mueller-martin.net

PhoneGap + Leaflet + TileMill

This article explains how to render a tiled map with TileMill from OpenStreetMap data and make it available on iOS (Android also should be possible) for offline usage. This is achieved by using a combination of PhoneGap with several plugins and Leaflet for showing the map.

iOS running the result

Obtaining OpenStreetMap data

There are several ways to obtain the data from the OpenStreetMap (OSM) project. I recommend the OpenStreetMap data extracts from Geofabrik. They are updated every 24 hours and provide a couple of different formats.

For this purpose I suggest the bziped XML dump (.osm.bz2). The binary Protocol Buffer format (.osm.pbf) is smaller and should also work, but it didn’t for me.

Storing the OpenStreetMap dump in a SQLite database

For further processing we’ll convert the data to a special SQLite database (with spatial extension), so we can use SQL queries to retrieve the data.

For this step, spatialite-tools are required. On Mac OS X they can be installed running brew install spatialite-tools (Homebrew must be installed).

Now the data can be converted by running this command after extracting the data with e.g. bunzip2:

spatialite_osm_map --osm-path mittelfranken-latest.osm --db-path SpatialiteTest.sqlite

Depending on the size of the dump, this can take a very long time (at least 5 minutes)!

The final SQLite database can be analized with e.g. sqlite3 or better graphical tools like phpLiteAdmin.

phpLiteAdmin showing the SQLite database

Note: The column “Geometry” of some tables may be shown as empty, although there is data (maybe this doesn’t work because most tools don’t provide the spatial extension).

Rendering the tiles with TileMill

TileMill is an open utility to style and render spatial data. It is damn slow, because Node.js is running under the hood, but the software works and exports the needed tiles in the MBTiles format, which simply is a SQLite database, too.

Importing the SQLite data

The relevant tables containing the lines, polygons and points start with “ln_”, “pg_” and “pt_”. They contain the shapes and associated data (street names etc.). The simplest way is to import each table as a layer in TileMill by specifying the CartoCSS selector, the SQLite database file and the SRS format. The latter information is stored in the column “ref_sys_name” of the table called “geom_cols_ref_sys”. For spatialite databeses this always should be “WGS84″.

TileMill Layer

Sadly I didn’t find a way to automate this process, so this has to be repeated for each layer manually.

Now the map can be styled using CartoCSS and the selectors for the layers. There is a nice sample theme called OSM Bright which might help.

Exporting

After importing and styling is finished, it is time to export the map as tiles. In order to do so, select “Export” > “MBTiles” in the upper left corner. Make sure you write down the center point, because this will be likely the position shown when your app starts. The most important settings are the region/boundaries and the zoom levels, as they drastically influence the size of the exported MBTiles file. For mobile devices you want to keep it as small as possible to save bandwidth and storage space.

TileMillRendering

Showing the map with PhoneGap and Leaflet

The app simply downloads the MBTiles file to the local storage if it doesn’t exist, yet. Then the file is read as a SQLite database and the tiles can be retrieved by using SQL queries.

Installing PhoneGap

To install PhoneGap, follow the official installation instructions.

Required PhoneGap plugins

At least two plugins (File and SQLitePlugin) are required in order to show MBTiles offline with PhoneGap, but then the file already has to be available on the local storage. If you want to download the MBTiles file you need the File Transfer plugin. I also strongly recommend installing the Console plugin which enables PhoneGap to show console.log() messages in the Xcode console.

# Shows debug messages in Xcode
phonegap local plugin add https://git-wip-us.apache.org/repos/asf/cordova-plugin-console.git
# Enables access to local storage
phonegap local plugin add https://git-wip-us.apache.org/repos/asf/cordova-plugin-file.git
# Enables file transfers (requires cordova-plugin-file)
phonegap local plugin add https://git-wip-us.apache.org/repos/asf/cordova-plugin-file-transfer.git
# Open SQLite bzw. MBTiles files
phonegap local plugin add https://github.com/lite4cordova/Cordova-SQLitePlugin.git

Please also take a look at the plugin installation guide, because you may need to modify the platform specific settings to enable the plugins (e.g. editing the “www/config.xml” for iOS).

Note: I had problems with missing dependencies when compiling the app after I was reinstalling some plugins. I could solve this issue by manually fixing the “plugins/ios.json” file, because there were plugins listed which were no more installed.

Showing the tiles with Leaflet

The “hardest” task was to load the tiles from the SQLite/MBTiles database instead of a URL. Unfortunately both SQLitePlugin and Leaflet are not documented very well, so first it was not very clear to me how to achive this. But luckily there is this blogpost solving exactly this problem including the source code hosted at GitHub, which was a very good starting point, although it was slightly outdated.

Note: In order to load the MBtiles file from a webserver, you need to add the host to “www/config.xml” otherwise it won’t work! See the Domain Whitelist Guide in the official documentation.

Source Code

The source code is available at GitHub. You are free to use it for any project. In return I’d like to hear what you are using it for and maybe you could contribute back to it.

Why you should upgrade to iOS 7

Today iOS 7 has been released and therefore every media is focused on it, especially social media. And as this update to iOS brings singificant changes, most notably in the GUI and UX (I dont’t want to point them out here, there are enough other sites doing it already), there is a controversial discussion. A lot of people (like me) dislike the gaudy colors, and for me that’s the moment to point once again to the Jony Ive Redesigns Things collection.

But what isn’t mentioned…

… is the fact that iOS 7 not only a update to the user interface, but also fixes a lot of security issues and bugs like most updates do.

This is a list of all issues fixed according to the official Apple Product Security mailing list which everybody can subscribe:

Certificate Trust Policy
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Root certificates have been updated
Description:  Several certificates were added to or removed from the
list of system roots.

CoreGraphics
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team

CoreMedia
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP’s Zero Day Initiative

Data Protection
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Apps could bypass passcode-attempt restrictions
Description:  A privilege separation issue existed in Data
Protection. An app within the third-party sandbox could repeatedly
attempt to determine the user’s passcode regardless of the user’s
“Erase Data” setting. This issue was addressed by requiring
additional entitlement checks.
CVE-ID
CVE-2013-0957 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University

Data Security
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X’s list of untrusted certificates.
CVE-ID
CVE-2013-5134

dyld
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description:  Multiple buffer overflows existed in dyld’s
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser

File Systems
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker who can mount a non-HFS filesystem may be able
to cause an unexpected system termination or arbitrary code execution
with kernel privileges
Description:  A memory corruption issue existed in the handling of
AppleDouble files. This issue was addressed by removing support for
AppleDouble files.
CVE-ID
CVE-2013-3955 : Stefan Esser

ImageIO
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team

IOKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Background applications could inject user interface events
into the foreground app
Description:  It was possible for background applications to inject
user interface events into the foreground application using the task
completion or VoIP APIs. This issue was addressed by enforcing access
controls on foreground and background processes that handle interface
events.
CVE-ID
CVE-2013-5137 : Mackenzie Straight at Mobile Labs

IOKitUser
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious local application could cause an unexpected
system termination
Description:  A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes

IOSerialFamily
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Executing a malicious application may result in arbitrary
code execution within the kernel
Description:  An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt

IPSec
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker may intercept data protected with IPSec Hybrid
Auth
Description:  The DNS name of an IPSec Hybrid Auth server was not
being matched against the certificate, allowing an attacker with a
certificate for any server to impersonate any other. This issue was
addressed by improved certificate checking.
CVE-ID
CVE-2013-1028 : Alexander Traud of www.traud.de

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A remote attacker can cause a device to unexpectedly restart
Description:  Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious local application could cause device hang
Description:  An integer truncation vulnerability in the kernel
socket interface could be leveraged to force the CPU into an infinite
loop. The issue was addressed by using a larger sized variable.
CVE-ID
CVE-2013-5141 : CESG

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker on a local network can cause a denial of service
Description:  An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Kernel stack memory may be disclosed to local users
Description:  An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description:  An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description:  A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser

Kext Management
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An unauthorized process may modify the set of loaded kernel
extensions
Description:  An issue existed in kextd’s handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : “Rainbow PRISM”

libxml
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)

libxslt
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet’s FortiGuard Labs, Nicolas
Gregoire

Passcode Lock
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to the device may be able to
bypass the screen lock
Description:  A race condition issue existed in the handling of phone
calls and SIM card ejection at the lock screen. This issue was
addressed through improved lock state management.
CVE-ID
CVE-2013-5147 : videosdebarraquito

Personal Hotspot
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker may be able to join a Personal Hotspot network
Description:  An issue existed in the generation of Personal Hotspot
passwords, resulting in passwords that could be predicted by an
attacker to join a user’s Personal Hotspot. The issue was addressed
by generating passwords with higher entropy.
CVE-ID
CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz
of University Erlangen-Nuremberg

Push Notifications
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  The push notification token may be disclosed to an app
contrary to the user’s decision
Description:  An information disclosure issue existed in push
notification registration. Apps requesting access to the push
notification access received the token before the user approved the
app’s use of push notifications. This issue was addressed by
withholding access to the token until the user has approved access.
CVE-ID
CVE-2013-5149 : Jack Flintermann of Grouper, Inc.

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet’s FortiGuard Labs

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  History of pages recently visited in an open tab may remain
after clearing of history
Description:  Clearing Safari’s history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing files on a website may lead to script execution even
when the server sends a ‘Content-Type: text/plain’ header
Description:  Mobile Safari sometimes treated files as HTML files
even when the server sent a ‘Content-Type: text/plain’ header. This
may lead to cross-site scripting on sites that allow users to upload
files. This issue was addressed through improved handling of files
when ‘Content-Type: text/plain’ is set.
CVE-ID
CVE-2013-5151 : Ben Toews of Github

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a malicious website may allow an arbitrary URL to
be displayed
Description:  A URL bar spoofing issue existed in Mobile Safari. This
issue was addressed through improved URL tracking.
CVE-ID
CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS

Sandbox
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Applications that are scripts were not sandboxed
Description:  Third-party applications which used the #! syntax to
run a script were sandboxed based on the identity of the script
interpreter, not the script. The interpreter may not have a sandbox
defined, leading to the application being run unsandboxed. This issue
was addressed by creating the sandbox based on the identity of the
script.
CVE-ID
CVE-2013-5154 : evad3rs

Sandbox
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Applications can cause a system hang
Description:  Malicious third-party applications that wrote specific
values to the /dev/random device could force the CPU to enter an
infinite loop. This issue was addressed by preventing third-party
applications from writing to /dev/random.
CVE-ID
CVE-2013-5155 : CESG

Social
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Users recent Twitter activity could be disclosed on devices
with no passcode.
Description:  An issue existed where it was possible to determine
what Twitter accounts a user had recently interacted with. This issue
was resolved by restricting access to the Twitter icon cache.
CVE-ID
CVE-2013-5158 : Jonathan Zdziarski

Springboard
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to a device in Lost Mode may
be able to view notifications
Description:  An issue existed in the handling of notifications when
a device is in Lost Mode. This update addresses the issue with
improved lock state management.
CVE-ID
CVE-2013-5153 : Daniel Stangroom

Telephony
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Malicious apps could interfere with or control telephony
functionality
Description:  An access control issue existed in the telephony
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
telephony functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the telephony daemon.
CVE-ID
CVE-2013-5156 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology

Twitter
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Sandboxed apps could send tweets without user interaction or
permission
Description:  An access control issue existed in the Twitter
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
Twitter functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the Twitter daemon.
CVE-ID
CVE-2013-5157 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP’s Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP’s Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP’s Zero Day Initiative
CVE-2013-1000 : Fermin J. Serna of the Google Security Team
CVE-2013-1001 : Ryan Humenick
CVE-2013-1002 : Sergey Glazunov
CVE-2013-1003 : Google Chrome Security Team (Inferno)
CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1007 : Google Chrome Security Team (Inferno)
CVE-2013-1008 : Sergey Glazunov
CVE-2013-1010 : miaubiz
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a malicious website may lead to information
disclosure
Description:  An information disclosure issue existed in the handling
of the window.webkitRequestAnimationFrame() API. A maliciously
crafted website could use an iframe to determine if another site used
window.webkitRequestAnimationFrame(). This issue was addressed
through improved handling of window.webkitRequestAnimationFrame().
CVE-ID
CVE-2013-5159

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Copying and pasting a malicious HTML snippet may lead to a
cross-site scripting attack
Description:  A cross-site scripting issue existed in the handling of
copied and pasted data in HTML documents. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c
(xysec.com)

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  A cross-site scripting issue existed in the handling of
iframes. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook

WebKit
Available for:  iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
information disclosure
Description:  An information disclosure issue existed in XSSAuditor.
This issue was addressed through improved handling of URLs.
CVE-ID
CVE-2013-2848 : Egor Homakov

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Dragging or pasting a selection may lead to a cross-site
scripting attack
Description:  Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen

You see it is a pretty long list.

Review: The Inner World

And here it is: The first point-and-click adventure game review of “The Inner World“. I never heard about the game or the makers before, but it apparently is another classic adventure made in Germany. (It seems to me that mostly all recent point-and-click adventures are based here). Nevertheless the game looked so good to me, that I took the chance to preorder the special edition for a small discount on Amazon just ten days before the official release date on July 18th and I have to admit it was worth the money, although I tend to prefer downloadable software (and by the way films, too) which is also available through the Humble Store.

Story

I can’t and won’t say much about the story without giving it away, but I liked it very much. It had always the right amount of suspense and fun and humor is a very important aspect of an adventure. One thing which was not quite satisfiyng was the short playtime. I wish it was longer! But I can only speak for myself so you have to find it out for yourself. Watch the official story trailer: https://www.youtube.com/watch?v=MJfPXQzz66o

Characters

I must say I liked all the characters and their design very much. They’re very believable and strongly integrated into the story, although they had old-fashioned German names, but that added an extra portion of humor to the characters. It’s pretty predicatable that Hack will be the favorite character for most players as he is the funny little flying sidekick. I bet I’m not the only one who wished he would have been more present in the game as he only appears at the beginning and the end of the game. At least there is a sticker of him in the special edition.

Gameplay and interface

The interface is great and well thought-out. It is minimalistic and I like that. There were even two completely new elements, which I didn’t encounter in this genre before: Autosave and drag and drop interaction with items in the inventory and the game. The former element was something I wish many adevntures would have, at least as long as adventures are completely linear and you can’t make wrong decisions. The game knows best when to save (before you can do something wrong) and this even can prevent a rage quit due to another crash in the game without having a recent savegame. The latter feature, the drag and drop, was something I couldn’t get used to, because it is so unusual and there was no fallback, but I’m OK with that, why not trying something new and it wasn’t that bad at all, it even enabled disassembly of already combined items.

Technical aspects

One of the aims in my life is to make my very own adventure game, so it is obvious that I’m interested in technical aspects, too. The Inner World is advertised to run on Windows (even Windows XP) and on Mac OS X. The latter aspect was important to me, because I’m currently using Mac OS X as my main OS. I don’t know why, but the whole game (especially the animations) really remembered me about Flash and I wasn’t surprised when I saw traces of Adobe Air in the game directory. After that I’m pretty sure the game is running with Flash and I must confess I dislike Flash. But that said the game is excellent, though it crashed a few times without causing much trouble. I’m just a little bit sad, that it does not run on Linux by default, although Adobe Air is available there, too. Maybe one day it will be available for Linux and even sold in a multiplatform Humble Bundle, because it is already sold by the Humble Store.

iOS Jailbreak app recommendations

Why I’m using a Jailbreak on iOS

iOS is a great mobile OS because it (mostly) just works without much hassle: Simple setup, easy configuration and beautiful design. But there will always be something somebody won’t like, for example I dislike the current design of the upcoming release iOS 7 because of it’s gaudy colors and it seems I’m not the only one. But that’s good, because there’s always a way you can improve your experience and a Jailbreak enables tweaking the device even beyond the restrictions of the vendor.

Recommended Jailbreak apps

I’ve used several Jailbreaks (redsn0w, greenPois0n and currently evasi0n) on different versions of iOS and over time I’ve used quite a lot of Jailbreak apps and currently these are my favorites:

First blog post!

Finally a fully functional website! It took a very long time until this site got there: The first time I registered the domain mueller-martin.net was propably back in January 2009, mainly for easier access to my very first hosted virtual server. It was meant for experimenting and tinkering with Gentoo flavoured Linux in a server environment and still serves this purpose. Some time I would add a website, but it never got as far as it is now, mostly because I could never decide which CMS would run this site. I’m still not satisfied how it is right now and things will change very likely, but I think it is a good start.

What will be published here?

In the future I’ll publish articles about (game) programming, gaming (I love Point & Click adventures!), film-making and anything being of interest. That may be as well related to electronics (Arduino, Raspberry Pi etc.) or hacking one of the topics mentioned. I’m doing this simply to share knowledge or experiences I’ve made.

What comes next?

This site is still undergoing some changes, particularly:

I’d love to hear feedback of any kind, because this site is not only meant for me! And thanks for reading so far.