Alan Fineberg

If you blog it they will come?

Tuesday, December 30, 2014

Technology as a broken promise

This Louis C.K. clip is often trotted out if/when folks complain about technology and it's got the wrong message:

The gist is, with all the things technology lets us do that we couldn't do otherwise, why do we get so upset when it doesn't work to our liking, instead of amazed at how it works it all? Stop whining, you're spoiled, etc.

Technology is held up to a high standard by spoiled whiners because that's how it's sold to us: that it will make our lives so much easier, and better.

Complaints about it result from a mismatch of expectations (it's less than what was promised and paid for). 

If someone promised to pick you up from the airport, and you paid them for it, and they showed up hours's not much of a consolation to say, "well it's amazing that people can even drive anywhere at all.  And wow, airports are neat." 

Thursday, May 9, 2013

NSURLConnection returns 200 when the connection is closed

Not what I was expecting! Let me show you; here's a testserver.go to hijack and close the connection:

package main

import (

func handler(w http.ResponseWriter, r *http.Request) {

func main() {
    http.HandleFunc("/", handler)
        http.HandleFunc("/hijack", func(w http.ResponseWriter, r *http.Request) {
        hj, ok := w.(http.Hijacker)
        if !ok {
            http.Error(w, "webserver doesn't support hijacking", http.StatusInternalServerError)
        conn, _, _ := hj.Hijack()
    http.ListenAndServe(":8080", nil)

Here's what it looks like via curl (after running "go run testserver.go")
~  ᐅ curl -v http://localhost:8080/hijack
* About to connect() to localhost port 8080 (#0)
*   Trying
* connected
* Connected to localhost ( port 8080 (#0)
> GET /hijack HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: */*
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0

Now let's see what NSURLConnection's sendAsynchronousRequest completion handler reports:
[NSURLConnection sendAsynchronousRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"http://localhost:8080/hijack"]] queue:[NSOperationQueue mainQueue] completionHandler:^(NSURLResponse *response, NSData *data, NSError *error) {
    NSLog(@"%d", [(NSHTTPURLResponse *)response statusCode]);
    NSLog(@"%@", error);

2013-05-09 14:41:00.221 testserver[59315:c07] 200
2013-05-09 14:41:00.222 testserver[59315:c07] (null)

There you have it! Connection closed results in a 200 http response code and no error!

Wednesday, December 12, 2012


Powell Street is jam packed with tourists getting their first glimpse of San Francisco's cable cars and behemoth retail stores on their way to Union Square. I'm stepping out of the office because I need a break, or better yet, a change in perspective.

I've lived here three years and see the tourists' sights as part of my daily commute. When I witness SLRs snapping family vacation photos with the backdrop of Abercrombie's double doors, judgment creeps in.

But, I didn't take this walk to judge tourists. Instead I attempt to cast myself into their mindset: to have come a long way to arrive in a place that is new and novel, to have arrived somewhere with the intention of marveling at marvels (commonplace now to me).

I imagine that I too am a tourist, and delude myself into thinking I've been traveling for hours and I close then open my eyes, and I as a tourist I think: "I've finally arrived, I'm here! There's so much to see, this amazing city, and it's mine to explore, etc."

"I've finally arrived, I'm here!"

There's instantly a rush of adventure, and wonder again as I gawk at the bustlings and buildings of Market Street.

It's possible to take this a step further.

It's more abstract, but I next imagine myself as a tourist though time AND space, one who has been traveling not for hours, but for years and years. And what a long, strange road it's been to this very precise moment, where I've finally arrived. So much time and effort, but now I can say, "I'm here."

This isn't merely a mental stress ball technique, it's a frame of mind I try to keep and access anywhere, anytime (not easy).

Perspective shifted, earnestness in hand, ready to encounter the next destination on my weird lifelong tour, I will walk around a bit more then return to cranking out code.

Wednesday, November 21, 2012

A lifetime of supporting roles

There are two types of people (for the sake of argument): those who thrust themselves into the spotlight, and those lean away from it.

I'm the latter. Maybe it's timidity, but perhaps not...

In sports, I was usually the defender, because I was better at reading an attack than creating one. But in music, I started off playing guitar, then picked up the bass so I could join a band with a talented singer/songwriter who needed a bass player.

In my work, I started off as a tester. Now I am a feature developer now but my comfort zone is at companies which have recently realized significant success and are building on it. I have not stuck my neck out at early, unproven startups.

Sometimes I want the limelight. I imagine a swift sprint upfield to score, stepping up on the monitors for a facemelting guitar solo, or launching some product in my free time that snowballs into an unprecedented one-man Silicon Valley success story, complete with magazine covers and a feature film.

But sticking to the shadows doesn't mean that you concede the act of creation.

In soccer, stopping an attack means setting the pace and the direction of the counterattack. And bass players know (few others do) that they are the ones really controlling the song  -- the tempo, energy, the complexity and direction.

And the developers who join a company well after its business model is demonstrated must be roadbuilders who not only pour asphalt over dirt roads, but design intersections and plan highways.

The world needs people who sparkle in the spotlight, but to mix metaphors, it's people like myself who may not always blaze the trail, but are ultimately steering the ship.

Thursday, August 9, 2012

jwz quote that's stuck with me

I could have benefitted from internalizing this quote when I was starting out, I was one of the skittish ones.:
"I think that's one thing that's really important is not to be afraid of your own ignorance. If you don't understand how something works, ask someone who does. A lot of people are skittish about that. And that doesn't help anybody.  Not knowing something doesn't mean you're dumb--it means you don't know it yet." --jwz (from Coders At Work)

Friday, June 29, 2012

List of shortcuts to change in XCode

Some shortcuts in XCode don't make sense at all, some are for features I never use, and some are awesome but off by default. I'll update this periodically.

Shortcuts to enable/simplify:

  • Select Word (Selection)
    • This is close the vim-ism "Change Inner Word" (ciw). Saves a lot of cursor hopping.
    • Ctrl+W  
  • Move Focus to Next Area
    • makes it easier to hop between the split panes if you don't want to deal with the Cmd+J navigation view.
    • Cmd+Option+up arrow

Shortcuts everyone should disable:

  • Ctrl+P to print
    • when was the last time you needed to print anything in Xcode?

Shortcuts I have no use for:

  • I never use code folding
    • It's too much manual work to fold and unfold everything
    • If you need code folding, your methods are too long.
    • If you want to find functions quickly, just hit Ctrl+6 and start typing its name

Friday, June 1, 2012

iOS Security Overview

I recently read Apple's iOS security overview which outlines the various security measures present on iOS devices.

It's a fairly short read at under 20 pages and it's great stuff to familiarize yourself with if you're developing on the platform. Here is a summary / some limited thoughts (I don't know much about security):

  • A lot of Apple's security measures are possible due to novel hardware solutions
    • The ARM processor's Execute Never which marks pages as non-executable
    • AES 256 crypto engine and SHA-1 are built into the file system and implemented in hardware, which drastically reduces the overhead of encrypting everything
    • Novel ways of wiping sensitive data that would otherwise linger in flash memory
    • UIDs are not readable by software or firmware, yet still used as input to crypto
A lock inside a lock inside a lock

  • The file system encryption is of an onion nature
    • File metadata is not available all the time. This is to restrict access when the device is locked or interrupted by a phone call, etc. and availability rules are described by a files' class
    • File metadata is encrypted. The file data itself is encrypted too, and that key is only available after decrypting the file metadata (that's right, each file has its own key)
    • Did I mention that the file class which points to the file's metadata is also encrypted? See image above
    • It's fast to remote wipe your device: just destroy the top level keys and nothing else on the filesystem is accessible
  • Every encryption/security algorithm I've heard of is deployed here (ok not ROT13):
    • Address space layout randomization
    • Lots of certificates to authenticate trusted code
    • Asymmetric elliptic curve cryptography (Curve25519)
    • Yarrow
    • PBKDF2
    • SSL, VPN, etc.
    • AES and SHA-1
    • escalating time delays: it'd take years to brute force a short password
  • I don't understand keybags yet
    • My eyes glazed over and it sounds too similar to teabags