Author: Ian Bull

JavaScript has been used as a client side language for over 20 years and as a server side language for close to 10. In the past 3 years, JavaScript has emerged as a language of choice for mobile app developers, especially those looking for a cross-platform solution. Technology stacks such as React Native and Tabris.js are the obvious choices, but some engineers are rolling their...

Read More

In preparation for the Tabris.js 2.0 release, we started counting down the 10 features of Tabris.js 2.0 that we're most excited about. We reached the halfway point, which means that the release is almost here and we have 4 features left to go. Feature Number 6: Binary Fetch is a pretty exciting technical feature, especially for me because it required the implementation of shared memory regions in...

Read More

After over a year of development, Tabris.js 2.0 is almost here. To help celebrate this, the Tabris.js development team is counting down some of the features we're most excited about. Over the past year, I've had the opporuntity to focus on Tabris.js security related work such as certificate pinning, code signing, code obfuscation, and other security enhancements. Certificate Pinning When an SSL connection is first made, the server...

Read More

AES (Advanced Encryption Standard) is a symmetric-key encryption algorithm. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. In this tutorial we will demonstrate how to encrypt plaintext using the OpenSSL command line and decrypt the cipher using the OpenSSL C++ API. The cryptographic keys used for AES are usually fixed-length (for example, 128...

Read More

Code signing and verification is the process of digitally signing executables or scripts to ensure that the software you are executing has not been altered since it was signed. I previously outlined how to perform code signing and verification with OpenSSL, using both the command line and OpenSSL API. While the tutorial explained how to create an RSA KeyPair, it didn't mention anything about protecting the...

Read More

Tabris.js is a cross platform mobile toolkit that enables application developers to target multiple platforms from a single JavaScript code base. Unlike some other cross-platform toolkits, Tabris.js does not rely on WebViews, but instead produces native applications. This is achieved by providing a cross-platform API in JavaScript and linking that API to the platform specific widgets. Additionally, Tabris.js also includes a build service. This service enables our...

Read More

Code signing and verification is the process of digitally signing executables or scripts to ensure that the software you are executing has not been altered since it was signed. Code signing helps protect against corrupt artifacts, process breakdown (accidentally delivering the wrong thing) and even malicious intents. We have recently started implementing code verification in J2V8. Code verification has been implemented in the native code using OpenSSL. Code...

Read More

Mobile software development is hard. Before you can even write your first line of code you must: download, install and configure the IDEs and SDKs, configure the emulators or connect a device to your machine, build the application archives (apks / ipas) and install these archives on your device. With Tabris.js we set out to eliminate most of the technical hurdles users face when developing mobile applications. With...

Read More

I returned home late the other night, and saw this tweet in my timeline: https://twitter.com/marckhouzam/status/761389998788714496 He added a clarifying note that said the '?' was also broken. For those of you who don't know Marc, he is the co-lead of the Eclipse C/C++ Development Tools and all round good guy. I was pretty sure his keyboard wasn't actually broken and he was basically asking: How can you write a...

Read More

Memory management in J2V8 has never been easy. Because J2V8 bridges V8 and Java, three different memory models are in play. Both Java and JavaScript provide a managed memory model with their own GC. JNI / C++ which sits in the middle is completely unmanaged. This leads to a complex situation since both JavaScript and Java will free memory if they think it's unused, but...

Read More