From a posting on StackOverflow.

There are many areas of security expertise, so it highly depends on what your want your career path to look like. At the bits-and-bytes end there is penetration testing and “security research” (which is often as much “cataloging of programming bugs” as actual research). At the more strategic end there is “risk management” which often spends much of its time in non-technical considerations like appropriate budgets, education and response.

Blah, blah, blah, but how do you get started, right?

Now that we’re past the New Year, and I have a chance to reorganize my schedule, I’m working up my next series of postings. While you’re all patiently waiting, go read gotoAndPlay. I started out helping Geri on some layer drawing questions on StackOverflow, and have really gotten interested in his efforts to make his apps really beautiful.

PandoraBoy’s user interface is pretty screwed up since the recent Pandora update. I’ve talked with Pandora and it’s a known problem with WebKit. You’ll see the same issues if you run Safari. Pandora is working on a fix, and when they deploy it, PandoraBoy should automatically work again.

I’ve put out PB 0.8. It has a small number of preference and hotkey fixes, upgrades to the latest ShortcutRecorder (which took a lot more work than I hoped, and I still think may be a little flakey), dropped 10.4 support (because of the latest ShortcutRecorder), and adds experimental Rowmote support. (I may accidentally list “rowmote” as “rowmate” in the changelog; sorry about that.) I say “experimental” because I haven’t gotten around to testing it myself. The author of Rowmote kindly provided me a patch, and I’ve applied it and nothing seems to have blown up.

I’m planning at least another day of PB work this week, so vote on the Issues list for things you most care about and I’ll hit those first. Testing 10.6 support is obviously top of the charts. My main production box is still 10.5, and that’s where I run PB, so I haven’t actually run into the problem yet. But I have 10.6 boxes around to test with.

I know there are a lot of significant bumps with PB these days. I focus almost all of my development time on my full time Mac and iPhone projects, and only look at PB now and then (since it does everything I really want it to). But later this week I’ll make some more time to take care of the bigger issues that impact folks the most. Pandora is still my favorite music service, and I spend a lot of time listening to it. I like to help others enjoy it as much as I do.

The long-lasting power of Snow Leopard from The Yankee Group.

Ever since I first saw GCD at WWDC, I’ve been amazed by it and eager to give it a real spin. But since the vast majority of my work is in low-level libraries that run on both Mac and iPhone, GCD is closed to me (as is garbage collection; more on that later). I’ve said that multi-core would come to mobile devices because everything will come to mobile devices (laptops are the new desktops, and mobile is the new laptop). And for the iPhone, multi-core also makes a lot of sense by allowing Apple to dedicate a core to its own use during important functions like phone calls. But Carl Howe makes an even more compelling argument for mobile multi-core: better battery life.

With multi-core comes another strong possibility: garbage collection. The availability of a second core makes this more likely on iPhone. Yes, memory is tighter, but ever-growing. And GC will likely do a better job of reclaiming memory faster than much of the leaky programs I see from novice programmers. But to do it well, I think a second core is a real must. I’ve grown good at memory management over the years, and it’s hard for me to write GC Cocoa because it “feels wrong.” But I think I could get used to it…. And it would help alleviate the biggest class of coding error I see in Cocoa programs.

Of course, the clang static analyzer will probably help get rid of 90% of those errors anyway, so maybe the need for GC just went way down…. Have I mentioned recently how incredible clang really is? I desperately long for them to finish bringing it to Obj-C++ so I can use it.

NSCopying is not always as simple to implement as you would think. Apple has a good write-up discussing the complexities, but let me elaborate. Forgive some ranting digressions. It’s important to know how to work around the problems I’m going to discuss, but it’s also important to understand how insane it is to have to work around this issue.

First, there’s the fairly obvious problem of deep versus shallow copies. If object foo has an instance variable *bar, should a copy of foo have a second pointer to bar, or should it have its own copy of whatever bar points to? There is no way to answer this question generally; it depends on the nature of the objects.

Most of the time, this can be dealt with fairly easily by implementing the accessors with the correct behavior (retain versus copy), and you wind up with a copyWithZone: like this:

- (id)copyWithZone:(NSZone *)zone
{
    Product *copy = [[[self class] allocWithZone: zone] init];
    [copy setProductName:[self productName]];
    return copy;
}

That works really well as long as your superclass doesn’t implement NSCopying, but if it does, you may not have enough information or access to cleanly copy it. Now you would think this would be easy:

- (id)copyWithZone:(NSZone *)zone
{
    Product *copy = [super copy];
    [copy setProductName:[self productName]];
    return copy;
}

But that may or may not work. If super implements -copyWithZone: as described above, then all is fine. But what if your superclass uses NSCopyObject()? Things go badly, and in ways very difficult to understand and debug.

I work on a lot of projects that share significant code between iPhone and Mac versions. This is the beauty of Cocoa. While working on these projects, I’ve bumped into this idiom many times:

#ifdef TARGET_OS_IPHONE
#import <UIKit/UIKit.h>
#else
#import <Cocoa/Cocoa.h>
#endif

This is almost never correct, and almost always means that someone imported Cocoa.h into a model class. Model classes should never rely on UIKit or Cocoa. They should just import Foundation.h.

There is one interesting exception that we’ve run into: NSImage versus UIImage. These are really model classes, but they’re part of AppKit and UIKit. They have very similar interfaces, so in most code you should be able to interchange them and keep everything portable. What to do?

I started implementing a hotkey to regrowl the current song. ishermandom sent me a patch months ago to do this, and I’ve just started integrating it. It’s very small, I just hadn’t done it yet. Since I’ve restructured hotkeys due to the ShortcutRecorder upgrade, I’ve actually had to reimplement it anyway, but really, it’s not complicated.

I also pulled some of the NSLog() statements out, so PB will no longer fill your Console with messages about what song is playing. If you want need this functionality for something, let me know. There are better ways for me to implement it.

Funny, Pandora seems down this morning? The silence is deafening. Even while I’m investigating why the flash player isn’t coming up (even in Safari), I keep hitting my “play” shortcut because its too quiet. I guess I pull out iTunes….

For the last couple of nights I’ve finally gotten back to PandoraBoy work. The backlog of issues has gotten a bit out of hand as I’ve focused on other projects. One thing that has hung me up for a while has been the Hotkey preferences pane, which uses ShortcutRecorder. SR had an IB Pallet that only worked with IB2.5, not IB3, which made working on that panel very difficult. I’ve finally upgraded SR to the latest version, which required a lot of recoding since PB relied SR’s now-deprecated autosave functionality.

The side effect of all of that is that the latest SR requires Leopard, and so now PB requires Leopard. I had planned to wait for SnowLeopard’s release to drop Tiger support, but this accelerates that a bit. It does make my coding a work a bit easier, since 10.5 has many nice developer features.

Drop me a note if you’re still running PB on Tiger. Every other major user of ShortcutRecorder had already gone Leopard-only, which is why they made the move. Tigers are getting pretty rare out there.

Thank you stinkblog, thank you for saving me a great deal of pain debugging this. PandoraBoy work can now continue.