Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

On Timeless Programming Books

Posted on 2011-01-26 by Graham

Recently, the Dog Spanner wrote about Programming With Quartz, a book written at the tail end of 2005 but which is still useful to Mac developers everywhere. I have to agree, this book is still on my shelf and gets … Continue reading →

Posted in books, Mac | 1 Comment

On the broken(?) Mac App Store

Posted on 2011-01-07 by Graham

A day after the Mac App Store was launched, people are reporting that it has been cracked. There are two separate stories here, a vapourware circumvention of the FairPlay DRM used to generate the receipts and a report that certain … Continue reading →

Posted in Business, Crypto, Encryption, Mac, Vulnerability | 1 Comment

Protecting source code

Posted on 2010-12-15 by Graham

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading →

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments

On the Mac App Store

Posted on 2010-12-13 by Graham

I’ve just come off iDeveloper.TV Live with Scotty and John, where we were talking about the Mac app store. I had some material prepared about the security side of the app store that we didn’t get on to – here’s … Continue reading →

Posted in AAPL, Business, code-level, Encryption, government, iDeveloper.TV, Mac, Policy, Talk | 1 Comment

Did the UK create a new kind of “Crypto Mule”?

Posted on 2010-12-08 by Graham

It’s almost always the case that a new or changed law means that there is a new kind of criminal, because there is by definition a way to contravene the new law. However, when the law allows the real criminals … Continue reading →

Posted in Crypto, IANAL | 1 Comment

On how to get crypto wrong

Posted on 2010-12-07 by Graham

I’ve said time and time again: don’t write your own encryption algorithm. Once you’ve chosen an existing algorithm, don’t write your own implementation. Today I had to look at an encryption library that had been developed to store some files … Continue reading →

Posted in code-level, Crypto, Encryption | 1 Comment

A site for discussing app security

Posted on 2010-12-04 by Graham

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading →

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

Posted on 2010-12-03 by Graham

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading →

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment

On secrets

Posted on 2010-11-29 by Graham

Secrets are hard. Especially in the digital domain, but we can see examples in other environments too. Let’s take a look at a couple of historical examples. It used to be the case that all of Britain’s diplomatic traffic was … Continue reading →

Posted in Uncategorized | Leave a comment

On utilities

Posted on 2010-11-24 by Graham

When I worked on an antivirus application, we used to have a joke in our team that we’d choose which one of us would accept the Apple Design Award for our product. Not that we weren’t striving for ADA-quality work; … Continue reading →

Posted in Uncategorized | Tagged antivirus | 1 Comment