mattmorris.org

For several months, I have been using my iPhone without a cellular plan.1 I cancelled my service last summer when I left my full-time job and began dropping monthly expenses in an effort to tighten up the household budget.

All in all, I haven’t missed the cell plan too much. I am covered by WiFi 95% of the time, and rarely miss cellular. I’m covered at home, and almost everywhere I go on a weekly basis. This includes my local grocery store, Sam’s Club, the public library, our church, and my kids’ favorite playground. I have Comcast business internet connection, so when there’s no free public WiFi to be found, I can use my credentials to hop on one of the various “xfinity” WiFi nodes around town.

I use FaceTime Audio whenever possible for calling friends and family. If I need to make or receive a “real” phone call, I use my Google Voice number with the Hangouts app. Incoming calls appear as a push notification which I swipe to jump straight into the call. And these days, asynchronous messages such as texts and email have cut way back on the amount of calls I make.

Though, there a few many downsides to this system that I must mention. I can’t ask Siri to make a call using Hangouts.app. If I’m listening to a podcast and my phone is in my pocket, I can’t answer Hangout calls using the earbud’s “clicker.” I can’t make calls directly from Contacts.app. If I have Do Not Disturb enabled, my VIP contacts can’t reach me by calling my Google Voice number. For me, this means that when my wife is working a night shift, I can’t use DND and expect to receive a call from her.

Also, the incoming call notifications in Hangouts.app don’t show the caller’s name even if I have her in my contacts. This means that I have had to begin remembering everyone’s phone number if I want to screen calls. Party like it’s 1995.

Here are a few items I’d like to see in iOS to make things a little easier to live without a cell plan:

1. Siri API for 3rd party apps. Specifically, I want to be able to say something like, “Call my wife using Google Hangouts.”
2. VIP and Do Not Disturb integration. If my wife, a VIP, calls me in a VoIP app, I would like to receive the notificaiton even if I have Do Not Disturb enabled.
3. The ability to jump from Contacts.app to any other VoIP app.

   Update: When my wife became pregnant, she convinced me to get a SIM so that I would be reachable at all times. I bought a Ting SIM, and simply keep cellular data turned off iPhone-wide. Shameless referral link. This costs only $6/month, and gives me the option of receiving an emergency call from my wife at any time.

   TL;DR: I use WiFi, even for phone calls, and carry a Ting SIM for emergency situations.

Every weekday, I work at SOCO, a fantastic coworking space. It’s a great space for working, with high ceilings, wooden floors, and great natural light. And it has a great “vibe” because it’s always full of great people working hard at what they do.

SOCO will soon be expanding to other locations, one of which is a soon-to-be restored historic building in the heart of the former S.C. State Hospital campus. Yesterday, we got a little tour of our new offices. There’s quite a bit of work to be done, but I can’t wait to see what they do with these old buildings.

Here’s the full album. I wish I had brought a “real” camera.

I wrote a simple complication for the Apple Watch that tracks gestational age, remaining time to full term, and due date. I keep a close eye on these metrics since we have yet to have a baby reach term.

The source code is available here. It uses Objective-C because, as of this writing, complications written in Swift work only in the simulator.

Shortly before moving to South Carolina last month, our unborn son was diagnosed with Tetralogy of Fallot with Pulmonary Atresia. In order to survive, he will require two open-heart surgeries shortly after birth, a number of weeks in the ICU, and then additional procedures throughout his life. Additionally, he is at risk for a chromosomal abnormality known as DiGeorge syndrome.

The situation is complicated by the fact that my wife experiences preterm labor with every pregnancy, including this one. If a baby is born early enough, she will need intensive care in a neonatal ICU in order to thrive.

Our son’s due date is September 17th, but last month my wife started having strong, regular contractions every 3 minutes. She was admitted to the local hospital and then quickly sent by ambulance to The Medical University of South Carolina, two hours away. We spent the weekend in the hospital, and thankfully they were able to stop the contractions.

We’re over the initial shock now and feel very hopeful about his outlook. And see that wavy spot on his head? That’s hair.

I’m thrilled to announce that my wife and I are expecting our third child. We’re due later this fall. 🎉

Yesterday I wrote a short privacy policy for HipstaMail. I would welcome any comments or suggestions that you may have. There’s a comment form at the bottom of the page.

I’ve been working on a mail client for iOS. Though, it’s not the kind you’re thinking of. My next app, Hipstamail, lets you write a letter and send it through the US Mail. You type the letter in a vintage typewriter font, enter payment information, tap send, and I’ll mail your letter for you.

Why on earth did I build this? Well, I have a family member that is in a particular situation. Due to her job, my sister cannot receive or send email, text messages, or phone calls. She can only receive physical letters in the mail, and can only send me a letter every month or so. Can you guess what her “job” is? 1

Anyway, I’ve been pretty horrible at remembering to write her on a regular basis. Apparently keeping envelopes and stamps in the house is too much for me to handle. So, how great would it be to to have the ability to jot off a quick message and send it to her from my iPhone?

Anyway, that’s what I have built. I have no reason to believe it will be a huge success, but who knows, maybe there’s someone else out there that might find it useful. Initially, my goal is just for the project to be cashflow positive. 2

Whenever I start a new side project, I take the opportunity to force myself to learn something new. This time, I built the backend from scratch and wrote the server application in Go and PostgreSQL. Credit cards are processed by Stripe, and letters are sent by Lob. It’s also my first time making serious use of Auto Layout.

I plan to start betas by the end of November, and release the app by the end of 2014. If you’re interesting in trying out the beta3, say hello.

In high school, I ran middle distance for the school track team. I competed in the 800m dash and the 4x800m relay. As I remember it, my training routine consisted of 1hr road runs three days a week, and interval training on the track two or three days a week.

One weekend, I got it into my head that it would be really cool to run around town. By that I mean, literally all the way around town. Early one Sunday I set out from my house and headed east toward the highway. I went up, then hooked west back toward the high school. I stopped by my friends house and chatted a while, had a drink of water, then set out to continue my run.

I continued around town, avoiding the busy streets, and passing through all the interesting neighborhoods and byroads. By the time I returned home, I was totally exhausted. I was dizzy and weak. I drank gatorade and lay flat on the floor for a long while.

The next morning, I had a bad ache in my left shin. I recognized this to be a stress fracture, which I had been diagnosed with, and recovered from, in the past.

Fast forward to the following Tuesday. Our team was competing in a large regional track meet with a dozen or so other schools. I was the anchor in the 4x800m relay. My leg still ached badly, so I tightly wrapped it in a bandage, and tried to shake off the pain with some warm-up sprints and edgy 90s alternative rock.

The race begins. Our first three runners were very good, and when the baton came to me we were in 1st or 2nd place (as best I can recall). I set out around the first lap, and easily maintained our position. Right as I began the 2nd lap, something started to feel strange. I had an odd sensation in my left leg, and heard a strange grinding noise. It sounded like my track spikes had started to break off or come loose. I assumed this was the case, and I kicked extra hard around the first turn.

Just as I left the first turn, it happened. My tibia snapped right out from under me, and I fell flat on my face. In that moment, I had such a level of adrenaline and endorphins, that I didn’t feel anything at all. I tried to stand up, but my broken leg just buckled beneath me and I fell once again.

Still confused, I began to try to stand again. Before I could, a teammate had made it to me and explained what had happened. I sat in shock as all the other runners passed me.

As I limped to my car, a parent who was sitting in the audience called out to get my attention. He said that he could hear the bone break from where he was sitting in the bleachers. Still riding the endorphin high, I drove myself to the ER and had my leg set in a cast.

Last night I saw Craig Hockenberry‘s excellent post that explains a method that an iOS app can use to capture anything you type into an in-app browser.

Almost three years ago, I reported another way to eavesdrop on users’ keystrokes in an embedded browser (radar 10447976). It’s a much more rudimentary attack than Craig’s, but nevertheless it’s a means for this information to be harvested.

Here is a dead simple sample project that illustrates the attack. There are two factors that come into play.

1. In a password field, each character is shown to the user for a brief moment.
2. Apps are allowed to do a screen-grab of their own window.

Here is a screenshot of the sample app. The twitter login page is loaded into a WebView.

As you can see, the most recent character in my password is displayed as I type. Now, combine this with a fast firing timer that continually takes screengrabs of the web view, and voilà, you have the whole password. I was able to easily capture my entire Twitter password.

Now, you still have to piece the keystrokes together out of the screenshots, so it’s not the most elegant attack, but in the end you still have the information.

When I reported this to Apple in 2011, they replied and said that they didn’t see how this is a security issue. I guess I can understand, since it’s pretty roundabout. Still, it would be nice if web views were bulletproof and completely trustworthy.

I agree with Craig that web views are great for quick and dirty views of webpages that aren’t asking for sensitive information. Be wary of entering sensitive passwords into any app, even if it’s showing you a webpage that isn’t technically phishing.

This video shows some work I did back in the iOS 6 era. It demonstrates full remote control of an unjailbroken iPhone. I used undocumented private APIs and other trickery to achieve this. Note that it even allows control of the physical buttons.

No, this was never shipped to the App Store.