paulpooch / shoutbreak Goto Github PK

TO REPRODUCE ERROR:
Turn off location services
Open SB and click 'on' switch
Enable them now? Yes
Turn on location services
Return to SB
Click 'on' switch again

ERROR CAUSED BY:
Shoutbreak.java - ToggleGPSUsage() {
_mapController.animateTo(null location)
}

REASON:
_userLocationOverlay.getMyLocation() is returning null

POSSIBLE FIX:
LocationTracker should call the animateTo() method whenever the user's location changes. It should either call this directly or send an event to the UI / User that triggers it. The ToggleGPSUsage() method should still call the animateTo method when the GPS is turned on, however it should check to make sure the location isn't null.

Not sure why getMyLocation() is returning null. I assumed it returned the last known location regardless. If location services are disabled it likely restricts all location information (fresh or stale).

Approval will give a 1,0 post a 100
Score will give a 1,0 post a 27, & a 3,0 post like a 73. But that's better than a 1,0 post. so WTF.

Use whitelists & proper encoding on everything entering & leaving server.

multiple set's will cause unpredictable behavior. fix this. URGENT!

use droidsans.ttf

color icons? white?
use speech bubble shape in logo.

At some point do we need a load more button? Or just auto-delete old crap?

This is giving away info to attackers. Bad.

After 60 day period let's get a teaser page up on 1&1.

Make sure nobody can read the source code or do bad things on server.

We should globally catch all NullPointer and other exceptions. Just reboot app or something.

items expanding in multiples because of holder issues

GetScores uses getShout for each shout...

instead this should be 1 db call, that does where ID = ? or ID = ? or ID = ?, etc.

Auth = pw . hash(pw . nonce . uid) [over SSL]

Server Stores [ hash (pw . salt) | UID | salt ]
User Stores [ pw | UID ]

Of course technically now nobody knows the pw..... but this prevents massive account breach

general issue. try to find all use cases that lead to crash.

Same phone, new installation of app?

New phone, new installation, old user?

Account saving, retrieval.

Need the algorithm and everything here.

Cap # of failed login attempts

HOW TO REPRODUCE ERROR:
Open SB - service is now bound
Click Home button - service is unbound
Re-open SB. - service does NOT get bound
Click Back button - attempt to unbind a non-existent service, causes error below

ERROR REPORT:

06-05 16:52:23.561: ERROR/AndroidRuntime(28166): FATAL EXCEPTION: main
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): java.lang.RuntimeException: Unable to pause activity {com.shoutbreak/com.shoutbreak.ui.Shoutbreak}: java.lang.IllegalArgumentException: Service not registered: com.shoutbreak.ui.Shoutbreak$ShoutbreakServiceConnection@45d526e0
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.performPauseActivity(ActivityThread.java:3567)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.performPauseActivity(ActivityThread.java:3524)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.handlePauseActivity(ActivityThread.java:3507)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.access$2500(ActivityThread.java:135)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2147)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.os.Handler.dispatchMessage(Handler.java:99)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.os.Looper.loop(Looper.java:144)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.main(ActivityThread.java:4937)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at java.lang.reflect.Method.invokeNative(Native Method)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at java.lang.reflect.Method.invoke(Method.java:521)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at dalvik.system.NativeStart.main(Native Method)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): Caused by: java.lang.IllegalArgumentException: Service not registered: com.shoutbreak.ui.Shoutbreak$ShoutbreakServiceConnection@45d526e0
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread$PackageInfo.forgetServiceDispatcher(ActivityThread.java:1107)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ContextImpl.unbindService(ContextImpl.java:897)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.content.ContextWrapper.unbindService(ContextWrapper.java:352)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at com.shoutbreak.ui.Shoutbreak.serviceOnUIOff(Shoutbreak.java:512)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at com.shoutbreak.ui.Shoutbreak.onPause(Shoutbreak.java:231)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.Activity.performPause(Activity.java:3883)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.Instrumentation.callActivityOnPause(Instrumentation.java:1332)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): at android.app.ActivityThread.performPauseActivity(ActivityThread.java:3554)
06-05 16:52:23.561: ERROR/AndroidRuntime(28166): ... 12 more

each vote image should have 2 states.

If the buttons are disabled because the user already voted, it should have one arrow highlighted to indicate which way the user voted.

fix this.

file permissions
close all ports
firewall settings for EC2
etc etc (general linux box lockdown)

seems wonky. i must've changed something.

are all random numbers being securely generated where this matters?

don't let non-server entities GET the cron urls. cookie? IP? Locked files instead of URLS?

launch app -> inbox screen -> home -> relaunch app

WTF?

This is wide open right now. Dar.......

What will happen to architecture when we can't count on things being in memory ever?

APP SHOULD NOT RELY ON MEMCACHED!!!!
THIS IS REALLY IMPORTANT

try doing movement based on top right pixel instead of center?

Implement observer pattern using ConcurrentHashMap instead.

Let users submit email address - recover accounts on new phones.

Rather than using ghetto sdb.php

Is this better?

What happens in the worst case scenario of 100% compromise. Can we rebuild from backups on new servers quickly?

Can you change the default github branch to client? It's a pain having to switch each time.

All account handshakes should be over SSL. A lot of other stuff too.

Cannot have 777 folders sitting on server (logs & crash reports)

When a new user signs up, the nearest live user gets a referral bonus (lots of points)

We need to increase inbox listview performance.

Perhaps we can only draw the collapsed state and only attach 1 click listener for expansion - onExpand somehow invalidate 1 or all views, and onDraw (getView) we can just add all the listeners and crap if and only if it's expanded.

Uhh... don't allow blank shit. Cap input length. Etc.

Make sure no SQL injection like attacks are possible on SDB.

Blocking IP's who hammer too hard

can we do anything about this?

We need to increase inbox listview performance.

Perhaps we can only draw the collapsed state and only attach 1 click listener for expansion - onExpand somehow invalidate 1 or all views, and onDraw (getView) we can just add all the listeners and crap if and only if it's expanded.

We shouldn't be storing phone numbers.

Encrypt these with monthly / daily keys pulled to thumb drives or something?