Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

On explaining stuff to people

Posted on 2011-12-17 by Graham

An article that recently made the rounds, though it was written back in September, is called Apple’s Idioten Vektor. It’s a discussion of how the CCCrypt() function in Apple’s CommonCrypto library, when used in its default cipher block chaining mode, … Continue reading →

Posted in books, Crypto, documentation, Encryption, iPad, iPhone, Mac, PCAS | Leave a comment

On SSL Pinning for Cocoa [Touch]

Posted on 2011-12-07 by Graham

Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading →

Posted in code-level, iPad, iPhone, ssl | 6 Comments

A bunch of monkeys with typewriters

Posted on 2011-12-02 by Graham

As with many of the posts in this blog, this one originally started as a tweet that got too long. With the launch of Path 2, a conversation about Atos ditching email for social media and Yammer posting a video … Continue reading →

Posted in Uncategorized | Comments Off

Mac App Sandboxing: it may not be for you (but that’s probably OK)

Posted on 2011-11-09 by Graham

The MAS section of devforums is, along with a healthy subsection of the rest of the interwebs, aflame with the news that the deadline for sandboxing store-delivered apps is further away than it used to be, but still too close … Continue reading →

Posted in Uncategorized | 2 Comments

Android: the missed opportunities

Posted on 2011-10-23 by Graham

There are a few Android devices I have respect for: the Amazon Kindle Fire is one, the B&N Nook another, and the Cisco Cius is the third. To a lesser extent, the Sony tablet also fits this category. I don’t … Continue reading →

Posted in Android, UI | Comments Off

Why your security UI sucks

Posted on 2011-10-04 by Graham

The principle recurring problem in user experience is creating a user interface that supports the user’s mental model of how an app works, while simultaneously enabling the actions that are actually supported by the implementation’s model of the problem domain. … Continue reading →

Posted in software-engineering, UI, user-error | Comments Off

On Windows 8

Posted on 2011-09-14 by Graham

Right from the beginning, you have to accept that this analysis is based on the presentation of Windows 8 shown at the //build/windows conference. I’ve watched the presentation, I’m downloading the developer preview but I’m over an hour away from … Continue reading →

Posted in Uncategorized | 1 Comment

Don’t be a dick

Posted on 2011-09-06 by Graham

In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading →

Posted in Data Leakage, IANAL, Policy, Privacy | Comments Off

So you don’t like your IDE

Posted on 2011-09-02 by Graham

There are many different tools for writing Objective-C code, though of course many people never stray much beyond the default that’s provided by their OS vendor. Here are some of the alternatives I’ve used: this isn’t an in-depth review of … Continue reading →

Posted in code-level, tool-support | Comments Off

On device identifiers

Posted on 2011-08-21 by Graham

Note: as ever, this blog refrains from commenting on speculation regarding undisclosed product innovations from device providers. This post is about the concept of tracking users via a device identifier. You might find the discussion useful in considering future product … Continue reading →

Posted in Uncategorized | 6 Comments