Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

On home truths in iOS TDD

Posted on 2012-02-07 by Graham

The first readers of Test-Driven iOS Development (currently available in Rough Cuts form on Safari Books Online: if you want to buy a paper/kindle/iBooks editions, you’ll have to wait until it enters full production in a month or so) are … Continue reading →

Posted in books, code-level, TDD, tool-support | 7 Comments

Security: probably doing it wrong

Posted on 2012-01-27 by Graham

Being knowledgable in the field of information security is useful and beneficial. However, it’s not sufficient, and while it’s (somewhat) easy to argue that it’s necessary there’s a big gap between being a security expert and making software better, or … Continue reading →

Posted in software-engineering | Comments Off

Irresponsible tolerance

Posted on 2012-01-11 by Graham

Context @unclebobmartin said: One of the bad behaviors that destroys projects is “irresponsible tolerance”. Tolerating what you know you should fix. This triggered a discussion between @phil_nash and myself. As far as this got on the Twitters, we agreed that … Continue reading →

Posted in Uncategorized | Comments Off

On standards in free software engineering

Posted on 2012-01-08 by Graham

I have previously written on the economics of software insecurity, and I quote a couple of paragraphs from that post below: One option that is not fully explored in the book, but which I believe could be worth exploring, is … Continue reading →

Posted in Business, software-engineering | Comments Off

On the economics of software insecurity

Posted on 2012-01-08 by Graham

This post is mainly motivated by having read Geekonomics: the real cost of insecure software, by David Rice. Since writing the book Rice has apparently been hired by Apple, though his bio at the Geekonomics site doesn’t mention that (nor … Continue reading →

Posted in software-engineering | 1 Comment

These things are hard

Posted on 2011-12-27 by Graham

Mike Lee recently wrote about his feelings on seeing those classic pictures from the American space program, in which the earth appears as a small blue marble set against the backdrop of space. His concluding paragraph: Life has its waves. … Continue reading →

Posted in Uncategorized | 2 Comments

On explaining stuff to people

Posted on 2011-12-17 by Graham

An article that recently made the rounds, though it was written back in September, is called Apple’s Idioten Vektor. It’s a discussion of how the CCCrypt() function in Apple’s CommonCrypto library, when used in its default cipher block chaining mode, … Continue reading →

Posted in books, Crypto, documentation, Encryption, iPad, iPhone, Mac, PCAS | Leave a comment

On SSL Pinning for Cocoa [Touch]

Posted on 2011-12-07 by Graham

Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading →

Posted in code-level, iPad, iPhone, ssl | 6 Comments

A bunch of monkeys with typewriters

Posted on 2011-12-02 by Graham

As with many of the posts in this blog, this one originally started as a tweet that got too long. With the launch of Path 2, a conversation about Atos ditching email for social media and Yammer posting a video … Continue reading →

Posted in Uncategorized | Comments Off

Mac App Sandboxing: it may not be for you (but that’s probably OK)

Posted on 2011-11-09 by Graham

The MAS section of devforums is, along with a healthy subsection of the rest of the interwebs, aflame with the news that the deadline for sandboxing store-delivered apps is further away than it used to be, but still too close … Continue reading →