Don’t Trust argv[0]
Alastair Houghton describes an OS X security hole that makes the authentication dialog lie about which program was asking for authorization.
Alastair Houghton describes an OS X security hole that makes the authentication dialog lie about which program was asking for authorization.
Maybe it’s just my imagination, but I think the font smoothing looks a bit better in 10.4.7. I use the Strong style, and the letters look a bit darker and less colored to me.
I’ve been using Suite Modeler for about four years now. It helped me learn Cocoa scripting and saved me a lot of time, but frankly it was also maddening to use: the user interface remained rough, and it would crash and then not re-launch properly because it was out of sync with its daemon. Every once in a while there’d be bug fixes, but registered users weren’t told about them, and they often weren’t posted on Version Tracker. Daniel Jalkut reports that Suite Modeler 3.0 is out. It’s now universal and free, but I’m not sure what else is new—most of the documentation still refers to version 2.x.
I’ve been wanting to transition to the newer sdef format, so I’ve been using Sdef Editor recently. The recently released version 1.3.2 is universal, and it fixes a crashing bug that was plaguing me. Overall, it works well, and the sdef format is clearly the future.
Sofa Control lets you control other applications besides Front Row using an Apple Remote. For example, you can page through a PDF (and adjust the zoom level) in Preview. It’s extensible via AppleScript.
I don’t have any statistics how common IO errors are versus total drive failures, but it’s clear that a single simple IO error could put most users into a jam they couldn’t get out of. As a user, I feel like there should be a high-level handling of this failure scenario. However, as a developer I’m unsure about the best course of action. Zero-filling was the right solution for this case, but certainly isn’t in many other cases, and it’s nontrivial for the software to make the decision for the user.
More from Alastair Houghton.
I agree with Bill Bumgarner that VisualHub, which converts to and from most video formats, is a nice product. It’s easy to use and works, and that alone is plenty to set it apart from other software in its genre. (I did encounter a minor problem where it used a lower bitrate than necessary when converting files to DVD. Tyler, the developer, replied almost immediately and said he’d look into it.) The Xgrid support is cool, and it makes me wish my software had a need for that technology. Plus, the documentation is fun, useful, and concise. I wish it were built into the application package; I want to be able to access it easily and not have to keep a stray PDF lying around.
Damien Bobillot documents his reverse engineering of Xcode’s specification files, build system, and plug-in interface (via Jonathan Rentzsch).
Joshua Bloch, whose departure can’t have been good for Sun, reports that most divide-and-conquer algorithms—including the binary search in Jon Bentley’s excellent Programming Pearls—are broken because of integer overflow bugs (via Tim Bray):
We programmers need all the help we can get, and we should never assume otherwise. Careful design is great. Testing is great. Formal methods are great. Code reviews are great. Static analysis is great. But none of these things alone are sufficient to eliminate bugs: They will always be with us. A bug can exist for half a century despite our best efforts to exterminate it. We must program carefully, defensively, and remain ever vigilant.
Good advice, but since all of the above failed in some of the simplest and most widely distributed code ever written, what hope do we have? Well, when static analysis is useless and humans can’t be trusted, it sounds like a job for the language. As the example illustrates, Java already does this with array bounds checking, and plenty of languages (even some compiled ones) automatically promote integers to avoid overflow problems.
Contra Scot Hacker, I was reminded today that I do need a modem. My Verizon DSL connection died. After calling their support line and waiting while the friendly automated voice explained that I’d get a quicker answer from their Web site, I was told that they weren’t aware of any problems in my area and that I should call back later. My new iMac doesn’t have an internal modem, and I didn’t buy the USB one because I thought (incorrectly, it turns out) that my AirPort Extreme base station had one. Fortunately, my PowerBook does have a modem, and after a few clicks in System Preferences it was sharing its connection with the LAN. I used to think that IPNetRouter was pretty cool, but OS X’s built-in Internet sharing is just impossibly easy to use.
The June issue of ATPM is out: