Cordova Webview local html video playback

I was working on a project recently where I had to create a Cordova Android app that could play video embedded in the “assets/www” directory. This proved to be quite challenging and it seems that there are a lot of hurdles to make this happen. There are many questions  on stackoverflow here and here , amongst many, regarding this issue and there are a lot of problems faced by developers as Android gets updated, with many new workarounds needing to be found.

For a while, I was able to use the Cordova Html5Video Plugin and it worked well, except there is a limited amount of video properties and events available and it is a little awkward, since videos have to be placed in a special directory, which are then placed in the sdcard partition of the device. When I tested this on my device, videos can be accessed from the device’s camera and video roll, which kind of begs the question why the user would watch the video in the app, if they can access the video clips directly outside. I am sure there are workarounds that can be applied in this case, but since this method stops working for me on devices above API 19, it feels kind of broken and messy.

I also was wanting to find a way to work with JSC3D to enable showing some 3D models in a Cordova application. Since JSC3D does not work unless the model is served over http, I was thinking that would it not be nice to have a mini server serving the files from inside the Cordova app? After working through a bit of Google magic, I found this project on Github, called Cordova-httpd, which is exactly what I was looking for.

Suddenly I realised that a lot of the problems with inline video in Cordova could be solved in the same way. One could create a folder for the video files and then serve them using the httpd server into the app. The only thing that would have to be modified were the src attribute of the video elements, which could be set at run time using the “deviceready” event of Cordova.

I have tested this on devices running Android 4.4 through to Android 5.1. So far so good. On older devices with Android versions prior to 4.4, I have tested this same method using Crosswalk API. I hope you find this information useful.

 

A simple checklist before updating your Android ROM

Initial Backup

  • Phone calls history
  • Messages history
  • Backup contacts (if not already in the cloud)
  • Write down backup authentication code for two-factor authentication of Google account

Pre-flash

  • Backup all apps (not Titanium backup)
  • Backup current ROM (Use Recovery mode)
  • Flash boot image

Let me know if there are others that I might be missing, but this is the checklist that I have used a number of times without any incident.

The new Macbook looks to the future but are we ready?

The new Apple Macbook is definitely a nod to the future. It combines the concept of wireless inter-connectivity, minimalist design and a multi purpose port into a beautiful looking portable machine. However, the question remains over whether having one port that does everything is a practical design decision in terms of everyday use for the users.

Who are these users?

People who will be using the new Macbook machine, will be similar to those who already use either ultrabooks or Macbook Air machines. They want portability, long battery life, reasonably good display, a decent keyboard and a “good enough” processor for general computing. Another class of people who might buy the new Macbook could be people who are already using their iPad or tablet for simple creation tasks, such as creating documents, simple photo editing, video editing, and others.

Generally, people buy a notebook because they need to input large amounts of text or are more comfortable using a device with a keyboard. While convertible devices are quite nice concepts, often the execution is not quite hitting the mark for me. Many devices like Microsoft Surface show some very promising features, but they generally are heavier, have shorter battery life, have small screens or lack comfortable keyboards. With Microsoft Surface in particular, it seems that it does not really replace a notebook for me, as the kickstand design means that I have to rest it on a flat surface when I want to type using its keyboard.

With the Macbook Air, I could comfortably type with the notebook perched on my lap (kind of like a laptop, really) and I don’t have to worry about the device tilting backwards because my knees don’t have extensions to support the kickstand. This is why I am partial to the Macbook Air and other ultrabook concepts. I own a Macbook Air that I purchased way back in 2012 and it has served me wonderfully over the years. The build quality is exceptional and the keyboard, while not the best I have used, is certainly amongst the best in its class. Above all, what I cherish the most about all my Apple-made portables is the best trackpad in any portables that I have ever used.

What do people do on a Macbook Air

Having a laptop that can virtually go anywhere with you without weighing you down is one of the best aspects of owning a Macbook Air. I can take it to the library for writing tasks, I can take it to a lecture hall for presentations and amongst many other uses, I can also take it to a photo or video shoot. The very portable machine has afforded it many uses where other full-sized laptop could be considered cumbersome.

The decent (my definition and yours may vary widely) processing power means that I have used it for some media-related tasks, such as editing photos in Photoshop, design work in Illustrator and even some lightweight video editing, 3D modelling with Blender and Sketchup and UI prototyping with applications such as Adobe Fireworks.

I feel that what makes my ultraportable machine super useful is the keyboard and the assortment of ports available. The various ports such as Thunderbolt, USB ports (one for mouse and one for storage?) and charging port have all been used at the same time and the SD card slot has certainly come in handy quite a few times.

The new Macbook

The new Macbook is a visionary decision on Apple’s part. It is a manifestation of a vision when data transfers will happen mostly wirelessly (wireless flash drive anyone?) and a lot of storage will live in the cloud. The laptop of the future does not need a lot of ports. The single USB port could also disappear when Apple or other manufacturers use wireless charging.

In the (near) future, our notebook computers will become more like our smartphones and tablets, where data will enter and exit the device via some form of network connectivity. However, until that vision becomes the norm, we all still need USB ports to store and transfer data, perform backups, share files and many other purposes.

The new Macbook will face a lot of criticism from both the rest of the notebook industry and end users. It will be very much like when the first Macbook Air was released. For the new Macbook to become the norm and the design to copy, it will take a lot shorter than the time it took the Macbook Air to become a de-facto industry standard in laptop design.

 

Flash zero day means one more thing to watch out for

As browser vendors have tightened the loopholes used by criminal hackers to infect the computers of unsuspecting internet users, there has been an increase in third-party plug-ins being exploited to work around the measures that have been implemented.

First Java became the primary target. With a wide install base, Java provided a low-hanging fruit for exploits used to infect users with malware. In the last two years, there have been quite a few exploits in the wild that exploited Java to enable drive by downloads, thereby infecting computers silently, without any input from the user.

More recently, Flash has become a target. It has a few thing in common with Java, in that it has a widespread install base, which makes it a good target for exploits. Since Flash is also still the primary video player used for video streaming websites, a lot of people are unlikely to uninstall it.

With the discovery of the latest zero day bugs, Flash has become quite a dangerous liability to a lot of users. Of course one can always disable Flash now that YouTube uses HTML5 video player to deliver its content, but a lot of other video streaming websites still rely on the old trusty streaming workhorse.

Let’s evaluate the steps a user can take to stay safe:

  1. Use a plugin such as Flashblock to disable Flash for all websites but ones that you trust. This strategy can work well if the websites that you trust don’t run Flash advertisement banners from third party networks. However, in real life scenario, most websites run advertising banners from another network, which makes this strategy less effective.
  2. Block all advertisements using Adblock or something similar. This will block a lot of advertising on every site you visit. However, this is not completely foolproof as evidenced by paid exceptions deals by some of the ad-blocking software and some of the biggest advertising networks on the web.
  3. Turn off Flash by default and enable it only for particular instances, eg the video player being watched. While this is a little safer, there is still a danger as many video streaming sites display Flash banners from other domains inside the video player. This could potentially be a problem as a nasty payload could potentially be delivered through the third party domains, even though the website you visit is safe.
  4. Combine step number 3 above with a browser that is safe. So far, the only browser that is not affected by the latest Flash bug is Google Chrome. This could be a good strategy to mitigate risk with the current bug.

It should be noted that as the arms race between browser makers and the hackers intensifies, one day you will wake up to the news that Flash on Chrome has been compromised. It may already be compromised right now, but it is still a good bet for safety. As is often said, security is not just software, but an attitude that everyone should always keep in mind. It is a stance to be vigilant in the face of new threats that keep growing.

Good luck and browse safe.

 

YouTube now streams HTML5 video

With YouTube now streaming HTML5 video, does it mean that Flash is dead? Well, whether or not Flash as a platform is dead, is debatable. One thing for sure, though, this move by YouTube, one of the biggest video content delivery system on the web will mean that it is now possible to disable or uninstall Flash player from one’s browser without experiencing a lot of inconvenience.

This move is definitely a positive one in light of all the security issues that Flash player has experienced. In the last year alone there have been multiple 0-day exploits being used by cyber criminals to install malware onto the computers of unwitting victims. From the computer security perspective, this means there is potentially one less vector for attack.

Hopefully this will mean that other video content providers on the web such as Facebook, Vimeo, Dailymotion and the others will follow suit and shift away from using proprietary technology to deliver their content. Without Flash, the web will have one less way of reaching into parts of your computer you don’t want it to.

It must be said, though, that the delivery of HTML5 video by YouTube is enabled by the use of the Widevine DRM plugin which is not in the spirit of the open source movement, but if I were to choose between Flash DRM and WideVine, I probably would choose Widevine as it is a compromise that Google had to make to appease content owners.

If you have been a long time Flash user, don’t be disheartened by the beginning of the demise of the platform that once had a claim of 95% install base. Flash is still a great tool for creating animations and it either will evolve new abilities (it partly has) to export to standards compliant open technologies or new tools will emerge. New Javascript animation tool anyone?