by admin

First Malicious Use of ‘Master Key’ Android Vulnerability Discovered

July 25, 2013 in Android, News, Security by admin

android-logo“Norton Mobile Insight—our system for harvesting and automatically analyzing Android applications from hundreds of marketplaces—has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey.”

We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.

An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available.

Update [July 24, 2013] – We have discovered four additional Android applications infected by the same attacker and being distributed on third-party app sites. The apps are a popular news app, an arcade game, a card game, and a betting and lottery app. All of these apps are designed for Chinese language users.

We have also determined Android.Skullkey will send a text message to all your contacts with a link to a mobile game at hldc.com. This site is currently down.

For the entire article please follow this link.

 

by admin

Anatomy of a Qt 5 for Android application

July 25, 2013 in Android, Qt, Tutorial by admin

qt

There is a nice article by  on the digia qt blog explaining the anatomy of a Qt5 Android application.

Some of the areas discussed are a general overview of major parts composing a Qt5 Android application, a description of the Android application launcher and some insights about how QtCreator sets up the application and also some information about the Qt part of the entire puzzle.

Also, the entire startup of the application is described quite in detail and also the various deployment methods which can be used.

For more information and the entire article, please follow this link.

by admin

Khronos Releases OpenGL 4.4 Specification

July 22, 2013 in News, OpenGL by admin

openglJuly 22nd 2013 – SIGGRAPH – Anaheim, CA – The Khronos™ Group today announced the immediate release of the OpenGL® 4.4 specification, bringing the very latest graphics functionality to the most advanced and widely adopted cross-platform 2D and 3D graphics API (application programming interface). OpenGL 4.4 unlocks capabilities of today’s leading-edge graphics hardware while maintaining full backwards compatibility, enabling applications to incrementally use new features while portably accessing state-of-the-art graphics processing units (GPUs) across diverse operating systems and platforms. Also, OpenGL 4.4 defines new functionality to streamline the porting of applications and titles from other platforms and APIs. The full specification and reference materials are available for immediate download athttp://www.opengl.org/registry.

In addition to the OpenGL 4.4 specification, the OpenGL ARB (Architecture Review Board) Working Group at Khronos has created the first set of formal OpenGL conformance tests since OpenGL 2.0. Khronos will offer certification of drivers from version 3.3, and full certification is mandatory for OpenGL 4.4 and onwards. This will help reduce differences between multiple vendors’ OpenGL drivers, resulting in enhanced portability for developers.

“The delivery of conformance tests for OpenGL 4.4 is a significant milestone – as it is vital for developers to be able to rely on the API they are trusting to accelerate their content across multiple platforms,” said Barthold Lichtenbelt, OpenGL ARB working group chair. “The OpenGL ARB is committed to continue to deepen communications with the developer community so we can continue to build OpenGL functionality that creates real-world business opportunities for the 3D industry.”

New functionality in the OpenGL 4.4 specification includes:

  • Buffer Placement Control (GL_ARB_buffer_storage)
    Significantly enhances memory flexibility and efficiency through explicit control over the position of buffers in the graphics and system memory, together with cache behavior control – including the ability of the CPU to map a buffer for direct use by a GPU.
  • Efficient Asynchronous Queries (GL_ARB_query_buffer_object)
    Buffer objects can be the direct target of a query to avoid the CPU waiting for the result and stalling the graphics pipeline. This provides significantly boosted performance for applications that intend to subsequently use the results of queries on the GPU, such as dynamic quality reduction strategies based on performance metrics.
  • Shader Variable Layout (GL_ARB_enhanced_layouts)
    Detailed control over placement of shader interface variables, including the ability to pack vectors efficiently with scalar types. Includes full control over variable layout inside uniform blocks and enables shaders to specify transform feedback variables and buffer layout.
  • Efficient Multiple Object Binding (GL_ARB_multi_bind)
    New commands which enable an application to bind or unbind sets of objects with one API call instead of separate commands for each bind operation, amortizing the function call, name space lookup, and potential locking overhead.  The core rendering loop of many graphics applications frequently bind different sets of textures, samplers, images, vertex buffers, and uniform buffers and so this can significantly reduce CPU overhead and improve performance.
  • Streamlined Porting of Direct3D applications
    A number of core functions contribute to easier porting of applications and games written in Direct3D including GL_ARB_buffer_storage for buffer placement control, GL_ARB_vertex_type_10f_11f_11f_rev which creates a vertex data type that packs three components in a 32 bit value that provides a performance improvement for lower precision vertices and is a format used by Direct3D, and GL_ARB_texture_mirror_clamp_to_edge that provides a texture clamping mode also used by Direct3D.

Extensions released alongside the OpenGL 4.4 specification include:

  • Bindless Texture Extension (GL_ARB_bindless_texture)
    Shaders can now access an effectively unlimited number of texture and image resources directly by virtual addresses.  This bindless texture approach avoids the application overhead due to explicitly binding a small window of accessible textures.  Ray tracing and global illumination algorithms are faster and simpler with unfettered access to a virtual world’s entire texture set.
  • Sparse Texture Extension (GL_ARB_sparse_texture)
    Enables handling of huge textures that are much larger than the GPUs physical memory by allowing an application to select which regions of the texture are resident for ‘mega-texture’ algorithms and very large data-set visualizations.

Industry Support

“AMD has a long tradition of supporting open industry standards, and congratulates the Khronos Group on the announcement of the OpenGL 4.4 specification for state-of-the-art graphics processing,” said Matt Skynner, corporate vice president and general manager, Graphics Business Unit, AMD.  “Maintaining and enhancing OpenGL as a strong and viable graphics API is very important to AMD in support of our APUs and GPUs. We’re proud to continue support for the OpenGL development community.”

“We worked closely with Khronos on OpenGL 4.4, so we wanted to make sure the day it was announced we had compliant drivers for our Fermi and Kepler GPUs,” said Tony Tamasi, senior vice president, Content and Technology at NVIDIA. “We’re also working to bring support to Tegra, so developers can create amazing content that scales from high-end PCs down to mobile devices.” (These products are based on the published OpenGL 4.4 Specification, and are submitted to, and are expected to pass, the Khronos Conformance Testing Process. Current conformance status can be found at www.khronos.org/conformance.)

Source: here.

by admin

Khronos Releases OpenCL 2.0

July 22, 2013 in News, OpenCL, OpenGL by admin

openclJuly 22nd 2013 – SIGGRAPH – Anaheim, CA – The Khronos™ Group today announced the ratification and public release of the OpenCL™ 2.0 provisional specification. OpenCL 2.0 is a significant evolution of the open, royalty-free standard that is designed to further simplify cross-platform, parallel programming while enabling a significantly richer range of algorithms and programming patterns to be easily accelerated. As the foundation for these increased capabilities, OpenCL 2.0 defines an enhanced execution model and a subset of the C11 and C++11 memory model, synchronization and atomic operations. The release of the specification in provisional form is to enable developers and implementers to provide feedback before specification finalization, which is expected within 6 months. The OpenCL 2.0 provisional specification and reference cards are available at www.khronos.org/opencl/.

“The OpenCL working group has combined developer feedback with emerging hardware capabilities to create a state-of–the-art parallel programming platform – OpenCL 2.0,” said Neil Trevett, chair of the OpenCL working group, president of the Khronos Group and vice president of mobile content at NVIDIA. “OpenCL continues to gather momentum on both desktop and mobile devices. In addition to enabling application developers it is providing foundational, portable acceleration for middleware libraries, engines and higher-level programming languages that need to take advantage of heterogeneous compute resources including CPUs, GPUs, DSPs and FPGAs.”

Updates and additions to OpenCL 2.0 include:

  • Shared Virtual Memory
    Host and device kernels can directly share complex, pointer-containing data structures such as trees and linked lists, providing significant programming flexibility and eliminating costly data transfers between host and devices.
  • Dynamic Parallelism
    Device kernels can enqueue kernels to the same device with no host interaction, enabling flexible work scheduling paradigms and avoiding the need to transfer execution control and data between the device and host, often significantly offloading host processor bottlenecks.
  • Generic Address Space
    Functions can be written without specifying a named address space for arguments, especially useful for those arguments that are declared to be a pointer to a type, eliminating the need for multiple functions to be written for each named address space used in an application.
  • Images
    Improved image support including sRGB images and 3D image writes, the ability for kernels to read from and write to the same image, and the creation of OpenCL images from a mip-mapped or a multi-sampled OpenGL texture for improved OpenGL interop.
  • C11 Atomics
    A subset of C11 atomics and synchronization operations to enable assignments in one work-item to be visible to other work-items in a work-group, across work-groups executing on a device or for sharing data between the OpenCL device and host.
  • Pipes
    Pipes are memory objects that store data organized as a FIFO and OpenCL 2.0 provides built-in functions for kernels to read from or write to a pipe, providing straightforward programming of pipe data structures that can be highly optimized by OpenCL implementers.
  • Android Installable Client Driver Extension
    Enables OpenCL implementations to be discovered and loaded as a shared object on Android systems.

OpenCL SPIR 1.2 Provisional Specification

In addition, the OpenCL Working Group also today released the OpenCL SPIR 1.2 provisional specification for public review. ‘SPIR’ stands for Standard Portable Intermediate Representation and is a portable non-source representation for OpenCL 1.2 device programs. It enables application developers to avoid shipping kernel source and to manage the proliferation of devices and drivers from multiple vendors. OpenCL SPIR will enable consumption of code from third party compiler front-ends for alternative languages, such as C++, and is based on LLVM 3.2. Khronos has contributed open source patches for Clang 3.2 to enable SPIR code generation.

Industry Support

“These 2 new OpenCL specifications will allow software developers to accelerate a much wider variety of applications on a greater range of devices than previously possible. OpenCL 2.0 will allow applications to process more complex data and algorithms in parallel than was possible in previous standards, while OpenCL SPIR will allow a variety of different programming languages to be compiled directly into OpenCL code for heterogeneous systems,” said Andrew Richards, CEO of Codeplay. “These are 2 big steps forwards to enable software developers to embrace heterogeneous platforms and Codeplay is actively involved in developing for both already.”

“Intel has been deeply involved in shaping new OpenCL 2.0 features like Shared Virtual Memory and OpenCL SPIR”, said Jonathan Khazam, vice president and general manager of Intel’s Visual & Parallel Computing Group. ”We are very excited about the improved programmability of OpenCL 2.0 and the potential to create new experiences with Intel® Iris™ Graphics Products.”

Tony King-Smith, EVP marketing for Imagination Technologies, said: “As a long-standing Promoter, Imagination is delighted to see Khronos release this major upgrade to the OpenCL API standard.  We see an ever widening portfolio of markets relevant to OpenCL, from mobile and consumer multimedia-rich devices through automotive infotainment up to advanced cloud servers and supercomputers. OpenCL is gaining traction among our customers as a means to deliver high-performance compute on our widely deployed PowerVR GPUs as well as our MIPS CPUs. Indeed we have been among the first to enable OpenCL in GPUs for mobile and embedded SoC devices already in production, including some of the leading smartphones and tablets shipping today. We have also been one of the first to demonstrate the significant power saving advantages of OpenCL on GPU running alongside OpenGL ES in real applications – a benefit often overlooked by application developers today. We look forward to continued industry momentum behind OpenCL as a key enabling API for GPU compute and heterogeneous processing.”

“The ability to perform compute-intensive tasks in parallel, using virtually any processor present in the device opens the door for significant performance and functionality improvements in several industries from Automotive to SmartTVs, game consoles and the smartphones. Vivante’s GPU family have been utilizing OpenCL API for long time and we continue to be in forefront to support this new major API version as it will further improve the flow of getting even more complex things done, much faster and better,” said Weijin Dai, CEO of Vivante Corp. “We’re pleased to equip our customers with our GPUs that are faster, smaller and cooler when we see OpenCL to become a significant standard in our customers’ multi-core implementations.”

Source: here.

by admin

OpenGL tutorials with inline WebGL demonstrations

July 17, 2013 in OpenGL, Tutorial by admin

openglThis guide will teach you the basics of using OpenGL to develop modern graphics applications. There are a lot of other guides on this topic, but there are some major points where this guide differs from those. We will not be discussing any of the old parts of the OpenGL specification. That means you’ll be taught how to implement things yourself, instead of using deprecated functions like glBegin and glLight. Anything that is not directly related to OpenGL itself, like creating a window and loading textures from files, will be done using a few small libraries.

http://open.gl/

 

 

by admin

Smooth Parallax Scrolling

July 17, 2013 in Code Snippets, Source Code, Tutorial by admin

Quoting from kirupa.com:

For many practical reasons, our UIs are designed to be two dimensional. Once you throw in meaningful content, some navigation, and other doo-dads to make your application usable, adding any more dimensions simply gets in the way and becomes a distraction. Despite the stranglehold two dimensions have on what we create, there are subtle and effective ways of sneaking an extra dimension in here and there.

Follow this link for a nice article about implementing smooth Paralax Scrolling effect that also works with the mouse wheel.

by admin

Transferring Data Using Sync Adapters

July 16, 2013 in Android, Source Code, Tips & Tricks, Tutorial by admin

android-logoSynchronizing data between an Android device and web servers can make your application significantly more useful and compelling for your users. For example, transferring data to a web server makes a useful backup, and transferring data from a server makes it available to the user even when the device is offline. In some cases, users may find it easier to enter and edit their data in a web interface and then have that data available on their device, or they may want to collect data over time and then upload it to a central storage area.

 Although you can design your own system for doing data transfers in your app, you should consider using Android’s sync adapter framework. This framework helps manage and automate data transfers, and coordinates synchronization operations across different apps. When you use this framework, you can take advantage of several features that aren’t available to data transfer schemes you design yourself:

  • Plug-in architecture – Allows you to add data transfer code to the system in the form of callable components.
  • Automated execution – Allows you to automate data transfer based on a variety of criteria, including data changes, elapsed time, or time of day. In addition, the system adds transfers that are unable to run to a queue, and runs them when possible.
  • Automated network checking – The system only runs your data transfer when the device has network connectivity.
  • Improved battery performance – Allows you to centralize all of your app’s data transfer tasks in one place, so that they all run at the same time. Your data transfer is also scheduled in conjunction with data transfers from other apps. These factors reduce the number of times the system has to switch on the network, which reduces battery usage.
  • Account management and authentication – If your app requires user credentials or server login, you can optionally integrate account management and authentication into your data transfer.

for more information about how to create a sync adapter and the bound Service that wraps it, how to provide the other components that help you plug the sync adapter into the framework, and how to run the sync adapter to run in various ways and to download the source code, follow this link.

Source: developer.android.com

by admin

CyanogenMod 10.1.1 Released – fixes for vulnerabilities that can bypass check for a digital signature

July 12, 2013 in Android, Linux, News, ROM by admin

cyanogen-modGiven all the Android security topics in the news, we thought it prudent to issue a follow-up to the 10.1.0 general release, incorporating patches for various vulnerabilities that have since been identified.

t the time of this post, CyanogenMod 10.1.1 releases are building and mirroring to our download portal. The CM 10.1.1 build is purely a security bug-fix release on top of the previous 10.1.0.x code-base. While it does not carry any new features, it does address the following:

  • Bug 8219321 aka “MasterKey” exploit (also patched in CM 7 and CM 9 source)
  • CVE-2013-2094 (Linux kernel exploit)
  • CVE-2013-2596 (Qualcomm-specific exploit)
  • CVE-2013-2597 (Qualcomm-specific exploit)
  • General device bug-fixes

With the security nature of this release, all users on CM 10.1.0.x are encouraged to update once their respective build is available

 

Source: here.

by admin

Qt Creator 2.8.0 released

July 12, 2013 in News, Qt by admin

QT Creator 2.8.0 final was released. Some of the new changes and additions:

  • C++ got more refactoring actions:
    • Adding declarations and implementations for virtual methods from the superclass.
    • Assigning a method return value or ‘new’ expression to a local variable.
    • Moving function definitions from inline in the header to source.
  • Experimental support for debugging with LLDB on Mac was added (configure the debugger of your kit to be LLDB and point it to your lldb binary)
  • Graphical editor for manifest files and QML debugging and profiling on Android devices.
  •  BlackBerry development environment setup wizard now, making it easier to get started with on-device development.
  • Git version control integration got many new features, including support for interactive rebases.
  • An editor specific for Python was added, with highlighting and indentation, and a Python class wizard

There are many other improvements, bugfixes and additions

For more information and link to the download page, follow this link.

(source here)

by admin

A successful GIT branching model

July 12, 2013 in Git, SCM, Tips & Tricks by admin

An interesting model of GIT branches.

For more info follow this link.

Skip to toolbar