Thursday, May 24, 2007

A real trojan for S60 phones

"Finally" there's a piece of malware for Symbian phones that actually does damage. Of course, there's not much risk of getting infected by it: it's a simple trojan, uploaded to a file sharing site, posing as a utility. Once installed, it'll send SMS messages to a premium rate number, effectively adding about $7 to your phone bill. The descriptions of it seem to suggest that it only sends one SMS per infected phone, which makes me think it's more of a proof of concept implementation. The program runs on S60 1st and 2nd edition phones.

There shouldn't be any problems porting this thing to 3rd edition, which is interesting, considering how much pain Symbian and partners are willing to inflict on developers for the sake of security. This app doesn't need any restricted privileges and would not need to be Symbian Signed. Sure, the user gets an extra warning at install time, but people who install 3rd party software on their Symbian 9 phones are used to that, and will just press OK. Autostarting the app might be a problem, but that shouldn't be an issue: the user is obviously going to start the app after installing it, at which point it can start sending its premium rate messages. A clever coder would of course spawn a background process that keeps sending new messages continuously.

But well, writing software that does damage after the user has manually installed it is never going to be difficult. Writing code that could install itself without user interaction would be a real challenge.

Saturday, May 19, 2007

The sun

It seems I missed this while I was busy getting jetlagged. Sun are porting their recently acquired SavaJe platform to run on Linux, and building a complete phone platform to be licensed to phone manufacturers. They don't have any licensees yet, and it'll be interesting to see if they'll manage to get anywhere in a field of business where Microsoft have failed quite spectacularly. I guess Sun have a greater chance of getting this platform out there than SavaJe did, with their resources, but at the same time, it's obvious that you can't just throw money at something and expect it to be a hit.

The linked article says that the software will only be distributed in binary form, to keep compatibility between handsets. I'm not sure if phone manufacturers and operators will be too happy about that. With a well designed system, there might be enough hooks in there to make differentiation possible, but there's only so much you can do without the source code. I think one problem with Windows Mobile is that it's so heavily branded as a product in itself. Handset manufacturers and operators want it to look like the whole package is their own product. This might turn into a problem for Sun, and they might have to reconsider the binary distribution model. Compatibility is nice, but I think this is mostly a concern for them, not for their customers or the end users. This is not the desktop or server market, end users aren't interested in compatibility, most of them don't even know that they can install software on their phones.

Again, it's nice to see some new products in this field. We already know that it's a very tough market: S60 and UIQ still don't have many licensees outside of Nokia and Sony/Ericsson. What makes Sun think that they'll succeed? Using a whole new system is a very big decision, as it's a huge effort to get to understand it, train people to work with it etc.

(And finally, the linked article is full of these naive iPhone references we've seen in almost every phone related article in the press since it was announced. Please, stop it already, you're just making yourself look clueless.)

Friday, May 18, 2007

Big in Japan

A couple of days ago I got home from Japan. From a mobile perspective, Japan is very interesting. It's about as different from the rest of the world as USA. They just do everything their own way. I'm not going to try to analyze that stuff, though, as I believe that there are others who can do that much better than me. I didn't exactly spend much time studying mobile phone usage when I was there, instead I concentrated on sightseeing and drinking beer, so I'll just report on some observations I made:

One thing that I've talked about before is how colourful and beautiful the phones are. The Japanese also seem to use them a lot. And it's not like they mainly use them for placing calls. I'm not exactly sure what they use them for, but my brother's wife told me that they don't use SMS much in Japan. Instead they use email, but not with their regular email account, but with another address that's specific to the phone. So it's the same as SMS, except that there's no arbitrary limit on the length of messages. I guess the disadvantage is that you actually have to know someone's email address to be able to send an email, while with SMS you just need to know the phone number.

Then there's all the whimsical stuff about the straps, emoticons etc., but I'm not going to go into that, but it fits in well with Japanes pop culture, I guess.

Sunday, May 6, 2007

User friendly

It's interesting how some people can introduce features that's supposed to help make a product more user friendly, without using their brains at all. You'd expect big companies like Nokia to think about these things, because phones should be easy to use. And it seems they're at least trying, there are some definite improvements in S60 3.2 (eg. there's always an option to open the task swapper from the options menu, so now users will actually learn that the task swapper exists). But they have to work harder than they've been doing so far.

One usability feature that everyone knows has a tendency to just get annoying if overused is confirmation dialogs, like the one that pops up everytime you try to delete a file in Windows. To me this is just an annoyance, and I wish there was a way to turn it off. Maybe there is, I'm no Windows expert.

S60 is complex enough as it is, and very little has been done about that during the last 5 years. But they just keep going. After all, these phones are selling like crazy, and there's no need to change a winning concept.

But the file deletion confirmation dialog at least makes some sort of sense: it protects the user from accidentally erasing important data. But the people who wrote the music player in S60 probably didn't think "we need to protect the user". I think they thought "we need confirmation dialogs". Then they sat around a while, and then they thought "lots of them". As I said, at least you can make an argument in favour of having a confirmation dialog for file deletion, but for deleting a song from a playlist? That makes no sense at all. It's not like the song itself is deleted, it's just removed from a playlist. If you accidentally remove a song from a playlist, you just add it back. Or you don't, as it probably doesn't matter that much.

It's a good thing that these people didn't design the phone application. I mean, there's a risk that you accidentally hang up during a call, so there should be a confirmation dialog. And there's a risk that you dial someone by mistake, so there should be a confirmation dialog. And there's a risk that you say something stupid while talking on the phone, so there should be a confirmation dialog every time you say something.

Friday, May 4, 2007

My development environment, my arch enemies

It's an arduous task, doing Symbian development. You don't just have to fight with horrible API:s. You also have to use tools that you learn to hate. I like my job. I like the people who work there. I like the stuff I do. But I really don't like the fact that my arch enemies live in my computer. It's not like it's an even fight either, there are four of them and just one of me. My arch enemies are:

Codewarrior. I use either the pro or the OEM edition, can't remember which one. These are the editions that professionals use. Poor professionals. I'm not going to get into the quirky UI, the lack of bld.inf support and stuff like that. It's the bugs that bother me the most. Like the sudden crashes. And the mystical bug that's called "Symbolics window" (there's a discussion about this over at Forum Nokia, but the search function there is another enemy of mine, so I couldn't find it), that slows things down so that stopping at a breakpoint can take up to a minute. I kid you not, that's 60 seconds. It sure steals my time, this tool. I can't even begin to understand how it can take Codewarrior a minute or more to import an MMP file. These are simple text files that describe a project: basically the source files and the libraries to link. Importing one of these can take minutes. I don't think any software developer with half a brain would argue that this makes any sense.

PGP Desktop. Built on top of the stable, standardized and generally wondered pgp code, this is a horror in software form. It's not just the instability, the way it can suddenly refuse to unmount a disk, or whatever. It's mostly the fact that it's completely braindead. There's no way to just assign a drive letter (2007 and we still have drive letters, great work there, Bill!) to a specific PGP disk. Instead it'll always default to the first free one. Every time I mount one of these suckers, and I usually have about a handful of them, I have to choose where to mount it. This isn't just inconvenient, it means I have to remember where I want it mounted, so that Codewarrior won't piss me in the face if I choose the wrong drive letter and then try to open a workspace. You get the picture.

Epoc. The Symbian OS "emulator" (it's not an emulator, it doesn't even run native code, you have to build x86 code for this "emulator"). This one has a lot in common with Codewarrior, which is probably why they work so well together (yes, that's irony). It can take minutes just to start it (yes, I have a fast CPU and 2 gigs of RAM). It looks up for no reason. Bugs in the code you're debugging makes the whole "emulator" go down in flames. And of course the actual emulation isn't good enough to be trusted.

Windows XP. Yes, the foundation of shit on top of which all of the above shitbuildings are based. There's no end to the misery that this sucker can bring to you. I mentioned drive letters above. That's not even funny anymore. The instability, the bad temper, the reek of bad design that sometimes makes me want to throw up all over my computer. Oh well, you probably know already, so there's no point in me going on about it.

Oh well, I'm on vacation for two weeks now. I know my arch enemies won't follow me to Japan (going there on Monday). Or well, they just might... They're not to be trusted.

[np: Napalm Death's second album]

Wednesday, May 2, 2007


No one likes marketing talk, but it's sort of interesting what's happened to the word "innovation" lately. In the IT business, it doesn't mean anything anymore. Or well, it means something. It means doing something. Implementing something. Or whatever. Read this news piece and try to find any connection between the usage of the word "innovation" and any actual innovation. I'm not the one to start any senseless Microsoft bashing, but it might be their fault to a large degree, considering the "freedom to innovate" campaign and all that bullshit.