Recently, I attended my first dedicated security conference – LASCON 2017.  I have been passionate about security for a number of years, but never had the time (or rather never made the time) to attend any related conferences.

The conference was held at the Norris Conference Center in Austin which is a nice venue with plenty of room for a conference of this size.

The short version is that I would highly recommend attending one of these conferences.  There are many local security conferences, the most common you will find are the BSides conferences that occur all over the world and are locally organized.  These conferences are not just for those who work primarily with a focus on InfoSec.  There is a lot of information that is applicable to software developers as well.

DevOps is a popular topic now days so it isn’t a surprise that there were many sessions related to this. I attended a session that discussed injected security reviews into the DevOps process.  I thought there were many good ideas and the Q&A was relevant to both admins and developers.  Some in the room were clearly managers of developers looking to inject security into there own workflows for development.

Another development related presentation that I attended had to do with dynamic versus static code analysis and how each can help uncover vulnerabilities in application code.

Other sessions that I attended discussed topics such as securing a Raspberry Pi home monitoring solution, social engineering with Facebook, and few sessions on Information Security Risk Assessment which is something that I have participated in on several occasions with clients.

The second day of the conference I decided to participate in the badge challenge.  This is sort of simple version of a CTF (capture the flag) challenge that is popular at InfoSec conferences. The challenge involved decoded a message on the back of the conference badges that led to the challenge of adding your name to a list on a web page.  I managed to finish with less than two hours to go until the end of the conference and was awarded with a nice LASCON 2017 challenge coin. I would definitely participate in another such challenge when I get the chance to do so.

Workaround for iCloud Calendar Spam

Techcrunch has an article about the amount of spam has been appearing on the iCloud calendars of unsuspecting users lately.

Apple seems to have no idea that users might not want events from email that resides in the Junk or Spam folders to appear in their calendar.  They also seem to believe that a user would never want to delete these events without sending a decline message to the originator.

However, there is an inconvenient but workable solution – 

1. Create a new calendar. The name doesn’t matter because it won’t last long.

2. Move the spam events to the new calendar.

3. Delete the newly created calendar.  iCal will give you the option to delete without sending the decline notifications.


There is a local Houston security conference that occurs every year or so called HOU.SEC.CON.  The next HOU.SEC.CON will be March 23, 2017.  

I have been wanting to make it for a few years but it seems like I always have a conflict.  This year, however, I will be able to make it and I am looking forward to it.

If you are interested in infosec and will be in the area, you should check it out.

Houston Techfest coming this weekend

This coming Saturday, September 28, will be the Houston Techfest.  This is annual conference that is free to attend and seems to grow larger and better each year.

The conference will be at Reliant Center and has many great talks on the schedule. I did not have the time this year to submit a talk but I will be sitting on the Business of Software discussion panel during lunch.

I have never been disappointed with the selection of talks at Techfest so you should come out if you are in the Houston area and have some free time this Saturday.

Presentation Slides and Code from October iPhone Dev Meetup

As promised, here are the slides and code that I used in last night’s presentation on Core Data.

Thanks to everyone who attended my talk. I thought the Q&A and conversation made the presentation much better than just me standing and talking to the room (although it also made the presentation go longer than I had planned).

Anyone in the Houston area doing iOS work that is not taking advantage of this great meetup is missing out.

Slides and Code

Check over your model when mogenerator isn’t working

This is not a very lengthly post but it might help someone out. I like to use mogenerator and Xmo’d to generate my core data model classes rather than using the standard code generator included in xcode.

Usually everything works beautifully with my classes generating as expected when I save my data model. However, I have run into two cases where the old classes are removed but the new classes are never generated. When this happens, looking at the crash in won’t be of much help because the location of the crash in the mogenerator source simply states that the model failed to load with no reason given.

Both of the causes were errors on my part. The first being I added an attribute to an entity but did not assign a type to it. The second being I apparently added an entity that had some sort of name collision. The entity in question was named “List” and when I renamed it to “DSList”, the model classes generated without an issue.

Hopefully this will save someone time and give them an idea of what to look for.

Creating a Versioned Core Data Model Under Subversion

Recently, I tried to create a versioned data model for an application I had created earlier this year and had some issues with Subversion not being able to commit the changes.

When xcode creates a new versioned data model, the existing data model essentially gets moved into a .zip file format consisting of the current version (named the same as the un-versioned model) and any older versions that might be there named with sequential numbers appended to the name (only 1 in the beginning).

The problem with svn occurs because apparently the svn integration in xcode 3.2.x doesn’t perform a move into the .zip. Therefore, when you try to commit the code, svn will complain that the new data model within the .zip has the same name as an already existing file.

The workaround I implemented is to go to finder and duplicate the model before versioning it. Then switch back to xcode and create the versioned data model. Afterwards, rename the duplicated file back to the original data model file name. If you look at the file system in finder, you should see both the newly created version data model and the old data model.

Now expand the versioned data model and delete the file of the same the name as the original data model inside. Afterwards perform an svn move of the un-versioned data model to inside the versioned data model. Now you can commit the changes without an issue and everything will work fine.

Hopefully xcode 4 will fix this because it caused me a little pain before I figured out how to workaround the issue.

Speaking at Houston iPhone Developer Meetup Oct 26

I will be speaking at the next Houston iPhone Developer Meetup. I will be using almost the same slides as I did for the Core Data presentation at the Houston Techfest this past Saturday but I will have a little more time to present and the Q&A that goes on during the presentations is often the best part.

If you are in Houston, this is a great way to meet other iOS developers. We are fortunate in Houston, there are usually several individuals in attendance who have presented talks at national and regional conferences.

Presentation Slides from Houston Techfest 2010

As promised, here are the presentation slides (keynote) and the code from the presentation I gave today at the Houston Techfest. Thanks to everyone who attended my talk.

Alt.Net Houston Open Spaces 2010

Ben Scheirman is organizing a conference for the Alt.Net community in Houston and I have heard great things about it in the past so I am planning to attend this year.

The conference is organized in the Open Spaces format. For those who have not attended a conference like this before, the idea is simple. None of the sessions (or very few) are officially scheduled in advance. Generally the first day, in this case Friday evening, the group gets together and plans the schedule based on ideas generated from the group and those who volunteer to speak/lead a session. The sessions are generally very good and highly interactive.

The cost is $20 but that includes pre-conference sessions on Friday April 30, a full day of sessions on Saturday, and a few sessions on Sunday with breakfast and coffee included. Check out the conference website to register and hopefully I will see you there.

Next Page »