In indie software acquisition news, Decimus software has acquired Polarian Technology. Lee Falin took a very public approach to selling his company when he announced his intent to sell on his blog last month.

The primary product being acquired is Screen Mimic, a video screen capture application. After a hiccup with a prospective buyer who didn’t work out, I’m pleased to hear that Lee found another developer to take over the reigns. The screen capture business seems to be taking off right now, and I’m sure we’ll all benefit by the healthy competition this product adds to the market.

I was honored to be interviewed by Chuck Joiner for his series of interviews with members of the Mac community. Chuck asked me to reflect on my product lineup, the company name, and my feelings about the Mac community. Nicely done, Chuck!

MacVoices #870: Daniel Jalkut Discusses Red Sweater Software

Chuck and I had a terrible time working around networking problems with Skype, while we were doing the interview. Bu thanks to Chuck’s brilliant (and laborious, I’m sure) editing job, you’d be hard pressed to tell.

Thanks a lot for the great interview, Chuck!

A couple months ago I reported on a particularly nasty, crashing bug in NSURLConnection. What was particularly nasty about it was how widespread it was. I had received dozens of crash reports, all containing the same tell-tale sign of a problem in this part of the system.

After getting tired of explaining again and again to customers that the bug was in Apple’s code and the best we could do was hope for a fix, I realized that maybe it was worth me writing up the bug and reporting it to Apple. I supposed maybe, even though this bug’s crash log shows up as fairly common in Google, nobody has bothered to report it yet. So I wrote the aforementioned blog post and reported a bug.

Since the issue only affects 10.4.11 users, I figured the chances of a fix might be slim. Apple naturally is most concerned with the latest releases of 10.5, although they continue to issue security fixes to protect users on 10.4.11. But this was just an extremely annoying crash, not a security vulnerability, as far as I knew.

After writing the blog post I started to hear from other developers that the crash logs were extremely common for them, too. One developer mentioned that he had no less than 100 separate crash reports in his logs, from users afflicted by the problem. Users reported that it affected them while using Safari, MarsEdit, essentially any application that uses Cocoa to access resources from the web.

It sucked, man! But would it ever be fixed? Well, I have to confess that my expectation for a fix went up when Apple contacted me a few weeks ago to ask me how I would like to be credited in a forthcoming security update. How interesting! I had not reported any bug recently which I thought had security implications. I immediately became hopeful that it would be have something to do with this nasty epidemic of a bug.

Today, Apple released Security Update 2008-002, whose release notes include the following note:

Description: A thread race condition exists in NSURLConnection’s cache management, which can cause a deallocated object to receive messages. Triggering this issue may lead to a denial of service, or arbitrary code execution with the privileges of Safari or another program using NSURLConnection. This update addresses the issue by removing an unsynchronized caching operation. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Daniel Jalkut of Red Sweater Software for reporting this issue.

Everything about this description sounds like the bug I reported, except that I didn’t realize it could possibly be used to exploit the security of a system. I guess this is one of those situations where it’s lucky there was as security flaw, because without it, I don’t know if it would have ever been addressed.

Now users are not only protected from this strange security vulnerability, but perhaps more significantly, protected from the repeated frustration of crashing in their network enabled applications!

The moral of the story for other developers (and users, too): always report bugs, even if they seem so widespread as to have been “surely reported.” It turns out that my frustrated effort to bring attention to this problem might have been what Apple needed in order to spot the security flaw and ultimately decide to fix it.

Many, many thanks to Apple for fixing this problem! Of course, I am putting a lot of faith in this actually meaning it’s fixed, but it sure sounds like it is. Time will tell if the “willCacheResponse” crash logs stop trickling in.

So, the day has come. Today, developers learn what the next step is on the road to developing applications for the iPhone and iPod touch.

We’re eager to find out what awaits us in the weeks and months to come. Will anybody get to develop apps, or only Apple-approved developers? Will the apps be sold independently or via iTunes? Is it really Cocoa? These are questions that we hope to have clarified today, although at the Tuesday shareholder meeting Steve did drop some heavy hints:

Jobs […] noted that the iPhone SDK would enable third parties to address the subject of iPhone blogging “if Apple does not address it.” Jobs then recommended that he learn Cocoa and write an iPhone blogger app himself.

Learn Cocoa and write an iPhone blog-editing app? I’ll get right on that!