Paul Todd's Forum Nokia Blog

DevcertList update

2009-01-06T13:54:13+02:00

DevcertList has been updated to version 1.2

I have seen a number of people getting "Constrained by certificate" errors and say they are absolutly sure they transcribed the IMEI correctly. To fix this I have updated DevCertList to check for IMEI's that are invalid and also IMEI's that have the wrong length.

The 3GPP specification outlines the checksum digit calculation to make sure the IMEI is valid.

This was a result of this thread over at the Symbian board..

http://developer.symbian.com/forum/thread.jspa?messageID=84670&tstart=0

Get it here:

http://wiki.forum.nokia.com/index.php/Listing_IMEIs_and_Capabilities_in_a_DevCert

DevcertList uploaded onto Wiki

2008-04-19T14:21:53+03:00

One tool I am continuously missing is the ability to get a list of IMEI's and capabilties from a devcert.

Our devcerts have lots of IMEI's and varying capabilties and whilst you can open the certificate in Windows and look at the extension fields to find out if the IMEI is present it is quite difficult in practise.

So I wrote a little windows application to dump out the IMEI's and capabilties associated with a specified devcert.

One cool thing it can do dump the output in a bare format so its suitable for piplining into other console applications.

You can read more about it here

Uid's and Symbian Signed

2008-03-07T13:55:17+02:00

Here is a quick review of the UID strategy in Symbian and how it applies to Symbian Signed.

Everything you need to know is in the link below thanks to Dave Mery:

http://developer.uiq.com/forum/entry.jspa?entryID=114

This post is born out of frustration seeing the same questions on both the Symbian and Nokia boards, though strangely enough not NewLC? (what's Eric doing right?)

I am not going to cover the arguments or reasons for this, it is a factual post as I undertand it regarding UID's (See disclaimer at the end)

0xAxxxxxxxx is for applications that are self signed. The UID is requested and associated with a Symbian signed account. This prevents different applications using the same UID and assists tracability when redistributed. Specifically it is for applications requiring only user grantable capabilities. From FP2 this includes Location. By default the certificate has a life of a year. There is a patch here to extend it.

0x2xxxxxxx range is for applications that must be Symbian signed by the licenced owner because they are using Extended Set capabilties. The UID is associated with a Symbian signed account. This prevents different applications using the same UID. Specifically it is intended that ALL applications in this range will be Sybmbian Signed BEFORE being redistributed publically.

0x1xxxxxxx -
0x0xxxxxxx range is for internal testing use only and should requires a publisher id to use. This is primarily for integration work with pre OS 9.x components and will not be Symbian Signed or redistributed

0XExxxxxx range is internal testing applications/prototypes/Proof of concept. These UIDS are for internal test applications requiring enhanced set capabilties. These uids are NOT associated with an email account and they are intended just for the developers personal machine as UID clashes can and will occur. Specifically these applications should not be redistributed at all. If you are not using any extended set capabiltiies, use a self signed certificate There is an update here to allow self signed sis files to have their certificate life extended from the default

Now some common questions in my inbox:

Can you give me a devcert for <imei> - NO

Please sign <pirated application> - NO

Please sign <freeware application> - NO

This is unfair to developers - Sorry nothing I can do about it and you are asking the wrong person, I don't work (and never have) at Nokia, UIQ or Symbian.

Freeware signing is slow and unreliable - as previous question...

My program has too many bugs to get through signing - as previous question...

"FAILURE: Submitted .sis file uses a UID that is not allocated to the account holder matching this email address (0x0000000 )" - email the developer of the application with your IMEI and see if he will sign it for you, I can't, see answer to "unfair for developers".

As usual I want to point out this is MY understanding and may or may not be correct. Specifically it is not any official point of view of any company I may be or have been associated with.

Scalability

2007-08-22T23:47:48+03:00

One of the things engineers are going to have to think about when the new widgets api's come out is not just to think about the device, but rather to think about the server side. I mean how great is your widget going to be if your server is being hosed by millions of clients.

The biggest problem I believe is going to be dealing with scalability issues on the server side as there are plenty more phones than laptops and with wifi being cheap and data plans becoming cheaper there could be a whole load of problems dealing with orders of magnitude more connections than a regular windows based clients.

That why one of my favourite feeds is the high scalability website where they cover how the really big sites on the web work and scale.
Recently they have covered the architectures for flickr, youtube, digg and typepad.

What does this mean for Symbian Signed

2007-05-14T12:08:28+03:00

I see F-Secure are now apparently flagging two Symbian signed applications as Spyware in their mobile security application.

I follow their blog quite often in my reader and this came up today:
http://www.f-secure.com/weblog/archives/archive-052007.html#00001190

They do not however publish the names of the products concerned.

This does rather interestingly lead to the question of where does Symbian Signed draw the line and just how much trust do we have in it to promote S60 as a safe platform for consumers?

I for one find this very dissapointing as the amount of money we (the company I work for, not a phone manufacturer) are spending on Symbian signed; and the program as a whole to build trust for consumers can so easily be undermined.

I hope the author or Nokia will go into more details about why these applications are flagged....

Hopefully this is just a misunderstanding on the part of F-Secure...

Still it looks like you will need to get AV software for your phone just like Windows