Charles for iOS

We are excited to announce that Charles Proxy is now available on iOS!

With the iOS version of Charles you can capture and inspect network requests and responses on your iOS device. You can view metadata, headers and bodies in the app, so you can finally debug your app’s networking issues without a computer.

Charles for iOS currently supports the following features:

• Capture HTTP and HTTPS network traffic on your device
• SSL Proxying so you can view your SSL / TLS requests in plain text
• View requests and responses in the app, or share each request or a whole session to Charles on your desktop

Running Charles on your iOS device means you no longer need to fiddle with WiFi network proxy settings. It also means that you can capture and measure network traffic that goes over the Mobile / Cellular data network.

Measuring networking performance over Mobile data is especially important for your mobile apps (as that is how a lot of users experience your app), and it can reveal large or slow requests, as well as opportunities to increase perceived performance by parallelising network calls.

We are thrilled to be able to finally bring Charles to the App Store. If you’d like to know a bit more about the history of Charles, and particularly Charles on iOS, I gave a presentation to try! Swift Tokyo in March 2018 that you can watch on YouTube.

We plan to bring more of the features that you know and love from Charles on the desktop to the iOS version over the coming months, so watch this space for more announcements.

We hope you enjoy using Charles on iOS!

Today, DigiCert issued the following statement regarding Trustico certificate revocation:

“Trustico requested revocation of their Symantec, GeoTrust, Thawte and RapidSSL certificates, claiming the certificates were compromised. When we asked for proof of the “compromise,” Trustico did not provide details on why they were requesting the immediate revocation. Trustico’s CEO indicated that Trustico held the private keys for those certificates, and then emailed us approximately 20,000 certificate private keys. When he sent us those keys, his action gave us no choice but to act in accordance with the CA/Browser Forum Baseline Requirements, which mandate that we revoke a compromised certificate within 24 hours. As a CA, we had no choice but to follow the Baseline Requirements. Following our standard revocation process, we gave notice via email to each certificate holder whose private keys had been exposed to us by Trustico, so they could have time to get a replacement certificate.

In communications today, Trustico has suggested that this revocation is due to the upcoming Google Chrome distrust of Symantec roots. That is incorrect. We want to make it clear that the certificates needed to be revoked because Trustico sent us the private keys; this has nothing to do with future potential distrust dates.

The upcoming Chrome distrust situation is entirely separate. We are working closely to help customers with certificates affected by the browser distrust, and we are offering free replacement certificates through their existing customer portals. That process is well underway.”

A common problem I see in object-oriented design is:

• A wizard is a kind of player.
• A warrior is a kind of player.
• A staff is a kind of weapon.
• A sword is a kind of weapon.
• A player has a weapon.

But before we get into the details, I just want to point out that I am not really talking about anything specific to the fantasy RPG genre here. Everything in this series applies equally well to Papers and Paychecks, but wizards and warriors are more fun to write about, so there you go.

OK, great, we have five bullet points so let’s write some classes without thinking about it! What could possibly go wrong?

abstract class Weapon { }
sealed class Staff : Weapon { }
sealed class Sword : Weapon { }
abstract class Player 
{ 
  public Weapon Weapon { get; set; }
}
sealed class Wizard : Player { }
sealed class Warrior : Player { }

Designing good class hierarchies is all about capturing the semantics of the business domain in the type system, right? And we’ve done a great job here. If there is behavior common to all players, that goes in the abstract base class. If there is behavior unique to wizards or warriors, that can go in the derived classes. Clearly we’re on track for success here.

Right until we add…

• A warrior can only use a sword.
• A wizard can only use a staff.

What an unexpected development!

(As I have often pointed out, foreshadowing is the sign of a quality blog.)

Now what do we do? Readers familiar with type theory will know that the highfalutin name for the problem is that we’re in violation of the Liskov Substitution Principle. But we don’t need to understand the underlying type theory to see what’s going horribly wrong. All we have to do is try to modify the code to support these new criteria.

Attempt #1

abstract class Player 
{ 
  public abstract Weapon Weapon { get; set; }
}
sealed class Wizard : Player
{
  public override Staff Weapon { get; set; }
}

Nope, that’s illegal in C#. An overriding member must match the signature (and return type) of the overridden member.

Attempt #2

abstract class Player 
{ 
  public abstract Weapon { get; set; }
}
sealed class Wizard : Player
{
  private Staff weapon;
  public override Weapon Weapon 
  {
     get { return weapon; }
     set { weapon = (Staff) value; }
  } 
}

Now we’ve turned violations of the rule into runtime exceptions. This is incredibly error-prone; a caller could easily have a Wizard in hand and assign a Sword to Weapon. The whole point of capturing this thing in the type system is that the violation gets discovered at compile time.

Next time on FAIC: what other techniques do we have to try to represent this rule in the type system?

Shutterstock / wavebreakmedia

Pepijn was nooit echt geïnteresseerd in de Olympische Spelen, omdat hij niet nationalistisch is ingesteld. Maar sinds hij zichzelf kosmopoliet noemt, geniet hij er enorm van om steeds maar weer zijn planeetgenoten te zien winnen.

“Na het EK Voetbal, de Commonwealth Games en het Aziatisch kampioenschap judo is dit opnieuw een geweldige editie. Het kan bijna niet beter, als je kijkt hoeveel medailles we al binnen hebben gesleept”, vertelt Pepijn apetrots. “Dat is toch maar even mooi mijn wereld. Wat zo’n piepklein kikkerbolletje wel niet voor elkaar kan krijgen he!”