WWDC 2011 – Was it worth it?

Posted by Nick in iPhone

WWDC 2011 has come and gone. A couple of months later I’m asking myself if it was worth it and if I should try and go again next year. New Zealand is fairly far away from San Francisco and the financial cost is considerable. Plus, June is typically a busy month for most of our customers and being away for a whole week translates into a lot of catching up upon returning.

How much does it cost?

How much did it cost, really? Roughly here’s a breakdown:

• WWDC ticket NZD2,000.
• Flights (economy) NZD1,800.
• Accommodation (reasonably close) 7 nights ~ NZD1,100.
• Food & Drink ~ NZD500
• Coffee ~ NZD40
• AT&T SIM card ~NZD40
• Transportation (taxi, BART, MUNI)~ NZD100
• Other ~ NZD200.

Total is just under NZD6,000. So saving for WWDC would cost roughly NZD100 / week.

Luckily, Apple provides breakfast, lunch and snacks Monday to Friday so the food costs can drop considerably. Also, there are so many parties during the week one can easily do without “dinner”. There is also a beer bash on Thursday so there’s really no need to get dinner nor to buy drinks that day.

How much time do I need?

The conference starts on Monday and ends at around 4pm on Friday. Many companies organise events on Saturday and Sunday before the conference. Some are worth going to while other are just blatant sales / poaching events.

I flew on Saturday but in hindsight I’d fly on Friday. I’d use the extra day to do some more sightseeing and getting over jet lag. There are plenty of attendees who arrive early, especially those who come from Europe so being a day or two early is a great opportunity to make some new friends. Another reason to be as early as possible is that getting some rest before Monday morning makes queueing for the Keynote at 5 or 6am more bearable.

What did I get in return?

This is where it gets hard. How does one quantify the benefits of attending a conference? Here’s my attempt:

Knowledge

Some of the sessions are just amazing. They can be filled with “Duh!” moments, and, honestly, no matter how hard I keep telling myself that I will finish watching all the videos from the previous year’s WWDC, that never really happens. It’s so much easier to delude myself that a quick search on stackoverflow or the official forum holds the answer to my question. Do I think about the debt I had already introduced by that point in my project? I’m not going to answer this question now…

Booking one-on-one sessions with Apple engineers is simply… priceless. The UX and App Review discussions can be incredibly useful. Really!

In 2011 there were 5,200 attendees and 1,100 Apple engineers. What this means is that when I needed to talk to engineers from a certain team I got that opportunity in a matter of minutes. This is what the Labs are for. There are lots of labs too: App Frameworks, Core OS, Developer Tools, Graphics, Media and Games, Internet & Web.

Early access to new technologies and sample code. This can be very useful if the million-dollar-idea arises during one of the talks. I was not lucky enough to get such an idea but I still feel like having the extra time to learn about new stuff is pretty awesome.

Networking

I met some amazing Kiwi developers. I had an incredible time with them: we went out together, we helped each other with session tips, and swapped “notes” and comments on various talks.

Luckily I bumped into many developers that have built products I use and appreciate every day. It’s great to be able to say “Thanks!” in person.

Had I been looking for a job I could’ve found ten. Companies invite developers to apply for jobs and give away swag from before the conference starts until the last minute of the last session. I remember queueing for the Keynote and seeing vans from a number of companies offering coffee, snacks, T-shirts, magazines and more. It makes sense too: we were sitting ducks for advertisers. Where else would they find 5,000 iOS & Mac developers sitting in one place?!

Ego

I saw Steve Jobs live on stage. Yes, it sounds silly and it gets labeled in many ways but take my word for it: the man can deliver some amazing presentations!

I visited the “mothership”. Cupertino is the default location in my Simulator’s Maps app. It felt funny to be there when, while coding, I kind of hated that place for getting in my way.

I could go on but I just realised the things above are probably enough.

So, was it worth it?

For me it was. I spent a lot of time with UX people, I got plenty of technical questions answered by Apple engineers, I met amazing people and I had fun. Maybe more importantly I returned home knowing that I am in the right business. Motivation was never a problem but it sure feels great to get some confirmation…

Banking iPhone App Bypasses Parental Controls

Posted by Nick in security

ASB Bank has recently released an iPhone app. It’s yellow and it’s currently the number one app in New Zealand. No surprises here. However many of their customers have immediately slammed the bank for not really building a native app but just a mobile website wrapper.

I was very surprised to see just how many 1 star reviews there are in the app store for this reason alone but this blog post is not about the star rating of the app.

What really surprised me is the fact that the mobile site has not been customized to accommodate the new app. Basically any user can have a full web experience with just a few taps. This can be good in certain scenarios but in this case I believe it is quite bad.

Worst case scenario

Let’s assume John buys his child an iPhone or iPod touch. He then goes and enables Parental Controls on this device.

John now gives the device to his child knowing that he has done his best to enforce the web browsing rules that he wanted. This is where the ASB iPhone app comes into play. With just a few taps (demonstrated below), John’s kid will be browsing the web freely, in a FastNet Classic branded app.

Let’s what happened here.

• Start up the app
• On the Login Screen tap “Go to regular asb.co.nz”
• After the main page loads, tap “Follow us on Twitter”.

Obviously, from the Twitter search box John’s kid can go anywhere: whether it’s @google’s account or @LadyGaga’s it doesn’t really matter. What matters is that Twitter does not curate the links, photos or homepages that people link to. This is precisely what John wanted to prevent!

Who’s to blame?

• The easiest option would be to point the finger at Apple and ask why the mobile web view does not obey the parental control rules. To answer this question I would like to point out that mobile web views can be used for many things other than browsing the web. One simple example would be displaying a bundled HTML file.
• Once again, maybe Apple should be blamed for not preventing HTTP calls when Safari is blocked via parental controls. Again this is not really an option since games and other apps consume internet services.
• Or maybe ASB can be blamed for not building a native app and relying on a wrapper for their mobile website? I honestly don’t think there is anything wrong with doing this. The experience is inferior, the look and feel is not the best and the user interface gets downloaded every time, however this mobile web view approach does not force the scenario above to happen.

What I think happened is that the scenario I described above simply wasn’t considered.

Is there a solution?

There is a way to fix this and luckily it’s not hard at all. What I think ASB’s technical department should do is:

• point a crawler to the mobile site and follow all the links until a non-ASB page is loaded
• analyse all these links and make a decision on whether they are “safe” or not
• implement user agent detection or have the iOS app use a custom HTTP Header that causes external links not to be displayed / loaded

Conclusion

I have no doubt that ASB had nothing but good intentions when they decided to build this iPhone app. However they are a bank, they have lots of customers and their app is likely to be installed even by non-customers who just want to check out ASB’s offering. I am sure ASB will eventually plug this security hole and bring this to an end, however their 1 star reviews will linger and none of them (as far as I know) even touch on the issue described above.

From a technical standpoint the lesson here is that a UIWebView control can be very dangerous if careful thought is not put into how it’s used. Surely ASB does not want people to be able to tweet screenshots that have a FastNet Classic navigation bar and a collegehumour.com content view…

Cheers…

 

Subversion and Core Data (Versioning)

Posted by Nick in tools

iOS developers often have to commit their code into a Subversion repository. Usually this a simple, straightforward process unless Core Data (versioning) is involved.

Many iPhone / iPad / Mac developers have probably seen this error message:

‘<YOUR_CORE_DATA_MODEL.xcdatamodeld’ is already under version control

What happens is that the .xcdatamodeld is actually a folder rather than a file and thus subversion creates .svn subfolders as it should. This would all be okay, until you try to create a new core data version. At that point Xcode will move this folder into another folder together with its .svn subfolders. This is a big No-No for subversion though.

Here’s how I fixed this:

1. Copy the xcdatamodeld resource to another location (e.g. Desktop)
2. Using your preferred svn tool (I use and recommend Versionsapp) remove the old xcdatamodeld from your repository.
3. svn update the parent folder
4. Open terminal and change directory to your xcdatamodeld back up.
5. Recursively delete all .svn folders rm -fR .svn and make sure that if there are any subfolders your remove the .svn folders from there as well
6. Copy xcdatamodeld back to where it was and issue an svn add YOUR_CORE_DATA_MODEL.xcdatamodeld/
7. You are now ready to commit the changes as per usual.

The basic idea is to remove all traces of svn from your original folder, then remove all traces of your file/folder from subversion itself and then do a new add & commit.

Cheers…