Category Archives: code-level

On what Marcus said

Posted on 2011-06-05 by Graham

This post is a response to Why so serious? over at Cocoa is my Girlfriend. Read that. Welcome back. OK, so firstly let’s talk about that damned carousel. Kudos to the developer who wrote a nice smoothly scrolling layer-backed image … Continue reading →

Posted in code-level, iDeveloper.TV, iPad, software-engineering | 1 Comment

On the top 5 iOS appsec issues

Posted on 2011-05-20 by Graham

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading →

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

On adopting testing, and CocoaDojos

Posted on 2011-05-12 by Graham

In episode 18 of iDeveloper.TV Live I was discussing test-driven development with Scotty and John. I suggested that a great way to get started with TDD was to start adopting it in baby steps in your code. Got a bug … Continue reading →

Posted in code-level, iDeveloper.TV, software-engineering, TDD | 4 Comments

On platform-specific strategies

Posted on 2011-05-07 by Graham

I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading →

Posted in code-level, iPad, iPhone, Mac, software-engineering | 2 Comments

Storing and testing credentials: Cocoa Touch Edition

Posted on 2011-04-29 by Graham

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading →

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

On cryptographic file storage

Posted on 2011-04-22 by Graham

In Chapter 3 of Professional Cocoa Application Security, I talk about using CommonCrypto to encrypt files stored on either Mac or iOS file systems. In Chapter 4, I talk about using CommonCrypto to generate Hashed Message Authentication Codes (HMACs) to … Continue reading →

Posted in code-level, Crypto | Leave a comment

On internal quality

Posted on 2011-04-10 by Graham

I was asked by attendees at my VTM talk on test-driven development a small collection of questions on a similar theme, which I’ll summarise here. How do I do TDD when my boss doesn’t want me to? What do I … Continue reading →

Posted in Business, code-level, Responsibility, software-engineering, Talk, TDD, VTM | 6 Comments

A first look at appCode, and the future of Cocoa IDEs?

Posted on 2011-04-06 by Graham

It’s been almost a full rotation of this great rock about its axis since JetBrains announced the start of its appCode Early Access Program. appCode is an Integrated Development Environment, just the same as Xcode. Just like Xcode, appCode works … Continue reading →

Posted in code-level, tool-support | 8 Comments

On counting numbers

Posted on 2011-03-26 by Graham

While we were at NSConference, Alistair Houghton told me that he was working on static NSNumbers in clang. I soon thought: wouldn’t it be nice to have code like this? for (NSNumber *i in [@10 times]) { /* … */ … Continue reading →

Posted in code-level, Foundation | Leave a comment

Protecting source code

Posted on 2010-12-15 by Graham

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading →

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments