Slashdot Mirror
Safari 3 Beta Updated, Security Problems Fixed
Llywelyn writes "Apple has released an update to the Windows Safari 3 Beta. According to Macworld the updates '...include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript [sic] exploit.' It is available through either the Apple Safari download site or through Apple's Software Update."
It's about time! ;) What took them so long!
-Daniel
Downloaded and tried to open websites in Chinese. The rendering is just horrible, unreadable and totally unacceptable. Texts are not where they should be. In this sense, this Safari is even not as good as IE 4, which could display such webpages well. I heard that, (didn't try), Safari could not open most webpages in non-western languages.
I'm your average rabid Apple fan, but surely they had to have a fix at least this fast to keep from looking stupid. I doubt they'll be as quick in the future.
they haven't fixed all the vulnerabilities yet.
In the interest of having a viable stable platform for iPhone development, they're going to have to keep up this quick turnaround on defect resolution. As someone mentioned a couple of days ago when Win Safari was first released, they're also going to have to work really hard for this software to compete with other browsers (which many think it can't). While I agree that it's an impressive turnaround, for Apple's sake, I hope they can keep up the momentum.
Just don't fill in that field. :P
Er, you don't have to give an e-mail address to download it, just to sign up.
Leave the box blank and the check-box ticked and it still downloads.
Konqueror's Win32 release will be as big a disaster.
"it's likely to just disappear and not make it back onto my machine the next time I reinstall Windows."
How often do you have to reinstall Windows?
I am not a big Windows fan but I go years between reinstalls without any problems.
I only do a reinstall when I get new System or a new Drive.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
If you hate it so much why did you enter your email address? It's not required.
Developing a browser for Windows will be quite a test for Apple and the Safari developer community. Is Apple trying to get a larger user community (even tens of percents), or just making it possible for web developers easily test their servers for Safari? In any case, if Apple can survive in this market, they are in an interesting position - partner with Google, and offer their own services for Windows users perhaps?
Now if they would just fix the problem that some people (including myself) are having where no text shows up anywhere in the application and you can't type in any of the text input fields (kind of hard to use a browser when you can't type in an address).
Now can they make it not suck?
the COMMUNITY would have had it fixed
and fixed WAY faster copyleft knockoff $Apple$
I, for one, refuse to acknowledge the EXISTANCE of closed source browsers.
Live Free or Die
I think the reason's pretty simple: companies like Google have been abusing the "beta" moniker lately. The betas I've seen from Apple (including Safari and earlier, Quicktime 7) have been more consistent with what I would consider a beta: they mostly work and are useful for testing, but still have significant problems.
Perhaps what they might have done is require an Apple Developer Connection account to download instead of making it available through general release.
...is there for a reason.
Though I really would prefer vulnerabilities fixed asap, I can see the reason for Patch Tuesday, especially for non-0day exploits.
Safari 3.0.1, however, is just damage control.
Having Safari available on Windows removes the 'Apple Only' hardware requirement for any company who wants to develop Web 2.0/AJAX applications that run on the iPhone which opens Safari development to a much much larger pool of developers.
* 7.97% - Other Anyone have a download link to the latest version of Cowboy Neal? I'd post it again, but I don't want to receive another DMCA takedown notice.
If they've carried the keystrokes over from the Mac version, it'll be Cmd+Shift+[ and Cmd+Shift+], which on windows would be Ctrl+Shift+[ and Ctrl+Shift+]
OK. Here is what I think. I use Safari as my main browser on my Mac which I use for all personal computing. It's a nice browser. I started using it to try it, and I've stuck with it. I'm happy with it for the most part.
Now I've tried it on Windows. It's cute. Even if it was perfect, it wouldn't replace FireFox because at this point I'm addicted to FlashBlock on my work PC. Things I use often have annoying flash ads and the computer isn't that fast in the first place. I'm glad it's there, and if I was going to switch to the Mac (like I did 2 years ago) being able to download it and try it may have been nice.
As for bugs, the only one I've noticed is that it doesn't handle my multi-monitor setup well. I haven't used it for more than a few seconds though (due to that). The problem is that when I put it on my secondary monitor (the left one, just FYI) then maximize it, Safari disappears. It still exists, it is maximized to the left of the left monitor, where it would be if a third monitor to the left of the left one existed. It doesn't seem to handle mouse clicks right in this state either some times. But when non-maximized, it works perfectly on either monitor. Works fine maximized on the main monitor as well.
It would be useful for testing websites (something I often have to do) for, but I always have my Mac next to me so it's not that critical for that.
It's a decent browser. When it gets out of beta I expect it to get a few points of market share (maybe Opera sized, or a little smaller). I don't expect it to kill FireFox; and I'm amazed at all this "Safari is buggy!" stuff since it is a BETA. Google (and others) seem to have ruined that word in the mainstream, as many people don't seem to know that it should be translated as "This software probably has problems and will crash on you, possibly losing data". Google's betas are often quite stable (and that's not too surprising as GMail has been out for a few years now). This is a real beta.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
I think Apple just wants a solid #3 Browser Spot. That way when people test their webpages they will check 3 browsers IE, Firefox, Safari. Before safari for windows Web Developers needed a Mac to test Safari. Thus making #3 Opera. With with the bulk of Mac People using Safari and a modest Windows people (because once it is finalize it will be shipped with Quicktime and iTunes.) So some people will try it and like it better then IE. So it could be a solid #3 and probably more tested for compatability on web pages... Now with websites better designed for Safari it would make the migration to Macs one more step simpler. (fear of compatibility of web pages) I doubt that Apple has plans to make a profit with Safari for windows but more of a case to make sure they don't get left out in the loop. Apple is realistic, they realize not everyone wants or will get a Mac. But they feel if more people given the choice they would actually prefer one. Offing Safari, iTunes, QuickTime for Windows makes sure that these are also well supported to in real life allowing apple to maintain control on the global standards. Otherwise companies of new technologies could forget about Apple. Say make a codex that there is no QuickTime port. or a webpage that doesn't work with Safari. It is all about keeping control on their interests.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Fixing the security issues may help in keeping Apple from looking foolish, but security is not the real problem with Safari for Windows. The real problem with Safari for Windows that Apple should be putting focus on is the user experience.* It's horrendous. Slow window redraws, completely broken Windows conventions, a total lack of extensibility, and on and on.
As a web developer, I'm pleased as punch that they've released a Windows version of Safari that renders pixel-for-pixel the same as the OS X version (it really does, I checked). However, Safari on Windows is not even in the running as far as being a candidate as a full-time browser on Windows. The user experience is simply too painful.
* I didn't say they should not focus on security. They most definitely should.
First: complex software written for use on a wide variety of configurations WILL HAVE BUGS. I just don't see any way around it. This has nothing to do with competition. OS X in the past 2 months has had a huge number of patches, hasn't it? That too, with a BSD based kernel and a much smaller hardware base.
Second: Not every bug is a showstopper. Even if a bug is found after code freeze, it might be better to release a patch separately. You know, like those "errata" sheets of paper in books.
When a patch is released the vulnerability *has* to be disclosed! That means sysadmins would run around trying to keep systems up to date the whole month.
I agree that more out of cycle patches should be released for serious vulnerabilities that are being exploited, but I see nothing wrong with the Patch Tuesday method otherwise.
But you already get simplicity, speed, and security with Opera.
No wait...
:-p
But maybe it's just as good to not have any sensationalist headlines to mislead you?
Beware: In C++, your friends can see your privates!
I think this is BS. Tried running Safari at work and with a simple proxy, every time I enter anything and press OK, the program crashes. Then I press Cancel and cannot browse. By going to Edit => Preferences, the ability to change Proxy Settings has been disabled.
I give the Safari Browser a 0/10 for now. There's also the annoying issue of closing the application behind it when clicking in the corner of the screen when it's maximized. It doesn't close Safari, but whatever window was behind it. I've done this 2-3X.
I have a Macbook, so I'm not Apple, but I'm saying Safari is a POS from my perspective right now.
This sig donated to Pater. Long live
Best advertisement for OS X I've seen all day. :P
Calling them "bugs" is a way for us to avoid blame for making mistakes, either in the code itself or in the processes we use to plan and implement that code.
Calling an error a "bug" makes it sound like it could have crawled in there on its own. ("Gee, I don't know how that bug got in there. I'll fix it.")
It didn't just crawl in there on its onw, and its not a feature or a bug, its a mistake, pure and simple. And someone made it.
We (hopefully) learn from our mistakes. Labelling them "bugs" makes it less likely we'll take personal responsibility for them; hence more likely to make the same mistake the next time than if we were honest with ourselves and said "I screwed up - that's a mistake."
Sure, calling it a bug might sooth our egos (we don't have to admit we made a mistake - the program is just "buggy"), but really, are our egos that easily bruised that we can't own up to our mistakes?
Kevin Smith on Prince
I've not used Ubuntu, but I imagine she'd think 'the stupid machine's broken again. I'd better call my grandson and get him to fix it,' just as she would when her Windows machine or Mac broke.
I am TheRaven on Soylent News
I've used it on Windows XP Pro. A friend has been using it on Vista. Neither of us can find a single thing wrong with it in 2 days of browsing (even to my bank, the acid test of browsers). The LA Times reviewer recommends it. ComputerWorld praises it. But here on Slashdot about all I see are people giving it a thumbs down. Am I seeing a bit of bias here? Someone direct me to a web page that Safari 3 on Windows XP renders horribly. Please, I wanna see.
If I didn't have absolutely NOTHING to do, I wouldn't be here.
I've read elsewhere about that awful blurry text problem, compared to what FF & IE render in Windows. So I fired them both up side by side, to the same page, and I see exactly what you mean. It IS blurry! In fact, it is so blurry it no longer looks like it's been printed on a dot matrix printer. Really, viewing the two side by side, I cannot believe that anyone can read the pixelated FF page better than the font-smoothed Safari page. It ain't blurry, it's just got the jagged corners removed. Much more readable in my opinion.
If I didn't have absolutely NOTHING to do, I wouldn't be here.
It's not so much that Apple wants developers to test their websites in Safari as much as it is they want to give Windows developers a WebKit platform in which to test web apps, since apps will be running in Safari on the iPhone.
"Sufferin' succotash."
Apple renders fonts to match the accuracy of the glyphs so that they resemble what they would look like in print, important for desktop publishing. Windows happily renders fonts inaccurately so that they're 1-pixel thin and packed into a pixel grid.
"Sufferin' succotash."
The problem here lies in the XML file Safari generates for listing all your system fonts.
Look here (for XP): C:\Documents and Settings\YOUR NAME HERE\Local Settings\Application Data\Apple Computer\Safari\Fonts.plist
You can edit this file and hack in the basic Internet fonts you need, or try plugging in the Fonts.plist file from a machine that did display the fonts correctly.
The apple forums are saying if you have thousands of fonts installed it's probably the cause of the problem.
Here is my hacky solution file if you need a starting point.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Names</key>
<dict>
<key>Lucida Grande</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande.ttf</string>
<key>Lucida Grande Bold</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande Bold.ttf</string>
<key>Lucida Grande Bold.ttf</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande Bold.ttf</string>
<key>Arial</key>
<string>C:\WINDOWS\Fonts\arial.ttf</string>
<key>Arial Bold</key>
<string>C:\WINDOWS\Fonts\ARIALBD.TTF</string>
<key>Arial Italic</key>
<string>C:\WINDOWS\Fonts\ARIALI.TTF</string>
<key>Arial Bold Italic</key>
<string>C:\WINDOWS\Fonts\ARIALBI.TTF</string>
<key>Verdana</key>
<string>C:\WINDOWS\Fonts\verdana.ttf</string>
<key>Verdana Bold</key>
<string>C:\WINDOWS\Fonts\verdanab.TTF</string>
<key>Verdana Italic</key>
<string>C:\WINDOWS\Fonts\verdanai.TTF</string>
<key>Verdana Bold Italic</key>
<string>C:\WINDOWS\Fonts\verdanaz.TTF</string>
<key>Times New Roman</key>
<string>C:\WINDOWS\Fonts\times.ttf</string>
<key>Times New Roman Bold</key>
<string>C:\WINDOWS\Fonts\timesbd.ttf</string>
<key>Times New Roman Italic</key>
<string>C:\WINDOWS\Fonts\timesi.ttf</string>
<key>Times New Roman Bold Italic</key>
<string>C:\WINDOWS\Fonts\timesbi.ttf</string>
<key>Helvetica</key>
<string>C:\WINDOWS\Fonts\HVL_____.TTF</string>
<key>Courier New</key>
<string>C:\WINDOWS\Fonts\COUR.TTF</string>
<key>Tahoma</key>
<string>C:\WINDOWS\Fonts\tahoma.TTF</string>
</dict>
</dict>
</plist>
http://erratasec.blogspot.com/2007/06/niiiice.htm
...but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX... These dumb fanboys....