Monthly Archives: April 2010

Which vendor “is least secure”?

Posted on 2010-04-30 by Graham

The people over at Intego have a blog post, Which big vendor is least secure? They discuss that because Microsoft have upped their game, malware authors have started to target other products, notably those produced by Adobe and Apple. That … Continue reading

Posted in Business, Responsibility, threatmodel, Vulnerability | 2 Comments

Why passwords aren’t always the right answer.

Posted on 2010-04-29 by Graham

I realised something yesterday. I don’t know my master password. Users of Mac OS X can use FileVault, a data protection feature that replaces the user’s home folder with an encrypted disk image. Encrypted disk images are protected by AES-128 … Continue reading

Posted in Encryption, Keychain, Mac, password | 3 Comments

WWDC dates announced

Posted on 2010-04-28 by Graham Lee

The entire of Twitter has imploded after noticing that Apple has announced the dates for WWDC, this year June 7-11. That’s too short notice for me to go, and having only recently started working again after a few months concentrating … Continue reading

Posted in carbon, conference, nextstep | 2 Comments

The difference between NSTableView and UITableView

Posted on 2010-04-15 by Graham Lee

A number of times, I’ve chased myself down rat holes in iPhone projects because I’ve created a design or implementation that assumes UITableView and NSTableView are similar objects. They aren’t. The main problem I come across is related to how … Continue reading

Posted in cocoa, iPad, iPhone, objc | 3 Comments

Regaining your identity

Posted on 2010-04-05 by Graham

In my last post, losing your identity, I pointed out an annoying problem with the Sparkle update framework, in that if you lose your private key you can no longer post any updates. Using code signing identities would offer a … Continue reading

Posted in Codesign, Crypto, PCAS, Updates | Leave a comment

Losing your identity

Posted on 2010-04-04 by Graham

Developers make use of cryptographic signatures in multiple places in the software lifecycle. No iPad or iPhone application may be distributed without having been signed by the developer. Mac developers who sign their applications get to annoy their customers much … Continue reading

Posted in Codesign, Crypto, iPad, iPhone, Mac, PCAS, Policy, Updates | Comments Off on Losing your identity

On writing a book

Posted on 2010-04-02 by Graham Lee

Well, I’ve performed my final author’s review, and Professional Cocoa Application Security is all with the printers. This post is about my experiences writing the book, not the book material itself. My original motivation for writing PCAS was that it … Continue reading

Posted in book, cocoa, security | 1 Comment