Archive for January 21, 2014

Tuesday, January 21, 2014 [Tweets] [Favorites]

Code Bubbles: Rethinking the User Interface Paradigm of IDEs

Code Bubbles (via Edge Cases):

Code Bubbles is a front end to Eclipse designed to simplify programming by making it easy for the programmer to define and use working sets. Working sets here consist of the group of functions, documentation, notes, and other information that a programmer needs to accomplish a particular programming task such as adding a feature or fixing a bug.

Code Bubbles accomplishes this by providing compact function-based views of the code (all backed by the underlying files) that are displayed in bubbles and that are easily moved around and manipulated on the screen. The bubbles are fully editable. A large bubble area lets the programmer set up different working sets simultaneously and easily move between them.

As Rentzsch says, this provides an interface that is more spacial and has higher information density than is available, say, in Xcode. See also the YouTube video. Importantly, this is only at the user interface level. Unlike some other futuristic IDEs, it does not require trading all your files in for a database and, as a result, giving up your existing toolchain.

Ask for the Clock

Craig Gidney (via Reddit):

The method I use to create testable time-dependent code is to ask for a “clock”. A clock is a provider for the progression of time, an instance of an interface with methods for all the various time-related things the code might want to do: delaying an action, measuring elapsed time, creating periodic events, querying the date, whatever you need.

When the code is being run in production, the provided clock will be advancing with respect to external time. When the code is being tested, the provided clock will be a “fake” manually controlled instanced that the test can advance as needed.

[…]

Interestingly, once you’re asking for clocks everywhere, you can start reaping some benefits unrelated to testing.

Calendar App Asks for Apple ID and Password

Neven Mrgan:

For years I’ve rejected app ideas that would require the user’s Apple ID and password, certain that Apple would reject such apps swiftly. Now, Sunrise app—which asks for this info, and a whole lot more—is not just approved, but prominently featured. Sigh.

A previous version of OmniFocus also asked for your iCloud login info, since there was then no API for reminders. iOS does have an API for calendar access, but apparently it doesn’t cover everything the Sunrise (App Store) developers wanted to do. A couple months ago, they had a security breach and recommended that customers change their iCloud passwords. This does not inspire confidence, but I wouldn’t focus too much on this particular developer. These days, your Apple ID is the master key to all sorts of personal information and privileges, including the ability to remote wipe iOS devices and access your Mac, even if you didn’t share your FileVault 2 recovery key with Apple. It doesn’t seem prudent to share it with anyone.

Update (2014-01-22): Marco Arment:

I couldn’t believe it, so I downloaded the app myself and took these screenshots.

Update (2014-01-23): Sunrise:

When you type in your iCloud credentials, they are sent to our server only once in a secured way over SSL. We use them to generate a secure token from Apple. This secure token is the only thing we store on our servers, we never store your actual iCloud credentials.

Marco Arment:

This is better than storing your password in their database, but it’s still not very secure by modern standards: they’re still taking on the responsibility of transmitting it securely from the app, receiving it securely on the servers, sending it back to Apple securely to get a token, ensuring no tools, proxies, or analytics are caching or logging it along the way, and ensuring that their servers aren’t quietly hacked and nobody’s monitoring the application to capture the credentials in flight.

Update (2014-01-30): Sunrise:

Since our 2.11 version, we are not sending iCloud credentials to our servers, the app generates the secure token client-side.

Why Sass?

Dan Cederholm:

CSS is anything but DRY. At times, it drips with repeated rules, declarations, and values. We’re constantly writing the same snippets of code for colors, fonts, and frequently-used patterns of style throughout our stylesheets. One look through a decent-sized CSS file, and a DRY software developer will weep, first with bewilderment, then frustration.

[…]

Sass is a CSS preprocessor—a layer between the stylesheets you author and the .css files you serve to the browser. Sass (short for Syntactically Awesome Stylesheets) plugs the holes in CSS as a language, allowing you to write DRY code that’ll be faster, more efficient, and easier to maintain.

It seems like ultimately this sort of thing should be built into CSS itself, though.

Network Solutions Auto-Enroll: $1,850

Brent Simmons:

I couldn’t believe that I’d been opted-in, without my permission, to any new product — and I was stunned when I saw how much it cost. And further surprised when I saw that I would have to make a phone call to deal with all this.

Update (2014-01-23): Andrew Allemann:

In an interview with Domain Name Wire today, Web.com COO Jason Teichman said the program will actually be opt-in, and no one will be charged for the service unless they agree to add it.

Brent Simmons:

Even though NetSol spokesman said nobody would have to opt out, I still did. They called me, but I still had to opt out. (Guy read script.)

Brent Simmons:

So what happens when something so obviously inflammatory is posted?

Frere-Jones Sues Hoefler

Fredric S. Newman (PDF), attorney for Tobias Frere-Jones (via John Gruber):

However, in the most profound treachery and sustained exploitation of friendship, trust and confidence, Hoefler accepted all of the benefits provided by Frere-Jones while repeatedly promising Frere-Jones that he would give him the agreed equity, only to refuse to do so when finally demanded.

Michael Burke, attorney for Jonathan Hoefler:

Following his departure, Tobias filed a claim against company founder Jonathan Hoefler. Its allegations are not the facts, and they profoundly misrepresent Tobias’s relationship with both the company and Jonathan.

I was surprised to learn that fonts are such a big business. And, more so, that such an important partnership agreement, between former rivals no less, was apparently never committed to paper.

Common Init Method Name

Marco Arment asks what to name a method that factors out shared code, so it can be called from multiple initializers. The results seem to indicate that there is no agreed upon standard. Apple seems to use -commonInit, but when subclasses are involved it’s probably better to use a name like -commonInitForClass. I lean toward -setUpClass, which is shorter and more verby.

Inception FireWire/Thunderbolt Hack

Inception:

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Via Jen Savage, who writes:

I knew these Thunderbolt/FireWire attacks were possible, but I wasn’t aware there was a tool that makes them easy.

Crucially:

If FileVault 2 is enabled, the tool will only work when the operating system is unlocked.

Douglas Adams on Mac OS X 10.0

Douglas Adams in April 2001, two weeks before his untimely death (via Daniel Pasco):

I was going to wait till the summer to install it, but I succumbed and installed it last week. It takes a little getting used to, old habits are hard to reform, and it’s not quite finished (what software ever is), and much of the software that’s out to run on it is Beta.

But…

I think it’s brilliant. I’ve fallen completely in love with it. And the promise of what’s to come once people start developing in Cocoa is awesome…

I’d gone to see him speak six months earlier. He gave an engaging talk about his non-fiction book on endangered animal species. The title was Last Chance to See.

Update (2014-01-22): See also Douglas Adams’s Mac IIfx (via Rui Carmo).

How Does Apple Keep Secrets So Well?

Quora:

On the software side, apparently they use API names that are disguised.

For example, still image stabilization was one of the new features of the iPhone 5S camera announced today. And yet, iOS 7 beta has been out for a while. They would have had to have development support for that feature somehow in the OS that thousands of other developers also need to get their hands on.

For example, here’s an API diff. The other answers to the question have some interesting stories.