Slashdot Mirror
Apple Safari On Windows Broken On First Day
An anonymous reader writes "David Maynor, infamous for the Apple Wi-Fi hack, has discovered bugs in the Windows version of Safari mere hours after it was released. He notes in the blog that his company does not report vulnerabilities to Apple. His claimed catch for 'an afternoon of idle futzing': 4 DoS bugs and 2 remote execution vulnerabilities." Separately, within 2 hours Thor Larholm found a URL protocol handler command injection vulnerability that allows remote command execution.
report vulnerabilities to Apple because he is a total fsckwad loser attention hound.
Thanks for the news about the vunerabilities, Paris Maynor.
guns kill people like spoons make Rosie O'Donnell fat.
... it's a beta version.
They call it beta for a reason...
Its still in beta.
I mean, you kind of expect there are going to be some bugs...this is a Good Thing and the reason you release a public beta, (in addition to getting buzz) you can shake out the bugs.
Sig removed because it was obnoxious
Um, beta.
Bugs in the first public beta release!
:/
Who would've thought it!
Incidentally, it doesn't seem to like authenticating proxies at all, so my first experience with it was a bug too
However, making a big deal of, but not reporting bugs found in a beta release of something seems more than a little silly.
Advanced users are users too!
I am SHOCKED!
Bugs in a beta version of a program thats being incredibly heavily scrutinized by everyone looking for something to crow about!?
That's unpossible!
-Hmm...I got a G+ invite, better remember to remove the request from my sig...-
I'm not surprised. Apple really doesn't write more secure code, they just have a lower market share and thus aren't as much of a target.
And alot of their success at security on Mac OS is just them inheriting some of their security from the BSD kernel which I'm positive beats the hell out of the Windows kernel in terms of security.
OK the system requirements say that you need OS X 10.4.9, 256MB RAM, and 50 meg of disk space.
I'm running 10.4.9, 1.25 GB RAM on a Powerbook G4, have 18 GB spare on my HD, yet the installer says:
"You cannot install Safari Beta 3 on this volume. This volume doesn't meet the requirements for this update."
Anyone else getting this error? Anyone know of a workaround? How can you tell why the installer is stopping?
I am artificially intelligent.
And...when Safari reaches, oh, say, 10% ~ 20% of the level of breach-possibles that any of the current IE clients are facing, let us know, eh?
Until then, the mud on the carpet came in on your shoes, not mine.
Wait - someone found bugs in a public beta?
it is still more secure than MSIE.
I prefer the "u" in honour as it seems to be missing these days.
it's beta, report the bugs
There was an unknown error in the submission.
YOU GAY ASS APPLE FANBOYS BEND OVER AND FUCK EACH OTHER IN THE ASS WITH STEVE JOBS ANUS LUBE, WHO THE FUCK WOULD USE THIS CRAP ON WINDOWS?
Important Stuff
Please try to keep posts on topic.
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
If you want replies to your comments sent to you, consider logging in or creating an account.
Problems regarding accounts or comment posting should be sent to CowboyNeal.
keep stuff in beta :P
....tonight? :)
*stretch* *yawn*
Time for bed. I know I'll be sleepin while they be codin.
Camping on quad since 1996.
The quote is "an afternoon of idle _fuzzing_". As in fuzz testing.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Remote code execution 2.5 times faster than FF on windows!
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I've never tried Safari before. Haven't had any major problems with it on XP so far.
However, I'm desperate to have a bookmark sidebar. I can see all my bookmarks in the Bookmarks menu. Also the Bookmarks Bar works fine. I can Show All Bookmarks to display them all in a page. How can I have a bookmark sidebar like Firefox or IE? Thats the only way I normally surf!
I actually use the nice Menu Editor add-on in Firefox to hide the Bookmarks menu. Since I never used it.
isnt this the point of betas....to find bugs?
why is this news?
Mikey
I've always been the kinda guy to fall for the girl dressed like an eskimo.
I was actually looking forward to try this browser out, but to my surprise, I could not even make it work.
The installation was smooth without any unexpected bumps on the road. First when I loaded the program, I noticed that no menu fonts nor any fonts whatsoever on the web pages existed. To make it worse, the browser would crash every time I clicked on anything with interactivity, such as the stop button. I have read quite a few solutions to this problem but so far no success. I run Win XP SP2, btw.
Anyway, there are more problems around the corner. According to the Apple forum, people can't play Windows Media files, dual monitor support is very buggy, some buttons screw up the GUI when pressed down and dragged, loads of spontaneous lockups, random letters appearing everywhere, installation problems, parental control issues and more.
Also, I am not a big fan of customized GUI:s for crucial applications like a web browser. We should be able to use Windows ClearType instead of the ported OSX version (which sucks), and most importantly, we should be able to use the standard Windows themes. I don't get why Apple thinks the average Windows user would want a significantly altered browser that looks nothing like the rest of the operating system he or she is using. How would Mac users react if Internet Explorer was ported with the Windows theme?
I think it looks like a promising project, but I am worried because it's not in Apple's nature to release beta software with so many bugs and so little heart put into it.
Full Tilt
..."that you should expect bugs in a BETA"
Come on. You have to admit remote execution of any cmd is pretty bad even for a beta. This ain't your run of the mill bug, like a UI glitch or rendering type of bug. It makes the beta unusable and thus not a very useful beta. (Unless you're testing how your own trusted website looks under Safari.)
Camping on quad since 1996.
But I won't be trying it since other Apple products like iTunes and Quicktime still run like crap on Windows.
Thanks but no thanks.
Apple includes CoreFoundation.dll and CoreGraphics.dll, which have the same exports as the OSX frameworks.
Therefore it's possible to use the OSX CoreFoundation and CoreGraphics headers to link to the Windows DLLs natively and create native Windows "psuedo-OSX" apps.
I believe CoreFoundation.dll has been around with WebObjects for Windows NT for a while, but I think CoreGraphics.dll is a new Apple "release" (I remember some anger over Apple not porting CoreGraphics when WebObjects/NT first came out).
I've documented some of what I've poked around today (just a screenshot and simple description for the moment) at http://pages.brianledbetter.com/
bugs on a safari trip.
ror?
I just installed it and fired it up on XP. Resizing the browser window takes 4 seconds on a 3 GHz P4 with 1 Gig of Ram. I am not joking. In terms of UI sluggishness nothing beats apple software. Not even Java Swing. It's absolutely horrendous. Save your selves the trouble and skip this browser. Truly nothing to see here.
Your pizza just the way you ought to have it.
... but the first thing that I thought of was that here you have an app (Safari) that works perfectly fine on Macs; as soon as it gets ported to Windows, BAM, instantly full of vulnerabilities. Would Apple go so far as to break their own product to deface an opponent in the OS arena?
Aikon-
I wonder how many of those vulnerabilities are actually Safari/KHTML code and how many of those are Windows vulnerabilities.
IIRC, Firefox had that "URL protocol handler command injection" vulnerability (or something around those lines, correct me if I'm wrong) a few years ago and FF developers said it was the way Windows handles protocols. In the end, they had to change the way URLs are handled inside FF to prevent Windows from catching it.
The http://wunderground.com/ site has multiple functions that cause a MS error message, which I don't allow to send information to MS, and then it closes the browser. I used the bug report feature in the browser when I restarted it.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
Seems to disappear when I maximize it on my second monitor. Lets see if reporting bugs via the menu actually works.
It is also pig slow, hopefully because it is a debug build.
bugs in the Windows version of Safari mere hours after it was released. 4 DoS bugs and 2 remote execution vulnerabilities, a URL protocol handler command injection vulnerability that allows remote command execution.
GOD HELP US ALL!
Then again, it is a beta.
Slashdot = -1 Redundant, Asperger, kdawson FUD, Libertarian, and Linux
Ummm. It's beta. or didn't you notice that.
the command exploit is actually due to inherent problems with the gopher protocol, not safari's handling of it. IE had the same problem (MS eventually removed gopher support entirely to fix it). Firefox/mozilla/netscape had the same problem (they now run a url sanitizer which breaks some legal urls, but nobody uses gopher anyhow). Despite his claim contrary, the bug is in windows/firefox's handling of command line arguments. Yeah, apple could sanitize it or disable gopher altogether.
This is completely outrageous. Betas aren't allowed to have bugs! For the love of God they could ruin us all!
Wow, a company releases a product that puts their customers in danger, and boo-hoo, the fanbois go after the whistleblowers. How about the professionalism of Apple developers/testers/managers?
These things are worth a lot. Spammers, governments, mobsters... all will pay. You even get your choice of payment method:
*euros
*credit card numbers
*yuan
*underage virgins
*dollars
*shekels
*death to your enemies
*rubles
*pounds, British money
*pounds, crack cocaine
Just be sure to not rip off the buyer. Most of the buyers have nasty ways to kill you. Some of them have polonium. Some of them have penis pills.
the first versions of those were so stable though?
(so stable that many of us used Mosaics until maybe 10 years ago, when netscape 4.0 came out)
“Common sense is not so common.” — Voltaire
Mac: Hello, I'm a Mac... ...and I'm a PC.
PC:
Mac is looking through a small viewfinder, looking very absorbed
PC: Hey Mac.
Mac: Yeah?
PC: What are you doing?
Mac: I'm browsing the internet with Safari.
PC: I do the same thing with IE.
Mac: You should try Safari. It's fast, secure, and easy to use.
Mac hands the viewfinder to PC
PC: Oh, thanks.
PC looks into the viewfinder and keels over, dead
Mac shrugs
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
That's an amazing prediction. I guess we'll all have to wait until Apple actually releases Safari (as opposed to this preview) to see if it comes true. Methinks it unlikely as that's kinda the point of releasing a beta, especially at a developer's conference.
It's a beta you fucking idiot!
You all deserve a refund, how much was Safari again?
“Common sense is not so common.” — Voltaire
news at 11.
Google.com takes 45 seconds to load. CNN.com, several minutes for just the text to load (haven't seen any images yet), I have yet to see the safari home page fully load. It has now been about 8 minutes since i started the browser and the home page is still loading and has a blank screen. OK CNN just finished loading 12 minutes later. Slashdot, about 2 minutes for just the text, and about 5 minutes for the whole page. (And yes, i've tried restarting/rebooting several times)
This is all on a 7 mbit cable connection, using Firefox, CNN.com, or mostly any other page for that matter, takes about 3 seconds or less to fully load, including all the flash animated ads. So figuring there must be something wrong with my PC, I install safari on my laptop. Nope! Same results. I upgrade ITunes, thinking there might be some strange dependency on the latest version of quicktime, but no difference. I disable my (software) firewall, and antivirus.. and again nothing.. still watching the grass grow faster than the page loads... Anyone else experience this?
because I'm using the browser as a development tool, not as my general purpose browser. Sure, FF has its own problems, but why expose yourself with a beta browser out in the wild?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
For what it's worth - I discovered the proxy feature is broken. Once you enter your user name and password, the browser crashes (Windows XP).
Need an ISP in South Africa?
Steve Jobs speaking at the Safari release:
"We think Windows users are going to be really impressed when they see how fast and intuitive web browsing can be with Safari"
I think Windows users are going to be impressed that the quality of Windows applications is so much higher than those with Mac -- I don't even believe this, but it sure as hell is what Mac is asking for!
And to all those Mac fanbois that have been posting the same idea ad nauseum: "oooh bugs in a beta, no surprise!", you need a serious reality check. Small bugs exist even in most production applications. These are basic security vulnerabilities that make Safari dangerous to use on windows, and the actual bug reports piling in lead one to believe that it's a barely usable application (display/font/screen/memory problems amongst others).
All I see here is something that is most definitely not beta quality
It works well enough to test webpages for Macs, yeah?
Then I really don't give a flying fsck about its security. Let Mac fanboys deal with their newfound exposure. I use FFox as my primary browser on my PC, Mac, and Linux box. There's something to be said about 'consistent development environment'.
No, seriously. I'd use my Mac a lot more if there was a reasonably lightweight OSS code editor for it. There's not, so I don't.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
For a browser, to have "easily" testable major bug like remote execution, something which should have been caught a bit before. I disagree totally with the way this security "researcher" handled the bugs, but I also totally disagree taking off the slack because this is a beta. Bug found so quickly by testing a few known vulnerability in browser is something bad. With a big B. Smell of lack of security testing pre-beta.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I downloaded, installed and tried it. Yes, it works just fine, but I can't see anything that would cause me to switch from FF. It looks like a good stable browser, another alternative to IE, which is a good thing.
Nice try, but it can simply mean he's good enough to get paid in the trade he professes to be skilled in.
I'm not even going to tell you to look it up. I don't believe you don't know the definition of the word. You're just ignoring it. How professional.
The secondary definition that you're trying to restrict the term to is simply marketing hype by "professionals". Like professional roofers.
This just in, nasty bugs were quickly discovered in the public beta of a newly ported app. Disappointment of outrageous expectations has now led to the death of several men living in their mothers' basements.
It is assumed Apple realized this devastating "beta" because they hate freedom and want the terrorists to win... and they've now won.
We will try to stay on top of this developing critical story.
My god have mercy on us all.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
I just installed it on a few machines to test and it crashes on every PC when I try to authenticate against my proxy.
The messenger says something along the lines of:
"The Trojans are going to attack tonight. There'll be at least five cohorts, but I can't tell you where there coming from, or the time of the attack, because you know, that'll spoil all the exciting fun."
Geez folks, this is not an unheard of realization. IT'S BETA!
From what I can tell, Apple is jumping on the consumer bandwagon (or trying to)--it seems they're trying to increase the Webkit install base to raise the "awareness" factor for iPhone's web engine. From the sessions I went to today, it seems Apple is really pushing for Web 2.0 development. I was surprised by this--for a developer conference specifically for Apple's OS, there was this weird, eerie spell cast by the presenters for pushing web apps.
The vibe amongst the attendees is a weird mix of disbelief and bewilderment. Safari for Windows was not the big deal Steve was hoping it would be. In fact, most of the conversations I've overheard are pretty critical of this direction.
I don't think Apple is serious about competing for market share against FF or IE on Windows. I think they're offering the development platform based on Webkit so that web developers can make sure their code looks OK on the iPhone. Webkit-iness seems to be the only development platform for iPhone Apps.
Or, maybe Steve is starting to drink his own Kool-Aid.
I might know what I'm talkin' about, but then again, this is Slashdot...
1) crashes when prompting for authentication to isa server 2004 2) cannot set proxy server manually through edit -> prefences , it is greyed out so i havent even been able to browse the web on it yet. and it's a shame too, mainly because i'm a mac user so it was nice to think i would have safari at work while i do my system admin work..
didnt the wifi hack that he had turn out to be a hoax anyways and he put up a retraction in the smallest place on the web he could find and added the no search bot.txt file so no one could find it with google...
(yes i know i suck at spelling fell free to correct my grammar and/or spellin i dont care, im still not going to change
I hate that bookmarks sidebar, when I sit at one of my users desks to work on their computers it takes everything I have to not close that damn thing if it's open.
I don't know why I despise it, especially how most of the time the browser window is maximized, and many of these users have widescreen LCD's so there's plenty of real estate for the real webpage that is being displayed. I do see it's utility, but there is something so asthetically displeasing to me with that large white bar on the left side of the page. I could go on and on...
Ocean is land, covered with water.
Bwahahahaha!!! Isn't this just typical Apple programming?
Apple has a long and proud tradition of creating the worst, buggiest, most egregious abortions to ever be called applications on the Windows platform. Why break their perfect record with Safari? It just wouldn't be right.
Looks like the MOAB wasn't a fluke. EVERY month is a Month of Apple Bugs!
Safari, if maximised to the second head on my Windows machine, disappears completely. Anyone else seen this?
Even though there's a link to the add-on, Sun Java fails to work for me in Safari. But natch the flash ads work great.
-Kinsey
One of the benefits of getting beta access to new software is that third party developers can get an early idea what they will have to do to be compatible with the real stuff when it arrives. Some of us consider it valuable to have access to the early versions to get a wider window of opportunity.
You live with beast, you have to howl...
I love how even tho it's painfully clear from the initial article that there will be no third party verification of these "bugs" and the information won't even be sent to the vendor (which for a fact demonstrates that the submitter has no one's best interests in mind), posters are virtually falling all over themselves to extrapolate near End Times disaster scenarios for a browser released less than 24 hours ago. I can also see that Artie McStrawman is getting a real beating in here, as he regularly does when Apple is the subject.
Fiat Homos et Pereat Theos
To serve as a Windows development / testing platform for iPhone apps.
Comment removed based on user account deletion
Have you looked at BareBones Software's BBEdit (shareware) or TextWrangler (freeware, feature subset), I haven't used them for quite a while (moved to linux w/ scite/nano), but it really is a nice editor, it meets all your requirements except being OSS, and it uses a peculiar "Document Drawer and Navigation Bar" system, that looks and feels about the same as tabs (feature was added since I last used it much, can only say that people I know who use it seem to like it). I think all the specifically addressed features are in TextWrangler (=free).
Steve Jobs wondered while introducing Safari for Windows: "How good are we at bringing apps to Windows?"
After reading "4 DoS bugs and 2 remote execution vulnerabilities", I'd say: "Pretty good!"
- Otaku no naka no otaku, otaking da!!!
Hey its a windows app who gives a shit....What the hell do you expect with the apple devs writing code to the windows spaghetti hell api. I would be surprised if there were no bugs to exploit.
And you guys want to call yourself software engineers. How is it a structural engineer can make a bridge or skyscraper perfect every time with no bugs and you guys don't seem to be able to do it ever. Engineer my ass!
I have tried the browser in Windows XP Professional SP2 and all works perfectly fine for me. The browser is quick and responsive.
:(
Now it may be a beta, but the browser seams VERY buggy, too buggy to be a beta (according to other peoples testimonies, not my own experiences). I think apple has missed out on a great opportunity to gain market share here becuase there will be many people who have tried the browser, had major issues, and now will never go back. Yes I know it is a beta! (preempting the hoards).
I also think that the product was rushed to market, and that apple would never have released the browser in this condition had it not been for WWDC 07. I think they just could not get it to the point they would have wanted in time. And I agree with those above who have said the browser exists mainly for testing iPhone Apps in. Time will tell if they made the right decision here.
I would sugegst to anybody out there to wait a couple revisions before really trialling this application unless you are going to use it to connect to trusted websites you already know, or looking to develop for the iPhone.
Now where is my developer copy of Leopard. We non attending Apple Developer Select Members always get made to wait a couple months
Not sure about the software you develop.
Alpha would be when I've cobbled it all together and it works after a fashion.
Beta would be when I've ironed out any bugs I can find (or at least are aware of them and report them up front), so I then give it to other people to stumble across the obscure ones.
Now working on the assumption that Apple can code, which they certainly can - they must have been aware of serious issues and released anyway. I assume whatever Alpha code they were currently working on has been ripped from their hands and thrust onto the world to enable a certain somebody to make a big announcement. I also know if were them I wouldn't be too happy.
Alpha means features still missing
Beta means feature complete, blocker bugs remain
What you call "beta" is actually "release candidate"
Every single dialog box and effect is Aqua style. Even though both OS X and Windows XP / Vista have theme engines meaning there should be absolutely no reason at all for doing this. The engines allow apps to render their controls in the native style irrespective of how they are implemented. It's why Firefox in its default skin looks like a Windows app on Windows, like a Mac app on a Mac and so on - because rendering is handed off to the theme engine. Same happens for Java too. But not Safari it seems.
For me there are two types of hackers: 1) the ones who make something hard work (the original meaning of hackers I think and the one I prefer) 2) the second type are the guys who find out how something doesn't work. We are told there is a subgenre of this type of hacker, the "ethical genre", who report vulnerabilities to the community AND the original software developers. This guy's point seems only to bring publicity to himself and make Apple look bad on any case ... the non-disclosure issue is ridiculous.
Thor Larholm's vulnerability example crashes Safari 3 on Mac OS X too.
Pride goeth before destruction, and an haughty spirit before a fall. Proverbs 16:18
Who would have thought.
And its irresponsible to not report them.
---- Booth was a patriot ----
as per patriot act, you are not allowed to say the number one trading commodity is GOLD. Either not taxed, or taxed real real real low because of 'legal tender value' being $10 per $650 ounce coin.
So a tax of n % on $10 is better than $650
Customs might go, step aside sir if you have cocaine or large bags of cash, but GOLD, no problem, read the customs rules. Thanks for declration, next please....
Russia will tho give you some polinium in your sushi roll.
Liberty freedom are no1, not dicks in suits.
"Apple is hoping to replicate the success of iTunes"
Only this time around, iTunes downloads tunes from you!!
He notes in the blog that his company does not report vulnerabilities to Apple.
Wanker.
I can only assume that he sells the information to criminal organisations, thus making him a criminal wanker.
WANKER.
(this also applies to any person that doesn't have the decency to report issues to companies and allow them a grace period to fix the holes before releasing the information publically)
Are hitting the "file bug" button on their new toy.
Because if you aren't, you're fucking obnoxious.
FYI: I just installed Safari on win 2000, and it works perfectly!
You've never used Safari on a Mac, have you?
Best Slashdot Co
Exactly. Given the complexity and sophistocation of today's browsers, these things ARE minor. Safari, if you include Konqueror/KHTML, has been in development for something like 10 years. I use konqueror every day, and it's easily complete enough for my needs, with some great features I can't get elsewhere.
Stability issues are to be expected on a beta of a port to a new platform. KHTML/Webkit is actually quite good in terms of rendering, so it's probably the sites that are broken, or again, some issue with a new platform.
Anything doesn't render. Anything that's bold doesn't render. Most italic text doesn't render. It's just not there. We've tried several sites on several computers, and the same thing all over. Slashdot's article titles? Not there. Ebay? Not a chance. Did they test this at all? The font aliasing hurts my eyes. I'm on XP, should I maybe upgrade to Vista? (tongue in cheek here, people)
I wonder why they even bother to make this "beta" public. On the first test of the first page there where show stopping bugs. Test over. Beta scrapped. Why???
Best browser in the world, according to Apple!
I found that the RSS subscription link was broken, but it's not a security problem.
Looks like releasing it as "beta" was a good way to find lots of little bugs, eh?
"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats
He sat down to try and break a beta release and he did it.
Woo hoo! What did he do the rest of the day, pull the wings off of house flies?
"Doesn't report vulnerabilities to Apple"
I believe that's French for "I was such a tool the last time nobody will talk to me"
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Well I blame MS. I put a defective by desing tag on. Also, a haha tag. I boot up my linux, use lynx and blame the world, because it's not ready for linux. but o-seven is still the year of linux desktopZ-Z-Z THOUGH!!!!11!eleven
No, he was not.
Geez, if you really believe that whole Ou-invented idea that Apple somehow "orchestrated" a smear campaign against Maynor and got Dalrymple and Chartier to play along with them, you should stop reading zdnet and start reading a real news outlet. It's one of the most inane tech conspiracy theories I've ever heard.
As you might imagine, we are upset at Windows for not being more hardy against such attacks, and even more upset with David for exposing them...
I like it so far. I was happy to see that a lot of the feature requests that I had sent in from my Mac were included in this new version of Safari.
I think that Apple is going to try and get users hooked on their UI and then point to all the cool features like WebClips that one can gain access to by switching to OS X.
I wouldn't even be suprised to see an OS X liveCD for PC users to try out sometime in the near future. Sure it'd be hacked to become an installable, but it woul probably get a lot of people who were ready to purchase a new computer to consider going with a Mac.
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
im in ur Safari, executing my shit...
Hey; I don't personally care if somebody claims to have found security bugs they won't share in a browser I won't personally be using. FF 3 alpha is more stable than the Safari I tried installing yesterday. I really don't think Safari is a 'browser' for all of us to adopt; When his 'Steveness' intro'd the iPhone and had no way for developers to introduce 3rd party apps, he had to figure out something. What I think we have here is a 'rush job' from Apple to drop us a browser (read Visual Studio for iPhone) so we can all develop pretty little apps for the thing. Personally, I don't care how many Windows bugs there are as it's kind of more interesting to wonder how many of these bugs are in iPhone... Drew.
So, can you buy an upgrade yet?
Ryan
Slightly off topic, but does anyone else find it interesting that Apple has released Safari for windows, but you can't get the latest version for any version of OS X except the latest (10.4.9)? 10.3 has Safari 1, which has rendering bugs that were fixed in 2, but never backported. So basically if you want the newer, more accurate Safari, you have to buy a new copy of OSX, or a new Mac.
I'm not certain, but I don't think that there are technical reasons for not letting it run on older versions of OS X. Anyone know?
Saying your "phone ran out of batteries" is like saying your "car ran out of gas tanks".
Chinese characters rendered more ugly than Mozilla M18 build, if anybody still remember what Mozilla M18 was, the mozilla before alpha.
There is a spark in every single flame bait point.
(taken from Fear & Loathing in Las Vegas and transformed)
Hunter S. ThompsonOh God! Is that another web browser?!
Dr. Gonzo: THAT'S RIGHT! MUSIC!
I'm a web developer and am interested in cross validation, so I tried some of my drop down menus on one my my sites, seems safari only wants to listen to some of the 'onchange' events that the dropdown triggers. Without reloading the page I can click on a dropdown with the onchange event and it only work about 5 out of 7 times. Guess executing the javascript onchange event was faster than on IE if it happened in 0 seconds!
You've found a bug in BETA software! You win a cookie! (baka!)
I've long complained bitterly about the lack of bug-ridden browsers available for Windows. Hopefully they'll bundle this with the next release of Vista.
... it just positions itself to the right of the screen. You can right-click the taskbar icon, select "Move", and then hold the left arrow to bring it back.
What bothers me more about it is that the keyboard shortcuts for minimize and maximize don't work (Alt+Space, N / Alt+Space, X).
My guess is both these bugs came about because Apple wanted to draw their own window title (and apparently haven't heard of WM_NCPAINT).
...is software that might have BUGS...Why is anyone surprised that it has bugs?
Dear lord, it's still a public BETA, of course there is bugs.... your talking about an inferior OS this thing is installing to. Give it time, it will rule supreme. :P
I just don't understand these days how telling people that software has bugs is news. Apple isn't promising it to be the most secure bug free browser ever are they? Same with IE, come on people, seriously. It's also beta software, so take it for what it's worth. Go get Firefox so at least bugs that get reported will get fixed in a timely manner.
--And sektor spoke and said unto the people. Hey, buttwipe hand me the cheezeos.
Anybody got this to run on WINE?
... Yeah? What does that mean?
You guys...It's just a beta.
...you can release a public beta and have have thousands of publicity whores do top notch security analysis of your beta for free?
Everything created by Apple carries with it two automatic conclusions:
First, it's going to be a buggy and poorly designed piece of crap. But it's going to be fashionable, and should match your handbag quite well.
Second, no matter how bad it is, all the Apple zealots will love it, and proclaim it to be a perfect creation from the hand of God/Jobs.
So it's hardly surprising that people are finding bugs and security holes without even trying. And, it's hardly surprising that many people (especially on Slashdot) are knee-jerk defending Apple.
The security issues are not all that important to me, first because I am behind a firewall, and second, because when I installed it, Safari simply didn't work. It painted itself, but the menu text was invisible, as was all page content other than the copious ads.
Perhaps this is because I declined to install their Bonjour service, and the auto update stuff.
Bad design and test procedures. Uninstalled. Problem solved.
--- Bill
Safari on Windows is a BETA version. the intent of BETA versions is for uses to use it and report any problem. Problems (of all types) are to be expected. Looks like (may) he was found one problem.
For the love of God! Say it ain't so!
that on the whole, the IT security industry is NOT dangerous and irresponsible?
... that Apple probably has people that read Slashdot and Digg, the guy not informing Apple of the flaws is a non-issue. It's still going to get fixed by Apple faster than Microsoft would.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
There's even a freaking mailing list. If you're a security researcher, the companies you report to will either direct you to unhelpful people, marketing, etc., threaten you or ignore you. There are relatively few exceptions. Apparently, Apple HAS done this to him in the past. Also, if these are found with that little effort, it means that Apple's QA isn't quite up to par.
As for the "oh noes! he didn't tell Apple", I'm pretty sure they know. I mean, all of Slashdot knows about this bug, so what are you worried about? I think the whole world knows now. It's not like he's keeping them secret or something.
All this crap about "responsible disclosure" is only because companies got threatened by full disclosure. They used to ignore you or threaten you without exception and it was the only damn way to get them to pay any attention to security at all. You can't just sit on bugs forever, and blowing the lid off of them very early during a public beta is actually a good time to limit the actual impact: few will have installed it yet, and it will attract more attention.
I now return you to the Apple fanboy "oh noes! they made us look bad"-fest.
Beta
Thanks for the free debugging, guys.
This dude may have already told Apple what he did. From the license: "3. Consent to Use of Data. You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your computer, system and application software, and peripherals..." fnord. Brian
All right, thus he downloaded Safari for windows Beta, and instead of reporting the bug officially he makes buzz in his blog as if he was the ultimate security researcher for finding bugs in a BETA version!
I actually thought that part of using a Beta version of something was the responsibility to give as much feedback as possible guess I was wrong
He is actually acting foolishly this time since a more practical approach would have been waiting apple to keep the bugs in the retail release and then make the announcement ...
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
But people still listen to Maynor? Why?
I'm not picking specifically on Maynor here, but if you read his "OMG Apple was mean to me" whines enough, it eventually makes you want to stab one of those Errata Security bloggers in the eye with a lit cigarette or something.
The other reports, I'll buy - it's not like Apple's any stranger to bugs in their code - but Maynor, no. He's demonstrated that he just wants to play the "dig ME!" game instead of actually being professional.
Never give the petulant child the attention they want - it just encourages them.
"Stupid! Stupid stupid stupid stupid! I touched the hot wire right there - I'm an idiot!"
No, it only indicates that a single person is dangerous and irresponsible.
If you mod me down, I shall become more powerful than you could possibly imagine.
DoS is also sometimes called "nasty crash". (Like the ones you get with Firefox fairly often.) I'd like to point out that when there is no 'service' involved, there cannot be a 'denial of service'. I don't think dumb browsing is a service in any way. (Perhaps someone has an idea on this ?)
Thought just occurred to me - is the anti-apple crowd really this desperate? They have to knock Apple because beta software has bugs?
It would be funny if it weren't so pathetic.
Also, I would note that Quartz (which renders fonts on modern Macs) also use subpixel font rendering; MS merely did it first.
The differences in font rendering between Windows and Mac are due to other reasons, which I explain here
What's purple and commutes? An Abelian grape.
This really does seem to be something that splits people. People who are used to the Windows way of rendering fonts hate the Mac way, and vice versa. I explain the differences here, but the short version:
Mac fonts are designed to look as close to identical on screen as they do when printed: the Mac font renderer (part of Quartz) doesn't force glyphs into exact pixel locations and mostly ignores hints, instead using antialiasing and subpixel rendering to render fonts as print-accurate as possible. Microsoft's core Windows fonts, on the other hand, are very heavily manually hinted at small to medium sizes for maximum legibility on-screen, even if this makes them look quite different to the same fonts in print or at larger sizes.
Again, some swear by the Mac way (particularly graphics designers etc. who need things on screen to look, as much as possible, the same on-screen as what they'll end up as in print), others prefer the Windows way. (Freetype on Linux, I believe, is in-between the two, but I think closer to the Mac way). I can well imagine that on a projector, where text obviously appears very large even at small font sizes and legibility isn't an issue, the Mac way will look better; but that's not to say the Windows way has no advantages.
What's purple and commutes? An Abelian grape.
Power trip.
To cut Apple some slack here, "Any time you port your program to a different operating environment with different capabilities, you need to re-examine all the decisions you made about what's safe and what's not" isn't really a CS100 kind of lesson. But it isn't a grad school lesson either.
And Safari on Windows would really rock - while I like Firefox, having another serious competitor to IE is a Really Good Thing, especially since it'll decrease the amount of IE-Specific Windows-Specific web pages out there.
Unfortunately, I've had to learn over the years that having programming safety taught as part of the intro computer course was pretty much the exception rather than the rule back when I was in school also. But on the bright side, there are lessons from those days that we've been allowed to forget, like "punch cards suck"
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In all directions. I have to wonder... am I the only one that saw the word BETA on the download? People's mothers won't be reporting bugs on the software because people's mothers SHOULDN'T BE BETA TESTING. Those who find bugs in the software in its current form, because it is a beta, are bound by industry standard practice to report those bugs to the vendor, not hold them in some secret report to be exposed to the public later. If your company policy forbids you from telling the vendor what the bugs you've found are due to some past experience with their customer service, you shouldn't be evaluating their BETA SOFTWARE. Am I completely off base here? Has the IT industry changed the way it operates overnight?
Menus: Linux=function, Windows=vendor, OS X=as little as possible. Makes a statement, don't you think?
I run my home Windows box as multi-user - one login for me, one for my wife, and one for root - because I don't trust running Windows live on the internet with Admin privileges turned on. Unfortunately, iTunes doesn't work very well in this environment - I couldn't install it without admin privileges, so it decided to keep separate music directories for me and for root. I've been able to go in and mess with it to combine them, more or less, but it doesn't work very well and tends to forget that I did that any time I update iTunes.
I've also had some of the issues you've mentioned with Quicktime on Windows, but between Windows, Quicktime, and Mozilla's plugin frameworks, I'm not sure how much of that is because of Apple. (And I'm running Real Mozilla, not Firefox...) (Well, I've had one other Apple product that didn't Just Work, but it was an antique LC430 I bought for $2 off a pallet of dubious-condition machines acquired by a friend. I suspect it's the lithium battery or something, but it was an impulse buy and I haven't taken the time to troubleshoot it or spend more than the price of the system for the battery. I don't blame Apple for that
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Too bad - I'd really like to try Safari, and I'll put up with an occasional browser-crash exploit, but not a remote-execution exploit. After all, IE and even Mozilla have their own ways to crash, not even requiring malice on the part of the web page authors...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Er, um, you might call it that.
"Safari is another enticement for the Windows community to look at the Mac platform," says Van Baker, an analyst at market researcher Gartner. "If it can bring some new people into the fold, perhaps a few percentage points, that's goodness."
That's "goodness"? Ladies and gentlemen, my market analyst: the Sundance Festival groupie.
Agog with interest, I installed the beta version of Safari yesterday.
This morning, what do I find?
A pop-up box asking me if I want to download Quicktime & Itunes.
I most certainly didn't ask to be told about updates even to Safari, never mind any other Apple products. Is there any way to turn this crap off, or do I have to uninstall Safari? Or even after?
Bastards.
The exploit against airport seems to be real as far as I can tell... there were a bunch of youtube videos circulating showing that he actually hacked a machine with stock airport instead of a third party wireless card as he implied in the video, but the exploit itself seems real... after all a patch was issued that checks for malformed 802.11 frames...
If there's some real evidence that apple didn't get their bug from him, I'd like to see it. Most of the stuff on the web seems to merely point out that he *could* have faked the exploit video (indeed it would be easy to fake such a thing). They also point out that he was misleading about using a third party wifi card, possibly to make it clear that his hack wasn't apple specific (I'm unclear on the reason for this).
I'm not saying I'm some kind of expert on this guy, I'd never heard of him before you mentioned him, but some googleing suggests that he may have been legitimate, but was subject to a smear campaign by a bunch of people offended by the idea that he hacked a mac. I'd really like to see some conclusive information either way about his hack, preferably from apple.
Some of his other (unrelated complaints) against OSX seem to be legitimate in that OSX doesn't implement address space layout randomization and other features to break buffer overloy exploits which vista does. This seems like a reasonable complaint, or at least a reasonable feature request.
Firefox renders its own UI, rather than passing it on to Windows. Need proof? Run it on Windows 95 (with an updated comctl32.dll) or on Windows NT 3.51 SP5 (also with proper patches) or on NT 4.0. Notice how the menu bar behaves completely different than inside its own environment. No native app on 95 / NT looks like this.
Also check it out on XP. Right click on the scroll bar. There is no "Scroll Here" or other options.
Take a look here to see some examples of what I am talking about. A picture is worth a thousand words.
Surely, you must be referring to
Jesux ??
OK. Sorry- I won't call you surely anymore...
- Ze Laws ov Termodynamics? BAH!
Kelvin vas a fool!
Mit Hydrogen + Pinoqachole ve can break zes laws anytime!
Beta Version, people, Beta Version.
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
Nobody has mentioned this that I can see, but I get completely blank buttons. No text on them. I know there are buttons as they show outlines when I mouse over them. I can click and get the canned pages to load. I cannot enter any URL of my choice. Let's see what the release version brings.
http://www.trainsem.com/
For some reason, when I am using Safari on my computer (Windows XP SP2), and Safari is maximized, my taskbar cannot be accessed. I have my taskbar set to auto-hide, so this is possibly what is causing the problem (I haven't checked to see if turning auto-hide off will fix the problem, because frankly I'm too lazy, don't care, and I am not going to change my Windows settings to cater to Safari, as I am only using it to test it out and see what it's like. I have already decided to go back to Opera very soon). Either way, this is quite an annoying bug, and has accelerated my decision to return to using Opera so soon. It's too bad Apple couldn't have polished this release more before unwrapping it to the public. I am aware that it is a beta release, but I've used many different beta versions of browsers before that are far superior to this one. I've heard many reports of bugs, errors, faulty security, etc. with Safari that makes it seem almost on the same level as IE. Apple's bringing iTunes to Windows was a great idea that was executed well. I have used iTunes on Windows since day one, and I haven't been disappointed. It's sad that Apple couldn't repeat this success with Safari, since Safari is such a great browser on Mac OS X. When my new MacBook Pro finally ships, I will very happy to use Safari on it, but unfortunately I will have to wait until then, because on Windows I'm definitely sticking with Opera. And before I switched to Safari, I would switch to Firefox, which I still use a lot but not as my default browser.