Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 06 September 2010 16:14

iTunes 10's Automator issues indicate a deeper problem

By

The compatibility problems between iTunes 10 and existing Automator actions and AppleScripts for iTunes may be symptomatic of a deeper issue at Apple.


My recent article Training the key to avoiding software security flaws presented the opinion of Rocky Heckman, senior security architect at Microsoft, that training is the best approach to reducing the incidence of common programming errors that make software vulnerable to attacks.

Over the weekend, it occurred to me that functional problems are also being caused by programmers making the same old mistakes.

This thought was triggered by complaints that iTunes 10 (released late last week) breaks Apple's own Automator support as well as many third-party AppleScripts.

The problem, it turns out is not that version 10 does anything differently to its recent predecessors, but that the programmers who created the Automator actions and AppleScripts didn't know how to test for the version number of the application they were supposed to be supporting.

Well-written scripts and actions will check the version number of the host software in case someone tries to use them with an old version that doesn't include an essential feature. For example, the Add Songs to Playlist action checks that iTunes is no older than version 4.6.

The problem is that version numbers aren't actually numbers.

That seemingly contradictory statement is explained on page 2.




10 > 9 is true, but "10" > "9" is false - when comparing strings, "1" comes before "9". And version 'numbers' such as 9.2.1 aren't actually numbers as they contain two decimal places. So to correctly compare the actual version number with the minimum required, a script needs to extract the major version number ("9", in the example given) from the rest of the string, convert it into a number, and then do the comparison. Another approach is to pad single-digit strings with a leading zero (eg, "9" becomes "09", and then "10" > "09").

If an essential feature debuted in other than a major version, eg in version 9.2, the basic technique remains the same except that the second part of the number must be included in the process.

So why do I describe blindly checking version numbers as one of the same old mistakes? Because we've seen it - or at least a variation of it -before.

Back in mid 2007, Apple released the Mac OS X 10.4.10 update and a similar problem occurred, just at the other end of the version number. Some software (eg Microsoft's Silverlight installer, but I'm sure there were other examples) bodged the comparison and decided that 10.4.10 was older than 10.4.6 or whatever subversion really was required.

So how could this sort of problem be avoided? Heckman's suggestion of training would clearly help. If you've been taught how to compare version numbers reliably, you'll probably get it right.

But is this really something programmers should be worrying about? Wouldn't is make more sense to have a platform-wide function to compare version numbers that's easily accessible everywhere including AppleScript? Even then, some assumptions might be necessary (who knows what a demented programmer might decide to put in a version number string!), and that could lead to unexpected results.

Version number comparison isn't an isolated problem - please read on.




This is somewhat reminiscent of the Y2K bug. Apart from those who believed the end of the world was at hand, we all knew 2000 was going to roll around but not all programmers allowed for it. In fairness, an awful lot of code survived for a lot longer than the original developers expected, some of it dating back to a time when memory and storage were very much more expensive than they are today.

Even if Mac developers could once reasonably assume that Apple's own version numbers were amenable to simple string comparisons, that era ended in 2007. I can understand why individuals might get this wrong if they create AppleScripts essentially to meet their own requirements and later apply a little polish before releasing them to the world, but that doesn't provide an excuse for the Apple employees or contractors who are presumably responsible for the Automator actions for iTunes.

Automator and iTunes both date back to before 2007, so I am inclined to give a break to whoever originally created the actions. But this issue - along with the recently discovered '_Marshaled_pUnk' vulnerability in the QuickTime ActiveX plugin for Windows and the ongoing discovery of security-related overflow bugs in Apple's software - suggests there may be a lack of effective code reviews at Apple.

 


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments