your

Write your first Java GUI app

March 31, 2018 by Simon Leave a Comment

Here is a quick guide that shows how you can create and compile your first Java app with Net Beans.

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Updating the serves is a pain so I am writing a java app for Windows and OSX to help me manage the server by telnetting in on port 22 and performing routine actions from a button click in Java.

Installing Java and NetBeans IDE

Goto https://netbeans.org/downloads/index.html and click “JDK with NetBeans IDE Java SE bundle”

Download Netbeans and Java SE bundle

Install Netbeans and Java SE bundle

Creating your first GUI Java Application

Create New Project (Java Application) in NetBeans, Click Next

Name the project and set the main class as “main”

Add a new file, a “Swing GUI Form/JFrame form“.

Name the J Frame Form and click Finish.

Adding GUI elements in NetBeans IDE

In the Net Beans IDE, you can simply drag and drop elements. I like to move my properties screen to the bottom centre.

Set the panel at the default startup element

Add the following code to the main.java file

> framemain form = new framemain();
> form.setVisible(true);

Compile the App

The app compiles 🙂

Add an action to a button

You can add button actions (events) in the design mode.

Add Hello World alert box code to the button

Add the following to the Panel code file

> public static void infoBox(String infoMessage, String titleBar)
> {
> JOptionPane.showMessageDialog(null, infoMessage, “InfoBox: ” + titleBar, JOptionPane.INFORMATION_MESSAGE);
> }

Add this to the action (event)

System.out.println(“Hello World”);
> frame1.infoBox(“Hello World”, “Hello World”);

Build

To build right-click on the project and click Clean and Build

The result is an app you can run by double-clicking the jar file.

I hope this helps someone.

Making an OSX APP file from the JAR file

Coming soon

Making a Windows EXE file from the JAR file

Coming soon

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.0 Initial post

How to purchase your own domain name and set up a web server from $5 a month

March 28, 2018 by Simon Leave a Comment

This guide will show technically minded people how you can purchase your own domain name, set up a web server on Vultr with an online store using WordPress/WooCommerce from $5 a month. Warning this post is technical (if you have never used SSH, Ubuntu, Linux Command Line, hate risk or are not patient then this is NOT the guide you are after).

Draft Post (released early to share)

I personally recommend (not a paid endorsement) the free WooCommerce plugin for the free WordPress.org CMS on the free Ubuntu Operating system with the free NGINX web server and the free MYSQL database engine and free SSL certificates from Lets Encrypt.

Sorry for using the word free a lot but I like free things. One of the benefits of a using a self-managed server is you get the option to install free software and configure the server how you want and secure it how you want. Truth be told managed ho (e.g CPanel, etc) are in the business of making money via monthly feed, expensive SSL certificates, taxing your transactions or pushing you to higher priced tiers.

Legend:

Self Managed Server = A server that you create, you configure patch and support (all the reward and risk is owned by you and costs are low).
Hosted Server = A server you have partial control of and the hosts manage the server and support (You hand away all risk and most of the control and pay for support/features).

I moved to a self-managed server after I was paying $25/m for a poorly performing website and $150/y for a poor quality SSL certificate and a slice of a server that seemed to always say “Usage Limit Exceeded”. Why pay for an insecure website that my visitors could not view because the usage limit was exceeded.

fyi: Fearby.com costs me $10 a month for a server and $5/m for CDN abilities.

CPanel hosts are an option when you don’t want to self-manage a service and take on the hassle but be prepared for server limitations (The image below was taken on an older CPanel based hosts before I moved to a self-managed Vultr server)

I recently discovered a well known and established website hosting service (that I used to use) and a friend is still using is insecure. My friend’s site has a static website on it but the server underneath was very old and insecure. Having a secure web server should be at the top of your list with any self-managed or hosted website (this will help search engine optimization and prevent risks to your website visitors).

Sites like Virus Total, SSL Labs and Alexa Site Info , Qualys are good ways to review a site’s credibility.

fyi: The awesome https://seositecheckup.com/ is awesome for evaluating our sites SEO score.

Before we set up a server with WordPress on your own server let’s quickly look at the alternative commercial ready to go website builders.

Alternative (paid) DIY Website Builders

The following leading commercial sites will allow you to build a site online.

In my opinion, five things matter with setting up site online website.

Setup Costs, Monthly Cost and Commissions (what are the hidden charges)
Security (having a food SSL Certificate is key to having a good organic traffic from search engines)
Site Speed (Having a slow site will impact search engine optimization and drive visitors away)
Accessibility (if your site is not WCAG accessible it will not rank high on search engines).
Control (will you be able to do everything you want too, nothing worse than going so far and being limited)

Ok, let’s see how much it will cost to set up a simple business site on the sites above.

Wix

Setup: Goto https://www.wix.com/, Login to Wix, click Create Site, click Business, Click Choose a Template, Edit the page, Click Save, Click “Connect your own customized domain“, Click “Connect a domain you already own“.

I was redirected to a Wix plan pricing page where I need to choose a plan to continue. From what I researched you cant control HTML on Wix so can’t add a MailChimp newsletter signup form so you would have to go with the $24.5/m option to enable Email Campaigns.

I could not see information about included SSL certificates, SEO or other chargers. SSL is free after you pay right?

The Wix editor appears OK (it may take a bit of learning though).

I clicked publish and the site was live

A quick check of the SSL, Accessibility and SEO and no obvious deal breakers here apart from the price and platform lock-in.

I performed a security check on the site with https://freescan.qualys.com (passed)

Conclusion: I hear Wix templates are hard to change so choose your template wisely, A large collection of apps are available that you can add to the site.

Although Wix was nice and it does include a full-featured look at the engine it is not for me ($24/m USD is too expensive).

Squarespace

Squarespace basic websites cost $16/$25 a month or $34/52 for online stores: https://www.squarespace.com/pricing/

Setup a Squarespace website: Goto https://www.squarespace.com/, Click Start a Free Trial, Choose a Template, Create an Account (a quick read of the terms of service and privacy policy, #scary), SpareSpace sites are pre-published?

Loading the webpage on a non-logged-in (with SquareSpace login) browser displays a trial warning. Trial pages are essentially restricted (unlike Wix).

The mobile view does not match the template? I guess the chosen template is more of a vibe and not a template.

Setting up a Squarespace website may take some time. Squarespace does have some nifty advance options in a slide-out menu though.

Because the public view of the page is restricted I cannot scan it with WCAG accessibility tools. Scanning the site performance speeds with gtmetrix also fails.

Squarespace is well known to be difficult to set up a website when compared to other drag and drop editors (but Squarespace sites do look nice).

I am not paying $54/m for a website so let’s move on.

Shopify

Shopify Setup: Goto https://shopify.com and click Create, Sign up and enter your store name. Complete the wizard.

Choose a Shopify Plan

Scalping transactions, no thanks. let’s move on.

Weebly

Weebly Setup: Goto https://www.weebly.com/au and click Get Started under Create Store. Enter your account details and click Create Your Site, enter the name of the store, Click I’m just trying Weebly, click the type of product you will be selling.

Weebly Site Setup

Theme Selection

Choose a Domain

Publish the site

Clicking publish appears to be a dead end.

“Please contact Weebly Support to verify your account”, No Thanks, let’s move on.

One candidate remains and that is WordPress hosted (wordpress.com not wordpress.org).

WordPress.com

WordPress.com offer hosted plans for WordPress in the cloud.

Setup a WordPress site, the only one that removes WordPress branding and allows third-party plugins to be installed it the Business plans for $33 a month.

Setup Basics

Choose a WordPress theme.

Assign a Domain

In order to buy a domain, you need to log in (top right) with an account

My working WordPress account (is no longer working), it was in my password manager.

I seem to be stuck in a signup loop

Time to move on. Time to set up my own server on Vultr and setup WordPress and WooCommerce,

But, before we do, let’s ensure our name is secure online.

Search for your Name/Brand

Do search for your website (or thing) in search engines to see if your name is already taken, don’t buy a domain that is owned or has IP or trademark presence. It is a good idea to use sites like https://namechk.com/ to see if your site or social media is already taken.

namechk.com will allow you to search for name availability online. The name “mything” is not fully available online.

You will want to see all green squares (name available) below before buying a domain name. This looks better.

I would recommend you create your social media accounts before or right after buying your domain. Sites like Twitter will insist on short usernames names so get your social media sites first.

Trademark and Brand Search

Also, perform a trademark and IP search.

Australian Trademark Search: https://search.ipaustralia.gov.au/trademarks/search/quick

United States Trademark Database: https://www.uspto.gov/trademarks-application-process/search-trademark-database

Global brand Search: http://www.wipo.int/branddb/en/

etc

Self Managed Warning

I tend to go the “self-managed server route” and install the free WordPress CMS because:

I can.
I am tight.
I like having full control (usually the best features for online web hosts are hidden behind subscriber tiers, you can install and do whatever you want on your own server like build API’s, distributed MySQL servers, install MongoDB or Redis , use up to date PHP etc).
I have been stung by CPanel hosts charging $150/y for a crappy SSL certificate (You can set up your own SSL certificate for $0 and set up super secure SSL rules).
I can manage WordPress via the command line
I can upgrade the server and restore it whenever I want.
I can manage my own server performance (e.g setup PHP child workers) or install a Content Delivery Network.
I can direct domain email to google G Suite, see pricing here.
etc.

There are many reasons why you would not want to “self-manage” your own server

Technical Requirements (and time to support).
Higher Risk.
Applying Updates and Patches.
etc.

Being technically minded and choosing a “self-managed web servers” can take away time from the fun stuff like SEO, Site Design, customer needs, branding etc. If you do not have experience with SEO, designing, branding, social media, websites etc (and need help) please talk to my friends at Niche Creative (this is not a not a paid endorsement, they are passionate and know thier stuff). I blogged my journey away from a Panel host self-managed server here..

Self Managed Costs

For $5 a month you can buy a server with enough memory to install WordPress (cheaper if you don’t need WordPress)

Vultr is great. Vultr does have ready to go servers that you can deploy that have WordPress all set up.

The Vultr template above does use the Centos OS (read my guide setting up Centos on a different service provider here) but I prefer to manually setup a server with Ubuntu 16.04 OS on Vultr.

Wih a $5 server you can do what you want with it. I have blogged before about setting up your own Server. e.g Installing Centos and Ubuntu server on Digital Ocean. Digital Ocean does not have data centres in Australia and this kills scalability. AWS is good but 4x the price of Vultr. I have blogged about setting up and AWS server here (and upgrading an AWS instance). I tried to check out Alibaba Cloud but the verification process was broken so I decided to check our Vultr.

Manual Setup of Vultr on an Ubuntu 16.04 server

Deploy a Vultr Server – Guide here ($2.5/m to New Jersey or Florida or $5/m to Sydney, I would recommend you opt in for the auto backup for $0.50c/m and $1/m respectively).
Setup NGINX.
Setup PHP and PHP-FPM (see guide above), consider adding PHP child workers.
Setup and secure MySQL (see guide above), create a database for WordPress to use.
Instal Adminder MySQL GUI (guide here).
Setup a free Lets Encrypt SSL certificate (guide here).
Install WordPress (and Jetpack plugin).
Install WordPress CLI.
Instal the WooCommerce Storefront WordPress Theme.
Install WooCommerce Plugin.
Secure Ubuntu.
Also consider linking your domain to Cloudflare to boost performance, scanning your site with Qualys Freescan and OWASP ZAP).
Consider setting up a WordPress image compressor and CDN plugin. like EWWW.io

Manual WooCommerce Plugin Setup

Once you setup Woocommerce you can setup the store defaults. Goto the WordPress dashboard and click WooCommerce Settings

Settings – General

Set Address, City and State and Postcode
Set allowed countries to sell in (e.g Australia)
Set allowed countries to ship items to (e.g Australia)
Set Enable Taxes
Set Currency
etc

Settings – Products

Set Weight
Set Dimensions
Enable Product Reviews
Enable Star Ratings on Reviews
etc

Settings – Shipping

Enable Shipping Calculator
Add Shipping Classes
Shipping Zones
etc.

Settings – Checkout

Force Secure Checkup
Create a Terms and Conditions page (and set).
etc

Settings – Account

Set Account Options
etc

Settings – Emails

Set Email Preferences
Set Email Header Image
Set Email Colour
Set Footer Text
etc

Settings – API

API can be disabled if you don’t need it.

Optional Actions

Setup Yoast Plugin
Setup other plugins

Post Site Setup

Just because your site is live does not mean you can rest.

SEO Optimization

Do use sites like https://seositecheckup.com/ and follow recommended actions to improve your SEO like updating meta tags.

More Reading

Attaching an email to your domain

You can pay $5 a month and link a G Suite email to your domain.

Dedicated professional Google G Suite email account for $5 a month with 30GB storage (If you don’t want ot to buy a G Suite email and link it to your domain then you don’t need this).

Once you have a G Suite account you can link other domains (and domain emails) to it. You can login to your G Suite emails via G Mail and send emails from apps or the command line.

Why Vultr

I use the server host Vultr as they have data centres all around the world and the support of great, Digital Ocean is good too but they don’t have data centres in my country (Australia). Vultr allows you to deploy all over the world upgrade servers, move servers, add storage and restore servers.

Alternatively, you can buy a $2.5/m server and generate a static website

I use the Platforma Web HTML generator to build mobile and WCAG compliant websites.

Buying a domain, I buy my domains from https://www.namecheap.com/ it is a good idea to look for coupons first at https://www.namecheap.com/promos/coupons.aspx before buying a domain.

Once you buy a domain you can point it to a Vultr server and upload your website.

I hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v.1.2 WordPress WooCommerce

v1.1 SEO

v1.0 Initial Draft

Using the Qualys FreeScan Scanner to test your website for online vulnerabilities

March 23, 2018 by Simon Leave a Comment

It is possible to deploy a server in minutes to hours but it can take days to secure. What tools can you use to help identify what to secure on your website?

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line, installing a Free SSL certificate and setting up SSL security.

Security Tools

https://asafaweb.com/ is a good tool for quick scanning
Kali Linux has a number of security tools you can use.
You can run a system audit Lynis Audit.
Checking your site for vulnerabilities with Zap.
Run a Gravity Scan malware and supply chain scan
Use Qualys SSL scan to test your SSL certificate: https://www.ssllabs.com/ssltest/

Qualys SSL Labs SSL Tester is the best tool for checking an SSL certificate strength

Most people don’t know Qualys also has another free (limited to 10 scans) vulnerability scanner for websites.

Goto https://freescan.qualys.com/ and click Start your free account.

Complete the signup form

Now check your email to login and confirm your email account

Login now from the email.

Create a password (why the 25 char max Qualys?)

Enter your website URL and click Scan

The scan can take hours

While the scan was being performed I noticed that Qualys offers alerts (I’ll check this out later): https://www.qualys.com/research/security-alerts/

Yes, the scan can take hours, take a walk or read other posts here.

The scan is almost complete

Yay, my latest scan revealed 0 High, 0 Medium and 0 Low-risk vulnerabilities.

It did report 23 informational alerts like “Firewall Detected“.

Threat Report Results

Patch Report Results

This report was empty (probably because I don’t run Windows)

Threat Report Results

The OWASP report contained partial scan results (maybe the full report is available to pro users)

Previous Scan Results

The Qualys dashboard will show all past scans.

My first scan showed a Low priority issue with the /wp-login.php page as the input fields did not have “autocomplete=”off””, I fixed this by adding “autocomplete=”off”” the removing the page (safer).

The second scan found two issues with cookies (possibly ad banner cookies) and 2 subfolders that I created in past development exercises. I deleted the two sub-folders that were not needed.

The third scan was clean.

Here is a scan of a static website of a friends server (static can be less secure if the server underneath is old or unpatched).

Happy scanning. I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.1 Static Web Server Scan

v1.0 Initial post

Using OWASP ZAP GUI to scan your Applications for security issues

March 17, 2018 by Simon 1 Comment

OWASP is a non-profit that lists the Top Ten Most Critical Web Application Security Risks, they also have a GUI Java tool called OWASP Zap that you can use to check your apps for security issue.

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. It is important that you always update your site and software and test your sites and software for vulnerabilities. Zap is free and completely open source.

Disclaimer, I am not an expert (this Zap post and my past Kali Linux guide will be updated as I learn more).

OWASP Top 10

OWASP has a top 10 list of things to review.

Download the OWASP 10 10 Application security risks PDF here form here.

Using the free OWASP Zap Tool

Snip from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

“The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.”

Zap Overview

Here is a quick demo of Zap in action.

Do check out the official Zap videos on youtube: https://www.youtube.com/user/OWASPGLOBAL/videos if you want to learn more.

Installing Zap

Download Zap from here.

Download Options

Download contents

Copy to the app to the OSX Application folder

App Installed

Open OSX’s Privacy and Security screen and click Open Anyway

OWASP Zap is now Installed

Ready for a Scan

But before we do let’s check out the Options

OWASP Zap allows you to label reports to ad from anyone you want.

Now let’s update the program and plugins, Click Manage Add-ons

Click Update All to Update addons

I clicked Update All

Installed some plugins

Zap is Ready

Add a site and right click on the site and you can perform an active scan or port scan.

First Scan (https failed)

I enabled unsafe SSL/TLS Renegotiation.

This did not work and this guide said I needed to install the “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from here.

The extract files to /Library/Java/JavaVirtualMachines/%your_jdk%/Contents/Home/jre/lib/security

I restarted OWASP Zap and tried to scan my site buy it appears Cloudflare (that I recently set up) was blocking my scans and reported error 403. I decided to scan another site of mine that was not on Cloudflare but had the same Lets Encrypt style SSL cert.

fyi: I own and set up the site I queried below.

OWASP Zap scan performed over 800 requests and tried traversal exploits and many other checks. Do repair any major failures you find.

Generating a Report

To generate a report click Report then the appropriate generation menu of choice.

FYI: The High Priority Alert is a false positive with an HTML item being mistaken for a CC number.

I hope this guide helps someone. Happy software/server hardening and good luck.

More Reading

Check out my Kali Linux guide.

Ask a question or recommend an article

Revision History

v1.2 False Positive

v1.1 updated main features

v1.0 Initial post

Setting up the Debian Kali Linux distro to perform penetration testing of your systems

March 7, 2018 by Simon Leave a Comment

This post will show you how to setup the Kali Linux distro to perform penetration testing of your systems

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Securing your systems is very important (don’t stop) and keep learning (securing ubuntu in the cloud, securing checklist, run a Lynis system audit etc)

snip from: https://www.kali.org/about-us/

“Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.”

Download Kali

I downloaded the torrent version (as the HTTP version kept stopping (even on 50/20 NBN).

After the download finished I checked the SHA sum to verify it’a integrity

cd /Users/username/Downloads/kali-linux-2018.1-amd64
shasum -a 256 ./kali-linux-2018.1-amd64.iso 
ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317  ./kali-linux-2018.1-amd64.iso

cd /Users/username/Downloads/kali-linux-2018.1-amd64

shasum -a 256 ./kali-linux-2018.1-amd64.iso

ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317 ./kali-linux-2018.1-amd64.iso

A least it matched the known (or hacked) hash here.

Installing Parallels in a VM on OSX

I use Parallels 11 on OSX to set up a VM os Demina Kali, you can use VirtualBox, VMWare etc.

Hardware: 2x CPU, 2048MB Ram, 32MB Graphics, 64GB Disk.

I selected Graphical Install (English, Australia, American English, host: kali, network: hyrule, New South Wales, Partition: Guided – entire disk, Default, Default, Default, Continue, Yes, Network Mirror: Yes, No Proxy, Installed GRUB bootloader on VM HD.

Post Install

Install Parallel Tools

Official Guide: https://kb.parallels.com/en/123968

I opened the VM then selected the Actions then Install Parallels Tools, this mounted /media/cdrom/, I copied all contents to /temp/

As recommended by the Parallels instal bash script I updated headers.

apt install linux-headers-4.14.0-kali1-amd64

1	apt install linux-headers-4.14.0-kali1-amd64

Then the following from https://kb.parallels.com/en/123968

apt-get clean
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get install dkms kpartx printer-driver-postscript-hp

apt-get clean

apt-get update

apt-get upgrade -y

apt-get dist-upgrade -y

apt-get install dkms kpartx printer-driver-postscript-hp

Parallels will not install, I think I need to upgrade to parallel 12 or 12 as the printer driver detection is not detecting (even though it is installed).

Installing Google Chrome

I used the video below

I have to run chrome with

/usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir &

1	/usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir &

It works.

Running your first remote vulnerability scan in Kali

I found this video useful in helping me scan and check my systems for exploits

Simple exploit search in Armitage (metasploit)

A quick scan of my server revealed three ports open and (22, 80 and 443). Port 80 redirects to 443 and port 22 is firewalled. I have WordPress and exploits I rued failed to work thanks to patching (always stay ahead of patching and updating of software and the OS.

Without knowing what I was doing I was able to check my WordPress against known exploits.

If you open the Check Exploits menu at the end of the Attacks menu you can do a bulk exploit check.

WP Scan

Kali also comes with a WordPress scanner

wpscan --url https://fearby.com

1	wpscan --url https://fearby.com

This will try and output everything from your web server and WordPress plugins.

/xmlrpc.php was found and I was advised to deny access to that file in NGINX. xmlrpc.php is ok but can be used in denial of service attacks.

location = /xmlrpc.php {
	deny all;
	access_log off;
	log_not_found off;
}

location = /xmlrpc.php {

deny all;

access_log off;

log_not_found off;

}

I had a hit for a vulnerability in a Youtube Embed plugin but I had a patched version.

TIP: Check your WordPress often.

More to come (Draft Post).

OWASP scanner
WPSCAN
Ethical Hacker modules
Cybrary training
Sent tips to @FearbySoftware

Tips

Don’t have unwanted ports open, securely installed software, Use unattended security updates in Ubuntu, update WordPress frequently and limit plugins and also consider running more verbose audit tools like Lynis.

More Reading

Read my OWASP Zap guide on application testing and Cloudflare guide.

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.2 added More Reading links.

v1.1 Added bulk exploit check.

v1.0 Initial post

Using the free Adminer GUI for MySQL on your website

February 8, 2018 by Simon 2 Comments

Adminer is a free GUI tool that can you can easily install on a PHP web server. Adminer allows you to easily connect to your MySQL instance, create databases/tables/indexes/rows and backup/import databases and much more.

You can read my other posts on Useful Linux Terminal Commands and Useful OSX Terminal Commands.

I used to use phpMyAdmin to manage MySQL databases on AWS, Digital Ocean and Vultr but switched to Adminer due to forgotten issues. You can always manage MySQL via command line but that is quite boring.

The below screenshots were taken on my local Development Mac Laptop (with optional OSX Apache SSL Setup (that reports “Not Secure” (but it is good enough to use locally)). I prefer to code in SSL and warn when SSL is not detected.

Downloading and Installing Adminer

Navigate to https://www.adminer.org/ and click Download.

Click English only (.php file)

Save the Adminder for MySQL (.php) file to your web server and give it a random name and put in a folder also with a random name (I use https://www.grc.com/passwords.htm to generate strong password).

Tip: Uploading this file to a live serve offers hackers and unauthorized people potential access to your MySQL server. I would remove this file from live serves when you are not using it not to be sure.

Tip: Read my guide here on setting up NGINX, MySQL and PHP here. Basically I did this to setup MySQL on Ubuntu 16.04.

sudo apt-get install mysql-common
sudo apt-get install mysql-server
mysql --version
>mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper
sudo mysql_secure_installation
>Y (Valitate plugin)
>2 (Strong passwords)
>N (Don't chnage root password)
>Y (Remove anon accounts)
>Y (No remote root login)
>Y (Remove test DB)
>Y (Reload)
service mysql status
> mysql.service - MySQL Community Server

sudo apt-get install mysql-common

sudo apt-get install mysql-server

mysql --version

>mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper

sudo mysql_secure_installation

>Y (Valitate plugin)

>2 (Strong passwords)

>N (Don't chnage root password)

>Y (Remove anon accounts)

>Y (No remote root login)

>Y (Remove test DB)

>Y (Reload)

service mysql status

> mysql.service - MySQL Community Server

TIP: Ensure MySQL is secure and has a good root password, also consider setting up Ubuntu Firewalls and Securing Ubuntu. Also ensure the Server is patched and does not have exploits like Spectre and meltdown.

Now you can access your Admirer php file on your Web Server (hopefully with an obfiscated name).

Click Create databaase

Give the database a name and choose the character coding standard (e.g UTF8 ceneral ci). Different standards have different performance impacts too.

Now that you have a database you can create a table.

Consider adding an auto-incrementing ID and say a Key and Value varchar column.

When the table is created you can add a row to the table.

I created one with a “TestKey” and “TestValue” row.

The row was inserted.

The final thing to do is add a database user that code can connect to the database with. Click Privileges.

Click Create user

Tick All privileges and click Save

Now the user is added to the database

Let’s create a PHP file and talk to the database. Let’s use parameterized queries

<?php

date_default_timezone_set('Australia/Sydney');
echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . "<br /><br />";

// Turn on if you need to see errors
// error_reporting(E_ALL);
// ini_set('display_errors', 0);

$dbhost = '127.0.0.1';
$dbname = 'dbtest';
$dbusername = 'dbtestuser';
$dbpassword = '*****************************************'';

$con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname);
 
// Turn on debug stuff if you need it
// echo var_dump($con);
// printf(" - Error: %s.n", $stmt->error);
 
if($con->connect_errno > 0){

    printf(" - Error: %s.n", $stmt->error);
    die("Error: Unable to connect to MySQL");

} else {

    echo "Charset set to utf8<br />";
    mysqli_set_charset($con,"utf8");
}
 
if (!$con) {

    echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;

} else {

    echo "Database Connection OK<br />";
 
    echo "&nbsp; Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Server Info: '" . mysqli_get_server_info($con) . "'<br />";
    echo "&nbsp; &nbsp;- Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />";
    echo "&nbsp; &nbsp;- Server Version: " . mysqli_get_server_version($con) . "<br />";
    //echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . "<br />";
    echo "&nbsp; &nbsp;- Client Version: " . mysqli_get_client_version($con) . "<br />";
    echo "&nbsp; &nbsp;- Client Info: '" . mysqli_get_client_info() . "'<br />";
 
    echo "Ready to Query the database '$dbname'.<br />";
 
    // Input Var's that are parameterized/bound into the query statement
    $in_key = mysqli_real_escape_string($con, 'TestKey');
 
    // Output Var's that the query fills after querying the database
    // These variables will be filled with data from the current returned row
    $out_id = "";
    $out_key = "";
    $out_value = "";
 
    echo "1. About to query the database: '$dbname'<br />";
    $stmt = mysqli_stmt_init($con);

    $sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?";
    echo "SQL: $sql (In = $in_key)<br /";

    if (mysqli_stmt_prepare($stmt, $sql)) {

            echo "2. Query Returned<br />";
            /*
                Type specification chars
                Character   Description
                i   corresponding variable has type integer
                d   corresponding variable has type double
                s   corresponding variable has type string
                b   corresponding variable is a blob and will be sent in packets
            */
            mysqli_stmt_bind_param($stmt, 's', $in_key);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value);
            mysqli_stmt_fetch($stmt);
     
            // Do something with the 1st returned row        
            echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";//

            // Do we have more rows to process
            while($stmt->fetch()) { 
                
                    // Output returned values
                    echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";//
            
            }
            mysqli_stmt_close($stmt);
            
            echo "Done<br />";
        
        } else {
        
            echo "3. Error Querying<br/>";
            printf(" - Error: %s.n", $stmt->error);
        
        }
}    
?>

100

101

102

103

104

105

106

<?php

date_default_timezone_set('Australia/Sydney');

echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . " ";

// Turn on if you need to see errors

// error_reporting(E_ALL);

// ini_set('display_errors', 0);

$dbhost = '127.0.0.1';

$dbname = 'dbtest';

$dbusername = 'dbtestuser';

$dbpassword = '*****************************************'';

$con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname);

// Turn on debug stuff if you need it

// echo var_dump($con);

// printf(" - Error: %s.n", $stmt->error);

if($con->connect_errno > 0){

printf(" - Error: %s.n", $stmt->error);

die("Error: Unable to connect to MySQL");

} else {

echo "Charset set to utf8 ";

mysqli_set_charset($con,"utf8");

}

if (!$con) {

echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL;

echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;

echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;

exit;

} else {

echo "Database Connection OK ";

echo "  Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . " ";

echo "   - Host information: " . mysqli_get_host_info($con) . PHP_EOL . " ";

echo "   - Server Info: '" . mysqli_get_server_info($con) . "' ";

echo "   - Server Protocol Info : ". mysqli_get_proto_info($con) . " ";

echo "   - Server Version: " . mysqli_get_server_version($con) . " ";

//echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . " ";

echo "   - Client Version: " . mysqli_get_client_version($con) . " ";

echo "   - Client Info: '" . mysqli_get_client_info() . "' ";

echo "Ready to Query the database '$dbname'. ";

// Input Var's that are parameterized/bound into the query statement

$in_key = mysqli_real_escape_string($con, 'TestKey');

// Output Var's that the query fills after querying the database

// These variables will be filled with data from the current returned row

$out_id = "";

$out_key = "";

$out_value = "";

echo "1. About to query the database: '$dbname' ";

$stmt = mysqli_stmt_init($con);

$sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?";

echo "SQL: $sql (In = $in_key)<br /";

if (mysqli_stmt_prepare($stmt, $sql)) {

echo "2. Query Returned ";

Type specification chars

Character Description

i corresponding variable has type integer

d corresponding variable has type double

s corresponding variable has type string

b corresponding variable is a blob and will be sent in packets

mysqli_stmt_bind_param($stmt, 's', $in_key);

mysqli_stmt_execute($stmt);

mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value);

mysqli_stmt_fetch($stmt);

// Do something with the 1st returned row

echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value ";//

// Do we have more rows to process

while($stmt->fetch()) {

// Output returned values

echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value ";//

}

mysqli_stmt_close($stmt);

echo "Done ";

} else {

echo "3. Error Querying ";

printf(" - Error: %s.n", $stmt->error);

}

Result

If you don’t have a server check out my guides on AWS, Digital Ocean and Vultr.

Happy coding and I hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.0 Initial Version

Using TG Pro to Manage Mac Book Pro Temps (and find your max working load)

December 31, 2017 by Simon 1 Comment

I blogged about opening my Mac Book Pro and removing dust here. Here is a review of the TG Pro software from Tuna Belly Software. Below I show how you can stress test your Mac help find it’s thermal limits (and manage fan speeds with TG Pro).

You can download TG Pro from here: https://www.tunabellysoftware.com/tgpro/

Stress Test your Mac

On OSX

Open TG Pro (right).
Open 4x terminal windows (blue) for the stress testing tool (yes).
Open 1x terminal windows (green) for the top command line task manager.
Open Activity Monitor (bottom left)

Once you start the stress testing tool you will need to manually end task the “yes” processes or reboot your Mac.

In each of the (blue) Terminal windows type: yes > /dev/null &

You will need to fire up as many top processes as required (depending on your processor) to get to 100% CPU activity in Activity Monitor.

You will see 4x process ID’s outputted in the blue terminal windows (remember these as you will need the process ID’s to kill the processes). The process ID is also shown in the green windows below. Failing this you can end task processes in Activity Monitor GUI.

With stock cooling profiles (Apple) in action, CPU temps jump to the low 90’s.

I clicked Auto Boost in TG Pro and temps jump down 10c each core. This was still with the stress test in action.

What will TG Pro – Auto Boost in Idle situations due to CPU temperatures? Instead of High 50ciI am getting Low 40’s. Nice.

Other TG Pro Options

What else can TG Pro do?

TG Pro can alert you when the CPU gets too hot.

TG Pro – Startup and update options.

TG Pro – Notification area options.

TG Pro – Celcius/Fahrenheit options etc.

TG Pro – Notification Options.

TG Pro – Logging Options.

TG Pro – I personally like these temperature/fan ramping configuration.

TG Pro – Updates Screen

TG Pro is awesome software and I use it to auto boost my Mac Book Pro fans post cleaning dust and reapplying thermal paste on my CPU/GPU. I paid for the software used in this review (this is not a paid review).

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.0 Initial Post

Building your first app on Heroku

November 26, 2017 by Simon Leave a Comment

Below is my blog post on setting up a hello world app on Heroku that is powered by a database (e.g Client requests a page, the page reads a database and return hello world).

I found IBM/Cloudant would cost multiple thousands a month to run a good NoSQL database backend, I moved to a self-managed server on Digital Ocean in Singapore but the distance of the server killed latency and maximum throughput in Australia. I moved to a dedicated AWS EC2 instance with a Mongo DB cluster on AWS in Australia and it was great but pricey. A self-managed server (on Digital Ocean or Vultr) allows you to install whatever you want (e.g PHP, MySQL, MongoDB, Redis, SSL Certificate, Mail or WordPress) and configure what you want (but at what cost?).

Heroku say: “Get straight to building apps – Setting up, operating and maintaining your own platform is not where the race is won. Avoid the risk and complexity, and dedicate your energy to what really matters: building great apps.”.

Having setup serves on IBM Cloudant, Digital Ocean, AWS and Vultr (and even managing with RunCoud and Webmin) and not focusing on a self-managed server-issues like security, backup, security audits, upgrading PHP, updating ssl, setting up distributed mysql, updating https certificates etc sounds like the holy grail.

Let’s put that to the tets and build a Hello World App.

About Heroku

Heroku have a page here about what they offer.

Programming Languages (Ruby, PHP, Python, NodeJS, Java, Cloujure, Scala, Go etc). I so wanted to select “I’m not a developer” but I won’t. I selected NodeJS.

Next: Verify your email, enter a password and you’ll find yourself here.

Now we can create an app?

Help

Ok, let’s skim the NodeJS help before we start: https://devcenter.heroku.com/articles/getting-started-with-nodejs#set-up

Let’s download the Command Line tools

Installing Heroku CLI on OSX was uneventful

I clicked the “I have installed the Heroku CLI” button.

Heroku wanted me to clone a repo but I logged in to Heroku the Heroku CLI and created a local Heroku folder first (in my local Terminal).

Last login: Sat Nov 25 18:54:43 on ttys000
192-168-1-200:~ username$ mkdir ~/Desktop/heroku
192-168-1-200:~ username$ cd ~/Desktop/heroku
192-168-1-200:heroku simon$ pwd
/Users/username/Desktop/heroku
192-168-1-200:~ username$ heroku login
heroku-cli: Updating to 6.14.38-9bfc11a... 12.7 MB/12.7 MB
Enter your Heroku credentials:
Email: removed@removed.com
Password: *******************************************************

Last login: Sat Nov 25 18:54:43 on ttys000

192-168-1-200:~ username$ mkdir ~/Desktop/heroku

192-168-1-200:~ username$ cd ~/Desktop/heroku

192-168-1-200:heroku simon$ pwd

/Users/username/Desktop/heroku

192-168-1-200:~ username$ heroku login

heroku-cli: Updating to 6.14.38-9bfc11a... 12.7 MB/12.7 MB

Enter your Heroku credentials:

Email: removed@removed.com

Password: *******************************************************

I checked the Heroku Version

heroku --version
heroku-cli/6.14.38-9bfc11a (darwin-x64) node-v9.2.0

1 2	heroku --version heroku-cli/6.14.38-9bfc11a (darwin-x64) node-v9.2.0

I checked Heroku Help

heroku --help
Usage: heroku COMMAND

Help topics, type heroku help TOPIC for more details:

 access          manage user access to apps
 addons          tools and services for developing, extending, and operating your app
 apps            manage apps
 auth            heroku authentication
 authorizations  OAuth authorizations
 buildpacks      manage the buildpacks for an app
 certs           a topic for the ssl plugin
 ci              run an application test suite on Heroku
 clients         OAuth clients on the platform
 config          manage app config vars
 container       Use containers to build and deploy Heroku apps
 domains         manage the domains for an app
 drains          list all log drains
 features        manage optional features
 git             manage local git repository for app
 keys            manage ssh keys
 labs            experimental features
 local           run heroku app locally
 logs            display recent log output
 maintenance     manage maintenance mode for an app
 members         manage organization members
 notifications   display notifications
 orgs            manage organizations
 pg              manage postgresql databases
 pipelines       manage collections of apps in pipelines
 plugins         manage plugins
 ps              manage dynos (dynos, workers)
 redis           manage heroku redis instances
 regions         list available regions
 releases        manage app releases
 run             run a one-off process inside a Heroku dyno
 sessions        OAuth sessions
 spaces          manage heroku private spaces
 status          status of the Heroku platform
 teams           manage teams
 update          update CLI
 webhooks        setup HTTP notifications of app activity

heroku --help

Usage: heroku COMMAND

Help topics, type heroku help TOPIC for more details:

access manage user access to apps

addons tools and services for developing, extending, and operating your app

apps manage apps

auth heroku authentication

authorizations OAuth authorizations

buildpacks manage the buildpacks for an app

certs a topic for the ssl plugin

ci run an application test suite on Heroku

clients OAuth clients on the platform

config manage app config vars

container Use containers to build and deploy Heroku apps

domains manage the domains for an app

drains list all log drains

features manage optional features

git manage local git repository for app

keys manage ssh keys

labs experimental features

local run heroku app locally

logs display recent log output

maintenance manage maintenance mode for an app

members manage organization members

notifications display notifications

orgs manage organizations

pg manage postgresql databases

pipelines manage collections of apps in pipelines

plugins manage plugins

ps manage dynos (dynos, workers)

redis manage heroku redis instances

regions list available regions

releases manage app releases

run run a one-off process inside a Heroku dyno

sessions OAuth sessions

spaces manage heroku private spaces

status status of the Heroku platform

teams manage teams

update update CLI

webhooks setup HTTP notifications of app activity

I ran the advised commands

git clone https://github.com/heroku/node-js-getting-started.git
cd node-js-getting-started

1 2	git clone https://github.com/heroku/node-js-getting-started.git cd node-js-getting-started

At this point, I followed the steps at https://devcenter.heroku.com/articles/getting-started-with-nodejs#deploy-the-app

Ran

heroku create
Creating app... done, ⬢ fathomless-anchorage-#####
https://fathomless-anchorage-##removed##.herokuapp.com/ | https://git.heroku.com/fathomless-anchorage-70974.git

heroku create

Creating app... done, ⬢ fathomless-anchorage-#####

https://fathomless-anchorage-##removed##.herokuapp.com/ | https://git.heroku.com/fathomless-anchorage-70974.git

The website is up

Where is this app located

traceroute fathomless-anchorage-70974.herokuapp.com
traceroute: Warning: fathomless-anchorage-70974.herokuapp.com has multiple addresses; using 54.243.121.236
traceroute to us-east-1-a.route.herokuapp.com (54.243.121.236), 64 hops max, 52 byte packets
 1  192-168-1-1 (192.168.1.1)  1.045 ms  1.121 ms  0.727 ms
 2  10.20.23.227 (10.20.23.227)  34.415 ms  30.378 ms  26.927 ms
 3  syd-gls-har-agr11-be-12 (202.7.205.13)  42.363 ms  42.957 ms  35.670 ms
 4  203-221-3-3 (203.221.3.3)  37.517 ms
    203-221-3-4 (203.221.3.4)  29.832 ms
    203-221-3-67 (203.221.3.67)  29.412 ms
 5  10ge4-11.core1.sjc1.he.net (72.52.101.37)  208.270 ms  213.679 ms
    las-b24-link.telia.net (213.248.95.232)  181.162 ms
 6  las-b21-link.telia.net (62.115.136.46)  173.171 ms
    100ge1-1.core1.sjc2.he.net (184.105.65.114)  208.705 ms
    10ge7-2.core1.sjc2.he.net (72.52.92.118)  212.061 ms
 7  dls-b21-link.telia.net (62.115.137.106)  205.615 ms
    100ge2-1.core4.fmt2.he.net (184.105.213.158)  204.186 ms
    dls-b21-link.telia.net (62.115.123.136)  204.317 ms
 8  a100us-ic-303626-dls-bb1.c.telia.net (62.115.36.38)  332.192 ms  205.536 ms
    100ge11-1.core1.dal1.he.net (184.105.64.222)  241.649 ms
 9  176.32.125.172 (176.32.125.172)  209.481 ms
    176.32.125.212 (176.32.125.212)  223.887 ms
    176.32.125.164 (176.32.125.164)  205.608 ms
10  176.32.125.169 (176.32.125.169)  205.849 ms
    176.32.125.150 (176.32.125.150)  274.887 ms
    176.32.125.167 (176.32.125.167)  230.285 ms
11  * 176.32.125.241 (176.32.125.241)  232.125 ms *
12  * * 54.240.229.175 (54.240.229.175)  231.710 ms
13  * 54.240.229.171 (54.240.229.171)  239.321 ms *
14  * * *
15  *^C

traceroute fathomless-anchorage-70974.herokuapp.com

traceroute: Warning: fathomless-anchorage-70974.herokuapp.com has multiple addresses; using 54.243.121.236

traceroute to us-east-1-a.route.herokuapp.com (54.243.121.236), 64 hops max, 52 byte packets

1 192-168-1-1 (192.168.1.1) 1.045 ms 1.121 ms 0.727 ms

2 10.20.23.227 (10.20.23.227) 34.415 ms 30.378 ms 26.927 ms

3 syd-gls-har-agr11-be-12 (202.7.205.13) 42.363 ms 42.957 ms 35.670 ms

4 203-221-3-3 (203.221.3.3) 37.517 ms

203-221-3-4 (203.221.3.4) 29.832 ms

203-221-3-67 (203.221.3.67) 29.412 ms

5 10ge4-11.core1.sjc1.he.net (72.52.101.37) 208.270 ms 213.679 ms

las-b24-link.telia.net (213.248.95.232) 181.162 ms

6 las-b21-link.telia.net (62.115.136.46) 173.171 ms

100ge1-1.core1.sjc2.he.net (184.105.65.114) 208.705 ms

10ge7-2.core1.sjc2.he.net (72.52.92.118) 212.061 ms

7 dls-b21-link.telia.net (62.115.137.106) 205.615 ms

100ge2-1.core4.fmt2.he.net (184.105.213.158) 204.186 ms

dls-b21-link.telia.net (62.115.123.136) 204.317 ms

8 a100us-ic-303626-dls-bb1.c.telia.net (62.115.36.38) 332.192 ms 205.536 ms

100ge11-1.core1.dal1.he.net (184.105.64.222) 241.649 ms

9 176.32.125.172 (176.32.125.172) 209.481 ms

176.32.125.212 (176.32.125.212) 223.887 ms

176.32.125.164 (176.32.125.164) 205.608 ms

10 176.32.125.169 (176.32.125.169) 205.849 ms

176.32.125.150 (176.32.125.150) 274.887 ms

176.32.125.167 (176.32.125.167) 230.285 ms

11 * 176.32.125.241 (176.32.125.241) 232.125 ms *

12 * * 54.240.229.175 (54.240.229.175) 231.710 ms

13 * 54.240.229.171 (54.240.229.171) 239.321 ms *

14 * * *

15 *^C

Traceroute times out but appears to be in the eastern United States (AWS).

Q1) Can I change to Sydney Australia?

Waiting for an answer from Twitter.

Virginia is a long way away.

It’s all good apart from on weak cipher (“TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK (112)“).

A shodan scan of the IP reveals an open port 80 and 443 (as expected, nothing out of the ordinary)

Pushing Changes

I ran this to push the app.

cd /Users/username/Desktop/heroku/node-js-getting-started
git push heroku masterCounting objects: 488, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (367/367), done.
Writing objects: 100% (488/488), 231.76 KiB | 231.76 MiB/s, done.
Total 488 (delta 86), reused 488 (delta 86)
remote: Compressing source files... done.
remote: Building source:
remote: 
remote: -----> Node.js app detected
remote: 
remote: -----> Creating runtime environment
remote:        
remote:        NPM_CONFIG_LOGLEVEL=error
remote:        NPM_CONFIG_PRODUCTION=true
remote:        NODE_VERBOSE=false
remote:        NODE_ENV=production
remote:        NODE_MODULES_CACHE=true
remote: 
remote: -----> Installing binaries
remote:        engines.node (package.json):  8.9.1
remote:        engines.npm (package.json):   unspecified (use default)
remote:        
remote:        Resolving node version 8.9.1...
remote:        Downloading and installing node 8.9.1...
remote:        Using default npm version: 5.5.1
remote: 
remote: -----> Restoring cache
remote:        Skipping cache restore (not-found)
remote: 
remote: -----> Building dependencies
remote:        Installing node modules (package.json)
remote:        added 49 packages in 1.686s
remote: 
remote: -----> Caching build
remote:        Clearing previous node cache
remote:        Saving 2 cacheDirectories (default):
remote:        - node_modules
remote:        - bower_components (nothing to cache)
remote: 
remote: -----> Build succeeded!
remote: -----> Discovering process types
remote:        Procfile declares types -> web
remote: 
remote: -----> Compressing...
remote:        Done: 17.7M
remote: -----> Launching...
remote:        Released v3
remote:        https://fathomless-anchorage-#####.herokuapp.com/ deployed to Heroku
remote: 
remote: Verifying deploy... done.
To https://git.heroku.com/fathomless-anchorage-#####.git
 * [new branch]      master -> master

cd /Users/username/Desktop/heroku/node-js-getting-started

git push heroku masterCounting objects: 488, done.

Delta compression using up to 8 threads.

Compressing objects: 100% (367/367), done.

Writing objects: 100% (488/488), 231.76 KiB | 231.76 MiB/s, done.

Total 488 (delta 86), reused 488 (delta 86)

remote: Compressing source files... done.

remote: Building source:

remote:

remote: -----> Node.js app detected

remote:

remote: -----> Creating runtime environment

remote:

remote: NPM_CONFIG_LOGLEVEL=error

remote: NPM_CONFIG_PRODUCTION=true

remote: NODE_VERBOSE=false

remote: NODE_ENV=production

remote: NODE_MODULES_CACHE=true

remote:

remote: -----> Installing binaries

remote: engines.node (package.json): 8.9.1

remote: engines.npm (package.json): unspecified (use default)

remote:

remote: Resolving node version 8.9.1...

remote: Downloading and installing node 8.9.1...

remote: Using default npm version: 5.5.1

remote:

remote: -----> Restoring cache

remote: Skipping cache restore (not-found)

remote:

remote: -----> Building dependencies

remote: Installing node modules (package.json)

remote: added 49 packages in 1.686s

remote:

remote: -----> Caching build

remote: Clearing previous node cache

remote: Saving 2 cacheDirectories (default):

remote: - node_modules

remote: - bower_components (nothing to cache)

remote:

remote: -----> Build succeeded!

remote: -----> Discovering process types

remote: Procfile declares types -> web

remote:

remote: -----> Compressing...

remote: Done: 17.7M

remote: -----> Launching...

remote: Released v3

remote: https://fathomless-anchorage-#####.herokuapp.com/ deployed to Heroku

remote:

remote: Verifying deploy... done.

To https://git.heroku.com/fathomless-anchorage-#####.git

* [new branch] master -> master

I ran this to ensure the app was running

heroku ps:scale web=1
Scaling dynos... done, now running web at 1:Free

1 2	heroku ps:scale web=1 Scaling dynos... done, now running web at 1:Free

I ran this to open the app

heroku open

1	heroku open

This opened the apps URL in a browser.

A nice help page was pushed to my app.

I changed the contents of “node-js-getting-started/views/pages/index.ejs” and repushed.

git push heroku master
heroku ps:scale web=1
heroku open

git push heroku master

heroku ps:scale web=1

heroku open

It reported “Everything up-to-date“???

I tried to force a push (just in-case something on the server was changed)

git push --force heroku master
Everything up-to-date

1 2	git push --force heroku master Everything up-to-date

???

Ok, let’s pull and see what’s new?

git pull heroku master
From https://git.heroku.com/fathomless-anchorage-#####
 * branch            master     -> FETCH_HEAD
Already up-to-date.

git pull heroku master

From https://git.heroku.com/fathomless-anchorage-#####

* branch master -> FETCH_HEAD

Already up-to-date.

I edited “./index.js” and made the entry point “pages/index2.ejs” and tried to push and no luck.

Everything up-to-date

1	Everything up-to-date

I tried running push under sudo too (no luck)

Googling revealed I can go to https://dashboard.heroku.com/apps/YOUR-APP/deploy/heroku-gi and see what the issue is.

I logged into the app and could not find how to delete or edit it?

At this point, I would have just ssh’ed in and restarted the node process in pm2 or node on my own self-managed server and edited remote files locally in sublime on my local machine.

Personally, I like to know where files live and not delve into another designers management interface.

I’ll come back to this guide later until then I’ll stick with Digital Ocean or Vultr

Linking to your own Domain on Heroku

It looks like I can use custom domains via Namecheap to link a domain to a heroku app.

Or you can setup a domain sub domain to point to a heroku app with a DNS C Name record.

Database Setup

Todo..

Node talking to the database.

Todo..

App Cost on Heroku

todo: After Hello World is deployed. Digital Ocean (is as low as $5 a month) or Vultr (is as low as $2.5 a month)

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.4 added custom domain, database, CNAME info

etc

Installing Android Studio 3 and creating your first Kotlin Android App

November 11, 2017 by Simon 2 Comments

Below is my quick post showing how you can create your own Hello World Android app using the new Kotlin language on OSX. More will be added to this blog post over time.

What is Kotlin

Kotlin is a statically-typed programming language that runs on Java Virtual Machines (the syntax is not compatible with Java but interoperates with it). Kotlin is Google’s default language for deveAndroid Android Apps.Kotlin is now the offimoremorecial language supported by Google for Android development. Kotlin v JAVA: http://androiddeveloper.galileo.edu/2017/10/16/kotlin-vs-java-what-is-the-difference/

The official Kotlin language page can be found here: https://kotlinlang.org/ (Wikipedia has a page here).

Kotlin has a “Try Kotlin” page here ( https://try.kotlinlang.org/ ) where you can the language out in a browser. Android Studio 3 is the latest IDE from Google that allows you to develop apps in JAVA pr Kotlin for Android.

Learn Kotkin: Hello World Demo

Kotlin Hello World Code:

/**
 * We declare a package-level function main which returns Unit and takes
 * an Array of strings as a parameter. Note that semicolons are optional.
 */

fun main(args: Array<String>) {
    println("Hello, world!")
}

/**

* We declare a package-level function main which returns Unit and takes

* an Array of strings as a parameter. Note that semicolons are optional.

fun main(args: Array<String>) {

println("Hello, world!")

}

fyi: Other Kotlin Code Examples:

Kotlin Language Reference: http://kotlinlang.org/docs/reference/

Tutorials: http://kotlinlang.org/docs/tutorials/

Books: http://kotlinlang.org/docs/books.html

More Resources: http://kotlinlang.org/docs/resources.html

Installing Android Studio on OSX

You will need to install the latest Android Studio 3 IDE from the link below. This will allow you to download the latest Android SDK, Android Emulator, tools and Documentation from Google.

Download Android Studio from here: https://developer.android.com/studio/index.html?utm_source=android-studio

You should now have a 750MB (or there about’s) file (called something like android-studio-ide-171.4408382-mac.dmg )

You are now ready to run the setup dmg and install the app.

“Replace” Earlier Versions (if you had 1.x or 2.x installed)

You may be asked to choose the default Android emulator ram size

Congratulations, Android Studio 3 should now be installed

Congratulations you now have the Android Studio 3 IDE Installed.

Android Studio Tips and Tricks: https://medium.com/@mmbialas/50-android-studio-tips-tricks-resources-you-should-be-familiar-with-as-an-android-developer-af86e7cf56d2

Android Studio 3 User Guide: https://developer.android.com/studio/intro/index.html

Official getting started guide: https://developer.android.com/training/basics/firstapp/index.html

Setting Android Studio Defaults

Don’t forget to download updates and set auto updates “to enabled” in the Android Studio preferences screen.

Goto the “SDK Manager” menu item under the “Tools” then “Android” menu.

You can Download additional Android SDK versions, updates and emulator environments. I would recommend you pre-download the Android 3.x to 8.x environments.

You can also download and create Emulated Android Devices in the Android Virtual Device (AVD) Manager menu.

You can choose an existing Android Device (emulated)

Create Your Own Virtual Device

You can also create your own Android virtual device (Emulated) for testing.

I have a physical Huawei Mate 9 device (for physical testing), I will set up a similar virtual device (but stick with 2GB ram instead of 4GB as my development Mac only has 8GB total ram).

You can choose an emulators device skin if you so desire. Many phone skins can be found online (e.g here, here and here). Samsung Developer page has a skins page here. Managing AVD user guide here: https://developer.android.com/studio/run/managing-avds.html. I don’t use emulator device skins as this uses much-needed memory and screen real estate.

When you are done configuring your virtual device image you may be prompted to download missing images (e.g in my case I need to download API 27/ Android 7.1.1).

Physical Device Setup (Enable Developer Mode)

You should always code on physical devices where possible (emulators are ok but have a handful of physical devices on hand to test on). I find the emulator crashes a lot on me.

How to enable developer mode on a physical Android device: https://developer.android.com/studio/debug/dev-options.html. When you have enabled developer mode you can enable advanced developer options (I like these options).

When you have a physical Android device setup and connected, you can choose to run the app on the physical device.

Creating Your first Hello World Kotlin Project

By now you will have Android Studio 3 installed, Configured Updates, Configured an Emulator device and hopefully a real test device. Now you can open Android Studio and select.

1. “Start a New Android Studio Project”
2. Name your project (e.g “My Kotlin Test App 001”)
3. Ensure your company name is unique (e.g “com.fearby.testgithub001android”
4. Tick “Include Kotlin Support” (not ticked by default).

5. Click “Next“.
6.You will need to choose the minimum API and Android version to support. If you choose a new API you may limit the potential users that can run your app and if choose an old API you will limit the potential features. In my case, I will choose 7.0 for my test project (but will choose 4.1 in public apps). Click “Help me choose” to see the percentage of users and features in each API version.

7. Clik “Next”

8. Choose “Empty Activity” and click “Next“.

9. Take note of Activity name of “MainActivity” and Layout Name of “activity_main” and click “Finish“.

Now that you have a new project you can start Emulatorkator (Tools, Android, AVD Manager then press Play next to your emulator of choice).

10. Now click Run and choose the Emulator to start.

Before we add a button to the test app, let’s add a Anko dependency to the project ( https://github.com/Kotlin/anko ) to make coding easier.

11. Open your “app/Gradle Scripts/build.gradle (Module: app)” node in the Android Project treeview.

12. View add the following line to the dependencies section (refer to https://github.com/Kotlin/anko and replace “0.10.2” with the version listed at thGitHubub site). Then click “Sync Now”.

// Anko Commons
compile "org.jetbrains.anko:anko-commons:0.10.2"

1 2	// Anko Commons compile "org.jetbrains.anko:anko-commons:0.10.2"

13. Goto “app/res/layout/activity_main.xml” (1) and add a button to the layout (2) and name the button (3)

14. Goto “app/java/%projectname%/MainActivity” (1) and add the following two lines (2)(3) below.

Add the following at the top of “MainActivity”

import org.jetbrains.anko.toast

1	import org.jetbrains.anko.toast

Add the following in the “onCreate” function (ensure your button name is the same as you called it).

buttonhello.setOnClickListener { toast ("Hello World (www.fearby.com)") }

1	buttonhello.setOnClickListener { toast ("Hello World (www.fearby.com)") }

15. You can now build and deploy the app to a device (or emulator, real devices are faster).

Add a Button to change activity screens

The official documentation on changing activity screens can be found here.

1. Rename the button from above from”Button” to ‘Hello World”
2. Add a new button can call it “buttonnextscreen” (set constraints if you wish to match the hello world button left and width).

3. Now you can add and a new target activity screen ( e.g Open your project in the treeview (1), select “New” (2), select “Activity” (3) and then choose the activity type you want (e.g “Empty Activity” (2) ).

4. Name the “Activity Name” and “Layout Name” and click “Next“.

More info on Kotlin fragments: https://www.raywenderlich.com/169885/android-fragments-tutorial-introduction-2

5. In “MainActivity.kx” I edited the following (time to use Anko Intents and not just Anko toast )

//import org.jetbrains.anko.toast
import org.jetbrains.anko.*

1 2	//import org.jetbrains.anko.toast import org.jetbrains.anko.*

I also wired up the new “Next Activity” Button

buttonnextscreen.setOnClickListener {
     startActivity(intentFor<NextActivity>().singleTop())
}

buttonnextscreen.setOnClickListener {

startActivity(intentFor<NextActivity>().singleTop())

}

Now you have wired up a button to change Activity Screens. The Android back button will fire the previous screen so there is no need to wire up a returning button (like on iOS).

This is the Next Activity screen that was called from a button (exciting eh).

Set and Read Textbox

After adding a textbox and button this is how I set and red text in a textbox control.

textbox.setText("Sample Text")
buttongettext.setOnClickListener{
    toast(textbox.text.toString())
}

textbox.setText("Sample Text")

buttongettext.setOnClickListener{

toast(textbox.text.toString())

}

Create, Set and Read Local Class

I added a button (ID) called “buttoncreateclass” and setup a “setOnClickListener” (in onCreate) to create a class, fill it then output the data from the class to three textboxes (“textfirstname”, “textsurname” and “textage”)

class Person(val Firstname: String, val Surname: String, var Age: Int) {}

buttoncreateclass.setOnClickListener {
    var cbob = Person("Bob", Surname = "Smith", Age = 41)

    // Read
    textfirstname.setText("Firstname: " + cbob.Firstname.toString())
    textsurname.setText( "Surnmae: " + cbob.Surname.toString())
    textage.setText("Age: " + cbob.Age.toString())
}

class Person(val Firstname: String, val Surname: String, var Age: Int) {}

buttoncreateclass.setOnClickListener {

var cbob = Person("Bob", Surname = "Smith", Age = 41)

// Read

textfirstname.setText("Firstname: " + cbob.Firstname.toString())

textsurname.setText( "Surnmae: " + cbob.Surname.toString())

textage.setText("Age: " + cbob.Age.toString())

}

Adding Application Icons.

Read the official guidelines here: https://developer.android.com/studio/write/image-asset-studio.html

I use the free cions generator here: https://romannurik.github.io/AndroidAssetStudio/

Ensure you replace the following files (with your project closed)..

res/mipmap-hdpi/ic_launcher_round.png (72 x 72 px)
res/mipmap-hdpi/ic_launcher.png (72 x 72 px)
res/mipmap-hdpi/ic_launcher_round.png (72 x 72 px)
res/mipmap-hdpi/ic_launcher.png (72 x 72 px)
res/mipmap-xhdpi/ic_launcher_round.png (96 x 96 px)
res/mipmap-xhdpi/ic_launcher.png (96 x 96 px)
res/mipmap-xxhdpi/ic_launcher_round.png (144 x 144 px)
res/mipmap-xxhdpi/ic_launcher.png (144 x 144 px)
res/mipmap-xxxhdpi/ic_launcher_round.png (192 x 192 px)
res/mipmap-xxxhdpi/ic_launcher.png (192 x 192 px)

You may also need to remove the res/drawable XML files to prevents the automatically genrated im,ages from loading.

DELETE: “res/drawable/ic_launcher_background.xls”
DELETE: “res/drawable/ic_launcher_foreground.xls”

You may need to force a delete (Right Click then “Delete” then “OK” then “Delete Anyway“).

I had a number of errors related to removing references to the automatically generated images.

File “anydpi-v26/ic_launcher.xml” and “anydpi-v26/ic_launcher_round.xml” had this contents.

<?xml version="1.0" encoding="utf-8"?>
<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
    <background android:drawable="@drawable/ic_launcher_background"/>
    <foreground android:drawable="@drawable/ic_launcher_foreground"/>
</adaptive-icon>

<?xml version="1.0" encoding="utf-8"?>

<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">

</adaptive-icon>

I replaced the contents of the file “anydpi-v26/ic_launcher.xml” and “anydpi-v26/ic_launcher_round.xml” with

<?xml version="1.0" encoding="utf-8"?>
<application>
    android:icon="@mipmap/ic_launcher"
    android:roundIcon="@mipmap/ic_launcher_round"
</application>

<?xml version="1.0" encoding="utf-8"?>

android:icon="@mipmap/ic_launcher"

android:roundIcon="@mipmap/ic_launcher_round"

</application>

Then you will need to click the “Build” menu then “Clean Project” to remove references to the files.

“Build“, “Clean” results.

Executing tasks: [:app:assembleDebug]

Configuration 'compile' in project ':app' is deprecated. Use 'implementation' instead.
:app:preBuild UP-TO-DATE
:app:preDebugBuild UP-TO-DATE
:app:compileDebugAidl UP-TO-DATE
:app:compileDebugRenderscript UP-TO-DATE
:app:checkDebugManifest UP-TO-DATE
:app:generateDebugBuildConfig UP-TO-DATE
:app:generateDebugResValues UP-TO-DATE
:app:generateDebugResources UP-TO-DATE
:app:mergeDebugResources UP-TO-DATE
:app:createDebugCompatibleScreenManifests UP-TO-DATE
:app:processDebugManifest UP-TO-DATE
:app:splitsDiscoveryTaskDebug UP-TO-DATE
:app:processDebugResources UP-TO-DATE
:app:compileDebugKotlin UP-TO-DATE
:app:prepareLintJar UP-TO-DATE
:app:generateDebugSources UP-TO-DATE
:app:javaPreCompileDebug UP-TO-DATE
:app:compileDebugJavaWithJavac UP-TO-DATE
:app:compileDebugNdk NO-SOURCE
:app:compileDebugSources UP-TO-DATE
:app:mergeDebugShaders UP-TO-DATE
:app:compileDebugShaders UP-TO-DATE
:app:generateDebugAssets UP-TO-DATE
:app:mergeDebugAssets UP-TO-DATE
:app:transformClassesWithDexBuilderForDebug UP-TO-DATE
:app:transformDexArchiveWithExternalLibsDexMergerForDebug UP-TO-DATE
:app:transformDexArchiveWithDexMergerForDebug UP-TO-DATE
:app:mergeDebugJniLibFolders UP-TO-DATE
:app:transformNativeLibsWithMergeJniLibsForDebug UP-TO-DATE
:app:processDebugJavaRes NO-SOURCE
:app:transformResourcesWithMergeJavaResForDebug UP-TO-DATE
:app:validateSigningDebug
:app:packageDebug UP-TO-DATE
:app:assembleDebug UP-TO-DATE

BUILD SUCCESSFUL in 1s
26 actionable tasks: 1 executed, 25 up-to-date

Executing tasks: [:app:assembleDebug]

Configuration 'compile' in project ':app' is deprecated. Use 'implementation' instead.

:app:preBuild UP-TO-DATE

:app:preDebugBuild UP-TO-DATE

:app:compileDebugAidl UP-TO-DATE

:app:compileDebugRenderscript UP-TO-DATE

:app:checkDebugManifest UP-TO-DATE

:app:generateDebugBuildConfig UP-TO-DATE

:app:generateDebugResValues UP-TO-DATE

:app:generateDebugResources UP-TO-DATE

:app:mergeDebugResources UP-TO-DATE

:app:createDebugCompatibleScreenManifests UP-TO-DATE

:app:processDebugManifest UP-TO-DATE

:app:splitsDiscoveryTaskDebug UP-TO-DATE

:app:processDebugResources UP-TO-DATE

:app:compileDebugKotlin UP-TO-DATE

:app:prepareLintJar UP-TO-DATE

:app:generateDebugSources UP-TO-DATE

:app:javaPreCompileDebug UP-TO-DATE

:app:compileDebugJavaWithJavac UP-TO-DATE

:app:compileDebugNdk NO-SOURCE

:app:compileDebugSources UP-TO-DATE

:app:mergeDebugShaders UP-TO-DATE

:app:compileDebugShaders UP-TO-DATE

:app:generateDebugAssets UP-TO-DATE

:app:mergeDebugAssets UP-TO-DATE

:app:transformClassesWithDexBuilderForDebug UP-TO-DATE

:app:transformDexArchiveWithExternalLibsDexMergerForDebug UP-TO-DATE

:app:transformDexArchiveWithDexMergerForDebug UP-TO-DATE

:app:mergeDebugJniLibFolders UP-TO-DATE

:app:transformNativeLibsWithMergeJniLibsForDebug UP-TO-DATE

:app:processDebugJavaRes NO-SOURCE

:app:transformResourcesWithMergeJavaResForDebug UP-TO-DATE

:app:validateSigningDebug

:app:packageDebug UP-TO-DATE

:app:assembleDebug UP-TO-DATE

BUILD SUCCESSFUL in 1s

26 actionable tasks: 1 executed, 25 up-to-date

Now you can build an APK with static icons (yes, that’s my face).

Read move on “realtime generated/adaptive” v “image” icons here: https://medium.com/@ianhlake/vectordrawable-adaptive-icons-3fed3d3205b5

Official guide on Adaptive Icons: https://developer.android.com/guide/practices/ui_guidelines/icon_design_adaptive.html

Displaying Alerts

Displaying a hard-coded option with Anko

alert("Coffee?", "Would you like another coffee?") {
    yesButton { toast("OK, go and get a coffee.") }
    noButton { toast("OK, go and get a glasss of water.") }
}.show()

alert("Coffee?", "Would you like another coffee?") {

yesButton { toast("OK, go and get a coffee.") }

noButton { toast("OK, go and get a glasss of water.") }

}.show()

Displaying a list with options with Anko

val fruit = listOf("Apple", "Banana", "Mango")
selector("Go..", fruit, { dialogInterface, i ->
    toast("Go: ${fruit[i]}.")
})

val fruit = listOf("Apple", "Banana", "Mango")

selector("Go..", fruit, { dialogInterface, i ->

toast("Go: ${fruit[i]}.")

})

Making Phone Calls, Sending Text, Browing the web and sending Emails

Anko has some cool helper methods to allow you to send and share content.

As long as you add the appropriate buttons, text fields you can add these button listeners.

override fun onCreate(savedInstanceState: Bundle?) {
    ...

    buttonmainscreen.setOnClickListener {
        startActivity(intentFor<MainActivity>().singleTop())
    }

    buttonmakeacall.setOnClickListener {
        makeCall(textphonenumber.text.toString())
    }

    buttonsendatext.setOnClickListener {
        sendSMS(phonenumber2.text.toString(), textsendthistext.text.toString())
    }

    buttonbrowsetheweb.setOnClickListener {
        browse(texturl.text.toString())
    }

    buttonsharesometext.setOnClickListener {
        share(textsharethis.text.toString(), textsharethis2.text.toString() )
    }

    buttonsendanemail.setOnClickListener {
        email(textemail.text.toString(), textsubject.text.toString(), textbody.text.toString())
    }

}

override fun onCreate(savedInstanceState: Bundle?) {

...

buttonmainscreen.setOnClickListener {

startActivity(intentFor<MainActivity>().singleTop())

}

buttonmakeacall.setOnClickListener {

makeCall(textphonenumber.text.toString())

}

buttonsendatext.setOnClickListener {

sendSMS(phonenumber2.text.toString(), textsendthistext.text.toString())

}

buttonbrowsetheweb.setOnClickListener {

browse(texturl.text.toString())

}

buttonsharesometext.setOnClickListener {

share(textsharethis.text.toString(), textsharethis2.text.toString() )

}

buttonsendanemail.setOnClickListener {

email(textemail.text.toString(), textsubject.text.toString(), textbody.text.toString())

}

Layout

Background Async Calls

You can call background calls and then invoke the UI thread when the call has returned.

buttondoasync.setOnClickListener {

    fun runLongTask(): String {
        Thread.sleep(3000)
        return "Waited 3 seconds"
    }

    doAsync {
        var result = runLongTask()
        uiThread { toast(result) }
    }
}

buttondoasync.setOnClickListener {

fun runLongTask(): String {

Thread.sleep(3000)

return "Waited 3 seconds"

}

doAsync {

var result = runLongTask()

uiThread { toast(result) }

}

App Manifest Permissions

Edit the file “app/src/mainAndroidManifest.xml” and add the following two lines above the “<applications” node

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>

1 2	<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/> <uses-permission android:name="android.permission.INTERNET"/>

View all permission options here: https://developer.android.com/reference/android/Manifest.permission.html

By default your app will not ask for permissions (unless you set them).

Downloading data from the Internet (API Endpoint)

Add the following to a button to make a anetwork call.

buttoncallapiinthebackground.setOnClickListener {
    doAsync {
        val result = URL("https://www.yoursite.com/api/yourappname/v1").readText()
        uiThread {
            longToast("Request performed: " + result)
        }
    }
}

buttoncallapiinthebackground.setOnClickListener {

doAsync {

val result = URL("https://www.yoursite.com/api/yourappname/v1").readText()

uiThread {

longToast("Request performed: " + result)

}

Example Result:

Request performed: {"API Status": "OK"]

1	Request performed: {"API Status": "OK"]

More soon.

Adding soon: Network (submit data).

Adding soon: Plan Sound.

Adding soon: Animations.

Adding soon: String Encryption.

Adding soon: Basic Security.

Updating your Android Studio IDE (do this often)

Don’t forget to download updates (and enable auto updates) in the Android Studio IDE. At the start of this draft blog post, I installed Android Studio 3.0 (Four hours later a large 1.3 GB sized update was available), I had to download many smaller updates too.

This is a frequent update that would not go away for me.

Copying the app to an Android Device.

Once you have enabled debug mode you can copy apps to and from the physical device. You can build an APK by going to the “Build” then “Build APK’s” menu and build the file to your project folder (e.g “/Users/simon/AndroidStudioProjects/MyKotlinTestApp001/app/build/outputs/apk/debug/app-debug.apk“). You can then copy this file to your Android device (via the Android File Transfer app) and you can now run the app anytime you want away from your Mac.

Also before you copy and unsigned apps to your test device tyoiu will need to enable developer mode then enable the running of apps from “unknown sources“.

If you have any security apps instaled like Sophos you will be told that yiour app has a low rating.

APK living on your device 🙂

The Android Studio also has a real device debugger.

Monitor output from a show stats from a real device

Android Security 101 (you need to know this)

You can define network configuration per these instructions: https://developer.android.com/training/articles/security-config.html

Coming from developing iOS and desktop apps I decided on researching the current state of Android Security. I would strongly suggest you watch this video from Marcos Placona ( https://twitter.com/marcos_placona Developer Evangelist @ Twilio).

Takeaway’s from this video

Use Certificate Pinning with the library – http://square.github.io/okhttp/ in Android for network calls. Read my post on Beyond SSL with Content Security Policy, Public Key Pinning etc to set it up on a Vultr Server.
Your app will be decompiled (with tools like Apktool) so don’t store passwords
Use encryption for in-app strings.
Read: https://androidsecurity.info/
Storing your secure information in the NDK
Check if your app is running on an emulator (is it being decompiled?)
Check if your app is debuggable (has the manifests been changes)
Never trust devices
Check your apps certificate (has in been disassembled and recompiled)
Consider using DexGuard Pro
Use the Google SafetyNet API
Test your devices with the Compatibility Test Suite from Google.
Use environment variables or config files too laod API tokens etc.
Monitor miss-use (attacks, break-ins or API hits) early.

My Suggestions

Secure your Ubuntu server (info here and here).
Use an HTTPS SSL Certificate
Use Certificate Pinning
Ask for app token/keys from your server and keep in memory.
Use OAuth 2 to secure sessions
Use short timeouts (or expire on use) on tokens with sensitive data.
Call upstream objects form API to prevents client-side attacks.

Deploying your app to the Android/Google Play store

To publish an app to the Google Play store you will need to create a Google Play Developer Account, pay $25 USD and you are free to publish an app on the Google Play store. Read more here: https://play.google.com/apps/publish/

Publishing an app is as simple as filling in the blanks in the publish app screen.

Troubleshooting

You will need a fast system with at least 8MB of ram (16GB is ideal).
Apple XCode users will find Android Studio 3 slow and unstable (so backup your project often).
Building apps take a long time so be prepared to wait for build and deploys to devices.
Update warnings are aplenty, get used to them.

Read More

Kotlin Community: http://kotlinlang.org/community/

Android Studio ~ Android Central Blog: https://www.androidcentral.com/tag/android-studio

Huawei Developer Page: http://developer.huawei.com/en/

Samsung tips on using Android Studio: http://developer.samsung.com/galaxy/emulator-skin/guide#tips

Create a custom emulator skin https://developer.android.com/studio/run/managing-avds.html#skins

Follow Android Dev on Twitter: https://www.twitter.com/AndroidDev

Read: https://androidsecurity.info/

An Introduction to Kotlin: https://code.tutsplus.com/tutorials/an-introduction-to-kotlin–cms-24051

Reddit: https://www.reddit.com/r/androiddev/

Create Non XML based layouts (with ANKO):