APPropriate Behaviour
The book about all the things software writers do that aren't writing software.
FSF
Author Archives: Graham
A Cupertino Yankee in the Court of King Ballmer
This post summarises my opinions of Windows Phone 7 from the Microsoft Tech Day I went to yesterday. There’s a new version of Windows Phone 7 (codenamed Mango) due out in the Autumn, but at the Tech Day the descriptions … Continue reading
Posted in Business, iPad, iPhone, Mac, tool-support, WebObjects, WinPhone
1 Comment
On the top 5 iOS appsec issues
Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading
Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability
2 Comments
“Patently” secure
One thing that occasionally becomes interesting about working in security is that doing security and managing business have a great deal of overlap. This makes a lot of sense: a business wants to be profitable, and profit is a reward … Continue reading
On adopting testing, and CocoaDojos
In episode 18 of iDeveloper.TV Live I was discussing test-driven development with Scotty and John. I suggested that a great way to get started with TDD was to start adopting it in baby steps in your code. Got a bug … Continue reading
Posted in code-level, iDeveloper.TV, software-engineering, TDD
4 Comments
On platform-specific strategies
I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading
Posted in code-level, iPad, iPhone, Mac, software-engineering
2 Comments
Storing and testing credentials: Cocoa Touch Edition
This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading
Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS
7 Comments
On cryptographic file storage
In Chapter 3 of Professional Cocoa Application Security, I talk about using CommonCrypto to encrypt files stored on either Mac or iOS file systems. In Chapter 4, I talk about using CommonCrypto to generate Hashed Message Authentication Codes (HMACs) to … Continue reading
Posted in code-level, Crypto
Leave a comment
Categories will bite you
What I wanted to do was this: + (void)load { Method foo = class_getInstanceMethod(self, @selector(foo)); Method newFoo = class_getInstanceMethod(self, @selector(FZA_swizzleFoo)); method_exchangeImplementations(foo, newFoo); } However, my tests wouldn’t work when I did that. It turns out that for some reason +load … Continue reading
Posted in Uncategorized
2 Comments
On internal quality
I was asked by attendees at my VTM talk on test-driven development a small collection of questions on a similar theme, which I’ll summarise here. How do I do TDD when my boss doesn’t want me to? What do I … Continue reading
Posted in Business, code-level, Responsibility, software-engineering, Talk, TDD, VTM
6 Comments
A first look at appCode, and the future of Cocoa IDEs?
It’s been almost a full rotation of this great rock about its axis since JetBrains announced the start of its appCode Early Access Program. appCode is an Integrated Development Environment, just the same as Xcode. Just like Xcode, appCode works … Continue reading
Posted in code-level, tool-support
8 Comments
