Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

Making computing exciting

Posted on 2011-07-01 by Graham

Over the last couple of years, I have visited three different museums of computing. NSBBQ in 2009 and 2010 visited the National Museum of Computing at Bletchley Park and the Museum of Computing in Swindon respectively. At this year’s WWDC … Continue reading →

Posted in Uncategorized | 4 Comments

On what Marcus said

Posted on 2011-06-05 by Graham

This post is a response to Why so serious? over at Cocoa is my Girlfriend. Read that. Welcome back. OK, so firstly let’s talk about that damned carousel. Kudos to the developer who wrote a nice smoothly scrolling layer-backed image … Continue reading →

Posted in code-level, iDeveloper.TV, iPad, software-engineering | 1 Comment

On BizSpark

Posted on 2011-05-27 by Graham

You’ll remember that recently I reviewed Windows Phone 7 Mango from the perspective of an iOS guy, and actually came back pretty impressed with it. You’ll also remember that through my company, Fuzzy Aliens Ltd, I offer app security services … Continue reading →

Posted in Business, WinPhone | 9 Comments

A Cupertino Yankee in the Court of King Ballmer

Posted on 2011-05-25 by Graham

This post summarises my opinions of Windows Phone 7 from the Microsoft Tech Day I went to yesterday. There’s a new version of Windows Phone 7 (codenamed Mango) due out in the Autumn, but at the Tech Day the descriptions … Continue reading →

Posted in Business, iPad, iPhone, Mac, tool-support, WebObjects, WinPhone | 1 Comment

On the top 5 iOS appsec issues

Posted on 2011-05-20 by Graham

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading →

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

“Patently” secure

Posted on 2011-05-18 by Graham

One thing that occasionally becomes interesting about working in security is that doing security and managing business have a great deal of overlap. This makes a lot of sense: a business wants to be profitable, and profit is a reward … Continue reading →

Posted in Business, IANAL | Comments Off

On adopting testing, and CocoaDojos

Posted on 2011-05-12 by Graham

In episode 18 of iDeveloper.TV Live I was discussing test-driven development with Scotty and John. I suggested that a great way to get started with TDD was to start adopting it in baby steps in your code. Got a bug … Continue reading →

Posted in code-level, iDeveloper.TV, software-engineering, TDD | 4 Comments

On platform-specific strategies

Posted on 2011-05-07 by Graham

I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading →

Posted in code-level, iPad, iPhone, Mac, software-engineering | 2 Comments

Storing and testing credentials: Cocoa Touch Edition

Posted on 2011-04-29 by Graham

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading →

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

On cryptographic file storage

Posted on 2011-04-22 by Graham

In Chapter 3 of Professional Cocoa Application Security, I talk about using CommonCrypto to encrypt files stored on either Mac or iOS file systems. In Chapter 4, I talk about using CommonCrypto to generate Hashed Message Authentication Codes (HMACs) to … Continue reading →

Posted in code-level, Crypto | Leave a comment