iphone

View ...

Stretched legs a little further today with the dog, didn’t expect to find a Heron – other end of this lake is full of shopping trollies 😬

View ...

Took advantage of the weather and out with the #snow dogs

View ...

When you have to defrost the poop bins you know it’s chilly out! ❄️

You get what you pay for – Mobile App Security

You get what you pay for – App Security

Andy Flisher is a Software Developer based in the North East of England specialising in cross platform development. Mobile Development experience includes Windows Phone, Android, and iPhone Apps. Desktop Software Development includes bespoke Windows, Linux, and Mac Applications. Web Development Skills include PHP, Perl, Python, Xamarin, C#, ASP (Classic and .NET) – Andy Flisher on Google+

In the course of work this week I had a cause to audit an iOS App that a prospect had had developed by a local competitor here in the North East, the reasoning for this was that the prospective client was looking at moving the hosted back end (ASP .Net, SQL Server – standard stuff) and wanted a price.
The purpose of the audit was to check what network connections the app was making, and correlating with what I knew about the backend hosting, just to make sure there were no surprises, we didn’t have the source code for either end yet, it was just a pricing exercise at this point (As it happens the App is written using PhoneGap so we did have the source code, but my route was quicker).

So, I installed the app, redirected my iPhone through a proxy server, and fired up the app – and proceeded to stare in horror. The app instantly, on first run fired up an un-encrypted, un-authenticated connection to the backend host and promptly downloaded the usernames, password, emails, and more for every user in the system. It then keeps a copy of these locally, and uses those details to authenticate later.

Why is this bad, in laymans terms, because anyone, on the internet, who knew the url the app uses could download the same list. Would people be interested in logging in to this system? Probably not, do people use the same username and password for Amazon, Tesco, Online Banking – absolutely, and there’s the problem.

Solutions, well it’s about paranoia, but key areas;

  • Authentication – Implement simple basic authentication so that the app logs in to the webservice it pulls the data from.
  • Https – Implement and SSL connection, then at least all traffic too and fro is encrypted (important as Basic Authentication is over plain text, so without https it’s still sniffable)
  • Change the login mechanism to completely remove the need to download all user info at all.

What’s really frustrating though, and actually makes the ‘You get what you pay for’ title of this post a misnomer, is this wasn’t a cheap solution.  The client paid a very reasonable amount for this app and solution.  This is the sort of thing we see, and sadly expect, when a ‘cheap’ solution is offered as a counter to ours.  We’re not expensive, but not cheap, we do do things correctly though.  It’s a classic case of the customer not knowing what they’re not getting, they trust, and assume that a professional job is being done, without really asking too many questions about why it’s cheap.

In this case no excuses though, I’ll not name anyone, and we’ve raised the issue with the client – We certainly won’t be taking on the hosting until it’s resolved!

Andy works for dotUK (www.dotuk.net) a North East Based Web and Software Development firm he helped found.

The iPhone App for Zenoss – That’d be KyK

The iPhone App for Zenoss – That’d be KyK then

Andy Flisher is a Software Developer based in the North East of England specialising in cross platform development. Mobile Development experience includes Windows Phone, Android, and iPhone Apps. Desktop Software Development includes bespoke Windows, Linux, and Mac Applications. Web Development Skills include PHP, Perl, Python, ASP (Classic and .NET) – Andy Flisher on Google+

 

Zenoss is a monitoring system, we use it the office, and basically it sits on one of our servers out in the Cloud (the Internet to most people) and regularly monitors our kit, servers, and our clients kit too, to make sure they’re still up and doing what they should. If something disappears, a disk gets full, or a server overloaded it alerts our Engineering team and we swoop into action. When there’s an alert it keeps on alerting until you respond and acknowledge it – that’s where KyK comes in.

KyK?– It’s from the Afrikaans for ‘Watching’ – which is the easiest way to explain what Zenoss does.

Yes, yes, very clever – but what is it? Well, it’s an iPhone App, an iPhone client for Zenoss if you will, although not just iPhone, it will work on any handheld iOS device, so that’s the iPod Touch and the iPad – Oh, and I wrote it, I’m an App Developer too you know, so that’s Web Based Software, Desktop Software, and Mobile Software – clever me 🙂

Back to the top, when there’s an alert in Zenoss you have to get on line, login, see the agent and acknowledge it. Alerts don’t happen at convenient times, so KyK is aimed at making it easier. Fire up the App, it automatically polls your Zenoss server and lists any events. New events are highlighted at the top, tap, confirm, acknowledged – that simple, convenient, mobile. You can also view more detail and alert history for events too if you want.

What’s next? Well KyK (and KyK Lite – a free version that lets you see events but not acknowledge them) is out there now in the Apple iOS App Store, there’s a version for Android in Beta (that basically means half done and in testing) and it may expand beyond that, I have half an idea for an enhanced iPad / Tablet version with a lot more management features, but we’ll have to canvas demand to justify developing that.

How’s KyK doing, setting the Zenoss Community on fire? Not yet, but it’s only been out for a few weeks, we have customers in Mexico, Canada, the US, South Africa, and of course the UK – it’s interesting being global – but also a challenge. I deliberately wrote a support / feedback mechanism into the app so users can contact us as easily as possible, it’ll also send me useful debug logs so I can understand what has and hasn’t happened, so that makes life easier, but of course we have timezones and languages to deal with, thankfully most people internationally speak better English than we do. Today I’ve released version 1.1 which fixes a couple of minor bugs and user interface anomalies, and massively adds support for Zenoss 4 and above (Annoyingly Zenoss 4 came out of Beta whilst KyK was in the worlds longest App Review, so we had no opportunity to test and ensure compatibility before release), and have a few features to add for the next release. The big milestone will be 1.2 when it’ll go live for Android too, just need a Tardis and a few round-too-it’s and we’ll be there.

Bigger plans, commercially, we’d like to talk to Zenoss themselves, or their clients, KyK is written in such a way that it could easily be re-branded, or custom re-written as an Enterprise App to be deployed large scale – but that sounds a lot like Marketing, which is for another day and the right frame of mind, step 1 (and 1.1) complete.

In the meantime if you use Zenoss, or know someone that does, and have an iPhone in your hands, buy KyK for Zenoss on the iPhone, leave a nice review (if you can), and make me smile, thus justifying a lot of long hours and thought!

Andy works for dotUK (www.dotuk.net) a North Based Web and Software Development firm he helped found.

BTServer causing high CPU utilization (When wake from Sleep)

Symptoms are that your Mac wakes from sleep and CPU usage spikes to 100%, Activity Monitor show’s it the BTServer process using it all and you have to quit it.  This happens, 100% reproducible, when you’ve used the iOS Simulator at some point since the last reboot.

This isn’t a perfect solution, in fact it’s ruddy useless of the iPhone / iPad app you’re developing uses Bluetooth, but if it doesn’t then you can get away without BTServer, so we disable it.

Thanks to ‘Frankie’ via the Apple Support Forums

 

Re: BTServer causing high CPU utilization

Mar 4, 2012 5:51 AM (in response to Ryan Homer)

I have the same issue. My mac is 10.6.8 and I’m using XCode 4.2.

 

Just try:

 

Go to the Macintosh HD > Developer > Platforms > iPhoneSimulator.platform > Developer > SDKs > iPhoneSimulator5.0.sdk > System > Library > LaunchDaemons directory and then open the plist file from there. Locate the “Disabled” key and change its value from “NO” to “YES”.

You need to change permission in the file and also its parent folder in order to save the new permission of plist file before modifying in XCode.

 

Hope this help.

 

Frankie

via BTServer causing high CPU utilization: Apple Support Communities.

Andy Flisher is a Software Developer based in the North East of England specialising in cross platform development. Mobile Development experience includes Windows Phone, Android, and iPhone Apps. Desktop Software Development includes bespoke Windows, Linux, and Mac Applications. Web Development Skills include PHP, Perl, Python, ASP (Classic and .NET) – Andy Flisher on Google+

iOS 5 Beta 2 has bricked my iPhone – Updated

Updated 28/6/2011 – See below for a solution to avoid bricking in the first place

And I’ve just bricked my pants, thankfully I think as I type (gives me something to do as I wait the process out), there is a solution.

I was already running iOS 5 on a non jailbroken iPhone 4, legit route (am a registered developer so downloaded and updated via xcode etc), all good, got to the ‘Waiting for Iphone’ message, and stayed there.  So I waited, and waited, but nothing.

Screen was black, so went to power on, and nothing, holding down power and home button, nothing, not a glimmer, one dead iphone.  Bricked.

On a whim I killed Xcode and fired up iTunes, and a glimmer of hope, a dialogue box appears, we have detected in restore mode, still nothing on the screen, no connect to itunes diagrams, but still, who am I to argue, if you can see my iphone I’ll work with it.

Clicking through the process it offered me iOS 4.3 as the last ‘released’ version, so I cancelled out, Alt+Clicked the Restore button and browsed to the v5 beta 2 .ipsw file, and waited, and am still waiting, but it’s restoring and as I type there’s an Apple logo and a progress bar on the screen so something’s alive.

Looking about I did find this link (Apple Dev forums so needs a Dev logon I think) Iphone 3gs dead after IOS 5 beta2 update which pretty much echoes my process, and I can verify the success now as iTunes is offering to restore from backup, and the phone is showing the new activation screen.

Phew, I think, and thanks Apple, that was seamless.

Caveat: Apple warn you not to install Developer releases on your primary / sole device, but I know best, blah, blah, yes, all my fault if it goes wrong I know 🙁

 

Update:  Have installed iOS 5 Beta 2 on 3 Devices now, first two I did normally via Xcode and both showed bricked symptomks of an entirely black screen and lifeless after Xcode finished restoring.  Thankfully both came back to life by re-restoring through iTunes as per above.

The third I’ve learnt from (only 2 failures to learn, I’m getting there!), plugged device into Xcode and clicked the ‘Use for Development’ link in Organiser (it was a new device and UUID so necessary) and let it install the debug symbols etc.  And then quit out, into iTunes and immediately Alt+Clicked Restore, browsed to the firmware and off we go, basically bypassing the wasted and aborted Xcode restore process.  All good, and straight into the new Activation process after a reboot.

Andy Flisher is a Software Developer based in the North East of England specialising in cross platform development. Mobile Development experience includes Windows Phone, Android, and iPhone Apps. Desktop Software Development includes bespoke Windows, Linux, and Mac Applications. Web Development Skills include PHP, Perl, Python, ASP (Classic and .NET) – Andy Flisher on Google+