Labels. Labels? You broke Labels in the Storyboard editor? How is that even possible?

Copy a paragraph of text and created a label. Paste it in. You get a single line label some 2000 pixels long. Why, I don't know: how that could possibly ever be useful? So I change the number of lines setting to a few. Nothing happens. So I go to the size panel and change it to something that fits in the view. Then I drag the bottom handle to make it taller. Oops I need another line, it doesn't fit. Click the number of lines setting again.

[Insert random swear words here] My single line of 2000 pixels has returned, neatly centered in my tall label. Go back to the size and change it again. Discover you have too many lines now. Do it all over again. [Insert cryptographically secure random swear words here]

Jeez louise, 100 Billion dollars in cash and they can't afford a QA person? Or maybe the intern goes home and they scarf up whatever code they left on their Mac and ship it to 750,000 developers?

Sure, Apple is a big company and developer tools are a cost center, but be real, there are no alternatives to Xcode so yes it's a big deal to all the developers out there who create content that makes people want to buy their profitable devices.

Maybe Apple should charge for Xcode; maybe then it will get real attention and be treated like its important.

Of course I could file a Radar report and attach a project. Then get an email saying could you please create a project and attach it so we can verify? Then create another project and attach that, then get another email saying, we couldn't find the attachment so you could attach it again? Perhaps they could send me an airline ticket and I could demonstrate it in person. But then again they might lose me and I'd hate that lost feeling.

I guess I will have to put up with Xcode's newest adventure, but I must label (yes a pun) this one as not quite all there. Maybe Mr. Cook could find a few coins in his couch to spare on the Developer Tools team. I'm sure they could find something useful to do with it. Tools have never gotten the support at Apple that product groups have had over the years but given how much money is being made I would hope they could invest a little more and deliver tools that kick ass as much as the products do.

Travelocity For iPad

Fun to finally have worked on something people might actually recognize and see it show up in a real top 10 list on the App Store. All my personal work is of course buried in the twilight zone.

The Gnome will be promoting the app all over the place starting soon which is also quite cool; the last thing non-web app I worked on that got any promotion was Deltagraph in the early nineties.

Lots of new stuff to do in the near future on the app.

This either pisses me off or makes me laugh, not sure which. People pay other people to auto download their apps to increase their rankings so that other people will see those apps and download them. Make's my head spin.

I have to admit it's not exactly unexpected, though I didn't know this was that prevalent. You'd think Apple would notice all the apps being downloaded from the same IP addresses. I imagine they noticed but didn't really care since the apps were free and in the end the added real sales might have added a bit of profit, and maybe the excitement of these "popular" apps added some device sales.

The real victims of course are all the little developers who never had a chance to compete. My recent app Codewords 2 HD has had 2100 downloads and $54 in in app purchases, all from no advertising and mostly from searches (Codeword puzzles are popular in the UK). I guess if I ponied up $15,000 or whatever the bot herders charge I could be famous and be in a commercial or something.

I doubt it would be worth it for this type of narrow interest application. But it does make me wonder that I would ever have the chance to get a hit, assuming the app was broadly appealing, since there is no way I'd ever do this. I can see the appeal though if you are a big publisher and have pressure to have hit after hit and can afford to drop a few big bills.

I think Apple ignoring the obvious fake downloads pisses me off more than the people who actually took advantage. A five minute script and a little database table and voila, lots of banned developers. Of course given that they are likely the bigger players that can afford (and feel compelled to take advantage) this it wouldn't help the App Store much so ignoring it is good business. Yet it feels hollow to think that only the rich publishers can game the market and get the coveted top 10 rankings.

Sure, lots of people probably don't do this, but now that people are talking, you start to think everyone is in on it but you, and that makes us little developers feel even smaller. When I worked for the game company there was a commercial company that provided a product to cheat in the game which everyone knew about, even though the actual numbers of cheaters were small, the perception was that everyone was cheating but you and every time you died in the game it was because of cheating. This then made people quit the game due to the cheating which was actual fairly minimal (and given my clever anti-cheat about to vanish entirely). A self fulfilling fear.

I always wished Apple would create a top ten of the day which was randomly chosen from apps with small but consistent downloads, as a way to help out the little developers so everyone gets a taste of big downloads but I can see it doesn't really do much for Apple so it's not likely.

Bots for bucks. What is the world coming to.

I want to try using MongoDB for this blog at some point which required a little upgrading.

Fortunately they did keep the credit card numbers separate from the user accounts and according to them only kept hashed passwords in that database. But losing personally identifiable data still can cause customer pain, and hashed passwords unless done really well can still lead to recovering enough passwords to create trouble. So far there is no discussion of how the exploit happened, or for how long it was active. We may never find out, as the details are usually not something a company wants to discuss.

At least they seem to have owned up to it, which itself is disaster PR 101, although the exact sequence of events probably won't ever be known. But why does this continue to happen?

I've worked for enough companies with sensitive customer information to know that most of them simply don't know, care or allow themselves to worry about what might happen. The problem is generally that customer security is invisible for the most part; it isn't something you can show people, there is no real way to prove it and most customers wouldn't understand the details even if you thought it was a good idea to lay it all out. It only becomes important when it fails. Like a Star Wars missile defense system you can continue to imagine it's working until you see hundreds of missiles in the air.

In most places I've worked people talk about it sometimes but it's rarely as important as a new feature, a prettier UI or some great marketing blitz. Security is what you do to pass some quicky audit. In one financial service company security was worrying about people downloading porn and viruses, even while credit card information remained unencrypted while everyone debated the hardware cost. My healthcare experience featured locked down hardware (no USB devices allowed anywhere) yet the passwords for the production databases and servers was stored in a text file available to half the company. But they passed some kind of audit so everything was cool.

Security is usually not a C-level position. In fact I would imagine a really qualified security executive (let's say someone Bruce Schneier would respect) would probably piss off everyone in the company and find themselves looking for work rather soon. Real security is hard, it's complicated, and it costs money -- and it only gets negative respect. Like a good football lineman your work is best when no one calls your name. If hack attempts and data breaches don't succeed your security team remains invisible. If they do succeed you get fired. What a job...

I do think that following what I know of the NSA isn't done enough, when they build a new system they always have an independent team work that does nothing but try to defeat or break it. If you have sensitive customer information you need to have a team that without inside knowledge tries to hack you. Of course you have to be very careful so it doesn't become a real hack which I am sure scares people off. But you really don't know how secure you are in any area unless you do real world tests, otherwise you are imagining your very own Stars Wars defense system.

Of course you need to consider the most likely vectors, carefully partition data, use as much encryption as is practical, and create enough layers of protection and monitoring to at least confuse or slow down an attacker. The more sensitive information you have the more you need to invest in real security design just like you do everything else. It's not something to add on at the end or worry about it later when something goes wrong.

One of my favorite security quotes came at the healthcare company when I reported that the production passwords were available to virtually everyone in the company to the CIO he said "Oh we trust our employees".

Something to remember before you write 24 million depressing emails to your customers: security is not about the 99 things you did but the one thing you didn't.