|
Is the latest Xcode beta stable? Because 6.3 is a piece of poo poo. It hangs on opening a project for me about 70% of the time now. edit: hang on let's see what 6.3.1 can do just saw it edit 1: well if I can get Updates to work god dammit my machine is cursed lord funk fucked around with this message at 16:44 on Apr 26, 2015 |
#
?
Apr 26, 2015 16:40
|
|
|
|
| # ? May 16, 2024 11:35 |
|
|
lord funk posted:Is the latest Xcode beta stable? Because 6.3 is a piece of poo poo. It hangs on opening a project for me about 70% of the time now. It's a huge bag of dicks. 
Doh004 fucked around with this message at 17:09 on Apr 26, 2015 |
|
#
?
Apr 26, 2015 16:57
|
|
|
lord funk posted:edit 1: well if I can get Updates to work god dammit my machine is cursed
|
|
#
?
Apr 26, 2015 17:09
|
|
|
status posted:just get it from the developer website Oh no the system update worked. There was just zero visible indication that anything was actually happening.
|
|
#
?
Apr 26, 2015 18:43
|
|
|
Well tomorrow should be fun
|
|
#
?
Apr 26, 2015 18:46
|
|
|
lord funk posted:Oh no the system update worked. There was just zero visible indication that anything was actually happening. I tucking hate that. *Clicks Update button* *Button turns gray and then nothing happens* *Restarts App Store app, tries updating again* *Update button turns gray and then it just sits there for 20 minutes* "Ugh, I don't have time for this!" *Suddenly it's done and the update is installed* *The next day it wants you to install the same update again, then again and again, repeat ad nauseum*
|
|
#
?
Apr 26, 2015 18:56
|
|
|
Security issue for any apps using AFNetworking 2: http://arstechnica.com/security/2015/04/24/critical-https-bug-may-open-25000-ios-apps-to-eavesdropping-attacks/
|
|
#
?
Apr 27, 2015 01:38
|
|
|
Working on IAP, and it is hilarious to me how detailed and helpful the implementation documentation is. I'm so not used to this coming from CoreAudio where the documentation is an empty header file.
|
|
#
?
Apr 27, 2015 14:06
|
|
|
I'm working on a phone app, and I want to adjust the UI so that on all phones it has the same set of common controls, but as the screens get bigger, more are shown; like, a iPhone 5 would show only the common controls with extra controls on other screens, but on a 6 you'd get the common controls and some of the extras, and on a 6+ you'd get even more. I've started looking over the new adaptive layout stuff, which looks cool for sizing things, but is there any functionality there for showing and hiding views based off of screen size? Or is this the sort of thing where I'll have to have a different view for each layout?
|
|
#
?
Apr 27, 2015 14:18
|
|
|
I think you might need multiple views or conditional code layout. The adaptive stuff is good in a situation where, say, you have a scrollview with a bunch of controls, and on a bigger screen you simply see more of the scrollview, thus more of the controls. If you want to show a subset of "secondary" controls only on bigger screens, I think you'll have to poll to see if you're on a bigger screen via code.
|
|
#
?
Apr 27, 2015 14:46
|
|
|
Yeah, I figured as much. Thanks. Second question, probably basic xcode setup that I'm unaware of. I'm including a third-party extension into my project, and since it's pulled from an external github repo, I have it in a directory under my project ("<project root>/<imported repo>"). The extension is swift, and extends String. When the swift file is in the root directory the extension shows up, but when it's in the repo directory, nothing. The repo directory has my target checked in its target membership. I assume all code doesn't have to live in the same place, so what do I need to do to get it recognized?
|
|
#
?
Apr 27, 2015 23:21
|
|
|
Adaptive Layout can configure controls differently depending on the screen size, but it seems a bit crude to me. Also, your small screen devices will at least be taking on the workload of instantiation even if the control will never be visible to them, for instance.
|
|
#
?
Apr 27, 2015 23:44
|
|
|
dupersaurus posted:Yeah, I figured as much. Thanks. Have you added the extension file itself to your app target? Or did you import the third-party module? You'll need to do one or the other, not both.
|
|
#
?
Apr 27, 2015 23:51
|
|
|
dupersaurus posted:I'm working on a phone app, and I want to adjust the UI so that on all phones it has the same set of common controls, but as the screens get bigger, more are shown; like, a iPhone 5 would show only the common controls with extra controls on other screens, but on a 6 you'd get the common controls and some of the extras, and on a 6+ you'd get even more. I've started looking over the new adaptive layout stuff, which looks cool for sizing things, but is there any functionality there for showing and hiding views based off of screen size? Or is this the sort of thing where I'll have to have a different view for each layout? The "Installed" setting is what this is exactly for. Click the little '+' to add a specific configuration (e.g. Compact Width) to make the view appear or not appear in that size class. Unfortunately UIBarButtonItem being a unique snowflake bites again: you can't control them by size class which is one of the primary use cases of the feature. If I weren't so busy doing other stuff I'd subclass UIBarButtonItem, make it @IBDesignable, and add size class configuration. Unfortunately another lazy mis-feature bites you in the rear end - If you subclass, IB sometimes dumps half the attribute editors that normally come with that control type so you have to override the properties to re-declare everything with the proper attributes (even then some of the editors aren't available to 3rd party classes no matter what you do).
|
|
#
?
Apr 28, 2015 09:16
|
|
|
Does anyone use a 3rd party library for IAP that they recommend? I keep seeing that it's not a good idea to use them for security reasons, but I'd rather have a solid implementation that makes the experience better for the user than trying to fumble through my own.
|
|
#
?
Apr 28, 2015 15:34
|
|
|
Basic IAP is pretty easy. StoreKit is well documented and easy to use. The only parts of IAP that can be a pain are implementing server-side verification and checking the App Store receipt file when the app launches. Server-side verification can be a pain because you really should roll your own, yet pretty much all IAP server-side verification examples are so over-simplified that they're almost worthless (no checking that the receipt is for the app requesting verification, no storing receipts to catch & block people trying to re-use a valid receipt, assuming the script will only be for one app, assuming that you'll be available to edit the script to change over to checking Apple's production verification server when your app goes live, assuming that that's even a good idea, etc). Hope you know enough server-side web programming stuff to implement your own. Checking the App Store receipt file in your app can be annoying. "LOL just build your own static OpenSSL library and link it into your app, then use it to parse and decrypt the receipt file, not that big of a deal guys!" More secure than just saving the purchase results in an SQLite database or an unencrypted plist (and yes, there are apps that do this  ), though.But the StoreKit stuff is really simple and easy. All the rest just depends on how hard you want to make it for people to steal your IAP. For a relatively expensive music app like TC-11, I'd assume you want it to require at least a little more effort than installing IAP Cracker. If you do go the server-side verification route, make sure it's over SSL and that you're doing SSL pinning.
|
|
#
?
Apr 28, 2015 17:34
|
|
|
Doc Block posted:Basic IAP is pretty easy. StoreKit is well documented and easy to use. The only parts of IAP that can be a pain are implementing server-side verification and checking the App Store receipt file when the app launches. And I was doing great on rolling StoreKit along until... Doc Block posted:"LOL just build your own static OpenSSL library and link it into your app, then use it to parse and decrypt the receipt file, not that big of a deal guys!"
|
|
#
?
Apr 28, 2015 19:17
|
|
|
pokeyman posted:Have you added the extension file itself to your app target? Or did you import the third-party module? You'll need to do one or the other, not both. I simply did the right click "add existing file" menu option on the folder.
|
|
#
?
Apr 28, 2015 19:37
|
|
|
Receigen supposedly generates receipt validation code for you in a manner that is obfuscated differently each time you run it. I bought it for a project and then didn't have cause to use it, but it didn't seem that bad beyond having to include openssl. Not sure how easily cracked the generated code is though.
|
|
#
?
Apr 28, 2015 20:15
|
|
|
kitten smoothie posted:Receigen supposedly generates receipt validation code for you in a manner that is obfuscated differently each time you run it. I bought it for a project and then didn't have cause to use it, but it didn't seem that bad beyond having to include openssl. Not sure how easily cracked the generated code is though. That looks pretty good to me.
|
|
#
?
Apr 28, 2015 20:31
|
|
|
lord funk posted:Not looking to do server-side verification, just local verification. Does this make the app easily crackable? That's the problem - without server-side verification, they don't have to crack your app. IAP Cracker just intercepts calls to StoreKit and returns success when the user tries to buy something or restore purchases. Server-side verification bypasses this, assuming you use SSL and SSL certificate pinning so they can't just MITM your server-side verification too. quote:And I was doing great on rolling StoreKit along until... Technically, you don't have to verify the App Store receipt file. That's a separate thing that your app does on launch so it can find out what the user has already purchased, and also tells you when the purchased it, and even when they first got your app (so if you ever went from paid to freemium you could check the date the user first got your app and, if it was before it went freemium, unlock all features to keep your paid users happy). But you can do what I did back when I wanted to keep iOS 6 compatibility (the App Store receipt stuff wasn't until iOS 7): put the purchases in an encrypted plist, with the password obfuscated enough that they can't find it by running strings on the binary. Doesn't do anything to prevent attacks like code injection, but the plist included a device-unique GUID so it couldn't be copied to other devices, and by encrypting it somebody couldn't edit it to say they bought everything. Apparently somebody discovered that including a certain section in the binary causes the runtime linker to disallow code injection, you just have to pass a certain flag to the linker when compiling. Should hopefully prevent using code injection to steal IAP. I'll see if I can find the link.
|
|
#
?
Apr 28, 2015 21:38
|
|
|
The author of Receigen wrote about receipt validation for issue #17 of objc.io.
|
|
#
?
Apr 28, 2015 21:52
|
|
|
Doc Block posted:Apparently somebody discovered that including a certain section in the binary causes the runtime linker to disallow code injection, you just have to pass a certain flag to the linker when compiling. Should hopefully prevent using code injection to steal IAP. I'll see if I can find the link. Found the article: Blocking Code Injection on iOS and OS X. edit: this, plus Receigen, plus server-side verification looks like a good solution. Doc Block fucked around with this message at 22:48 on Apr 28, 2015 |
|
#
?
Apr 28, 2015 22:26
|
|
|
Thanks for all the explanation. My only (huge) question remaining is how to do server-side verification. I've never done anything on a server other than host my website. Is there a tutorial / implementation you can recommend? edit: and I would need to learn about securing my server, wouldn't I. 
lord funk fucked around with this message at 20:25 on Apr 29, 2015 |
|
#
?
Apr 29, 2015 14:21
|
|
|
Like I mentioned, most of the examples available are ridiculously oversimplified. The gist of it is: Your app makes a purchase request. StoreKit does its thing, and if successful it returns a purchase receipt. Your app passes the purchase receipt to your server, which then asks Apple's server if it's legit, and returns the result to your app. Now, where it gets complicated is that it's possible to intercept this receipt, so IAP pirates will make a legit purchase, intercept the receipt, and then pass it around for everyone else to use. So naive server-side verification will fall victim to this attack, since it is a legit receipt. Or they'll use a legit purchase receipt but one from an app with cheaper IAP. Naive server-side verification will fall victim to this too. So your app has to pass some extra info to your server, such as its app ID, so the server can verify that the app ID in the receipt matches the app ID passed to it. Then, the server should record this receipt so it can look for it when verifying future purchases and disallow the purchase if the receipt has already been used. It also should pass to your server which product the IAP is for, and have the server check it against Apple's returned data, so people can't pass a receipt for your app's $0.99 IAP as being for a more expensive one. And on top of that you have to do it over SSL with SSL certificate pinning so pirates can't intercept your server-side verification. Also, Apple has different verification servers for live apps and for testing. One problem with literally every server-side verification example I've seen is that they just have something like this in the script code:
Since I never use the Release configuration for the actual release (instead I have a Distribution config that starts out as a copy of Release, but has APPSTORE_DISTRIBUTION=1 preprocessor directive defined in the build configuration), I would structure the verification API to take a boolean as to whether or not the app is using the IAP sandbox. Then, in the app you can have Objective-C code:So because of all this, as well as the need to make sure their server's verification API isn't vulnerable, a lot of developers just skip doing server-side verification. fake edit: this was written on my phone and changed a lot before being posted, hopefully it's still understandable.
|
|
#
?
Apr 29, 2015 21:16
|
|
|
Is there some sort of trick to signing into a new iCloud account in the simulator? I've tried it with three - my own (fails because I have two-step verification enabled), a foreign app store account, and one I just created today with its own email alias on my domain. I get "user name or password wrong" for the latter two. I want to be able to use a separate account for development, but it seems to be rather difficult. edit: Looks like I had to log into iCloud.com and agree to the terms to get it activated. That was totally obvious from "your username or password is invalid". 
Dessert Rose fucked around with this message at 03:32 on May 1, 2015 |
|
#
?
Apr 30, 2015 06:37
|
|
|
Doc Block posted:lots of info Thank you, that's incredibly helpful. Sorry to keep filling up the thread with IAP woes, but has anyone run into an issue where the App Store keeps asking for your test account password? I made some test purchases with the sandbox account, and now the system keeps asking for the password. Not just when the app is open (or even installed!), but when you wake up the phone. I thought it might be failed transactions retrying again and again, but I'm calling -[SKPaymentQueue finishTransaction:], and the transaction queue is empty at launch. Plus why would it still ask if the app isn't even installed?
|
|
#
?
May 1, 2015 16:00
|
|
|
If anyone has some free time and wants to beta test my new app (with bonus Watch app) please PM me your email. It's a small app that just tells you the name(s) of the neighborhood you are in, or you can long-press on the map to find a specific neighborhood. Then you can save pins, tag them with different colors, and give the pins names/notes. The watch glance and app just show you where you are the name of the neighborhood, along with a Save button to make a pin out of it without taking your phone out of your pocket. V2 will bring CloudKit syncing of saved places, jump to pin, searching, and more tools for sorting/organizing saved locations just because that's something I find myself wanting fairly often.
|
|
#
?
May 1, 2015 18:20
|
|
|
lord funk posted:Thank you, that's incredibly helpful. Did you log back into your normal Apple ID after you were done testing the IAP?
|
|
#
?
May 1, 2015 18:32
|
|
|
Doc Block posted:Did you log back into your normal Apple ID after you were done testing the IAP? Kind of tough to keep track of it, but I've gotten it to happen this way: 1. Sign out of my normal Apple ID 2. Purchase an IAP with the test account ID (it completes) 3. Exit the app, put the device to sleep 4. Wake up the device and the system asks for the test account ID Signing out and back into my normal ID then switches to asking for my normal ID password. Also gotten to happen this way: 1. While signed into my normal ID... 2. Start a purchase, but cancel it before entering my normal ID password 3. Exit the app, put the device to sleep 4. Wake up the device and the system asks for my normal ID The only way to get it to stop is a backup restore of the device. edit: I'm just starting over cleanly and trying to catch where this starts happening lord funk fucked around with this message at 21:48 on May 1, 2015 |
|
#
?
May 1, 2015 20:12
|
|
|
Ended up getting a WWDC ticket today, yay for a break from a pre release sprint.
|
|
#
?
May 5, 2015 01:08
|
|
|
Am I correct that you cannot use XCTest to check whether the files you expect to be added to your app bundle are actually added to your app bundle, because your test will have its own, separate bundle?
|
|
#
?
May 6, 2015 19:25
|
|
|
lord funk posted:Am I correct that you cannot use XCTest to check whether the files you expect to be added to your app bundle are actually added to your app bundle, because your test will have its own, separate bundle? You can try bundleForClass:
|
|
#
?
May 6, 2015 20:07
|
|
|
Kallikrates posted:You can try bundleForClass: This will return the test bundle.
|
|
#
?
May 6, 2015 21:14
|
|
|
lord funk posted:This will return the test bundle. No it won't, it'll return the bundle containing the class you ask about. And +[NSBundle mainBundle] will return the bundle for the controlling executable of the process, either the app into which tests were injected, or the xctest tool if you're running tests for a framework under OS X or iOS Simulator.
|
|
#
?
May 7, 2015 09:29
|
|
|
eschaton posted:No it won't, it'll return the bundle containing the class you ask about. And +[NSBundle mainBundle] will return the bundle for the controlling executable of the process, either the app into which tests were injected, or the xctest tool if you're running tests for a framework under OS X or iOS Simulator. I guess what I observed was that asking for +[NSBundle bundleForClass:[MyCustomClass class]] was returning the same bundle as +[NSBundle bundleForClass:[self class]] when run in the test. But I don't know how I missed that +[NSBundle mainBundle] was what I needed all along. Thanks!
|
|
#
?
May 7, 2015 13:38
|
|
|
What do I put in Organization Identifier/Name when I'm working on a GPL thing I downloaded? It's ./configure && make-style build & I'm just creating an xcode project to import it into the "External Build System" template e: nevermind, it makes a project when i drag & drop the folder into the window Carthag Tuek fucked around with this message at 10:08 on May 8, 2015 |
|
#
?
May 8, 2015 10:02
|
|
|
Anyone do any hiring? I'm having some trouble coming up with quality/engaging/whatever questions for a (most likely senior level) position in iOS development.
|
|
#
?
May 11, 2015 01:14
|
|
|
status posted:Anyone do any hiring? I'm having some trouble coming up with quality/engaging/whatever questions for a (most likely senior level) position in iOS development. How autorelease works, as low-level as you can go How Core Animation works, as low-level as you can go (layers and animations) Difference between UIView and CALayers GCD
|
|
#
?
May 11, 2015 01:32
|
|
|
|
| # ? May 16, 2024 11:35 |
|
|
I wouldn't really expect a whole lot of autorelease knowledge these days...maybe the specifics of ARC instead? edit; unless I'm misunderstanding what you're getting at here..? dc3k fucked around with this message at 01:42 on May 11, 2015 |
|
#
?
May 11, 2015 01:37
|
|