The personal blog of Stuart Breckenridge

A UIAlertController Protocol for UIViewController

The error handling model in Swift is easy to follow. For example, in the below code I am saving changes to the Core Data persistent store and if there is an error when saving a UIAlertController is displayed to the user:

do 	{ try context.managedObjectContext.save() } 
catch let error as NSError {
        let alert = UIAlertController(title: "Error", message: error.localizedDescription, preferredStyle: .Alert)
            alert.addAction(UIAlertAction(title: "Dismiss", style: UIAlertActionStyle.Default, handler: nil))
            self.presentViewController(alert, animated: true, completion: nil)
}

In many circumstances the above UIAlertController code is repeated in the catch blocks. To reduce this repetition I’ve created a protocol for UIViewController:

protocol UIAlertControllerErrorDisplay
{
    func showAlertControllerWithError(error:NSError)
}

extension UIViewController:UIAlertControllerErrorDisplay
{
    func showAlertControllerWithError(error:NSError)
    {
        NSOperationQueue.mainQueue().addOperationWithBlock { () -> Void in
            let alert = UIAlertController(title: "Error", message: error.localizedDescription, preferredStyle: .Alert)
            alert.addAction(UIAlertAction(title: "Dismiss", style: UIAlertActionStyle.Default, handler: nil))
            self.presentViewController(alert, animated: true, completion: nil)
        }
    }
}

After this is implemented, you can call showAlertControllerWithError(error) from your view controller if you want to display the error message to the user. This simplifies the original code:

do {
                try context.managedObjectContext.save()
            } catch let error as NSError {
                self.showAlertControllerWithError(error)
            }


Let's Encrypt

When I was setting up this version of my website back in June, I decided that it needed to support HTTPS. I purchased a Thawte SSL 123 certificate through Namecheap, completed the certificate signing request formalities, uploaded the files to my server, and then configured nginx to serve the website through HTTPS (my config file is at the bottom of this post).

Around a month ago, I was alerted to Let’s Encrypt. In their own words, Let’s Encrypt is a free, automated, and open Certificate Authority. The fact that it was free was good, but what caught my eye was that it was automated. I immediately signed up to the limited beta and began testing. Below are the steps that I followed:

Logged on to my server, then:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory certonly

Finally, I made changes to the nginx default config file, specifically to the ssl_certificate and ssl_certificate_key items to point to the new Let’s Encrypt files.

That’s it. All in, it took about five minutes and as you can see the site is fully trusted with no errors.

Let’s Encrypt goes into public beta in early December. If you want to add HTTPS to your site, I’d highly recommend using their certificates.

server {
        listen 80;
        server_name www.yourdomain.com;
        root /usr/share/nginx/html/current;
        index index.html;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443;
        server_name www.yourdomain.com;
        root /usr/share/nginx/html/current;
        index index.html;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/www.yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.yourdomain.com/privkey.pem;

         # enable session resumption to improve https performance
  # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 5m;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # enables server-side protection from BEAST attacks
  # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
  ssl_prefer_server_ciphers on;
  # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ciphers chosen for forward secrecy and compatibility
  # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA$

  # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
  # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
}


What Does S$35 of Twitter Advertising Get You?

My app - The FFI List - is targeted at a niche market. How niche, you ask? If you were to use the $27M electron microscope at Lawrence Berkeley National Labs, which is capable of making images half the width of a hydrogen atom, you still wouldn’t be able to find this market.

That said, with a small budget of S$35 I decided to use Twitter’s Promoted Tweet feature with this tweet:


Metric Organic Promoted
Impressions 451 40,426
Media Views 0 1
Detail Expands 49 238
Profile Clicks 1 134
Likes 0 49
Link Clicks 3 22
Follows 0 15
Retweets 1 10
Replies 0 2
App Clicks 0 1

Promoted Impressions is obviously a good metric, App Clicks on the other hand, is disappointing.


Why it is OK to Block Ads  

“Whatever metric you think they’re nudging you toward—how do you know? Wouldn’t you like to know? Why shouldn’t you know? Isn’t there an entire realm of transparency and corporate responsibility going undemanded here?

I’ll give you a hint, though: it’s probably not any of the goals you have for yourself. Your goals are things like “spend more time with the kids,” “learn to play the zither,” “lose twenty pounds by summer,” “finish my degree,” etc. Your time is scarce, and you know it.

Your technologies, on the other hand, are trying to maximize goals like “Time on Site,” “Number of Video Views,” “Number of Pageviews,” and so on. Hence clickbait, hence auto-playing videos, hence avalanches of notifications. Your time is scarce, and your technologies know it.

But these design goals are petty and perverse. They don’t recognize our humanity because they don’t bother to ask about it in the first place. In fact, these goals often clash with the mission statements and marketing claims that technology companies craft for themselves.”

James Williams


From start to finish, an incredible take on the ethics of ad-blocking.


Apple Pay Is Expanding  

“Apple Pay will be available to eligible American Express customers in Canada and Australia later this year, and access will expand to Spain, Singapore, and Hong Kong beginning in 2016.”

Juli Clover


Partnering with AMEX is strange as they don’t issue debit cards and are way behind Visa and Mastercard in terms of customer volume. I’m also guessing that this rollout only applies to AMEX cards issued directly instead of through a bank–though I could be wrong–all of which limits the scope of this rollout considerably.


New Apple TV Available to Order  

“The new Apple TV brings a number of improvements in both hardware and the user experience, led by a full App Store with support for third-party apps and a new touch-based remote that supports Siri-based controls in select countries.”

Eric Slivka


I’ve ordered the UK model so that I have the Siri-based controls. I find it inexcusable that Siri was demonstrated (heavily) on-stage at the Hey, Siri event, yet it’s only in the small print where Apple declares that Siri isn’t actually available in most of the launch countries.


The FFI List  

What’s Happened?

v3.0 of FATCA FFI List is no more. It’s been replaced by the new and improved v1.0 of The FFI List. There are a few reasons behind this: the level of effort to upgrade to iOS 9; adding sync; and a more efficient database search to name but a few.

The FFI List is being launched as a new app and FATCA FFI List has been removed from the App Store.

Release Notes:

NEW: Support for Sponsored Groups has been added.
NEW: Ability to quickly filter on valid/invalid GIINs.
NEW: Saved FFIs are indexed on your device. This means you can search for Saved FFIs from the home screen.
NEW: Saved FFIs are now synced across all your iOS devices (requires iCloud).
NEW: You can now access The FFI List blog inside the app.
NEW: The app supports 3D Touch Quick Actions on iPhone 6s and 6s Plus.
FIXED: Delete All Saved FFIs button is disabled when there are no saved FFIs.
IMPROVED: Search performance.

The FFI List will be available for free for a period of one week, and then will increase in price to $0.99USD (or local price tier equivalent).


Not Blogged In A While

It has been over a month since I blogged and that’s because, on 23rd September at 14:03, my wife and I became parents.

What a life-changing, tiring, rollercoaster of a month it’s been. We couldn’t be happier.

Kasper


Content Blockers in iOS 9

Update: Marco has pulled his Peace content blocker from the App Store.

Today sees the release of iOS 9 and with it Safari Content Blockers. These are small applications (with associated extensions) that allow you to block specific content such as adverts and background trackers when browsing the web. Users see immediate increases in browsing speed and better privacy.

Websites that rely on advertising as a source of revenue are rightly concerned and some are responding. Without a doubt, their revenues are about to take a tumble.

I have no issue with advertising when it is displayed in a tasteful way. Unfortunately, when it comes as pop-unders, pop-overs, videos, and banners — sometimes all on the same site — it’s too much. Content blockers are a necessary response to an unethical practice.

I am was using the Peace content blocker, though there are several more already in existence.


Apple TV as a Games Machine  

But in equipping the new Apple TV with older tech, there is the feeling that the firm isn’t quite ‘all in’ on its games strategy - and it’s difficult to avoid the sense that the device could become out-dated sooner rather than later. As things stand, the end result is that at a technological level, the A8 won’t be supplying 3D experiences on par with Xbox 360, let alone Xbox One. The firm’s insistence on sticking with relatively meagre levels of flash storage - 32GB as a base with usual eye-watering mark-up for the 64GB model - also limits the kinds of games we will be playing on it.

Richard Leadbetter


I once argued that Apple could be a real challenger in the console market. It has the user base, the platform, and a much lower barrier to entry—license fee wise—for third parties.

However, based on the technology used in this generation of Apple TV, it’s clear Apple don’t want to contend in the games console market: the hardware is not capable, the 64GB storage is paltry, and the limit of 2GB storage per app is smaller than what the original Xbox and PS2 had with their DVDs.

Oh well, Crossy Road at 1080p it is.