
Dangers of NeXTSTEP Plists - ingve
http://pewpewthespells.com/blog/dangers_of_ascii_plists.html
======
ridiculous_fish
Oh wow, this is about the NeXTSTEP _format_ for plists. That's really old!
Modern plists are either XML or binary.

~~~
jevinskie
Except Apple keeps using them with Xcode. Here is the xcspec for the Swift
compiler. A language from 2014 using NeXTSTEP plist format!

I don't know why they just don't upgrade to xml or binary.

[https://gist.github.com/jevinskie/98a11023f4b561d36b26](https://gist.github.com/jevinskie/98a11023f4b561d36b26)

P.S. Xcode plugins are "fun" to write!

~~~
setpatchaddress
.xcspec predates Swift -- it's an Xcode format, not a Swift format -- but I
don't remember by how much.

~~~
jevinskie
Indeed it does! I just find it very curious that Apple hasn't bothered to
migrate .xcspecs to one of the newer plist formats. As far as I know, you lose
no capabilities with the newer format. Perhaps the NeXTSTEP format is easier
to read with a text editor? XML format isn't terrible, and Xcode itself
provides a not-bad GUI editor for all plist varieties.

EDIT: I believe that Xcode will load .xcspecs in any format. The .xcspec ends
up getting fed into a TSPropertyListDictionary class which is backed by a
plain NSDictionary. I'll test tonight. :)

------
brazzledazzle
I really wish Apple would start using something like json or yaml. I hate
plists.

~~~
ams6110
json and yaml didn't exist in the late 1980s when NEXTSTEP was developed.

~~~
donatj
It is also no longer the 1980s and hasn't been for a while now.

~~~
ams6110
Right -- it's simply legacy. Too much work to change it now for not enough
benefit.

In 20 years we'll say the same thing about json and yaml. In fact I say it
about yaml now.

------
0x0
This phrase is hard to understand:

> The NeXT/OpenStep plist format assumes that strings are written as ASCII,
> whereas Cocoa assumes strings are written in Unicode

Do they mean "UTF-16" when they say "Unicode"? ASCII is an encoding but
"unicode" is not, so I can't make sense of it.

On another note, it's fairly common that \U0000 style escapes are limited to
FFFF. Would it work to use a surrogate pair for the non-BMP character?

~~~
setpatchaddress
Yes, they mean UTF-16. I don't know if Xcode's parser actually supports
surrogate pairs in practice, but it should.

------
AceJohnny2
What is the Radar rdar:// link at the bottom?

~~~
zeckalpha
Apple's internal bug tracker is called Radar.

~~~
brazzledazzle
If you're lucky and you reported the bug first you get to find out what
happened with the Radar bug. If you weren't the first you get your support
request closed and get to hope the original person posted it on Open Radar. If
that doesn't pan out you have to actively ask for an update or read release
notes.

I like most of Apple's products but I really wish other people didn't so
they'd be compelled to fix these long running process failures (and give IT
folks a little more love).

~~~
veidr
Yeah. I stopped filing bugs with Apple years ago, except in extreme
circumstances[1][2] where the bug is fucking up my daily work, or a serious
bug that is blocking one of my apps in development.

The process is just too rude and disrespectful to the submitter to participate
in.

Apple behaves like it is Apple doing developers a favor by allowing them to
submit bugs, rather than the other way around.

[1] [http://masonmark.com/the-xcode-fairy](http://masonmark.com/the-xcode-
fairy)

[2] [http://masonmark.com/more-xcode4-fuckery/](http://masonmark.com/more-
xcode4-fuckery/)

~~~
brazzledazzle
Apple behaves like it's doing everyone a favor just by existing to be frank.
Steve Jobs knew how to get shit done even if he was an asshole about it but
that attitude he had permeated the organization. It might not be the right
word but the only way I can think to describe the way Apple treats people is
"snobbish". You can be awesome and do awesome things without being an asshole
about it.

------
alexbecker
I get a 403 page when visiting this page using my browser (Chrome), but cURL
works fine. Are they rejecting certain user agents?

~~~
kbenson
Apparently they are blocking "deep" links. In chrome, clicking in the url and
pressing enter seems to work to reset the referrer (reloading does not).

~~~
WorldMaker
Who blocks deep links into their personal blog? Do think they might need to
put up a paywall because they could suddenly become the next New York Times? I
am very confused by this.

