BiteofanApple Archive About Code Microblog Photos
by Brian Schrader

MVC-N and Services

Posted on Tue, 24 May 2016 at 10:40 AM

In a recent talk, Marcus Zarra proposed a new addition to the Model-View-Controller paradigm, which he calls the Network Controller (MVC-N):

We have a network controller: it talks to the internet, your local network, or even be a flat file system. It then pushes data into your cache, into your persistence engine. Here comes the exciting part: your entire view layer talks to the cache only. It does not get data from the internet directly. The ViewController’s job is to display or update that data, not to do networking code.

Note: if you do not like the word “controller”, then “manager”, “handler”, or anything else works fine. The point is that it is a controller object, because it is not a view and not a model.

I use this pattern all the time in my code, but I don't like calling it a controller. I've started using the term Service to denote any class or set of code that provides an abstraction for my View Controllers.1

In my code, I will typically have classes like NetworkService, DropboxService, ChatService, NotificationService, etc. These services abstract their underlying protocols, data stores, and logic away from the View Controllers and allow for cleaner VC code.

I'm no where near as experienced in iOS development as Marcus is, but I like to think of any Cocoa class that uses the .shared() or .default() paradigm as a built-in service.

// This is a service. It abstracts the process of sending 
// notifications, and itself is not a view controller.
// So is this.

I've heard these kinds of classes called Utility classes, but I think that's a big misnomer. Utility classes are little convenience classes or functions that provide esoteric and unique functionality, while a service abstracts some underlying, logically distinct functionality away from the View Controllers.

MVC-N: Isolating network calls from View Controllers →

1 Services in this sense come from the Angular term for non-view controller related logic that handles some background communication with the network.

iMessage Security

Posted on Sun, 24 Apr 2016 at 10:29 AM

For a recent post, Rich Mogull talked with Apple about iMessage and security. I always love to hear about cool engineering designs, and iMessage is full them.

Here’s a simplified overview of how iMessage security works:

  • Each device tied to your iCloud account generates its own public/private key pair, and sends the public key to an Apple directory server. The private key never leaves the device, and is protected by the device’s Data Protection encryption scheme (the one getting all the attention lately).
  • When you send an iMessage, your device checks Apple’s directory server for the public keys of all the recipients (across all their devices) based on their Apple ID (iCloud user ID) and phone number.
  • Your phone encrypts a copy of the message to each recipient device, using its public key. I currently have five or six devices tied to my iCloud account, which means if you send me a message, your phone actually creates five or six copies, each encrypted with the public key for one device.
  • For you non-security readers, a public/private keypair means that if you encrypt something with the public key, it can only be decrypted with the private key (and vice-versa). I never share my private key, so I can make my public key… very public. Then people can encrypt things which only I can read using my public key, knowing nobody else has my private keys.
  • Apple’s Push Notification Service (APN) then sends each message to its destination device.
  • If you have multiple devices, you also encrypt and send copies to all your own devices, so each shows what you sent in the thread.

How iMessage distributes security to block “phantom devices” →

Re: Voting Systems

Posted on Fri, 15 Apr 2016 at 05:41 PM

This being an election year in the U.S., I've had a lot of conversations with friends and coworkers about various parts of the political process, voting, and of course the candidates. During these conversations I inevitably mention some point from CGP Grey's fantastic voting systems videos. If you haven't seen them already (links below), Grey explains how some of the weird quirks and pitfalls in our modern political systems are actually not at all related to the representatives or candidates, but to the underlying method that we use to elect them.

Politics and Law are always interesting because their results are so heavily influenced by the way they are developed and enacted. The legal system, for example is not about the specific intent of any given law, but about how that law can be used to enact future laws and the precedent it sets. Politics works in the same way: The method we use to elect our officials affects how the officials run for office and what issues they bring up. The voting system is the lens through which we see and conduct our democracy, and, like every lens, it's not perfect.

CGP Grey: Politics in the Animal Kingdom →

CGP Grey: Foonnote *: I, Phone →

I'm also happy to see that Grey, against his reservations, published his videos about the iPhone encryption debate.

Can we save the open web?

Posted on Sat, 19 Mar 2016 at 02:26 PM

Dries Buytaert on the dominance of large corporations and their algorithms:

[T]he internet has changed drastically over the last decade. It's become a more closed web. Rather than a decentralized and open landscape, many people today primarily interact with a handful of large platform companies online, such as Google or Facebook. To many users, Facebook and Google aren't part of the internet -- they are the internet.

According to a recent study from the American Institute for Behavioral Research and Technology, information displayed in Google could shift voting preferences for undecided voters by 20 percent or more -- all without their knowledge...

It's possible that we're reaching the point where we need oversight for consumer-facing algorithms. Perhaps it's time to consider creating an oversight committee. Similar to how the FDA monitors the quality and safety of food and drugs, this regulatory body could audit algorithms.

Just my initial thoughts, but I like the idea of having some agency oversee these large corporate algorithms. They play such a huge roll in our lives, and there's a large incentive for companies to manipulate their users to their own benefit. Facebook and Google especially have proven that they can do this extremely effectively, and like Dries' says, "without their knowledge". If we're going to allow these kinds of algorithms to be such a huge part of our lives, which I don't believe is necessarily a bad thing, then they should at least be subject to some sort oversight. At the very least, we could enforce a sort of Programmer's Hypocratic Oath or something.

Can we save the open web? →

Blog when you disagree

Posted on Mon, 14 Mar 2016 at 07:57 PM

Manton Reece (emphasis mine):

When you disagree, that’s what you should write about, and you should post it to your blog. 140 characters thrown against wave after wave of mainstream opinion tweets will be drowned out. A blog post isn’t a cheap opinion; it’s a statement that what you think matters.

Blog when you disagree →



Creative Commons License