Chris' Blog.

My occasional thoughts on iOS development, developers careers, trying to make an income from the App Store, and updates on life in general.

Storing Secret Keys

Often when writing iOS apps, we need to store secret keys for accessing APIs and the like, so that your backend can verify that requests are actually coming from your app. And usually, it's worth keeping these keys secret from most prying eyes, which is what this article is about.

Disclaimer: The obfuscation techniques described here are only strong enough to fend off most crackers from finding your keys. It's impossible to protect securely against an expert with intimate knowledge of LLDB, so don't rely on these techniques as acting as anything more than a strong discouragement to someone who is after your keys. This is, after all, security by obscurity. I disclaim any and all liability if you follow these instructions.

Keys that aren't sent as part of requests, such as secret keys used for HMAC generation, are particularly suitable for techniques as described below. Keys that are sent as part of requests are basically public, and can be snooped trivially using an app such as the Charles debugger, so I wouldn't bother obfuscating those keys. The exception is that if you're relying on SSL certificate pinning to ensure that your messages to the server cannot be decrypted by an installed root certificate MITM (eg Charles with SSL forwarding enabled), then it'd be worthwhile.

Literal strings vs hex

Firstly, you do not want an attacker to be able to decrypt your app's binary, and run strings MyApp from the command line to simply dump all the literal strings in your app, and peruse them until they find something that looks like a key. So, I recommend you avoid the following:

static NSString *kMyAPIKey = @"abcdef123456"; // Really easy to find using the 'strings' command line tool.

Instead, I recommend that you store your keys as literal hex values, which hides them from 'strings', like below:

unsigned char myApiKey[] = { 0xDE, 0xAD, 0xBE, 0xEF }; // Hidden from 'strings', but not from a hex editor / MachOView.

The above is a little better, your key is now hidden from the simplest of attacks. However, the raw key is still in the binary, and can be found with either a hex editor or (more realistically) MachOView. Searching with a hex editor would be like looking for a needle in a haystack, but MachOView can open your app binary and allow someone to search only in the constants section, which makes it a lot faster. For instance, with MachOView, I was able to find a key in one of my app binaries in a few minutes, just by scrolling until I saw an interesting-looking bunch of values.

Obfuscation

The next step is to obfuscate the key, so the key cannot be found simply by looking at the static binary. A simple technique I've used is to XOR the key against some value that can easily be replicated at runtime, so you're only storing the obfuscated value in the binary. In Objective-C development, a good value to use to XOR against can be as simple as a SHA hash of one of your class names. I chose to use a class name because it does not require any further literal to be stored in the binary. Just be sure to choose a SHA variation that has an output the same length or longer than your secret key. An example implementation is below:

#include <CommonCrypto/CommonCrypto.h>

unsigned char obfuscatedSecretKey[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF };

// Get the SHA1 of a class name, to form the obfuscator.
unsigned char obfuscator[CC_SHA1_DIGEST_LENGTH];
NSData *className = [NSStringFromClass(ChooseOneOfMyClassesHere)
    dataUsingEncoding:NSUTF8StringEncoding];
CC_SHA1(className.bytes, (CC_LONG)className.length, obfuscator);

// XOR the class name against the obfuscated key, to form the real key.
unsigned char actualSecretKey[sizeof(obfuscatedSecretKey)];
for (int i=0; i<sizeof(obfuscatedSecretKey); i++) {
    actualSecretKey[i] = obfuscatedSecretKey[i] ^ obfuscator[i];
}

... now you can do something with actualSecretKey ...

With the above in place, any attacker would have to either figure out how your code works with a disassembler (really hard), or they'd have to attach a debugger and hook into functions until they found where you actually do something with the secret key once it is in the clear (less difficult, but still requires quite an advanced attacker).

Now there's a simple trick to generate your obfuscated key in the first place: Put your real secret key into obfuscatedSecretKey, put a breakpoint after it generates the actualSecretKey, dump the value of actualSecretKey, and use that as your obfuscatedSecretKey. This works because XOR is a reversible process.

Disabling debug sessions

To somewhat mitigate the risk of crackers attacking your app with a debugger (LLDB or GDB), you can insert some code in your app that makes it crash as soon as it detects a debugger attached. The iTunes app uses this technique, you can read about it here.

To achieve this, here is a sample implementation for your main.m file, from the iPhone wiki:

#import <dlfcn.h>
#import <sys/types.h>

typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
#if !defined(PT_DENY_ATTACH)
#define PT_DENY_ATTACH 31
#endif  // !defined(PT_DENY_ATTACH)

void disable_gdb() {
    void* handle = dlopen(0, RTLD_GLOBAL | RTLD_NOW);
    ptrace_ptr_t ptrace_ptr = dlsym(handle, "ptrace");
    ptrace_ptr(PT_DENY_ATTACH, 0, 0, 0);
    dlclose(handle);
}

int main(int argc, char *argv[]) {
    #if !(DEBUG) // Don't interfere with Xcode debugging sessions.
        disable_gdb();
    #endif

    @autoreleasepool {
        return UIApplicationMain(argc, argv, nil,
            NSStringFromClass([MyAppDelegate class]));
    }
}

Now, of course, a sufficiently talented cracker can work around this, however it's another obstacle I recommend placing in their way to make it more difficult.

Recommendations

So, to sum up, my recommendations:

  • Store your secrets as unsigned char myVar[] = {0x00, 0x11, ...} instead of @"SomeString".
  • Obfuscate by XORing against the hash of a class name.
  • Disable GDB/LLDB at the start of main().
  • Use SSL certificate pinning if you are sending your key as part of the request, as opposed to using it in an HMAC.
  • Don't rely on any of this preventing a determined, skilled cracker, it's a deterrent against the 99%.

Footnote: As mentioned before, I disclaim responsibilities if you follow this article, as it is only security by obscurity.


iOS8 CoreLocation Permissions

Have you been stung by Core Location when you ported your iPhone app to iOS8? Here was my experience: All calls to locationManager:didUpdateLocations: stopped occurring (eg no more location events came in), and the prompt to the user asking for permission for location access stopped popping up. Something was definitely up. Hopefully I can help you here.

TL;DR -> Jump to the 'How to update your app' subheading below.

Unfortunately, there's no mention of any changes to CoreLocation in the Xcode6 release notes. Indeed, at the time of writing, even apple's class reference does not describe what you need to be doing yet: CLLocationManager.

This is a real shame, because they've overhauled the permissions system, rendering your old apps lifeless. I presume any apps compiled against Xcode 5's iOS7 SDK will continue to work in some kind of 'compatability mode', however once you start compiling in Xcode6, you'll need to deal with this.

New permissions system

It appears that they're basically fed up with people bringing their iPhones into Genius bars, complaining about their battery life, and finding some lousy app that's leaving the GPS turned on while it's in the background.

So they've separated location permissions into two parts: the ability to get locations while the app is activated, and the ability to get location updates while your app is in the background. I guess Apple figures this will make it more obvious to users when an app is going to kill their battery in the background, and save a few trips to the Genius bar.

So now one of the authorisation status enums is deprecated, and two more are in its place:

Deprecated, for iOS7 and below:
kCLAuthorizationStatusAuthorized

For iOS8+
kCLAuthorizationStatusAuthorizedAlways <- For background battery-killers.
kCLAuthorizationStatusAuthorizedWhenInUse <- For sensible apps.

Also, there are now methods you need to call to request permission, instead of the permission prompt automatically appearing as it did in iOS7 and below:

requestAlwaysAuthorization <- 'May I please kill your battery?'
requestWhenInUseAuthorization <- For sensible apps.

How to update your app

So, here's what you need to do. I'm assuming below that you only want foreground access.

Firstly, wherever your app checks the authorizationStatus value, you'll need to compare against the two new enums. To keep your app working across iOS7 and 8, I recommend that before you create a CLLocationManager instance, you should check that authorizationStatus is neither kCLAuthorizationStatusRestricted nor kCLAuthorizationStatusDenied, and disregard the authorised states. If you really need to directly check the authorised states, keep in mind that iOS7's kCLAuthorizationStatusAuthorized == iOS8's `kCLAuthorizationStatusAuthorizedAlways'.

Next, after you instantiate your CLLocationManager, you'll need to call requestWhenInUseAuthorization (or requestAlwaysAuthorization) so that iOS can prompt the user for access. To keep your app compatible with iOS7, do a responds check first. See below:

if ([myLocationManager respondsToSelector:
    @selector(requestWhenInUseAuthorization)]) {
    [myLocationManager requestWhenInUseAuthorization];
}

You can call the above every time you create a location manager, if you've already got permission it won't prompt again, making your code simpler.

Lastly, you need to update your app's info.plist file to have the correct permission prompt. You'll need two keys, the first for iOS7 and the next for iOS8. See below:

<key>NSLocationUsageDescription</key>
<string>My App would pretty please like to use your GPS.</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string>My App would pretty please like to use your GPS.</string>

Now that step above is dastardly, as that key is undocumented (as far as I can tell) in the CoreLocation reference. If anyone from Cupertino sees this, please nudge your tech writers!

Anyway, hope this gets you un-stuck and enjoying iOS8/Xcode 6. Good luck if you're trying Swift, however I'll give it until at least Xcode 6.1 before I trust it.


A common issue I've encountered with AFNetworking is that, unless you delve into the internals, you get no straightforward way of accessing the response body in the failure callbacks. Now this can be a big issue when your iPhone app is talking to an API that sends you errors with 400 or 500 responses, and you're interested in grabbing the actual error message (or other details) from the response. There are numerous solutions to this, but most of them involve giving up on AFNetworking's convenience methods, which (for me) really is a shame. This solution inserts the response into the NSError that is returned, for minimal impact to the way you deal with AFNetworking 2, in a similar way as used to work with AFNetworking 1.

All told, here is how you would use my solution, if you apply my steps further down this post:

[[MySessionManager sharedManager] POST:@"my-api" parameters:myParams success:^(NSURLSessionDataTask *task, id responseObject) {
    ...
} failure:^(NSURLSessionDataTask *task, NSError *error) {
    id responseObject = error.userInfo[kErrorResponseObjectKey];
    ... great! You've got the response for an error now ...
}];

AFHTTPSessionManager subclass

First for a bit of groundwork. I've found it to be a good practice to subclass AFHTTPSessionManager, and manage your session manager singleton in said subclass. This subclass will come in handy later for capturing the error response bodies. So lets get started with the below:

//  MySessionManager.h

#import "AFHTTPSessionManager.h"

#define kErrorResponseObjectKey @"kErrorResponseObjectKey"

@interface MySessionManager : AFHTTPSessionManager

/// The singleton. Use this to talk to your API.
+ (instancetype)sharedManager;

@end

...

//  MySessionManager.m

#import "MySessionManager.h"

#if DEBUG
    static NSString *kBaseUrl = @"http://testapi.myapp.com/v1/";
#else
    static NSString *kBaseUrl = @"https://api.myapp.com/v1/";
#endif

@implementation MySessionManager

+ (instancetype)sharedManager {
    static id instance;
    static dispatch_once_t onceToken;
    dispatch_once(&onceToken, ^{
        instance = [[self alloc] initWithBaseURL:[NSURL URLWithString:kBaseUrl]];
    });
    return instance;
}

@end

Tip: You could use initWithBaseURL:sessionConfiguration: above if you'd like to customise your configuration, eg have a common HTTP header that you'd like to send with all your API requests.

To use the above singleton to access your API's (this will not capture errors yet, but it gives you the idea), you can do the below:

[[MySessionManager sharedManager] GET:@"some-endpoint" parameters:myParams success:^(NSURLSessionDataTask *task, id responseObject) {
    ...
} failure:^(NSURLSessionDataTask *task, NSError *error) {
    ...
}];

Which, in itself, is quite a neat and tidy way of using AFNetworking 2. I hope the above, in and of itself, is useful for you :)

Grabbing the errors

Next, we want to override dataTaskWithRequest:completionHandler: in the subclass, so that it wraps the completion handler with a 'shim' which puts the response body into the NSError, before calling the original completion handler. Here it is below:

//  MySessionManager.m continued...

/// This wraps the completion handler with a shim that injects the responseObject into the error.
- (NSURLSessionDataTask *)dataTaskWithRequest:(NSURLRequest *)request
                            completionHandler:(void (^)(NSURLResponse *, id, NSError *))originalCompletionHandler {
    return [super dataTaskWithRequest:request
                    completionHandler:^(NSURLResponse *response, id responseObject, NSError *error) {

        // If there's an error, store the response in it if we've got one.
        if (error && responseObject) {
            if (error.userInfo) { // Already has a dictionary, so we need to add to it.
                NSMutableDictionary *userInfo = [error.userInfo mutableCopy];
                userInfo[kErrorResponseObjectKey] = responseObject;
                error = [NSError errorWithDomain:error.domain
                                            code:error.code
                                        userInfo:[userInfo copy]];
            } else { // No dictionary, make a new one.
                error = [NSError errorWithDomain:error.domain
                                            code:error.code
                                        userInfo:@{kErrorResponseObjectKey: responseObject}];
            }
        }

        // Call the original handler.
        if (originalCompletionHandler) {
            originalCompletionHandler(response, responseObject, error);
        }
    }];
}

And that's it! Your failure callbacks will now be able to access errors as described at the start of this article, as follows:

id responseObject = error.userInfo[kErrorResponseObjectKey];

Hope it's helpful :)


You can see older posts in the right panel, under 'archive'.

Archive

Storing obfuscated secret keys in your iOS app 16 Sep 2014

Getting Core Location / CLLocationManager to work on iOS8 14 Sep 2014

Accessing the response body in failure blocks with AFNetworking 2 10 Sep 2014

How to allow your UITextFields to scroll out of the way of the keyboard 8 Sep 2014

How to subclass UIButton in iOS7 and make a UIButtonTypeSystem 4 Sep 2014

New season 1 Aug 2014

House finished 17 Jun 2014

WebP decoding on iOS 9 Feb 2014

Moving on again 22 Jan 2014

Lossy images for retina iPads - JPEG vs WebP 30 Nov 2013

Career options I wish I knew about when I was younger 20 Oct 2013

Positivity and your friends 7 Oct 2013

Tactility 26 Jul 2013

WWDC-induced narcolepsy 15 Jul 2013

Back on rails 31 May 2013

Full circle 6 May 2013

Programmatic UI on iOS 3 May 2013

Screencasts and positivity 8 Apr 2013

Year of positivity 14 Mar 2013

iOS Dev State of the Union 6 Feb 2013

Adventures with IAPs 3 Feb 2013

No longer a Googler 23 Dec 2012

Localising iPhone apps with Microsoft Translator 8 Dec 2012

Fight back (app biz update 13) 12 Nov 2012

Sent to the backburner (app biz update 12) 25 Oct 2012

Lisi Schappi 7 Oct 2012

Today's happy plateau (app biz update 11) 26 Aug 2012

First week's sales of Today (app biz update 10) 19 Aug 2012

Today launch! And a difficult decision made... (app biz update 9) 15 Aug 2012

Approved! (app biz update 8) 5 Aug 2012

Creating a graph in Objective-C on the iPhone 3 Aug 2012

Hurry up and wait (app biz update 7) 30 Jul 2012

Today app marketing site 27 Jul 2012

Today app submitted 25 Jul 2012

UIAlertView input wrapper 24 Jul 2012

Mentoring 23 Jul 2012

This is too hard! (app biz update 6) 20 Jul 2012

Perspectives (app biz update 5) 9 Jul 2012

4th starting-my-own-biz update 1 Jul 2012

ScrumFox landing page 28 Jun 2012

Server Scope landing page 27 Jun 2012

Telstra Calls and Data Usage 26 Jun 2012

Service History + Dropbox 26 Jun 2012

Impromptu Presenter 26 Jun 2012

Fertility Tracker 26 Jun 2012

Baby Allergy Tracker 26 Jun 2012

Starting my own business, update 3 22 Jun 2012

Starting my own business, update 2 17 Jun 2012

Starting my own business - First update 10 Jun 2012

I must be crazy 6 Jun 2012

Finding your location on an iPhone 7 May 2012

A generous career 4 May 2012

Skeleton Key Cocoaheads presentation 3 May 2012

CHBgDropboxSync - Dropbox auto-sync for your iOS apps 1 May 2012

That book about that Steve Jobs guy 30 Apr 2012

Another app marketing idea 23 Apr 2012

Sweet grouped tables on the iPhone 17 Apr 2012

Skeleton Key App 11 Apr 2012

Another app marketing idea... 5 Apr 2012

Quickly check for any missing retina graphics in your project 3 Apr 2012

Skeleton Key Password Manager with Dropbox 2 Apr 2012

RC Boat motor finally mounted 2 Apr 2012

Promoting apps presentation slides 1 Apr 2012

How i just wasted a month on my latest app, and how you don't need to 26 Mar 2012

The Finishing Line 20 Mar 2012

Using Launchd to run a script every 5 mins on a Mac 20 Feb 2012

Generating AES256 keys from a password/passphrase in ObjC 20 Feb 2012

Indie iPhone app marketing, part 2 19 Feb 2012

My App Manifesto: Syncing + Dropbox + YAML = Awesome 15 Feb 2012

Indie iPhone App Marketing part 1 7 Feb 2012

Perspectives 2 Feb 2012

Accountability and Free Will 1 Feb 2012

Badassery 31 Jan 2012

Sacrifice 30 Jan 2012

Lead Yourself First 29 Jan 2012

How to ping a server in Objective-C / iPhone 26 Jan 2012

iOS Automated Builds with Xcode4 16 Jan 2012

Xcode 4 - Command line builds of iPhone apps 15 Jan 2012

Guest post by Jason McDougall 13 Jan 2012

Scouts, Games and Motivation 10 Jan 2012

2011 Re-cap 8 Jan 2012

Ruby script to increment a build number 4 Jan 2012

Turning 30? All ideas, no execution? 18 Dec 2011

CHDropboxSync - simply sync your iOS app's documents to Dropbox 14 Dec 2011

Deep-enumerating a directory on the iphone, getting file attributes as you go 10 Dec 2011

Getting a date without the time component in objective-c 6 Dec 2011

Memory management in Objective-C 4 Dec 2011

Starting small 29 Nov 2011

Dictionary Types Helper 29 Nov 2011

Observer Pattern in Objective-C 16 Nov 2011

Why you should give presentations 13 Nov 2011

How to get a programming or design job in Sydney 9 Nov 2011

Custom nav bar / toolbar backgrounds in iOS5 8 Nov 2011

Stuck 27 Oct 2011

Dead easy singletons in Obj-C 19 Oct 2011

JSON vs OCON (Objective-C Object Notation) 18 Oct 2011

In defence of Objective-C 16 Oct 2011

Update the MessagePack objective-c library to support packing 12 Oct 2011

Icons 11 Oct 2011

How to host a site on Amazon AWS S3, step-by-step 7 Oct 2011

Drawing a textured pattern over the default UINavigationBar 6 Oct 2011

Markdown Presentations 1 Oct 2011

More MegaComet testing: Ruling out keepalives 15 Sep 2011

MegaComet test #4 - This time with more kernel 14 Sep 2011

Building People 10 Sep 2011

Half way there: Getting MegaComet to 523,000 concurrent HTTP connections 5 Sep 2011

Making a progress bar in your iPhone UINavigationBar 22 Aug 2011

Hacker News Reader 20 Aug 2011

How to programmatically resize elements for landscape vs portrait in your iphone interface 16 Aug 2011

MegaComet testing part 2 3 Aug 2011

Australian Baby Colours 28 Jul 2011

Boat prop shaft 25 Jul 2011

Megacomet with 1 million queued messages 24 Jul 2011

Installed the strut and rudder 18 Jul 2011

Painted the inside of the boat 17 Jul 2011

Fuzzy iphone graphics when using an UIImageView set to UIViewContentModeCenter 13 Jul 2011

My 3 Data and Calls Usage 11 Jul 2011

Reading a line from the console in node.js 10 Jul 2011

Trim whitespaces on all text fields in a view controller 9 Jul 2011

Final finish 9 Jul 2011

MessagePack parser for Objective-C / iPhone 30 Jun 2011

Lacquering the starboard side 25 Jun 2011

What do do with EXC_ARM_DA_ALIGN on an iPhone app 23 Jun 2011

Lacquering the hull 23 Jun 2011

Staining the boat 22 Jun 2011

NSMutableSet with weak references in objective-c 20 Jun 2011

Iphone gesture recogniser that works for baby games 20 Jun 2011

Image manipulation pixel by pixel in objective C for the iphone 19 Jun 2011

Baby Allergy Tracker 12 Jun 2011

Power sanding the deck 10 Jun 2011

Planing the edge of the deck 2 Jun 2011

Figured out the deck 2 Jun 2011

Boat bulkheads 2 Jun 2011

Simulating iOS memory warnings 31 May 2011

Putting a UIButton in a UIToolbar 29 May 2011

How to allow closing a UIActionSheet by tapping outside it 29 May 2011

Finding the currently visible view in a UITabBarController 24 May 2011

Random Chef 17 May 2011

Centered UIButton in a navigation bar on the iphone 16 May 2011

Little Orchard 13 May 2011

Boat update 13 May 2011

How to get the current time in all time zones for the iphone / obj-c 12 May 2011

Design portfolio 10 May 2011

Tricks with grand central dispatch, such as objective-c's equivalent to setTimeout 9 May 2011

How to make an iphone view controller detect left or right swipes 5 May 2011

Centered section headers on a UITableView 5 May 2011

Christmas in may 4 May 2011

Finished trimming the boat (its floatable now!) and got some parts 29 Apr 2011

How to make a multiline label with dynamic text on the iphone and get the correct height 27 Apr 2011

Forcing an image size on the image in a table view cell on an iphone 20 Apr 2011

Git on the Mac 19 Apr 2011

Build a url query string in obj-c from a dictionary of params like jquery does 12 Apr 2011

Rendering a radial gradient on the iphone / objective-c 11 Apr 2011

Skinning the port side of the boat 8 Apr 2011

Skinning the side of the boat 5 Apr 2011

Sending a UDP broadcast packet in C / Objective-C 5 Apr 2011

How to talk to a unix socket / named pipe with python 4 Apr 2011

Skinning the bottom of the boat 31 Mar 2011

Service discovery using node.js and ssdp / universal plug n play 30 Mar 2011

Extremely simple python threading 29 Mar 2011

New rescue boat 26 Mar 2011

HttpContext vs HttpContextBase vs HttpContextWrapper 5 Nov 2010

Simple C# Wiki engine 30 Sep 2010

Simple way to throttle parts of your Asp.Net web app 29 Sep 2010

How to implement DES and Triple DES from scratch 4 Aug 2010

How to use sessions with Struts 2 30 Jul 2010

How to use Cookies in Struts 2 with ServletRequest and ServletResponse 30 Jul 2010

Using Quartz Scheduler in a Java web app (servlet) 27 Jul 2010

Javascript date picker that Doesn't Suck!(tm) 27 Jul 2010

Using Oracle XE with Hibernate 20 Jul 2010

A simple implementation of AES in Ruby from scratch 29 Jun 2010

Asp.Net Forms authentication to your own database 28 May 2010

AS2805 (like ISO8583) financial message parser in C# 7 May 2010

Ruby hex dumper 4 May 2010

Using Spring to manage Hibernate sessions in Struts2 (and other web frameworks) 13 Jan 2010

Emails in C#: Delivery and Read receipts / Attachments 12 Jan 2010

Using Java libraries in a C# app with IKVM 16 Dec 2009

Learning Java tutorial 27 Nov 2009

Using generic database providers with C# 17 Nov 2009

Scheduled task executable batch babysitter 29 Oct 2009

Working with query strings in Javascript using Prototype 30 Sep 2009

Still fighting with String.Format? 9 Sep 2009

How I'd build the next Google 24 Aug 2009

Getting IIS and Tomcat to play nicely with isapi_redirect 24 Aug 2009

Using the new ODP.Net to access Oracle from C# with simple deployment 11 Aug 2009

C# Cryptography - Encrypting a bunch of bytes 14 Jul 2009

Sorting enormous files using a C# external merge sort 10 Jul 2009

Reconciling/comparing huge data sets with C# 9 Jul 2009

Some keyboard-friendly DHTML tricks 10 Jun 2009

How to figure out what/who is connected to your SQL server 18 Mar 2009

Adding a column to a massive Sql server table 16 Mar 2009

Multithreading using Delegates in C# 10 Mar 2009

Using C# locks and threads to rip through a to-do list 6 Feb 2009

Using threads and lock in C# 3 Feb 2009

Setting a form name and onsubmit using form_for in rails 2 14 Jan 2009

Compressing using the 7Zip LZMA algorithm in C# beats GZipStream 14 Jan 2009

Bare minimum HTML that validates 22 Dec 2008

MS Sql Server 2005 locking 17 Dec 2008

Simple Comet demo for Ruby on Rails 19 Nov 2008

Geocoding part 2 - Plotting postcodes onto a map of Australia with C# 24 Oct 2008

Using evolutionary algorithms to make a walkthrough for the light-bot game with C# 20 Oct 2008

How to tell when memory leaks are about to kill your Asp.Net application 16 Oct 2008

C# version of isxdigit - is a character a hex digit? 15 Sep 2008

Geocoding part 1 - Getting the longitude and latitude of all australian postcodes from google maps 26 Aug 2008

Converting HSV to RGB colour using C# 14 Aug 2008

Opening a TCP connection in C# with a custom timeout 11 Aug 2008

Oracle Explorer - a very simple C# open source Toad alternative 31 Jul 2008

Linking DigitalMars' D with a C library (Mongrel's HTTP parser) 23 Jun 2008

Connecting to Oracle from C# / Winforms / Asp.net without tnsnames.ora 16 Jun 2008

A simple server: DigitalMars' D + Libev 6 Jun 2008

Travelling from Rails 1 to Rails 2 9 Apr 2008

Rocketsale 9 Apr 2008

Online Rostering System 9 Apr 2008

DanceInforma 9 Apr 2008

Client Analyser 9 Apr 2008

How good is this??? 16 Dec 2007

Using RSS or Atom to keep an eye on your company's heartbeat 10 Nov 2007

Easy Integrated Active Directory Security in ASP.Net 24 Oct 2007

First post 17 Oct 2007