Recommended way of catching key events in WIMP app

I’ve been playing around with making a WIMP application this holiday season ⁰ and now I’ve taken a few more days off to finish it ¹. I want my app ³ to catch keyboard events. My initial thought was to use wimp_poll ³ with wimp_KEY_PRESSED to catch wimp_QUEUE_KEY and look at block.key.c, compare this to known key codes and act accordingly. This would have been nice, since the poll handles the resource sharing for me, but this seems to be the wrong way to go about it for several reasons, among them:

1. As far as I can tell, the events are only sent to my app if they are meant for it somehow. Not sure how that works, but I want to catch key events regardless of what window is currently selected, and my app doesn’t have a window…
2. Latency (not a huge problem for my app, I think, but still),
3. The defined wimp_KEY_* with Shift and Ctrl ⁵ would be good enough to toy with, but what I would prefer to catch is e.g. LogoKey + arrowkeys/h/j/k/l etc., which I take it is not possible.

I’m sure there are other reasons as well.

I’m guessing that I will need to use some lower level library, or is there some support in OSLib for this type of thing? What would be an idiomatic way of doing this using C in Risc OS, keeping in mind that I don’t want my program to completely lock the OS because it is constantly polling for keyboard events?

⁰ Mostly following http://www.stevefryatt.org.uk/risc-os/wimp-prog (https seems to be broken btw)

¹ Well, actually to finish some other personal projects, but I’m procrastinating ²…

² See e.g. http://www.structuredprocrastination.com/

³ How old is the use of “App” for programs on Risc OS? Does it predate the popularisation of the term, that came with mobile devices?

⁴ There is also a wimp_poll_idle – not sure which one is right to use under which circumstances

⁵ Comparing the Strong Help for the OS itself with that of OSLib, there are key codes for keys combined with Shift, Ctrl and Shift+Ctrl in the former, but only definitions for the keys alone in the latter. For most but not all keys these are just keycode + 0x10, + 0x20 and + 0x30, respectively, so implementing the combos by hand seems simple enough, but is there another preferred way of catching those with OSLib? ⁶

⁶ EDIT: I just found that Steve has a part of his guide devoted to exactly this: http://www.stevefryatt.org.uk/risc-os/wimp-prog/keyboard-input Not sure how I missed that, but it seems to only be for key presses in my window, if I’m not mistaken, and as stated above, my application doesn’t have a window.

to catch wimp_QUEUE_KEY

Note that if you set the wimp_QUEUE_KEY bit in your poll mask, that stops you getting key presses.

Latency (not a huge problem for my app, I think, but still),

If you’re doing normal wimpy things then you have to wait till you get control through Wimp_Poll anyway.

For most but not all keys these are just keycode + 0×10, + 0×20 and + 0×30, respectively, so implementing the combos by hand seems simple enough, but is there another preferred way of catching those with OSLib?

I’m not sure what you’re asking here, but e.g.

keycode | wimp_KEY_SHIFT 
keycode | wimp_KEY_CONTROL

Steve covers this in his article.

Not sure how I missed that, but it seems to only be for key presses in my window, if I’m not mistaken, and as stated above, my application doesn’t have a window.

Make a window with the hotkeys flag, but put it off-screen so no-one can see it. This is what the task manager does; in its templates (Resources:$.Resources.Switcher.Templates) there is a window grabkeys for this. (And remember to pass on unwanted keypresses with Wimp_ProcessKey.)

There is also a wimp_poll_idle – not sure which one is right to use under which circumstances

Wimp_PollIdle is used if you wish to get a null event after an interval, for example Alarm calls it with an interval of 1 second so that it gets a chance to update the clock on the iconbar.

Another case is if you want to respond to mouse movements (other than leaving/entering). You’d need to PollIdle regularly (e.g. 1 centi-second) to check the mouse position. CloseUp does this to update its magnified display.

How old is the use of “App” for programs on Risc OS? Does it predate the popularisation of the term, that came with mobile devices?

RISC OS 2 used “App.” in the filer menu, just as it does today. RISC OS 3 introduced the “Apps” icon on the iconbar with that text underneath. Here are people writing “app” and “apps” in a c.s.a.m thread in November 1996.

As far as I can tell, the events are only sent to my app if they are meant for it somehow. Not sure how that works, but I want to catch key events regardless of what window is currently selected, and my app doesn’t have a window…

As Julie says, they’re sent to windows. To the window with input focus, more specifically, unless your window has the Hotkeys flag set. You’ll find details in the keypress section of my tutorial — see the “Passing Keys On” section.

A window that’s out of sight, off screen, is the usual approach. Make sure that you pass all unclaimed keys on with Wimp_ProcessKey, however!

The defined wimp_KEY_* with Shift and Ctrl 5 would be good enough to toy with, but what I would prefer to catch is e.g. LogoKey + arrowkeys/h/j/k/l etc., which I take it is not possible.

Maybe not. The best way to do this via the standard poll events is to use DeepKeys, which other software like Zap already requires. It adds a lot of information about modifiers to the wimp_key event block.

Otherwise, you’re into sitting on Null events and scanning for keys being pressed via osbyte_IN_KEY. The problem is that for keys that otherwise have an effect, the Wimp will still process them in the usual way afterwards (so if you’re looking for Flag-H, for example, the Wimp will still pass H on to the Key Pressed event where something like Edit will pick it up.

There is also a wimp_poll_idle – not sure which one is right to use under which circumstances

If you’re background polling on Null events, use wimp_poll_idle with a gap of 5 or 10 cs between events. Otherwise you’ll thrash the system all the time.

https seems to be broken btw

More “not implemented”, as my host doesn’t provide it (for a sensible price). I’m considering changing host, but it’s a lot of hassle and the company that I’d earmarked seems to have just changed hands and become part of a larger entity… which isn’t always a good thing.

More “not implemented”, as my host doesn’t provide it (for a sensible price).

Worse than that Steve – the server responds to an HTTPS request with a certificate valid for

only, resulting in a certificate mismatch error and downhill from there.

Probably wasn’t a problem before but common browsers are now introducing HTTPS only modes that take a URL make it HTTPS and then offer a fail down to HTTP after a big error message (connecting direct) and through an organisational proxy you tend to see this kind of message:

Untrusted Website
While trying to retrieve the URL:https://www.stevefryatt.org.uk/ (Add exception for this URL)
Status Hostname doesn’t match
Subject/OU=Domain Control Validated/CN=*.servers.prgn.misp.co.uk

Andreas is either a Firefox¹ user on a direct connection or behind an organisational firewall

¹ HTTPS only mode ON, or similar with the HTTPS everywhere plugin for Chrome

@Steve @Julie @David

Thanks a lot, looking forward to trying your solutions out. I’ll see how far I get before I go down either the osbyte or DeepKeys rabbit hole. DeepKeys looks initially promising, but I would prefer not to have to rely on a non-free third party product.

@Steve

Andreas is either a Firefox1 user on a direct connection or behind an organisational firewall

I am a Firefox user, but in this case it was a matter of checking for https manually before copying the link, whereupon I ran into the problem you describe. :)

I am a Firefox user, but in this case it was a matter of checking for https manually

about:preferences#privacy scroll down to the bottom

It’s interesting how few sites need HTTP (80) these days

It’s interesting how few sites need HTTPS

There, fixed that for you. ;-)

There are a number of static sites that don’t require or expect user supplied data (mine being an example) to which I find it hard justifying the necessity of https.

I know, I know. People talk about sites being hijacked, content altered, and so on. But if that’s the case you have far bigger issues going on. You either need a new ISP or a new government.

As for the idea of “the government could be snooping”, well, what makes that any worse than Google, Facebook, etc snooping? Or your helpful antivirus sending a list of all the URLs you visited back to the mothership? Or the OS itself under the guise of “diagnostics”? Or… you see where I’m going with this, right?

There, fixed that for you. ;-)

I could argue the point, but I know you’re deliberately misinterpreting a comment about the fact that most sites on the net can be communicated with HTTPS alone.

Of course HTTP is required for the browser to communicate with the Certificate Authorities. Ironic innit?

It’s actually looking at the problem from a different point of view. For instance, it should be up to Steve to decide if and when he wishes to go to secure, if indeed he feels it necessary.

However, since there’s a big push for everything to go encrypted, and since his server is obviously misconfigured, more and more people following those links (even if they specify http) are going to be met with a big screamy This connection is untrusted warning. Because “the industry” has decided to shove https down everybody’s throat whether they want it or not.

Steve, file a ticket with your host. Other (Authentic) Steve has given the necessary information. If you don’t have SSL, it shouldn’t be responding with somebody else’s certificate. Even worse, if you go beyond the error and let it load, you get a generic 404. This behaviour will break the new “let’s try SSL first and then fall back” thing that browsers are starting to implement. If you don’t have SSL, it shouldn’t respond period. No ifs, buts, or maybes.

Of course HTTP is required for the browser to communicate with the Certificate Authorities.

???
Did the WiFi Alliance spec that one up? Because that looks like a weak link disaster on par with “let’s spilt WPS into two parts that can be separately authenticated”.

Steve, file a ticket with your host. Other (Authentic) Steve has given the necessary information. If you don’t have SSL, it shouldn’t be responding with somebody else’s certificate. Even worse, if you go beyond the error and let it load, you get a generic 404.

That’s actually my point, most sites take the HTTPS connection.
Some fail down to an HTTP. When something responds the way this one does you rather suspect it’s deliberate and attempting to push a paid service on the site owner.

This behaviour will break the new “let’s try SSL first and then fall back” thing that browsers are starting to implement.

Indeed, and I, for one, don’t want to see impediments to people accessing Steve F’s content.

Of course HTTP is required for the browser to communicate with the Certificate Authorities.

???
Did the WiFi Alliance spec that one up? Because that looks like a weak link disaster on par with “let’s spilt WPS into two parts that can be separately authenticated”.

There’s a weird logic in it. The point is the revoke lists and the validation root certificates must be accessible to everyone wanting to confirm the validity of a certificate on a site, and how do you access an HTTPS site and check a certificate validity contained on that site if you can’t access the root certificate on that CA site?

You would need a God certificate that validates all the sites of the existing CA’s – so who are you nominating to be in charge of everyone else?

Steve, file a ticket with your host. […] When something responds the way this one does you rather suspect it’s deliberate and attempting to push a paid service on the site owner.

I finally found time to look at this, and five minutes on chat with their support people seems to have resulted in a Let’s Encrypt cert on the site. It just remains to be seen if it auto-renews…

It might have been nicer if they’d documented it in the knowledgebase, but I suppose they don’t sell so many paid-for certs that way.

I finally found time to look at this, and five minutes on chat with their support people seems to have resulted in a Let’s Encrypt cert on the site.

The result is a neat setup, TLS1.2 only and no weak ciphers
I presume you gave it a run through the "SSL Labs:https://www.ssllabs.com/ssltest/analyze.html?d=www.stevefryatt.org.uk tester?

No TLS 1.3, but that might cause problems for some RO browsers at present.