APPropriate Behaviour
The book about all the things software writers do that aren't writing software.
FSF
Category Archives: code-level
On the Mac App Store
I’ve just come off iDeveloper.TV Live with Scotty and John, where we were talking about the Mac app store. I had some material prepared about the security side of the app store that we didn’t get on to – here’s … Continue reading
Posted in AAPL, Business, code-level, Encryption, government, iDeveloper.TV, Mac, Policy, Talk
1 Comment
On how to get crypto wrong
I’ve said time and time again: don’t write your own encryption algorithm. Once you’ve chosen an existing algorithm, don’t write your own implementation. Today I had to look at an encryption library that had been developed to store some files … Continue reading
Posted in code-level, Crypto, Encryption
1 Comment
A site for discussing app security
There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading
Posted in code-level, Policy, Privacy, Talk, threatmodel
Leave a comment
On Fuzzy Aliens
I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading
Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel
Leave a comment
What do you think of this?
I’m interested to find out what us Cocoa developers (alright, I know my opinion already) think of the following distinction between Foundation and, well any other object-oriented foundation library. The distinction is this. In many libraries, compound objects (not only … Continue reading
Posted in code-level, software-engineering
2 Comments
An example of unit testing working for me
Some specific feedback I was given regarding my unit testing talk at VTM: iPhone fall conference was that the talk was short on real-world application of unit testing. That statement is definitely true, and it’s unfortunate that I didn’t meet … Continue reading
Posted in code-level, iPad, iPhone, Mac, software-engineering, TDD, tool-support, VTM
1 Comment
On voices that matter
In October I’ll be in Philadelphia, PA talking at Voices That Matter: Fall iPhone Developers’ Conference. I’m looking forward to meeting some old friends and new faces, and sucking up a little more of that energy and enthusiasm that pervades … Continue reading
Posted in code-level, iPad, iPhone, Talk, threatmodel, tool-support
Leave a comment
On private methods
Let’s invent a hypothetical situation. You’re the software architect for an Objective-C application framework at a large company. This framework is used by many thousands of developers to create all sorts of applications for a particular platform. However, you have … Continue reading
Posted in code-level, iPad, iPhone, Mac, PCAS, software-engineering
Leave a comment
On authorization proxy objects
Authorization Services is quite a nice way to build in discretionary access controls to a Mac application. There’s a whole chapter in Professional Cocoa Application Security (Chapter 6) dedicated to the topic, if you’re interested in how it works. The … Continue reading
Posted in Authorization, code-level, Mac, PCAS, software-engineering
Comments Off on On authorization proxy objects
NSConference MINI videos available
During WWDC week I talked at NSConference MINI, a one-day conference organised by Scotty and the MDN. The videos are now available: free to attendees, or $50 for all 10 for non-attendees. My own talk was on extending the Clang … Continue reading
Posted in code-level, NSConf, software-engineering, tool-support
Leave a comment
