H96566k The top 25 programming mistakes which lead to security holes
Even though I usually don’t cover any releases which are intended to solely promote a report, I have to make an exception for this one:

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The list contains a variety of errors and bugs ranging from mundane things like improper input validation to highly annoying (and difficult-to-find) stuff like race conditions. Each “eeker” comes with a short description and a few hints for preventing it in the future.

While the average mobile software developer probably won’t be too interested in most of these issues, they nevertheless make a good read. Get the full scoop here:

Image: Wikimedia Commons / US Navy

Just as I wanted to publish an article on the neglect of AddIt, I received the following report from a friend inside PalmGear’s:

wanted to share with you an exclusive first look at the Palm App Store, which launched tonight just in time for the holidays (see below). Over 5,000 apps and games to download. Over 1,000 completely free apps. Incredible apps such as Facebook, Nursing Central and Encyclopedia Brittanica, and awesome games such as Pac-Man, Tetris, and Fish Tycoon. Supporting more than 25 Palm devices, from the Centro to the Treo Pro. Palm has shipped well over 50 million mobile devices to date.

You can download the free Palm App Store here :: http://software.palm.com/appstore

More than 1,500 developers have already submitted apps to the Palm App Store — developers can add their titles here :: http://software.palm.com/appstore/developers

Talk to you soon,

Visiting the URL reveals the following web site – it looks like Palm now has a new on-device application store in place for both Windows Mobile and Palm OS:
Unbenannt Palm gets an App Store

On my Treo 680, the app store itself is realized via Blazer: all the 6k app does is open a special URL with the on-device web browser:
0a Palm gets an App Store 0b Palm gets an App Store

Products can be purchased OTA: unfortunately, clicking the buy it now button on my Treo 680 currently does nothing:
1a Palm gets an App Store

Compared to the former AddIt solution, PocketGears app store has benefits and disadvantages. AddIt was an extremely fat program which had a local database: while this sped up searching and browsing, it made the program require heavy update downloads every now and then (containing data nobody ever needs). PocketGear’s solution is light-weight, but slower – launching Blazer alone takes up to 10 seconds.

I am currently pursuing further information for developers (and a quote from AddIt) – stay tuned for further info as we get it!

800px Bestbuysh 711725 Handango takes mobile apps into Best Buy stores
According to MobileTopSoft, Handango has just entered into a cooperation with the retail chain Best Buy. Their intention: selling mobile applications in brick-and-mortar stores.

The distribution will take place in three forms:

  • Digital distribution in-store
  • Best Buy-branded InHand client
  • MicroSD card containing three WM/Palm/BlackBerry games (called Mobile App packs though, so ??)

This sounds like a very interesting opportunity – stay tuned!

Image: Wikimedia Commons / cmc0

My developmental journey started out at PalmGear’s: my first programs were available exclusively from them. However, I eventually switched away due to ever-higher royalties and extremely difficult communications – MobiHand was a cheaper and (at the time) communicative ESD. Unfortunately, there is Money in PalmGear…which is why I restarted offering my products there when FileFind 4 was released.

The boys never were too fast when it came to “accepting apps”: while a distributor like MobiHand accepts your app initially and removes it later if objectionable, PalmGear insists on performing an “acceptance test” on the first upload. These tests have always taken a day or two in the past…but recently, things started to escalate. Their latest masterpiece concerns TimeDrift, and can be seen below (look at the order of the messages…it is wrong, too):
 Delay o rama   or   PalmGear takes 10 days to certify an app

Needless to say, of course, this is extremely unhealthy for a product’s marketing campaign. TimeDrift sold quite a bit at MobiHand’s, while PalmGear has yet to see a single sale. The initial peak makes quite a bit of money: money which both PalmGear and the developer loose. My PalmGear rep originally blamed the delays on a system change…as a few months have passed since then….

Colleagues of mine have even gone so far as to wait with their entire marketing campaign (and the releases at other ESD’s) until PalmGear eventually accepts their product. From a marketing agency’s point of view, this is a total catastrophy – imagine having to time releases with a +/- 10 days time frame…

P.S. In the past, PalmGear compensated developers who experienced such delays with a free marketing campaign. I will submit this “claim” and keep you posted on what happens…

nsblogo2 NS Basic   the interviewGeorge Henne’s NS Basic is an extremely popular RAD tool for mobile platforms – developers who would like to use a VB like tool, flock to it in droves.

Unfortunately, the company’s representatives have not proved too talkative so far. This has now changed, though – look forward to a highly interesting interview looking at the development landscape, mobile computing platforms and – last but not least – the iPhone and its distant predecessor, the Newton!

Please tell me more about yourself!
NS BASIC was founded on the idea that if development tools were easier to use, more people could develop apps for mobile devices.

The most widely used dev tool in the world (53%, according to Microsoft) is Visual Basic. It seemed natural to design a VB like tool for mobile devices.

Our customers are in all sorts of industries, government and education.
We have been translated into half a dozen languages: our users are in over 80 countries. Close to 20,000 developers use our products.

Diving straight into your core business (NsBasic). Tell us in a short form why the world needs yet another Basic clone!
Everyone knows Basic, for good reason. It has a gentle learning curve.
Beginning programmers can understand the concepts easily and create their first apps right away. Modern Basic implementations are well enough designed so that it is reasonable to do sophisticated applications.

Where do you see the main benefits for developers?
Ease of use and quick development are the main ones. We have had many reports of experienced C++ developers using NS Basic to put together a quick proof of concept: In a day or two, they have a workable prototype to show the customer. It often works out that there is no need to spend
2 more months recoding in C++.

On the other extreme, there are professionals in other fields that would like to develop apps for handheld devices. For example, many doctors have specific apps that would help them in their work. They’re smart people, and have learned a bit of programming on the way. They find NS Basic is just the tool for them to create apps.

How does NSBasic work? Do the programs compile to native code, or is a runtime needed?
There is a runtime, but we do our best to keep it in the background, so it isn’t a big deal. Nearly all apps have some sort of runtime these days, whether it is in form of libraries, DLL files or overlays.
Runtimes do not mean the app has to run more slowly: in fact, key code in our runtime is written in ARM assembler for peak performance. What they do is add a great deal of power: a single statement in NS Basic will replace pages of C++ coding.

You have a very strong market in the Palm OS sector. Where do you see the Palm OS going? Which platform(s) will dominate the market in a year’s worth of time?
Palm was a strong marketplace for us for many years. For Palm’s sake, I hope their new devices come out in a timely fashion and can wow the marketplace. We will certainly support them if they do.

NS Basic/Symbian OS already outsells NS Basic/Palm. We’re working hard to make it a great product: we think it will be an important part of our future.

Do you feel the US sub-prime crisis?
Not directly. It’s likely that the economic uncertainly is leading companies to put off new development projects, which will certainly affect us. It’s a worldwide affair this time, which is different from past downturns.

To what extent is NSBasic compatible with VB and/or AppForge?
NS Basic is a subset of VB, with extensions to take advantage of the mobile platform it runs on. The important things a VB programmer needs are all there – but there are a lot of specific and weird things in VB that didn’t really have a place on mobile devices. An obvious example is Windows specific features, that just do not exist on other operating systems such as Symbian OS.

AppForge was a strange case. Technically, it wasn’t great, but it had a big marketing budget. When that ran out, the company was gone: the licensing model was not friendly to its customers.

Many AppForge customers have converted to NS Basic: it is entertaining to read their comments:

You have recently expanded your reach across platforms – is porting an app significant effort for the developer?
Moving to a new platform is not new to us: Symbian OS is our fourth major platform.

For developers who use our tools, it’s not too bad. NS Basic/Palm apps move to Symbian OS usually with no changes at all. Of course, once you are there, it is tempting to make use of features that are specific to the new devices: better graphics, extra features, etc.

You still support Apple’s Newton – does it still pay? Furthermore: do you plan to go iPhone one day?
We still have a lot of affection for the Newton. We still sell the occasional copy of NS Basic/Newton. It’s an important platform in the history of mobile computing. You’d be surprised how many current developers of handheld devices started on the Newton. I think the devices we are seeing these days are finally beginning to realize the potential that the Newton introduced us to 15 years ago.

We actually have NS Basic/iPhone working:

Under the terms of Apple’s iPhone SDK, tools such as NS Basic may not be released. If they should ever change this policy, we would love to release the product!

Anything you would like to add?
I think the next two years will be very interesting for developers. The iPhone changed the rules and everyone is still trying to catch up. It’s good to see touch screen S60 devices: now the software has to catch up.
Our tools have always been touch screen oriented, so we are ready for the fun!

NS Basic has a large and active user community. If you have questions about our product, let us know. We’ll be around to help, along with many of our other users.

 Carbide.c++   now free
Just in case anyone of you currently evaluates S60 development: Carbide.c++, the official IDE from Nokia, is now completely free according to Lucian Tomuta:

The new Carbide.c++ 2.0 has been released today and there’s a bit of extra surprise coming with this news: all the Carbide.c++ editions are now free of charge.

In fact the Express version as such no longer exists, and while the installer still prompts you to select one of the three remaining editions they are all available to you for free so you may as well pick the OEM edition and have all the product features enabled.

Find out more at our sister site TamsS60:
TamsS60 – Carbide.c++ – now free

Plucker is a classic and very useful documentation handler – I have generated a copy of the full Palm OS API reference years ago, and use it ever since. As Google’s Android developer documentation also comes as a bunch of HTML files, I felt that pluckering it may be useful.

Unfortunately, Plucker Desktop was not up to this gigantic task – after hours and hours of tweaking SunRise settings, I am proud to present the two shots below:
androidC5204889 Android documentation   Plucker friendly androidC52048A0 Android documentation   Plucker friendly

These images show a Treo 680 rendering the Android Documentation via Plucker! The file is 18MB large and should IMHO be placed on your memory card rather than in your phone’s RAM.

Hit this link to get the file!

P.S. Yes – this file really is a full pluck of Google Code’s /android/ folder…enjoy!

This quote comes right off Seth Godin’s blog and should IMHO be written on the screen of every Palm OS developer:

A rock star exists in his own unique space, and if you met him you probably wouldn’t like him. Because he tends to be self-focused to the point of being narcissistic. Because he cares. He needs to get his message out.

Nothing more to add here…

Most Palm OS developers use Windows systems for development. Keeping files in one place (the My Documents folder) makes life much easier when it comes to backing stuff up.

Unfortunately, the My Documents folder of Windows XP and Vista contain a bunch of “special folders” intended to hold Music, Virtual machines, Pictures and other stuff.

Windows in the Enterprise’s Mitch Tulloch posted a very interesting article explaining how to get rid of these folders – hit the URL below to find out more!


I have recently received quite a few inquiries of developers asking me where the latest version of the Conduit Developer Kit can be downloaded, as it seems to have disappeared from Access’s web site.

The CDK is needed by developers wanting to create so-called Conduits. A Conduit is a program that ties into the hotsync process and synchronizes data between the handheld and the PC – a popular example is the desktop part of DataViz’s DocumentsToGo.

A bit of googling has led me to the following URL – it contains version 4.02 of the SDK:

Very few people know that the emulator used for debugging OS4 applications (POSE) is an open source project. This allows for easy porting across multiple platforms – and allows the sharing of precompiled binaries.

The boys at Mobile Geographics have created a build for Mac OS (X) and have posted it onto their web site.

Should anyone of you feel like taking a stab, hit the link below:

MyTreo’s Tadd Rosenfeld has become pretty talkative two weeks after we originally published our expose about the non-payment fiasco. He keeps sending me corrections over corrections, but refuses to answer my questions except with references to corrections sent before.

In order to keep the reporting balanced, here’s his correction on the “MobiHand takeover” – do with it as you please:

Mobihand has ** NOT ** taken over mytreo.net. That’s couldn’t be further
from the truth. In fact, we have NO direct contractual relationship with
that firm.

We signed a deal to have SmartphoneExperts — which was last year ranked the
fastest growing private company in America by Inc. Magazine — to provide
our e-commerce platform. We took this step because it will allow us to
focus on supporting the Treo community effectively.

Before doing so, we operated a store that served over 80 thousand customers,
and we gained tremendous experience in the Treo market. But
SmartphoneExperts someday soon serve their millionth customer (or some
amazingly high count). They are a truly great partner for us as we approach
our 500 thousandth member on the site.

SmartphoneExperts has contracted with Mobihand to provide software, which is
why their software e-commerce solution is advertised on our site.

In the end, however, the result for developers remains the same. MobiHand (a company that pays bills in time) now handles the MyTreo store…and this is the only thing that really counts. I am pretty sure that everyone(Tadd and developers included) will be more than happy with the way the store will work from now on…

MyTreo’s Tadd Rosenfeld has sent in an email stating “his side” of the story below. Cutting a long block of text short, he states that he did not contract MobiHand directly. Should you want more info, click this link for the full scoop!

MyTreo.net’s recently-covered payment issues have been largely resolved, as the software store has been taken over by MobiHand. Most affected developers seem to have received their cash or are scheduled to do so soon.

MobiHand has provided me excellent service with next to no downtime in the past; I consider the company to be the best ESD currently on the market.

Unfortunately, current developer accounts from the MyTreo.net store can not be taken over. Instead, developers must register at MobiHand’s developer back end Mobireach and add their products top the MobiHand catalogue if they haven’t done so before.

P.S. The rumors about Handmark entering the ESD business by taking over the MyTreo.net store are false…

David’s official announcement is below:

Just to clarify, MobiHand has just launched a new software store on
MyTreo.net. MobiHand is not the owner of the MyTreo.net site, and our
arrangement does not involve taking on prior payment obligations.

We look forward to working with all our current developers, and additionally
welcome prior MyTreo.net developers who are not yet working with us to sign
up at http://corporate.mobihand.com/sda_dev.asp, so that we can offer the
best and most complete collection of software on MyTreo.net and across the
MobiHand network of mobile-oriented stores.

An unnamed TealPoint employee recently posted the following explanation about the US trademark law to the palm-entrepreneurs mailing list. As it is excellently written, I felt like reposting it here – enjoy:

1) Functionality
A term cannot usually be trademarked if it is purely descriptive of its functionality. For instance, you cannot trademark “mileage log” for an app that tracks mileage, but I don’t think “Trip” is considered generic by this definition because the name doesn’t describe exactly what it does (trip planner? assistant for clumsy people? Grateful Dead tribute?). Instead, it is considered a “suggestive” mark which can indeed be trademarked. Being a common word isn’t a problem as long as it isn’t “functional”, as “Apple”, “Flash” and many other words are trademarked in a specific application.

2) Incontestability
After five years, a registered term does not automatically become “incontestable”, but only if an “affidavit of incontestability” is filed with the PTO. Even then, the term can still technically be contested, but the term cannot be ruled invalid due to “prior art”, “functionality” or “lack of distinctiveness”.

3) Infringment
Even if it’s incontestable, just including the term as part of a competing product’s name is not automatically infringement, especially when only a limited number of words could apply to an app that tracks automobile mileage. Otherwise, people would just trademark all applicable words (“mileage”, “log”, and “trip”) and nobody would be able to name a competing product anything at all. The intent of trademark law is to prevent confusion, not limit competition.

When determining potential trademark infringment, the PTO assesses the “likelihood of confusion” on the part of customers, e.g. whether they might purchase one product believing it to be the other. If Steven’s product were called “Trip Deluxe”, or even “iTrip” then I think there would be a fair case for infringement. I think it unlikely, however that someone would think “TripLog” and “Trip” were actually the same product.

© 2013 TamsPalm - the Palm OS / web OS Blog Suffusion theme by Sayontan Sinha