked on something fun I wanted to try out (don't you just love when that happens :) That's not possible when coding at work...). I wanted to share this day's outcome with you.

Let me introduce this humble video show casing a Windows Phone 7 styled loading indicator in QML :)

You can get the source code for this small thing (GPL licensed) from here: https://gitorious.org/qtquicktests/qtquicktests/trees/master/wp7-loading.

Technorati Tags: , , ,