Monthly Archives: May 2010

On NSNull as an anti-pattern

All this talk about type-safe collections may leave you thinking: but what about NSNull? Let’s say you have an array that only accepts objects conforming to MyProtocol. You can’t add +[NSNull null] to it, because it doesn’t implement the protocol. … Continue reading

Posted in code-level, iPad, iPhone, Mac | 7 Comments

On type safety and making it harder to write buggy code

Objective-C’s duck typing system is both a blessing and a curse. A blessing, in that it’s amazingly flexible. A curse, in that such flexibility can lead to some awkward problems. Something that typically happens in dealing with data from a … Continue reading

Posted in code-level, iPad, iPhone, Mac | 5 Comments

Careful how you define your properties

Spot the vulnerability in this Objective-C class interface: @interface SomeParser : NSObject { @private NSString *content; } @property (nonatomic, retain) NSString *content; – (void)beginParsing; //… @end Any idea? Let’s have a look at a use of this class in action: … Continue reading

Posted in iPad, iPhone, Mac, Vulnerability | 2 Comments

Why OS X (almost) doesn’t need root any more

Note: this post was originally written for the Mac Developer Network. In the beginning, there was the super-user. And the super-user was root. When it comes to doling out responsibility for privileged work in an operating system, there are two … Continue reading

Posted in Authorization, Mac, PCAS | Comments Off on Why OS X (almost) doesn’t need root any more

On improved tool support for Cocoa developers

I started writing some tweets, that were clearly taking up too much room. They started like this: My own thoughts: tool support is very important to good software engineering. 3.3.1 is not a big inhibitor to novel tools. /cc @rentzsch … Continue reading

Posted in PCAS, threatmodel, tool-support | 1 Comment

LLVM projects you may not be aware of

All Mac and iPhone OS developers must by now be familiar with LLVM, the Low-Level Virtual Machine compiler that Apple has backed in preference to GCC (presumably at least partially because because GCC 4.5 is now a GPLv3 project, in … Continue reading

Posted in C++, Java, objc | 27 Comments

On localisation and security

Hot on the heels of Uli’s post on the problems of translation, I present another problem you might encounter while localising your code. This is a genuine bug (now fixed, of course) in code I have worked on in the … Continue reading

Posted in buffer-overflow, l10n, Mac, Vulnerability | 2 Comments