Re: NSTask argument list

2016-06-26 Thread Sandor Szatmari 
Graham,

> On Jun 26, 2016, at 01:29, Graham Cox  wrote:
> 
> 
>> On 26 Jun 2016, at 3:22 PM, dangerwillrobinsondan...@gmail.com wrote:
>> 
>> If it helps, you can think of it  as an object oriented wrapped around C 
>> system calls that keeps track of PID and all the other bits like stdout and 
>> so on. 
>> That helps to grok why the args is and array and the tool is separate.
> 
> 
> Yep, it makes perfect sense, and is a good fit for my needs.
> 
> A follow up question, but this may be something that I’ll just have to grok 
> from the ffmpeg documentation - is there a way to get feedback from the 
> ffmpeg tool while it’s running, via NSTask? It writes a log to stderr, and 
> there are settings to control how verbose that is, but it would be necessary 
> to parse the text output to look for specific things. I need to know whether 
> the input stream has finished, or how big the output file has become. The 
> latter I may be able to do by looking at the file itself, not sure about the 
> first bit.

You can either asynchronously monitor the task's output with notifications, or 
I have read about a new API, but never used it, 
-setReadabilityHandler:^(NSFileHandle* file)

Sandor
> 
> —Graham
> 
> 
> 
> ___
> 
> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
> 
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> 
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/cocoa-dev/admin.szatmari.net%40gmail.com
> 
> This email sent to admin.szatmari@gmail.com

___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Is windowControllerDidLoadNib used only when windowNibName is?

2016-06-26 Thread Daryle Walker 
> On Jun 10, 2016, at 9:45 AM, Jerry Krinock  wrote:
> 
>> On 2016 Jun 10, at 06:16, Daryle Walker  wrote:
>> 
>> I replaced windowNibName with makeWindowControllers since I'm moving window 
>> management to a separate controller. I kept windowControllerDidLoadNib 
>> around. Now I wondered if it still gets called. I put in a "print( #function 
>> + "got called." )" and never saw the output. Is this method called only when 
>> the default NIB-in-NSDocument strategy is used?
> 
> The -windowControllerDidLoadNib: documentation states the reason for this, 
> that it is called "if the receiver is the nib file’s owner”.  So, check what 
> is your nib File’s Owner.
> 
> I usually don’t get it either, because I like to set as owner of my document 
> nib files a window controller, and not the associated document.


I’m using storyboards, which changes the “NIB file’s owner” to a reference to 
the window/view controller.  So does this mean I can remove “- 
windowControllerDidLoadNib”?

— 
Daryle Walker
Mac, Internet, and Video Game Junkie
darylew AT mac DOT com 


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: NSTask argument list

2016-06-26 Thread Graham Cox 

> On 26 Jun 2016, at 4:58 PM, Sandor Szatmari  
> wrote:
> 
> You can either asynchronously monitor the task's output with notifications, 
> or I have read about a new API, but never used it, 
> -setReadabilityHandler:^(NSFileHandle* file)
> 
> Sandor
> 


Thanks!

I was able to set a readability handler on a NSPipe, set as stdout for the 
NSTask. ffmpeg has a -progress option which spews a bit of easily-parsed text 
to the pipe, so I was able to extract the info I wanted from that. All pretty 
straightforward in the end.

—Graham



___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Keary Suska 

> On Jun 25, 2016, at 8:44 PM, Gerriet M. Denkmann  wrote:
> 
> Following TN2326 I created a (self signed) Certificate Authority and a 
> Digital Identity called "MyServerId".
> 


>> We are now falling into the rabbit hole that is peer-to-peer trust & 
>> identity. How is your server going to identify it so that a client will know 
>> that it’s the server it expects? I don’t know whether you’ve given any 
>> thought to this; the answer affects how you’d implement this part of the app.
> 
> I have thought about this, but I am not at all sure that my thoughts are 
> correct.
> Currently (as indicated in the code above) my client has a copy of the real 
> server certificate and compares it with the certificate obtained from its 
> inputStream.
> I am not sure whether putting the server certificate into the client is ok or 
> a breach of security. 
> 
> That is: the client will accept any server which has signed with the server 
> certificate.

Self-signed certificates can only offer encryption, but cannot offer trust 
because they are not verifiable. You can’t use the server certificate as a key 
since you pass that key out to anyone who wants it (in your app), and anyone 
who gets it can impersonate the server.

I am unclear to me whether you are after a client-server (i.e. all servers are 
under your control) or peer-to-peer (i.e. every client is a server and every 
server is a client)) model? With the former everything you need other than 
client verification is inherent in the SSL/TLS protocol (if you use managed and 
verifiable certificates). With the latter, SSL/TLS will not likely serve you as 
to do it correctly will likely be cost prohibitive (unless you can pass that 
cost to the consumer in some way).

That being said, in a peer-to-peer model I would (OTOH) use a public 
key/private key setup, where public keys are swapped and maintained in a trust 
database once a “trust” connection has been made. Pairing a bluetooth keyboard 
is a simple example of how to establish an initial “trust” connection. The 
benefit here is that by encrypting messages with a user’s public key, only the 
designated user can decrypt it, so you get both internal and external security. 
If a customer asks, “how do I know I am talking to whom I think?” You say, “It 
doesn’t matter, because what they get will not be decipherable unless they are 
who they say they are.” This can be followed up with the fact that all 
electronic communications are intercept-able, so the approach is to make the 
information as undecipherable as possible since there is no way to prevent 
interception.

HTH,

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: exposing only what you want - headers and Swift?

2016-06-26 Thread William Squires 
True, but they'd still have the source .swift file as the compiler would need 
this to know what symbols, identifiers, etc... there were, even if they were 
marked private. Whereas in ObjC, I can give someone the header and the 
framework, and they can't see the internals, and thus be tempted to program to 
an implementation (or, for that matter, myself) :)

On Jun 25, 2016, at 3:11 PM, Quincey Morris 
 wrote:

> On Jun 25, 2016, at 12:57 , Quincey Morris 
>  wrote:
>> 
>> provide a framework
> 
> Sorry, just to clarify since you asked about this, a Swift language framework 
> module only exposes things explicitly declared “public”. Things without 
> access controls are implicitly “internal” and so not exposed in frameworks.
> 

___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: exposing only what you want - headers and Swift?

2016-06-26 Thread Quincey Morris 
On Jun 26, 2016, at 11:48 , William Squires  wrote:
> 
> they'd still have the source .swift file as the compiler would need this to 
> know what symbols, identifiers, etc... there were, even if they were marked 
> private

No, only the public symbols would be in the module/framework. All the 
internal/private symbols have already been compiled and linked, so they’re not 
present any more. This also means that internal/private symbols won’t appear in 
a generated interface in the assistant pane.

(In fact, *within* a framework, when you’re working in Xcode, generated 
interfaces only show what’s accessible from your current source file. So, 
typically, you’ll only see the “internal” and “public” declarations.)

Of course, if the framework has debug information, the private symbols would be 
described there, but the *compiler* wouldn’t know anything about them.

___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: exposing only what you want - headers and Swift?

2016-06-26 Thread Thomas Wetmore 
A framework does not include source. It as an opaque bundle that contains a 
public API and compiled code as an integrated whole.

> On Jun 26, 2016, at 2:48 PM, William Squires  wrote:
> 
> True, but they'd still have the source .swift file as the compiler would need 
> this to know what symbols, identifiers, etc... there were, even if they were 
> marked private. Whereas in ObjC, I can give someone the header and the 
> framework, and they can't see the internals, and thus be tempted to program 
> to an implementation (or, for that matter, myself) :)
> 
> On Jun 25, 2016, at 3:11 PM, Quincey Morris 
>  wrote:
> 
>> On Jun 25, 2016, at 12:57 , Quincey Morris 
>>  wrote:
>>> 
>>> provide a framework
>> 
>> Sorry, just to clarify since you asked about this, a Swift language 
>> framework module only exposes things explicitly declared “public”. Things 
>> without access controls are implicitly “internal” and so not exposed in 
>> frameworks.
>> 
> 
> ___
> 
> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
> 
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> 
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/cocoa-dev/ttw4%40verizon.net
> 
> This email sent to t...@verizon.net


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

How do I get data out of NSRuleEditor?

2016-06-26 Thread Jim Thomason 
I've been desperately trying to use NSRuleEditor for a while now, since it
presents exactly the type of interface I want to show to the users.

But I can't figure out how to properly get data out of it. I can configure
all of the delegate methods to build the interface, but then what?

The data I'm presenting doesn't fit into a predicate, so I'm unable to use
NSPredicateEditor.

The best I've come up with is to bind the RuleEditor's rows to something,
and then iterate through each row, finding the criteria, and then parsing
to look for the displayValue to build up some sort of other structure that
I can actually use elsewhere.

That just seems...yucky to me. Since I'd need to reverse the displayValue
into the real value in some manner, and most things that I've seen about
localized strings is that you really shouldn't go the other way. But maybe
I'm overthinking it and that is acceptable?

Or is there some other alternative method? If I just had a list of the
selected values of the criteria for a given row, along with all subrows
associated (and their selected values and so on), I'd be in business.

Any suggestions?

-Jim.
___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: exposing only what you want - headers and Swift?

2016-06-26 Thread Jim Adams 
Don’t you have to ship your Swift source code with a framework because of 
source incompatibility and ABI issues?

On Jun 26, 2016, at 3:06 PM, Thomas Wetmore 
mailto:t...@verizon.net>> wrote:

A framework does not include source. It as an opaque bundle that contains a 
public API and compiled code as an integrated whole.

On Jun 26, 2016, at 2:48 PM, William Squires 
mailto:wsqui...@satx.rr.com>> wrote:

True, but they'd still have the source .swift file as the compiler would need 
this to know what symbols, identifiers, etc... there were, even if they were 
marked private. Whereas in ObjC, I can give someone the header and the 
framework, and they can't see the internals, and thus be tempted to program to 
an implementation (or, for that matter, myself) :)

On Jun 25, 2016, at 3:11 PM, Quincey Morris 
mailto:quinceymor...@rivergatesoftware.com>>
 wrote:

On Jun 25, 2016, at 12:57 , Quincey Morris 
mailto:quinceymor...@rivergatesoftware.com>>
 wrote:

provide a framework

Sorry, just to clarify since you asked about this, a Swift language framework 
module only exposes things explicitly declared “public”. Things without access 
controls are implicitly “internal” and so not exposed in frameworks.


___

Cocoa-dev mailing list 
(Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at 
cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/ttw4%40verizon.net

This email sent to t...@verizon.net


___

Cocoa-dev mailing list 
(Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at 
cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/jim.adams%40sas.com

This email sent to jim.ad...@sas.com

___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: exposing only what you want - headers and Swift?

2016-06-26 Thread Thomas Wetmore 
Jim,

When you ship a Swift framework it does not contain source code. But if you 
want to give someone else the ability to build the framework (say because you 
don’t support a specific compiler version or specific ABI, or so unneeded parts 
can be left out), you must ship the source. Some software distributions come in 
binary form, some come in source form, and some come in both. But a Swift 
framework is what it is.

Tom Wetmore


> On Jun 26, 2016, at 5:19 PM, Jim Adams  wrote:
> 
> Don’t you have to ship your Swift source code with a framework because of 
> source incompatibility and ABI issues?
> 
>> On Jun 26, 2016, at 3:06 PM, Thomas Wetmore  wrote:
>> 
>> A framework does not include source. It as an opaque bundle that contains a 
>> public API and compiled code as an integrated whole.
>> 
>>> On Jun 26, 2016, at 2:48 PM, William Squires  wrote:
>>> 
>>> True, but they'd still have the source .swift file as the compiler would 
>>> need this to know what symbols, identifiers, etc... there were, even if 
>>> they were marked private. Whereas in ObjC, I can give someone the header 
>>> and the framework, and they can't see the internals, and thus be tempted to 
>>> program to an implementation (or, for that matter, myself) :)
>>> 
>>> On Jun 25, 2016, at 3:11 PM, Quincey Morris 
>>>  wrote:
>>> 
 On Jun 25, 2016, at 12:57 , Quincey Morris 
  wrote:
> 
> provide a framework
 
 Sorry, just to clarify since you asked about this, a Swift language 
 framework module only exposes things explicitly declared “public”. Things 
 without access controls are implicitly “internal” and so not exposed in 
 frameworks.
 
>>> 
>>> ___
>>> 
>>> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
>>> 
>>> Please do not post admin requests or moderator comments to the list.
>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>> 
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/cocoa-dev/ttw4%40verizon.net
>>> 
>>> This email sent to t...@verizon.net
>> 
>> 
>> ___
>> 
>> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
>> 
>> Please do not post admin requests or moderator comments to the list.
>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>> 
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/cocoa-dev/jim.adams%40sas.com
>> 
>> This email sent to jim.ad...@sas.com
> 


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Jens Alfke 

> On Jun 25, 2016, at 7:44 PM, Gerriet M. Denkmann  wrote:
> 
> Following TN2326 I created a (self signed) Certificate Authority and a 
> Digital Identity called "MyServerId".

You probably used the Keychain Access app for this? That works fine, but you’ll 
probably want every instance of the server app to create its own key-pair and 
cert, and you don’t want the user to have to use Keychain Access. I’ve got some 
utility code in my MYUtilities library that will create an Identity (key pair + 
cert) programmatically:
https://github.com/snej/MYUtilities/blob/master/MYAnonymousIdentity.h
The MYGetOrCreateAnonymousIdentity() function returns a SecIdentityRef you can 
use with CFStream.

> Absolutely not sure whether the code above is correct, but it seems to be 
> working.

That was fast! This is frustrating stuff to implement. Or maybe the docs have 
gotten a lot better recently ;-)

> Currently (as indicated in the code above) my client has a copy of the real 
> server certificate and compares it with the certificate obtained from its 
> inputStream.
> I am not sure whether putting the server certificate into the client is ok or 
> a breach of security. 

It’s fine; the certificate is public and intended to be shared. It’s the 
private key that’s sensitive. What you’re describing is called “key-pinning”: 
restricting a client to connect only with a server with a known public key.

If every instance of the server has its own key, then embedding a cert in the 
client app doesn’t work. What’s usually done is to have the app store a copy of 
the cert the first time it connects to the server (with the user’s approval), 
and then require the same cert every subsequent time it connects. (This is 
similar to what SSH does, where the first time you connect to a host it tells 
you the key is unknown and asks if you want to trust it.)

The situation you want to watch out for is where the client connects to a 
server it’s already connected to, but the cert’s public key doesn’t match the 
previous one. This is where you sound the alarm to the user — either someone’s 
trying to spoof the real server, or perhaps the server lost its keys and had to 
create a new cert (maybe its disk crashed and there wasn’t a backup of the 
keychain.)

—Jens
___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: How do I get data out of NSRuleEditor?

2016-06-26 Thread Jerry Krinock 
> On 2016 Jun 26, at 12:29, Jim Thomason  wrote:
> 
> I've been desperately trying to use NSRuleEditor for a while now, since it
> presents exactly the type of interface I want to show to the users.

NSRuleEditor and NSPredicateEditor give you a quite a boatload, but as you’ve 
discovered they are difficult to customize.

> That just seems...yucky to me. Since I'd need to reverse the displayValue
> into the real value in some manner

Indeed, that is yucky, but, in my experience, not surprising.  I found myself 
using this same workaround, on some opaque popop menu items, when I customized 
NSPredicateEditor to support regular expression matching.  

To make this slightly less yucky, define a property or constant for that 
localized string.


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Gerriet M. Denkmann 

> On 27 Jun 2016, at 06:11, Jens Alfke  wrote:
> 
>> On Jun 25, 2016, at 7:44 PM, Gerriet M. Denkmann  
>> wrote:
> 
>> Absolutely not sure whether the code above is correct, but it seems to be 
>> working.

> It’s fine; the certificate is public and intended to be shared. It’s the 
> private key that’s sensitive. What you’re describing is called “key-pinning”: 
> restricting a client to connect only with a server with a known public key.

That is very reassuring to know. Thanks for the confirmation.

> That was fast! This is frustrating stuff to implement. Or maybe the docs have 
> gotten a lot better recently ;-)

I am great, am I not? (Well, to be honest, I have been struggling with this for 
weeks, and also borrowed heavily from the Apple sample code TLSTool)

> If every instance of the server has its own key, then embedding a cert in the 
> client app doesn’t work.

This project is for my own personal use. So there is just one server.

> The situation you want to watch out for is where the client connects to a 
> server it’s already connected to, but the cert’s public key doesn’t match the 
> previous one. 

In this case the client will close the connection immediately.


Kind regards,

Gerriet.


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Gerriet M. Denkmann 

> On 26 Jun 2016, at 21:59, Keary Suska  wrote:
> 
> 
>> On Jun 25, 2016, at 8:44 PM, Gerriet M. Denkmann  
>> wrote:
>> 
>> Following TN2326 I created a (self signed) Certificate Authority and a 
>> Digital Identity called "MyServerId".
>> 
> 
> 
>>> We are now falling into the rabbit hole that is peer-to-peer trust & 
>>> identity. How is your server going to identify it so that a client will 
>>> know that it’s the server it expects? I don’t know whether you’ve given any 
>>> thought to this; the answer affects how you’d implement this part of the 
>>> app.
>> 
>> I have thought about this, but I am not at all sure that my thoughts are 
>> correct.
>> Currently (as indicated in the code above) my client has a copy of the real 
>> server certificate and compares it with the certificate obtained from its 
>> inputStream.
>> I am not sure whether putting the server certificate into the client is ok 
>> or a breach of security. 
>> 
>> That is: the client will accept any server which has signed with the server 
>> certificate.
> 
> Self-signed certificates can only offer encryption, but cannot offer trust 
> because they are not verifiable. You can’t use the server certificate as a 
> key since you pass that key out to anyone who wants it (in your app), and 
> anyone who gets it can impersonate the server.

Assume that an evil entity has got hold of “MyServerCertificate.cer”, but has 
no access to my keychain and thus to the private key of MyServerCertificate. 
Could they use this certificate to open a secure stream to a client? Or do they 
need the private key to sign?


> I am unclear to me whether you are after a client-server (i.e. all servers 
> are under your control) or peer-to-peer (i.e. every client is a server and 
> every server is a client)) model? 

There is just one server, which is under my control.


Kind regards,

Gerriet.


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Keary Suska 

> On Jun 26, 2016, at 9:13 PM, Gerriet M. Denkmann  wrote:
> 
>> 
>> 
>> Self-signed certificates can only offer encryption, but cannot offer trust 
>> because they are not verifiable. You can’t use the server certificate as a 
>> key since you pass that key out to anyone who wants it (in your app), and 
>> anyone who gets it can impersonate the server.
> 
> Assume that an evil entity has got hold of “MyServerCertificate.cer”, but has 
> no access to my keychain and thus to the private key of MyServerCertificate. 
> Could they use this certificate to open a secure stream to a client? Or do 
> they need the private key to sign?

To clarify, I was pointing out two weaknesses that come out of self-signed 
certificates, and in the latter case how comparing an embedded certificate/key 
with the server’s public certificate/key would not offer any security if it 
were self-signed, as you would be using the cert as a passcode that anyone can 
easily have. With a verifiable certificate you wouldn’t normally have these 
weaknesses and you get server verification (usually called “authentication”) as 
part of the SSL/TLS protocol so you don’t have to code for that case (though 
you may need to be explicit that you want certificate verification if it isn’t 
the default).

For the latter part of the question, in asymmetric encryption schemes, the 
private key is certainly needed to decrypt but does not authenticate. If you 
permit ad-hoc connections from the server to the client, the only way to 
authenticate the server would be by the server providing a client certificate 
and that being verified by a third-party. Even a self-signed client certificate 
does not provide authentication as it too is tantamount to using the 
certificate as a password that you give you to anyone who buys your app. Now, 
normally, the communications would still be encrypted and difficult to 
decipher, as long as you are comparing signed certificates, but if the 
certificate ever changes you now have to redistribute the new signed 
certificate.

I would also reiterate that when using SSL/TLS you don’t need to bother with 
key verification such as what ssh uses, since ssh uses those methods precisely 
because it does not rely on third party authentication so requires the client 
and server to agree that the connection is valid even though neither can 
actually guarantee that it is the case. This would be more similar to my 
peer-to-peer example, where trust is agreed upon before communication proceeds. 
SSL/TLS is also more robust in this case because the certificate can change at 
any time (which will periodically happen every 1-5 years anyway) but the server 
can still be correctly authenticated.

HTH,

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Jens Alfke 

> On Jun 26, 2016, at 8:13 PM, Gerriet M. Denkmann  wrote:
> 
> Assume that an evil entity has got hold of “MyServerCertificate.cer”, but has 
> no access to my keychain and thus to the private key of MyServerCertificate. 
> Could they use this certificate to open a secure stream to a client? Or do 
> they need the private key to sign?

— Servers don’t open connections to clients; it’s the other way around.
— There’s nothing private about a certificate. In fact, an SSL server sends its 
certificate out to any client that connects to it, as part of the SSL handshake.
— A certificate contains only the public key, not the private key. It can’t be 
used to sign anything, only to verify signatures.

—Jens
___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Security with Streams

2016-06-26 Thread Gerriet M. Denkmann 

> On 27 Jun 2016, at 12:57, Jens Alfke  wrote:
> 
>> On Jun 26, 2016, at 8:13 PM, Gerriet M. Denkmann  
>> wrote:
>> 
>> Assume that an evil entity has got hold of “MyServerCertificate.cer”, but 
>> has no access to my keychain and thus to the private key of 
>> MyServerCertificate. 
>> Could they use this certificate to open a secure stream to a client? Or do 
>> they need the private key to sign?
> 
> — Servers don’t open connections to clients; it’s the other way around.

Sorry, I was speaking rather too loosely.

I meant: when the server accepts a connection from a client via 
netService:didAcceptConnectionWithInputStream:outputStream: 
it does:
[ inputStream setProperty: settings  forKey: kCFStreamPropertySSLSettings ]

where settings has: kCFStreamSSLCertificates = array with a SecIdentityRef 
obtained via SecItemCopyMatching().

Could it, instead of getting the SecIdentityRef from the keychain, just use 
MyServerCertificate.cer instead?


> — A certificate contains only the public key, not the private key. It can’t 
> be used to sign anything, only to verify signatures.

So this probably answers my question: It could not. (Correct ?).

So the evil server has to use its own EvilServerCertificate from its own 
keychain. 
And then the client would compare the certificate it receives with 
MyServerCertificate.cer and notice that these are different, thus closing the 
connection. (Correct ?)


Kind regards,

Gerriet.


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

WWDC 2016 direct download

2016-06-26 Thread tridiak 
Where do you download the 2016 WWDC videos directly?
Or is that not possible (why)?
I want to watch them on my iPod touch while on work breaks.

TIA
___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: WWDC 2016 direct download

2016-06-26 Thread Quincey Morris 
On Jun 26, 2016, at 23:47 , tridiak  wrote:
> 
> Where do you download the 2016 WWDC videos directly?

Can you run the WWDC app on your iPod Touch? If so, you can download them from 
within the app.

(Er, sry if it’s weird that I can’t remember what functionality iPods have any 
more. It’s actually a while since I’ve seen one, and I tend to watch these 
videos on an iPad.)

___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: WWDC 2016 direct download

2016-06-26 Thread Roland King 
If you can’t run the WWDC app then go to developer.apple.com, find the videos 
section, find the WWDC videos section, find the one you want and on the 
Resources tab are links to the hi and sd def videos. 



> On 27 Jun 2016, at 14:47, tridiak  wrote:
> 
> Where do you download the 2016 WWDC videos directly?
> Or is that not possible (why)?
> I want to watch them on my iPod touch while on work breaks.
> 
> TIA
> ___
> 
> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
> 
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> 
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/cocoa-dev/rols%40rols.org
> 
> This email sent to r...@rols.org


___

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com