Author Archives

How to Spy on the Web Traffic of any App

Dec 05, 2010

Have you ever wondered what is going on when all those apps on your iPhone communicate with websites and web services? In this article I will explain a technique to employ your Mac as a spy to be able to inspect all the traffic that goes on between the public Internet and your iPhone.

This is wonderful for learning what POST requests need to be made of if you do screen scraping. It’s also quite useful if you are planning to reverse engineer some API that is not public yet. Finally you can use it to look for potential security concerns to report to the makers of your favorite apps.

You require a Mac that has a wired internet connection as well as built-in WiFi. We’ll use the Mac as the “Man in the Middle” and route all Internet traffic from our iPhone over it so that we can inspect the HTTP/HTTPS.

5 Comments

NSURLConnection with Self-Signed Certificates

Dec 04, 2010

A year ago I touched upon the question as to how you can prevent NSURLConnection from aborting a HTTPS GET if the certificate is invalid. At that time it seemed like the only method available was a forbidden one: allowsAnyHTTPSCertificateForHost. It’s undocumented, works, but gets your app rejected if Apple finds it when scanning your symbols.

But what should people do who don’t want to shell out hundreds of dollars for a trusted HTTPS certificate just so that they can reap the benefit of encrypting their web traffic and possibly hide user login data from prying eyes? The alternative to those commercial certificates is to produce a Self-Signed one and install it on your web server.

In this article I will demonstrate how to properly and officially deal with self-signed certificates via NSUrlConnection. It just so happens that I have a *.cocoanetics.com on my website, primarily used for protecting SVN communication. If you go to https://www.cocoanetics.com you will see it in this dialog:

Since a Self-Signed certificate does not have a trusted root the standard is to ask the user if he wants to trust the web site temporarily, permanently or not at all. The reason being that encryption only makes sense if you know that the recipient is who he says he is. Any other site can also produce a *.cocoanetics.com certificate for their IP address. Root Certification Authorities (CA) provide security that only a certain IP address can be the holder of a domain name. This is why you see the trust of the certificate be dependent on the trust in the certificate of the CA.

But if you are calling web services of your own you can forego this mechanism. In this article I am documenting how.

31 Comments

Wooden Stands for iPad and iPhone

Dec 02, 2010

A few days ago I mentioned to my father-in-law Alois (who happens to be a passionate wood tinkerer) that it would be nice to have something to prop up an iPad for watching movies or playing poker. A quick search yielded one at Wired, a website woodenipadstands.com and the one that Matt Legend Gemmell had recomended: WoodPad

A mere four days later he presented these prototypes to us. Ingenious!

You can see that it works well in portrait and landscape and the iPad stand has two angles at which you can use them, 15 and 25 Degrees. To make it stand even firmer he extended to pieces at the base, so it sits rock-solid on your table. The 15 Degrees also work very well with the picture frame mode which does support landscape as well.

1 Comment

Transfer of Subversion Repositories

Dec 01, 2010

You might have noticed that your SVN access to components repositories does not work any more. As of today our old Subversion server has been turned off.

It has served me well, but it was a VisualSVN on top of a virtual Windows NET and thus somewhat a pain to maintain. The new hardware is a dedicated machine with CentOS and proper backup procedures. Previously I had to rely on some file-based backup scheme, now the are regularly saving SVN backups to a second server. Having a quad-CPU dedicated server with 750 GB RAID HDD gives us way more room to grow than we previously had on a 7 GB HDD virtual Windows server.

If you are a customer of one or more of our components then look for an e-mail informing you about new access details.

Cocoanetics Component Charts

In order to be able to send out these mails I had to go through my invoices and compile a list of customers for each component. In spirit of reusability of data let me show you how many sales I’ve had per component.

0 Comments

glif duels two other iPhone 4 Tripod Mounts

Nov 30, 2010

A while back I reviewed the only two tripod mounts I could find to fit my iPhone 4 and to this date its one of the most searched for articles on this blog. So its only fitting that I would also review the glif as soon as it became available. The two previous contenders for the crown of iPhone 4 Tripod Mounts were the Mosy Mount and the U+G4 Holder. There I preferred the latter because of how snug the holder fit my iPhone4 and because of the engineering effort that went into it.

You might remember reading how the two inventors of the GLIF wrote their own success story on Kickstarter. Originally they where shooting for $15,000 but with the help of some friendly linking they soon went past the $100,000 mark. When backing the project you had several options. One of the regular options would get you one glif as soon as mass production would start. I opted for the $50 variant where I would also receive a pre-release glif so that I could review it before everyone else. For a while I was tempted to go for the VIP option which would have gotten me a dinner with the guys, but being in Europe made this impossible.

The Glif

When you first see the Glif you might think that “there’s something missing”, it is that simple. Holders before it would encompass or grab the iPhone 4 in some way to prevent it from obeying gravity. Here is the first major difference. The glif only gribs as much of the iPhone 4 as is absolutely necessary. The material has a somewhat intentional roughness without which the iPhone would simply slide out. But because of the friction and precision molding that much material is all it takes to firmly secure the iPhone in place. Theoretically even upside down, but I would not dare doing that without some extra tape. The first few times it would hold upside-down, but I suspect that insertion of the iPhone flattens the structure of the material slightly over time which would reduce the friction to a point where the iPhone 4 would fall out. Now the material of the final production Glifs might be somewhat different, but generally it would not be wise to risk you iPhone just to boast to your friends: “weeee! upside down!”

5 Comments

Draggable Buttons and Labels

Nov 25, 2010

luckysmiles asks:

Pls anyone help me…how to move controls(like button,label.. ) from one place to another using touch events in iphone..

There are 3 possibilities nowadays on how to enable items – that is UIViews and UIControls – to be draggable.

override touchesMoved
add a target/selector for dragging control events
add a pan gesture recognizer

All those are variations on essentially the same thing: the iOS delivers touches to your app and you have more or less intelligent plumbing to calculate a moving vector. Then you apply this delta to either the frame of the thing to be moved or, more intelligently change the item’s center property.

When I started building a sample I wanted to create a UIButton subclass with the added draggability and have this button be instantiated from a XIB. Now it turns out that you can only create custom buttons like this, not rounded rect buttons like you usually do. The reason for this being that the regular initWithFrame or initWithCoder for a subclassed UIButton would need to instead create a UIRoundedRectButton (private Apple class) to look like that.
Read more

10 Comments

We Moved!

Nov 24, 2010

It’s been quite some time in the making and it was the main reason for my lack of updates: Moving. For the longest time this blog was hosted on a virtual Windows server, but I finally had the guts to move to a dedicated Linux box…. and ditch Windows which I was at it.

In the past I had all my content under drobnik.com which made me somewhat unhappy because the analytics would always be a mixture of traffic going to my German-language personal blog and my English-language iPhone-Development blog. Another drawback was that I had to have a “disambiguation page” under the domain root directing people to any of the sub-sites. Yuck.

Now these are the sites hosted on the new server:

Cocoanetics.com – iOS Development (English)
Cocoapedia.org – iOS and Mac Development encyclopedia (English)
Oliver.Drobnik.com – personal blog (German)
drobnik.com – company blog of Drobnik KG (German)
www.pasching.cc – personal blog of my brother Dieter (German)

I spent most of the day today – not coding on iWoman 2.0 as I would have liked to – but working with my Linux guru to get the final kinks out of of this to be ready to call the move. A bit of URL hacking via a search&replace plugin, some manual file copying, plugin updating, URL rewriting/redirecting, claiming the sites in Google Webmaster Tools and submitting sitemaps and lots of other itsy-bitsies.

Well, that should have been it. Now that this blog again stands on terra firma I can resume writing the Q&A and recipe articles that people love to read on this blog.

UPDATE: The old server can still be reached via drobnik.net. I also am moving and consolidating my Subversion repositories on the new server. Until then you can simple substitude .net instead of .com in the repository URLs. For example: https://www.drobnik.net:8443/svn/DTBannerManager/ – you will have to re-accept the self-signed certificate.