033 iPhreaks Show – AFNetworking with Kevin Harwood
Panel Kevin Harwood (twitter github blog) Jaim Zuber (twitter Sharp Five Software) Ben Scheirman (twitter github blog NSSreencast) Andrew Madsen (twitter github blog) Pete Hodgson (twitter github blog) Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up) Discussion 02:44 - Does iOS7’s NSURLSession obviate the need for AFNetworking? 03:20 - SSL Pinning Charles Multiple Certificates 08:09 - Reachability 10:24 - Is AFNetworking 2.0 based of NSURLConnection? AFHTTPRequestOperationManager AFHTTPSessionManager 11:52 - Serialization 12:18 - Session Manager NSURLSessionTask NSURLSessionDataTask 15:59 - Using AFNetworking Upgrading 18:11 - AFNetworking and iOS7 20:46 - Prefetching 22:00 - Contributors 22:37 - The three20 Library Category Methods BlocksKit 30:53 - Managing a Large iOS Open-Source Library Mattt Thompson @mattt Mutual Mobile 34:00 - Submitting a Feature to Mattt Picks Macintosh Software Business (Yahoo Group) (Andrew) Low -- Christmas (Jaim) Awful Recruiters (Ben) backup (Ben) Three Africans Coffee (Ben) The Mute Button in Gmail (Pete) P2 Magazine (Pete) Chasin’ Freshies: a fresh hop IPA from Deschutes (Pete) The Hobbit: The Desolation of Smaug (Chuck) AFHARchiver (Kevin) Bamboo (Kevin) Next Week Streaming with Chris Adamson Transcript PETE: I actually don’t [unintelligible] that much. BEN: But you are British. You have to. PETE: Yeah. I'm a traitor to my nation. I also don’t watch football that much. And that’s why I use ‘football’, not ‘soccer’. CHUCK: Hey everybody and welcome to episode 33 of the iPhreaks Show. This week on our panel, we have Jaim Zuber. JAIM: Hello from Minneapolis. CHUCK: Ben Scheirman. Andrew Madsen. ANDREW: Hi from Salt Lake City. CHUCK: Pete Hodgson. PETE: Hello from my pajamas. CHUCK: I'm Charles Max Wood from devchat.tv, with a real quick announcement: if you are interested in learning Ruby on Rails, my Rails Ramp Up course; if you buy it at the beginning of the year… actually, I´ll give you a few days. If you buy it by January 4th, you can get 30% off. You can get that on railsrampup.com We also have a special guess, and that’s Kevin Harwood. KEVIN: Hey guys, from Austin, Texas. CHUCK: Is it snowing in Austin? KEVIN: It’s actually 79 degrees right now. I think the high, it gets up 75 today. So it’s a nice day here in Austin. ANDREW: That sounds nice. JAIM: Not bad. So you are an Auburn guy? KEVIN: I am. It was a pretty good weekend. Me and Tim Cook had a lot to cheer for on Saturday. JAIM: I can sense the glow all the way through the internet. KEVIN: I haven’t stopped grinning since Saturday evening. CHUCK: [Laughs] JAIM: Yeah, that Auburn virus really infected my timeline. Really, the only person on my timeline that was tweeting anything other than football was John Siracusa and he was talking about TVs or something. PETE: I totally tune out whenever time it is that people tweet about this. I think it’s like Sundays or Mondays or something. I get quite annoyed with Twitter and I just stopped using because I don’t know, they are talking about touchdowns and basket hoops or something. I don’t know. It’s all very confusing to me. KEVIN: I'm actually hoping Twitter releases some statistic like they do, like a super bowl halftime show or something and see if we can see an impact from that game and see the usage spike on Twitter. PETE: Someone should do some sentiment analysis on Twitter, where they like to find out… that would be really cool actually to map like… JAIM: Didn’t Apple buy a company that does that? PETE: Really? JAIM: Yeah, for like 200 million. What was it called, Topsy? Isn’t that what they did? KEVIN: Yeah, I think so. PETE: You are telling me I just came up a 200 million dollar idea? [Laughter] I'm not going to tell you guys my other ideas.
PETE: I actually don’t [unintelligible] that much. BEN : But you are British. You have to. PETE: Yeah. I'm a traitor to my nation. I also don’t watch football that much. And that’s why I use ‘football’, not ‘soccer’. CHUCK: Hey everybody and welcome to episode 33 of the iPhreaks Show. This week on our panel, we have Jaim Zuber. JAIM: Hello from Minneapolis. CHUCK: Ben Scheirman. Andrew Madsen. ANDREW: Hi from Salt Lake City. CHUCK: Pete Hodgson. PETE: Hello from my pajamas. CHUCK: I'm Charles Max Wood from devchat.tv, with a real quick announcement: if you are interested in learning Ruby on Rails, my Rails Ramp Up course; if you buy it at the beginning of the year… actually, I´ll give you a few days. If you buy it by January 4th, you can get 30% off. You can get that on railsrampup.com We also have a special guess, and that’s Kevin Harwood. KEVIN: Hey guys, from Austin, Texas. CHUCK: Is it snowing in Austin? KEVIN: It’s actually 79 degrees right now. I think the high, it gets up 75 today. So it’s a nice day here in Austin. ANDREW: That sounds nice. JAIM: Not bad. So you are an Auburn guy? KEVIN: I am. It was a pretty good weekend. Me and Tim Cook had a lot to cheer for on Saturday. JAIM: I can sense the glow all the way through the internet. KEVIN : I haven’t stopped grinning since Saturday evening. CHUCK : [Laughs] JAIM : Yeah, that Auburn virus really infected my timeline. Really, the only person on my timeline that was tweeting anything other than football was John Siracusa and he was talking about TVs or something. PETE: I totally tune out whenever time it is that people tweet about this. I think it’s like Sundays or Mondays or something. I get quite annoyed with Twitter and I just stopped using because I don’t know, they are talking about touchdowns and basket hoops or something. I don’t know. It’s all very confusing to me. KEVIN: I'm actually hoping Twitter releases some statistic like they do, like a super bowl halftime show or something and see if we can see an impact from that game and see the usage spike on Twitter. PETE: Someone should do some sentiment analysis on Twitter, where they like to find out… that would be really cool actually to map like… JAIM: Didn’t Apple buy a company that does that? PETE: Really? JAIM: Yeah, for like 200 million. What was it called, Topsy? Isn’t that what they did? KEVIN: Yeah, I think so. PETE: You are telling me I just came up a 200 million dollar idea? [Laughter] I'm not going to tell you guys my other ideas. JAIM: [Chuckles] I've heard your other ideas. It’s like… its Twitter sentiment analysis for dogs. PETE: That’s right. [Laughs] Get out of my brain! JAIM: [Laughs] Okay so question of the day, does iOS7’s NSURLSession obviate the need for AFNetworking? Go. KEVIN: That's a great question. I guess we'll just get started. I don’t think so. I think there's some features in AFNetworking too that NSURLSession doesn’t take into account for. Specifically, think about like the AFSecurity policy features with SSL pinning. And also from the developer perspective, a lot of times you are going to target servers that potentially valid SSL certificate. So being able to quickly turn that on or off is a pretty valuable feature. JAIM: I don’t think enough people know what SSL pinning is and why you should care. Can you elaborate on that? KEVIN: Yeah, that’s a good question. It’s actually something that I think is really important for mobile developers to understand. And it’s something that we can all do help increase the security our communications within our application. A lot of people think that when they are communicating with SSL, that they are out of danger. In reality, it’s still relatively easy to introduce a man in the middle attack, even over an SSL connection. And one way to help ovisgate that is to use the technique which is SSL pinning; and that is within your application, you’re actually inspecting the certificate of the server, and verifying that it is in fact your expected certificate that you issued for your specific server. A And there's two different ways to pin on that: you could actually pin against the certificate itself and when that certificate expires, your connection will no longer be valid. And there's a little bit softer way of doing it, and that’s just pinning against the public key of the certificate itself, which is valid across multiple renewals of that specific certificate. So from a mobile perspective, that specific option makes a lot of sense. And with AFNetworking too, all you have to do is include the public certificate of your server and then set that policy on your manager class, and AFNetworking will automatically enforce SSL pinning for all of your connections through that manager, to your backend. PETE: I've never heard of this before. So you don’t just say, “Connect to this server over SSL,” but you say, “Connect to the server over SSL, and I expect it to have this specific public key,” It’s almost using the chain of trust reversed certificate authority, but you are actually saying, “I expect this to only be this public key.” KEVIN: That’s right. Yeah, because with tools like Charles and another HTTP debugging tools, you can actually set up a proxy and still inspect that traffic going back and forth over regular SSL connections. But once you enforce pinning, that will remove that ability from being able to inject yourself in the middle, and connections will no longer be valid and data won't be going back and forth at that point. BEN: To answer your question Pete, the issue of trust is kind of out the window, because it’s like the networking stack, it will still honor the trusted certificate chain. So, if you just have an untrusted certificate, it will fail. But you can't guarantee that the person holding the device didn’t just alter their certificate that they trust. Which is the case for the man in the middle attack, you would use Charles has a certificate you can install and trust. And then iPhone will gladly say, “Yup, that's a valid certificate. I trust it.” But since you don’t know that end of the conversation, you can't trust any of it, so trust sort of break down there. KEVIN: Yeah, we've actually been doing a lot of work here at Mutual Mobile with some financial institutions and this is without a doubt, a required medium that we enforce in all of our network communication -- especially sensitive data like that. PETE: So how does that work? Is there a way to kind of upgrade… oh no, I'm thinking you may change that at any point. And that would be a breaking change for all the installed applications, right? KEVIN: Yeah, that's right. So if you are pinning against… a certificate itself, at some point that certificate is going to expire. And so from an iOS application, for something that’s deployed to a device, it doesn’t make a lot of sense to use that method because the day will come when that certificate will expire. With AFNetworking 2.0, it is actually now easier to provide certificates at runtime. So it is possible to potentially have the app actually request the certificate at some point in the future, if you needed to make that change. There would be a way for you to code for that scenario and handle it if that was a requirement you want it to be able to use… JAIM: That’s a really cool idea. PETE: [unintelligible] but then your opening is held up to the risk if someone sneaks in… KEVIN: That’s right. That’s exactly right. BEN: Yeah, but if you do one on one side, and then you just change your own and have a different certificate, I think it can make a switch over live and handle that for a while. But you would have to guarantee that at some point, the rest of your clients upgraded the latest version of your app, so that you can eventually drop the old certificate KEVIN: Yeah, that’s right. PETE: Can you have multiple certificates that you pin to, so that you can kind of make the change gradually every time and you kind of wait for everyone to get up to speed with the new certificate and then deprecate the old one? KEVIN: Definitely. So the AF Security Policy Class in AF 2.0 allows you to take in an array of certificates to pin against, so you can do as many as you like for each specific manager class. PETE : Neat. JAIM: Okay, so that was a long sort of an inside bar on SSL pinning, you had a list of things I think you were going through. KEVIN: Yeah. So reachability, there's a lot of different classes out there that try to implement reachability. And when they have 2.0, that’s actually been broken out into a sub module that makes it super easy to use reachability. The fun thing about reachability that a lot of people don’t quite understand is that reachability doesn’t guarantee you can reach a server; it guarantees that you can't. So you can't make the assumption that if something is reachable, it will get there. You can't do that. So you can't just assume that if it is reachable, I don’t need to worry about error conditions or network links going down or things like that. It simply guarantees that it has determined it cannot get to the server. So you can use it as kind of a preemptive strike from a UI perspective, to let the user know something is not going to make it out. You still need to be able to handle an asynchronous call that may take a little bit of time, and eventually fail -- from a reachability standpoint. I think it also makes it pretty easy to migrate as you support iOS6 to iOS7 with AFNetworking 2.0. The new manager class is, if you are not familiar with AF 2 architecture, there's a manager class that’s similar to the AF 1, AFHTTP Client that uses that uses the NSURLConnection API. And then there's a new manager client that uses the NSURLSession API. And those interfaces are very, very similar. So from a coding perspective, if you do it right, you can actually kind of support iOS6 and iOS7 for now. Eventually when you drop iOS6 support, you are not going to have a huge burden and migrating that code over to iOS7 only -- which I think is a big win. And the other thing to point out is that although NSURLSession is now available in iOS7, NSURLConnection has not officially been deprecated yet. Obviously the writings on the wall, where they are going from networking API perspective, but it’s still a fully-supported class or set of classes within the API. And the AFNetworking code that’s built around NSURLConnection is obviously pretty mature at this point and still a very solid option for just some basic rest APIs that you need to interface with. JAIM: So is AFNetworking 2.0 still based off NSURLConnection? KEVIN: So there are parts of the API that are, and it’s actually split between NSURLSession and NSURLConnection… I'm going to say ‘URL’ a lot today by the way. We have the AFHTTPRequestOperationManager which is the manager for NSURLConnection-based APIs. And that’s still leverages a similar pattern to AFNetworking.1 which have your AFHTTP request operation, as kind of your base class for creating a network request. And though we have AFHTTPSessionManager, which is the class that’s now based on the URL Session APIs. And like I said, both of those manager classes actually share a pretty similar interface, so it makes it pretty easy to try to switch between the two as you determine what OS version you need to support. JAIM: Yeah, I particularly like the design of the serializers extracting that away so that you can have one… The operation itself in the old way of doing things, you would have like a JSON request operation or an XML request operation; now you just have the built in classes, NSURLSessionDataTask and what gives that data task to you is your manager, and your manager has a request and as a response serialize so, it’s just kind of easy to swap those in and out. The design is just way much improved with that. Way much? I don’t know. [Chuckles] KEVIN: Yeah, in AFNetworking 1.0, serialization was spread across all the different request operation classes. You have your json operation like you said. And it was kind for all over written and hidden within the set completion block with success failure method on each of those individual subclasses. And now in 2.0, the serialization has been compartmentalized into a module that’s way more testable, and just way more elegant to use for a serialization stand point. JAIM: So one thing that sort of trips me up a little bit is you have… I'm trying to find out a block of code I could sort of skim, but you have a session manager and you tell the session manager to do get… and this is an HTTP session manager right? Do a get to some URL and you get two callbacks; you get the success callback, and a completion callback. And the arguments to those methods are the URL request itself, and the response object. So if you are using serializer, we already parsed JSON content, correct? KEVIN: Yeah, that’s right. JAIM: So very often, I have to check the status code of a response to see what happen or whatever and so I'm having to cast a URL response object to an HTTP URL response. And I feel like that should be the responsibility of an HTTP session manager. KEVIN: Yeah, didn’t you actually create an issue on GitHub about this? I think I remember reading… JAIM: Actually, the one you are referring to is in the failure case. I need to okay, yeah… I misspoke a little bit. So when you do a request, your success callback gives you the task itself. And from the task, you can get the request and the response. And the response, you have to cast that to in an NSHTTP URL response in order to get a status code from it. The pull request that I said, that I mentioned was that there was no way to get the body of the response. KEVIN: Yes, that’s right. JAIM: And a failure case. So like if my API does this, I return a 400 with some errors of why it was a bad request or maybe 422, with some validation errors. Right now, it’s kind of a roundabout way that you can get the response for an error case, without just sort of by passing the handy get put post delete methods that HTTP Session Manager gives you. KEVIN: I think that is a tricky corner case that probably needs a little bit more attention. And I know that… I think the NSURLSession task, the only way you can actually get the data is from the callback block. There’s no property for it and that’s one thing I don’t like too much about NSURLSession task, I feel like that API still needs a little bit of work from an ease of use standpoint. I know I sat down with some of the Apple engineers at WWDC, and kind of gave them kind of real world use case feedback like that. They hadn’t quite considered, and I was hoping they would get more changes to the API than they did between the first release, and obviously when it ship as a GM, but that is one of those corner cases that I think we're going to have to come up with a little bit better solution for going forward, to make that easier than the API. So the roundabout way that I mentioned that you can get the response, if you still want to use this method of get put post and release set, that response was kind of like, “Well, we don’t need to jump through hoops and whatever to make use these methods.” Like if they don’t fit your scenario, then you can use NSURL session data test for yourself and use data task with path, params or whatever. Instead of just saying get put post… However, if you do wanna use those, the error has user info dictionary which has a whole bunch of information in there. And as a true programmer, I tend to ignore errors. [Laughs] If you just dive into this error info user dictionary, there's a whole bunch of stuff in there including the response. So if you need to get access to it, you can. It’s just not obvious. BEN: Makes sense. So I'm curious, who on the show is using AFNetworking right now? JAIM: I mean, I've gone through the 2.0 stuff and I've done a bunch of demos and stuff, but we have still some apps that are supporting iOS6. And so all of those are still on the 1.x branch of AFNetworking. So all the new stuff, as long as we get our first iOS7 app where we use AF… BEN: So you haven’t thought about trying to migrate to the iOS6 version of the AF…? JAIM: What's the value? I mean it works really well right now. And we haven’t touched that code in months. So I mean, I'm kind of reluctant to just be upgrade happy. I did do this on a one side of mine and it was really painful. [Chuckles] And somewhat unnecessary, but then, I decided I was just going to ditch iOS 6 support because I've waited so long to release this thing that I don’t need to support iOS6 anyway. So I'm going to start over and start with the new 2.0 stuff. I do like it, however I do think that the sort of stock way isn’t quite as painful as it used to be -- which is good. BEN: That is definitely a true statement. PETE: I'm kind of in the same boat where I've got old 1.0 or 1.x stuff. And I'm kind of tempted to upgrade it actually just because it is a tiny little app. It makes like one network call. So I'm hoping it wouldn’t be too painful to upgrade and it might be interesting to… that serializing stuff sounds interesting to me to having to kind of mingle that stuff within the rest of the request response stuff. Sounds like it might be worth… KEVIN: Yeah, if you’ve got a really big app that is still supporting iOS6 and you’ve got a 1.x code in there that’s working really well for you, like Ben was saying, there may not be a great reason to upgrade right now, simply because AF 1.33 is pretty solid release and at that point, very mature and definitely API breaking changes to try to migrate with AF 2.0 library. So unless you need specifically some of the iOS7 APIs like background, session task or background upload, background downloads and things like that, if your networking portion of your code is working great, that’s still built on top of NSURLConnection which like I said is not deprecated in anyway officially from Apple yet, so you still got plenty of life with that code. PETE: So you just mentioned that some of the iOS7 stuff like the background updating; what specific support do you need is involved there? KEVIN: Yeah, so the AFManager that’s built on top of NSURLSession does have some API to help support the background and download and upload capabilities for NSURLSession. There's still some kind of advanced corner cases when you kind of dig in to it because I know I think Apple takes that code and then runs it on a different process. And then you’ve got to handle a callback, try to reconnect your pipes to get that data back. So, I would definitely watching the WWDC video this year, where they introduce the NSURLSession to get some more details of that part of the API. It is probably one of the more advanced corners of just trying to use NSURLSession in general. PETE: That’s actually an appropriate thing for me because… so my little side project app was just like a time table app that tells you when trains are leaving, and it gets like a live feed of upcoming departures of trains in stations. And doing that in the background with iOS7 would actually be really nice because otherwise every time you look at it, you immediately have to refresh it. Like I said the actual networking thing is like literally a single call to download this chunk of JSON. KEVIN: Yeah, I think that would certainly be worth trying to leverage some of the iOS7 features, especially there would be a remote background fetch and retrieving that data right before the user opens the app. I seem to have quite a bit of luck with the OS. They say that the OS is essentially monitoring when users are opening and closing their apps, and then starts to try to make a guess at when the users probably going to open that app again and give you some time before that time actually occurs, to fetch some data and have your UI just ready to display when the user opens the app. I think that’s a really great experience. BEN: Yeah, and it works so well that you don’t even notice it’s happening. Your phone feels faster. KEVIN: Yeah. I've definitely noticed that like my Twitter client. Like every morning when I wake up, I normally roll over and start reading a few of my tweets, and I open the app and it’s already been updated because it’s part of my morning routine. So I think that’s a really cool feature. JAIM: You know ten minutes after a meeting, you go right to Twitter, right? KEVIN: [Chuckles] Maybe two minutes before the meeting is over. JAIM: Right. CHUCK: Well then, it should be smart enough to complain for you. [Chuckles] “Oh, that meeting. My boss…” Never mind. PETE: So I wonder if this would actually get smart enough to… since I commute the same time pretty much every day, I wonder if it would just start pre-fetching. I’d be interested… KEVIN: I think absolutely it would. I mean, you have to be a good citizen in the callback, you have to give the result of your fetch operation. And if you never have any new data, then they are going to throttle you back and start calling your callback method so often, and the same if you error out. But yeah, if you request, just do it as often as possible. Well, whatever is appropriate for your app. PETE: I think what I'm going to start doing is… well, maybe this is a little bit too much work, but I'm actually quite tempted now to actually log when the OS does that, and kind of send it up to a server somewhere and then graph it out and see whether there's like a noticeable kind of peaks where it does it more in the morning and in the afternoon when I'm getting ready to do my commute. KEVIN: That would be a pretty cool analytical track, I think. PETE: Has anyone done that? I'm kind of imagined someone on the internet somewhere has like tried to reverse engineer this algorithm. ANDREW: I'm sure it’s out there. PETE: Maybe a listener can email the show and let us know. ANDREW: Yeah. So how many contributors do you have for AFNetworking? KEVIN: Hmmm… that’s a good question. I know there probably a core group of guys. Obviously you know, Mattt was the godfather of AFNetworking. There's probably a group of maybe 8 to 9 guys that are pretty actively involved on the issues of GitHub and contributing back to the codebase. I think there's been over 100 that have committed at some point, I believe but I don’t know the actual number. I think GitHub has a chart for that. There's probably 8 or 9 guys that you see pretty active on the issues and try and stay on top of it and keep the library moving forward. PETE: So AFNetworking must be one of the most, if not the most kind of popular or well used open source Objective-C things out there, at this point, I would guess. KEVIN: Yeah, it is actually the most starred Objective-C repository on GitHub. And it finally crossed into the number one spot, actually during WWC of this past year and they finally got past the three20 library on GitHub. BEN: That was a glorious moment. KEVIN: It was great day to finally unseat the three20 library as the most popular Objective-C repository. BEN: Does things need like a shelf life? Like a star should fade away after like 6 months or a year or something because like people learn. [Chuckles] I would wager that most of the people that starred that repo a year later or two years later will probably unstar if they have the opportunity to. KEVIN: Yeah, I think actually about 5 months ago is when Facebook finally updated the landing page for three20 repository. It says, seriously, don’t use it anymore because we haven’t touched this in two years. Yeah like you said, it was kind of misleading because people would come kind of new to the community, check out the most starred repositories on GitHub and see three20 at the top, even though it hadn’t been updated in over two years. BEN : Do you know what we are talking about? CHUCK: Yeah, I know what you are talking as far as starring repositories. KEVIN: No, no the three20. I just figured this might be an opportunity [Chuckles] because people don’t know what this is. CHUCK: No idea. What is the three20 library? KEVIN: So back in the early days of the iOS community, Facebook released what they call the three20 library, which was a collection of objects and UI controls and various things that were found in some of the early versions of the Facebook app, that were very useful back when the API was still changing rapidly from release to release. But overtime, Apple kind of brought in a lot of those things natively into the API or some of the controls just kind of lost their initial glow . Ad it got to the point where if you included three20 in maybe an iOS 4 project, you had 450 warnings or something like that on your project and it’s only grown since then. BEN: You couldn’t just grab one thing. It was like you grab one thing then it needs this other four things then eventually, you need the whole library and it’s just a huge library. KEVIN: Yeah. There's a lot of developers with some battle scars, who have had to remove a three20 dependency from the application. And sometimes, it’s not an easy task at all and takes a long time to remove all of the tentacles that trenches into your app. BEN: There's a large app, it’s like a company who develops sort of near Houston and they were giving a talk at our local meet up group, and they still had some old three20 code and they were like, “We're just waiting for the opportunity to go in and rip it out but it’s a daunting effort.” CHUCK: Yeah, well if it works okay in iOS6, if your app is working there, you are fine until you need to be on iOS 7, which I guess you do now. BEN: I think it’s like a number of things were deprecated a long time ago, and if nobody’s maintaining that library, there are probably some people who are still like updating those things. But like you are saying warnings all over the place and they are just bad coding practices too. Like for instance, just setting aside for the fact that I think the design is really awful; it’s like a design that it has its sort of tentacles in the rest of your application. It’s really tough to decouple yourself from it because it wants you to use its protocols everywhere. And so that makes it really hard for you to say, “Okay, my app isn’t designed this way, so I have to change the way my app is designed to fit into that model.” To do like a photo browsers where the photos are URLs, that is ridiculously easy nowadays -- especially with AFNetworking image view category, you'd slap a page view controller on it. That’s really easy to do. But if you have the AFNetworking code, you are stuck with like their solution. But the bad coding practices I refer to are like when you have category methods, category methods are like sort of like reopening the class into finding method right then and there. So if you have like a is square property on a view and it returns true if the frame’s width equals the frame’s height. I don’t know how useful that would be, but we can add that to every UI view just adding a category method. But the problem is that if I say is square and Apple decides that is useful and they decide to add that to UI view, then my app that’s siting on your phone – that hasn’t been updated in many years -- have no chance to figure out what to do in that scenario. In this scenario, the implementation is obvious; so my implementation is probably their implementation. So we don’t want those things to collide. And I think the behavior is sort of undefined of which symbol it will hit first, if there's collision on category methods. Or maybe it will just crash. I'm not sure. So like when you are dealing with category methods, you need to be really careful to try and choose ones that are very unlikely that Apple would ever replicate. And if you think there's any chance of that ever, then you should prefix it with like af_ or in our case, ch_ or whatever to differentiate. Like we have some simple functional array additions, like you would have in Ruby like a map and select and things like that. But those are very likely at some point to be added to in this array. I don’t see why this couldn’t be. And so our editions are CH map and CH select because I don’t want them to ever conflict. KEVIN: That was actually a problem AF 1.0 have with its view category names. And because the library is built kind of an all or nothing fashion, there were some other image view libraries out there that had the same method names in their categories. And I think it actually only compile if you include both of those in your project. And so people would have to go manually edit source to try to resolve those conflicts so that both of those things can be loaded at the same time. That's actually a lesson learn for AF 2.0. Matt kind of a split out the imagery category into its own specific module, so that if you need to use image functionality from another library, you don’t have to include the AF image code at all and you can get it from somewhere else, to help try to solve that problem. I know it also comes down to people’s preference in terms of their method naming. A lot of people see a prefix and it makes them feel bad when they are reading it out loud, so it’s kind of like a coding style that people sometimes don't really prefer just from a readability stand point. BEN: Yeah, BlocksKit is another one. It has all those additions on lots of classes, and they are so handy that I can see Apple just checking half of those and putting them in there at some point and then you'd really be stuck. PETE: I've done that same thing with the method, prefix is my open source thing because it’s like we add like a touch method to every view… well, to UI view and some point if someone adds touch or some other person is doing something like that, everything is going to break in horrible ways. But it does look ugly. JAIM: One trick that I've used is instead of using prefix, use a suffix. And the big advantage is the code completion is still easy because you don’t need to type prefix. You just type what you think the method is, and the suffix options comes up first. But if there's a similarly named method that would be in the list too. PETE: I like to use ‘in-fix’. Just put it right in the middle there. [Laughter] CHUCK: There you go. JAIM: I make the method names a name that no one would ever copy of them, so they never even be confused. Not the best approach, but hey, why not. BEN: Yeah, like old style Hungarian notation. We had lpz, str for a long pointer to a terminated string. You guys remember that? [Chuckles] KEVI: Yeah, absolutely. PETE: Yeah, I actually did that the other day. I was writing some C++ code, and I put a little ‘p’ in front of my variable name, so I knew it was a pointer. JAIM: How would you know? [Chuckles] PETE: Then I delete that because I realized it was silly. So I wanted to ask you a little bit about what it’s like to be running a would be involved in a big iOS or Objective C open source library, because it’s not really… it feels like the iOS community isn’t quite as embracing open open sources as some other communities. Maybe that’s not a very fair thing to say, maybe just we're earlier in that kind of adoption cycle of using things other than what Apple gives us. If you noticed anything different that with AFNetworking like how people contribute code, or how you make sure that the quality of your contributions is good or how do you guys manage releases, how does that work in the world of iOS? KEVIN: I called Matt earlier, the godfather of AFNetworking. He really does just a phenomenal job of managing all of his open source libraries -- AFNetworking included. He is the gatekeeper for all things AFNetworking. Like I said, we've got a group of devs that spend a lot of time helping out and working on feature development. But at the end of the day, Matt is definitely the guy who drives this thing forward and makes the final call; what makes it in, what makes it out. I've actually learned a lot from him on how to manage an open source library just by being a contributor for this one. I can't say enough good things about how he manages his open source contribution. And if you are an iOS developer and you are not following Matt on GitHub or on Twitter, you are missing out on things that will make your life easier. I don’t know if this guy sleeps with the amount of things he puts out into the open source community. But I guess how I got involved was that here at Mutual Mobile, we actually do try to leverage a lot of open source software because if things have already been created and we can leverage the wheel that’s already been made, that gives us more time to potentially spend on other things. And so, for a long time, we actually used the old ASI library, which was pretty much the defacto networking library outside of NSURLConnection back in the iOS 3 - iOS 4 days. And about two years ago, the maintainers for that library had made a decision that the library had become too bloated, too big. There were too many corner cases with threading that was just causing too many problems. And they essentially threw their hands up and said, this library is deprecated, go find something else and don’t use it anymore. And so at that time, I kind of set out to figure out what we wanted to do for all of our projects that we had; write our own? try to leverage something else out there? And came across AFNetworking in a much younger state than it is now and just got involved and started contributing features that were valuable to us, across all of our different projects and have stayed involved ever since. And it’s definitely a big win to have a library of this magnitude that’s a critical dependency for so many projects. To have a good understanding of what’s going on and so I've kind of kept carrying that torch of Mutual Mobile for us. JAIM: So what's the process of writing a new feature for AFNetworking and submitting it to godfather? KEVIN: [Chuckles] It’s actually pretty simple; you write a feature and you submit a pull request and reviews and comments will commence. You definitely learn Matt’s style overtime; you learn what he likes, you learn what he doesn’t like, so you start trying to write features that kind of cater to how you think he'll respond, and the likelihood of him taking that feature. The very first pull request I think I ever did for AFNetworking was to type def the success and failure blocks. [Chuckles] And that might be everyone’s first contribution to AFNetworking. I think I've seen that pop up 20 times now in the issues, but Matt has a very strong stance, that for an API readability perspective, it makes way more sense to list out those parameters in the interface, rather than having a type def, block we have to go somewhere else to understand what's being passed in there, which makes a lot of sense to me when he explains it that way. So it’s things you pick up on like that, that just makes you a better developer in general to create re-usable libraries that can be used in a lot of different projects. JAIM: How many pull requests did it before you get the first one accepted? KEVIN: [Chuckles] That’s a good question. I actually don’t know. Probably the third or fourth one I did was probably the first one that actually made it, but that was two years ago. I don’t wanna try to turn anybody. You can certainly get in with your first one if you’ve got a good bug fix, a good test, a good feature that AFNetworking needs it. So by all means, I hope everyone gets involved. At least throws out an idea that they find useful that potentially is useful for the rest of the community. CHUCK: I´ll bet that he like all other open source maintainers, loves getting the pull request that are several hundred or a thousand lines of code. KEVIN: Yeah, that's not the best way to submit a feature. If you’ve got a thousand line feature, we probably figure out… BEN: Some people are mixed minds on whether or not you should open an issue first and discuss about a potential solution before committing time to actually write the code. And other people are like, “I don’t wanna discus it unless… I’ll review patches.” And speaking from my last pool request of networking was rejected for some of those reasons of like philosophically, they wanted it to be a different way, which is totally his project and that’s fine. But I did spend an hour on that. And it would have been nice if I had perhaps been able to back the idea between a couple of people just before doing that, and I didn’t actually try that, but I'm just wondering if that’s a stance that you guys take. Discuss something first and then something goes off and does it. KEVIN: That's without a doubt, a great idea. And that's exactly how I've actually how some of my features have been pulled in is I´ll create an issue and just say, “Hey, I've noticed this. I think we could probably do this better. Any thoughts?” And I´ll tag a couple of the guys that I know that are pretty active in the issue list; kind of ping them to make them aware. And if it seems like it’s got some traction, then I´ll take some time and then see if I can turn that into a feature or a bug fix. The one thing that is actually a pet peeve of mine is that there's a GitHub command line tool that allows you to attach a pull request to a previously opened issue. And I absolutely loved doing that. I hate having an issue that has a bunch of discussion and then creating a pool request for that discussion rather than like having kind of like that pull request in line with the discussion. That just kind of keeps everything documented in place. BEN: What about just knowing that this is just a widely used library? I mean I don’t know if we have any sense of how many applications it’s used in, but I would wager it is in the tens of thousands -- just so many people using it. It’s probably you have to take some extra consideration that things you are going to do aren’t going to affect somebody running on a specific architecture or running with another library or on a specific phone, or any number of things that could potentially cause brief or some tiny percentage of users out there -- that adds up to a lot of people. Are there things you guys worry about? Like test more rigorously or… KEVIN: So that’s one of the big things for the 2.0 architecture, is that 1.0 the library was written and tests were kind of strapped on retroactively. And obviously, whenever you build software that way, it’s difficult to get a ton of coverage and feel good about your test case scenarios. And the AF 2 architecture was actually driven by making it very testable. So that’s definitely a big win with the 2.0 library is there is way more test, it is way easier to test. You can have a little bit more peace of mind that a feature you are writing isn’t going to break those 10,000 apps that leveraging these library because it is the most starred library on GitHub, so without a doubt, there's a sense of responsibility of trying not to break anybody. PETE: Did you guys have CI set up using Travis or something like that? KEVIN: Yeah, Matt’s got Travis setup and I believe they just released a xc test plugin just recently, and believe that's been migrated over and it’s up and running now. PETE: Okay. CHUCK: All right. Well it sounds like something that people can definitely benefit from. So thank you and Matt and everybody else for your hard work. And let’s jump and do picks. Andrew, do you wanna start us off? ANDREW: Sure. I just have one pick today; and it’s the Macintosh Software Business mailing list. This has been around for a long time and it’s a place for people to talk about the business of being an independent software developer. Still mostly actually Mac developer, but there's a fair amount of discussion about iOS 2, because most Mac developers have some iOS stuff that they do. And I've learned a lot about advertising and marketing and pricing and all kinds of things by just reading these over the year. That is my pick. CHUCK: Awesome. Jaim, what are your picks? JAIM: Okay, well, we are getting to that time of the year. Who here like Christmas music? [Silence] Okay. [Laughter] CHUCK: My wife has been playing it since Halloween. JAIM: That’s how it goes. It’s the time of year, you have some friends over and someone says, “Oh, we should play some Christmas music.” I'm like it’s all over-blown saccharine sentimentality. But if you say anything about it, you are the Grinch, right? So it’s time to fight back. So I actually found a Christmas music album that I really like. It’s by a band called Low. I’m not sure if you guys know who they are. They’ve been around for a long time. They tour all over the world, but they are from Duluth. It’s really good. CHUCK: Is being from Duluth a credential? JAIM: It is a credential because all the hipsters in New York just wanna be from Duluth, [unintelligible] came from. [Laughter] So yeah, if you get your nephew, your cousin that wears skinny jeans, they'll probably like this album too. You'll like it. So yeah, it’s great to put on, kind of a little mellow, not over blown; by the band Low and they did a Christmas album and it’s really good. CHUCK: All right Ben, what are our picks? BEN: So we are talking a little while ago about recruiters, and it reminded me of this page AwfulRecruiters.com. Same service as Put This Together and it’s basically a list of copy and paste host names that you can either use in Gmail to just auto archive these emails or… CHUCK: Yay!! BEN: [Chuckles] …In your email client of choice. I mean, if you are not going to read them anyway, they might as well just go straight to archive. So that is a good curated list of awful workers. And then the next pick I have is this Ruby Gem called Backup and this is less of an application gem and more of a system gem. You can install this on a server, and it’s got configuration for things like Amazon S3 kes or whatever Dropbox API keys, Twitter tokens, whatever. And then there are things called back up models, so you can have a backup model to back up like a specific application. And so I'm running this on a server and then it backs up a Postgres database, Redis database and log files. And it knows automatically… like I can configure it to gzip the compressed files or the collecive files and the split them to chunks of 250 Megs and then upload them all to S3, and then only keep the last like 20 backups, which is a really cool way of handling that. It was pretty easy. I got it up and running in about ten minutes or maybe 15. Anyways, so really handy if you run your own servers and need to back stuff up. And then my last pick is coffee. I tend to order a ton of coffee on the internet because the closest good coffee shop is about 15 miles from my house. And so anyway, this one I just got from Blue Bottle, I ordered a lot from Blue Bottle, actually. This far and away like the best one I've had there. It’s called Three Africans and its about $17.50 for a pound, but it is super, super good. So I just order 2 more pounds of these and they should be here soon. So that’s why I'm drinking tea today, because I'm out of coffee. And those are my picks. CHUCK: You should talk about the coffee in kilos; then we can pretend that’s in the legal substance and it will make me feel a little bit more home. PETE: [Chuckles] What are you talking about? I'm not addicted to drugs! CHUCK: No, you [inaudible] kilos. BEN: It’s okay. Its Colombian coffee, you know? CHUCK: [Laughs] PETE: Maybe I´ll wander to Blue Bottle coffee later and have a Three Africans in your honor then. BEN: Yes. You know, you go into Blue Bottle you go on and they have all those syphon things. It does look like a meth lab in there. It does. [Laughter] There’s like bubbling chemistry sets and all that, but just making coffee. PETE: Fun Fact: Me and Ben, we met buying I believe coffee randomly. BEN: Yeah, that was such a cool story. Yeah, we were in a bar in Berkley and I was explaining my experience of what syphon coffee is pretty awesome. I was doing an okay job at explaining it, and this guy sitting next to Pete at the bar was like increasingly interested in our conversation, to the point where he was leaning in and listening. And I was like okay, whatever. Just interested in coffee. And when we were all done, he was very quiet. And at the end of it all, he was like, hey, I'm like the director of marketing of costumer experience or something at Blue Bottle. And so he was like thrilled to hear my sort of overjoyed experience at Blue Bottle, so that was good. PETE: That was a pretty funny experience. CHUCK: That’s funny. Yeah, two programmers walk into a bar… Anyway, Pete, what are your picks? PETE : Inspired by the Awful Recruiters thing and the reference of archiving things in Gmail, my first pick is going to be the mute button in Gmail. If you are on a public mailing list and people are annoying you with the conversation that they are having and you want them to stop talking, replying to that email is not going to help; it’s just going to annoy everyone else who is sick of the email thread going on, just press the mute button BEN : And you are going to get the auto responders. PETE: Yeah. BEN : The vacation auto responders are going to come get you. PETE: Just press the mute button. It’s okay. You don’t have to have the last word; you can just press the mute button. BEN : Where is the mute button? PETE: The mute button, there is a mute button in Gmail. I guess if you don’t use Gmail, then you should use Gmail, but you can mute an email thread and it will just stop. It will also archive the rest of that thread for you, so it is still there for your record, but it doesn’t keep popping up into your inbox so you don’t get frustrated by it, so you don’t feel the need to add to the noise by replying set to everyone saying, “Please stop talking.” -- when you are the one talking. CHUCK: I see. So you hit the mute button and then they all have the last word because you are done listening to them. PETE: Yeah. It’s the electronic equivalent of walking out of the room. So yeah, more people should know about that button. My second pick is a plug. I haven’t plugged anything for a while, so I'm going to plug the P2 magazine which is something that someone from Through Works kind of started doing on their own and kind of took off of inside of Thought Works and now kind of a public thing. So it is this little magazine for programmers talking about programmer and stuff. It’s quite good. It comes out every month or so. It’s an electronic magazine. It’s on GitHub, actually. The reason I'm picking it is because a new issue of the magazine came out this morning, and I was reading that on my way to work. And one of the articles at the end concludes with, “We cut our four-hour test suites for an hour by implementing this one weird old tip.” [Chuckles] Which just made me laugh because it’s reference to all of those bizarre adverts that you get on the side. Anyway, you can get a P2 magazine at https://thoughtworks.github.io/p2. There will be a link in the show notes. My last pick is a beer. Today I'm going to pick Chasin’ Freshies, which is a fresh hop IPA from Deschutes brewery. And if you like IPAs and you like that lovely hop aroma that you get from a good IPA, then you should definitely try this one. It’s lots of hoppy stuff going on, but quite a lot of shopper fruits in there, so kind of melons and passion fruit and stuff like that, so it’s not just kind of like resiny piney hops. It tastes awesome, actually. So get it while you can. BEN : Doesn’t that violate your sort of your low alcohol general rule? Because it sounds like it does. PETE: Yeah, a little bit. It’s not like a crazy big IPA, I think it’s only like 6% or something. It’s not high on the alcohol, but I think they do a lot of like late hop editions, so I'm not going to start another hour long podcast with me talking about brewing beer, but if you add hops later on in the boil, then you get more of the aroma, and kind of fresh taste of the hops rather than the bittering kind of flavor of the hops. So these lots of fresh hops is added later in the boil, or maybe even after the boil, so you get lot more of the kind of the aromas, and kind of flavor rather than the bitterness. So there you go. CHUCK: awesome. All right, I´ll go ahead and jump in real quick. Now, I blew all of my picks on the episode that comes out in three weeks. Don’t ask. So I really just have one pick; I got a text while we were recording a said future episode from my wife and basically, it is her buying me a birthday present and it’s The Desolation of Smaug. It’s the next Hobbit movie, and I am thrilled. I'm excited to go. So I might have dropped a not so subtle hint that I wanted to see it in 3D iMax, and that’s what my ticket says. BEN : Nice CHUCK: I don’t have anything else to pick because I'm just excited about that. So, anyway just yeah, go see it. It will be awesome. Kevin, what are your picks? KEVIN: I got two; I could an throw in there. The first one is a tool I wrote to help debugging with AFNetworking and its called and AFHARchiver. And HTTP Archiving is a format for storing request and responses into file, to then be able to play those back later and inspect the traffic that’s going on within your application. And you can use tools like Charles or even some web viewers, you can just drop the file in and view all the traffic that’s going back and forth within your application. It’s a pretty useful tool to use in development to help to understand and debug request responses that maybe going on within your application. If you’ve got clients or other people testing your app, you can enable that. And if you have reporting specific problems, use that as a log that help try to track some issues down. So that’s pretty useful. That’s on GitHub. The other one, I was actually listening to your continuous integration episode from a couple of weeks back and I feel like I wanted to call in and just start talking because I'm one of the CI nuts here. We actually use a tool in called Bamboo. I know there's a lot of people that are probably familiar with Jira, an issue tracking system. Atlassian has a suite of other tools that help aid in development, and their CI tool is called Bamboo. There's a lot of deep integration with Jira as well as if you use all of their tool suite so that if stash for SEM, but Bamboo is definitely a great tool for continuous integration as well. We actually use Jenkins for a long time -- which I know you guys talk about pretty in depth -- before we migrated over to use bamboo going forward. So I definitely recommend that as well. CHUCK: Awesome. Yeah, definitely go check those out and I highly encourage people to do CI on any project that they can. All right, well, we'll go ahead and wrap up the show. Thanks for coming, Kevin. KEVIN: No problem. Thanks for having me. BEN : Yeah, thanks it was a good episode. And I appreciate all your hard work on AFNetworking. CHUCK: Well, let’s wrap this up. We'll catch you all next week!