Our DNA is written in Objective-C
Jump

How to Spy on the Web Traffic of any App

Have you ever wondered what is going on when all those apps on your iPhone communicate with websites and web services? In this article I will explain a technique to employ your Mac as a spy to be able to inspect all the traffic that goes on between the public Internet and your iPhone.

This is wonderful for learning what POST requests need to be made of if you do screen scraping. It’s also quite useful if you are planning to reverse engineer some API that is not public yet. Finally you can use it to look for potential security concerns to report to the makers of your favorite apps.

You require a Mac that has a wired internet connection as well as built-in WiFi. We’ll use the Mac as the “Man in the Middle” and route all Internet traffic from our iPhone over it so that we can inspect the HTTP/HTTPS.

Read more

NSURLConnection with Self-Signed Certificates

A year ago I touched upon the question as to how you can prevent NSURLConnection from aborting a HTTPS GET if the certificate is invalid. At that time it seemed like the only method available was a forbidden one: allowsAnyHTTPSCertificateForHost. It’s undocumented, works, but gets your app rejected if Apple finds it when scanning your symbols.

But what should people do who don’t want to shell out hundreds of dollars for a trusted HTTPS certificate just so that they can reap the benefit of encrypting their web traffic and possibly hide user login data from prying eyes? The alternative to those commercial certificates is to produce a Self-Signed one and install it on your web server.

In this article I will demonstrate how to properly and officially deal with self-signed certificates via NSUrlConnection. It just so happens that I have a *.cocoanetics.com on my website, primarily used for protecting SVN communication. If you go to https://www.cocoanetics.com you will see it in this dialog:

Since a Self-Signed certificate does not have a trusted root the standard is to ask the user if he wants to trust the web site temporarily, permanently or not at all. The reason being that encryption only makes sense if you know that the recipient is who he says he is. Any other site can also produce a *.cocoanetics.com certificate for their IP address. Root Certification Authorities (CA) provide security that only a certain IP address can be the holder of a domain name. This is why you see the trust of the certificate be dependent on the trust in the certificate of the CA.

But if you are calling web services of your own you can forego this mechanism. In this article I am documenting how.

Read more

Wooden Stands for iPad and iPhone

A few days ago I mentioned to my father-in-law Alois (who happens to be a passionate wood tinkerer) that it would be nice to have something to prop up an iPad for watching movies or playing poker. A quick search yielded one at Wired, a website woodenipadstands.com and the one that Matt Legend Gemmell had recomended: WoodPad

A mere four days later he presented these prototypes to us. Ingenious!

You can see that it works well in portrait and landscape and the iPad stand has two angles at which you can use them, 15 and 25 Degrees. To make it stand even firmer he extended to pieces at the base, so it sits rock-solid on your table. The 15 Degrees also work very well with the picture frame mode which does support landscape as well.

Read more

Transfer of Subversion Repositories

You might have noticed that your SVN access to components repositories does not work any more. As of today our old Subversion server has been turned off.

It has served me well, but it was a VisualSVN on top of a virtual Windows NET and thus somewhat a pain to maintain. The new hardware is a dedicated machine with CentOS and proper backup procedures. Previously I had to rely on some file-based backup scheme, now the are regularly saving SVN backups to a second server. Having a quad-CPU dedicated server with 750 GB RAID HDD gives us way more room to grow than we previously had on a 7 GB HDD virtual Windows server.

If you are a customer of one or more of our components then look for an e-mail informing you about new access details.

Cocoanetics Component Charts

In order to be able to send out these mails I had to go through my invoices and compile a list of customers for each component. In spirit of reusability of data let me show you how many sales I’ve had per component.

Read more

glif duels two other iPhone 4 Tripod Mounts

A while back I reviewed the only two tripod mounts I could find to fit my iPhone 4 and to this date its one of the most searched for articles on this blog. So its only fitting that I would also review the glif as soon as it became available. The two previous contenders for the crown of iPhone 4 Tripod Mounts were the Mosy Mount and the U+G4 Holder. There I preferred the latter because of how snug the holder fit my iPhone4 and because of the engineering effort that went into it.

You might remember reading how the two inventors of the GLIF wrote their own success story on Kickstarter. Originally they where shooting for $15,000 but with the help of some friendly linking they soon went past the $100,000 mark. When backing the project you had several options. One of the regular options would get you one glif as soon as mass production would start. I opted for the $50 variant where I would also receive a pre-release glif so that I could review it before everyone else. For a while I was tempted to go for the VIP option which would have gotten me a dinner with the guys, but being in Europe made this impossible.

The Glif

When you first see the Glif you might think that “there’s something missing”, it is that simple. Holders before it would encompass or grab the iPhone 4 in some way to prevent it from obeying gravity. Here is the first major difference. The glif only gribs as much of the iPhone 4 as is absolutely necessary. The material has a somewhat intentional roughness without which the iPhone would simply slide out. But because of the friction and precision molding that much material is all it takes to firmly secure the iPhone in place. Theoretically even upside down, but I would not dare doing that without some extra tape. The first few times it would hold upside-down, but I suspect that insertion of the iPhone flattens the structure of the material slightly over time which would reduce the friction to a point where the iPhone 4 would fall out. Now the material of the final production Glifs might be somewhat different, but generally it would not be wise to risk you iPhone just to boast to your friends: “weeee! upside down!”

Read more

Draggable Buttons and Labels

luckysmiles asks:

Pls anyone help me…how to move controls(like button,label.. ) from one place to another using touch events in iphone..

There are 3 possibilities nowadays on how to enable items – that is UIViews and UIControls – to be draggable.

  • override touchesMoved
  • add a target/selector for dragging control events
  • add a pan gesture recognizer

All those are variations on essentially the same thing: the iOS delivers touches to your app and you have more or less intelligent plumbing to calculate a moving vector. Then you apply this delta to either the frame of the thing to be moved or, more intelligently change the item’s center property.

When I started building a sample I wanted to create a UIButton subclass with the added draggability and have this button be instantiated from a XIB. Now it turns out that you can only create custom buttons like this, not rounded rect buttons like you usually do. The reason for this being that the regular initWithFrame or initWithCoder for a subclassed UIButton would need to instead create a UIRoundedRectButton (private Apple class) to look like that.
Read more

We Moved!

It’s been quite some time in the making and it was the main reason for my lack of updates: Moving. For the longest time this blog was hosted on a virtual Windows server, but I finally had the guts to move to a dedicated Linux box…. and ditch Windows which I was at it.

In the past I had all my content under drobnik.com which made me somewhat unhappy because the analytics would always be a mixture of traffic going to my German-language personal blog and my English-language iPhone-Development blog. Another drawback was that I had to have a “disambiguation page” under the domain root directing people to any of the sub-sites. Yuck.

Now these are the sites hosted on the new server:

I spent most of the day today – not coding on iWoman 2.0 as I would have liked to – but working with my Linux guru to get the final kinks out of of this to be ready to call the move. A bit of URL hacking via a search&replace plugin, some manual file copying, plugin updating, URL rewriting/redirecting, claiming the sites in Google Webmaster Tools and submitting sitemaps and lots of other itsy-bitsies.

Well, that should have been it. Now that this blog again stands on terra firma I can resume writing the Q&A and recipe articles that people love to read on this blog.

UPDATE: The old server can still be reached via drobnik.net. I also am moving and consolidating my Subversion repositories on the new server. Until then you can simple substitude .net instead of .com in the repository URLs. For example: https://www.drobnik.net:8443/svn/DTBannerManager/ – you will have to re-accept the self-signed certificate.

GeoCorder 1.2.1

The last major update/polish of GeoCorder just got approved only for me to find that I had forgotten to update the iTunes icon as well. Unfortunately you cannot do so any more once the app is published.

Oh well, I also still had my old twitter name dr_touch in the about dialog. So I submitted a quick update to fix these two things. Just maybe users will notice that I update my apps as often as I can and download more copies.

GeoCorder and GeoCorder [FREE] are available on the app store.

GeoCorder 1.2.0

On my recent trip to the USA I put the finishing touches on the next big update to GeoCorder. And today (while recuperating from a bit of a cold) I finished up with some 3.x compatibility issues and integration with the latest versions of DTShop and DTBannerManager.

This version became necessary because I wanted to fix a slight problem one special customer was having with the new tracking function. The tracker would disable if you didn’t have internet connectivity, say during a phone call. Another user who is into ballooning asked for a method to better filter the path to prevent the jumping around that occurs when CoreLocation switches to cell-tower locating due to signal degradation.

Updates

  • NEW: Fully redesigned artwork for Retina display
  • NEW: Map View now displays path of currently recording track
  • NEW: KML supported for exporting
  • NEW: new filter option to eliminiate implausible track points
  • NEW in free version: Option to remove ads via In-App purchase
  • FIXED: Default Recording Settings not showing on Settings View
  • FIXED: speed would not be inserted in called tracking URL
  • FIXED: tracking ping would be disabled if Internet connection was lost

While at it, I needed a testbed for the new option of DTBannerManager to allow the user to purchase removal of the Ads, which can now come from iAd, MobFox or AdMob.

Finally, I added KML as export option because this can be readily used by FTLocationSimulator to simulate movement in iPhone simulator.

KML uses so-called line strings which contain way less information than GPX tracks. They only have coordinates and altitude, no timestamps. KML was designed to represent a recorded movement through space but rather static three-dimensional lines in Google Earth.

There IS a way to represent movement through time in KML as well, but it is extremely verbose as you can see from the whale example in Google’s KML documentation. It works by creating a place mark for each track point which is very ugly. I’m only going to implement that if it turns out to be “absolutely necessary” for a specific use case.

Therefore this version of GeoCorder has one “known issue”: KML cannot be used for GeoTagging because of the missing time information. For geotagging you have to stick with the GPX format.

The update is now with Apple and should be approved in a week or so.

Cocoapedia

Do you know any facts? Like what you did before getting into iOS development? Or are you possibly looking for facts? Those facts that make blog articles much more interesting?

In this case, let me introduce you to the Cocoapedia. The name should right away invoke two associations: Cocoa, as in Apple’s API we use for developing for Mac and iOS devices. -pedia as in Encyclopedia or Wikipedia. As it should be with any self-respecting Wiki I have written up the history of Cocoapedia on its article on itself.

It’s actually the second time already that we’re launching this, the first time was a complete and utter failure. I had thought that it would smart to make it invitation-only to be able to regulate quality. But this actually prevented any kind of spontaneous growth that makes sites like Wikipedia great. So I’ve abolished these restrictions, everybody can now edit Cocoapedia and they should!

Now, don’t get me wrong, Cocoapedia is not supposed to replace any blog, forum or Q&A site like StackOverflow. Also it should not become a dumb link collection.

Have you ever wondered why some topics are on Wikipedia and why some are not? In May 2008 I wanted to know and added an entry for myself, which promptly got removed again stating that it would not be relevant for addition. From which I learned that relevance is something quite subjective and not even Wikipedia’s set of rules can objectify this dilemma.

We Cocoa developers live in our own universe which has different kinds of rules than mighty Wikipedia. To give a prominent example: Aaron Hillegass is on Wikipedia, while Erica Sadun is not, even though the latter was written dozens of books. Now, unless you are a big fan of Aarons, you probably would agree that this omission is odd. Erica has done much more for us developers but apparently has not hired an experienced Wiki-Writer to add an article for her that would pass under the stern eye of the Wikipedian.

Cocoapedia offers a remedy.

Here the idea is that all facts, events, conferences, apps, components and people connected in the least with Cocoa development have a place to go down in history. Though bear in mind that it is facts that makes a Wiki great. I don’t want to read self-glorfying hymns. I DO want to read a bit of biography and – if any – factual accomplishments, preferably with a footnote that proves them.

Over time Cocoapedia has the chance to grow into a compendium that bloggers would consult to fact-check articles on specific people. There are often disparate bits of “About” spread over developers online sites, blogs, twitter streams and Facebook pages. If you want people to know who YOU are, then you need to provide them with a concise entry.

Making an entry is very easy, I made a tutorial video showing how you can quickly start a new article which you would then fill with some facts about the topic of the article. I randomly chose Gleb Dolgich from my twitter followers who did not mind me creating an entry for him.

Don’t forget that everybody is an editor, so you never truly “own” a page on Cocoapedia. We’ve already had a bit of vandalism, but that’s easy to remove by the undo function. For extreme cases it’s possible to lock pages for a while but experience on Wikipedia has shown that in digital media, where Vandalism can be easily removed, it is generally very short lived. It’s simply less work to revert an article to a good state than it is to vandalize it.

You can look at any page’s source by going to the Edit mode. You most quickly learn Wiki-Editing by copying pieces of such code to your own articles. Consider the article about yourself your first exercise. Then once you have mastered that create references and articles for items related to you. For example if you have a partner for some of your apps, then just enclose his name with double square brackets. This will make it an intra-Wiki link which allows to create a new article if you follow it.

Finally, I request of you that you pass on this information of what need Cocoapedia is trying to fill with the help of an army of contributors. See you inside!