You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by Marlin Mixon <ma...@gmail.com> on 2012/02/29 01:05:52 UTC
Greetings plus discussion of WebSockets for Android
Hi, My name is Marlin Mixon and I'm a new potential contributor.
My interest is WebSockets for Android and I would like to work on
implementing that. In examining this problem one finds that this would
not be a problem at all on an Android browser that supports
WebSockets. Unfortunately, while the latest beta of Firefox does
support it, the majority of Android users run the Android WebKit
browser. So what if a new version of Android Webkit browser is
released that DOES support WebSockets? Well, even if such a browser
were available today, the majority user base will either not be able
to upgrade to it or will choose not to upgrade to it. At least, that's
how I see it.
What about WebSockets on other platforms? As I understand it, the
recent upgrade to Safari includes WebSockets. So nothing is needed for
iOS. I'm not sure about other platforms.
I've researched what others have done in an effort to implement
WebSockets in PhoneGap/Cordova. One such effort was by Animesh Kumar
who adapted a WebSocket client written in Java for Android by Nathan
Rajlich and apparently implemented it so that it ran with a pre-1.0
version of PhoneGap. You can see this body of work here:
http://anismiles.wordpress.com/2011/02/03/websocket-support-in-android%E2%80%99s-phonegap-apps/
I'm not sure what the most efficient approach to use to solve the
problem. One thing I plan to do is see if I can adapt the
Kumar/Rajlich code mentioned above and see if I can get it working in
the latest Cordova. If I were to extend Nathan Rajlich's work, would I
need to get Nathan Rajlich sign the agreement for Apache contributors?
Marlin
Re: Greetings plus discussion of WebSockets for Android
Posted by Marlin Mixon <ma...@gmail.com>.
Socket.io might be a good solution that has the potential to be
implemented across all platforms. All I know about it right now is
what I've read on the intro page. Give me some time to play with it.
Marlin
On Thu, Mar 1, 2012 at 5:14 AM, Patrick Mueller <pm...@gmail.com> wrote:
> On Thu, Mar 1, 2012 at 01:12, Marlin Mixon <ma...@gmail.com> wrote:
>
>> So what that means is if we incorporate Java-WebSocket into Cordova
>> Android it should be pretty straightforward and the security issues
>> should then be resolved.
>>
>
> What other platforms/versions need WebSocket support? There's a tiny bit
> of info available here:
>
> http://caniuse.com/websockets
>
> Interesting that iOS 4.1 doesn't support WebSocket, as that's the last
> version you can upgrade a 2nd gen iPodTouch to, for instance. It won't be
> able to make use of a Java version of WebSocket, obviously.
>
> I'm wondering about another possibility, instead of using a Java version -
> using a JavaScript version - say from socket.io (client):
>
> https://github.com/LearnBoost/socket.io-client
>
> The idea would be that we have a "portable" version of the API, which ends
> up calling into native socket code to push and pull bytes over the network.
> That way, the work in "porting" to a platform just involves making sure
> there's a native "socket" API for the platform.
>
> --
> Patrick Mueller
> http://muellerware.org
Re: Greetings plus discussion of WebSockets for Android
Posted by Patrick Mueller <pm...@gmail.com>.
On Thu, Mar 1, 2012 at 01:12, Marlin Mixon <ma...@gmail.com> wrote:
> So what that means is if we incorporate Java-WebSocket into Cordova
> Android it should be pretty straightforward and the security issues
> should then be resolved.
>
What other platforms/versions need WebSocket support? There's a tiny bit
of info available here:
http://caniuse.com/websockets
Interesting that iOS 4.1 doesn't support WebSocket, as that's the last
version you can upgrade a 2nd gen iPodTouch to, for instance. It won't be
able to make use of a Java version of WebSocket, obviously.
I'm wondering about another possibility, instead of using a Java version -
using a JavaScript version - say from socket.io (client):
https://github.com/LearnBoost/socket.io-client
The idea would be that we have a "portable" version of the API, which ends
up calling into native socket code to push and pull bytes over the network.
That way, the work in "porting" to a platform just involves making sure
there's a native "socket" API for the platform.
--
Patrick Mueller
http://muellerware.org
Re: Greetings plus discussion of WebSockets for Android
Posted by Marlin Mixon <ma...@gmail.com>.
A quick update on WebSocket: It looks like the latest WebSocket spec
(RFC 6455) addresses the security issues. The current PhoneGap branch
that is a year old contains WebSocket.java that only offers the the
older insecure Draft 75 and Draft 76 WebSocket protocols. I did some
searching around and found the original source of WebSocket.java. The
author is Nathan Rajlich and it so happens that his Java-WebSocket
project is being actively developed. The project is at
http://java-websocket.org/ and the repository is here
git://github.com/TooTallNate/Java-WebSocket I've reviewed the code
and this newer version has WebSocket protocol options for not only the
original Drafts 75 and 76 but also Hybi 10 and Hybi 17. Hybi 17 is
identical to the protocol defined by RFC 6455 which was released in
December 2011. I'm checking with Nate to see if he sees any problems
with using his code (currently licensed under MIT)
So what that means is if we incorporate Java-WebSocket into Cordova
Android it should be pretty straightforward and the security issues
should then be resolved.
On Wed, Feb 29, 2012 at 3:25 PM, Bryce Curtis <cu...@gmail.com> wrote:
> The issue is discussed http://davidwalsh.name/websocket-security and
> http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html
> .
>
> It has been fixed in the latest spec (
> http://tools.ietf.org/html/rfc6455#page-50), so it's a matter of using a
> client/server that is compliant.
>
> On Wed, Feb 29, 2012 at 10:31 AM, Filip Maj <fi...@adobe.com> wrote:
>
Re: Greetings plus discussion of WebSockets for Android
Posted by Bryce Curtis <cu...@gmail.com>.
The issue is discussed http://davidwalsh.name/websocket-security and
http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html
.
It has been fixed in the latest spec (
http://tools.ietf.org/html/rfc6455#page-50), so it's a matter of using a
client/server that is compliant.
On Wed, Feb 29, 2012 at 10:31 AM, Filip Maj <fi...@adobe.com> wrote:
> Bryce/Simon/Joe - do you guys remember what the issue was with the
> WebSockets branch?
>
> On 2/29/12 7:26 AM, "Marlin Mixon" <ma...@gmail.com> wrote:
>
> >Obviously it would be important to find out what the security issue(s)
> >are before embarking. It looks like what I would do is refactor by
> >forking the current master release then insert code from the old
> >WebSockets branch and make changes as needed to make it work with the
> >newer code. Finding relevant code in the WebSockets branch might be
> >an issue but it doesn't seem too hard a task.
> >
> >On Tue, Feb 28, 2012 at 6:30 PM, Filip Maj <fi...@adobe.com> wrote:
> >> Hey Marlin,
> >>
> >> Thanks for joining the mailing list and starting discussion.
> >>
> >> One thing that may put you on the right track is actually a branch we
> >>have
> >> that implements WebSockets for the Android Cordova implementation :)
> >>
> >> https://github.com/apache/incubator-cordova-android/tree/WebSockets
> >>
> >>
> >> It is about a year behind in terms of upstream commits, so certainly a
> >>lot
> >> of work needs to be done, but I think 95% of the work is there.
> >>
> >> This branch was slated for introduction into master but never made it
> >>due
> >> to a security issue that came up (the details escape me - maybe someone
> >> else from the list can bring the light the original reason). Not sure
> >> whether or not that was resolved. I think it was due to some standards
> >> body declaring that some revision of the web sockets spec was
> >>incomplete?
> >> Something along those lines.
>
>
Re: Greetings plus discussion of WebSockets for Android
Posted by Filip Maj <fi...@adobe.com>.
Bryce/Simon/Joe - do you guys remember what the issue was with the
WebSockets branch?
On 2/29/12 7:26 AM, "Marlin Mixon" <ma...@gmail.com> wrote:
>Obviously it would be important to find out what the security issue(s)
>are before embarking. It looks like what I would do is refactor by
>forking the current master release then insert code from the old
>WebSockets branch and make changes as needed to make it work with the
>newer code. Finding relevant code in the WebSockets branch might be
>an issue but it doesn't seem too hard a task.
>
>On Tue, Feb 28, 2012 at 6:30 PM, Filip Maj <fi...@adobe.com> wrote:
>> Hey Marlin,
>>
>> Thanks for joining the mailing list and starting discussion.
>>
>> One thing that may put you on the right track is actually a branch we
>>have
>> that implements WebSockets for the Android Cordova implementation :)
>>
>> https://github.com/apache/incubator-cordova-android/tree/WebSockets
>>
>>
>> It is about a year behind in terms of upstream commits, so certainly a
>>lot
>> of work needs to be done, but I think 95% of the work is there.
>>
>> This branch was slated for introduction into master but never made it
>>due
>> to a security issue that came up (the details escape me - maybe someone
>> else from the list can bring the light the original reason). Not sure
>> whether or not that was resolved. I think it was due to some standards
>> body declaring that some revision of the web sockets spec was
>>incomplete?
>> Something along those lines.
Re: Greetings plus discussion of WebSockets for Android
Posted by Marlin Mixon <ma...@gmail.com>.
Obviously it would be important to find out what the security issue(s)
are before embarking. It looks like what I would do is refactor by
forking the current master release then insert code from the old
WebSockets branch and make changes as needed to make it work with the
newer code. Finding relevant code in the WebSockets branch might be
an issue but it doesn't seem too hard a task.
On Tue, Feb 28, 2012 at 6:30 PM, Filip Maj <fi...@adobe.com> wrote:
> Hey Marlin,
>
> Thanks for joining the mailing list and starting discussion.
>
> One thing that may put you on the right track is actually a branch we have
> that implements WebSockets for the Android Cordova implementation :)
>
> https://github.com/apache/incubator-cordova-android/tree/WebSockets
>
>
> It is about a year behind in terms of upstream commits, so certainly a lot
> of work needs to be done, but I think 95% of the work is there.
>
> This branch was slated for introduction into master but never made it due
> to a security issue that came up (the details escape me - maybe someone
> else from the list can bring the light the original reason). Not sure
> whether or not that was resolved. I think it was due to some standards
> body declaring that some revision of the web sockets spec was incomplete?
> Something along those lines.
Re: Greetings plus discussion of WebSockets for Android
Posted by Filip Maj <fi...@adobe.com>.
Hey Marlin,
Thanks for joining the mailing list and starting discussion.
One thing that may put you on the right track is actually a branch we have
that implements WebSockets for the Android Cordova implementation :)
https://github.com/apache/incubator-cordova-android/tree/WebSockets
It is about a year behind in terms of upstream commits, so certainly a lot
of work needs to be done, but I think 95% of the work is there.
This branch was slated for introduction into master but never made it due
to a security issue that came up (the details escape me - maybe someone
else from the list can bring the light the original reason). Not sure
whether or not that was resolved. I think it was due to some standards
body declaring that some revision of the web sockets spec was incomplete?
Something along those lines.
On 2/28/12 4:05 PM, "Marlin Mixon" <ma...@gmail.com> wrote:
>Hi, My name is Marlin Mixon and I'm a new potential contributor.
>
>My interest is WebSockets for Android and I would like to work on
>implementing that. In examining this problem one finds that this would
>not be a problem at all on an Android browser that supports
>WebSockets. Unfortunately, while the latest beta of Firefox does
>support it, the majority of Android users run the Android WebKit
>browser. So what if a new version of Android Webkit browser is
>released that DOES support WebSockets? Well, even if such a browser
>were available today, the majority user base will either not be able
>to upgrade to it or will choose not to upgrade to it. At least, that's
>how I see it.
>
>What about WebSockets on other platforms? As I understand it, the
>recent upgrade to Safari includes WebSockets. So nothing is needed for
>iOS. I'm not sure about other platforms.
>
>I've researched what others have done in an effort to implement
>WebSockets in PhoneGap/Cordova. One such effort was by Animesh Kumar
>who adapted a WebSocket client written in Java for Android by Nathan
>Rajlich and apparently implemented it so that it ran with a pre-1.0
>version of PhoneGap. You can see this body of work here:
>http://anismiles.wordpress.com/2011/02/03/websocket-support-in-android%E2%
>80%99s-phonegap-apps/
>
>I'm not sure what the most efficient approach to use to solve the
>problem. One thing I plan to do is see if I can adapt the
>Kumar/Rajlich code mentioned above and see if I can get it working in
>the latest Cordova. If I were to extend Nathan Rajlich's work, would I
>need to get Nathan Rajlich sign the agreement for Apache contributors?
>
>Marlin