A couple months ago I reported on a particularly nasty, crashing bug in NSURLConnection. What was particularly nasty about it was how widespread it was. I had received dozens of crash reports, all containing the same tell-tale sign of a problem in this part of the system.

After getting tired of explaining again and again to customers that the bug was in Apple’s code and the best we could do was hope for a fix, I realized that maybe it was worth me writing up the bug and reporting it to Apple. I supposed maybe, even though this bug’s crash log shows up as fairly common in Google, nobody has bothered to report it yet. So I wrote the aforementioned blog post and reported a bug.

Since the issue only affects 10.4.11 users, I figured the chances of a fix might be slim. Apple naturally is most concerned with the latest releases of 10.5, although they continue to issue security fixes to protect users on 10.4.11. But this was just an extremely annoying crash, not a security vulnerability, as far as I knew.

After writing the blog post I started to hear from other developers that the crash logs were extremely common for them, too. One developer mentioned that he had no less than 100 separate crash reports in his logs, from users afflicted by the problem. Users reported that it affected them while using Safari, MarsEdit, essentially any application that uses Cocoa to access resources from the web.

It sucked, man! But would it ever be fixed? Well, I have to confess that my expectation for a fix went up when Apple contacted me a few weeks ago to ask me how I would like to be credited in a forthcoming security update. How interesting! I had not reported any bug recently which I thought had security implications. I immediately became hopeful that it would be have something to do with this nasty epidemic of a bug.

Today, Apple released Security Update 2008-002, whose release notes include the following note:

Description: A thread race condition exists in NSURLConnection’s cache management, which can cause a deallocated object to receive messages. Triggering this issue may lead to a denial of service, or arbitrary code execution with the privileges of Safari or another program using NSURLConnection. This update addresses the issue by removing an unsynchronized caching operation. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Daniel Jalkut of Red Sweater Software for reporting this issue.

Everything about this description sounds like the bug I reported, except that I didn’t realize it could possibly be used to exploit the security of a system. I guess this is one of those situations where it’s lucky there was as security flaw, because without it, I don’t know if it would have ever been addressed.

Now users are not only protected from this strange security vulnerability, but perhaps more significantly, protected from the repeated frustration of crashing in their network enabled applications!

The moral of the story for other developers (and users, too): always report bugs, even if they seem so widespread as to have been “surely reported.” It turns out that my frustrated effort to bring attention to this problem might have been what Apple needed in order to spot the security flaw and ultimately decide to fix it.

Many, many thanks to Apple for fixing this problem! Of course, I am putting a lot of faith in this actually meaning it’s fixed, but it sure sounds like it is. Time will tell if the “willCacheResponse” crash logs stop trickling in.

So, the day has come. Today, developers learn what the next step is on the road to developing applications for the iPhone and iPod touch.

We’re eager to find out what awaits us in the weeks and months to come. Will anybody get to develop apps, or only Apple-approved developers? Will the apps be sold independently or via iTunes? Is it really Cocoa? These are questions that we hope to have clarified today, although at the Tuesday shareholder meeting Steve did drop some heavy hints:

Jobs […] noted that the iPhone SDK would enable third parties to address the subject of iPhone blogging “if Apple does not address it.” Jobs then recommended that he learn Cocoa and write an iPhone blogger app himself.

Learn Cocoa and write an iPhone blog-editing app? I’ll get right on that!

Shawn Blanc has posted his latest interview, and I’m honored to say that it is with me! Shawn digs into the history of Red Sweater Software, my early years as a programmer, and a host of other issues, including this roundup of why MarsEdit doesn’t yet support WYSIWYG editing:

“There are a list of classic things that are wrong with WYSIWYG editors. They over-promise and under-deliver. They’re not actually that easy to use. They mess up your HTML, and often outright eliminate content. I don’t want to make any of those mistakes. That’s what makes the feature hard, and that’s the reason users haven’t seen it yet in MarsEdit.”

Shawn has a great knack for interviews. Like many web-based dialogues, the actual communication takes place via email. But unlike so many where the questions are drawn up ahead of time and then answered in one fell swoop, Shawn’s interviews take place organically, as an in-person conversation would.

The process of responding to dozens of emails back and forth takes time – over 2 weeks I think we spent. But the end result is obviously a lot more interactive, and covers a lot more territory than one would cover by attempting to guess all the questions up front.

Thanks a lot for taking the time to chat with me, Shawn.

I often explain the benefits of MarsEdit starting with a premise that editing on the desktop beats editing in a web browser. I believe this to be true even when the playing field is level, and web interfaces are operating at their best. Unfortunately, thanks to a large number of ever-changing browser environments, web interfaces frequently don’t operate at their best. This is part of the nature of that beast. Often, web-based editors provide more frustration than convenience.

Recently there has been an increase of new MarsEdit buyers who cite as their motivation a frustration with the WordPress web editor. I respect and admire the WordPress team. In fact, their web interface is among the best out there. But even in the best of circumstances, it’s hard to compete with the usability of a desktop app. And when something goes bad, it becomes downright impossible.

Currently the situation is especially bad for people who use WordPress with Safari. For whatever reason these two pieces of software have fallen slightly out of accord. It’s common to hear tales of people who use Safari for “everything but WordPress.” In short, WordPress has a reputation for messing up or even eliminating parts of your post when using the web-based editor in Safari. I know, because I see the comments of my customers and would-be customers on the web. There is a chorus of confirmation for this problem.

I look forward to WordPress and Safari ironing out their differences. I don’t relish earning customers purely out of frustration with the competition. I prefer to attract customers by exceeding baseline functionality than by my competitors failing to meet it. But if you’re tired of doing battle with the WordPress editor in Safari, or any other browser for that matter, it’s a good time to remember that MarsEdit is here for you.

I welcome those users who arrive out of desperation, and am hopeful they will find much more than baseline functionality to be delighted with in MarsEdit.

Update: Lloyd Budd, who is the quality lead for WordPress, has coincidentally written today on the very subject of Safari and WordPress. He predicts that major improvements are in store with WordPress 2.5:

“With Safari 3 and WordPress 2.5 you should finally have a great experience if Safari is your preferred browser.”

This is great news for everybody. I think your experience will be greater still in MarsEdit, but happy WordPress customers are great for the blogging industry in general.

Update 2: For some reason this post ended up with comments disabled. I don’t know yet if it’s a bug in MarsEdit, WordPress, or the author. I have enabled them, now. I welcome your opinions!