Tom Insam


A time for sharing (government content on Facebook and Twitter):

This is a feature that colleagues in a handful of departments have repeatedly asked for. We thank them for their patience. We prioritise rigorously based on evidence of user need, and this particular feature has been queued for a long time because zero end users have ever requested it, and all users in several rounds of guerrilla testing were able to share GOV.UK links to social networks easily by copying and pasting them.
via toffeemilkshake:
Passive aggressive blog post of the day.
The passport chip uses Basic Access Control (BAC) to control its communications with devices attempting to read it. Essentially this means that the chip will not allow any information to be read from it until certain items of data from the passport have been passed to it (the passport number, the date of birth and the date of expiry). This makes it impossible for a criminal to remotely read a passport in your pocket, and ensures that the person reading the passport has opened the passport book to read these details before activating the app.

As many have decried in recent threads, it all comes down the WYTM - What’s Your Threat Model.

It’s hard to come up with anything more important in crypto. It’s the starting point for … everything


First, it’s assumed that the actual end systems that the protocol is being executed on are secure [and] we assume that the attacker has more or less complete control of the communications channel between any two machines.

Ladies and Gentlemen, there you have it. The Internet Threat Model (ITM), in a nutshell, or, two nutshells, if we are using those earlier two sentance models.

It’s a strong model: the end nodes are secure and the middle is not. It’s clean, it’s simple, and we just happen to have a solution for it.

Problem is, it’s also wrong. The end systems are not secure, and the comms in the middle is actually remarkably safe.

Ian Grigg (10 years ago) via Programming is Terrible

My best guess is that if your card is already registered with a Coin account, it then cannot be registered with another Coin account. And if that is the case you are probably more secure owning a Coin then you would be if you didn’t own a Coin

The Brooks Review

Gee, it would be a pity if someone skimmed your card, huh? Better buy our product. It’ll protect you against… other users of our product.

NSAssert in blocks

From NSNotificationCenter with blocks considered harmful:

what is wrong here? I’ll give you a hint: if you test in Release mode, it works fine. It only fails in Debug mode.

Give up?

Here’s the answer:

NSAssert(counter==oldCounterValue+1, @”Atomicity guarantee violated.”);

See, NSAssert is a macro. A macro that expands to this:

do {
      if (!(condition)) {
        [[NSAssertionHandler currentHandler] handleFailureInMethod:_cmd
        object:self file:[NSString stringWithUTF8String:__FILE__]
            lineNumber:__LINE__ description:(desc), ##__VA_ARGS__];
      } while(0)

See there? Big fat self. Ergo, retain cycle, ergo test failure