Archive for February 2013

Thursday, February 28, 2013 [Tweets] [Favorites]


Lode Vandevenne (via Edward Marczak):

The output generated by Zopfli is typically 3–8% smaller compared to zlib at maximum compression, and we believe that Zopfli represents the state of the art in Deflate-compatible compression. Zopfli is written in C for portability. It is a compression-only library; existing software can decompress the data. Zopfli is bit-stream compatible with compression used in gzip, Zip, PNG, HTTP requests, and others.

Silent Email Filtering Makes iCloud an Unreliable Option

Dan Moren and Lex Friedman:

To be clear, the problem is not that Apple is flagging terms that are most often used in unwanted, spam messages—it’s the lack of transparency about this filtering. Apple is flagging messages that it seems very sure are spam, but it has no real system in place for dealing with false positives—messages that are filtered, but aren’t actually spam.

Apple deletes some of the false positives outright. They never even appear in the Junk mailbox. This has been going on for many years. It’s also no longer possible to turn off Apple’s server-side filtering, e.g. if you prefer to use another filter such as SpamSieve. These days it’s easy and inexpensive to host e-mail on your own domain, and there are free e-mail services that are better than Apple’s, so I see little reason to use iCloud for e-mail.

Update (2013-03-01): Matt Henderson:

I’ve been telling friends and family for years to think twice before using a Gmail or iCloud email address — or even worse, the email address provided by one’s ISP. The problem is lock-in — once the world knows you or, it’s not easy to change when you become concerned about Gmail account hacking, or when your ISP goes belly up.

Leak-Free Recursive Blocks

Jeremy W. Sherman (via Romain Briche):

So you need both a strong and a weak reference to your block. And the block needs to be stored in the strong reference first, so you anchor it to this world.

And you also have to make sure that the strong reference outlives the recursion. ARC makes easy things easy, but…

Jeff Biggus wrote macro to simplify this.

Wednesday, February 27, 2013 [Tweets] [Favorites]

Why Refusing Third-Party Cookies Will Be Worse for Privacy

sukria (via Tim Bunce):

It’s obvious that if all browsers drop third-party cookies by default, all the industry will move to fingerprinting and this will be even worse for the user: you can remove a cookie, you can see it, you can configure how you want your browser to deal with it. You can’t do that with fingerprinting.

Name Mangler 3

Name Mangler, Many Tricks’ excellent batch file renamer, has been updated to version 3. The new version is much faster and can apparently even undo a renaming, though that should rarely be necessary since it offers such great previewing. There’s also a version in the Mac App Store, which due to sandboxing removes the feature for integrating with Path Finder.

Update (2013-03-01): Peter Maurer:

In this case though, we’ve demonstrated that not only did we not steal, but that any theft may have very well been the other way around: Renamer 4′s “new” interface bears a striking resemblance to one we’ve been using since 2005. But honestly, we don’t care—we like competing on features, performance, and ease of use instead of with legal threats.


Ash Furrow:

Anton Bukov has done a great job replicating the LINQ framework in the Foundation collections classes.

For those of you who aren’t former .Net fanboys, LINQ is the gem of .Net development. LINQ stands for Language-Integrated Query and it is a compile time, source-independent querying language for .Net.

It’s interesting to compare this with RXCollections.

It’s Not Email That’s Broken

Joe Kissell:

What I am trying to say is that you probably don’t receive more email than Adam Engst, Merlin Mann, or I do, and if we can get to the point where we feel email is under control, so can you. If you find that one of our systems works “out of the box,” that’s fantastic; go for it! If you need to adapt a system to your own needs or invent something entirely new, that’s also fine. But it’s going to require effort. You have to take a few hours of your life to analyze the ways you use email and determine what parts of your approach aren’t working, and then adjust some of your behaviors.

Application Specific Crash Report Information

Wil Shipley shows how an application can add information to a crash log by assigning to a special string variable. I see the same technique used in Apple’s source for configd:

/* CrashReporter info */
const char *__crashreporter_info__ = NULL;
asm(".desc ___crashreporter_info__, 0x10");

I also like to use -[NSThread setName:].

Update (2013-05-03): Mike Ash adds this to his assertion macro.

Update (2014-02-18): PLCrashReporter developers consider whether they should read from __crashreporter_info__ (via Landon Fuller).

The Little Manual of API Design

Trolltech, developers of the Qt framework, have written what looks like a useful PDF guide called The Little Manual of API Design (via Lemont Washington and @curentur).

Update (2013-02-28): Lukas Mathis comments.

Ruby 2.0

Ruby 2.0 is now available, featuring keyword arguments, UTF-8 as the default encoding, support for lazy streams, a new regex engine, DTrace support, a faster garbage collector and VM, and more.

Google Maps API Keys Now Open

Jacqui Cheng:

The Google Maps SDK for iOS is now open to all iOS developers—not just those who get approval for API keys through Google. The move almost guarantees more third-party iOS apps will use Google’s data instead of Apple’s, though it’s still too early to tell whether the change will significantly affect Apple or the use of its own mapping APIs.

How to Design Programs

There’s a free Web version of How to Design Programs, an interesting, Scheme-based textbook that’s gentler than SICP (via @CompSciFact).

Thursday, February 21, 2013 [Tweets] [Favorites]

AppleScript Equivalent of “continue”

AppleScript doesn’t have a continue statement, but Tom Lokhorst shows Ray Robertson’s trick of simulating one using an extra loop and exit repeat (AppleScript’s equivalent of break).

Drobo 5D Review

Cabel Sasser:

The Drobo 5D will not mount until you install the Drobo software. (See here.) The Drobo software includes, among other kernel extensions, DroboTBT.kext, Drobo’s “SCSI Thunderbolt Controller”.

He says it’s fast, though.



Firefox for Windows, Mac and Linux introduces a built-in browser PDF viewer that allows you to read PDFs directly within the browser, making reading PDFs easier because you don’t have to download the content or read it in a plugin like Reader.

Hacker News notes that the PDF viewer is implemented in 35K lines of JavaScript. It’s impressive that the performance is apparently acceptable even on older hardware. Presumably this is also more secure than using a native plug-in.

Xcode Can Find Method Callers

Jonathan Rentzsch links to this Stack Overflow answer about how Xcode 4.5 uses static analysis to detect which methods could call the current method. See also Brian Webster’s answer.

Changing Your Password Doesn’t Revoke OAuth Access

Brent Simmons:

Yes, I can go into my Twitter settings and revoke access to any one or more apps. And: I’m a developer, and I’ve written OAuth client code — I’ve even written Twitter-specific code.

But here’s what normal people think: I’ll change my password and everything will be okay.

Sunday, February 17, 2013 [Tweets] [Favorites]


Manton Reece:

Today I’m happy to announce my new web app: Searchpath. It’s search for your web site or blog with an innovative “popover” UI. Simple, fast. With better control of your search results, and no need to link to Google or show ads to your readers.

First, I have to admire anyone who tries to take on Google in search.

Searchpath is $8/month compared with $100/year for the ad-free Google Site Search, which I’ve been happily using for C-Command. (On this site, I’m currently using the version with ads.) On the whole, I like the Google results better, since they show the URLs and can fill the whole window. Searchpath is less configurable but easier to set up. I have a test page here.

After a few days, Searchpath seems to have stopped indexing my sites. It’s indexed only 191 pages (out of about 3,400 posts) on my blog; and 2,591 pages for C-Command, compared with 22,800 that Google found (many of them forum posts).

Also of note:

Searchpath doesn’t have passwords. Instead, your account is kept signed in for up to 6 months or until you sign out. By sending you a quick email, we can confirm your account and sign you in securely, without ever needing to remember a password.

I thought this would be handy because I would be able to bookmark the special links for my two sites and easily switch between them. However, it turns out that once you log out the link becomes useless. You have to request another e-mail with a new sign-in link, and sometimes it doesn’t arrive right away.

Of course, this is just 1.0. I will be watching Searchpath’s development with interest.

Saturday, February 16, 2013 [Tweets] [Favorites]

ReactiveCocoa Explanation

Josh Abernathy:

Because we treat all the inputs to our app as different things—a touch event here, a web response there—we can’t combine them in any meaningful way. We can’t transform them uniformly. And so our only tool for dealing with all these different things is state. When our only tool is state, every problem looks like a stateful nail.

But happily this perspective of our app’s output as a function of its inputs over time gives us a new tool: functional reactive programming. Functional reactive programming (FRP) is a paradigm built around the idea of time-varying values produced by time-varying functions.

He also has a basic example of what this looks like in Objective-C. I have not had a chance to look into ReactiveCocoa deeply yet, but from what I’ve seen so far it looks very exciting. It looks like what Cocoa Bindings should have been, designed to scale up from the easy cases to the harder ones, and taking full advantage of blocks.

Update (2013-02-18): Mattt Thompson:

Bindings replace a lot of boilerplate glue code and allow programming to be done in Interface Builder, but they’re severely limited and impossible to debug. RAC offers a clear, understandable, and extensible code-based API that works in iOS and is apt to replace all but the most trivial uses of bindings in your OS X application.


Rob Rix’s RXCollections offers:

Folds, maps, filters, and detects for Cocoa collections (including your own), with as little chaff as possible.

The interesting part is that:

Maps and filters take a second argument, a collection into which to place their results. This can be a set or an array currently, and if you pass nil, RXMap and RXFilter will build a collection of the same type as the collection being mapped or filtered.

And they can work with custom collection types that conform to the proper protocol.


Markdown.css is a stylesheet that converts HTML to Markdown (via Mark Christian).

Update (2017-01-03): See also: Hacker News.

Cocoa to HTML


The Intel® HTML5 App Porter Tool - BETA is an application that helps mobile application developers to port native iOS code into HTML5, by automatically translating portions of the original code into HTML5.

Via Brent Simmons, who says:

I don’t know why.

Thursday, February 14, 2013 [Tweets] [Favorites]

Building Basecamp for iPhone in RubyMotion

Nick Quaranto:

I’m really bullish about RubyMotion’s future, especially at 37signals. I think there’s a huge opportunity to make veteran iOS developers more productive by throwing the doors open to the Ruby community. New iOS developers win as well, since RubyMotion makes the jump to mobile development less scary by keeping your toolchain similar to other open source platforms.

Update (2013-02-16): Jason Zimdars writes about design decisions that they made.

Adobe Photoshop 1.0.1 Source Code

The Computer History Museum (via Phillip Bowden):

With the permission of Adobe Systems Inc., the Computer History Museum is pleased to make available, for non-commercial use, the source code to the 1990 version 1.0.1 of Photoshop. All the code is here with the exception of the MacApp applications library that was licensed from Apple. There are 179 files in the zipped folder, comprising about 128,000 lines of mostly uncommented but well-structured code. By line count, about 75% of the code is in Pascal, about 15% is in 68000 assembler language, and the rest is data of various sorts.

It seems to be very clean code.

Wednesday, February 13, 2013 [Tweets] [Favorites]


Cocoanetics writes about the underpublicized sysdiagnose tool and associated Command-Shift-Option-Control-Period keyboard shortcut (via Peter Hosey).

Typhoon Dependency Injection Framework

Romain Briche links to Typhoon, an alternative to Objection. Unfortunately, the Web site is hard to use and seems to be missing the important parts. I can’t tell what Typhoon is supposed to do differently, other than use XML.

Is Everything We Know About Password-Stealing Wrong?

Dinei Florêncio and Cormac Herley (via Rob Rix):

Thus, banking passwords are being stolen in considerable numbers. We have seen that emptying accounts is hard, and that mules, not victims, lose money. The password merely provides a way of offering something of apparent value (the victim-to-mule transfer) that will persuade the mule to part with something of real value (the mule-to-thief transfer). The victim’s password is only one small part of that elaborate process of socially engineering the mule into parting with money.

Opera Switches to WebKit

Opera (via Jon Russell):

“The WebKit engine is already very good, and we aim to take part in making it even better. It supports the standards we care about, and it has the performance we need,” says CTO of Opera Software, Håkon Wium Lie. “It makes more sense to have our experts working with the open source communities to further improve WebKit and Chromium, rather than developing our own rendering engine further. Opera will contribute to the WebKit and Chromium projects, and we have already submitted our first set of patches: to improve multi-column layout.”

Update (2013-02-17): Dave Methvin (via Hacker News):

Each release of Chrome or Safari generates excitement about new bleeding-edge features; nobody seems to worry about the stuff that’s already (still!) broken. jQuery Core has more lines of fixes and patches for WebKit than any other browser. In general these are not recent regressions, but long-standing problems that have yet to be addressed. Opera probably doesn’t have any more incentive to fix the common bugs than any of the other diners at the WebKit table—especially when jQuery continues to cover up these mistakes.

Robert Nyman:

I believe what we saw with IE6 and Microsoft – albeit under different circumstances – is a perfect example of why we need more competition, not less. Sure, WebKit is open. WebKit is a really good web rendering engine. But those are not reasons for sticking with just one.

Robert Nyman and Rob Hawkes: (via Hacker News)

Opera will be using the Chromium implementation of WebKit, as well as the V8 engine. This means that while Opera is using the ‘WebKit’ name, it’s not in fact using the same bits and pieces that make up some other WebKit browsers like Safari.

Tuesday, February 12, 2013 [Tweets] [Favorites]

Counting Stool Legs

Horace Dediu:

However, we have to understand that iTunes now is a blend of many business models. Some, like music, use a wholesale revenue recognition method and have very low to zero margins, others, like eBooks and Apps, are sold using an “agency” revenue model with potentially higher margins and some, like Software, are recognized at full value with very high margins.

When re-stated this way, iTunes becomes much more than a “break-even” business. My own estimate for its gross margin as currently reported is between 15% and 17% but it could be even higher.

Apple ID Security

Pierre Igot:

It really does not help one feel that Apple is taking security issues seriously when (1) the procedure to submit queries/concerns about Apple ID security issues is far from obvious and (2) the reply you get does not address the main concerns you have about a particular issue.

Monday, February 11, 2013 [Tweets] [Favorites]

Atomic Weapons: The C++ Memory Model and Modern Hardware

Herb Sutter (via Jean-Francois Roy):

This is a two-part talk that covers the C++ memory model, how locks and atomics and fences interact and map to hardware, and more. Even though we’re talking about C++, much of this is also applicable to Java and .NET which have similar memory models, but not all the features of C++ (such as relaxed atomics).

Retina Firefox?

I’m not sure what to make of this blog post (via Neven Mrgan). Firefox 18.0.2 doesn’t look Retina on my Mac: not the text in the browser window, not the images, not the tab titles or bookmarks bar, and still not the preferences window or favicons.

Files as UI vs. API

Steve Streza:

The Dropbox file UI side of things is optional for users; they have to seek it out, either on the website or by having one of the Dropbox apps - there’s nothing stopping you from having a Dropbox account purely for syncing data, without ever installing the Mac app or viewing a directory on the web site. But their syncing of files works. Apps can build better UI on those files whether they’re stored locally, stored in Dropbox, or stored in iCloud. But Dropbox has proven it’s reliability, and iCloud hasn’t.

Rene Ritchie says that “iCloud is the right idea still not realized, Dropbox is the wrong thing done brilliantly well.” Instead, I think that it’s not yet clear whether iCloud is the right idea; the current feature set is inadequate, and we don’t know in which direction Apple will take it. I would liken Dropbox to Unix. It’s not the pure, modern system that one would design from scratch today. But the plumbing works, and a good user experience can be built on top.

Sunday, February 10, 2013 [Tweets] [Favorites]

Sticky iOS Search Bar and Section Header Code

Fabian Kreiser demonstrates three different scrolling behaviors of a UISearchBar inside a UITableView (via Romain Briche):

  • Default: The search bar scrolls with the table view
  • Top: The search bar scrolls with the table view but always stays at the top if you scroll the table view up
  • Header: The search bar usually stays at the top of the table view but scrolls with the table view if you scroll the table view up

The first is used by Mail, Music, and Videos; the second by Notes and GameCenter; and the third by Contacts.

Friday, February 8, 2013 [Tweets] [Favorites]

Hooked on DTrace

Mark Dalrymple:

A friend of mine got an app rejected from the Mac AppStore because his app was (supposedly) attempting to open the Info.plist in DiskArbitration.framework in read/write mode. An app really shouldn’t be trying to write to anything in a system framework. Sad thing is, his app wasn’t doing this, at least not explicitly. It just used the framework, including it in Xcode in the usual manner and then calling its API. The framework was being loaded by the usual app startup machinery. It was an unjust accusation, but there’s really no recourse, short of resubmitting the app and hoping it works.

Wouldn’t be nice if you could catch every open being done by a program, and see what access flags it’s passing? You could take this output and see “oh yeah, for some reason I’m opening this read/write” and do some debugging, or else have some evidence for “I don’t see any wrongdoing”. Sounds like a great application of DTrace.

Update (2013-02-17): Part 2.

Update (2013-02-21): Part 3, which focuses on Objective-C:

Whenever faced with “who creates this” or “who calls this”, and I have no idea where to begin looking in the code, I reach for DTrace.

Update (2013-03-14): Part 4:

One way to do it is to make your own static probes. These are functions you explicitly call inside your program or library that tell DTrace “Hey, if you’re interested in country-clicking, someone just clicked on FI.” You can then put a DTrace probe on country-clicks, and all the other data available in DTrace is at your disposal like stack traces and timestamps.

The Base64 Encoder Has a Fixed Point

Francisco Mota (via Reddit):

Every time we encode, we get the same string back with a few changes at the end. This isn’t on purpose, this is a purely accidental consequence of base64’s design. There was never any point where the designer of base64 decided “Let there be a long string s that is a prefix to its own representation in base64!”

Civilized Discourse Construction Kit

Jeff Atwood:

Our amazingly talented team has been working on Discourse for almost a year now, and although like any open source software it’s never entirely done, we believe it is already a generation ahead of any other forum software we’ve used.

I greatly admire what WordPress did for the web; to say that we want to be the WordPress of forums is not a stretch at all. We’re also serious about this eventually being a viable open-source business, in the mold of WordPress.

Unlike Atwood’s previous project, Stack Overflow, Discourse is built using Ruby on Rails, Ember.js, and PostgreSQL.

Update (2013-02-11): Robin Ward explains more about the choice of Ember.js.

Update (2014-04-27): The Omni Group is using Discourse for their new forums, and I find it maddening. It seems to load posts only when you scroll down, and unload them when they scroll out of view. So as I scroll I am constantly seeing content load, even minutes after viewing the thread. And since the posts that are out of view are unloaded, the browser’s in-page find feature doesn’t work. It’s also annoying how the URL in the browser’s location bar changes as I scroll, and even without scrolling after I go to a supposed permalink.

Update (2014-05-21): Omni is switching all their forums to Discourse. The previous forum software was some of the best I’d seen. I find the new forums almost unusable. Searching within a page doesn’t work. Neither does saving as a Web archive or PDF. I can’t even use Select All and the Copy command to copy the text to the clipboard. The URL in the local bar changes as I scroll around, and even when I click on a permalink. The scroll thumb is no longer accurate. It feels like my Web browser is broken, but the same problems occur in current versions of Safari, Chrome, and Firefox. Yes, Discourse looks slick, but I wouldn’t choose it over any of the ancient PHP-based forum packages it was meant to replace. It’s shocking considering how good of a Web citizen Stack Overflow is.

rooSwitch Is Now SwitchUp


I’m excited to announce that rooSwitch has a new home, name & most importantly a new caretaker. Irradiated Software has been handed the keys and has renamed it to SwitchUp.

It’s a cool utility for managing sets of application preferences and support files, kind of like the old Mac OS 9 Location Manager.

Thursday, February 7, 2013 [Tweets] [Favorites]

Why All My iOS Apps Are on Hold

MOApp Software Manufactory on iCloud’s Core Data syncing:

It hasn’t worked for over two years now and I am the one feeling ashamed every time I have to give the same ridiculous answer why I still haven’t finished my iOS Apps.

I’m not sure where the “two years” comes from; wasn’t the developer release in the summer of 2011? They’ve also run into problems with iCloud’s document syncing:

It happens all the time that the complete data is gone. Just gone. With no chance to get it back and no—it’s not the developer’s or the user’s fault. It was just erased by iCloud without any predictable reason and there is no chance to debug it or to narrow it down or to avoid it.

Wednesday, February 6, 2013 [Tweets] [Favorites]

Dropbox Sync API for Mobile Developers


Get ready to add some Dropbox magic to your apps with the Sync API for iOS and Android, a powerful new library that makes it easier than ever to sync with Dropbox. The API takes care of all the complexity around caching, syncing, and working offline so that you can focus on creating the best mobile apps—it’s like having your own private Dropbox client built right into your app!

The syncing works with app-specific folders. It would be great if Dropbox had a companion SDK for Mac OS X.

Random Observations

Gus Mueller:

Here’s the other random observation—Mac App Store sales of VoodooPad and Acorn have been going down over the past couple of months, but direct sales have been going up. And I don’t know why. It’s the same price, and previously the trend had been in the opposite direction, but…well there it is.

I’m seeing the same thing with DropDMG and EagleFiler. Overall sales are up, but sales via the Mac App Store are much lower (both percentagewise and in absolute terms), even though the apps now have more good ratings and reviews.

And, like me, he’s seeing lots of customers continuing to use Snow Leopard.

Block Debugging

Damien DeVille:

We are mostly interested about the first method argument (the third argument of the objc_msgSend function) which happens to be a stack block. Now, obviously we know exactly what the arguments, return value and body of this block are since we wrote it, but think if you were stepping through framework code and you find such an instance, you would have no idea. And from experience, the actual interesting bits often happen to be in that very block. Well, this is unfortunately where most people would stop investigating but it is also exactly where any debugging aficionado starts to have some fun!

Update (2013-02-07): Ole Begemann notes that in this case much of the introspection could have been done using CTBlockDescription. I agree that in most cases it’s better to put reusable functionality like this in code, rather than typing it into the debugger.

Objective-C Blocks Quiz

Bryan Klimt:

Do you really know how blocks work in Objective-C? Take this quiz to find out.

Educational, although I think it confuses what works in the current implementation with what is contractually guaranteed to work.

Functional Reactive in the Netflix API With RxJava

Ben Christensen and Jafar Husain:

The Observable data type can be thought of as a “push” equivalent to Iterable which is “pull.” With an Iterable, the consumer pulls values from the producer and the thread blocks until those values arrive. By contrast with the Observable type, the producer pushes values to the consumer whenever values are available. This approach is more flexible, because values can arrive synchronously or asynchronously.

Monday, February 4, 2013 [Tweets] [Favorites]

Apple Doomed, According to News at 11

Adam C. Engst:

If I had to speculate, I’d say that Apple’s amazing success over the past five or six years has effectively blinded the company to these problems, or, to be more charitable, that the success has resulted in Apple prioritizing software quality behind hardware quality and predetermined ship dates, and in sticking with a set of App Store policies that no company in a less dominant position could ram down developers’ throats.

Properly Encrypting With AES With CommonCrypto

Rob Napier (via Jonathan Rentzsch):

First, you need to salt your key. That means adding random data to it so that if the same data is encrypted with the same password, the ciphertext will still be different. The key should then be hashed, so that the final result is the correct length. The correct way to do this is with PKCS #5 (PBKDF2).


OK, now you have a salt. What do you do with it? Save it with the cipertext. You’ll need it later to decrypt. The salt is considered public information so you don’t need to protect it.

And now the mystical initialization vector (IV) that confuses everyone. In CBC-mode, each 16-byte encryption influences the next 16-byte encryption. This is a good thing. It makes the encryption much stronger. It’s also the default. The problem is, what about block 0? The answer is you make up a random block -1. That’s the IV.

Duncan Jones Live-Tweets “Source Code”

Duncan Jones (via Jonathan Poritsky):

Asked who actually uses Bing.......... people who want money to make their movie look better use Bing. ;)

ListBook/BudgetBook and Core Data iCloud Sync

noidentity (via Daniel Pasco):

So after one year fight and trouble we have decided to remove iCloud from ListBook in the next version and wait until Apple shows us a working solution. The same thing with BudgetBook. The new iPad- and iPhone-app are 98% finished but we can’t release it because the sync doesn’t work.


Jonathan Wight’s S3-Uploader project shows how to upload to Amazon S3 directly without exposing an AWS_SECRET_ACCESS_KEY to your clients:

Sample Python and Objective-C showing how to upload to Amazon S3 without uploading through an intermediate web-service. The basic theory is explained here.

Project consists of a sample Python Flask based server app (suitable for hosting on heroku) that hosts a simple upload form that uploads files directly to Amazon S3.

Sunday, February 3, 2013 [Tweets] [Favorites]


SCStringsUtility is a utility that provides a grid interface for editing localizable strings files (via Romain Briche).

Saturday, February 2, 2013 [Tweets] [Favorites]

Objective-C Runtime Releases

Bavarious created a GitHub repository that shows the differences between versions of Apple’s Objective-C runtime that shipped with different versions of Mac OS X.

War Is Peace

Ned Batchelder on the recent Ruby and Rails security issues:

Allen in particular mentions that adding “conveniences” to your interface can make your life harder later on. In Ruby’s case, there were two unneeded conveniences that combined to make things really bad: parse JSON with the YAML parser, and let the YAML parser construct arbitrary Ruby objects. Neither of these is actually needed by 99.999% of programs reading JSON, but now all of them are compromisable.

Data Detectors Crash in Cocoa Text Views


type “File:///”. The capital ‘F’ is important. On the third /, it crashes.

And the crash reporter, Mail, and even the Spotlight menu can crash when displaying the text. In some apps you can prevent the crash by unchecking Edit ‣ Substitutions ‣ Data Detectors. For Mail, there’s a defaults command.

Update (2013-03-16): The bug appears to be fixed in Mac OS X 10.8.3. URLs

Apple QA1633:

You can also create easy-to-read links to your app using App Store Short Links, which use the base URL plus a specific form of your app or company name. This provides a simple way for users to find your apps on the App Store directly from your website or marketing campaigns. These short links are ideal for use in offline communications materials like print ads, TV spots, app trailers, radio ads and billboards.

It looks like the URLs will break if you ever rename your company or app. Also, product names aren’t as unique as you would think. Lemont Washington reports that doesn’t go to the expected Tweetbot.

Rather than creating implicit URL mappings, I think Apple should provide a way for developers to register specific slugs. Otherwise, it’s probably better for developers to create their own friendly URLs that redirect to the App Store. This also makes it possible to use affiliate codes.

Friday, February 1, 2013 [Tweets] [Favorites]


Objection (via Romain Briche):

Objection is a lightweight dependency injection framework for Objective-C for MacOS X and iOS. For those of you that have used Guice, Objection will feel familiar.

The basic idea is that dependency injection improves the modularity and testability of your code, but it also creates some extra work. To create an object, you must first create and wire up its dependencies (and their dependencies). A dependency injection framework addresses this by creating the dependent objects for you, based on a configuration (called a “module”) that you give it.