Firewall

How to develop software ideas

July 9, 2017 by Simon

I was recently at a public talk by Alan Jones at the UNE Smart Region Incubator where Alan talked about launching startups and developing ideas.

Alan put it quite eloquently that “With change comes opportunity” and we are all very capable of building the next best thing as technological barriers and costs are a lot lower than 5 years ago but Alan also mentioned 19 start-ups-ups fail but “if you focus on solving customer problems you have a better chance of succeeding”. Regions need to share knowledge and you can learn from other peoples mistakes.”

I was asked after this event to share thoughts on “how do I learn to develop an app” and “how do you get the knowledge”. Here is my poor “brain dump” on how to develop software ideas (It’s hard to condense 30 years experience developing software). I will revise this post over the coming weeks so check back often.

If you have never programmed before check out this programming 101 guides here.

I have blogged on technology/knowledge things in the past at www.fearby.com and recently I blogged about how to develop cloud-based services (here, here, here, here and here) but this blog post assumes you have a validated “app idea” and you want to know how to develop yourself. If you do not want to develop an app yourself you may want to speak with Blue Chilli.

Find a good mentor.

True App Development Quotes

Finding development information is easy, following a plan is hard.
Aim for progress and not perfection.
Learn one thing at a time (Multitasking can kill your brain).
Fail fast and fail early and get feedback as early as possible from customers.
10 engaged customers are better than 10,000 disengaged users.

And a bit of humour before we start.

(click for larger image)

Here is a funny video on startup/entrepreneur life/lingo

This is a good funny, open and honest video about programming on YouTube.

Follow Seth F Samuel on twitter here.

Don’t be afraid to learn from others before you develop

My fav tips from over 200 failed startups (from https://www.cbinsights.com/blog/startup-failure-post-mortem/ )

Simpler websites shouldn’t take more than 2-3 months.You can always iterate and extrapolate later. Wet your feet asap
As products became more and more complex, the performance degrades. Speed is a feature for all web apps. You can spend hundreds of hours trying to speed of the app with little success. Benchmarking tools incorporated into the development cycle from the beginning is a good idea
Outsource or buy in talent if you don’t know something (e.g marketing). Time is money.
Make an environment where you will be productive. Working from home can be convenient, but often times will be much less productive than a separate space. Also it’s a good idea to have separate spaces so you’ll have some work/life balance.
Not giving enough time to stress and load testing or leaving it until the last minute is something startups are known for — especially true of small teams — but it means things tend to get pretty tricky at scale, particularly if you start adding a user every four seconds.
It’s possible to make a little money from a lot of people, or a lot of money from a few people. Making a little money from a few people doesn’t add up. If you’re not selling something, you better have a LOT of eyeballs. We didn’t.
We received conflicting advice from lots of smart people about which is more important. We focused on engagement, which we improved by orders of magnitude. No one cared. Lesson learned: Growth is the only thing that matters if you are building a social network. Period. Engagement is great but you aren’t even going to get the meeting unless your top-line numbers reach a certain threshold (which is different for seed vs. series A vs. selling advertising).
We most definitely committed the all-too-common sin of premature scaling. Driven by the desire to hit significant numbers to prove the road for future fundraising and encouraged by our great initial traction in the student market, we embarked on significant work developing paid marketing channels and distribution channels that we could use to demonstrate scalable customer acquisition. This all fell flat due to our lack of product/market fit in the new markets, distracted significantly from product work to fix the fit (double fail) and cost a whole bunch of our runway.
If you’re bootstrapping, cash flow is king. If you want to possibly build a product while your revenue is coming from other sources, you have to get those sources stable before you can focus on the product.
Don’t multiply big numbers. Multiply $30 times 1.000 clients times 24 months. WOW, we will be rich! Oh, silly you, you have no idea how hard it is to get 1.000 clients paying anything monthly for 24 months. Here is my advice: get your first client. Then get your first 10. Then get more and more. Until you have your first 10 clients, you have proved nothing, only that you can multiply numbers.
Customers pay for information, not raw data. Customers are willing to pay a lot more for information and most are not interested in data. Your service should make your customers look intelligent in front of their stakeholders. Follow up with inactive users. This is especially true when your service does not give intermediate values to your users. Our system should have been smarter about checking up on our users at various stages.
Do not launch a startup if you do not have enough funding for multiple iterations. The chances of getting it right the first time are about the equivalent of winning the lotto.

Here are my tips on staying on track developing apps. What is the difference between a website, app, API, web app, hybrid app and software (my blog post here)?

I have seen quite a few projects fail because:

The wrong technology was mandated.
The software was not documented (by the developers).
The software was shelved because new developers hated it or did not want to support it.

Project Roles (hats)

It is important to understand the roles in a project (project management methodology aside) and know when you are being a “decision maker” or a “technical developer”. A project usually has these roles.

Sponsor/owner (usually fund the project and have the final say).
Executive/Team leader/scrum master (manage day to day operations, people, tasks and resources).
Team members (UI, UX, Marketers, Developers (DevOps, Web, Design etc) are usually the doers.
Stakeholders (people who are impacted (operations, owners, Helpdesk)).
Subject Matter Experts (people who should guide the work and not be ignored).
Testers (people who test the product and give feedback).

It can be hard as a developer to switch hats in a one-person team.

How do you develop and gain knowledge?

First, document what you need to develop (what problem are you solving and what value will your idea bring). Does this solution exist already? Don’t solve a problem that already exists.

Developing software is not hard, you just need to be logical, research, be patient and follow a plan. The hardest part can be gluing components together.

I like to think of developing software like making a car if you need 4 wheels do you have 4 wheels? If you want to build it yourself and save some money can you make wheels (make rubber strips with steel reinforced/vulcanized rubber, make alloys and add bearings and have them pass regulations) or should you buy wheels (some things are cheaper to make than other things)? Developing software can be easy if you know what your are doing and have the experience and are aware of the costs and risks. Developing software can lead you down a rabbit hole of endless research, development, and testing if you don’t know what you are doing.

Examples 1:

I “need a webpage”:

Research: Will Wix, Shopify or a hosted WordPress website do (is it flexible or cheap enough) or do I install WordPress (guide here) or do I learn and build an HTML website and buy a theme and modify it (and have a custom/flexible solution)?

Example 2:

I “need an iPhone and Android app”:

Research: You will need to learn iOS and Android programming and you may need a server or two to hold the apps data, webpage and API. You will also need to set up and secure the servers or choose to install a database or go with a “database as a service” like cloud.mongodb.com or google firebase.

Money can buy anything (but will it be flexible/cheap enough), time can build anything (but will it be secure enough).

Developing software can be easy if you know what your are doing and have the experience and are aware of the costs and risks but developing software can lead you down a rabbit hole of endless research, development and testing if you don’t know what you are doing.

Almost all systems will need a central database to store all data, you can choose a traditional relational SQL database or a newer NoSQL database. MySQL is a good/cheap relational SQL database and MongoDB is a good NoSQL database. You will need to decide on how your app talks to the database (directly or via an API (protected by OAuth or limited access tokens)). It is a bad idea to open a database directly to the world with no security. Sites like www.shodan.io will automatically scan the Internet looking for open databases or systems and report this as an insecure site to anyone. It is in your interest to develop secure systems in all stages of development.

CRUD (Create, Read, Update and Delete) is a common group of database tasks that you can do to prove you can read, write, update and delete from a database. While performing CRUD operations is a good to benchmark to also see how fast the database it. if a database is the slowest link then you can use memory to cache database values (read my guide here). Caching can turn a cheap server into a faster server. Learning by doing can quickly build skills so “research”, “do” and “learn”.

Most solutions will need a website (and a web server). Here is a good article comparing Apache and Nginx (the leading open source web servers).

Stacks and Technology – There are loads of development environments (stacks), frameworks and technologies that you can choose. Frameworks supposedly make things easier and faster but frameworks and technologies change (See 2016 frameworks to learn guide and 2017 frameworks to learn guide) frequently (and can be abandoned). Frameworks supposedly make things easier and faster but be careful most frameworks run 30% slower than raw server-side and client code. I’d recommend you learn a few technologies like NGINX, NodeJS, PHP and MySQL and move up from there.

The Mean Stack is a popular web development platform (MEAN = MongoDB, ExpressJS, Angular and NodeJS.).

Apps can be developed for Apple platforms by signing up here (about $150 AUD a year) and using the XCode IDE. Apps can be developed for the Android Platform by using Android Studio (for about $20 (one-off fee)). Microsoft has a developer portal for the Windows Platform. Google also has an online scalable database as a service called Firebase. If you look hard enough you will find a service for everything but connecting those services can be timely, costly or make security and a scalable solution impossible so beware of using as-a-service platforms. I used the Corona SDK to develop an app but abandoned the platform due to changes in the vendor’s communication and enforced policies.

If you are not sure don’t be afraid of ask for help on Twitter.

Twitter is awesome for finding experts

Recent twitter replies to a problem I had.

Learning about new Technology and Stacks

To build the knowledge you need to learn stuff, build stuff, test (benchmark), get feedback and build more stuff. I like to learn about new technology and stacks by watching Udemy courses and they have a huge list of development courses (Web Development, Mobile Apps, Programming Languages, Game Development, Databases, Software Testing, Software Engineering etc).

I am currently watching a Practical iOS 11 course by Stephen DeStefano on Udemy to learn about unreleased/upcoming features on the Apple iPhone (learning about XCode 9, Swift 4, What’s new in iOS 11, Drag and drop, PDF and ARKit etc).

Udemy is awesome (Udemy often have courses for $15).

If you want to learn HTML go to https://www.w3schools.com/.

https://devslopes.com/have a number or development related courses and an active community of developers in a chat system.

You can also do formal study via an education provider (e.g. Bachelor of computer sciences at UNE or Certificate IV in programming or Diploma in Software Development at TAFE).

I would recommend you use Twitter and follow keywords (hashtags) around key topics (e.g #www, #css, #sql, #nosql, #nginx, #mongodb, #ios, #apple, #android, #swift, #objectivec, #java, #kotlin) and identify users to follow. Twitter is great for picking up new information.

I follow the following developers on YouTube (TheSwiftGuy, AppleProgrammer, AwesomeTuts, LetsBuildThatApp, CodingTech etc)

Companies like https://www.civo.com/ offer developer-friendly features with hosting, https://www.pebbled.io/ offer to develop for you and https://serverpilot.io/ help you spin up software on hosting providers.

What To Develop

First, you need to break down what you need. (e.g ” I want an app for iOS and Android in 5 months that does XYZ. The app must be secure and be fast. Users must be able to register an account and update their profile”).

Choosing how high to ensure your development project scales depends on your peak expected/active concurrent users (ratio of paying and free users). You can develop your app to scale very high but this may cost more money initially, it can be bad to pay to ensure scalability early. As long as you have a good product and robust networking/retry routines and UI you don’t need to scale high early.

Once you know what you need you can search the open-source community for code that you can use. I use Alamofire for iOS network requests, SwiftyJSON for processing JSON data and other open-source software. The only downside of using open source software is it may be abandoned by the creators and break in the future. Saving your time early may cost you time later.

Then you can break down what you don’t want. (e.g “I don’t want a web app or a windows phone or windows desktop app”). From here you will have a list of what you need and what you can avoid.

You will also need to choose a project management methodology (I have blogged about this here). Having a list of action item’s and a plan and you can work through developing your app.

While you are researching it is a good idea to develop smaller fun projects to refine your skills. There are a number of System Development Life Cycles (SDLC’s) but don’t worry if you get stuck, seek advice or move on. It is a good idea to get users beta testing your app early and seek feedback. Apple has the TestFlight app where you can send beta versions of apps to best testers. Here is a good guide on Android beta testing.

If you are unsure about certain user interface options or features divide your beta testers and perform A/B or split testing to determine the most popular user interfaces. Capturing user data and logs can also help with debugging and user usage actions.

Practice

Develop smaller proof of concept apps in new technologies or frameworks and you will build your knowledge and uncover limitations in certain frameworks and how to move forward with confidence. It is advisable to save your source code for later use and to share with others.

I have shared quite a bit of code at https://simon.fearby.com/blog/ that I refer to from time to time. I should have shared this on GitHub but I know Google will find this if people want it.

Get as much feedback as you can on what you do and choose (don’t trust the first blog post you read (me included)).

Most companies offer Webinars on their products. I like the NGINX webinars. Tutorialspoint have courses on development topics. Sitepoint is a good development site that offers free books, courses, and articles. What are API’s information by Programmable web.

You may want to document your application flow to better understand how the user interface works.

Useful Tools

Balsamic Mockups and Blueprint are handy for mocking up applications.

C9.io is a great web-based IDE that can connect to a VM on AWS or Digital Ocean. I have a guide here on connecting Cloud 9 to an AWS VM here.

I use the Sublime Text 3 text editor when editing websites locally.

(image courtesy of https://www.sublimetext.com/ )

I use the Mac Paw app to help test API’s I develop locally.

(image courtesy of https://paw.cloud )

Snippets is a great application for the Mac for storing code snippets.

I use the Cornerstone Subversion app for backing up my code on my Mac.

Webservers: https://www.iis.net/IIS Webserver, NGINX Webserver, Apache Webserver.

NodeJS programming manual and tutorials.

I use Little Snitch (guide here) for simulating network down in app development.

I use the Forklift file manager on OSX.

Databases: SQL tutorials, NoSQL Tutorials, MySQL documentation.

Siege is a command-line HTTP load testing tool.

http://loader.io/ is a nice web-based benchmarking tool.

Bootstrap is an essential mobile responsive framework.

Atlassian Jira is an essential project tracking tool. More on Agile Epics v Stories v Tasks on the Atlassian community website here. I have a post on developing software and staying on track here using Jira.

Jsfiddle is a good site that allows you to share code you are working on or having trouble with.

Dribbble is a “show and tell” site for designers and creatives.

Stackoverflow is the go-to place to ask for help.

Things I care about during development phases.

Scalability
Flexibility
Risk
Cost
Speed

Concentrating too much on one facet can risk exposing other facets. Good programmers can recommend a deliver a solution that can be strong in all areas ( I hate developing apps that are slow but secure or scalable and complex).

Platforms

You can signup for online servers like Azure, AWS (my guide here) or you can use a cheaper CPanel based hosting. Read my guide on the costs of running a cloud-based service.

Use my link to get a free Digital Ocean server for two months by using this link. Read my blog post here to help setup you VM. You can always use Ubuntu on your local machine to use Ubuntu (read my guide here). Don’t forget to use a GIT code repository like GitHub or Bitbucket.

Locally you can install Ubuntu (developers edition) and have a similar environment as cloud platforms.

Lessons Learned

Deploy servers close to the customers (Digital Ocean is too far away to scale in Australia).
Accessibility and testing (make things accessible from the start).
Backup regularly (Use GIT, backup your server and use Rsync to copy files to remote servers and use services like backblaze.com to backup your machine).
Transportability of technology (Use open technology and don’t lock yours into one platform or service).
Cost (expensive and convenient solutions may be costly).
Buy in themes and solutions (wrapbootstrap.com).
Do improve what you have done (make things better over time). Thing progress and not perfection.

There is no shortage of online comments bagging certain frameworks or platforms so look for trends and success stories and don’t go with the first framework you find. Try candidate frameworks and services and make up your own mind.

A good plan, violently executed now, is better than a perfect plan next week. – General George S. Patton

Costs

Sometimes cost is not the deciding factor (read my blog post on Alibaba cloud). You should estimate your apps costs per 1000 users. What do light v heavy users cost you? I have a blog post on the approx cost of cloud services. I started researching a scalable NoSQL platform on IBM Cloudant and it was going to cost $4,000 USD a month and integrating my own App logic and security was hard. I ended up testing MongoDB Cloud where I can scale to three servers for $80 a month but for now, I am developing my current project on my own AWS server with MongoDB instance. Read my blog post here on setting up MongoDB and read my blog post on the best MongoDB GUI.

Here is a great infographic for viewing what’s involved in mobile app development.

You can choose a number of tools or technologies to achieve your goals, for me it is doing it economically, securely and in a scalable way that has predictable costs. It is quite easy to develop something that is costly, won’t scale or not secure or flexible. Don’t get locked into expensive technologies. For example, AWS has a user pays Node JS service called Lambada where you get Million of free hits a month and then you get charged $0.0000002 per request thereafter. This sounds good but I prefer fixed pricing/DIY servers better as it allows me to build my own logic into apps (this is more important than scalability).

Using open-source software of off the shelf solutions may speed things up initially? Will It slow you down later though? Ensure free solutions are complete and supported and Ensure frameworks are helping. Do you need one server or multiple servers (guide on setting up a distributed MySQL environment )? You can read about my scalability on a budget journey here. You can speed up a server in two ways Scale Up (Add more Mhz or CPU cores) or scale-out (add more servers).

Start small and use free frameworks and platforms but have a tested scale-up plan, I researched cheap Digital Ocean servers and moved to AWS to improve latency and tested MongoDB on Digital Ocean and AWS but have a plan to scale up to cloud.mongodb.com if need be.

Outsource (contractors)

Remember outsourcing work tasks (or complete outsourcing of development) can buy you time and or deliver software faster. Outsourcing can also introduce risks and be expensive. Ask for examples of previous work and get raw numbers on costs (now and in the future) and concurrent users that a particular bit of outsourcing work will achieve.

If you are looking to outsource work do look at work that the person or company has done before (if is fast, compliant, mobile scalable, secure, robust, backup up, do you have rights to edit/own and own the IP etc). I’d be cautious of companies who say they can do everything and don’t show live demos.

Also, beware of restrictions on your code set by the contractors. Can they do everything you need (compare with your list of Moscow must haves)? Sometimes contractors only code or do what they are comfortable with that can impact your deliverables.

Do use a private Git repository (that you own) like GitHub or BitBucket to secure your code and use software like Trello or Atlassian JIRA to track your project. Insist the contractors use your repository to retain control.

You can always sell equity in your idea to an investor and get feedback/development from companies like Bluechilli.

Monetization and data

Do have multiple monetization streams (initial app purchase cost, in-app purchase, subscriptions, in-app credit, advertising, selling code/components etc). Monthly revenue over yearly subscription works best to ensure cash flow.

Capture usage data and determine trends around successful engagement, Improve what works. Use A/B testing to roll out new features.

I like Backblaze post on getting your first 1,000 customers.

Maintenance, support risk and benefits

Building your own service can be cheaper but also riskier if you fail to secure an app you are in trouble if you cannot scale you are in trouble. If you don’t update your server when vulnerabilities come out you are in trouble. Also, Google on monetization strategies. Apple apps do appear to deliver more profits over Android. Developers often joke “Apple devices offer 90% of the profits and 10% of the problems and Android apps offer 90% of the problems and 10% of the profits”.

Also, Apple users tend to update to the latest operating system sooner where Android devices are rather fragmented.

Do inform you users with self-service status pages and informative error messages and don’t annoy users.

Use Free Trials and Credit

Most vendors have free trials so use them

https://aws.amazon.com/free/AWS have 12 month free tiers.

Use this link to get two months free with Digital Ocean.

Microsoft Azure also give away free credit.

Google cloud also have free credit.

Don’t be afraid to ask.

MongoDB Cloud also gives away free credit if you ask.

Security

Sites like Shodan.io will quickly reveal weaknesses in your server (and services), this will help you build robust solutions from the start before hackers find them. Read https://www.owasp.org/index.php/Main_Page to know h0w to develop secure websites. Listen to the SecurityNow podcast to learn how the technology works and is broken. Following TroyHunt is recommended to keep up to date with security in general. @0xDUDE is a good ethical hacker to follow to stay up-to date on security exploits also @GDI_FDN is a good non-profit organization that helps defend sites that use open source software.

White hack hackers exist but so do black hat ones.

Read the Open Web Application Security site here. Read my guide on setting up public key pinning in security certificates here.

I use the ASafaWeb site to test your sites from common ASP security flaws. If you have a secure certificate on your site you will need to ensure the certificate is secure and up to date with the SSL Labs SSL Test site.

Once your websites IP address is known (get it from SSL Labs) run a scan over your site with https://www.shodan.io/ to find open ports or security weaknesses.

Shodan.io allows you and others to see public information about your server and services. You can read about well-known internet ports here.

Anyone can find your server if you are running older (or current) web servers and or services.

It is a good idea to follow security researchers like Steve Gibson and Troy Hunt and stay up to date with live exploits. http://blog.talosintelligence.com is also a good site for reading technical breakdowns of exploits.

Networking

Do share and talk about what you do with other developers. You can learn a lot from other developers and this can save you loads of time and mistakes. True developers love talking about their code and solutions.

Decision Making

Quite a lot of time can be spent on deciding on what technology or platform to use, I decide by factoring in cost, risk and security over flexibility, support and scalability. If I need flexibility, lower support or scalability then I’ll choose a different technology/platform. Generally, technology can help with support. Scalable solutions need effort from start to finish (it is quite easy to slow down any technology or service).

Don’t be afraid to admit you have chosen the wrong technology or platform. It is far easier to research and move on than live with poor technology.

If you have chosen the wrong technology and stick with it, you (and others) will loath working with it (impacting productivity/velocity). Do you spend time swapping technology or platforms now or be less productive later?

Intellectual property and Trademarks

Ensure you search international trademarks for your app terms before you start using them. The Australian ATO has a good Australian business name checker here.

https://namechk.com/ is also a good place to search for your app ideas name before you buy or register any social media accounts.

Using https://namechk.com/ you can see “mystartupidea” name is mostly free.

And the name “microsoft’ is mostly taken.

Seek advice from a start-up experts from https://www.bluechilli.com/ like Alan Jones.

See my guide on how to get useful feedback for your ideas here.

Tips

Use Git Source Control systems like GitHub or Bitbucket from the start and offsite backup your server and environments frequently. Digital Ocean charges 20% of your servers costs to back it up. AWS has multiple backup offerings.
Start small and scale up when needed.
Do lots of research and test different platforms, frameworks, and technologies and you will know what you should choose to develop with.

(Image above found at http://startupquotes.startupvitamins.com/ Follow Startup Vitamins on Twitter here.).

You will know when you are a developer when you have gained knowledge and experience and can automatically avoid technologies that will not fit a solution.

Share

Don’t be afraid to share what you know (read my blog post on this here). Sharing allows you to solidify your knowledge and get new information. Shane Bishop from EWWW Image Optimizer WordPress plugin wrote Setting up a fast distributed MySQL environment with SSL for us. If you have something to share on here please let me know here on twitter.

It’s never too late to do

One final tip is knowledge is not everything, planning and research is key, a mind that can’t develop may be better than a mind that can because they have no experience (or baggage) and may find faster ways to do things. Thanks to http://zachvo.com/ for teaching me this during a recent WordPress re-deployment. Sometimes the simplest solution is.

Donate and make this blog better

Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

DRAFT: 1.86 added short link

Short: https://fearby.com/go2/develop/

Blocking XCode iOS Simulator App traffic with the help of Little Snitch firewall

January 14, 2017 by Simon

Backend Considerations

I have been developing a mobile app using XCode and Swift 3 for a while now, I have been very focused on developing a scalable and robust back ends on multiple servers using different services. Loads of experts say you only have two chances to keep users engaged before they leave your app because of speed or silly error messages or slow apps. Part of having a trustworthy app is giving users true error messages when errors pop up. This involves testing and developing for each error scenario.

I have tried to guess every possible failure point and use HTTP status codes in my app API to inform the user of reasons why something has failed (not just a success/fail).

A typical API’s for my app returns these possible HTTP status error codes.

400 – No Body.
401 – Invalid payload (automatically validated multiple ways using node modules like validator).
402 – Invalid input payload (manually validated by my code).
403 – Backend NoSQL database down.
404 – Invalid User
405 – Query returned no results from back end NoSQL database
406 – Invalid Output Payload (from various sources).
407 – User has reached max queries in xx minutes.
408 – Invalid Request
etc

I use http://keymetrics.io to monitor my node processes, custom code to notify me when things go down and I use the node package winston to log anything for later review. I am happy with the throughput, even with the excessive logging and access controls and I am now moving onto the front end of my application.

Front End

I decided to use Swift 3 in XCode 8.2.1 to talk to my JSON API, I am using the Alamofire Networking module in Xcode to handle the network stack (as pure Swift 3 networking code was horrid).

Tip: I had issues with CocoPods to manage the installation of Alamofire so I ended up dropping it and installing it manually.

Once I setup my API setup the code below to query my API (‘/appname/api/v1/login/’) and process the data returned.

let parameters: Parameters = [
    "email": "\(sUsername)",
    "password": "\(sEncryptedHashedPassword)"
]
let headers: HTTPHeaders = [
    "x-access-token": "\(sSingleUseUserAccessToken)",
    "Content-Type": "application/json",
    "Accept": "application/json",
    "DNT": "1 (Do Not Track Enabled)"
]
let theAPIURL = globalSettings.API_LOGIN_PAGE

Alamofire.request("\(theAPIURL!)", method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers)
    .validate(statusCode: 200..<201)
    .validate(contentType: ["application/json"])
    .responseData { response in
        switch response.result {
        case .success(let data):
            
            # Debug 
            print("Login Success (200)")
            print("response.request: \(response.request)")  // original URL request
            print("response.response: \(response.response)") // HTTP URL response
            print("reposnse.data: \(response.data)")        // server data
            print("result: \(response.result)")   // result of response serialization
            print("Login Time: \(response.timeline)")  // time
            
            // Processing Successful Login.
            
            let json = try! JSONSerialization.jsonObject(with: data)
            
            // Debug Return Payload
            print(json)
                        
            // Unwraping Payload Preferences

        
            // Assume the App Loads OK (Checks below)
            var local_LoadedOk = "Yes"
                local_LoadedOk = "Yes"
            var local_LoadedNotOKMessage = "Unknown Error"
                local_LoadedNotOKMessage = "Unknown Error"
            
            // API Payload Validation
            
            var local_LoginChecksPassingOK = true
                local_LoginChecksPassingOK = true
            
            // Get the users guid from the API Payload ( simple validation )
            var local_f_guid = (json as! NSDictionary)["f_guid"] as! String
            print("local_f_guid: \(local_f_guid)")
            if local_f_guid != "" {
                // Is the guis the right length?
                if local_f_guid.characters.count == 36 {
                    // ok
                    print(" - guid ok")
                } else {
                    local_f_guid = ""
                    // login guid too short
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_001)"
                }
            } else {
                local_f_guid = ""
                // Error Login Guid Missing
                local_LoginChecksPassingOK = false
                local_LoadedOk = "No"
                local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_002)"
            }
            
        // Get Username from API Payload
            var local_Username = (json as! NSDictionary)["Username"] as! String
            print("local_Username: \(local_Username)")
            if (local_LoginChecksPassingOK == true) {
                print("login validation ok so far")
                // Get Username
                if local_Username != "" {
                    // Check Email for @ symbol
                    if local_Username.characters.count > 0 {
                        // ok
                        print(" - username ok")
                    } else {
                        local_Username = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_003)"
                    }
                    
                } else {
                    local_Username = ""
                    // Username Empty
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_004)"
                }
            }

            
        // Get Email from API Payload
            var local_Email = (json as! NSDictionary)["Email"] as! String
            print("local_Email: \(local_Email)")
            if (local_LoginChecksPassingOK == true) {
                if (local_LoginChecksPassingOK == true) {
                    if local_Email != "" {
                        // Check Email for @ symbol
                        if local_Email.contains("@") == true {
                            print(" - email ok")
                        } else {
                            local_Email = ""
                            // Username Empty
                            local_LoginChecksPassingOK = false
                            local_LoadedOk = "No"
                            local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_005)"
                        }
                    } else {
                        local_Email = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_006)"
                    }
                }
            }
            
            
            // Was there and Error Loading or Saving
            // ... Code Removed

            // Unload other values
            // ... Code Removed
            
            // Save Preferences
            // ... Code Removed
            
            self.loginActivityIndicator.stopAnimating()
            
            // Redirect Back to Main View
            self.lblLoginProcessing.text = "Returning to the Main Screen........."
            let vc = ( self.storyboard?.instantiateViewController( withIdentifier: "mainViewController") )!
            //vc.view.backgroundColor = UIColor.orange()
            vc.modalTransitionStyle = .crossDissolve
            self.present(vc, animated: true, completion: nil)
            
        case .failure(let error):
            
            var sErrorTitle = ""
            var sErrorBody = ""
            print(" - Login Error")
            print(" - - \(error._code)")
            print(" - - \(error)")
            
            if error._code == NSURLErrorTimedOut {
                //timeout
                print("Error: Server Timeout (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
            }
            
            if (response.response?.statusCode == 402) {
                print("Error: Invalid Password (402)")
                sErrorTitle = "Invalid Password"
                sErrorBody = "The password you entered was invalid.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 403 {
                print("Error: Unknown Account (403)")
                sErrorTitle = "Unknown Account"
                sErrorBody = "The account you entered was not found.\r\n\r\n Error: \(error)"
           
            } else if response.response?.statusCode == 408 {
                print("Error: Server Timeout2 (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout2"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 499 {
                print("Error: Invalid or missing token, please update your app (499) ")
                sErrorTitle = "Invalid Version"
                sErrorBody = "The app token was invalid (or outdated), plaase update your app and try again.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 503 {
                print("Error: Database Read Error")
                sErrorTitle = "Sever Error (503)"
                sErrorBody = "The server cannot process your login at this time (Error 503).\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 504 {
                print("Error: Database Write Error (504)")
                sErrorTitle = "Sever Error"
                sErrorBody = "The server cannot process your login at this time (Error 504).\r\n\r\n Error: \(error)"
                
            } else  {
                print("Unknwon Error (\(response.response?.statusCode)")
                sErrorTitle = "Unable to login"
                
                sErrorBody = "The App was unable to login. Please check your mobile and or wifi settings and try again."
                //sErrorBody = "There was an unknown error loging in (Error (\(response.response?.statusCode))\r\n\r\n Error: \(error)"
                self.resignFirstResponder()
            }

            
            self.loginActivityIndicator.stopAnimating()
            self.resignFirstResponder()
            
            // Show Loading Alert
            let alert = UIAlertController(title: "\(sErrorTitle)", message: "\(sErrorBody)", preferredStyle: .alert)
            self.present(alert, animated: true, completion: nil)
            let when = DispatchTime.now() + 5
            DispatchQueue.main.asyncAfter(deadline: when){
                alert.dismiss(animated: true, completion: nil)
            }
            
        }
}

Everything is working like a real app. If I enter valid credentials my app logs me in.

If I enter incorrect credentials I get an error.

If I stop my Node login service and try and log in I get an appropriate error message.

Simulating full or partial network request failures on different endpoints

I checked the iOS Simulator (10.0 running iOS 10.2) that comes with XCode 8.2.1 to find a way to turn off the network to the simulator and I coudl not find an option???

The iOS Simulator lacks the usual Wifi and Mobile configuration options found on iOS devices.

XCode Simulator is lacking network control features.

XCode allows me to see the network stats within my app but not adjust the network layer status.

Like all good developers I opened google and typed “Is it possible to disable the network in iOS Simulator? and found many solutions on how to disable the network in the simulator like:

Close the simulator, disconnect from the internet, start XCode and your project and simulator and then connect to the network (that way the simulator stays disconnected until the simulator reboots). – This does not work.
“Build a simple Faraday cage to block or limit the external RF signal level”.

“Create a walk-in Faraday cage with a desk inside, the Mac will be much easier to work with”.

I did not want to spend minutes disconnecting and reconnecting to the internet or build a faraday cage so I took Felix advice and downloaded an application for OSX called Little Snitch from Objective Development.

Little Snitch

Reading the Little Snitch website the software reminds me of the good old days of controlling everything before Operating System Vendors buried these features.

Snip: “Whenever an application attempts to connect to a server on the Internet, Little Snitch shows a connection alert, allowing you to decide whether to allow or deny the connection. Your decision gets stored as a rule which will automatically be applied to future, similar connection attempts from the same application.”

Time to give Little Snitch a go, $34.95 is a bargain if it works as good as it says it does.

Little Snitch

Little Snitch took 5 mins to install (low level). After it rebooted the Little Snitch Configuration program popped up.

Little Snitch – System Tray Options were available too.

Default Configuration (will take a number of minutes).

Little Snitch was now prompting me to approve many network connections for background apps. Currently as we speak MongoDB and AWS Elasticsearch servers are being hit with ransomware. I might be patient and manually approve every process wanting to use my network with Little Snitch.

I opened many apps and responded to the network access prompts when the apps tried to talk to the network.

Manually invoking an application to use the network (software update) results in an approval pop-up.

After a number of minutes reviewing app network permissions, I loaded up the Little Snitch Network Monitor. Nice.

The Network Monitor is handy for reviewing in real-time what is happening on your Network/Machine.

Note: My BitDefender is rather busy.

I have digressed, let’s see if Little Snitch can block my iOS App to assist with debugging API’s.

Blocking iOS Simulator Traffic with Little Snitch

XCode itself wanted access to the internet before I opened my project.

As soon as I started the XCode iOS Simulator I blocked all simulator related processes (I can turn it back on later).

Tip” I just found out if you move the mouse above the forever button in the dark grey area you can view more information.

I blocked the following iOS Simulator related processes from making any connection forever.

Now to start my app on the simulator from XCode and invoke a network call and see if we can block it to trigger my error pop-up. Yes, I was able to block the iOS Simulated app with Little Snitch 🙂

I received this “correct” error in my app, Excellent, now I can customize the error messages in my app.

🙂

The eagle eyes will notice that the error message above is the same as when I turned off the Node Server that handles the login. Now I need to add some XCode code in to detect “Is Wifi Network Up”,”Is Mobile Network Up”Can Access Network” and “Can Ping Server” etc. This would provide true error messages and not give the user any doubt to what the problem was.

If it was their device blocking my app they need a different message to one that reports a general data connection error or server down error.

Now how do I enable the blocked network traffic in Little Snitch?

Open the Little Snitch Configuration app.

You can easily see what processes are allowed/blocked and change the setting (double click then change the connection to/from to Allow/Deny).

Summary

As it turns out I did not need to block the other iOS processes (just my app) so in future, I will just Deny or Allow for my app (until quite).

Little Snitch from Objective Development is an awesome app and allows me to block traffic where XCode would not. As a bonus, it will secure your machine and help keep it safe.

I will update this guide when I learn more about Little Snitch.

Donate and make this blog better

Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

Firewall

How to develop software ideas

Blocking XCode iOS Simulator App traffic with the help of Little Snitch firewall

Popular

Security

Code

Tech

Wordpress

General

Firewall

Footer

Popular

Security

Code

Tech

Wordpress

General