A while back I wrote something for Dropbox users on OS X called Dropbox Cache Cleaner. It was early in the life of the now infamous file sharing/syncing service and they had an effective but rudimentary method of caching deleted items in the event you really needed them back. The trouble was that it could consume large amounts of disk space without you even knowing it.

When passing data to a web site, especially via "GET" requests (e.g. calling + stringWithContentsOfURL:encoding:error:) it's important to ensure content is properly escaped. This is also true on the iPhone when you are attempting to use a "mailto:" URL to invoke the native e-mail client from your app.

One obvious way to do this is by calling NSString's "- (NSString *)stringByAddingPercentEscapesUsingEncoding:(NSStringEncoding)encoding" method. While this does a good job, it is not perfect and will miss things like "/", which may make some web services cry. The best way to do this encoding is to use:

CFStringRef CFURLCreateStringByAddingPercentEscapes (
   CFAllocatorRef allocator,
   CFStringRef originalString,
   CFStringRef charactersToLeaveUnescaped,
   CFStringRef legalURLCharactersToBeEscaped,
   CFStringEncoding encoding
);

This method lets you specify what you want encoded and what you want left raw. I threw together a really quick sample command line tool to show you the difference. Here are the salient lies:

NSString *url = @"<b>some HTML content</b> <a href=\"http://theresurgence.com/search/node/bible\">study materials</a>" ;

NSLog(@"Original text: [%@]", url) ;

NSLog(@"NSString percent escapes: [%@]",
      [ url stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]) ;

NSLog(@"CFURL percent escapes: [%@]",
      CFURLCreateStringByAddingPercentEscapes(kCFAllocatorDefault,
          (CFStringRef)url, NULL, CFSTR("!*'();:@&=+$,/?%#[]"), kCFStringEncodingUTF8));

And, here is the output:

Original text: [<b>some HTML content</b> <a href="http://theresurgence.com/search/node/bible">study materials</a>]
NSString percent escapes: [%3Cb%3Esome%20HTML%20content%3C/b%3E%20%3Ca%20href=%22http://theresurgence.com/search/node/bible%22%3Estudy%20materials%3C/a%3E]
CFURL percent escapes: [%3Cb%3Esome%20HTML%20content%3C%2Fb%3E%20%3Ca%20href%3D%22http%3A%2F%2Ftheresurgence.com%2Fsearch%2Fnode%2Fbible%22%3Estudy%20materials%3C%2Fa%3E]

Big difference without tons of additional code. Plus, you can use CFURLCreateStringByReplacingPercentEscapesUsingEncoding just as easily to unescape any string.

Cocoa is cool and Objective-C is a great language, but I like/prefer Python and the PyObjC bridge makes my life easier and programming actually interesting/fun for me.

This Xcode project is an example of how easy it is to create useful custom views in PyObjC with an example of a graph view that displays a circular queue/buffer. Everything is done starting with an Xcode project which is available for download (76KB compressed archive) and modification. Here is a preview of what you can use out of the box:

The easiest and smallest part of the project is the RingBuffer class that implements a very simple circular queue/buffer and provides direct access to the list that stores the information:

#
# RingBuffer.py

class RingBuffer:

    def __init__(self, size):
        """ init with # of elements in the queue """
        self.data = [ None for i in xrange(size)  ]

    def append(self, x):
        """ take away one and put one in """
        self.data.pop(0)
        self.data.append(x)

    def get(self):
        """ return the list so we can manipulate it """
        return self.data

There's not a lot of rocket science there, but it's amazing how much code you can eliminate by taking advantage of Python's inherent capabilities. In this case, list initialization is a breeze and removal/insertion of new elements could not be easier.

Next up is the CBGraphView class itself:

If you are interested in purchasing Base to aid your development projects (it is a front-end for SQLite3 database design), you must remove the ".xml" extension on the license file (Base_License.baselicense.xml) Menial sends to you in order for the app to recognize it.

I realize this applies to a very small subset of folks out there (most of whom probably figured this out as quickly as I did), but if this post helps out even one person, it was worth the entry time.

I haven't been slackin'...just lots of Apple postin' on TAB...

• Twiterriffic 3.1 beta
• ScreenSteps 2 mini-review
• iPhone Development Preview
• iPhone Web Development Starter
• My Apple TV Upgrade Experience

Another post by me over @ TAB looking at opensnoop, a cool dtrace utility that lets you monitor file opens.

Lots of good stuff came with Apple incorporating DTrace into Leopard. Load the Developer tools to get access to Instruments.app for some GUI-DTrace goodness and poke around man -k dtrace for some command-line DTrace fun.

DTrace is great for developers, but it has some security benefits as well, which I'll hopefully get some time to explain in the coming weeks.

Microsoft updated their sold, free guide to developing secure software. They discuss generic topics that apply to all development:

• Integrating security into the SDLC
• Security engineering objectives
• Web app security design guidelines
• Threat modeling (tho i'm not crazy about that term)
• Security architecture & deisgn reviews
• Security code reviews
• Security devlelopment reviews

and also provide some specific guidance, checklists and information on Microsoft technologies.

A must-read for all developers.