Slashdot Mirror

catch(...) {
messagebox("an unexpected error occurred"); // this is where the unexpected errors are handled
}

And:

default: messagebox("unexpected error");

That's the problem. The correct code should be:

default: messagebox("unexpected error: %s", strerror(ERRNO));

Or better:

default: messagebox("unexpected error: %s: %s", relevantFileName, strerror(ERRNO));

But even just:

default: messagebox("unexpected error (%d)", ERRNO);

is better then nothing.

(or the equivalent code using something like E.ErrorDescription(), etcetera)

I ranted on this way back in the '90s when Windows dial-up networking was still relevant in "The Case for Stupid Software"...

Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.

They used to, but they seemed to have decided to fire everyone competent at security when they released Safari.

A letter I wrote in May 2004.

And on their first response to this problem.

A year later.

Oh, just browse my I/O page are about this.

Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.

They used to, but they seemed to have decided to fire everyone competent at security when they released Safari.

A letter I wrote in May 2004.

And on their first response to this problem.

A year later.

Oh, just browse my I/O page are about this.

Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.

They used to, but they seemed to have decided to fire everyone competent at security when they released Safari.

A letter I wrote in May 2004.

And on their first response to this problem.

A year later.

Oh, just browse my I/O page are about this.

Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.

They used to, but they seemed to have decided to fire everyone competent at security when they released Safari.

A letter I wrote in May 2004.

And on their first response to this problem.

A year later.

Oh, just browse my I/O page are about this.

Ah, a classic hack... variations of this date back to the '70s. I wrote one around 1980, and I'm sure I wasn't the first. A few years back I was googling around and came across it:

rot.

This is a fixed version. There was one bug in the original... the timer to slow the update down didn't work, but since a high speed display back then was 9600 baud I'd never noticed.

If you're going to boycott DRM, boycott DVDs and Blu-Ray, they have much stronger and more objectionable DRM than Fairplay. Apple's DRM is good for consumers because Apple's DRM keeps the whole issue of DRM in people's faces. If they weren't there we'd all be using compatible Windows Media format DRM for our music right now, and nobody would care even as much as the don't care already.

From this article I wrote in 2004...

http://scarydevil.com/~peter/io/3dworld.html

My experience matches yours, quite closely.

When the MacBook Pros were released these values were wrong. The fans would not kick in early enough and the machine would become unstable. Tweaking them a bit made the machine a bit louder and shortened the battery life slightly, but stopped it crashing (the CPU was fine, but the memory chips got too hot). A subsequent update fixed the problem and I don't have the fan control or temperature monitor utilities installed anymore.

You must have a more recent Macbook Pro than me. I have to remove the battery to keep it from overheating with more than about 50% total CPU use (100% of one core or 50% of both cores) even with fan control utilities.

See this temperature graph.

"Proctonomics"... There is nothing about the sound of that I don't like.

You got it, added to my vocabulary.

"In-world creation of content" == "In world _ONLY_"

There doesn't seem to be a middle ground. It's either in-world and interactive, or (as in things like There and Activeworlds and... well, everything but SL) external and batch.

That's a big advantage SL has: an interactive environment is a much more productive one. It's like Smalltalk or Lisp or Forth or APL versus punched cards and COBOL, or Fortran. Or Enterprise Java Beans.

It's almost unheard of that a programming language comes along that some crazy person doesn't swear by and decide to write everything they do in it.

Tiny languages in real time control systems are often much more limited than LSL, and many of the limitations in LSL are typical of the real-time control environment. Trust me, even total maniacs don't expect to use these languages outside the real-time environment. One real time control language I implemented a compiler and interpreter for didn't even have loops, the only non-sequential control structure was retriggering events. I've dealt with real-time systems programmed using relay-ladder logic ONLY.

Google has _no_ content creation now? Is that really that much of a step down from what Second Life supports?

Infinitely less.

These are as annoying as those stupid "I AM" ads that Lotus used to run. Remember them? They had guys holding up "I AM" signs like this to try and convince you that Lotus R5 was the bridge everyone else was jumping off.

Who the hell actually liked Lotus R5? Anyone? Anyone?

Who in the hell actually likes Windows? I mean, enough to identify themselves with it?

"Hi I'm a PC, and I'm really defensive about it..."

Imagine if Netscape won the browser wars and you installed Windows Media Player which later on, in the middle of then night, downloaded and installed IE for you.

Except that iTunes didn't "in the middle of the night, download and install Safari".

However Microsoft did force IE into Windows, using techniques that created many inherent security flaws that we are still battling 11 years later, this being one of them.

Apple can do anything, and few will complain.

When Apple fucks up, I'll be the first to complain. See An Open Letter to Apple (2004) and six subsequent articles pointing out that 'open "Safe" files after downloading' is a daft idea. It took them three years to figure that one out, and by the way if you are using Safari on OSX OR Windows, make sure that option is turned OFF.

THAT is a security vulnerability that Apple is responsible for.

IE executing files on the desktop if they happen to have the "right" name is all Microsoft's baby.

It's amazing what you can run on these things.

KDE opens a dialog and asks you if you want the CD to be mounted

OK, I missed this, I read this as "KDE opens a dialog and asks you if you want the CD to be executed" or something like that, because my new day job involves writing software for Linux, so I've occasionally got to test software on a variety of Linux boxes and we have a rack of test boxes running a set of bog standard Linux installs (they wouldn't be much good as test boxes if they'd been customized) and when you stick a CD containing a shell script called "/autorun" in many of these boxes, it pops up a dialog asking if it should *execute* that file.

Yes, really.

I think this happens on Gnome-based boxes rather than KDE, but it regularly happens.

There's actually a spec for this kind of craziness: Desktop Application Autostart Specification... look under "Autostart Of Applications After Mount".

Here's what I wrote in 2006 when I first read about the spec: Linux is not Windows.

Combined with the behavior you're describing this is doubly stupid, because someone used to KDE would be likely to reflexively hit that "please infect my computer" button before noticing that it's not asking to mount the CD.

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

The problem was named back in the day when that was what pretty much all the dialogues boxes read. It is still used to describe the problem today, even though the button names have changed. The problem is operant conditioning users to reflexively click a given option.

It's more complex than that. People aren't pigeons and even pigeons have proven more complex than Skinner thought. It's not a matter of training users to click a specific option. Users will still automatically approve these dialogs even when presented with a new dialog they haven't seen before, with labels that are unique to that dialog. It doesn't matter what the dialog says, or if the butons move around, as long as it's possible to interpret one of the options as "let me get my damn work done" and one as "if I click this I'll have to go back to square one".

The criteria upon which these need to be evaluated from a usability and security perspective is if they cause more or less accidental execution of malware.

I think you meant to write "prevent", but since these dialogs do in fact, over the long run, cause more accidental execution of malware than redesigning the system to make them unnecessary, and once users are accustomed to being presented with "shall I do something stupid now?" dialogs they provide very little protection indeed. Not automatically opening untrusted files was a good start to fixing the underlying problem, and not dropping downloads in a folder that's full of files the user has reason to trust is the logical next step. ...sandboxes...

If the sandboxes have holes, the malware will be written to use those holes. If the sandboxes do not have holes they will be too restrictive for most any application. A sandbox strong enough to keep malware out has to, at the very least, unconditionally prevent the sandboxed application from reading or writing any file outside the sandbox, from opening any network connections except back to the server they were fetched from (the original Java sandbox design had a flaw here, because it was based on the IP address rather than the URL and would have allowed Java applets to carte-blanche attach servers through proxy firewalls... I identified this and mentioned it on the Firewalls mailing list, and as a result that was fixed), and basically being able to save ANY long term state other than cookies local only to the URL they were fetched from, or interact with ANY components on the local machine. Weaker sandboxes have been tried and have universally been found too leaky.

THAT kind of sandbox is too strict for general use with arbitrary applications.

Safari does have a download manager. It pops up whenever you start downloading a file and lets you cancel it and/or open a finder window showing it.

I know I qualified the phrase "a download manager" further than that.

This has nothing to do with the problem we're discussing and does not seem to have influenced the design to use confirmation dialogue boxes.

The first confirmation dialog boxes of this type were added (to Safari) in Security Update 2004-06-07 specifically to deal with this problem.

I posted about this in June 2004, when it happened.

Apple finally fixed the underlying problem in 2007. That's not bad, 3 years of security dialogs instead of security. Microsoft's been trying to use security dialogs instead of security for over a decade now.

You assert that they are stupid and decrease security, but you've offered no evidence.

From 1997 though 2003 I banned Internet Explorer from our site, because of Internet Explorer's leaky sandbox. The primary "protection" for this leaky sandbox was the stupid confirmation dialog. In that time a few people used IE instead of Netscape, for various reasons. In that time I had absolutely no cases of the same user going through the process of downloading an infected object to their desktop, and then running it, m

Nvidia's chief scientist, David Kirk, is really down on raytracing and particularly on dedicated raytracing hardware.

http://scarydevil.com/~peter/io/raytracing-vs-rasterization.html

However... Dr Philipp Slusallek, who demonstrated how even a really slow FPGA implementation of raytracing hardware could kick general purpose processors (whether CPU or GPGPU) butts in 2005, has been working as a "Visiting Professor" at nVidia since October 2007.

They're still playing their cards close to their chest.

The raw images often have quite a different color than the released images. NASA typically colors their images to match the calculated color of the martian surface, based on other sensor data than just the camera.

I wrote an article about this in 2004: http://scarydevil.com/~peter/io/vision.html

Certainly not so long as David Kirk is in charge.

Kirk vs Slusallek

I recently put a couple of my own projects that I've been hosting for years and years on Sourceforge. It's all still available at http://scarydevil.com/~peter/sw/ but I've moved the latest snapshots into CVS at Sourceforge.

http://plugdaemon.sourceforge.net/
http://amberlist.sourceforge.net/

I've also spent an awful lot of time lately on Speedtables.

http://speedtables.sourceforge.net/

"I'll be interested in discussing a bigger question, though: 'When will hardware graphics pipelines become sufficiently programmable to efficiently implement ray tracing and other global illumination techniques?'. I believe that the answer is now, and more so from now on! As GPUs become increasingly programmable, the variety of algorithms that can be mapped onto the computing substrate of a GPU becomes ever broader.

As part of this quest, I routinely ask artists and programmers at movie and special effects studios what features and flexibility they will need to do their rendering on GPUs, and they say that they could never render on hardware! What do they use now: crayons? Actually, they use hardware now, in the form of programmable general-purpose CPUs. I believe that the future convergence of realistic and real-time rendering lies in highly programmable special-purpose GPUs."

what you call an illusion of trust i would relabel as an honest attempt at trust.

Whether they are honest or not (and you know, I hope, they aren't always honest) doesn't change the fact that the result is an illusion. I've blogged about that before... the chain from the witnesses and primary sources to the front page is often a game of telephone. The difference is that when it happens on a blog you get to see the whole thing, and can go back to find where the fellow turned "The Bugblatter Beast makes a good meal of visiting tourists" into "The Bugblatter Beast makes a good meal for visiting tourists".

Whether they're honest or not, their biases inform their idea of what impartiality means. A reporter on Fox News and a reporter at Pacifica Radio may both think they're being impartial, but they're not.

And, again, they're NOT always honest. And, again, whether they are or not... the result is the same. You shouldn't trust what you read in the newspapers any more than you should trust what you read on the Internet. The difference is that on the Internet you CAN get more of the information you need to inform your own best attempt at an unbiased opinion.

http://scarydevil.com/~peter/io/harlan.html (1998)
http://scarydevil.com/~peter/io/bunk.html (2004)
http://scarydevil.com/~peter/io/cringe.html (2006)

what you call an illusion of trust i would relabel as an honest attempt at trust.

Whether they are honest or not (and you know, I hope, they aren't always honest) doesn't change the fact that the result is an illusion. I've blogged about that before... the chain from the witnesses and primary sources to the front page is often a game of telephone. The difference is that when it happens on a blog you get to see the whole thing, and can go back to find where the fellow turned "The Bugblatter Beast makes a good meal of visiting tourists" into "The Bugblatter Beast makes a good meal for visiting tourists".

Whether they're honest or not, their biases inform their idea of what impartiality means. A reporter on Fox News and a reporter at Pacifica Radio may both think they're being impartial, but they're not.

And, again, they're NOT always honest. And, again, whether they are or not... the result is the same. You shouldn't trust what you read in the newspapers any more than you should trust what you read on the Internet. The difference is that on the Internet you CAN get more of the information you need to inform your own best attempt at an unbiased opinion.

http://scarydevil.com/~peter/io/harlan.html (1998)
http://scarydevil.com/~peter/io/bunk.html (2004)
http://scarydevil.com/~peter/io/cringe.html (2006)

what you call an illusion of trust i would relabel as an honest attempt at trust.

Whether they are honest or not (and you know, I hope, they aren't always honest) doesn't change the fact that the result is an illusion. I've blogged about that before... the chain from the witnesses and primary sources to the front page is often a game of telephone. The difference is that when it happens on a blog you get to see the whole thing, and can go back to find where the fellow turned "The Bugblatter Beast makes a good meal of visiting tourists" into "The Bugblatter Beast makes a good meal for visiting tourists".

Whether they're honest or not, their biases inform their idea of what impartiality means. A reporter on Fox News and a reporter at Pacifica Radio may both think they're being impartial, but they're not.

And, again, they're NOT always honest. And, again, whether they are or not... the result is the same. You shouldn't trust what you read in the newspapers any more than you should trust what you read on the Internet. The difference is that on the Internet you CAN get more of the information you need to inform your own best attempt at an unbiased opinion.

http://scarydevil.com/~peter/io/harlan.html (1998)
http://scarydevil.com/~peter/io/bunk.html (2004)
http://scarydevil.com/~peter/io/cringe.html (2006)

If you google for Verisign's slogan (the value of trust), what do you get?

http://www.lindacaroll.com/value-of-trust.html

That one comes up higher than Verisign's own page for me.

http://www.circleid.com/posts/the_value_of_trust_in_2007/
http://www.infinitumdesign.com/verisign.html

My own experience with Verisign's domain business comes way down the list:

http://www.scarydevil.com/~peter/io/vs/

The value of trust? That and $1.99 gets you a Doubleshot.

I don't know what the hole was, but Safari has had a problem since it was launched. In LaunchServices.

Apple followed Microsoft's insane design of using the same set of bindings for local and remote contents. Apple needs to either split LaunchServices in two, or allow applications registered with LaunchServices to specify on a PER APPLICATION basis (not a PER BINDING basis) whether they are prepared to handle untrusted content or not. If an application is not registered as a handler for untrusted content then Safari, Mail, and any other web application would NEVER use it as a handler for content from an untrusted source.

Oh, and no web page or email message is a trusted source, no matter how the content is signed or where it comes from. The source that is untrusted is "this is a web page" not "this is a document on the local machine".

Oh, and sorry, they have already started using the "allow or deny" crap. That was their first response to the problem. When that didn't work they at least stopped making 'Open "safe" documents after downloading' off by default. Not they have to take the logical next step.

My earlier comments on this.

Boy, are you ever proving the original article right. Come on, baby, give me more of that hot Apple Fanboy wrath.

I have a right mouse button on my Bluetooth mouse. [...]

Your bluetooth mouse is not on the trackpad.

[...] NO, multi-touch isn't an admission of a so-called "issue". [...]

It's a passive-aggressive attempt to avoid admitting that an issue exists. BTW: You got control-click and command click mixed up, which kind of helps me prove my point, no?

So, was adding a third button to PC mice a few years back addressing an "issue"?

Yes.

No, and adding multi-button support in OS X is not either.

I didn't say one word about OS X supporting or not supporting multiple buttons. I was talking specifically about the lack of a second mouse button on the trackpad. Which is still a problem. And using multitouch to fake it doesn't work... it doesn't work SO much that I ended up ditching it and using Sidetrack to let me use tap-in-a-corner to fake it better. It still sucks, but it's a dry suck.

There appear to be a number of balls in the "OFF" picture that do not appear in the "ON" picture, further up the hill than the ditch. To make it easier to find the differences I aligned the images and applied a false color mask using red and green overlays for the two images:

http://scarydevil.com/~peter/images/Extra-balls-in-OFF.png
http://scarydevil.com/~peter/images/OFF-plus-false-color.png
http://scarydevil.com/~peter/images/ON-plus-false-color.png

There appear to be a number of balls in the "OFF" picture that do not appear in the "ON" picture, further up the hill than the ditch. To make it easier to find the differences I aligned the images and applied a false color mask using red and green overlays for the two images:

http://scarydevil.com/~peter/images/Extra-balls-in-OFF.png
http://scarydevil.com/~peter/images/OFF-plus-false-color.png
http://scarydevil.com/~peter/images/ON-plus-false-color.png

There appear to be a number of balls in the "OFF" picture that do not appear in the "ON" picture, further up the hill than the ditch. To make it easier to find the differences I aligned the images and applied a false color mask using red and green overlays for the two images:

http://scarydevil.com/~peter/images/Extra-balls-in-OFF.png
http://scarydevil.com/~peter/images/OFF-plus-false-color.png
http://scarydevil.com/~peter/images/ON-plus-false-color.png

There used to be an interesting debate between Professer Philipp Slusallek of the University of Saarbruecken and chief scientist David Kirk of nVidia at GameStar.de. The original article has been taken down, but I found a slightly mangled version on the Wayback machine and I've cleaned it up a bit and put it up on my not-a-blog: link.

I'd appreciate a better translation of the German part of the text.

Rasterization is an embarassingly parallel problem.

If you just count the rasterizing itself, yes, rasterization and raytracing are similar. The difference is that this step is most of the work in a raytracer, but isn't that really a tiny part of the job in a modern GPU? Most of the GPU is devoted to the preprocessing hacks, shaders, texture copying, and all the other front end work to make it look good with as low a triangle count as it can get away with.

Kirk makes that point... as a point in favor of rasterization(!)... in http://scarydevil.com/~peter/io/raytracing-vs-rasterization.html .

Professer Philipp Slusallek of the University of Saarbruecken demonstrated a dedicated raytracer in 2005, using a 66 MHz Xilinx FPGA with about 6 million gates. The latest ATI and nVidia GPUs have 100 times as many transistors and run at 6-8 times the clock with hundreds of times the memory bandwidth. Raytracing is completely parallelizable, and scales up almost linearly with processors, so it's not at all unlikely that if those kinds of resources were applied to raytracing instead of vectorizing you'd be able to add a raytracer capable of rendering 60+ FPS at the level of detail of the very latest games into the transistor budget of the chips they're designing now without even noticing.

Here's a debate between Professer Slusallek and chief scientist David Kirk of nVidia: http://scarydevil.com/~peter/io/raytracing-vs-rasterization.html .

Here's the SIGGRAPH 2005 paper, on a prototype running at 66 MHz: http://www.cs.utah.edu/classes/cs7940-010-rajeev/sum06/papers/siggraph05.pdf

Here's their hardware page: http://graphics.cs.uni-sb.de/SaarCOR/

http://scarydevil.com/~peter/io/drm2.html

The guys at Apple are mostly to blame for this. Instead of Apple telling it's minions that yes in fact there is a threat to users of the Mac OS X system (as in every operating system) so you should add layers of security to protect yourself. I have to admit the Mac OS X system seems to be one of the more secure platforms and that is great. But Apple is setting it's users up for failure.

There is a threat, and it comes from Apple, but it's got nothing to do with adding layers of security or not adding layers of security. It has to do with Apple borrowing a bad security model from Windows... the idea that warning dialogs are an alternative to inherently secure design. I've been predicting that the vulnerability that this program used to launch the installer would be used in an attack on OS X since 2004. Instead of fixing the vulnerability (even in part, by eliminating 'Open "Safe" files after downloading') Apple has decided to add warning dialogs when the computer wants to do something that might have been requested as a result of this vulnerability.

http://www.scarydevil.com/~peter/io/osx-security.html and following articles.

What differentiates this social engineering attack from others (like the AIM worm) is that it's initiated without any explicit user action. The user is faced with a decision, and has been trained to make the wrong decision in this situation. This is the Windows model. The Mac model, traditionally, has been to do what the user requests when the user requests it, and if it seems like a dialog might be needed, look for a way to avoid it... for example, Macs don't ask before moving files to the trash, or before emptying the trash, because these operations are separate and both have to be performed before there is data loss. In this situation, the solution is to download the file to a standard location, but let the user request that it be opened as a separate operation.

In the browser I normally use on OSX, Camino, this is how it normally works... and the option to behave like Safari has a warning that this is dangerous.

Luckily, Apple seems to have decided to back away from the dangerous operation, making it off by default. The preference is apparently not universal... I've had Dashboard widgets installed even when it was off... and, unfortunately, all the stupid security dialogs they added while they were trying to avoid making that decision are still there. But it's a start.

Antivirus software is not useful in this situation. Antivirus software is not a useful tool at all until after there is a population of viruses for it to test for, and it's a bad idea to even consider deploying it before then because false positives and bugs in the antivirus are more likely to cause problems than accidentally getting a virus. I would recommend against using antivirus software on the Mac at the current time.

This is something that has been fixed in Leopard - it will warn you the first time you launch an app, not download it.

It already DOES that, for applications launched from URIs, and it shouldn't do either.

You see, shortly after they implemented this Microsoftian scheme for the first time, I installed a "GO" screen saver. Unbeknownst to me, one of the options in this screen saver was to allow you to bring up the GO board being displayed and play on it. Unfortunately, the first time I tried it I happened to hit the key that brought up the GO program.

What happened next was obvious in hindsight.

BEHIND the screen saver, invisible and untouchable, it brought up the LaunchServices dialog asing if I really wanted to launch GNU Go. The screensaver froze, waiting for GNU Go to launch, and GNU Go never launched, because GNU Go couldn't run until I approved the dialog, which I couldn't do because it was behind the screensaver.

The thing is, the GO screen saver was already running in native code. The URI was encoded in the screen saver. LaunchServices was protecting me from a program that was already running with full local user permissions. The solution is not to annoy (or completely block) users with dialogs, which only serves to train people to approve dialogs, but to create a distinction between local and remote resources and local and remote handlers for resources.

http://www.scarydevil.com/~peter/io/osx-security.html and following pages go into more detail.

Apple's been bumbling around trying to make Microsoft's messed up design work for over 3 years now. Microsoft hasn't gotten it working in over 10 years. One definition of insanity is to repeat the same actions when they have proven not to work.

A notable exception being the very first generation MacBook Pros some years ago which were very buggy, and in many cases treated as DOAs and promptly replaced by Apple.

No kidding. I have to remove the battery when I'm using iMovie or other CPU-intensive programs or my MBP goes from 50C to 80C in no time at all when it starts converting.

Graph here.

Seriously? This is one of your 'real' security holes?

Yes. The problem is that there is no such thing as a "safe" file. There are "secure applications", and if there is a deliberately secured application available to display an untrusted file then it can always be used, and if there isn't then the user should never be asked... the option to open a potentially dangerous file in an application with an unknown security stance at the time of downloading shouldn't be available: you should only open it in an application that explicitly advertises itself as being prepared to handle untrusted files, or by explicitly opening it from a download manager. Original comments here and in subsequent articles.

This one comes turned off by default

One of the ways that files are treated as safe has been, since I posted the original article, been turned off by default. The same pool of a mixture of sandbox and open applications (LaunchServices) is still used for opening URIs, unpacking archives, and so on... and this has been involved in more reported vulnerabilities in OS X than just about any other single cause.

The fix that Apple has used is the same one that Microsoft has used, and it's one that has failed to solve the problem no matter how Microsoft has tweaked it in the past 10 years, or Apple in the past 3. It's a bad solution, and the real problem needs to be addressed.

Warning dialogs are not a security feature.

The kind of hardware needed to run raytracing really fast is well understood, and it doesn't really look like today's GPUs or like intel's CPUs, though even today you can get better results if you take advantage of the GPU as well. If ATI or nVidia doesn't come up with a hardware raytracing GPU someone else will. It's a pity that Intel doesn't seem to be interested in working on that angle.

Here's an article I've dug out of the Wayback machine and cleaned up, Raytracing vs Rasterization. Phillip Slusallek's home page is here, and you can follow that to SaarCOR and OpenRT. They built a prototype RPU (R for raytracing) that at 66 MHz was comparable in performance to a 2.6 GHz P4. The video is pretty impressive, considering how slow the hardware is.

Tufte would be horrified. That graph would show the intended information better as a line graph or as a scaled percentage graph, since the results other than "approve" are effectively random, and only approve (without comments) matters.

A quick cut at a better graph at http://www.scarydevil.com/~peter/images/cip-graph. png

Created in Excel, the only part of Microsoft Office that I haven't found a satisfactory replacement for.

This is part of what is required when registering a browser on that OS. It's pretty important if you want to set Firefox as the default browser.

IE, this is a "shell" URI that should not be visible to non-trusted content *at all*.

There need to be separate registries for this.

OS X has the same problem, though at least there it doesn't include any equivalent to ActiveX, and the KHTML-based API makes it easier to implement a fix.

http://www.scarydevil.com/~peter/io/apple.html

I've been talking about this kind of problem in Windows and the HTML control since the late '90s, and in OSX and LaunchServices since 2004. It's worse in Windows, because you have the same stupid lack of security design in ActiveX which is a much harder nut to crack...

http://www.scarydevil.com/~peter/io/apple.html and later posts in http://www.scarydevil.com/~peter/io/ ...

I've been talking about this kind of problem in Windows and the HTML control since the late '90s, and in OSX and LaunchServices since 2004. It's worse in Windows, because you have the same stupid lack of security design in ActiveX which is a much harder nut to crack...

http://www.scarydevil.com/~peter/io/apple.html and later posts in http://www.scarydevil.com/~peter/io/ ...

Rather than duplicate the post, I'll just link to it:

Why Apple's DRM is good for consumers

Bottom line: the more DRM is a problem, the less likely it is to spread. Apple's DRM is like a billion sterilized fruit flies in the DRM ecosystem.