This flaw should never have crept into the code base; it’s an elementary SQL injection attack. And once in the code base, it should have been caught by review. But it didn’t get caught, and the WordPress team sat on the fix for nearly a month before advising people to upgrade; during just over two of those weeks an exploit was widely disseminated.
If I had one wish going forward into next year, it’s this: Please, Apple, document and support the iPhoto plugin API. It’s been stable for about as long as it has existed—FlickrExport actually works back to iPhoto 2—so it’s not as if it’s experimental or unproven code that might have to be incompatibly re-implemented in the future. There’s a market for third-party plugins out there, Apple, please put it on a formal footing so that we can confidently rely on that API.
Because this year’s WWDC was largely a repeat of last year, I spent more time in the introductory AppleScript, Automator and Cocoa Scripting sessions than I normally would. I left these sessions with the impression that developing a scripting interface was a difficult and error prone exercise. The Q&A questions at the end of these sessions confirmed for me that the audience was not clear on how to proceed. Everything that was said in these presentations was technically accurate, but I came away uninspired.
Unlike with a user interface, it can be hard to fix a scripting interface because you have to worry about breaking existing scripts.
The Guardian interviews SQLite’s creator:
In a world of people obsessed by turning the tiniest idea into something profitable, Dr Richard Hipp’s best-known software stands out for two reasons—he actively disclaims copyright in it; and at a time when multi-megabyte installations are booming, he has a self-imposed limit on the size of his product: 250KB. And he’s stuck to both aims. “I think we’ve got 15 kilobytes of spare space,” he says of the headroom left in the code.
