Author Archives: Joon


It’s hard to believe how much things have changed since I took the position at where I work. I haven’t been actively screencasting, something I enjoyed knowing others find them useful or entertaining. My promise made to myself to actively learn someting new also haulted. Working 16 hours a day took its toll on me and especially my family.

That all stops starting next week.

I’m going back to consulting and will only take on a position where I can balance both work and life. That does not mean I’ll stop pouring my heart into the work – I’m simply not built that way. But work little smarter and better rather than working unproductively without rest. That means that I won’t cater to constant panic of others that are not really something to panic about.

I will be taking a short rest to recharge my battery and will actively make contents and contribute to the communities that helped me so much, so please keep you eyes on this blog.

If you need a polyglot, please don’t hesitate to ping me at joon at this domain.

Resources for Learning To Write Unit Tests in iOS and Cocoa

I used to joke that writing unit tests for iOS development is not necessary since there’s a compiler and laugh real hard. What I realized was that some people thought that it wasn’t a joke. Even worse, when I asked about unit tests during interviews, some candidates didn’t know how to write tests.

The root cause of this, as I see it, is that writing tests aren’t really covered at Apple’s developer documentations. And with all the new boot camps and training courses turning out iOS developers not covering testing at all, testing issue escalates to yet another level.

Here are a list of my recommendations to get started. I will create screencasts on iOS development in the future since I have more time and will ALWAYS show tests along with anything I do. Hope this helps and ping me with any questions, I’ll do my best to help.


Great screencasts by Jon Reid with real world examples
UIViewController TDD
iOS Model-View-Controller TDD
Objective-C TDD Example has a course based on Xcode 4, but just about all the stuff still applies.

Test-Driven iOS Development (Developer’s Library)
Test Driven Development: By Example

Since you’re already here, please check again for contents as I create them regularly (hopefully) ;)
Quality Coding for iOS Developers – Jon Reid – start with Introduction to Test Driven iOS Development

Creating Self-Contained Google Chrome App

Sick of opening different Google Chrome windows for work and private accounts? I use following script to create a separate standalone Chrome app for that. Take a look at the code and give it a spin. This is for Mac ONLY!!!


echo "What should the Application be called (no spaces allowed e.g. GCal)?"
read inputline

echo "What is the url (e.g."
read inputline

echo "What is the full path to the icon (e.g. /Users/username/Desktop/icon.png)?"
read inputline

chromePath="/Applications/Google Chrome"

# various paths used when creating the app

# make the directories
mkdir -p "$resourcePath" "$execPath" "$profilePath"

# convert the icon and copy into Resources
if [ -f "$icon" ] ; then
sips -s format tiff "$icon" --out "$resourcePath/icon.tiff" --resampleHeightWidth 128 128 >& /dev/null
tiff2icns -noLarge "$resourcePath/icon.tiff" >& /dev/null

# create the executable
cat >"$execPath/$name" < "$plistPath" <


RSpec 3.1 is here

RSpec 3.1 has been released with some interesting changes. Take a look at the changes here.

It has a ton of good stuff including easy exclude pattern, compound block matcher (this will have the most affects on current specs for me), and etc…

Where Are You From?

Personally, it’s extremely difficult to find humor in this video when you have to deal with daily. Same goes for my friends and family. This may be the reason why it’s hard for me to think of myself as an American although it’s my nationality and home.

Another annoyance is when someone asks me how’s wherever a place in Korea is. I grew up in NJ – that should be enough punishment.

Google I/O 2014

One conference I really enjoy each year is Google I/O. This year, it was really intense geeking out for two days.

Although big sessions are available on YouTube, the primary reason for me to attend is meeting the engineers to get technical insights. That’s the value of attending the conference physically. This year, they had “Box Talks” that were intimate and really get ton of information. Below is a photo of a screen I captured as a note in Go testing Box Talk.


The only complain I really have is that Box Talks had really tight space and was getting really hot at some points. In this aspect, WWDC is better.

I really enjoy attending developer conferences, but with Apple and Google, there are too many non-developers due to product announcements that affects Wall Street.

Rails Security Alert – 2014-05-06

Wildcard routes.

There is a vulnerability in the ‘implicit render’ functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130.

Versions Affected: All Supported
Not affected: None
Fixed Versions: 4.1.1, 4.0.5, 3.2.18

The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.

In order to be vulnerable an application must specifically use globbing routes[1] in combination with the :action parameter. The purpose of the route globbing feature is to allow parameters to contain characters which would otherwise be regarded as separators, for example ‘/’ and ‘.’. As these characters have semantic meaning within template filenames, it is highly unlikely that applications are deliberately combining these functions.

To determine if you are vulnerable, search your application’s routes files for ‘*action’ and if you find any, use one of the work arounds below.

The 4.1.1, 4.0.5 and 3.2.18 releases are available at the normal locations.

The simplest workaround is to simply not use globbing matches for the :action parameter. As action methods cannot contain a ‘/’ character, the simple matching should be sufficient. So replace

get ‘my_url/*action’, controller: ‘asdf’


get ‘my_url/:action’, controller: ‘asdf’

If your application depends on this functionality, you will need to rename the route parameter and add an explicit action:

get ‘my_url/*template_path’, controller: ‘asdf’, action: ‘display’

Then add an action which renders explicitly:

def display
if !params[:template_path].index(‘.’)
render file: params[:template_path]

Note: The path check in this example may not be suitable for your application, take care

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 4-1-directory_traversal.patch – Patch for 4.1 series
* 4-0-directory_traversal.patch – Patch for 4.0 series
* 3-2-directory_traversal.patch – Patch for 3.2 series

Please note that only the 4.1.x, 4.0.x and 3.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Thanks to Ville Lautanala of Flowdock for reporting the vulnerability to us, and working with us on a fix.


Daily Vitamin #15 – iOS Web Server, Ubuntu 14.04LTS

Lightweight GCD based HTTP server for OS X & iOS (includes web based uploader & WebDAV server)

GCDWebServer was originally written for the ComicFlow comic reader app for iPad. It allow users to connect to their iPad with their web browser over WiFi and then upload, download and organize comic files inside the app.


Ubuntu 14.04LTS – New LTS, desktop looks lot more like Mac OS X, which means it’s friendlier to use.