Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

What do you think of this?

Posted on 2010-10-23 by Graham

I’m interested to find out what us Cocoa developers (alright, I know my opinion already) think of the following distinction between Foundation and, well any other object-oriented foundation library. The distinction is this. In many libraries, compound objects (not only … Continue reading →

Posted in code-level, software-engineering | 2 Comments

An example of unit testing working for me

Posted on 2010-10-18 by Graham

Some specific feedback I was given regarding my unit testing talk at VTM: iPhone fall conference was that the talk was short on real-world application of unit testing. That statement is definitely true, and it’s unfortunate that I didn’t meet … Continue reading →

Posted in code-level, iPad, iPhone, Mac, software-engineering, TDD, tool-support, VTM | 1 Comment

On Ignoring the Tests

Posted on 2010-10-12 by Graham

As mentioned over two months ago, I’ll be giving two talks this weekend at the Voices That Matter: iPhone Developers Fall conference. I’m feeling good about both of the talks that I’ve worked on, though I definitely think the Unit … Continue reading →

Posted in Uncategorized | Leave a comment

On documentation

Posted on 2010-10-05 by Graham

Over at the daily WTF, Alex Papadimoulis writes about Documentation Done Right. His conclusion is spot on: The immediate answer to what’s the right way to do documentation is clear: produce the least amount of documentation needed to facilitate the … Continue reading →

Posted in software-engineering, tool-support | Comments Off

YOUR development team needs security engineers

Posted on 2010-09-16 by Graham

It can definitely be tempting if your engineers don’t have a whole lot of security expertise to get a consultant in. Indeed this can be a great way to bootstrap a security process, however it then needs to be owned … Continue reading →

Posted in Uncategorized | Leave a comment

On McAfee

Posted on 2010-08-19 by Graham

Today, Apple’s CPU/motherboard supplier Intel announced that it will acquire McAfee, in a deal worth nearly $7.7B. While this is definitely big bucks, it doesn’t seem like terrifically big security news. Intel probably don’t want the technology. McAfee is the … Continue reading →

Posted in Uncategorized | Tagged Business | Leave a comment

On voices that matter

Posted on 2010-08-18 by Graham

In October I’ll be in Philadelphia, PA talking at Voices That Matter: Fall iPhone Developers’ Conference. I’m looking forward to meeting some old friends and new faces, and sucking up a little more of that energy and enthusiasm that pervades … Continue reading →

Posted in code-level, iPad, iPhone, Talk, threatmodel, tool-support | Leave a comment

On stopping service management abuse

Posted on 2010-07-26 by Graham

In chapter 2 of their book The Mac Hacker’s Handbook (is there only one Mac hacker?), Charlie Miller and Dino Dai Zovi note that an attacker playing with a sandboxed process could break out of the sandbox via launchd. The … Continue reading →

Posted in launchd, Mac, sandbox | Comments Off

On private methods

Posted on 2010-07-20 by Graham

Let’s invent a hypothetical situation. You’re the software architect for an Objective-C application framework at a large company. This framework is used by many thousands of developers to create all sorts of applications for a particular platform. However, you have … Continue reading →

Posted in code-level, iPad, iPhone, Mac, PCAS, software-engineering | Leave a comment

On authorization proxy objects

Posted on 2010-07-19 by Graham

Authorization Services is quite a nice way to build in discretionary access controls to a Mac application. There’s a whole chapter in Professional Cocoa Application Security (Chapter 6) dedicated to the topic, if you’re interested in how it works. The … Continue reading →

Posted in Authorization, code-level, Mac, PCAS, software-engineering | Comments Off