Structure and Interpretation of Computer Programmers

I make it easier and faster for you to write high-quality software.

Wednesday, June 3, 2009

Follow-up-and-slightly-over on safety/security

The one thing which makes this a less-than-standard follow-up is that the original was not posted here, but over on paranym Graham Cluley’s blog. I originally wrote about the (fictitious) difference between safety and security. For those who didn’t clickety the linkelode, I wrote that Jon Gruber’s distinction between safety and security was just a neat lexical game to sidestep popular Mac-press opinion. I also wrote that I wanted to cover the original article, Snow Leopard security is all relative. Well, now I shall.

So Dennis Fisher argues that “very few users will switch to a Mac or from a Mac because of security”…”But if Snow Leopard turns out to be a major security upgrade over the current versions, that’s an important step for Apple and its customers.” I’m not sure I agree there. As far as I can see, the fundamental place where Fisher and I start to disagree is on what value security marketing has.

I infer from the article that Fisher takes security marketing to be a zero-sum game between the competitors: every time Apple wins, Microsoft necessarily loses: Microsoft have “out-secured” Apple and it’s up to Apple to “out-secure” them back. I believe that many consumers consider security as a “hygiene factor”; invisible most of the time, but unacceptable when it becomes an issue. That would make it hard to market a secure OS, but impossible to sell an insecure one. An important distinction, let me explain. People will not consider security as a factor in any product which seems secure enough, but will not touch any product which does not seem secure enough. Therefore a loss for any one company pulls its rep down with respect to the competitors, but there isn’t really any such thing as a security marketing “win”.

Where does that leave Apple? Well, a “major security upgrade” could go in one of two directions. Either it means moving from 0 concern over Mac security to a smaller value of 0 concern; or it could lead people to think that there were some security holes in Leopard that Apple decided not to tell us about and patched up in Snow Leopard. It seems to me that there is, at best, no value in marketing based on the security posture of the OS (though security features are, admittedly, different), however there certainly is value in improving the security posture to avoid the negative market perception of vulnerabilities. There is also value in responding openly and quickly to security issues to stem the rep bleeding any problem would cause.

Knowing Apple, though, they’ll find the other way; the way of making security posture a winnable marketing game and winning that game.

Fisher’s article states that the real question “is whether Snow Leopard will be more secure than the current version of OS X” – whereas for the moment the real question is whether Snow Leopard will continue to be secure enough.

posted by Graham Lee at 23:17  

Monday, December 22, 2008

Cocoa Memory Management

It becomes evident, thanks to the mass centralisation of the neverending september effect that is stackoverflow, that despite the large number of electrons expended on documenting the retain/release/autorelease reference counting mechanism for managing memory in Cocoa, Cocoa Touch, UIKit, AppKit, Foundation, GNUstep, Cocotron and Objective-C code, very few people are reading that. My purpose in this post is not to re-state anything which has already been said. My purpose is to aggregate information I’ve found on the topic of managing memory in Cocoa, so I can quote this post in answers to questions like these.

In fact, I’ve already answered this question myself, as How does reference counting work? As mentioned in the FAQ, I actually answered the question “how do I manage object lifecycles in (Cocoa|GNUstep|Cocotron)”? It’s actually a very violently distilled discussion, so it’s definitely worth checking out the references (sorry) below.

Apple have a very good, and complete, Memory Management Programming Guide for Cocoa. They also provide a Garbage Collection Programming Guide; remember that Objective-C garbage collection is opt-in on 10.5 and above (and unavailable on iPhone OS or earlier versions of Mac OS X). GNUsteppers reading along should remember that the garbage collector available with the GNU objc runtime is entirely unlike the collector documented in Apple’s guide. GNUstep documentation contains a similar guide to memory management, as well as going into more depth about memory allocation and zones. Apple will also tell you how objects in NIBs are managed.

The article which gave me my personal eureka moment was Hold Me, Use Me, Free Me by Don Yacktman. Stepwise has another article, very simple rules for memory management in Cocoa by mmalc, which is a good introduction though with one caveat. While the table of memory management methods at the top of the article are indeed accurate, they might give you the impression that keeping track of the retain count is what you’re supposed to be doing. It’s not :). What you’re supposed to be doing is balancing your own use of the methods for any given object, as described in rules 1 and 2 of “Retention Count rules” just below that table.

James Duncan Davidson’s book “Learning Cocoa with Objective-C” has not been updated in donkey’s years, but its section on memory management is quite good, especially the diagrams and the “rules of thumb” summary. Luckily, that section on memory management is the free sample on O’Reilly’s website.

If reading the theoretical stuff is all a bit too dry, the Mac Developer Network have a rather comprehensive memory management training video which is $9.99 for non-MDN members and free for paid-up members.

Finally, Chris Hanson has written a good article on interactions between Cocoa memory management and objc-exceptions; if you’re using exceptions this is a good discussion of the caveats you might meet.

posted by Graham Lee at 13:34  

Monday, September 1, 2008

A better bit o’ twitter than the bitter twitter Tommy Titter bought

Just because everyone these days writes a Twitter client:

This was actually a quick hack project to make up for the fact that I missed CocoaHeads tonight (due to a combination of an uninteresting phone call, and a decision to recover from the phone call by using the rest of my petrol tank). Really just an excuse to play with some APIs (the tweets are grabbed by the controller using NSURLConnection, then some NSXML/XPath extracts the useful information (or not, it is Twitter after all) and puts it into the model), there are many things which need to happen before this is at all a useful Twitter client; the ability to write back, nicer formatting are just the starters. Shiny Core Animation twitting ought to happen.

Still, not bad for two hours I think.

posted by Graham Lee at 22:26  

Monday, June 16, 2008

Local KDC on Leopard

via Nigel Kersten, a great description of the operation of Leopard’s built-in local KDC. I think the most exciting thing about the local KDC is the Bonjour support; could we see simple cross-system trust in the near future? Could there be someone in the world who can actually make Kerberos simple?

posted by Graham Lee at 21:28  

Monday, June 9, 2008

WWDC part 0

well, here it is, the pre-WWDC “I’m jetlagged so you have to put up with my wittering” post. I’m just waiting for a softwareupdate to finish so that I can go out with my camera, taking some early-morning pictures before heading off to stand in line for the Stevenote. I was out for beers with Ian and Neil last night, we’d all heard rumours of a 5 a.m. start to the queue. On the two previous occasions that I’ve been, 9 a.m. has been sufficient; but with the sellout nature of the event it’s likely that the room will fill up rather quickly so we’ve compromised on a 7 a.m. start. Actually, forget the 5 a.m. nonsense, there’s a line of overnight campers – I can’t decide whether they’re deliberately trying to re-enact a Joy of Tech cartoon, or actually have nothing to do with their lives.

posted by Graham Lee at 12:42  

Sunday, March 23, 2008

Broke track mounting

For some reason, CDs occasionally don’t automount for me on my iMac. Luckily that’s easy to work around:
kalevala:~ leeg$ diskutil list
0: CD_partition_scheme Audio CD *620.3 Mi disk3
kalevala:~ leeg$ diskutil mountDisk disk3
Volume(s) mounted successfully

Job is, as they say, a good ‘un.

posted by Graham Lee at 10:53  

Monday, October 29, 2007

Verify your backups

Apple shipped Mac OS X 10.5 this weekend, and three of the features are Time Machine, dtrace, and improved CHUD tools. Time Machine, dtrace, CHUD tools. iPod, mobile phone, web browser. Time Machine, dtrace, CHUD tools.

To spell that out in long hand, it’s very easy now to see how various features in the Operating System behave. And in the case of Time Machine, we see that it walks through the source file system, copying the files to the destination. When I last gave a talk to OxMUG on the subject of data availability, it was interesting to notice how the people who had smugly put their hands up to indicate that they performed regular backups became crestfallen when I asked the second question: and how many of you have tested that backup in the last month?

Time Machine is no different in this regard. It makes copies of files, and that’s all it does. It doesn’t check that what it wrote at the other end matches what it saw in the first place, just like most other backup software doesn’t. If the Carbon library reports that a file was successfully written to the destination, then it happily carries on to the next file. Just like any other backup software, you need to satisfy yourself that the backup Time Machine created is actually useful for some purpose.

posted by Graham Lee at 20:04  

Wednesday, June 13, 2007

Apple and Google sitting in a tree, f-i-g-h…erm…t-i-ng

This really came out of a throwaway comment I made on Daniel, but it seems popular to pick apart every last iota of Steveness from the WWDC keynote, and I’m nothing if not popular. So here we go.

What is WebClip? In fact, that’s not really the question I want to be asking. We know what WebClip is; it’s a technology which lets users see only the bits of web pages that those users want to see. The real question is what does that mean? Well, I know which bits of a web page I usually want to see; they’re the bits which aren’t adverts.

I’m going to go out on a bit of a limb, and guess that the way WebClip works (I’m not a WWDC bod so I don’t have any more access to the new stuff than anyone else; in fact I haven’t even downloaded the Safari 3 beta) is by observing which DOM elements are within the clipped region, and downloading only media relevant to those elements. If that’s the case, then you can ignore the fact that the ads on the page don’t get seen; they don’t even get downloaded. Therefore if I’m reading, say, the Dilbert strip in a WebClip, I’m effectively getting free Dilbert, even more free than the free website because I’m not upping their ad impression count.

One thing I noticed about the various sites that Steve clipped is that as far as I can remember, none of them features ‘Ads by Google’. It would be quite embarrassing for Apple’s CEO to demonstrate how to reduce revenue for one of Apple’s most prominent board members in a world-broadcast keynote talk. As over 99% of Google’s revenue is from online ads, and Eric Schmidt (CEO of Google) is on the Apple board, that is exactly what Steve was showing us, though. There’ll be a doughnut fight back at Infinite Loop over that, I expect.

posted by Graham Lee at 23:38  

Powered by WordPress