Deploying C++/Qt/Objective-C based software which runs modern OpenSSL/TLS on old OSX machines — Pre OSX 10.6

Integration of TLS/SSL on old hardware can be challenging. You open up the machine and open up chrome and low and behold nothing works. You try to download chrome and are blocked. You try to do just about anything on the machine and basically you are locked down due to the fact that the SSL support is too outdated and modern web servers are rejecting any in-secure connections. Well what if you needed to build software that could run on a machine from about 13 years ago, and do modern SSL without an OS upgrade.

Qt 4.5 does not work well with modern TLS 1.2

If you remember OSX circa 2010, you’ll remember Apple moving over to ARC based Objective-C. So on top of the SSL issues you have to work with pre-arc objective-C and build an app. Well, I decided – rather than go down to the Xcode 3 level Ill just use something like QT. That way, all of the code and memory management are handled by Qt – no problem. App was built in Qt. However, due to issues with SSL – I could not get Qt building a binary which used the modern openssl libraries.

No matter what I tried. Even recompiling Qt with OpenSSL 1.02. Comes down to the fact that out-of-the-box Qt has a library called QtNetwork which is tied down to a specific openssl version and it uses whats installed on the machine. Well – I cant do any changes to the underlying operating system so getting an openssl binary installed is out of the question.

After hours of pondering for a solution, repackaging the openssl libs, using install_name_tool I found that nothing worked.

Breaking out Xcode 3 – Replacing QtNetwork Rest client with ASIHTTPRequest :

Decided to instead of using Qt’s networking package, Ill integrate in an old favorite package of mine. ASIHTTPRequest objective-c. Been around since the stone age. And lo and behold, with CFNetwork and openssl packaged I found I could deploy the qt binary and it would do TLS 1.2!

Solution: Create a Hybrid QT based C++ Rest Client which wraps the ASIHTTPRequest Objective-C implementation:

#import <Cocoa/Cocoa.h>
#include "ASIHttpClient.h"
@interface ASIHttpOSXRestHandler()
#if QT_VERSION < 0x050000
ASIHttpClient *_cppclass;
@implementation ASIHttpOSXRestHandler
- (void) buildRequest:(NSString *) url content:(NSString *) content type:(NSString *) type
    NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
    NSURL *url_endpoint = [NSURL URLWithString:url];
    ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url_endpoint] ;
    [request setRequestMethod:type];
    if( [type isEqualToString:@"POST"]){
        [request appendPostData:[content dataUsingEncoding:NSUTF8StringEncoding]];
    [request setDelegate:self];
    [request startAsynchronous];
    [url release];
    [content release];
    [type release];
    [pool release];

You can see that this is very simple. But Im using autorelease pool because objective-c leaks like crazy.

Essentially Im now mixing C++ code with QT and calling objective-c code for the Rest portion.

// Add an obj-c category (extension) to return the expected bundle identifier
@implementation NSBundle(returnCorrectIdentifier)
- (NSString *)__bundleIdentifier
    if (self == [NSBundle mainBundle]) {
        return @"";
    } else {
        return [self __bundleIdentifier];
ASIHttpOSXRestHandler *request = [[ASIHttpOSXRestHandler alloc] init];
void ASIHttpClient::buildRequest(QString destination, QString json_content, QString method_type) {
    this->destination_URL = destination;
    [request setParent:this];
    [request buildRequest:[[NSString alloc] initWithUTF8String:destination.toUtf8().data()]
      content:[[NSString alloc] initWithUTF8String:json_content.toUtf8().data()]
      type:[[NSString alloc] initWithUTF8String:method_type.toUtf8().data()]];

And with that. Your Qt 4.5 app can now use modern TLS 1.2 on an outdated machine. Atleast for OSX.

Next hurdle C++11, C++14 ?

There are many aspects of Qt 5 that I would just LOVE to use. Id even love to use C++11, C++14.
Well. Essentially we are in a certain era where you just cant use C++11.

Another fun tidbit:

Mainline libstdc++ has switched to GPL3, a license which the developers of libc++ cannot use. libstdc++ 4.2 (the last GPL2 version) could be independently extended to support C++11, but this would be a fork of the codebase (which is often seen as worse for a project than starting a new independent one). Another problem with libstdc++ is that it is tightly integrated with G++ development, tending to be tied fairly closely to the matching version of G++.

So all those fancy C++11 lambdas and things I just love? Yea – you cant use it.

        socket, static_cast<void ( QTcpSocket::* )( QAbstractSocket::SocketError )>( &QAbstractSocket::error ),
        [socket]( QAbstractSocket::SocketError ) {
            qDebug() << "ERROR " << socket->errorString();

Not gonna work!

And modern QT 5 requires C++11. So. New development going forward. I had to swap out entire implementations based on the version of QT and the compiler. LLVM has had major advances in its dependencies.

Here’s another one. Look at the steps to install: Getting libc++, C++11, and C++14 on Leopard and Snow Leopard

Moral of the Story: SSL/TLS is a moving target.

Around 2010 there were MAJOR changes to OSX, Objective-C and LLVM which makes getting a modern SSL version compiled even that much harder.

A small history lesson on some of the reasoning.

The history of Objective-C in GCC is somewhat complicated. Originally, NeXT was forced to release the original Objective-C front end in order to comply with the GPL. This code was not quite compatible with the GNU runtime and so it was modified. NeXT did not adopt these modifications and so each release of GCC by NeXT, and then Apple, contained changes that needed back-porting to the main branch of GCC.

For a long time, GCC was the only compiler that worked with GNUstep. Unfortunately, the GCC team has not invested much effort in Objective-C in the last few years and it currently lags behind Apple’s version by a significant amount.

As of version 4.3, the Free Software Foundation changed the license of GCC to version 3 of the GNU General Public License. This means that future versions will not be shipped by Apple. OS X 10.6 ships with three compilers:

Apple’s fork of GCC 4.2.1
The latter two use the Low Level Virtual Machine for code generation. This is a BSD-licensed compiler infrastructure used by several other projects. LLVM-GCC is a hybrid, using Apple’s version of GCC for parsing and LLVM for optimisation and native code generation. Clang is a new front end for LLVM.

Currently, LLVM-GCC is based on Apple’s GCC and so does not support the GNU runtime. There is an effort underway to rewrite LLVM-GCC as a plugin for GCC 4.5, at which point it should support as much Objective-C as GCC currently does.

Sometimes, instead of going for a pure cross platform solution, you need to go native.


Google’s love/hate relationship with JS and love of flutter

I for one think it’s absolutely hilarious how google devs despise js as an enterprise development tool. But can’t stand to develop in it. I remember when angular1 came out. And thought to my self “Wow google actually made a library in pure js?” and recommends you to develop in js – impressive. Some years back I worked in a project called GWT – you may have heard of it. It compiles Java down into JS and provides a somewhat awesome way to dev apps – outside of compile times and crappy looking widgets.

Anyway – So when angular1 came out I was like “Whoa awesome – pure js”. Used it for a project to build a fully functional phone with WebRTC and flash. Worked great – I really enjoyed the thoroughness that google put into it. But I couldnt get over the fact – having done a prior project in GWT/GXT that google was just laying it all out and doing a pure js library. I mean “I thought google despised js as a pure dev language.”

Now, years later – Google releases angular 2 through 5 – “AHHHHH Im right – they ditched js in favor of TypeScript” haha. Now we’re using TypeScript. So I guess I was right. Google cant stand js.

So now – I see flutter and Im like – wow, that’s pretty cool – FINALLY a competitor to react-native. But wait there’s more! Google revamped the dart language and basically said screw js – lets use Dart! Honestly Im kind of excited about flutter as it uses a REAL language to build mobile apps. Although I think they should have used Groovy but that’s fine. We got a REAL language.

Google’s UI development frameworks (that could have been done in js but google said f’ that):

  • GWT version 1.0 RC 1 was released on May 16, 2006 (Java)
  • Angular JS 1.0 release October 20, 2010 (JS – But not for long!) 
  • Angular 2 May 2016 (Typescript preferential treatment – (remove JS from title))
  • Flutter May 2017 (Dart Lang) 

Point here is. Google doesnt want to build enterprise applications with JS. And I kind of agree with them here. React-Native comes out using JS some years back. Google could have been like “Oh yea, lets destroy that with our own js library to take out react-native”. Instead they implement something completely different using the Dart Lang. Interesting. Lets see if it gains traction. The Dart lang has gotten NO love from the community. Lets hope in time that google can bring a viable competitor to react-native for the pour developer souls that do not want to write everything in js.

Here’s some Flutter Code:

import 'package:flutter/foundation.dart';
import 'package:flutter/material.dart';
class AnimatedListSample extends StatefulWidget {
  _AnimatedListSampleState createState() =&gt; new _AnimatedListSampleState();
class _AnimatedListSampleState extends State {
  final GlobalKey _listKey = new GlobalKey();
  ListModel _list;
  int _selectedItem;
  int _nextItem; // The next item inserted when the user presses the '+' button.
  void initState() {
    _list = new ListModel(
      listKey: _listKey,
      initialItems: [0, 1, 2],
      removedItemBuilder: _buildRemovedItem,
    _nextItem = 3;

Anyway – pretty cool eh? I think its got potential.

Note to Dart Team: Make an actual layout language and ide! Xcode using Storyboard’s did it right. Building components inline in the code is not abstracting the design enough. The design should be separate. Layout and code not a good mix. Designers need jobs too!


Why cant Microsoft/Google and Apple agree on one open source Javascript converter tool?

For some reason, companies like Microsoft, Google do not seriously believe javascript is a great programming language. I have constantly been working in javascript and see the pros and cons. I see that because of it’s amazingly dynamic nature you can do almost anything. However, because of this dynamic nature it makes it prone to errors almost immediately.

Most recently Microsoft unveiled it’s new language called Typescript, which converts an object oriented scripting language with Interfaces, Classes, constructors into javascript. Now look at Google Dart which by the way is in full swing and it does nearly the same thing except with an actual VM. Some people thought it died, but they are working on a milestone 1 release.

So the big question is, which one is going to DIE first??? Or is Apple going to come up with their own intermediary language and pose another type of intermediary language that converts to JS.

Ahh, I miss the days of Flash being King. Where you had one tool to do amazing stuff and never needed to worry about browser dependencies.

I was knee deep into an HTML5/CSS3 book about 8 months ago and the opening introduction said “We need to infer to our clients that the project will not look the same on multiple browsers.” Wow, seriously? It’s because of this problem and competing vendors that we have this issue. Why cant vendors just work together one on project and support it? There is very little money in open source tools. Wouldn’t it be nice if Mozilla, Microsoft and Apple all supported Dart?

The brilliant choices of Steve Jobs, Adobe, multi-talented developers now force us to use Javascript – ECMAScript 1.0?

Anyone who has done RIA development, back-end development and worked with a myriad of languages that include strong typing and compile time checking knows that Adobe’s announcement of the non-existence of a mobile flash player has set the entire flash development community backwards into a realm of using javascript and shitty compilation standards. HTML5 is cool, but for real – it comes down to javascript.

Don’t get me wrong I love javascript, for little things here and there and working on a page. But a usual flash application can be up to a 100,000 lines of front-end code.

I sought out to prove to myself that javascript could be a force to be reckoned with so I set myself up with Aptana again and downloaded all of the latest libraries, jquery, mootools etc. I then decided to create classes using mootools. To my dismay creating a class is at run time only so guess what:

1. If using new frameworks to create classes instead of the usual prototype BS, you will thoroughly disappointed that you will have no compile time checking.

2. Thus if you have an error in your class you will never know until you run the app.

3. console.log doesnt work in IE 8.

Thus from my deduction the only logical approach to this is the fact that you must use prototype to create your classes and not rely on strong typing.

Even then, if you use prototype to create a class AND then use another class within that class all compile time checking goes out the window.

This slows development time down tremendously and is the primary reason I think developers like Google are going with alternate solutions like Dart.

I really think Adobe should have waited for the announcement. I think Adobe should have made the announcement WHEN they had a solution. It makes developers now flounder as a whole. You dont announce the big issue when you have no alternative.

So I hope adobe builds in something into dreamweaver or eclipse that does INCREDIBLE javascript parsing. The dreamweaver parsing in 5.5 is ok, but come on. Can we get LIVE compile time checking with JS? If you are making this the alternative to flash development.

Can you get the error detection as awesome as flex builder?

The amount of millions of dollars wasted in no compile time checking is at stake here and I think that managers need to know the alternatives to development.


Seriously, rather than come to any standard about proper web development in a language they drop the ECMAScript 4 specification which is something that could help make javascript more readable and strong typing – lots of things. Companies like Microsoft and Yahoo say its too complex.

Seriously, who thinks javascript is amazing at Microsoft? Can they see the issues here?

It appears javascript is more about shorthand than it is about writing clean, documented code:

Just look at this article about js 1.8 whereby instead of implementing ECMAScript 4 enhancements that include packages, namespaces, classes. They implement CLOSURES – shorthand code for methods that make code a lot more unreadable.

I think it’s a backwards move and I think Google sees this too which is why Google Dart is being developed.

Adobe’s Mobile Development Initiative

I would like to get feedback from developers from using Adobe’s Mobile Development toolset, particularly in flex sdk 4.5.

Can some developers provide some pros and cons in using it? Speed of performance, android phones, tablets. Also, Ive tried some apps on an Iphone 3GS and found them really slow.

How is the speed now? What can and cant be done?

Undocumented APIs – Mobile Development on Flash Platform – CS 5.5

So now all of us awesome developers who have been developing and programming for the adobe flash platform for years now have an opportunity to write some awesome apps for mobile platforms.

The big question that we as developers have and need answered are – what are the drawbacks of developing with Adobe’s tools as opposed to developing with something like the android SDK or the Iphone SDK. What challenges and problems are we going to encounter.

My questions for adobe:

    1. What is the roadmap and to-dos on the Air Mobile SDK

    2. Native controls – how do you access these using the Air Mobile SDK

    3. How do you program in 3D for IOS/Android using native GL graphics calls. Is this possible?

    4. Is there some way to leverage advanced APIs for IOS and Android

    5. Can you actually use APIS on the IOS platform via a “hack” or some way… what if a company invests millions of dollars and the adobe tools are selected as the platform of choice and we need to do an advanced task that is not in the AS3 Air Mobile SDK? What do we do?

I think that a lot of developers have these questions and it would be good to get some light on this before talking to the higher ups on the pros and cons.

Thanks =)

RobotLegs < Pure MVC - My rant

So, Im always digging into new frameworks and trying to understand the philosophies behind why developers chose to make new frameworks to help others.

After falling in love with the new [Inject] metatag and thinking it’s the coolest thing since Java has been doing this for years anyway with Annotations, I thought this framework must be rad =)

So after hours of looking at the documentation, the one thing I found out and is the bane of all robot legs development is CLASS NAMING. Lord have mercy, there is a base class called “Actor” – THATS THE NAME OF THE CLASS. Ok, so after reading GoF and all these development books over the years the one thing that java/flex/flash developers have a huge problem is is correctly conveying the names of classes. Conceptually representing something. With that said “ACTOR” is the worst name for a class ever – I mean, it communicates absolutely nothing! The concept is so ambiguous and it hurts just thinking about it. And it’s used EVERYWHERE. PureMVC atleast names the classes by common design patterns so it’s clear to everyone using it if you’ve studied these patterns.

Lord have mercy – can we just get a pure mvc framework with an [Inject] meta tag? Ill be happy then =)

Inline Webkit Renderer for Flash Player 11

Something that I think should be done for the flash player, now that HTML 5 is gaining ground, is an inline HTML renderer that should be packaged as part of the download. Potentially it could be an optional download. I mean the core code base is already a part of the AIR packager. How hard would it be to make an external RSL that gets cached or make it part of the flash player 11 installation with a checkbox to download this in addition.

If there is an update to the web kit renderer, it then flags this in the flashplayer download manager… Just a thought to make flash player 11 completely blow away. We’ve got 3d support, but how about a little HTML 5 renderer as part of the flash player?

AGAL (Adobe Graphics Assembly Language) conversion to HLSL

So, the new flash player is out. And the one thing Im thinking is – AWESOME. So, I’ve been looking at the API docs and the program code and all that looks hot. Stencil Buffer, Depth Buffer, Vertex Buffer – they basically made it almost identical to NVidia’s C++ CG, CGFX. However I did not see profiles, but Im sure this is going to be a smart solution done.

So the wheels are turning and Im only thinking to myself, If Adobe, NVidia, and Microsoft can get together to develop some kind of HLSL (High Level Shader Language) that all three can use – a simple wrapper – MAN we’re going to be in heaven as 3d developers. Then, the shaders for say your favorite PC game can be loaded directly into a flash game, and the same shaders can apply to the model. Because you’ll be using a PC for all types of development.

The only issue this poses is when you export to mobile – a lot of the same shaders will have to be dummied down – so adobe will need to come up with some kind of profile mechanism – similar to how CGFX does it where it loads back up shaders if the hardware cannot support the shader.

Are you excited about this? I think this is going to kick ass!!!