Fun little blog entry documenting the life and death of a bug in Microsoft Word for Mac. A nice reminder of how difficult it can be to predict how your shiny new feature will interact with old code, and, more importantly, why it can take so darn long to fix an “obvious” bug. I’d love to see a similar explanation of Apple’s “can’t use capital U in firmware password” bug.

One thing this story doesn’t touch on is the importance of clear, unique error messages. If Word had actually reported “too many open files” instead of “disk full,” the problem might have been fixed a lot sooner. In one of my own favorite debugging stories, our discovery of the message “oh shit: fState != kParseError” led us directly to one line out of 16,000. It wasn’t clear, but it was at least unique.

This Mac security hole has been all over the web recently. The thing that makes it dangerous is that it’s ridiculously easy to exploit. The thing that makes it annoying is that anyone on the development team should have seen it coming a mile away, especially given the many well-publicized scripting exploits in Windows software.

How did it happen? WebCore. In an effort to produce a common HTML/HTTP library for all applications, functionality that used to be restricted to the Help tool was suddenly embedded in everything that retrieved or displayed web pages. Apple’s pervasive AppleScript support completes the circle.

Ask not what you can do with scriptable applications; ask rather what scriptable applications can do to you…

Update: The official fix is available via Software Update.

Update: You still need to turn off the Open “safe” files after downloading option in Safari, because disk: URLs still work, and mounted disk images can include auto-execute programs. Yes, there are two stupid features in the previous sentence.

"I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy. I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!"

Why, yes, Microsoft often officially releases beta software on peer-to-peer file-sharing networks. Your confusion is understandable, and no one is going to accuse you of being a software pirate. Really.

Besides, I’m pretty sure you won’t be downloading any commercial software in the future…

Update: Oh, and note the clever way the story implies that this had something to do with Intego’s “concept trojan horse” scare story. Sorry, Charlie, but we’re not that stupid. An application that doesn’t do what you think it will ain’t the same thing as an application disguised as an MP3 file.

Not only did I finally get one of the “you use illegal file sharing” extortion scam spams, it actually slipped past OS X Mail’s filters. Just the once, of course, now that I’ve told the system about it.

I’d love to know where they came up with the phony IP address they claim I’ve been using, though. I suspect it’s just boilerplate, since even if I were using a file sharing app, there’s no way they could associate it with that email address. Unless they (gasp!) really did manage to confiscate the contents of my computer. Tee hee.

Of course, there’s also a trojan attachment for infecting Windows boxes, which pretty neatly undercuts any claim that they ever got anywhere near the contents of my Macintosh…

Best part: the use of a phony Italian email address (from a machine that really is in Italy) while claiming to be associated with the FBI’s Department for “Illegal Internet Downloads”. They even supply a phone number.

Worst part: according to multiple news reports, there are quite a few people who are dumb enough (or, to be charitable, “sufficiently unsophisticated about the Internet and con artists”) to fall for this cheesy scam, and the associated “we found illegal porn on your computer” version.

more...

I’d love to supply a link to this extremely cool iPod accessory, except that the manufacturer doesn’t list it on their web site, and Apple’s online store generates nonsensical URLs that don’t share well.

Instead, imagine a white plastic brick, about the size of an O’Reilly book, that opens up into a surprisingly good mini-speaker system that doubles as a fully-functional iPod docking station. It’s quite loud for a system with only 2 watts/channel, and distortion is well-controlled at reasonable volumes. It’s compatible with older iPods and other devices through the Aux port (short cable supplied), which I’m connecting to my PowerBook for a significant sound boost.

They claim up to 24 hours of life on four AA batteries, or you can use the supplied wall-wart to run it on AC.

Just tried to install nVidia’s Linux drivers for the onboard ethernet on my new Shuttle box. After transporting them on the only available media (USB keychain drive, which I had to mount by hand as root from the command line; love that user-friendly Gnome desktop!), I was greeted with a long string of syntax errors in the make output. Of course, I’d already had to abandon the build instructions provided by nVidia, because the version of rpm in Fedora doesn’t support the command-line options they used. It also apparently doesn’t support the C compiler they used.

So, to play with Linux on my shiny new PC, I once again have to play Goldilocks with multiple distributions, until I find the one that’s just right. Fuck that; it’s not worth the headache.

Update: Okay, I gave it another try. Seems I actually could get the network driver to install with Fedora, if I ignored the default OS install options and added the kernel sources. It seems they don’t expect ordinary users to own hardware they don’t provide drivers for. Still, after going through three or four “modern” Linux installers, my new slogan is “Desktop Linux: it’s like Windows without the QA”.

If you’re going to make Linux into Windows, could you please try to match the behavior, not just the window decorations?

Love, J

[translation: I just installed RedHat Fedora, and was astonished to discover that after it popped up a little dialog asking for disc #2, it didn’t detect the presence of the correct disc and continue on its own. It sat there for twenty minutes, patiently waiting for me to click ‘Ok’ to confirm that I had, in fact, inserted disc #2.]

There are still a few games that aren’t available for the Mac or the Xbox, so I finally broke down and cobbled together a new Windows PC. Here are the parts I used:

• Shuttle SN41G2 --- This is my second Shuttle barebones box (the other runs OpenBSD), and I love them. Everything has to be arranged just so during assembly, but the layout is clean inside and out, the fan is fairly quiet, and the motherboard is chock full of first-rate features. I see no reason to buy a larger case for a home or office PC.
• AMD Athlon XP 2800+ --- The 3200+ was too pricy, and I was persuaded to go with AMD over Intel this time. I'm mostly agnostic on the processor wars.
• Kingston HyperX DDR400 DIMMs (2x 256MB) --- They recommend filling both memory slots on this motherboard for best performance, and 512MB is enough for gaming. Today.
• TDK indiDVD 440N --- reads, writes, and rewrites CD-R, CD-RW, DVD-R, DVD-RW, DVD+R, and DVD+RW, at 4x for DVDs and 16x for CDs. The software bundle seems reasonable, too.
• Hitachi Deskstar 200GB hard drive --- (don't expect that URL to work for long; ick) This looked like a decent drive, especially with the very aggressive rebate currently being offered. ATA100, but I'm building a gaming box, not a video workstation (that's what Macs are for).
• ATI Radeon 9600 XT --- I actually haven't installed this yet, because the builtin GeForce4 MX on the Shuttle is not only pretty good, it supports dual monitors. Hmmm, maybe I'll build another OpenBSD box soon...

Software is Windows XP Professional. I left an empty 4GB partition near the front of the disk in case I want to dual-boot, but like I said, it’s for games. The only real reason to install OpenBSD or Linux is to image the Windows partition for disaster recovery backups. I’ll probably start by using BitTorrent to grab the current Red Hat Fedora distribution.

Update: since a few folks have asked, I bought all this stuff at Fry’s for $1,194.83. The $100 in sales tax was offset by the $120 in mail-in rebates ($90 for the hard disk, $30 for the DVD burner).