APPropriate Behaviour
The book about all the things software writers do that aren't writing software.
FSF
Author Archives: Graham
On stopping service management abuse
In chapter 2 of their book The Mac Hacker’s Handbook (is there only one Mac hacker?), Charlie Miller and Dino Dai Zovi note that an attacker playing with a sandboxed process could break out of the sandbox via launchd. The … Continue reading
On private methods
Let’s invent a hypothetical situation. You’re the software architect for an Objective-C application framework at a large company. This framework is used by many thousands of developers to create all sorts of applications for a particular platform. However, you have … Continue reading
Posted in code-level, iPad, iPhone, Mac, PCAS, software-engineering
Leave a comment
On authorization proxy objects
Authorization Services is quite a nice way to build in discretionary access controls to a Mac application. There’s a whole chapter in Professional Cocoa Application Security (Chapter 6) dedicated to the topic, if you’re interested in how it works. The … Continue reading
Posted in Authorization, code-level, Mac, PCAS, software-engineering
Comments Off on On authorization proxy objects
NSConference MINI videos available
During WWDC week I talked at NSConference MINI, a one-day conference organised by Scotty and the MDN. The videos are now available: free to attendees, or $50 for all 10 for non-attendees. My own talk was on extending the Clang … Continue reading
Posted in code-level, NSConf, software-engineering, tool-support
Leave a comment
On Trashing
Back in the 1980s and 1990s, people who wanted to clandestinely gain information about a company or organisation would go trashing.[*] That just meant diving in the bins to find information about the company structure – who worked there, who … Continue reading
Posted in Business, Data Leakage, Policy, Twitter
Leave a comment
On detecting God Classes
Opinion on Twitter was divided when I suggested the following static analyser behaviour: report on any class that conforms to too many protocols. Firstly, a warning: “too many” is highly contextual. Almost all objects implement NSObject and you couldn’t do … Continue reading
Posted in code-level, iPad, iPhone, Mac, software-engineering, tool-support
Leave a comment
On Fitt’s Law and Security
…eh? Don’t worry, read on and all shall be explained. I’ve said in multiple talks and podcasts before that one key to good security is good user interface design. If users are comfortable performing their tasks, and your application is … Continue reading
Posted in iPad, iPhone, Mac, threatmodel, UI, user-error
1 Comment
Using Aspect-Oriented Programming for Security Engineering
This paper by Kotrappa Sirbi and Prakash Jayanth Kulkarni (link goes to HTML abstract, full text PDF is free) discusses implementation of an application’s security requirements in Java using Aspect-Oriented Programming (AOP). We have AOP for Objective-C (of sorts), but … Continue reading
Posted in code-level, software-engineering, tool-support
Leave a comment
A solution in need of a problem
I don’t usually do product reviews, in fact I have been asked a few times to accept a free product in return for a review and have turned them all down. This is just such an outré product that I … Continue reading
Posted in Data Leakage
Leave a comment
Template class for unit testing Core Data entities
Some time ago, in a blog far, far, away, I wrote about unit-testing Core Data. Essentially, your test case class should create a temporary, in-memory Core Data stack in -setUp, and clean it up in -tearDown. Your test methods can … Continue reading
Posted in CoreData, software-engineering, tool-support
Leave a comment
