Structure and Interpretation of Computer Programmers

I make it easier and faster for you to write high-quality software.

Friday, January 1, 2010

CocoaHeads Swindon, January and February

The next CocoaHeads Swindon will take place on 4th January, at the Glue Pot in Swindon. Get here at 8 for some NSChitChat with your (well, my) local Mac developer community.

There is no February meeting of Swindon CocoaHeads, on account of NSConference Europe taking place in Reading on that weekend. So buy your NSConference ticket and come along to say hi!

posted by Graham Lee at 14:15  

Saturday, September 5, 2009

CocoaHeads Swindon is this Monday!

The town of Swindon in the Kingsbridge hundred, Wiltshire is famous for two things. The first is the Wilts and Berks Canal, linking the Kennet and Avon at Trowbridge with the Thames at Abingdon. Authorised by act of parliament in 1775, the canal first passed through the town in 1804 and allowed an explosion in both the industrial and residential capacity of the hitherto quiet market cheaping.

The second is, of course, the local CocoaHeads chapter. Founded by act of Scotty in 2007, Swindon CocoaHeads quickly brought about a revolution in the teaching and discussion of Mac and iPhone development in the South-West, its influence being felt as far away as Swansea to the West and London to the East. Unlike the W&B canal, Swindon CocoaHeads is still thriving to this day. On Monday, 7th September at 20:00 there will be another of the chapter’s monthly meetings, in the Glue Pot pub near the train station. Here, Pieter Omvlee will be leading a talk on ImageKit, and the usual combination of beer and Cocoa chat will also be on show. As always, the CocoaHeads website contains the details.

posted by Graham Lee at 09:53  

Thursday, August 27, 2009

Indie app milestones part one

In the precious and scarce spare time I have around my regular contracting endeavours, I’ve been working on my first indie app. It reached an important stage in development today; the first time where I could show somebody who doesn’t know what I’m up to the UI and they instinctively knew what the app was for. That’s not to say that the app is all shiny and delicious; it’s entirely fabricated from standard controls. Standard controls I (personally) don’t mind so much. However the GUI will need quite a bit more work before the app is at its most intuitive and before I post any teaser screenshots. Still, let’s see how I got here.

The app is very much a “scratching my own itch” endeavour. I tooled around with a few ideas for apps while sat in a coffee shop, but one of them jumped out as something I’d use frequently. If I’ll use it, then hopefully somebody else will!

So I know what this app is, but what does it do? Something I’d bumped into before in software engineering was the concept of a User Story: a testable, brief description of something which will add value to the app. I broke out the index cards and wrote a single sentence on each, describing something the user will be able to do once the user story is added to the app. I’ve got no idea whether I have been complete, exhaustive or accurate in defining these user stories. If I need to change, add or remove any user stories I can easily do that when I decide that it’s necessary. I don’t need to know now a complete roadmap of the application for the next five years.

As an aside, people working on larger teams than my one-man affair may need to estimate how much effort will be needed on their projects and track progress against their estimates. User stories are great for this, because each is small enough to make real progress on in short time, each represents a discrete and (preferably) independent useful addition to the app and so the app is ready to ship any time an integer number of these user stories is complete on a branch. All of this means that it shouldn’t be too hard to get the estimate for a user story roughly correct (unlike big up-front planning, which I don’t think I’ve ever seen succeed), that previous complete user stories can help improve estimates on future stories and that even an error of +/- a few stories means you’ve got something of value to give to the customer.

So, back with me, and I’ve written down an important number of user stories; the number I thought of before I gave up :-). If there are any more they obviously don’t jump out at me as a potential user, so I should find them when other people start looking at the app or as I continue using/testing the thing. I eventually came up with 17 user stories, of which 3 are not directly related to the goal of the app (“the user can purchase the app” being one of them). That’s a lot of user stories!

If anything it’s too many stories. If I developed all of those before I shipped, then I’d spend lots of time on niche features before even finding out how useful the real world finds the basic things. I split the stories into two piles; the ones which are absolutely necessary for a preview release, and the ones which can come later. I don’t yet care how late “later” is; they could be in 1.0, a point release or a paid upgrade. As I haven’t even got to the first beta yet that’s immaterial, I just know that they don’t need to be now. There are four stories that do need to be now.

So, I’ve started implementing these stories. For the first one I went to a small whiteboard and sketched UI mock-ups. In fact, I came up with four. I then set about finding out whether other apps have similar UI and how they’ve presented it, to choose one of these mock-ups. Following advice from the world according to Gemmell I took photos of the whiteboard at each important stage to act as a design log – I’m also keeping screenshots of the app as I go. Then it’s over to Xcode!

So a few iterations of whiteboard/Interface Builder/Xcode later and I have two of my four “must-have” stories completed, and already somebody who has seen the app knows what it’s about. With any luck (and the next time I snatch any spare time) it won’t take long to have the four stories complete, at which point I can start the private beta to find out where to go next. Oh, and what is the app? I’ll tell you soon…

posted by Graham Lee at 00:44  

Tuesday, July 14, 2009

NSConference videos

Scotty and the gang have been getting the NSConference videos out to the public lately, and now sessions 7-9 are available including my own session on security. The videos are really high quality, I’m impressed by the postproduction that’s gone in and of course each of the sessions I watched at the conference has some great information and has been well-presented. All of the videos are available here.

I’ve also put the slides for my presentation up over on slideshare.

posted by Graham Lee at 23:20  

Tuesday, April 21, 2009

Did you miss my NSConference talk?

The annotated presentation slides are now available to download in Keynote ’08 format! Sorry you couldn’t make it, and I hope the slides are a reasonable proxy for the real thing.

posted by Graham Lee at 20:40  

Sunday, April 19, 2009

On default keychain settings

After my presentation at NSConference there was a discussion of default settings for the login keychain. I mentioned that I had previously recommended some keychain configuration changes including using a different password than your login password. Default behaviour is that any application can add a secure item to the keychain, and the app that did the adding is allowed to read and modify the entry without any user interaction. As Mike Lee added, all other apps will trigger a user dialogue when they try to do so – the user doesn’t then need to authenticate but does have to approve the action.

That almost – but not quite – solves the issue of a trojan horse attempting to access the secure password. Sure, a trojan application can’t get at it without asking the user. What about other trojan code? How about a malicious SIMBL hijack or a bundle loaded with mach_override? It should be possible to mitigate those circumstances by using custom code signing requirements, but that’s not exactly well documented, and it’s not really good usability for an app to just die on its arse because the developer doesn’t like the other software their user has.

There’s a similar, related situation – what if the app has a flawed design allowing it to retrieve a keychain item when it doesn’t need it? Sounds like something which could be hard to demonstrate and harder to use, until we remember that some applications have “the internet” as their set of input data. Using a web browser as an example, but remembering that I have no reason to believe whether Safari, Camino or any other browser is designed in such a way, imagine that the user has stored an internet password. Now all that the configuration settings on the user’s Mac can achieve is to stop other applications from accessing the item. If that browser is itself subject to a “cross-site credentials request” flaw, where an attacking site can trick the browser into believing that a login form (or perhaps an HTTP 401 response, though that would be harder) comes from a victim site, then that attacker will be able to retrieve the victim password from the keychain without setting off any alarms with the user.

If the user had, rather than accepting the default keychain settings, chosen to require a password to unlock the keychain, then the user would at least have the chance to inspect the state of the browser at the time the request is made. OK, it would be better to do the right thing without involving the user, but it is at least a better set of circumstances than the default.

posted by Graham Lee at 17:00  

Friday, April 17, 2009

NSConference: the aftermath

So, that’s that then, the first ever NSConference is over. But what a conference! Every session was informative, edumacational and above all enjoyable, including the final session where (and I hate to crow about this) the “American” team, who had a working and well-constructed Core Data based app, were soundly thrashed by the “European” team who had a nob joke and a flashlight app. Seriously, we finally found a reason for doing an iPhone flashlight! Top banana. I met loads of cool people, got to present with some top Cocoa developers (why Scotty got me in from the second division I’ll never know, but I’m very grateful) and really did have a good time talking with everyone and learning new Cocoa skills.

It seems that my presentation and my Xcode top tip[] went down really well, so thanks to all the attendees for being a great audience, asking thoughtful and challenging questions and being really supportive. It’s been a couple of years since I’ve spoken to a sizable conference crowd, and I felt like everyone was on my side and wanted the talk – and indeed the whole conference – to be a success.

So yes, thanks to Scotty and Tim, Dave and Ben, and to all the speakers and attendees for such a fantastic conference. I’m already looking forward to next year’s conference, and slightly saddened by having to come back to the real world over the weekend. I’ll annotate my Keynote presentation and upload it when I can.

[] Xcode “Run Shell Script” build phases get stored on one line in the project.pbxproj file, with all the line breaks replaced by n. That sucks for version control because any changes by two devs result in a conflict over the whole script. So, have your build phase call an external .sh file where you really keep the shell script. Environment variables will still be available, and now you can work with SCM too :-).

posted by Graham Lee at 18:16  

Thursday, January 1, 2009

What’s new in 2009

Of course, it’s a bit early for a retrospective of 2008, besides which I’ve already written 73 entries this year, my most prolific year to date on iamleeg. And that doesn’t count numerous tweets, stack overflow contributions and of course the occasional piece of source code here or there for some security company. As the noise of fireworks and exploding media players sounds across the world, it’s time to pre-emptively ditch 2008 and see what we can expect from 2009. Specifically, what you can expect from me.

It looks to me like the most popular pieces on this blog are the opinions and how-tos regarding Cocoa development, particularly my thoughts on properties and Cocoa memory management round-up. Don’t worry, there’s definitely more of this coming. As well as preparing for this Mac Developer Network conference talk I’ve been discussing recently, I’ve got another exciting – and unfortunately secret – project on the go now which should see plenty of collateral blog posting in the first half of the next year, all about Cocoa development. There’ll also be a bit more of an iPhone mix-in; obviously for much of last year the SDK either didn’t exist or was under non-disclosure, but now I’ve got more reasons to be using Cocoa Touch it will also be mentioned on here. I shall also be delving a bit deeper into Darwin and xnu than I have in previous times.

One example of Cocoa-related information is meetup announcements; I’m still involved in the local CocoaHeads chapter and I’ll endeavour to post an advance warning for each meeting here. I know many of my readers are in the States but a few of you are local so please do come along! In fact, if you’re not local (or “bissen’t from rond theez partz”, as we say here) then consider going to your nearest CocoaHeads or starting a new one. It’s a great way to find out who’s working on Mac or iPhone development in your area, share tips and stories and build up that professional contacts network.

Previously I’ve been concerned that readers here at iamleeg don’t seem interesting in commenting on my posts, but these days I’m no longer worried. I can tell how many people are reading, and of those how many are regulars, and I have to say that the blog is doing pretty damn well. Of course, if you do feel inclined to join in the discussion (particularly if I’ve got something wrong, or missed an important point from a post) then you should feel perfectly at liberty to leave a comment.

Finally, have a happy new year!

posted by Graham Lee at 03:47  

Tuesday, December 2, 2008

Free apps with macdev ticket

The Mac Developer network currently have a Special Offer running until christmas eve, get a free copy of Changes and Code Collector Pro with your ticket. Both are useful apps for any developer’s arsenal.

posted by Graham Lee at 00:10  

Tuesday, November 4, 2008

More on MacDev

Today is the day I start preparing my talk for MacDev 2009. Over the coming weeks I’ll likely write some full posts on the things I decide not to cover in the talk (it’s only an hour, after all), and perhaps some teasers on things I will be covering (though the latter are more likely to be tweeted).

I’m already getting excited about the conference, not only because it’ll be great to talk to so many fellow Mac developers but due to the wealth of other sessions which are going to be given. All of them look really interesting though I’m particularly looking forward to Bill Dudney’s Core Animation talk and Drew McCormack’s session on performance techniques. I’m also going to see if I can get the time to come early to the user interface pre-conference workshop run by Mike Lee; talking to everyone else at that workshop and learning from Mike should both be great ways to catch up on the latest thoughts on UI design.

By the way, if you’re planning on going to the conference (and you may have guessed that I recommend doing so), register early because the tickets are currently a ton cheaper. Can’t argue with that :-).

posted by Graham Lee at 14:39  
Next Page »

Powered by WordPress