My name is Philipp C. Heckel and I write about nerdy things.

Posts Categorized / Programming


  • Jun 10 / 2012
  • 22
Uncategorized

Android Example: Communication between Activity and Service using Messaging

I recently wrote my first little app for my Android smartphone and I was surprised how easy it was. Being familiar with regular Java, learning the new Android APIs was very simple for the most part. However, there was one thing that wasn’t particularly straight forward: communicating between an Activity, i.e. the user interface, and a background Service started by the application. After many hours, I found some sample code on Stack Overflow which I used to create a very generic reusable solution to start, stop and communicate with your own Service implementation.

Continue Reading

  • Mar 01 / 2011
  • 43
Uncategorized

Hacking Flash Applications and Games: A Case Study

Adobe’s proprietary Flash format has become a significant part of the Internet as it is today. While its importance in Web applications is slowly decreasing due to Web 2.0 technologies and HTML5, it is still a major player in the browser game and application sector. The majority of these games and applications are for entertainment only and offer you nothing but a nice rank in the high score. On rare occasions, however, there are Flash games in which you can actually win something valuable such as concert tickets or even money. And of course there are applications that let you stream, but not download content from a website.

So what’s the problem with that, you think? The problem is that almost all Flash applications can be hacked very easily and most developers are not aware of that.

As a reminder of how vulnerable Flash applications are, this post aims to raise awareness for these issues. In a case study, it shows how a Flash-based game and its server side high score can be tricked within a few minutes using free tools only.

Continue Reading

  • Feb 01 / 2011
  • 3
Uncategorized

Altering old SVN revisions: removing confidental data from a Subversion repository

Version control systems like CVS or Subversion are designed for keeping track of the changes of a project and for having the possibility to revert to old revisions if something goes wrong. In contrast to regular relational databases, these systems are made only for adding new content to a repository, and not for removing data from it. In fact, deleting old content is not a built-in functionality in SVN, and mostly requires removing entire revisions from the repository or even creating a new one.

But what happens if you accidentally commit a password or other sensitive information to a repository? This post explains how to remove this confidential data permanently from the repository by simply overwriting it in old revisions, i.e. without having to remove revisions or create a new repository.

Continue Reading

  • Jan 12 / 2011
  • 3
Uncategorized

Picasa for Linux: Export albums in sort order

As one of the best picture organizers out there, Picasa is (in my opinion) almost complete in terms of features and has a nice look and feel at the same time. Even though Google stopped developing the Linux version after 3.0, it still works perfectly using Wine and a couple of cp-statements.

However, as stated many times by Picasa users and bloggers [1,2,3,…], Picasa’s export function misses a tiny little feature that maintains the sort order of the album when exporting it to a folder. Instead of renaming the pictures to keep them sorted in normal file managers (by name), Picasa just copies the files of an album to one folder and thereby destroys the order. As if that wasn’t enough, Picasa also overwrites duplicates filenames from different source folders.

This missing feature has even led to small standalone projects that fix this issue, e.g. Picasa Independent Album Exporter (PIAE) and Picasa Order Preserver. While both applications do their job, both are a bit heavyweight, and PIAE only works for Windows (and not on Wine).

This post presents a tiny little Perl script that renames pictures of an exported album according to their Picasa sort order.

Continue Reading

  • Aug 22 / 2010
  • 6
Uncategorized

Aware Context API (ACAPI) – Using the sensors in Java ME

The capabilities of cell phones increased dramatically in the last few years. While in the old days most mobile phones were primarily used to make phone calls, modern smart-phones are mostly all-round devices. With the possibility of accessing the Internet and the availability of various sensors (e.g. location or noise), mobile applications have become interactive and flexible. The trend towards location-based services and context-awareness allows applications to react on their surroundings and to behave intuitively towards the user.

For developers, context-awareness can be both a blessing and a curse. While the mobile operating systems iPhone OS and Android come with relatively good sensor-support, the vast majority of devices deal with Java ME’s basic and heterogeneous sensor functionalities.

The Aware Context API (ACAPI) aims to bridge this gap by providing a framework for building context aware applications for mobile devices based on Java ME. In this article, I’d like to introduce ACAPI, its structure and usage briefly. Please feel free to comment.

Continue Reading

  • Jan 29 / 2010
  • Comments Off on WP-UN: WordPress version update notification with cron
Uncategorized

WP-UN: WordPress version update notification with cron

WordPress is a very popular open-source blog software and is used widely throughout the Internet. However, with great success comes great attack potential: like any other wide spread open-source software, WordPress is target for frequent hacking attacks and spam-bots. All the more important is it to always update the distribution to the latest release.

As Debian/Ubuntu user, I am spoiled when it comes to update management: apt-get updates most of my software, and apticron notifies me when updates are available. For WordPress however, the packaged versions of Debian/Ubuntu are really old and less adjustable which unfortunately makes a manual installation inevitable. While there are several automated WordPress update mechanisms out there, I couldn’t find a simple notify-on-update tool.

This post introduces the WordPress Update Notifier (WP-UN), a simple script that frequently compares the installed WordPress version with the latest available one. If a new version is available, it sends an e-mail to a given address.

Continue Reading

  • Apr 07 / 2009
  • 2
Uncategorized

Simsafe: Simple command-line password safe

Nowadays, it appears to me as if almost everything in the big and fancy world of IT comes with the need to sign up and create an account. Every little online tool, every social networking site and of course every instant messenger account. System administrators hits it even harder: The setup of a server machine requires to create lots of different users for every kind of service, — be it Postfix, Sendmail, Courier, MySQL, PostgreSQL, etc. Most of them require some kind of super-user password or account.

This is where a password manager comes in handy: Open the password vault by typing in the master password, put in all you secrets and crucial information, save it and be happy. As if!

Almost every password manager I found on the Web was crowded out by details so that it took minutes to add a single account. What I wanted was something like a text-file with password — and that’s what I made: A simple command-line password safe.

Continue Reading

  • Mar 16 / 2009
  • 3
Uncategorized

KadS: a secure version of the Kademlia protocol

There are various peer-to-peer protocols out there. All of them focus the decentralisation of storage and other system resources. Most implement a distributed hash table (DHT) to store information. That is, each node of the network only holds a small part of the hash table but is able to locate and retrieve any requested entry. Kademlia, a protocol designed by two NYU students in 2002, is one of them.

Continue Reading

  • Sep 30 / 2008
  • 48
Uncategorized

GCALDaemon deb-package for Ubuntu/Kubuntu

GCALDaemon (project doesn’t exist anymore, was at http://gcaldaemon.sourceforge.net/) is a great tool to synchronize many of Google’s services such as Google Calendar and Contacts with your local PC. Unfortunately, the installation on Ubuntu/Kubuntu and any other Linux distribution is still not the most comfortable. For this reason, I sat down some hours and packed the tool into a deb-package and additionally added a nice command line tool to simplify some of the basics.

Continue Reading

  • May 16 / 2008
  • 209
Programming

Roundcube login via PHP script

Roundcube is an AJAX/PHP based e-mail application which is really flexible and easy to use in comparison to other free web based solutions.

For the customer interface of Silversun, I wanted to use RC as the internal web mail application and therefore had to embed it into my system. To avoid that the customer has to log in twice (customer interface and Roundcube), I had to simulate the login request with a PHP script.

Continue Reading

Pages:1234