Slashdot Mirror
Apple Safari On Windows Broken On First Day
An anonymous reader writes "David Maynor, infamous for the Apple Wi-Fi hack, has discovered bugs in the Windows version of Safari mere hours after it was released. He notes in the blog that his company does not report vulnerabilities to Apple. His claimed catch for 'an afternoon of idle futzing': 4 DoS bugs and 2 remote execution vulnerabilities." Separately, within 2 hours Thor Larholm found a URL protocol handler command injection vulnerability that allows remote command execution.
report vulnerabilities to Apple because he is a total fsckwad loser attention hound.
Thanks for the news about the vunerabilities, Paris Maynor.
guns kill people like spoons make Rosie O'Donnell fat.
... it's a beta version.
They call it beta for a reason...
Its still in beta.
I mean, you kind of expect there are going to be some bugs...this is a Good Thing and the reason you release a public beta, (in addition to getting buzz) you can shake out the bugs.
Sig removed because it was obnoxious
Um, beta.
Bugs in the first public beta release!
:/
Who would've thought it!
Incidentally, it doesn't seem to like authenticating proxies at all, so my first experience with it was a bug too
However, making a big deal of, but not reporting bugs found in a beta release of something seems more than a little silly.
Advanced users are users too!
Bugs in a beta version of a program thats being incredibly heavily scrutinized by everyone looking for something to crow about!?
That's unpossible!
-Hmm...I got a G+ invite, better remember to remove the request from my sig...-
I'm not surprised. Apple really doesn't write more secure code, they just have a lower market share and thus aren't as much of a target.
And alot of their success at security on Mac OS is just them inheriting some of their security from the BSD kernel which I'm positive beats the hell out of the Windows kernel in terms of security.
OK the system requirements say that you need OS X 10.4.9, 256MB RAM, and 50 meg of disk space.
I'm running 10.4.9, 1.25 GB RAM on a Powerbook G4, have 18 GB spare on my HD, yet the installer says:
"You cannot install Safari Beta 3 on this volume. This volume doesn't meet the requirements for this update."
Anyone else getting this error? Anyone know of a workaround? How can you tell why the installer is stopping?
I am artificially intelligent.
And...when Safari reaches, oh, say, 10% ~ 20% of the level of breach-possibles that any of the current IE clients are facing, let us know, eh?
Until then, the mud on the carpet came in on your shoes, not mine.
it is still more secure than MSIE.
I prefer the "u" in honour as it seems to be missing these days.
it's beta, report the bugs
There was an unknown error in the submission.
keep stuff in beta :P
....tonight? :)
*stretch* *yawn*
Time for bed. I know I'll be sleepin while they be codin.
Camping on quad since 1996.
The quote is "an afternoon of idle _fuzzing_". As in fuzz testing.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Remote code execution 2.5 times faster than FF on windows!
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I've never tried Safari before. Haven't had any major problems with it on XP so far.
However, I'm desperate to have a bookmark sidebar. I can see all my bookmarks in the Bookmarks menu. Also the Bookmarks Bar works fine. I can Show All Bookmarks to display them all in a page. How can I have a bookmark sidebar like Firefox or IE? Thats the only way I normally surf!
I actually use the nice Menu Editor add-on in Firefox to hide the Bookmarks menu. Since I never used it.
isnt this the point of betas....to find bugs?
why is this news?
Mikey
I've always been the kinda guy to fall for the girl dressed like an eskimo.
I was actually looking forward to try this browser out, but to my surprise, I could not even make it work.
The installation was smooth without any unexpected bumps on the road. First when I loaded the program, I noticed that no menu fonts nor any fonts whatsoever on the web pages existed. To make it worse, the browser would crash every time I clicked on anything with interactivity, such as the stop button. I have read quite a few solutions to this problem but so far no success. I run Win XP SP2, btw.
Anyway, there are more problems around the corner. According to the Apple forum, people can't play Windows Media files, dual monitor support is very buggy, some buttons screw up the GUI when pressed down and dragged, loads of spontaneous lockups, random letters appearing everywhere, installation problems, parental control issues and more.
Also, I am not a big fan of customized GUI:s for crucial applications like a web browser. We should be able to use Windows ClearType instead of the ported OSX version (which sucks), and most importantly, we should be able to use the standard Windows themes. I don't get why Apple thinks the average Windows user would want a significantly altered browser that looks nothing like the rest of the operating system he or she is using. How would Mac users react if Internet Explorer was ported with the Windows theme?
I think it looks like a promising project, but I am worried because it's not in Apple's nature to release beta software with so many bugs and so little heart put into it.
Full Tilt
..."that you should expect bugs in a BETA"
Come on. You have to admit remote execution of any cmd is pretty bad even for a beta. This ain't your run of the mill bug, like a UI glitch or rendering type of bug. It makes the beta unusable and thus not a very useful beta. (Unless you're testing how your own trusted website looks under Safari.)
Camping on quad since 1996.
But I won't be trying it since other Apple products like iTunes and Quicktime still run like crap on Windows.
Thanks but no thanks.
Apple includes CoreFoundation.dll and CoreGraphics.dll, which have the same exports as the OSX frameworks.
Therefore it's possible to use the OSX CoreFoundation and CoreGraphics headers to link to the Windows DLLs natively and create native Windows "psuedo-OSX" apps.
I believe CoreFoundation.dll has been around with WebObjects for Windows NT for a while, but I think CoreGraphics.dll is a new Apple "release" (I remember some anger over Apple not porting CoreGraphics when WebObjects/NT first came out).
I've documented some of what I've poked around today (just a screenshot and simple description for the moment) at http://pages.brianledbetter.com/
bugs on a safari trip.
ror?
I just installed it and fired it up on XP. Resizing the browser window takes 4 seconds on a 3 GHz P4 with 1 Gig of Ram. I am not joking. In terms of UI sluggishness nothing beats apple software. Not even Java Swing. It's absolutely horrendous. Save your selves the trouble and skip this browser. Truly nothing to see here.
Your pizza just the way you ought to have it.
... but the first thing that I thought of was that here you have an app (Safari) that works perfectly fine on Macs; as soon as it gets ported to Windows, BAM, instantly full of vulnerabilities. Would Apple go so far as to break their own product to deface an opponent in the OS arena?
Aikon-
I wonder how many of those vulnerabilities are actually Safari/KHTML code and how many of those are Windows vulnerabilities.
IIRC, Firefox had that "URL protocol handler command injection" vulnerability (or something around those lines, correct me if I'm wrong) a few years ago and FF developers said it was the way Windows handles protocols. In the end, they had to change the way URLs are handled inside FF to prevent Windows from catching it.
The http://wunderground.com/ site has multiple functions that cause a MS error message, which I don't allow to send information to MS, and then it closes the browser. I used the bug report feature in the browser when I restarted it.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
Seems to disappear when I maximize it on my second monitor. Lets see if reporting bugs via the menu actually works.
It is also pig slow, hopefully because it is a debug build.
Ummm. It's beta. or didn't you notice that.
the command exploit is actually due to inherent problems with the gopher protocol, not safari's handling of it. IE had the same problem (MS eventually removed gopher support entirely to fix it). Firefox/mozilla/netscape had the same problem (they now run a url sanitizer which breaks some legal urls, but nobody uses gopher anyhow). Despite his claim contrary, the bug is in windows/firefox's handling of command line arguments. Yeah, apple could sanitize it or disable gopher altogether.
This is completely outrageous. Betas aren't allowed to have bugs! For the love of God they could ruin us all!
These things are worth a lot. Spammers, governments, mobsters... all will pay. You even get your choice of payment method:
*euros
*credit card numbers
*yuan
*underage virgins
*dollars
*shekels
*death to your enemies
*rubles
*pounds, British money
*pounds, crack cocaine
Just be sure to not rip off the buyer. Most of the buyers have nasty ways to kill you. Some of them have polonium. Some of them have penis pills.
the first versions of those were so stable though?
(so stable that many of us used Mosaics until maybe 10 years ago, when netscape 4.0 came out)
“Common sense is not so common.” — Voltaire
They release a beta of a free product, the engine of which (and almost certainly where these bugs are located) is open source, and this "security researcher" finds a bug and refuses to report it. Deep throat he's not.
Mac: Hello, I'm a Mac... ...and I'm a PC.
PC:
Mac is looking through a small viewfinder, looking very absorbed
PC: Hey Mac.
Mac: Yeah?
PC: What are you doing?
Mac: I'm browsing the internet with Safari.
PC: I do the same thing with IE.
Mac: You should try Safari. It's fast, secure, and easy to use.
Mac hands the viewfinder to PC
PC: Oh, thanks.
PC looks into the viewfinder and keels over, dead
Mac shrugs
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
correctamundo.
so then it is better that people don't know what's in for them when installing it, right?
or you sincerely believe most folks that install stuff know what they are doing?
That's an amazing prediction. I guess we'll all have to wait until Apple actually releases Safari (as opposed to this preview) to see if it comes true. Methinks it unlikely as that's kinda the point of releasing a beta, especially at a developer's conference.
news at 11.
Google.com takes 45 seconds to load. CNN.com, several minutes for just the text to load (haven't seen any images yet), I have yet to see the safari home page fully load. It has now been about 8 minutes since i started the browser and the home page is still loading and has a blank screen. OK CNN just finished loading 12 minutes later. Slashdot, about 2 minutes for just the text, and about 5 minutes for the whole page. (And yes, i've tried restarting/rebooting several times)
This is all on a 7 mbit cable connection, using Firefox, CNN.com, or mostly any other page for that matter, takes about 3 seconds or less to fully load, including all the flash animated ads. So figuring there must be something wrong with my PC, I install safari on my laptop. Nope! Same results. I upgrade ITunes, thinking there might be some strange dependency on the latest version of quicktime, but no difference. I disable my (software) firewall, and antivirus.. and again nothing.. still watching the grass grow faster than the page loads... Anyone else experience this?
because I'm using the browser as a development tool, not as my general purpose browser. Sure, FF has its own problems, but why expose yourself with a beta browser out in the wild?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
For what it's worth - I discovered the proxy feature is broken. Once you enter your user name and password, the browser crashes (Windows XP).
Need an ISP in South Africa?
That is the responsibility they undertake, yes. They may or may not understand all the ins and outs, but it's their responsibility.
Based on the blog posting, they STILL don't know what's "in for them," since the vulnerabilities are still undisclosed. They remain in Maynor's to do list, for sale to the highest bidder for all we know.
If you're a linux or MS supporter, don't waste your breath defending this guy. He wasted a year of everybody's time on that Airport vulnerability that didn't exist.
Don't blame me, I voted for Baltar.
Steve Jobs speaking at the Safari release:
"We think Windows users are going to be really impressed when they see how fast and intuitive web browsing can be with Safari"
I think Windows users are going to be impressed that the quality of Windows applications is so much higher than those with Mac -- I don't even believe this, but it sure as hell is what Mac is asking for!
And to all those Mac fanbois that have been posting the same idea ad nauseum: "oooh bugs in a beta, no surprise!", you need a serious reality check. Small bugs exist even in most production applications. These are basic security vulnerabilities that make Safari dangerous to use on windows, and the actual bug reports piling in lead one to believe that it's a barely usable application (display/font/screen/memory problems amongst others).
All I see here is something that is most definitely not beta quality
It works well enough to test webpages for Macs, yeah?
Then I really don't give a flying fsck about its security. Let Mac fanboys deal with their newfound exposure. I use FFox as my primary browser on my PC, Mac, and Linux box. There's something to be said about 'consistent development environment'.
No, seriously. I'd use my Mac a lot more if there was a reasonably lightweight OSS code editor for it. There's not, so I don't.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Actually, that's quite like Deep Throat. He worked on deep background - never volunteering information, only confirming it for Woodward, who wasn't allowed to print any of his information or count him as a confirmation. And much of Deep Throat's information was along the lines of "Man, these guys are dicks. I don't like them. They did lots of stuff, good luck and have fun finding it all, bro!"
ResidntGeek
For a browser, to have "easily" testable major bug like remote execution, something which should have been caught a bit before. I disagree totally with the way this security "researcher" handled the bugs, but I also totally disagree taking off the slack because this is a beta. Bug found so quickly by testing a few known vulnerability in browser is something bad. With a big B. Smell of lack of security testing pre-beta.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I didn't say he shouldn't report that there's a bug, I said that he should report the bug to Apple. The beta agreement probably requires that he do that, actually.
And if you're installing a beta then yes, you really should be aware that you're in for some bugs. It's very unfortunate that Google has diluted the meaning of "beta" so much.
Also note that he's not really failing to report a bug to Apple, he's failing to report it to the webkit/khtml open source project. I doubt very much the bugs are in Apple's closed source GUI front end to webkit.
I doubt URL handling is part of the KHTML/KJS renderer; responsibility for acquiring content in Konqueror is done in KIO, so Apple would have had to implement their own content acquisition scheme.
It is possible that the stack failure is in (KHTML/KJS)/WebKit - but as it's not been shown that these bugs apply to either Konqueror or Mac Safari, it's most unlikely that the stack failures are the result of the open portion of the code.
Anyway, as a news story, this is a null set; it's a public beta. It's there for the public to test it and report bugs. It's not a production browser.
I'd be curious, however, to see if these bugs are Windows-only (for example, Mac OS-X and KDE have a URL handling scheme built into the OS that wouldn't be available in Windows; it would need to be implemented as part of Win Safari), or if they apply equally to Windows and Mac.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
This just in, nasty bugs were quickly discovered in the public beta of a newly ported app. Disappointment of outrageous expectations has now led to the death of several men living in their mothers' basements.
It is assumed Apple realized this devastating "beta" because they hate freedom and want the terrorists to win... and they've now won.
We will try to stay on top of this developing critical story.
My god have mercy on us all.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
I just installed it on a few machines to test and it crashes on every PC when I try to authenticate against my proxy.
The messenger says something along the lines of:
"The Trojans are going to attack tonight. There'll be at least five cohorts, but I can't tell you where there coming from, or the time of the attack, because you know, that'll spoil all the exciting fun."
Geez folks, this is not an unheard of realization. IT'S BETA!
It's not present on Mac Safari, though the demo page does crash the Safari 3 Beta.
The main thing is how the URL handling works, under Windows Safari passes the URL to the Windows URL handler, which just finds the application and then dumps the rest on the command line, which gives many remote execution issues. Under MacOS the MacOS URL handler finds the application, and then dispatches an OpenURL AppleEvent (I think, similar to that anyway) towards the application, which then has the responsibility of parsing and loading the URL.
I'm guessing that the engineers didn't look too hard at how the OS deals with URLs and just assumed it would be safe.
--sitharus
From what I can tell, Apple is jumping on the consumer bandwagon (or trying to)--it seems they're trying to increase the Webkit install base to raise the "awareness" factor for iPhone's web engine. From the sessions I went to today, it seems Apple is really pushing for Web 2.0 development. I was surprised by this--for a developer conference specifically for Apple's OS, there was this weird, eerie spell cast by the presenters for pushing web apps.
The vibe amongst the attendees is a weird mix of disbelief and bewilderment. Safari for Windows was not the big deal Steve was hoping it would be. In fact, most of the conversations I've overheard are pretty critical of this direction.
I don't think Apple is serious about competing for market share against FF or IE on Windows. I think they're offering the development platform based on Webkit so that web developers can make sure their code looks OK on the iPhone. Webkit-iness seems to be the only development platform for iPhone Apps.
Or, maybe Steve is starting to drink his own Kool-Aid.
I might know what I'm talkin' about, but then again, this is Slashdot...
Perhaps you, yourself, should have looked up the definition, ye lazy & bilesome rapscallion!
1) crashes when prompting for authentication to isa server 2004 2) cannot set proxy server manually through edit -> prefences , it is greyed out so i havent even been able to browse the web on it yet. and it's a shame too, mainly because i'm a mac user so it was nice to think i would have safari at work while i do my system admin work..
so now the responsibility for a product distributed by a company is with the "opensource community" as well?
didnt the wifi hack that he had turn out to be a hoax anyways and he put up a retraction in the smallest place on the web he could find and added the no search bot.txt file so no one could find it with google...
(yes i know i suck at spelling fell free to correct my grammar and/or spellin i dont care, im still not going to change
I hate that bookmarks sidebar, when I sit at one of my users desks to work on their computers it takes everything I have to not close that damn thing if it's open.
I don't know why I despise it, especially how most of the time the browser window is maximized, and many of these users have widescreen LCD's so there's plenty of real estate for the real webpage that is being displayed. I do see it's utility, but there is something so asthetically displeasing to me with that large white bar on the left side of the page. I could go on and on...
Ocean is land, covered with water.
Offtopic:
I, like a lot of other web developers out there, wanted Safari for the purpose of adapting web pages to Yet Another Popular Browser's bugs.
So, what did I find when I downloaded Safari? The ridiculously useful debug menu was gone!
Now, all the docs on how to enable it are for Safari on the Mac, understandbly. What to do?
Kill Safari
Open C:\documents and Settings\[You]\Application Data\Apple Computer\Safari\Preferences.plist
Add, in what appears to be the logical place: IncludeDebugMenu1
Load Safari. Now developer-useful things like the Javascript Console are available to you.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Slashdot stripped my XML. The line to add is, IncludeDebugMenu1
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Bwahahahaha!!! Isn't this just typical Apple programming?
Apple has a long and proud tradition of creating the worst, buggiest, most egregious abortions to ever be called applications on the Windows platform. Why break their perfect record with Safari? It just wouldn't be right.
Looks like the MOAB wasn't a fluke. EVERY month is a Month of Apple Bugs!
Safari, if maximised to the second head on my Windows machine, disappears completely. Anyone else seen this?
Even though there's a link to the add-on, Sun Java fails to work for me in Safari. But natch the flash ads work great.
-Kinsey
It's very unfortunate that Google has diluted the meaning of "beta" so much.
It's very unfortunate that the rest of the industry (especially MS) has diluted the meaning of "gone gold" so much. Gold is the new beta; beta is the new alpha.
Put identity in the browser.
One of the benefits of getting beta access to new software is that third party developers can get an early idea what they will have to do to be compatible with the real stuff when it arrives. Some of us consider it valuable to have access to the early versions to get a wider window of opportunity.
You live with beast, you have to howl...
No. But put it this way...
Let's say there's something built atop an open source library. Hey, there's plenty of them out there... let's pick OpenSSL as an example. It's open source and it's used in other projects, some of which are commercial or proprietary systems. Now assume that some company makes a proprietary, closed product built on that project as the core, but continue to contribute changes -- a heck of a lot of changes -- back to the original project as the develop. And then they release this as a beta.
Finally, let's say that someone finds a vulnerability in the proprietary project, a security issue with implications for the open source project. And instead of reporting the vulnerability to the proprietary folks (who would probably promptly generate a patch for both their tool and the underlying library, the person refuses to report the vulnerability to anyone and just says 'I found vulnerabilities, but I'm not telling you what they are.'
That's basically how WebKit/KHTML and Safari are tied together. Safari's just a UI atop an open source framework, WebKit, which Apple is the primary contributor to but which other people also contribute to, and which other projects (besides Safari and OS X) use. WebKit is used on Symbian OS, on Linux, and various other operating systems. And this guy is claiming to have found vulnerabilities which, given where they occur, seem to have implications for WebKit as well as Safari... and is refusing to give the details to either Apple, or to the WebKit development community.
You don't have to be an Apple 'fanboi' (or fangirl) to see that's not the way to handle security disclosures. If someone found several bugs in Firefox and said 'ZOMG I can crash Firefox or anything which uses the Gecko HTML engine. I can do it 100% of the time. But I'm not going to report the details to the Firefox team, so, nyah!' people would be up in arms about it.
Professional, good security researchers report things to the responsible parties, giving them the details necessary to fix it. Going, "Ha ha, I found a way to break your stuff but I'm not going to tell you how" is not only unprofessional, it's just downright immature.
Sure, lambaste Apple for releasing a beta/preview of something with bugs if you feel you must. But, please, don't bother trying to defend someone who basically makes a mockery of the entire security field.
--Rachel
I'm an avid Linux supporter, but I still think he's an arsewipe. He has to be the most unethical moron on the planet. For all we know the bugs are just another hoax to try and make this media whore look like somebody important. The amusing thing is that this is a BETA product. Let's see... beta's... wait, there's something about them... ummm... they are products for... ummm... TESTING. ZOMG! WHAT ARE BUGS DOING IN A PRODUCT THAT'S MEANT TO BE TESTED!!!111 I say - M$ fanboys, go get a clue - Linux fanboys, stop making linux users look as bad as the Mac zealots - Mac users, stop acting smug, pride comes before a fall.
I love how even tho it's painfully clear from the initial article that there will be no third party verification of these "bugs" and the information won't even be sent to the vendor (which for a fact demonstrates that the submitter has no one's best interests in mind), posters are virtually falling all over themselves to extrapolate near End Times disaster scenarios for a browser released less than 24 hours ago. I can also see that Artie McStrawman is getting a real beating in here, as he regularly does when Apple is the subject.
Fiat Homos et Pereat Theos
releasing software with remotely exploitable bugs to the general public to the fanfare of the press (release of safari is in all major news) by a large company is surely a more irresponsible act than a bug report about the said software.
To serve as a Windows development / testing platform for iPhone apps.
Comment removed based on user account deletion
Have you looked at BareBones Software's BBEdit (shareware) or TextWrangler (freeware, feature subset), I haven't used them for quite a while (moved to linux w/ scite/nano), but it really is a nice editor, it meets all your requirements except being OSS, and it uses a peculiar "Document Drawer and Navigation Bar" system, that looks and feels about the same as tabs (feature was added since I last used it much, can only say that people I know who use it seem to like it). I think all the specifically addressed features are in TextWrangler (=free).
Steve Jobs wondered while introducing Safari for Windows: "How good are we at bringing apps to Windows?"
After reading "4 DoS bugs and 2 remote execution vulnerabilities", I'd say: "Pretty good!"
- Otaku no naka no otaku, otaking da!!!
That's pretty much the equivalent of letting a guy who stole from someone go free because the victim shot someone else.
Hey its a windows app who gives a shit....What the hell do you expect with the apple devs writing code to the windows spaghetti hell api. I would be surprised if there were no bugs to exploit.
Camping on quad since 1996.
And you guys want to call yourself software engineers. How is it a structural engineer can make a bridge or skyscraper perfect every time with no bugs and you guys don't seem to be able to do it ever. Engineer my ass!
no, really, it is the other way around and we should, of course, let companies that release software with risky bugs off the hook, and tramp onto people who report those bugs.
both sides are at fault here, but the fault of the company that releases vulnerable software to the media fanfare is way bigger than the problem of the nobody who alerts the general public to the fault.
I have tried the browser in Windows XP Professional SP2 and all works perfectly fine for me. The browser is quick and responsive.
:(
Now it may be a beta, but the browser seams VERY buggy, too buggy to be a beta (according to other peoples testimonies, not my own experiences). I think apple has missed out on a great opportunity to gain market share here becuase there will be many people who have tried the browser, had major issues, and now will never go back. Yes I know it is a beta! (preempting the hoards).
I also think that the product was rushed to market, and that apple would never have released the browser in this condition had it not been for WWDC 07. I think they just could not get it to the point they would have wanted in time. And I agree with those above who have said the browser exists mainly for testing iPhone Apps in. Time will tell if they made the right decision here.
I would sugegst to anybody out there to wait a couple revisions before really trialling this application unless you are going to use it to connect to trusted websites you already know, or looking to develop for the iPhone.
Now where is my developer copy of Leopard. We non attending Apple Developer Select Members always get made to wait a couple months
Not sure about the software you develop.
Alpha would be when I've cobbled it all together and it works after a fashion.
Beta would be when I've ironed out any bugs I can find (or at least are aware of them and report them up front), so I then give it to other people to stumble across the obscure ones.
Now working on the assumption that Apple can code, which they certainly can - they must have been aware of serious issues and released anyway. I assume whatever Alpha code they were currently working on has been ripped from their hands and thrust onto the world to enable a certain somebody to make a big announcement. I also know if were them I wouldn't be too happy.
Alpha means features still missing
Beta means feature complete, blocker bugs remain
What you call "beta" is actually "release candidate"
Is it also disabled on OSX? Didn't check it at home, and at work no Mac present for beta purposes.
All those moments will be lost in time, like tears in rain. Time to die.
Every single dialog box and effect is Aqua style. Even though both OS X and Windows XP / Vista have theme engines meaning there should be absolutely no reason at all for doing this. The engines allow apps to render their controls in the native style irrespective of how they are implemented. It's why Firefox in its default skin looks like a Windows app on Windows, like a Mac app on a Mac and so on - because rendering is handed off to the theme engine. Same happens for Java too. But not Safari it seems.
Did they strip your Preview button too?
Right, majority of windows users in particular...
For me there are two types of hackers: 1) the ones who make something hard work (the original meaning of hackers I think and the one I prefer) 2) the second type are the guys who find out how something doesn't work. We are told there is a subgenre of this type of hacker, the "ethical genre", who report vulnerabilities to the community AND the original software developers. This guy's point seems only to bring publicity to himself and make Apple look bad on any case ... the non-disclosure issue is ridiculous.
Of course shooting the messenger is now +5 insightful, everyone here has seen the movie 300.
Or how about everyone stop treating their choice of operating system as a religion? Hmm?
I just read Slashdot for the articles.
That's a nice way to get karma! If you post a comment that you suspect is going to be modded insightful, remember to include some errrors, so you can post a correction and get some more positive moderation for the second comment! ;-)
(...waiting for this comment to be modded insightful)
Life is wet, then you dry.
Thor Larholm's vulnerability example crashes Safari 3 on Mac OS X too.
Pride goeth before destruction, and an haughty spirit before a fall. Proverbs 16:18
Quidnam Latine loqui modo coepi?
Sorry, which bit of World Wide Developer Conference are you having problems with?
http://erratasec.blogspot.com/2007/01/disclosure-e thics-apply-to-both-parties.html :/
up yours, fanboi
So when are you coming back for your second dose of moderation? Or do I get to steal them because I beat you to it? Informative surely *fingers crossed*
Strength through redundancy and over-design
Who would have thought.
And its irresponsible to not report them.
---- Booth was a patriot ----
Did you just really use the word rapscallion in a real world sentence?
Awesome.
An important change for education.
as per patriot act, you are not allowed to say the number one trading commodity is GOLD. Either not taxed, or taxed real real real low because of 'legal tender value' being $10 per $650 ounce coin.
So a tax of n % on $10 is better than $650
Customs might go, step aside sir if you have cocaine or large bags of cash, but GOLD, no problem, read the customs rules. Thanks for declration, next please....
Russia will tho give you some polinium in your sushi roll.
Liberty freedom are no1, not dicks in suits.
"Apple is hoping to replicate the success of iTunes"
Only this time around, iTunes downloads tunes from you!!
Not that I support certain portions of the patriot act... But I wonder if this guy is a U.S. resident, and if so, if this can be considered an act of terrorism. I mean he isn't causing panic in the streets, but he is causing a lot of, most likely unjustified concern without proper disclosure. (This is not meant to be a troll).
Michael J. Ryan - tracker1.info
I think the company you're looking for is Mirabilus. Mirabilus diluted the meaning of Beta. Thanks for playing.
I hate grammar Nazi's.
not to be mean but
It's a friggin BETA!!!!!
it's supposed to have bugs in it.
besides it's not like IE where the bugs are in the shipping version and part of it's core design.
i thought once I was found, but it was only a dream.
He notes in the blog that his company does not report vulnerabilities to Apple.
Wanker.
I can only assume that he sells the information to criminal organisations, thus making him a criminal wanker.
WANKER.
(this also applies to any person that doesn't have the decency to report issues to companies and allow them a grace period to fix the holes before releasing the information publically)
Since when is /. the real world?
May contain traces of nut.
Made from the freshest electrons.
Are hitting the "file bug" button on their new toy.
Because if you aren't, you're fucking obnoxious.
FYI: I just installed Safari on win 2000, and it works perfectly!
You've never used Safari on a Mac, have you?
Best Slashdot Co
Exactly. Given the complexity and sophistocation of today's browsers, these things ARE minor. Safari, if you include Konqueror/KHTML, has been in development for something like 10 years. I use konqueror every day, and it's easily complete enough for my needs, with some great features I can't get elsewhere.
Stability issues are to be expected on a beta of a port to a new platform. KHTML/Webkit is actually quite good in terms of rendering, so it's probably the sites that are broken, or again, some issue with a new platform.
And to add to that, we have no proof these are real bugs. Right now it's hot air from someone who has made false claims before (WiFi on the Intel Macs) and won't say what is broken. Until he actually tells Apple or the WebKit/khtml folks what the bugs are, there is no proof they are real. For example, how many exploitation bugs have been found in Windows Vista since its release? And remember the Safari on Windows is a beta release so is not expected to neccessarily be totally bug free.
Anything doesn't render. Anything that's bold doesn't render. Most italic text doesn't render. It's just not there. We've tried several sites on several computers, and the same thing all over. Slashdot's article titles? Not there. Ebay? Not a chance. Did they test this at all? The font aliasing hurts my eyes. I'm on XP, should I maybe upgrade to Vista? (tongue in cheek here, people)
I wonder why they even bother to make this "beta" public. On the first test of the first page there where show stopping bugs. Test over. Beta scrapped. Why???
Best browser in the world, according to Apple!
..because if he is not American, it's not terrorism, right? If not a troll, I hope this was a joke.
If he's at least in America, he might be prosecutable under the patriot act was all I was getting at. It pretty much is terrorism imho..
Michael J. Ryan - tracker1.info
THANK YOU! I'm reading all this crap and you've brought me back - they're SUPPOSED to be morons!
I found that the RSS subscription link was broken, but it's not a security problem.
Looks like releasing it as "beta" was a good way to find lots of little bugs, eh?
"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats
He sat down to try and break a beta release and he did it.
Woo hoo! What did he do the rest of the day, pull the wings off of house flies?
"Doesn't report vulnerabilities to Apple"
I believe that's French for "I was such a tool the last time nobody will talk to me"
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Don't listen to him he is a shill for DRM. Fucken tool!
Damn, I hadn't thought about that.
Hmm... maybe if I made the error less obvious? Or more personal?
By the way, did you know that my dog is called Safari?
Life is wet, then you dry.
Yes. Every application release ever by a large company was irresponsible. And why limit it to large companies? No software should ever have been released because they all contain bugs which could be exploited by hackers!
What Maynor does is absurd. We all know software has bugs. The developers must be held accountable. But you can't do that unless you tell them what the hell the bug is, because they can't fix the bug until you tell them what it is!
No, he was not.
Geez, if you really believe that whole Ou-invented idea that Apple somehow "orchestrated" a smear campaign against Maynor and got Dalrymple and Chartier to play along with them, you should stop reading zdnet and start reading a real news outlet. It's one of the most inane tech conspiracy theories I've ever heard.
This is stupid. Your claim that beta software should be released "without exploitable bugs" is asinine. Certainly we can discuss the number or severity of them - this would be useful, and a vendor could be criticized for a low quality release - but this is made impossible but the obscurity related to the claimed exploit. (And widely publicized history of dishonesty with this bug submitter.)
Short story: this is stupid.
As you might imagine, we are upset at Windows for not being more hardy against such attacks, and even more upset with David for exposing them...
"Fangrrl", please!
Don't be such a nrrrd!
This guy's the limit!
I like it so far. I was happy to see that a lot of the feature requests that I had sent in from my Mac were included in this new version of Safari.
I think that Apple is going to try and get users hooked on their UI and then point to all the cool features like WebClips that one can gain access to by switching to OS X.
I wouldn't even be suprised to see an OS X liveCD for PC users to try out sometime in the near future. Sure it'd be hacked to become an installable, but it woul probably get a lot of people who were ready to purchase a new computer to consider going with a Mac.
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
im in ur Safari, executing my shit...
It's disabled by default on OS X.
(IANAL)
So Maynor is part of the "opensource community" now? Or are you saying it's Apple's fault to use OS? Are you saying that opesource sucks?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
So does Dubya. But wait, is he a professional President or a professional politician?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Hey; I don't personally care if somebody claims to have found security bugs they won't share in a browser I won't personally be using. FF 3 alpha is more stable than the Safari I tried installing yesterday. I really don't think Safari is a 'browser' for all of us to adopt; When his 'Steveness' intro'd the iPhone and had no way for developers to introduce 3rd party apps, he had to figure out something. What I think we have here is a 'rush job' from Apple to drop us a browser (read Visual Studio for iPhone) so we can all develop pretty little apps for the thing. Personally, I don't care how many Windows bugs there are as it's kind of more interesting to wonder how many of these bugs are in iPhone... Drew.
So, can you buy an upgrade yet?
Ryan
Shit dude, gmail still fucks up and its been out of beta for a while. Sure everyone was using it but it was pretty beta-ish for a while there.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Slightly off topic, but does anyone else find it interesting that Apple has released Safari for windows, but you can't get the latest version for any version of OS X except the latest (10.4.9)? 10.3 has Safari 1, which has rendering bugs that were fixed in 2, but never backported. So basically if you want the newer, more accurate Safari, you have to buy a new copy of OSX, or a new Mac.
I'm not certain, but I don't think that there are technical reasons for not letting it run on older versions of OS X. Anyone know?
Saying your "phone ran out of batteries" is like saying your "car ran out of gas tanks".
Chinese characters rendered more ugly than Mozilla M18 build, if anybody still remember what Mozilla M18 was, the mozilla before alpha.
There is a spark in every single flame bait point.
(taken from Fear & Loathing in Las Vegas and transformed)
Hunter S. ThompsonOh God! Is that another web browser?!
Dr. Gonzo: THAT'S RIGHT! MUSIC!
Do you write software? Have you ever released software with bugs?
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Don't you mean Mirabilis?
You're welcome.
Also, that should be "Nazis."
I'm a web developer and am interested in cross validation, so I tried some of my drop down menus on one my my sites, seems safari only wants to listen to some of the 'onchange' events that the dropdown triggers. Without reloading the page I can click on a dropdown with the onchange event and it only work about 5 out of 7 times. Guess executing the javascript onchange event was faster than on IE if it happened in 0 seconds!
So by your rationale, that make Microsoft the most irresponsible company ever?
So by your rationale, that makes Microsoft the most irresponsible company ever?
You've found a bug in BETA software! You win a cookie! (baka!)
I've long complained bitterly about the lack of bug-ridden browsers available for Windows. Hopefully they'll bundle this with the next release of Vista.
... it just positions itself to the right of the screen. You can right-click the taskbar icon, select "Move", and then hold the left arrow to bring it back.
What bothers me more about it is that the keyboard shortcuts for minimize and maximize don't work (Alt+Space, N / Alt+Space, X).
My guess is both these bugs came about because Apple wanted to draw their own window title (and apparently haven't heard of WM_NCPAINT).
...is software that might have BUGS...Why is anyone surprised that it has bugs?
Dear lord, it's still a public BETA, of course there is bugs.... your talking about an inferior OS this thing is installing to. Give it time, it will rule supreme. :P
I just don't understand these days how telling people that software has bugs is news. Apple isn't promising it to be the most secure bug free browser ever are they? Same with IE, come on people, seriously. It's also beta software, so take it for what it's worth. Go get Firefox so at least bugs that get reported will get fixed in a timely manner.
--And sektor spoke and said unto the people. Hey, buttwipe hand me the cheezeos.
Anybody got this to run on WINE?
They unfortunately forgot that they were coding for Windows.
... Yeah? What does that mean?
You guys...It's just a beta.
...you can release a public beta and have have thousands of publicity whores do top notch security analysis of your beta for free?
OS independent path (IE Vista-friendly): %APPDATA%\Apple Computer\Safari\Preferences.plist
Everything created by Apple carries with it two automatic conclusions:
First, it's going to be a buggy and poorly designed piece of crap. But it's going to be fashionable, and should match your handbag quite well.
Second, no matter how bad it is, all the Apple zealots will love it, and proclaim it to be a perfect creation from the hand of God/Jobs.
So it's hardly surprising that people are finding bugs and security holes without even trying. And, it's hardly surprising that many people (especially on Slashdot) are knee-jerk defending Apple.
Terrorism: the unlawful use of -- or threatened use of -- force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives.
I don't see how he could be charged as a terrorist as his actions do not fit our legal definition. Now if being an asshole were illegal...
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
The security issues are not all that important to me, first because I am behind a firewall, and second, because when I installed it, Safari simply didn't work. It painted itself, but the menu text was invisible, as was all page content other than the copious ads.
Perhaps this is because I declined to install their Bonjour service, and the auto update stuff.
Bad design and test procedures. Uninstalled. Problem solved.
--- Bill
Safari on Windows is a BETA version. the intent of BETA versions is for uses to use it and report any problem. Problems (of all types) are to be expected. Looks like (may) he was found one problem.
Not really. Bugs are inevitable, and the bugs in question have yet to be confirmed. Yes, Safari has been getting a lot of press, but it is still clearly labeled as a beta product. After the Vista betas, most windows users should understand that "beta" means buggy, despite Google's efforts to the contrary.
This is the first public beta of a freshly-ported piece of software. I'd be surprised if there weren't some pretty major bugs. Apple's programmers probably don't have a ton of experience with making a Windows app secure. Is this reason to not release the software? Of course not. The term "beta release" exists for this purpose!
On the other hand, we have a "security expert" with a dubious reputation announcing the discovery of some pretty serious bugs. Strangely, he refuses to disclose the details to the public (sounds like MS's security practices). Furthermore, he brags about withholding the information from the developers. This destroys the credibility of his claims, and any reasonable person should doubt that he knows of any such bugs.
Apple's actions are clearly not irresponsible, or at least, no worse than standard practices for the software industry. Maynor's actions don't seem all that irresponsible either. Instead, the terms that come to mind are "grandstanding", "snake oil", and "astroturfing". Though perhaps that last term should be saved for you.
All those moments will be lost in time, like tears in rain. Time to die.
Yeah, you can also go digging through the .plist for it, and do it that way (probably how I'll do it next time). A few months ago, I enabled it with some CLI incantation I can't remember anymore.
(IANAL)
Stupid Google and their bug-free code. They're ruining it for everybody.
Cough cough it's in beta. Cough beta. Cough cough cough. Beta.
Too subtle?
For the love of God! Say it ain't so!
that on the whole, the IT security industry is NOT dangerous and irresponsible?
... that Apple probably has people that read Slashdot and Digg, the guy not informing Apple of the flaws is a non-issue. It's still going to get fixed by Apple faster than Microsoft would.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
There's even a freaking mailing list. If you're a security researcher, the companies you report to will either direct you to unhelpful people, marketing, etc., threaten you or ignore you. There are relatively few exceptions. Apparently, Apple HAS done this to him in the past. Also, if these are found with that little effort, it means that Apple's QA isn't quite up to par.
As for the "oh noes! he didn't tell Apple", I'm pretty sure they know. I mean, all of Slashdot knows about this bug, so what are you worried about? I think the whole world knows now. It's not like he's keeping them secret or something.
All this crap about "responsible disclosure" is only because companies got threatened by full disclosure. They used to ignore you or threaten you without exception and it was the only damn way to get them to pay any attention to security at all. You can't just sit on bugs forever, and blowing the lid off of them very early during a public beta is actually a good time to limit the actual impact: few will have installed it yet, and it will attract more attention.
I now return you to the Apple fanboy "oh noes! they made us look bad"-fest.
Beta
Thanks for the free debugging, guys.
This dude may have already told Apple what he did. From the license: "3. Consent to Use of Data. You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your computer, system and application software, and peripherals..." fnord. Brian
All right, thus he downloaded Safari for windows Beta, and instead of reporting the bug officially he makes buzz in his blog as if he was the ultimate security researcher for finding bugs in a BETA version!
I actually thought that part of using a Beta version of something was the responsibility to give as much feedback as possible guess I was wrong
He is actually acting foolishly this time since a more practical approach would have been waiting apple to keep the bugs in the retail release and then make the announcement ...
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
But people still listen to Maynor? Why?
I'm not picking specifically on Maynor here, but if you read his "OMG Apple was mean to me" whines enough, it eventually makes you want to stab one of those Errata Security bloggers in the eye with a lit cigarette or something.
The other reports, I'll buy - it's not like Apple's any stranger to bugs in their code - but Maynor, no. He's demonstrated that he just wants to play the "dig ME!" game instead of actually being professional.
Never give the petulant child the attention they want - it just encourages them.
"Stupid! Stupid stupid stupid stupid! I touched the hot wire right there - I'm an idiot!"
And "no longer supported" is the new gold.
"The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
No, it only indicates that a single person is dangerous and irresponsible.
If you mod me down, I shall become more powerful than you could possibly imagine.
DoS is also sometimes called "nasty crash". (Like the ones you get with Firefox fairly often.) I'd like to point out that when there is no 'service' involved, there cannot be a 'denial of service'. I don't think dumb browsing is a service in any way. (Perhaps someone has an idea on this ?)
My karma was already 'excellent'. I have no need for karma whoring.
/. stripped it, but it seems to have.
Meanwhile, the preview looked correct. I don't know why
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
most likely:
% defaults write apple.com.Safari IncludeDebugMenu 1
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Say wha?
Ok, I know you're an AC, and this is probably trollfeeding but where the hell did you get the DRM shill idea?
My suggestion to the record execs has to do with *removing* DRM by providing a far less restrictive alternative.
Unless you consider culpability for what you buy to be DRM. It's not; your rights are unrestricted, all my suggestion does is allow for a way for a person to be held accountable for their purchases.
Of course, there's the theft argument. But then, such a thing would have to be determined in a civil court. You know, like most things.
If a person reports the theft, he's cool. If he doesn't, he can just claim theft and the plaintiff would have to show that theft didn't happen. More likely is that a real pirate wouldn't even *buy* from an online store - they already don't.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Thought just occurred to me - is the anti-apple crowd really this desperate? They have to knock Apple because beta software has bugs?
It would be funny if it weren't so pathetic.
Also, I would note that Quartz (which renders fonts on modern Macs) also use subpixel font rendering; MS merely did it first.
The differences in font rendering between Windows and Mac are due to other reasons, which I explain here
What's purple and commutes? An Abelian grape.
This really does seem to be something that splits people. People who are used to the Windows way of rendering fonts hate the Mac way, and vice versa. I explain the differences here, but the short version:
Mac fonts are designed to look as close to identical on screen as they do when printed: the Mac font renderer (part of Quartz) doesn't force glyphs into exact pixel locations and mostly ignores hints, instead using antialiasing and subpixel rendering to render fonts as print-accurate as possible. Microsoft's core Windows fonts, on the other hand, are very heavily manually hinted at small to medium sizes for maximum legibility on-screen, even if this makes them look quite different to the same fonts in print or at larger sizes.
Again, some swear by the Mac way (particularly graphics designers etc. who need things on screen to look, as much as possible, the same on-screen as what they'll end up as in print), others prefer the Windows way. (Freetype on Linux, I believe, is in-between the two, but I think closer to the Mac way). I can well imagine that on a projector, where text obviously appears very large even at small font sizes and legibility isn't an issue, the Mac way will look better; but that's not to say the Windows way has no advantages.
What's purple and commutes? An Abelian grape.
The interesting part is that Thor's bug is in the way iframes handle URLs. This suggests that the code to parse and evaluate URLs is not uniform. That itself is a bad mark and is unlikely to be an underlying Windows bug. The problem with the lack of taint checking may be an API bug, but, in a cross platform browser, it may not be prudent to trust the platform API to do this reliably. I am paranoid, but I would normally generate specific test cases for this (to see if the underlying API works and see if it stops working from API release to release) and probably add my own library function to be linked in where needed (basic autoconf hell). It looks like they may have gone with paranoia in some cases but not others.
Additionally, Thor claims the exploit executes on OS X (albeit with a safer exec call). He is right that a general solution to external protocol handling and security needs to be developed or this general class of bug will keep cropping up in one place or another.
As for Maynor's handling of disclosure (or lack thereof) it is unprofessional and not helpful.
Well, the rest of that doesn't make any sense anymore.
I mean, seriously, the second paragraph of the license, which is presented in all-caps, boldface text, says: A company can't be blamed for people not bothering to read the contract -- it's not like the above is any kind of vague legalese.
Apple has taken every reasonable measure to ensure people know that this software carries risk - they call it a beta, they describe what that means in the license, etc.
However, this "security researcher" who claims to have found bugs (he probably did -- it is beta software), but refuses to share them with Apple, the WebKit project upon which Safari is based, or anyone else, is actively unprofessional. He's profiting by maligning a company (Apple) without presenting any hard evidence to anyone, and in so doing he's harming me and my fellow security professionals by devaluing the security research process.
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
March 23, 2004, although the details of how or why elude me.
I like basketball!!1!
...over half the population would then be locked up as a terrorist.
Power trip.
To cut Apple some slack here, "Any time you port your program to a different operating environment with different capabilities, you need to re-examine all the decisions you made about what's safe and what's not" isn't really a CS100 kind of lesson. But it isn't a grad school lesson either.
And Safari on Windows would really rock - while I like Firefox, having another serious competitor to IE is a Really Good Thing, especially since it'll decrease the amount of IE-Specific Windows-Specific web pages out there.
Unfortunately, I've had to learn over the years that having programming safety taught as part of the intro computer course was pretty much the exception rather than the rule back when I was in school also. But on the bright side, there are lessons from those days that we've been allowed to forget, like "punch cards suck"
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In all directions. I have to wonder... am I the only one that saw the word BETA on the download? People's mothers won't be reporting bugs on the software because people's mothers SHOULDN'T BE BETA TESTING. Those who find bugs in the software in its current form, because it is a beta, are bound by industry standard practice to report those bugs to the vendor, not hold them in some secret report to be exposed to the public later. If your company policy forbids you from telling the vendor what the bugs you've found are due to some past experience with their customer service, you shouldn't be evaluating their BETA SOFTWARE. Am I completely off base here? Has the IT industry changed the way it operates overnight?
Menus: Linux=function, Windows=vendor, OS X=as little as possible. Makes a statement, don't you think?
I run my home Windows box as multi-user - one login for me, one for my wife, and one for root - because I don't trust running Windows live on the internet with Admin privileges turned on. Unfortunately, iTunes doesn't work very well in this environment - I couldn't install it without admin privileges, so it decided to keep separate music directories for me and for root. I've been able to go in and mess with it to combine them, more or less, but it doesn't work very well and tends to forget that I did that any time I update iTunes.
I've also had some of the issues you've mentioned with Quicktime on Windows, but between Windows, Quicktime, and Mozilla's plugin frameworks, I'm not sure how much of that is because of Apple. (And I'm running Real Mozilla, not Firefox...) (Well, I've had one other Apple product that didn't Just Work, but it was an antique LC430 I bought for $2 off a pallet of dubious-condition machines acquired by a friend. I suspect it's the lithium battery or something, but it was an impulse buy and I haven't taken the time to troubleshoot it or spend more than the price of the system for the battery. I don't blame Apple for that
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Too bad - I'd really like to try Safari, and I'll put up with an occasional browser-crash exploit, but not a remote-execution exploit. After all, IE and even Mozilla have their own ways to crash, not even requiring malice on the part of the web page authors...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Er, um, you might call it that.
"Safari is another enticement for the Windows community to look at the Mac platform," says Van Baker, an analyst at market researcher Gartner. "If it can bring some new people into the fold, perhaps a few percentage points, that's goodness."
That's "goodness"? Ladies and gentlemen, my market analyst: the Sundance Festival groupie.
Agog with interest, I installed the beta version of Safari yesterday.
This morning, what do I find?
A pop-up box asking me if I want to download Quicktime & Itunes.
I most certainly didn't ask to be told about updates even to Safari, never mind any other Apple products. Is there any way to turn this crap off, or do I have to uninstall Safari? Or even after?
Bastards.
yes, definitely. wouldn't you agree?
well, i judge the companies as a user, not an employeee, and contracts like that one are the main reason why I think software companies need no slack. tell me which other engineering field lets you distribute a potentially harmful product AND get away with it? in the contract?
sheesh, if people can find several exploits on day one, that means they are pretty obvious exploits. pretty obvious exploits mean lack of quality control, whether it is Apple, Microsoft, your favourite gaming company or your favourite linux distro.
but go on denying the responsibility of software makers.
The exploit against airport seems to be real as far as I can tell... there were a bunch of youtube videos circulating showing that he actually hacked a machine with stock airport instead of a third party wireless card as he implied in the video, but the exploit itself seems real... after all a patch was issued that checks for malformed 802.11 frames...
If there's some real evidence that apple didn't get their bug from him, I'd like to see it. Most of the stuff on the web seems to merely point out that he *could* have faked the exploit video (indeed it would be easy to fake such a thing). They also point out that he was misleading about using a third party wifi card, possibly to make it clear that his hack wasn't apple specific (I'm unclear on the reason for this).
I'm not saying I'm some kind of expert on this guy, I'd never heard of him before you mentioned him, but some googleing suggests that he may have been legitimate, but was subject to a smear campaign by a bunch of people offended by the idea that he hacked a mac. I'd really like to see some conclusive information either way about his hack, preferably from apple.
Some of his other (unrelated complaints) against OSX seem to be legitimate in that OSX doesn't implement address space layout randomization and other features to break buffer overloy exploits which vista does. This seems like a reasonable complaint, or at least a reasonable feature request.
Once, in a debate round, I actually used the word defenestrate in a completely un-ironic sense. We were discussing inner-city schools, and my partner talked about how at one school lack of discipline was out of control, and how one principal was actually pushed out of his window. So when I got up there, I started with, "Madame Speaker, educational administrator defenestration is a serious concern facing our great nation today."
It was at least three minutes of laughter before the room settled down enough for me to continue.
Isn't it akin to yelling *FIRE* in a crowded building, or at the very least, knowing there is a bomb about to blow up a building and not reporting it?
Michael J. Ryan - tracker1.info
Fun Fact: My sig is a trap.
Have you ever seen Richard Stallman live? With a disk platter for a Halo and wearing a robe? At a Linux Conference? Standing on a table with his arms wide open proclaiming himself to be Saint Richard of the Church of Emacs?? That one?
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
- Write some software
- Test it until the developers are happy
- Give it to a broader internal user-base
- Launch a private beta (larger user-base)
- Launch a public beta (much larger user-base)
- Release software
At each stage until release, the goal is to find as many bugs as possible. You simply can't do that without letting a broad user-base test things out.Contrary to your belief, other engineering pursuits do follow that process, but often a "public beta" type of arrangement is simply too expensive.What's in question here is whether these exploits were actually found -- the supposed discoverer isn't sharing any information with anyone, so we really don't know if those flaws exist or not.
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
Firefox renders its own UI, rather than passing it on to Windows. Need proof? Run it on Windows 95 (with an updated comctl32.dll) or on Windows NT 3.51 SP5 (also with proper patches) or on NT 4.0. Notice how the menu bar behaves completely different than inside its own environment. No native app on 95 / NT looks like this.
Also check it out on XP. Right click on the scroll bar. There is no "Scroll Here" or other options.
Take a look here to see some examples of what I am talking about. A picture is worth a thousand words.
Surely, you must be referring to
Jesux ??
OK. Sorry- I won't call you surely anymore...
- Ze Laws ov Termodynamics? BAH!
Kelvin vas a fool!
Mit Hydrogen + Pinoqachole ve can break zes laws anytime!
Beta Version, people, Beta Version.
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
Nobody has mentioned this that I can see, but I get completely blank buttons. No text on them. I know there are buttons as they show outlines when I mouse over them. I can click and get the canned pages to load. I cannot enter any URL of my choice. Let's see what the release version brings.
http://www.trainsem.com/
Please, get some perspective, were talking about a web browser not getting a crowd of people killed.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Well, sir, I must point it out to you that is compleat bullshit. I have never heard of or seen a beta car available for testing, nor am I aware of one being offered to the general public. On the contrary, beta cars are tested by specially trained test drivers, whose job is to find them bugs. In fact, I haven't heard of any other item offered for beta testing, neither video, nor stereo, nor washing machine. The software companies use users as beta testers, and have the audacity to _advertise_ that on all media.
Also, when a car has a bug that has caused real trouble (which happens rarely enough), the car manufacturer can, and usually is sued, found liable, and pays hefty sums to the affected people.
The software companies, on the other hand, have cut themselves a sweet deal by having monkeys beta-test their junk, and blaming any problems on the users.
And, before you all tell me "there were no bugs", how come they "fixed" them like it says here?
For some reason, when I am using Safari on my computer (Windows XP SP2), and Safari is maximized, my taskbar cannot be accessed. I have my taskbar set to auto-hide, so this is possibly what is causing the problem (I haven't checked to see if turning auto-hide off will fix the problem, because frankly I'm too lazy, don't care, and I am not going to change my Windows settings to cater to Safari, as I am only using it to test it out and see what it's like. I have already decided to go back to Opera very soon). Either way, this is quite an annoying bug, and has accelerated my decision to return to using Opera so soon. It's too bad Apple couldn't have polished this release more before unwrapping it to the public. I am aware that it is a beta release, but I've used many different beta versions of browsers before that are far superior to this one. I've heard many reports of bugs, errors, faulty security, etc. with Safari that makes it seem almost on the same level as IE. Apple's bringing iTunes to Windows was a great idea that was executed well. I have used iTunes on Windows since day one, and I haven't been disappointed. It's sad that Apple couldn't repeat this success with Safari, since Safari is such a great browser on Mac OS X. When my new MacBook Pro finally ships, I will very happy to use Safari on it, but unfortunately I will have to wait until then, because on Windows I'm definitely sticking with Opera. And before I switched to Safari, I would switch to Firefox, which I still use a lot but not as my default browser.