... And the Hits Just Keep On Coming

Vokbain writes "Security Update 2003-12-19 is now available. This update includes the following components: AFP Server, ASN.1 Decoding for PKI, cd9660.util, Directory Services, fetchmail, fs_usage, rsync, and System Initialization. Get it now in Software Update." This security update appears to be for 10.3.2, and, as stekylsha writes, "contains among other things -- wait for it -- the fix for the cd9660.util buffer overflow. What was the turn around on that? Three days?" EverLurking writes "Yet another update from Apple, this time they've updated Java to 1.41.1_01. You can find it in Software Update, a restart is required." I see no Java update of this sort, but I do see an update to the MPEG-2 component, as well as the 10.3.2 update for Mac OS X Server. (As usual, the technotes on Apple's site don't appear to be updated yet.)

Snagged this last night

[Pope]

I was very happy about the MPEG-2 update, previewing my m2v files in VLC is a pain compared to QuickTime's player, simply because the control in QT is much better.

Also nice to see all the other Security fixes happening. gg Apple!

Re:Snagged this last night

[tgibbs]

Also nice to see all the other Security fixes happening. gg Apple!

Also nice to see Apple giving public credit to the people who reported these security holes.

Re:Snagged this last night

"contains among other things -- wait for it -- the fix forthe cd9660.util buffer overflow. What was the turn around on that? Three days?

Also nice to see all the other Security fixes happening. gg Apple!

Any other computer company would be abused to bits on slashdot for having these vulnerabilities and bugs even existing in their system. Witness the whole ballyhoo over the microsoft IE %01 bug not long ago.

Now apple get a vulnerability that could allow unprivileged ROOT ACCESS to a machine, and apple don't get abuse, they get CREDIT?! just because they fixed a bug?!

good god this whole place is full of apologists.

Re:Snagged this last night

Honestly you are better off avoiding this section. It appears its only purpose is to give the faithful a place to worship. It is too bad they have to ruin this forum, when there are so many other sites where they can praise the glory that is Apple.

Security Update not just for 10.3

[TheRedHorse]

I'm running 10.2.8 and still got the security update via Software Update.

Re:Security Update not just for 10.3

[dbirchall]

There are separate updates for 10.2.8 and 10.3.2. The 10.3.x update requires 10.3.2 and will not appear in Software Update unless/until 10.3.2 is installed.

I and a few other Dual G5 users are having problems with 10.3.2 and/or some other very recent updates (say, QuickTime 6.5 or XCode 1.1), and are thus unable to apply this particular security update. Grumble.

Re:Security Update not just for 10.3

erm, why did you link to an underwater camera housing at B&H? Weird because I just bought something from there.

Re:Security Update not just for 10.3

Confirmed. 10.2.8 shows security update available via Software Update.

Re:Security Update not just for 10.3

[GlobalEcho]

Dan et al.

I posted about this on the Apple forums, but it's worth repeating here, perhaps in a little more detail. I'm running a Dual G4/800, so it looks to be a DP problem.

If you examine the stack traces that the crash catcher asks to send back to Apple you will see that all the non-working iApps (iTunes, iPhoto, Safari, Mozilla, etc.) crash at initQuickTimeFoo()+44. Sorry I don't recall the exact function.

That is consistent with the "fix" that I found...namely to grab /System/Library/Frameworks/QuickTime.framework off a machine that had not yet upgraded from QT6.4, and replace the one on the Dual G4 with it. interestingly even iTunes 4.2 appears to still be working fine with the older QT. I'm sure there's a crash lurking somewhere though.

Obviously if one has already done an Archive and Reinstall, this problem should be avoidable just by never upgrading QT to 6.5 until Apple fixes this.

For good measure I also replaced some other QT components, like the plugins, but I'm not certain that they mattered. They were

/Library/Internet Plug-Ins

/System/Library/QuickTime*

/Library/QuickTime

- Brian K Boonstra

Three days turn around on the Buffer Overflow..

[byolinux]

.. this puts Apple much closer to the Free Software Movement in terms of patching, than Microsoft.

It's pretty impressive..

Tip for any fellow 10.3 users out there...

In System Preferences > Software Update > Turn on 'Download Important Updates in the Background' - particularly handy if you leave your machine turned on at night.

Re:Three days turn around on the Buffer Overflow..

[stekylsha]

In all fairness, there were a number of people offering patches for cd9660.util hours after the vulnerability was announced. On the other hand, Apple was very quick to get the patch as part of the "official" Apple release.

Personally? This rocks. It means Apple's listening and are responsive to security issues.

Re:Three days turn around on the Buffer Overflow..

The overflow was in the code for a lot longer than three days.

Installed and all is good

[jlower]

In case anyone is waiting for user reports of installations that didn't crater their machine, here's one. G4/400 AGP installed & up and running again without any hiccups.

Re:Installed and all is good

[phatsharpie]

All is fine here too!

TiBook 667MHz (DVI) with 768MB RAM. Updated from 10.3.2 and all is well so far.

-B

Re:Installed and all is good

[MZdoctor]

Installed without a hitch on an eMac and a Bondi iMac, both running OSX 10.2.8.

10.2.8

[Johnny+Mnemonic]

The security update is also available for 10.2.8. I downloaded it and installed it last night. It is apparently different than the one for 10.3.x, though, as the size is about a meg less.

The description says that it updates: "AFP Server, cd9660.util, Directory Services, fetchmail, fs_usage, rsync, System Initialization". I wonder what this does to directory services? Presumably it addresses the security issue raised earlier, but since the issue exploits a configuration that is necessary for NetInstall, I don't think that Apple could just "turn it off." I explicitly checked, but didn't see anything different about Directory Access after the update.

Anyways, it's great that Apple is updating 10.2.x machines still--apparently, they are listening and responding to criticism that they can't end support immediately after a new OS is released--part of their enterprise aims?

Apple is killing me!

[UV_Haze]

They keep updating things. In a way you could say this is cool. Kinda like end of year/quarter house cleaning; however, I don't see any obvious reason why they could not release all of this stuff on the same day at the same time.

I only ever reboot my machine when the software update thing tells me to, so generally that's about once every other month. I've rebooted every day this week.

ARGH..

Apple.. please get better release management going. I know its nice to make the headlines everyday on slashdot (and other news sites) because you've updated something, but you're killing me here with updates.

And yes, I know I could set software update to checking once a week instead of once a day... But I like to stay current. ;-)

Re:Apple is killing me!

[MoneyT]

It's a matter of not being able to please everyone at once. When they did the bulk updates, people were ticked because they couldn't pick and choose what to install, so now you get them piece by piece, of course, now people want them all at once

Re:Apple is killing me!

[macmurph]

If you have ever worked in a software company you would know how incredibly difficult it is to syncronize the release of components...even within the same product. Even if everything is on a schedule, last minute bugs can delay a component for several days.

Apple is doing the right thing by releasing updates as they become available instead of what you propose (batching updates).

As others have said, a restart is not required in many cases, and maybe apple could eventually eliminate the need to restart. But restarting is fairly harmless in most cases.

Re:Apple is killing me!

[Onan]

For them to release updates at the same time, they'd need to either 1) rush the later ones, involving less testing, or 2) delay the earlier ones, which you could easily do yourself.

Which one of these strikes you as a good idea?

Re:Apple is killing me!

[MarcQuadra]

It's not going to all-of-the-sudden be like this all the time, all the teams are pushing out their progress and tying up loose ends before the year ends. I'm sure there's a lot of developers at Apple who want to spend the next two weeks relaxing and soaking up the holiday work atmosphere, not crunching code.

Re:Apple is killing me!

[geoffspear]

Look, just replace your uptime program with a script that prints out some ridiculously high value and quit whining.

10.2.8 kernel panic?

[dema]

Has anyone had problems with updating 10.2.8? i can't confirm it, but I've read some comment at versiontracker.com that say after running the update kernel panics started happening. One even claims he had to reinstall his system.

I have been reluctant to install the updates because of this. Has anyone else heard/had this problem?

Re:10.2.8 kernel panic?

[holmbrew]

I have, but the machine is a biege G3 266 from the days of yore. My prismo powerbook and b/w G3 took it on the chin without a stumble.

Re:10.2.8 kernel panic?

[awfwal]

I started getting kernel panics about this time, but I traced the problem to the also-recently-updated Norton Anti-Virus auto-protect. After I disabled that ( using safe boot ) I had no more problems.

Re:10.2.8 kernel panic?

[godawful]

i believe this was the first 10.2.8 that caused this problem, it was pulld and a revised 10.2.8 was put up the next day, i've been running 10.2.8 since then, not one panic.

Re:10.2.8 kernel panic?

[HiredMan]

Do you have two monitors?

I'm running dual monitors on 233 (now 500Mhz BG3) with an ATI Rad 7000 in addition to the on-board video. With 10.2.8 I ran into random monitor blacking or corruption varying from 2 hours to a 4 days.

After I heard about others with the same problem I finally rolled back to 10.2.6. *SIGH*

There's a precident for this - the same set-up had screen corruption on sleep issues until the ATI updates in 10.1.5 update.

=TKK

Re:10.2.8 kernel panic?

[Alrescha]

The only issue that I ever had with 10.2.8 was that it broke the Option-Eject function to eject the second DVD drive.

I have had no other problems. Dual monitors work fine, etc., etc.

A.

Re:10.2.8 kernel panic?

10.2.8 with the newest updates on a 900MHz G3 iBook with no problems at all.

Re:10.2.8 kernel panic?

[holmbrew]

actually i don't have a monitor on it. been using it as a web dev server, and it has been pretty stable until 10.2.8. that update seemed to fubar a lot of stuff on that machine.

i too may be resorting to a full rebuild of that box and do the 10.2.6 combined update or risk the 10.2.8 combined update. is there a 10.2.8 combined update? hmm.

not sure about the vid card stuff. still working with the on-boards grafix card/mem, although i did upgrade it a few years back, adding a whopping 4MB of vram.

sorry, i'm not much help.

Re:10.2.8 kernel panic?

[tgibbs]

Can't say that I've ever seen a kernal panic under 10.2.8, with Macs ranging from beige G3's up. I did have one beige that wouldn't boot into 10.2.8 (although it was fine with 10.2.7) until I replaced the hard drive.

Re:10.2.8 kernel panic?

[dema]

Intresting. I use NAV auto-protect as well. I'll do that and try the updates. Thanks for the info (:

Re:10.2.8 kernel panic?

[dave1212]

My Jaguar partition is still on 10.2.6, as I have the Gigabit Ethernet Dual 450, and was spooked after learning of the first 10.2.8 update that killed the ethernet .kext file, and left users without a net-enabled machine. I do have a few other machines online, but didn't bother doing it or the re-released update, as everything works fine with 10.2.6.

My current Panther install (I usually Carbon Copy Clone my main boot drive to an external firewire drive, then do an upgrade install on that drive to the newer system version; done for 10.1->10.2 and 10.2->10.3 once I see what's what in terms of settings, apps running or needing fresh prefs files, etc. I do a clean install on a blank partition and start building my 'new' machine, it's more fun that way) is running great, with my all my apps looking nicer, running (it seems) a bit faster, and acting more nicely with things like Expose.

I have discovered Another Launcher, a great replacement for every quickeys-type app ever made. It's a great donation-ware app. My main apps are the ones I sweat over, wondering whether they will work with the new system, and both Reason (save for a few drop-down menus going cleartext until clicked, hasn't affected anything else, I can run the same amount of tracks/effects) and RTCW MP Test2 (can finally command-tab out of it when needed) are seemingly healthy.

Today I had a kernel panic upon boot, the same thing I saw a G4 come in for in the service dept. at work (also today), so I'll be keeping an eye out for anything interesting going on.

Re:10.2.8 kernel panic?

[dave1212]

Get the heck off Norton, it's a waste of money. None of their programs are of any use on a Mac running OS X, and if you run Panther, the updates don't even exist for some of the apps.
Filesaver is one sure way to damage a drive badly, as well as make a mess of your system (throwing many files everywhere) and slow everything down by half, making a point to rescan and log every single file you open or move, as well as many other things you might do in regular use. In all I've seen, heard, and read, it has *never* been used reliably to recover a drive to a fully usable state.
Antivirus is full of crap, it's lying to you that it's doing anything useful. If you're really *that* paranoid to want a commercial virus-checker on a Mac, get Virex.

Re:10.2.8 kernel panic?

[Alan+Partridge]

I'm on a Gig E dual 450 too, the 10.2.8 caused exactly ZERO problems, though that's now ancient history as I'm running a fully updated 10.3.2.

Panther REALLY helps UI speed on the dual 450 - cheapest speed upgrade ever - go for it!

Re:10.2.8 kernel panic?

[awfwal]

I agree. Symantec's stuff is crap. I use NAV because I get it free from the university, and they say that I have to have some form of anti-virus software.

Free, but maybe not worth it. It's started causing problems so I may look at coughing up some money for something sucks less.

Virex,you said?

Re:10.2.8 kernel panic?

[trash+eighty]

seems ok so far to me, i even installed the last 3 updates in a row and nothing broke that i've noticed

Re:10.2.8 kernel panic?

yes - i am getting sporadic kernel panics over last week or more on two beige g3's which have each not crashed for a year or more. took the opportunity to max their rams and reinstall on big new drives but that hasn't fixed it. now need to regress versions till i find stable. bummer.

More Info from Apple:

[Johnny+Mnemonic]

Apple's security-announce mailing list helps answer this question: "Directory Services: Fixes CAN-2003-1009. The default settings are changed to prevent an inadvertent connection in the event of a malicious DHCP server on the computer's local subnet. Further information is provided in Apple's Knowledge Base article: http://docs.info.apple.com/article.html?artnum=324 78 Credit to William A. Carrel for reporting this issue."

For more on these updates: Jaguar; Panther.

The TechNote...

AppleFileServer: Fixes CAN-2003-1007 to improve the handling of malformed requests.

cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in the filesystem utility cd9660.util. Credit to KF of Secure Network Operations for reporting this issue.

Directory Services: Fixes CAN-2003-1009. The default settings are changed to prevent an inadvertent connection in the event of a malicious DHCP server on the computer's local subnet. Further information is provided in Apple's Knowledge Base article: Credit to William A. Carrel for reporting this issue.

fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that improve its stability when receiving malformed messages.

fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to prevent a local privilege escalation vulnerability. This tool is used to collect system performance information and requires admin privileges to run. Credit to Dave G. of @stake for reporting this issue.

rsync: Fixes CAN-2003-0962 by improving the security of the rsync server.

System initialization: Fixes CAN-2003-1011. The system initialization process has been improved to restrict root access on a system that uses a USB keyboard.

Note: The following fixes which appear in "Security Update 2003-12-19 for Panther" are not included in "Security Update 2003-12-19 for Jaguar" since the Jaguar versions of Mac OS X and Mac OS X Server are not vulnerable to these issues:

CAN-2003-1005: ASN.1 Decoding for PKI
CAN-2003-1008: Screen Saver text clippings

Advice

[phorking]

You want to stay current but don't want to reboot your machine every day. You want 2 completley mutualy exclusive operations here. In your choice where Apple only releases updates once a week you are not staying any more current than you would if you only patched yourself once a week. Instead, you are only being ignorant to your current patched status. The patches are still waiting at Apple and you still have not applied them. You have not actualy gained anything by waiting for Apple to release those updates on a schedule. So, just update once a week. It makes no difference in the end. If you want to stay current, stay current and don't complain about rebooting. TTFN =)

Re:Advice

[Senjaz]

Not true. Patching doesn't always require a reboot. Any system service could be updated and it's process restarted individually instead of taking down the entire system. Unfortunately Apple's updates tend to want to reboot the entire machine. I suspect further effort could be made to improve the software updater so that machine reboots were not required as often. All but very core stuff could be suspended while a updated process is swapped out for a newer one.

Re:Advice

[martinX]

Given that so many things are dependent on so many other things, it's just easier to reboot really. Probably quicker too.

Re:Advice

If I update my linux boxes I reboot them.

Why? I've been caught before, having a machine up & running for months, updating a dozen small things that restart just fine, and I get used to how they work.

Then on a reboot, things AREN'T identical. It's just not worth trying to trace down why the system isn't working as I'm used to when I could have completely avoided problems with a reboot. Granted it's rare, but if I'm going to do 10 reboots over a few months that's better than spending a few hours poring over a system to find why it's not working how it used to, when it's not working how it SHOULD and not how it did without the reboot.

A reboot costs 45 seconds. That's worth it. Screw uptime

Re:Advice

"I suspect further effort could be made to improve the software updater"

I suspect that further efforts are being made to improve it but I'm what you might call an optimistic pessimist; I'm certain that something horrible is going to happen but I am, at the same time, certain it won't hurt too much. As little sense as that makes, it's enough for me. ;-)

What will be left?

[burns210]

With all these updates, 10.3.2, bug fixes, program updates like xcode 1.1 and final cut pro... what will tehy have left for MacWorld? you would think that the program updates and what not would have been a nice debut on stage with Jobs on the keynotw, but since they release them 3 weeks early, what will the Keynote debut, if anything?

Re:What will be left?

[jaytay]

You have to realise that these are only minor upgrades and fixes and there's not much likelihood of them being announced at MacWorld even if they had held them back.

Re:What will be left?

[Aqua+OS+X]

I don't think this stuff would go over well for a keynote address. People want to see new products and software with new features at a conference, they don't want to see that you're repairing your old software.

Re:What will be left?

[General+Sherman]

I don't think a Security Update is MacWorld worthy to begin with, my friend.

Re:What will be left?

[burns210]

idividually no, an xcode 1.1 patch isn't keynote worthy... but bulking them together, saying, "by the way, we are releasying 10.3.2, updates to xcode and final cut pro, etc..."

granted minor updates aren't special, but as a whole, it seems like quite a bit to release 2/3 weeks before an expo.

When you say "Java to 1.41.1_01"

[ITR81]

I'm guessing your referring to the new Java 3D and Java Advance Imaging update.

Since it's still in public beta form it won't be found in software update but here:

http://docs.info.apple.com/article.html?artnum=120 289#English The big rumor for Macworld is almost all of Apples software will see upgrades and some totally new software apps.

Cd9660.util permissions?

[dbratten]

Last night I ran Repair Permissions after installing the new Security Update. The only change was to cd9660.util. This same change occured on two of my computers. The message was:

Repairing permissions for "OS X"
Determining correct file permissions.
Permissions differ on ./System/Library/Filesystems/cd9660.fs/cd9660.util , should be -rwsr-xr-x , they are -rwxr-xr-x
Owner and group corrected on ./System/Library/Filesystems/cd9660.fs/cd9660.util
Permissions corrected on ./System/Library/Filesystems/cd9660.fs/cd9660.util

Checking in the Terminal I confirmed:

-rw-r--r-- 1 root wheel 11 24 Sep 11:19 cd9660.label
-rw-r--r-- 1 root wheel 6 24 Sep 11:19 cd9660.name
-rwsr-xr-x 1 root wheel 20436 19 Dec 23:59 cd9660.util

My question:

I am unfamiliar with an "s" permission for root (-rws vs. -rwx). Is this correct?

I haven't noticed any problems but I haven't checked either.

--Dan

Re:Cd9660.util permissions?

[pudge]

I am unfamiliar with an "s" permission for root (-rws vs. -rwx). Is this correct?

Yes. It stands for "Set UID/GID". See man chown:

The letters `rwxXstugo' select the new permissions for the affected
users: read (r), write (w), execute (or access for directories) (x),
execute only if the file is a directory or already has execute permis-
sion for some user (X), set user or group ID on execution (s), save
program text on swap device (t), the permissions that the user who owns
the file currently has for it (u), the permissions that other users in
the file's group have for it (g), and the permissions that other users
not in the file's group have for it (o).

It means when you run it as Joe User, it will be run as root, which is why a buffer overflow is such a big problem. If the buffer is overflowed with some executable code -- thereby replacing the existing code with some other code -- then the program can be tricked into running that other code.

This is normally not a huge problem, but when the program is set to execute with setuid, then it is a huge problem. The program cd9660.util is eseentially trusted code: anyone can run it, and nothing bad can happen with it. But with a buffer overflow, now anyone can run it and (conceivably) gain root access to the system by getting it to run a root shell. You might as well, at that point, make bash setuid, or just leave your root password as an empty string.

Re:Cd9660.util permissions?

[ianezz]

You might as well, at that point, make bash setuid

Just a note: making Bash suid root won't work: if the effective user ID (the one affected by the setuid bit) is 0 (read: root), Bash simply resets the effective user ID to the real user ID (the one inherithed from the parent process). Other interpreters probably do that as well.

OTOH, making Bash setuid any other user works as expected.

Of course this doesn't prevent a suid root wrapper to change its real user id before forking a shell (otherwise su, sudo and friends couldn't work...)

The IE hole

[goombah99]

This post is offtopic to apple abut relevant to security and quick trurn arrounds. The scammers have done a quick turnaround on the announced but not officially patched IE security flaw. The balleyhooed IE URL spoof using %01 has now officially debuted in the wild. I got my first fake Billing statement today witht he following URL
https://www.earthlink.net%01@211.154.171.106/li_pi n/verification/step1_e.htm
(mind the break inserted by the lameness filter!)
I'll leave it to compare with Microsoft versus Apple response times, but I will mention the following. In many industries when a safety standard becomes established or ubiquitously improved it becomes the new legal definition of "reasonable and prudent action". I know many ski areas for example dont mark all the hazards because they dont want hazard marking to become an expectation and a get their asses sued if they dont do it well. In this case I think apple is setting standards for bug fixes that leave microsoft ripe for a suit by someone who get screwed by one of their slow responses to security issues

Re:The IE hole

[valmont]

yeah. i got this phisher e-mail too. 211.154.171.106 appears to be a compromised box, some lame cracker used to set-up their phisher site at /li_pi n/verification/step1_e.htm .

mm. it looks like eventually the script that gathers all the sensitive info is this one: http://211.154.171.106/li_pin/verification/form2.p hp

Please submit a spamcop report for that phisher e-mail you just received. Basic reporting account is free, i recently purchased a yearly mailbox from them, i like what spamcop does for the Internet.

Antivirus software? Why?

[Onan]

In my experience, antivirus software is far more damaging and invasive than any virus from which it might protect you.

I've been using (and adminning) internet-connected macs for about ten years without any antivirus software. I think the only thing with which I've ever contended was the "concept" Word macro virus in 1997 or so. Which made saving some Word documents inconvenient until you ran a simple tool to clean it out. No system corruption, no reinstalling of anything. All told, less work (and money) than installing antivirus software even a single time would've been.

So what's huhu, cobber?

Re:Antivirus software? Why?

[awfwal]

The university requires it.
I hardly ever use it. Just scans, and I never found anything.

I actually had auto-protect turned off before updating NAV, but I guess the update turned it back on.

Apple is killing you?

[Steve+Cowan]

Um, how old are you?

One one hand you're saying you'd like Apple to hold off on releasing security patches so that they come out at the same time as other stuff to save you having to reboot your machine.

On the other hand you're saying that you have Software Update checking for updates every day. And you don't want to set it to every week (or every month) because you want to stay current.

I say bite the bullet, Einstein! Set your software update to once a week. Let Apple release updates on their own schedule. Trust me -- it is better for the world when Apple releases updates as they are developed. Stop wasting your bandwidth, as well as Apple's (and Slashdot's).

Re:iPod's unreplaceable battery

[tgibbs]

iPod's unreplaceable battery lasts only 18 months.

This was very briefly true, but as with these security problems, it has been fixed. Apple can reasonably be faulted for being a bit slow to realize that some iPod batteries would be failing already and getting a reasonable replacement program in place, but that is old news. Currently, you can send you iPod into Apple for battery replacement, or buy replacement batteries from a number of vendors.

"And the Hits Just Keep On Coming"

[agent+dero]

Oh give me a break; an UPDATE is nothing bad, they found a problem and fixed it, come on slashdot editors; grow up.

The fact that they were identified and fixed before a worm/virus came out to exploit them is something to be proud of.

Yes, whoop-di-doo, macs have a couple holes in them, that's not why they're more secure, they're more secure because they're not on by default and they're patched quickly.

Re:"And the Hits Just Keep On Coming"

[rolocroz]

I think they were talking about how many updates there have been in the past few days, not about security vulnerablilites.

Problems with Warcraft III: Frozen Throne?

[Nova+Express]

I installed all the latest Apple updates, including Quicktime 6.5, just before installing a copy of Warcraft III: The Frozen Throne. The game seems to play OK, but the cinematic cutscreens are all screwed up, playing in overlapping tiles rather than fullscreen.

The vitals: Duel 1 GHz PowerMac G4, 768 MB, Radeon 9000, 10.3.2 and all the latest and greatest.

Anyone else seen this problem?

Re:Problems with Warcraft III: Frozen Throne?

This might be related to the problem with NOLF2, where all of the sound for cutscenes plays at once, instead of being synced with the video. The "fix" for NOLF2 is to revert to QT6.3. This really sucks if you have Panther, since you can't revert to QT6.3. It sucks even more than that, since Macplay have already had almost two months to fix the game, and are apparently not doing anything about it.

If you have Panther, or are even thinking of getting Panther, don't bother buying NOLF2 because it is essentially unplayable.

The announcement of international iTunes

[Angostura]

Canada, Europe, Oz ... would be my bet.

Re: 3 days

According to another poster on Bugtraq, this bug was actually found and reported in 10.1. I don't think that it is accurate to say that they responded in 3 days. As further evidence to this, the poster who claimed it was reported in 10.1 was the person credited with finding that bug.

*Assuming that is accurate* ... Three days from when they were forced to react due to public pressure is not as impressive, if they have been sitting on it for who knows how long. The important thing is that it got fixed.

Either way, all OS's have vulnerabilities, all vendors try their best.

huh?

[commodoresloat]

I know its nice to make the headlines everyday on slashdot (and other news sites) because you've updated something

*blinks*

Other news sites?