Archive for June 2013

Sunday, June 30, 2013

Objective-C Literals and @compatibility_alias

This Stack Overflow question discusses how Objective-C array, dictionary, and value literals are not actually hardcoded into the compiler. They can in fact be redirected to custom classes (via Rob Rix).

Saturday, June 29, 2013

What Every Web Developer Must Know About URL Encoding

Stéphane Épardaud (via Ilya Grigorik):

This article describes common misconceptions about Uniform Resource Locator (URL) encoding, then attempts to clarify URL encoding for HTTP, before presenting frequent problems and their solutions.

For example:

This means that the “blue+light blue” string has to be encoded differently in the path and query parts: “”. From there you can deduce that encoding a fully constructed URL is impossible without a syntactical awareness of the URL structure.


The syntax of the URL is only meaningful before it is URL-decoded: after URL-decoding, reserved characters may appear.

Update (2013-07-13): Mike Abdullah mentions KSURLComponents, which can help with this.

Update (2013-07-16): Mike Abdullah:

But what if you want to programmatically construct a URL containing query parameters? Don’t worry, I’ve got your back again, with KSURLQueryUtilities. There you’ll find a selection of methods to go between URL (and their strings), and NSDictionary.

Update (2013-08-14): Mike Abdullah:

Most importantly, note the use of : characters in the example above. One is used after the brackets to indicate the port number. But what about this within the brackets? As we saw above, : characters must usually be escaped as part of a hostname, but for literal addresses, the brackets act as an exception to this rule.


For further complication, websites can make use of international domain names, whereby characters outside of the regular ASCII set are encoded using a system known as punycode. e.g. the domain exä is actually addressed as Web browsers take care of hiding this detail from users by presenting (and accepting) the unicode form of such domains. is a great way to view Web development reference materials (via webappstorm).

Friday, June 28, 2013


At the suggestion of Kevin LaCoste, I decided to try out Fever. I don’t think I’ll have much use for its signature “takes the temperature of your slice of the web” feature, but as a personal RSS server it works well. The Web interface is very well done, though not as nice as a native app. I miss some features from NetNewsWire 3 such as nested folders, smart folders, and sorting by attention. I like how Fever has per-feed and per-group display preferences.

I was not impressed with how the Fever Web site works in Mobile Safari. The design is fine, but some important features are not available, and it feels very slow.

However, there are also several iPhone apps for accessing Fever, and I was blown away by how good they are. Both Reeder 3.1 and Sunstroke 1.5 work well and are fast enough for me. The situation is much better now than the last time I tried RSS (including Reeder) on iOS and gave up. Each app has a few elements that I prefer, but I will probably end up using Sunstroke because it seems to be faster than Reeder.

See also:

Update (2015-04-06): Anthony Drendel:

I just made Sunstroke available for free on the App Store. As you may have noticed, Sunstroke hasn’t received any updates since last August’s huge full-text search update. This is due to two reasons:

1. I moved to a new city and country (Berlin, Germany) and started a new job (Objective-C developer at 6Wunderkinder, the makers of Wunderlist)

2. Sunstroke hasn’t made enough money to be worth my time.

Anatomy of a Compiler Bug

Mike Ash:

It’s interesting that this bug only shows up when calling into gcc-compiled code. Using the buggy version of clang to call into other clang-compiled code doesn’t cause any trouble.

iCloud and User-Generated Data


Nonetheless we were denied for our use of iCloud. Apple’s reasoning was that they will not allow iOS applications to use iCloud to sync “non-user-generated” data between devices. After some lengthy followup, we learned that while using a “drawing application” to create a new piece of art and then saving that file would be considered “user-generated”, using our app to add a signature and content to a PDF and saving it as a new file is not “user-generated”. The exception, of course, being for Apple’s own iOS applications, like those in iWorks. So after a long phone call with Apple that equated to my logical arguments being repeatedly contested with the same sentence from an apparent script (“your app does not follow our guidelines regarding user-generated documents in iCloud”), what was their recommendation for how to get over this hurdle? Use a 3rd party iCloud competitor.

There are some other apps in the store that have been allowed to do this, so it’s unclear whether Apple’s reviewers are being inconsistent or there’s more to the SignMyPad story.

Wednesday, June 26, 2013

Can Apple Read Your iMessages?


There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.

Matthew Green:

All you need to do is run the following simple experiment: First, lose your iPhone. Now change your password using Apple’s iForgot service (this requires you to answer some simple security questions or provide a recovery email). Now go to an Apple store and shell out a fortune buying a new phone.

If you can recover your recent iMessages onto a new iPhone -- as I was able to do in an Apple store this afternoon -- then Apple isn’t protecting your iMessages with your password or with a device key. Too bad.

This seems to be confirmed by this Ask Different answer and Hacker News. In other words, the end-to-end encryption is beside the point if iCloud backups are involved. Apple’s privacy statement seems to be strictly true but misleading.

Update (2013-10-19): Dan Goodin:

Ultimately, the QuarksLab researchers said that such man-in-the-middle exploits against the iMessage infrastructure require so much effort that they could probably be carried out only by three-letter agencies, and even then only under limited circumstances. But they went on to say there's no technical measure stopping Apple employees, working under a secret court order or otherwise, from performing the same kind of attack and making it completely transparent to the parties exchanging iMessages. Unlike third-party attacks, these insider exploits would require no tampering of end-user devices.

Tuesday, June 25, 2013

NSA-proof Your E-mail in 2 Hours

Drew Crawford:

Today we kill your excuses. Because I’m going to show you exactly how to do it, it’s going to take about two hours to set up, and it’s a “set it and forget it” kind of setup. Not only that, but it is actually going to be better than GMail, from a purely features perspective. It might surprise you to learn that people continue to develop email server software in a post-Google-apps world, and that the state of self-hosted is much better than you remember.

However, the e-mail is probably still moving between servers in cleartext, and also stored on the servers of your correspondents. You could use PGP, but:

For those who seek to preserve their privacy by encrypting their communications, in effect shielding themselves from the ominipresent “Eye”, the gloves come off and they can be declared non-U.S. citizens for purposes of sidestepping any pesky “Constitutional” restrictions

Google Reader Apocalypse

Jamie Zawinski:

Currently everyone and their mother is scrambling to write some new web-based replacement for Google Reader, but I don’t want that, even a little bit. I want a pair/trio of apps that synchronize. I have no interest in reading my feeds through a web site (no more than I would tolerate reading my email that way, like an animal).

I have yet to find a mobile RSS reader that feels fast enough, so I’d be happy with just an updated version of NetNewsWire 3 that doesn’t sync, but which fixes a few longstanding bugs.

Monday, June 24, 2013


Bob Rudis (via Jens Alfke):

Leopard ships with something called DTrace that gives developers and administrators the ability to take a peek at what all running code is doing in a flexible and dynamic way. Giving DTrace the coverage it deserves is beyond a simple blog post, but there are some smaller utilities – like opensnoop – that take advantage of the power of DTrace, but on a more targeted scale which are worthy of a minor exposition. The main purpose of the opensnoop utility is to provide a report of file opens as they occur.

Here’s the man page. This seems like a good alternative to fs_usage for certain use cases.

Update (2022-02-08): LOLgrep:

It’s insane how useful opensnoop -t -f "/Some/Path/ThatYouWannaObserveWhoIsOpening/It" is

NetNewsWire 4 Open Beta

Daniel Pasco:

The basic game plan will be as follows:
1. Kick off the open beta
2. Continue our work on sync
3. Start rolling out sync to select beta testers
4. Continue to add cool features to NetNewsWire 4
5. Ship the completed version of NetNewsWire 4, including sync

Here’s what I noticed first:

  1. At first launch, it logged some assertion failures and reported “Your sites failed to import successfully. Enjoy NetNewsWire 4”. A few of my articles showed up under “All Unread,” but the list of sites was completely empty.
  2. The user interface feels foreign, as it only supports a widescreen view, Tab-keying between views doesn’t work properly, and there’s no way to open new (browser) tabs in the background.
  3. A huge number of features have been removed, from smart lists to (nearly all) AppleScript support. Some pruning was due, but this is way too much, and there’s no indication of which features (aside from sync) will be returning.

I’m glad to see that NetNewsWire is still being developed, but this looks for all intents and purposes like a whole new app, at an early stage of development. NetNewsWire 3 is one of my favorite apps ever. This beta is too rough to be part of my daily workflow. Worse, I am less sure after trying it that the app they plan to build will please me. If I didn’t have other apps to work on, this would motivate me to start developing my own RSS reader.

Update (2013-07-08): Public Beta 2 seems to address none of these issues.

Update (2013-07-15): Neither does Public Beta 3.

Update (2013-09-10): Public Beta 7 restores the “Classic” (non-widescreen) layout.

Update (2013-12-03): Public Beta 12 restores the NetNewsWire 3 keyboard shortcuts.

All the Apps Have Been Written

Kevin Hoctor:

After my research, I was sure that I wasn’t the only person unhappy with the state of personal finance packages on the Mac. How many others were in the same pain as I was? If I can cure this pain my life, maybe I can help them as well.

I want to “fix” most of the apps I like, including his.

Wednesday, June 19, 2013

Recycled Yahoo! IDs

Jay Rossiter:

So, how are we making these Yahoo! IDs available? We’re freeing up IDs, that have been inactive for at least 12 months, by resetting them and giving them a fresh start. In mid July, anyone can have a shot at scoring the Yahoo! ID they want.

Via Christopher Blizzard, who notes that this could cause security problems. If you haven’t recently logged into your Yahoo account and you had listed your Yahoo e-mail address as the contact info for another site or company, any password reset e-mails will go to the new owner of your Yahoo address.

Update (2013-06-20): Manton Reece in 2002 (via Charles Parnot):

Late yesterday I logged into Yahoo Mail and almost dropped to the floor in shock. Instead of seeing my email, a message stared back at me stating that I had not logged in for at least 4 months. My account was disabled and all my mail was deleted! Unbelievable. I regularly log into other sections of Yahoo (the calendar, for example), and it never occurred to me that they would pull something like this on their customers.

A Brief History of Test Frameworks

Andrew Shebanow (via Chris Hanson):

The similarities seem fairly striking to me. Factor in the fact that Erich Gamma worked at Taligent at the time the Test Framework was developed, and in fact gave the engineering team some good feedback, and its pretty hard to argue that Alan and David don’t deserve at least some credit for developing one of the original ancestors of JUnit.

It turns out to be a case of convergent evolution, as JUnit was based on SUnit, which was separate from the Taligent and Pink work.

Monday, June 17, 2013

Avoid Null Checks by Replacing Finders With Tellers

Michael Feathers:

The person method accepts an id for a person and a block. If the person is found the block is called with the person. Otherwise it isn’t. Elegant, eh? And, there are no nulls.

Lots of luck doing this in a language without blocks or lambdas. I think that when the history of computing is finally written, one of the chapters will be about how much insanity thrived in the era before blocks were considered mainstream.

AV Foundation and the Void

Chris Adamson:

This surprised me, so I asked a colleague who talks about AV Foundation at conferences if I was mistaken, and he agreed that there doesn’t seem to be a way to save an AVMutableComposition. Which in turn means that if you’re writing a video editor, the composition object is only useful to you during the life of the app, and you need some other means of saving the set of edits you’ve made, and re-creating a new composition from this data on a future launch.

He gives a bunch of examples of cool features in the old QuickTime APIs that aren’t (yet?) available in AV Foundation.

Saturday, June 15, 2013


Mike Ash:

All of this is to say that your code must be correct in the absence of reachability, but adopting reachability can greatly enhance usability.

It’s interesting that several commenters suggest only using the reachability API if the actual network request fails. As I recall, originally we were supposed to use reachability first, because some requests aren’t worth causing the modem to start dialing the phone.

Thursday, June 13, 2013


Amy Worrall:

MapKit on OSX is for App Store apps only. All interest I had is immediately lost.

Just like iCloud.

iWork for iCloud: Not Enough

David Sparks:

Also missing from the iWork for iCloud presentation was any mention of the best reason to put an office app on the web, collaboration. I’ve never been happy with the feature set of any of the web-based office solutions. They don’t have the features we get with native apps and are often ugly as sin. There is, however, one redeeming feature in collaboration. Multiple people can work on the same online document at once. Google has mastered this so that I can write one paragraph while watching a colleague (or two or three colleagues) write another paragraph on the same page. iCloud for iWork doesn’t support this.

How Three Guys Rebuilt the Foundation of Facebook

Cade Metz:

In a nod to the company’s original PHP converter, they called the system the HipHop Virtual Machine, or HHVM for short, and it was soon installed beneath the live site, where it continues to run today.

HHVM uses what’s called just-in-time compilation, which means Facebook’s PHP code is converted to machine language as it executes on the server. This is the way the Java programming language runs, but the Java virtual machine was built over many years to serve an entire industry of programmers. The HipHop Virtual Machine was built just for Facebook — though, as with so many parts of its infrastructure, Facebook has open sourced the system, so that anyone can use it.

With the HipHop Virtual Machine, Facebook can run PHP at speeds most developers never thought possible. But some still wonder why the company would go to such extremes. Longtime developer and programming pundit David Pollack doesn’t buy the notion that PHP helps Facebook iterate at a faster clip.

iOS 7 Design

Matt Gemmell:

We can quibble about colour choices, but when viewed against the new style, the sheer weight and gimmickry of the bubbles and bevels and shine becomes very apparent. The navigation bar at the top hangs there like a lintel, frowning away. It’s a pretty Photoshop job, but to my eye it now looks chunky and theme-y, like a skin for jailbroken devices.

Matthew Panzarino:

In fact, the designs are so different that you might even have been surprised that they came out of the same teams that were behind the home screen on iOS 6. Well, you’d be right. We’ve been talking to people all week about the new designs of iOS and multiple sources have given us a better picture of how it went down inside Apple in the last few months.

First of all, many of the new icons were primarily designed by members of Apple’s marketing and communications department, not the app design teams.

Marco Arment:

I don’t think most developers of mature, non-trivial apps are going to have an easy time migrating them well to iOS 7. Even if they overcome the technical barriers, the resulting apps just won’t look and feel right.

John Gruber:

There’s an intricate system at work, a Z-axis of layers organized in a logical way. There is a profound reduction in the use of faux-3D visual effects and textures, but iOS 7 is anything but flat. It is three dimensional not just visually but logically.

Craig Hockenberry:

But with major user interface changes such as Aqua or iOS 7, Apple has another tendency: they overshoot the mark. Their incremental approach then becomes one where unnecessary items are removed (such as Aqua’s stripes) or improved (excessive shadows and transparency are toned down).

Transferring App Ownership

Adam C. Engst:

Apple has at long last responded to one significant request: the desire to transfer apps between developers. This is important because developers have a lot of intellectual property value wrapped up in apps, in part due to the app’s metadata in the App Store. Until now, it wasn’t possible to transfer an app between developers without losing rankings and reviews and severing the connection with existing customers for updates, thus stripping an app of much of its hard-earned value.

This is a a good improvement, but it’s worth noting what the FAQ says:

You cannot transfer iCloud enabled apps or apps using iCloud entitlements, Passbook IDs, certificates, or notifications.

In addition, apps with approved auto-renewable, non-renewing, or free subscriptions In-App Purchase subscriptions cannot be transferred. This includes apps that previously had approved In-App Purchases subscriptions, even if they have been removed.


Alaric Cole (via Josh Centers):

You might understand my shock when they unveiled a revamped weather app today. And its most defining new feature? Animated weather. Rain fell, snow drifted, hail dropped, and thunderstorms stormed—just as my app had so confidently done months before. And the audience loved it. When the lightning flashed, there was thunderous applause.

Apple never accepted his app into the App Store, rejecting it first for not having enough features and later because of “the experience the app provides,” which turned out to be similar to that of the built-in iOS 7 Weather app.

Saturday, June 8, 2013

Wireless Diagnostics

Apple (via Dan Frakes):

Wireless Diagnostics can help you resolve wireless connectivity issues by analyzing the Wi-Fi network your Mac is connected to and providing solutions. Wireless Diagnostics is included with OS X Mountain Lion v10.8.4 and later.

If you can connect to your Wi-Fi router, but are having issues with webpages loading, sending or receiving email, music or video streaming, or downloading, use Wireless Diagnostics. After Wireless Diagnostics has completed an analysis of your Wi-Fi network, it will list any issues it finds and offer some solutions.

Friday, June 7, 2013

App Stories

App Stories, part of App Camp for Girls, is interviewing Mac and iOS developers about how they got started in app development and what advice they have for aspiring young developers. So far, they’ve interviewed Peter Maurer, Greg Scown, Brandon Alexander, and Natalie Osten.

Update (2013-06-13): One new developer is featured each day, and my interview has now been posted.

Update (2013-07-13): The New Yorker writes about App Camp For Girls.

The first issue of is now available (via Jake Marsh):

Welcome to the first edition of, a periodical about best practices and advanced techniques in Objective-C! was founded in Berlin by Chris Eidhof, Daniel Eggert, and Florian Kugler. We started to create a regular platform for in-depth technical topics relevant to all iOS and OS X developers.

It looks great. Currently, there’s an e-mail list and a Twitter account, but no RSS feed.

LaunchBar 5.5

LaunchBar 5.5 includes an interesting new Snippets feature. I used to use its predecessor, Text Clippings, but recently switched to TextExpander. One of the neat things about LaunchBar snippets is that the placeholders integrate with its Clipboard History and Instant Send features.


While building one of my Mac apps this morning, codesign failed with the error “CSSMERR_TP_NOT_TRUSTED.” Apparently this has been happening since last night. Rich Siegel says that there’s a problem with Apple’s timestamp server and that you can work around it by adding --timestamp=none to codesign’s arguments; this disables the use of timestamp services. This is better than disabling code signing entirely, but you can’t ship an app built this way. I wonder how many people realized that even if you’re using Developer ID certificates and Gatekeeper rather than the Mac App Store, you’re still dependent on Apple’s servers to be able to ship your app. Luckily, in this case, the server is back up now.

Thursday, June 6, 2013

Tim Cook at D11

Jean-Louis Gassée:

For my part, perhaps because of my own thin skin, I find Tim Cook’s preternatural calm admirable. Taunted with comparisons to Spindler and Amelio, dragged onto the Senate floor, being called a liar by a NYT columnist, constant questioned about his ability to lead Apple to new heights of innovation… nothing seems to faze him. More important, nothing extracts a word of complaint from him.

John Gruber:

Asking Tim Cook (or any other Apple executive) questions you know he isn’t going to answer isn’t being a “tough” journalist. It’s just a waste of time and a rare opportunity. Sure, ask him up front if he’s willing to talk about upcoming Apple products, get his “no” on the record. But then move on to questions he might actually answer.

So many good questions that could have been asked, which he probably would have answered.

Wednesday, June 5, 2013

Quartz Composer for iOS

Joris Kluivers (via Charles Parnot):

While not nearly completed I decided to publish my implementation of Quartz Composer for iOS. This project intends to provide a rendering & interaction framework for .qtz on your iPhone or iPad. Similar to what the Quartz Composer framework provides on OS X.

Saturday, June 1, 2013

RadarWeb 2.0

Apple’s bug reporter has a new user interface that resembles Mail and iOS (via Mike Abdullah). The features seem pretty much the same. No word yet on reliability.