It turns out that printf in the XNU kernel (see osfmk/kern/printf.c) does not implement all the normal conversion specifiers. Specifically, I assumed “%f” for doubles would work. As if kernel programming was not hard enough already.
I removed Dash and will likely avoid apps written by Bogdan Popescu until I feel I can trust him again. I relied on Dash for quickly accessing documentation from multiple projects, all within an ubiquitous, unified, and polished interface. Sadly, I no longer trust the app or its developer and will seek alternative solutions for accessing documentation.
On October 5, Apple removed Dash from the App Store for fraudulent activity. I could not understand why a popular app would be be involved with fraudulent reviews. Even after some of the oddities were explained in a statement by Bogdan, I feel like we lack details that would allow me to trust him.
The tipping point for me in my decision to not trust Dash is that the app is not sandboxed. Although the App Sandbox would hamper Dash in some ways, I would feel much better knowing that Dash could not access my personal private information without my explicit permission. While I do not believe Bogdan is a bad actor, even if my belief was wrong the App Sandbox would limit the damage such a bad actor could inflict.
I want to believe that Bogdan has only the best intentions. Applying correct App Sandbox entitlements to Dash would restore my trust in the app and its developer.