Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

Posted by Zonk on from the you-have-chosen-poorly dept.

recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.

80 of 368 comments (clear)

  1. It has begun... by muffen · · Score: 4, Funny

    Guess this article was right!

    1. Re:It has begun... by Divebus · · Score: 5, Funny

      "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Damn! Now, where did I put those Apple stickers?
      --

      Most of the stuff on /. won't survive first contact with facts.
    2. Re:It has begun... by muffen · · Score: 3, Insightful

      If you say so, but Apple doesn't make you download iTunes or Safari. You don't have to buy an iPod. This is a different situation to Windows and IE.
      If you want to continue that logic, you don't have to buy a computer at all, or any electronics for that matter. In fact, you could be a naturalist and live without even clothes.

      Not that I dislike apple more now then I did before I RTFA, which is to say I have a fairly neutral view on them, but if you look at a lot of articles lately I do believe that in general, they are a little less liked now then they were when they initially released the iPod.

      Anyways, going back to the article, I think the EULA is just a mistake and believe they will correct it. It does however bring up a valid point about the usefulness and legalities around EULA's.
    3. Re:It has begun... by MMC+Monster · · Score: 2, Insightful

      The EULA issue is a red herring. The real problem is they pushed Safari to everyone who has iTunes. Most individuals who are not tech-savy will install Safari, given the option.

      If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers.

      --
      Help! I'm a slashdot refugee.
    4. Re:It has begun... by Mattsson · · Score: 4, Insightful

      Also, if you do choose to buy an ipod, you don't have to use itunes.
      You don't even have to use apple-firmware in your ipod. There's an upgrade-firmware that makes itunes totally obsolete.
      It's not available for all ipod-models yet though...

      All in all, though, an installer that offers the option of installing irrelevant software (like installers that offer "google toolbar" or "Safari" or "superduper spywareinstaller") should have that option unselected as default.

      --
      /.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
    5. Re:It has begun... by elrous0 · · Score: 4, Insightful
      Considering Apple's notorious heavy-handedness in their software updates and the aggressive way their software "takes over" your computer when installed, I wouldn't install a piece of Apple software on my computer if you put a gun to my head (I'd as soon install Realmedia player). I used to put Quicktime on my system, but I got so tired of putting up with that sneaky turd (would NOT let you completely uninstall it, insisted on always running in the background no matter what you did to stop it, would try to sneak its way back into your registry even if you deleted its entries, aggressively took over neutral file types, would constantly try to trick you into installing iTunes too, etc.) that I finally refused to even install that much (I use "Quicktime alternative").

      Anyone who installs Apple software had better be prepared to join the cult, otherwise stay the hell clear of it.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    6. Re:It has begun... by AvitarX · · Score: 5, Interesting

      The EULA is not a red herring.

      People are having software that they have no license to use being automatically installed on their systems. I would think a term like that is not valid (non-obvious terms may not be valid in the US), but if it does hold, they will have millions of people in the US infringing on their IP. If they decide they are desperate and start suing (not likely any time soon) there are a lot of potential targets.

      This is like the RIAA giving away MP3s on their website, saying "you agree to listen to this on only RIAA approved devices". When you suddenly have millions of people acting innocently illegally using your product it is not good for them.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    7. Re:It has begun... by mini+me · · Score: 2, Funny

      It is just a oversight. They forgot to change the EULA

      So, I think we can safely assume that they just forgot to change the same clause in the EULA for OS X also.
    8. Re:It has begun... by grahamd0 · · Score: 5, Funny

      If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers.

      Good god, man! We've got to get them back on Internet Explorer!

    9. Re:It has begun... by bpsbr_ernie · · Score: 3, Funny

      I was thinking the same thing. Perhaps, they will push OSX out in the next iTunes update.

    10. Re:It has begun... by RetiredMidn · · Score: 3, Insightful

      If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers.

      So first we have to have a user who is unaware of what Safari is or careless enough to not uncheck the box in Apple Software Update. It seems highly unlikely to me that many of the users who download Safari without thinking about it are going to go looking for it in the Programs menu and launch it. And it's not vulnerable if it's not running.

      It was silly and wrong for Apple to leave the box checked by default, but this is not a big problem, and it's not going to become one.

    11. Re:It has begun... by MrNaz · · Score: 4, Insightful

      The security issues isn't the real problem here, all software has them from time to time.

      Oh blow me. Can you imagine the shitstorm of a comment thread that would result from this exact same thing being the result of MS's doing? The massive gaping security hole *is* a big deal, it is not made less so just because Apple did it and not MS.

      And what the hell are you talking about with MS giving guidelines? You mean like, MS should give you guidelines on what you should and should not do with your PC? Dude, seriously, where the hell did you come up with your ideas?

      --
      I hate printers.
    12. Re:It has begun... by RareButSeriousSideEf · · Score: 2

      There is no "just an oversight" when it comes to legal documents, as a good lawyer once drummed into my skull. The stupid, obvious thing you don't correct before you sign a legal document is the stupid, obvious thing you're legally liable for afterward. IANAL, but I'd bet that the fact that Apple installed it on one's system might be a defense for the violation, but in and of itself wouldn't really seem to nullify the EULA. Who is to say which the oversight is... one of not changing the EULA to include PCs, or not changing the updater program to exclude them?

      Since this is an EULA, it is perhaps not a proper signed contract per se, and its enforceability is more dubious.

      Also, in fairness, TFA is about both the EULA and the security vulnerability, so OP is on-topic.

      --
      Pi Ran Out
    13. Re:It has begun... by swb · · Score: 3, Funny

      When the very first Blue & White PowerMacs came out, the print studio at the ad agency I worked for was totally pumped for their machines -- they had been sucking it up using beige G3s and even older PPC Macs.

      Since my job was prepping the machines for install in the studio, I decided to pimp the studio people by putting an "Intel Inside" logo over the Apple logo; of course the machine was for the Mac zealot in the group who was super pissed that the logo was there and that he couldn't figure out how to remove it.

      I caught hell for doing it, primarily because it took major surgery and a ton of time to put the stupid thing in there and I didn't get some other tasks accomplished.

    14. Re:It has begun... by erc · · Score: 4, Funny

      I used to work for Sun back in the early 90's, when Linux was first getting off the ground. We had finally gotten X to run under Linux, and so I figured I'd see what it would do on a 386SX/25 laptop with 16MB of RAM. It was pretty slow, but as long as I wasn't doing anything it was fine. When the screensaver kicked in, I saw the traditional Sun logo, and that gave me an idea for a prank.

      I went down to engineering and got one of the old metal Sun logos, the ones that used to be on the front of Sun-2 boxes, and put it over the logo of the laptop, fired it up in my office, and waited for the first victim to wander by. A while later, one of the senior software developers walked into my office to ask me something, and spied the laptop with the Sun logo and the screensaver running with the Sun logo on it. "How'd you get a Sparc laptop? I didn't think they were in production yet!" I have lots of friends ... [chuckle]...

      It didn't take long for the prank to be found out, but it sure was fun for a while... :)

      Reminds me of the time that I got Wine running under A/UX (Apple's version of UNIX, SVR4 flavor) - I was working for Apple at the time, and it was fun to see people's faces when they'd come by and see the Windows logo on the screen on what was obviously a Mac, but that's a story for another time. Sure was a fair bit of work, but it worth the prank value... :)

      --
      -- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
    15. Re:It has begun... by TheoCryst · · Score: 2, Informative

      If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers. Fortunately, simply installing Safari doesn't make it the default browser. I'm not saying that I support what Apple did, but I think that people are having a bit of a knee-jerk overreaction here.
      --
      Warning: Contents May Be Flammable. Keep Out Of Reach Of Children.
    16. Re:It has begun... by Zonk+(troll) · · Score: 5, Informative

      Considering Apple's notorious heavy-handedness in their software updates and the aggressive way their software "takes over" your computer when installed, I wouldn't install a piece of Apple software on my computer if you put a gun to my head (I'd as soon install Realmedia player). I used to put Quicktime on my system, but I got so tired of putting up with that sneaky turd (would NOT let you completely uninstall it, insisted on always running in the background no matter what you did to stop it, would try to sneak its way back into your registry even if you deleted its entries, aggressively took over neutral file types, would constantly try to trick you into installing iTunes too, etc.) that I finally refused to even install that much (I use "Quicktime alternative").


      Anyone who installs Apple software had better be prepared to join the cult, otherwise stay the hell clear of it.

      I agree with that, but if you need Qucktime support in, say, an organziation there is a way around that without using Quicktime Alternative.

      Download the installer. Run cabextract on it. You'll get the following files:

      AppleSoftwareUpdate.msi
      QuickTime.msi
      QuickTimeInstallerAdmin.exe

      Only install Qucktime.msi. Delete the others. Just do msiexec /qn /i Qucktime.msi.

      Then run this registry file:


      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"=-


      Make sure to delete the shortcuts so users can't bring it up. Doing it this way will let the browser plugins work, and also enable software that uses quicktime to work (lots of educational software uses it) without being hostile to your system. It will only take the quicktime file extensions this way.
      --
      "The Federal Reserve is a fraudulent system."--Lew Rockwell
      End The FED. -
    17. Re:It has begun... by Garse+Janacek · · Score: 2, Informative

      The EULA is not a red herring. ... If they decide they are desperate and start suing (not likely any time soon) there are a lot of potential targets.

      Oh, come on. That's not just farfetched, it's ridiculous. First of all, the scenario you describe is impossible just because of the issue that they pushed this update out themselves. Even if they did become this "desperate" (because of people illegitimately using their free web browser? Well, whatever), no judge in the world would listen to a suit like that. But, more importantly, the point you really seem to be missing is that this is just a stupid goof on Apple's part. This wasn't an issue of "We only want Safari to run on Apple computers. Oops! We accidentally pushed it out to Windows users who should never have it -- we'd better sue to keep them from using it." It was "We want everyone to run / have access to Safari. Oops! We sent out the wrong EULA that doesn't apply to this group of people."

      As GP says, insofar as there is an issue here, it is one of security. The EULA issue serves to slightly reinforce how ridiculous click-through licensing is, but it is not an ominous sign of Apple's legal scheming.

      --

      I am the man with no sig!

    18. Re:It has begun... by MMC+Monster · · Score: 4, Informative

      To call rockbox an upgrade firmware is streching the truth a bit. Limited support for video, limited support for album art, and cluttered UI are real issues for individuals that want their players to "just work".

      Mind you, I last installed it about 4 months ago. I'll try again if people say it's much better now.

      --
      Help! I'm a slashdot refugee.
    19. Re:It has begun... by eck011219 · · Score: 5, Insightful

      Look at it another way. You have a Mac, and you run Office. Somewhere during the routine update process, some new, not-ready-for-primetime version of IE gets installed and is set as your default browser.

      The issue is in part that Safari is not related to iTunes or Quicktime. There's no reason to believe that by installing music software, the manufacturer will also push a browser to you.

      All this will do is piss people off and make them turn off automatic update options, which will eventually result in some flaw in iTunes or Quicktime being less widely patched. It was not a capital crime, but it was dumb and irresponsible of Apple.

      And the EULA thing is just funny. What with the ample fleet of lawyers they have in Cupertino, I'm surprised ANYTHING gets out without a full legal vetting. Software gets out with bugs, but EULAs don't typically get out without great scrutiny.

      --
      It is pitch black. You are likely to be eaten by a grue.
    20. Re:It has begun... by mrbluze · · Score: 5, Funny

      Anyways, going back to the article, I think the EULA is just a mistake and believe they will correct it. It does however bring up a valid point about the usefulness and legalities around EULA's.

      Any EULA is basically saying:

      • This software is mine, so piss off!
      • If you use it, it's your stupid fault, so piss off!
      • You can't sue me but I can sue you, so piss off!
      • Oh, and by the way, piss off!
      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
    21. Re:It has begun... by Divebus · · Score: 2, Funny

      I got two Apple stickers with my copy of Leopard. Time to check out that box again! No wonder I didn't see them! They were in with the documentation!
      --

      Most of the stuff on /. won't survive first contact with facts.
    22. Re:It has begun... by flosofl · · Score: 4, Funny

      I had two, and I put them on a large stone block and my printer. Anyone know how to install safari on a printer?
      No, but I did manage to get it installed on a medium stone block. I'm sure the steps I used can be scaled up to your large one. Page renders are very crisp, but refresh takes forever.
      --
      "This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
    23. Re:It has begun... by recoiledsnake · · Score: 5, Insightful

      Good god, man! We've got to get them back on Internet Explorer! Though you meant it as a joke, for users on Vista, that could actually be a good thing. IE on Vista runs in a sandbox, so any code owning IE can only mess with the cache folder or something, and can do nothing to your system as well nor any thing to your user files like documents. Whereas, almost every other browser out there runs with the user permissions(not root or admin) by default(on all OSes, AFAIK), so that a compromise can result in viruses/keyloggers etc. that can run on startup, delete your user files/documents and/or email them to Nigeria whereas that's not simply possible with IE on Vista.
      --
      This space for rent.
    24. Re:It has begun... by rwven · · Score: 3, Informative

      Apple has already responded and said the EULA statement was an oversight. It's fixed in the next release and it's not binding anyway.

    25. Re:It has begun... by watzinaneihm · · Score: 4, Informative

      Thats a great suggestion .. a minor nitpick ..
      "msiexec /qn /i Qucktime.msi " will run the msi with no UI at all.. replacing "/qn" with "/qb!" will do the same install with a limited UI. Atleast that way there is some indication that an install is in progress.

      --
      .ACMD setaloiv siht gnidaeR
    26. Re:It has begun... by Kjella · · Score: 2, Funny

      I used to work for Sun back in the early 90's, Reading the rest of your post, I'd say you were employed by Sun back in the early 90's.
      --
      Live today, because you never know what tomorrow brings
  2. Acidity by n3tcat · · Score: 5, Funny

    So Acid 4 will include security tests too now, right?

    1. Re:Acidity by MooseMuffin · · Score: 5, Funny

      Yes. You pass if the website renders correctly. You fail if the website owns your machine.

  3. Some ideas are not so good by Miros · · Score: 4, Insightful

    Sometimes it's just really not a good idea to push a piece of software out to hundreds of millions of people on its first release just because they use/update your other products. This is the real way that it could come back and bite them, and it certainly seems to have.

  4. I wonder... by Fenice · · Score: 5, Funny

    ...if Apple can sue itself for proposing illegal installs of safari on windows?

  5. It was bound to happen by downix · · Score: 4, Insightful

    EULA's have gotten to the point that they conflict with themselves. One can then assume that Safari is intended for the Windows install on Mac machines, *or* on machines to which someone has applied an Apple brand sticker.

    I am waiting for the EULA that requires all users to declare the programmer their god and send off their first born child to him in sacrifice.

    --
    Karma Whoring for Fun and Profit.
    1. Re:It was bound to happen by mwvdlee · · Score: 3, Funny

      Only if the firstborn is female, and you don't need to send any for the first 18 years.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:It was bound to happen by peipas · · Score: 4, Interesting

      Case in point: the Mozy online backup EULA, which requires you to use the service only for good and for awesome, and warns against taunting the happy fun ball.

      See paragraphs 2 and 3 in the LIMITATION OF LIABILITY section.

    3. Re:It was bound to happen by rthille · · Score: 2, Funny

      Either you're really young, or you haven't been around any 18 year old girls lately. God they are insipid...send me a nice "at the peak of my sexuality" 30 year old instead any day!

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
    4. Re:It was bound to happen by Rary · · Score: 2, Funny

      This is Slashdot. Odds are he's never been around any female not called "Mom".

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  6. Nonsensical headline by Idaho · · Score: 3, Insightful

    Can someone please explain to me how software could possible "violate its own EULA" (even theoretically, not necessarily restricted to this case)?

    I agree that the EULA makes no sense, assuming that Apple wants as many Windows users as possible to use Safari. But that's an entirely different matter.

    In fact, the EULA can be adhered to without any problem: afterall, you can install Windows just fine on Mac hardware these days. So you can actually run Safari for Windows on "Apple labeled hardware".

    I seriously doubt the way it is stated in the EULA is really Apples intention though ;)

    --
    Every expression is true, for a given value of 'true'
    1. Re:Nonsensical headline by SpeedyDX · · Score: 3, Insightful

      Good points, though I think it can be explained in a much easier manner.

      As someone who regularly uses the functions "copy" and "paste", I can tell you that there are many times where I c/p a blob of text and forgot to change something crucial in it. This happens to many people. Apparently, the folks at Apple are not immune to human flaws.

      It's probably just an oversight. A HUGE oversight. But there's really no need to make a circus out of it. Then again, this is Slashdot, right?

  7. Violating the EULA by sm62704 · · Score: 4, Interesting

    How can you violate an agreement that you never agreed to? Does Microsoft have a copy of a contract with my signature on it saying I'll accept its terms of use for XP? If I had Safari would Apple have a signed contract?

    When I go to best buy I don't "license" an OS or piece of software; I pick a box up off the shelf, pay money for it and am delivered a purchase reciept. I then own the goods that I just BOUGHT. I am under no statutory obligation to read anything or sign anything. I tear open the box and do what I want with it, short of violating copyright law.

    Your EULA is fiction, and until I see one stand up in court I'm going to ignore it.

    -mcgrew

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    1. Re:Violating the EULA by ari_j · · Score: 5, Insightful

      You are mistaking "signature" and "agreement." Signatures are not a prerequisite to a valid contract, they are merely very good evidence of agreement. You can get out of some contracts you signed and you can be held to some contracts you didn't. The lack of a signature is not the reason EULAs are of questionable enforceability.

    2. Re:Violating the EULA by IBBoard · · Score: 3, Interesting

      It's not even that. Microsoft have their way in that regard now. What you own is the media with a binary copy of the application/operating system. What you license by agreement to the EULA is the rights to then install and use that software as a running process (or processes) on compatible hardware.

      Yes, it sucks, but that's what free software is for.

    3. Re:Violating the EULA by Kjella · · Score: 5, Informative

      Your EULA is fiction, and until I see one stand up in court I'm going to ignore it. I guess you better close your eyes and hum real loud then. I'm not saying it's universal, but to take a few examples from the wikipedia page in Brower v. Gateway "the Supreme Court of New York ruled that the terms of the shrink-wrapped license document were enforceable because the customer's assent was evident by his failure to return the merchandise within the 30 days specified by the document." And regarding click-wraps: "Click-wrap licenses have met with more support in the courts, though notable counterexamples exist. In ProCD v. Zeidenberg, the license was ruled enforceable because it was necessary for the customer to assent to the terms of the agreement by clicking on an 'I Agree' button in order to install the software."

      The whole section on enforcability starts with "The enforceability of an EULA depends on several factors, one of them being the court in which the case is heard. Some courts that have addressed the validity of the shrinkwrap license agreements have found some EULAs to be invalid, characterizing them as contracts of adhesion, unconscionable, and/or unacceptable pursuant to the U.C.C." If you read between the lines, it says "No court has rejected EULAs outright". If you're outside the US, it seems to be much the same. Yes, Germany declared the bundling with Windows to be unenforcable, but the EULA as such still remains. In short, you're talking about the way you want it to be not legal reality except possibly in Kansas where there was a ruling agreeing with you.
      --
      Live today, because you never know what tomorrow brings
    4. Re:Violating the EULA by Just+Some+Guy · · Score: 2, Insightful

      If you do not agree to the license, you do not have a right to use said software.

      Especially in the case of boxed, purchased software, I gained the right when I gave the store clerk money in exchange for that software. In fact, since up until the point that I click "I Agree" to some ignorable EULA I haven't even given the illusion of agreeing to anything, it's my right to hack out any objectionable code (such as that EULA dialog). That's because I own that copy of the software.

      --
      Dewey, what part of this looks like authorities should be involved?
    5. Re:Violating the EULA by russotto · · Score: 3, Informative

      It's not even that. Microsoft have their way in that regard now. What you own is the media with a binary copy of the application/operating system. What you license by agreement to the EULA is the rights to then install and use that software as a running process (or processes) on compatible hardware.


      Sorry, but 17 USC 117 says that owning the binary copy already grants me the right to install and use the software.
    6. Re:Violating the EULA by ari_j · · Score: 2, Informative

      Technically, those contracts aren't even implied, they are explicit. The terms beyond the price and quantity of the gum will be supplied by applicable law. In states within the U.S. that have adopted it, the Uniform Commercial Code, Article 2, will apply. Under UCC 2-201, the contract doesn't have to be in writing because it is for less than a certain amount (depending on the version of the UCC that the state has adopted; generally $500). Under 2-509, because you bought the gum from a gum merchant, the risk of the gum being lost to and act of God is the seller's risk until you take possession of the gum. Under 2-314, there is a warranty, among other things, that the gum is fit for the ordinary purposes of gum.

      An implied contract is one where the parties' behavior shows that there is a contract even though there is not an explicit agreement between them. When you buy gum, there is an explicit agreement when you communicate by putting the gum on the counter that you are offering to buy it for the stated price and the store communicates its acceptance by telling you "with tax, that will be 53 cents, sir." And implied contract would be if you picked up the gum, left 53 cents on the counter, and walked out of the store without any communication in either direction, and the store never bothered to chase you down over it.

      Subtle, but it's a pet peeve of mine. Don't worry - most judges don't know where explicit contracts end and implied contracts begin.

  8. I think you're not reading closely enough by hassanchop · · Score: 5, Informative

    "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs."


    I got Safari as part of the iTunes update. I have a non-Apple Windows machine, running Safari. They basically forced the software on me, and the EULA says I can't use it.

    Does that answer your question?
    1. Re:I think you're not reading closely enough by Ron_Fitzgerald · · Score: 2, Interesting

      When the updater pops up, at the very bottom of the window is a link to:
      http://www.apple.com/legal/sla/

      At which point you as the user have to pick through a list of different licenses to get to what you may want.

      --
      ~ Ron Fitzgerald
    2. Re:I think you're not reading closely enough by weicco · · Score: 2, Informative

      How are they to know the difference between Windows on a Mac and Windows on any other PC to determine whether to disable the 'bonus feature' or not?

      Quite easily. Ask WMI. It knows a lot of stuff going on and under your Windows setup.

      --
      You don't know what you don't know.
  9. Fine by me by asc99c · · Score: 5, Funny

    My iPod came with a big Apple sticker which for some reason I did stick on my PC. Guess I'm OK to use Safari then.

    1. Re:Fine by me by AioKits · · Score: 2, Funny

      My iPod came with those as well. Too bad there was not enough space left on my laptop after the Mozilla folk were nice enough to give me a sheet of Mozilla stickers for purchasing a few t-shirts and a laptop tote...

      --
      "Quote me as saying I was mis-quoted." -Groucho Marx
  10. You can stop ignoring them by hassanchop · · Score: 5, Interesting

    http://en.wikipedia.org/wiki/ProCD%2C_Inc._v._Zeidenberg

    "ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir., 1996), is a United States contract case involving a "shrink wrap license". The issue presented to the court was whether a shrink wrap license was valid and enforceable. Judge Easterbrook wrote the opinion for the court and found such a license was valid and enforceable."

    They've been held up in court. The issue isn't totally decided, with other cases dealing with more specific issues, but your "nah nah nah MARY HAD A LITTLE LAMB nah nah nah" fingers in the ears stance may not be legally prudent.

    1. Re:You can stop ignoring them by Actually,+I+do+RTFA · · Score: 2, Interesting

      but you can ignore it if it gives you no opportunity to read the licence *before* accepting, and you can ignore it if it gives you no opportunity to refuse

      Well, I bet that the iTunes EULA includes somewhere in it the rights to expand the scope, yada, yada.

      I imagine that there is an anti-trust suit waiting to happen, since Apple has a near-monopoly on music downloads, which requires the iTunes player, which pushes Safari... If it's good enough for MS, it's good for Apple.

      --
      Your ad here. Ask me how!
  11. You keep saying that word.... by Nursie · · Score: 3, Informative

    A naturalist is -

    "A scholar or student of natural history, the science of the natural world; see also natural science. It may also refer to a Wildlife enthusiast or a Conservationist"

    Not a naturist or nudist.

    1. Re:You keep saying that word.... by Daimanta · · Score: 4, Funny

      I am a naturalist and I don't wear any clothes you insensitive clod!!

      --
      Knowledge is power. Knowledge shared is power lost.
    2. Re:You keep saying that word.... by Nursie · · Score: 2, Funny

      Not only did I get the point. I had a chuckle at the idea of naked naturalists, hanging out (literally) in the forest trying to spot wildlife...

    3. Re:You keep saying that word.... by Nursie · · Score: 2, Funny

      You can be both! You can be both!

    4. Re:You keep saying that word.... by gstoddart · · Score: 3, Funny

      I am a naturalist and I don't wear any clothes you insensitive clod!!

      Chill, don't get your knickers in a twist.

      Err ... wait. :-P

      Cheers
      --
      Lost at C:>. Found at C.
  12. Re:I already have this update... by SigILL · · Score: 2, Informative

    In all seriousness, excepting the spiffy Apple skinning, this is Firefox's illegitimate twin. Has anyone done a code comparison??? :P

    Yeah, and they found that it's based on Konqueror, not Firefox. Something that Apple widely acknowledges, too.
    --
    Error: password can't contain reverse spelling of ancient Chinese emperor
  13. Switch? by blankoboy · · Score: 3, Funny
    Sheesh, I'm on the verge of finally switching from Microsoft to Apple (just been waiting on the new rev of the Mac Mini to appear) and they go and pull the funny business of trying to slip Safari on to Windows desktops that use Itunes. On top of that there is now this report of the security flaws found in Safari. So now Apple is carelessly pushing a security risk browser onto unsuspecting client PC's. This is really underhanded and has be getting cold feet. Ubuntu perhaps....then?

    Apple, these sort of tactics really are not necessary. Don't take the low road please...you can win it by going on the high way.

    1. Re:Switch? by Shados · · Score: 3, Insightful

      Apple has gotten where it is almost exclusively by taking the low road, with borderling false advertising and Microsoft-style tactics. They originally make an excellent product (MacOSX, Ipods, etc), get a name from it, then push it further using the low road. Its always been that way. If you're going to move away from Microsoft because of shady marketing as one of your primary reasons, stay clear from Apple. Jobs makes Balmer look like a saint in that department.

  14. Profit? by crt · · Score: 5, Funny

    Step 1: Install Safari on millions of unsuspecting Windows PCs
    Step 2: Sue non-Mac owning PC users for violating EULA
    Step 3: ???

  15. The EULA says... by mr_lizard13 · · Score: 2, Interesting

    ...I can install one copy of Safari on an Apple-branded computer

    It doesn't say how many I can install on non Apple-branded machines...

    --
    "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
  16. Yet more proof by an.echte.trilingue · · Score: 5, Funny

    Yes. You pass if the website renders correctly. You fail if the website owns your machine. Yet another "standards" test designed to make IE fail. This is just more proof that the W3 has it out for Microsoft.
    --
    weirdest thing I ever saw: scientology advertising on slashdot.
  17. Hardly surprising by elrous0 · · Score: 4, Interesting
    Anyone who has ever tried to REALLY uninstall one of their apps (or get Quicktime to stop running in the background or sneaking back into your registry) should not be surprised. Apple software is sneaky, aggressive, and not to be trusted.

    And the heavy-handed tactics they use to push said software is truly amazing. If MS did half of the underhanded stuff Apple does, they would be dragged back into court in a heartbeat. Why Apple continues to get a free pass on such crap is beyond me.

    I will NOT install Quicktime, iTunes, Safari or any other Apple software on my computer. And I always advise others not too as well. It's just not worth the hassle (if Apple really wanted your business, and not just to sleaze their way onto your computer, they would sell iTunes songs through their website and not require a software download).

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Hardly surprising by Shados · · Score: 4, Interesting

      B...b....but Apple is not a monopoly! That means they can and SHOULD do this!!! /sarcasm.

      Seriously though, Apple is allowed legaly for said reason, but I never understood why people accept it... I mean, last I checked, when Microsoft -started- doing that crap, they weren't a monopoly either...and look where it got us.

      That being said...watching a media player (iTune)conflict with a RAID (I swear Ive seen that happen) is quite amusing... Just exactly WHAT is that stupid thing doing anyway?

    2. Re:Hardly surprising by Jeff+DeMaagd · · Score: 4, Informative

      I call BS. I just uninstalled iTunes and there's no background process or anything like that running, and no executable remaining. Maybe the program should have offered to remove the program preferences in your account, but there's no binary there.

      That "spyware" service you refer to is just a notifier to open iTunes when an iPod is connected. That's all it does. It's hardly malicious, and it doesn't report to Apple what you do with your computer.

    3. Re:Hardly surprising by AdamReyher · · Score: 3, Insightful

      It might be that Apple just doesn't want to take the time to write software for Windows that works properly. Can't say I blame them...
      If Apple wants to have any respect in the overall industry (which they're slowly losing from me), making crap software for platforms they don't like isn't going to get them anywhere. You know, it's really not that difficult to make proper software for Windows. Granted, everything will be vulnerable from time to time and I really could care less about the vulnerabilities.

      Safari is marketed as the perfect browser for Windows, without flaw, without question. They have the gall to assume that everyone who uses iTunes would prefer Safari simply because it has an Apple logo on it.

      And when Safari falls victim to Security vulnerabilities just like every program out there, those of us who know what we're talking about don't blame Apple for their complete incompetence as programmers. Security vulnerabilities happen. It's the way of programming. It's virtually unavoidable. Yet fanboys turn around and say Apple isn't obligated as a company to produce secure software and back up their own marketing hype simply because Windows is a crap platform. It sickens me. And they get away with it.
      --
      The Computations of AdamR
      http://www.adamreyher.com
    4. Re:Hardly surprising by Anonymous Coward · · Score: 2, Funny

      That "spyware" service you refer to is just a notifier to open iTunes when an iPod is connected. That's all it does. It's hardly malicious, and it doesn't report to Apple what you do with your computer.

      Yeah, but having that program poll the bus once every ten seconds or so is seriously infringing on the 4.8 BILLION operations a second that his computer is capable of doing. Do you realize just how much percentage-wise that is?!?!?

  18. some comments by nguy · · Score: 3, Informative

    I think you should seriously consider Ubuntu: for all those things that people usually use a Mac Mini for (music, video, photos, web browsing, text processing, Skype, etc.), it's actually probably a better choice. Ubuntu supports more audio, video, and file formats, it's easier to keep updated, and all the applications are preinstalled. Oh, and Ubuntu will talk just fine to your iPod, and unlike iTunes, will let you copy both to and from the iPod.

    (I have a Mac Mini, an iMac, and several iPods, but I now mostly use my Ubuntu systems for everything)

  19. Re:I already have this update... by Dak+RIT · · Score: 2, Informative

    You're free to do one yourself if you want, since Safari's engine, WebKit, is open-source. It's kind of odd though that a "rip off" of Firefox would be scoring so much higher than it on the Acid3 (100/100 now as of the latest nightly), and (compared to FF2) on Acid2.

    You must not come here much, do you?

  20. Nobody reads them by Zelos · · Score: 3, Funny

    Proof that nobody reads EULA, not even the people that write them?

    More likely, some tired programmer just copied the string resource across from another project without checking it.

  21. GPL Violation? by lky · · Score: 3, Interesting

    IANAL but....

    The offending section seems to have an even bigger issue in it.

    It reads:
    B. Certain components of the Apple Software, and third party open source programs included with the Apple Software, have been or may be made available by Apple on its Open Source web site
    (http://www.opensource.apple.com/) (collectively the "OpenSourced Components"). You may modify or replace only these OpenSourced Components; provided that: (i) the resultant modified Apple
    Software is used, in place of the unmodified Apple Software, on a single Applelabeled computer; and (ii) you otherwise comply with the terms of this License and any applicable licensing terms
    governing use of the OpenSourced Components. Apple is not obligated to provide any updates, maintenance, warranty, technical or other support, or services for the resultant modified Apple
    Software.
    You expressly acknowledge that if failure or damage to Apple hardware results from modification of the OpenSourced Components of the Apple Software, such failure or damage is excluded from
    the terms of the Apple hardware warranty.
    ---

    Now, one of the open source components used in Safari was/is Khtml which is licensed under the GNU LGPL. Now this clause allows you to modify & use the open source components ONLY if you use them on a single system (assuming the apple-labeled part has been fixed as i've heard).

  22. Re:Actually by jtev · · Score: 2, Funny

    You mean, like.... Ummm.... I'm thinking here.... Windows Media Player for mac? That would be the sort of vindictive thing that would be awesome for MS to do in my not so humble opinion. Bonus points if they "forget" to fix their licence, and say that it has to be run under windows.

    --
    That which is done from love exists beyond good and evil
  23. Found 'em by GameboyRMH · · Score: 3, Funny

    They're all over the place:

    - Stuck to the back glass of pickups
    - Stuck to the back glass of poorly maintained econo-cars
    - Stuck to teenage girls' bedroom/dorm doors
    - Stuck to teenage girls' binders and backpacks

    Good luck getting them back...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  24. Re:I already have this update... by Fenice · · Score: 2, Informative

    To be more precise, the html rendering engine (webkit) is based on khtml, which is the konqueror (default) built-in rendering engine.

    And whatever we can say about konqueror/safari, this branch of engines is generally considered to be well designed and standards compilant (khtml passed acid2 tests before gecko).

  25. A buffer overflow? In 2008? Seriously? by pyrbrand · · Score: 5, Interesting

    Man, they're not even trying are they? This day an age, not only is there no excuse to ship with such a basic flaw, there's really no excuse to be programming in a fashion that would allow it. It's so easy to audit for basic overflows (at least on Windows) that it's silly. Even just compiling /GS with VC++ should protect you against a lot. Seriously, people give MS a bad rap these days, but any exploit you're going to see in their software these days usually takes advantage of complex system interactions or odd exception throwing.

    Apple should take a serious look at their coding practices and consider banning the use of unsafe CRT functions and using _s versions of any C functions their using (Visual C++ has them and they're part of the next standard) or at a minimum requiring audits of all raw pointers. Static analysis tools should also be mandatory and should catch most issues.(http://www.spinroot.com/static/)

  26. 0.5 billion users??? by 4D6963 · · Score: 2, Interesting

    500 million users of iTunes, really? 12% of the world population that has access to electricity, are you sure?? How many computer users are there even really out there anyways? And how the hell would you know how many single users for a program you have out there any bloody way? And why on Earth am I seemingly the only one out here this figure made cringe?

    --
    You just got troll'd!
  27. Apple Update Sucks! by Nom+du+Keyboard · · Score: 2, Insightful
    I already have good enough reason to feel Apple's whole approach to update sucks!

    All I want to do is update QuickTime on my XP box. I need it because of the .mov and .qt files it won't play otherwise. QT tells me there's a new update I must install, but the ONLY WAY Apple will provide me this update with bundled with iTunes which I DON'T HAVE and DON'T WANT!

    It's never a good idea to install software you have no need for (I'm one of the remaining 27 people in the world without an iPod), don't want (the software, or the iPod), and don't know how avoid without just not updating in the first place.

    Why the hell does Apple think I need an iTunes update just to update their buggy QT?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  28. Re: "It" has begun... by WaltFrench · · Score: 2, Funny

    Considering ... the aggressive way their software "takes over" your computer...

    Good Lord! Apple has hacked Windows' security so it lets Apple software mod the Registry to determine which app starts when you double-click a URL?

    They're more malicious than I could ever have imagined!!! Soon, all these machines will be filled with all the spyware, viruses, trojans and etc that Apple is notorious for hosting!

    --
    "Inquiring Minds Want to Know!"
  29. A buffer overflow? In 2007? Seriously? by argent · · Score: 2, Insightful

    Seriously, people give MS a bad rap these days, but any exploit you're going to see in their software these days usually takes advantage of complex system interactions or odd exception throwing.

    That's because Microsoft's "Active Content" security model, introduced in 1997, pretty much created the 'complex system interactions' vulnerability ecosystem. Before then the whole idea that an application that displayed untrusted content would provide a path for that content to execute code with full local user privileges was inconceivable. It was a joke, literally, the basis for the joke "Good Times" virus hoax was the idea that there would EVER be a way for an embedded virus to be launched automatically by email software.

    Microsoft has its own problems with buffer overflows, for example this recent one, but if they only had buffer overflow issues there wouldn't be the kind of virus problem there is now. Because when you fix a buffer overflow you're fixing a bug. When you fix a 'complex system interaction' problem, you can't usually fix the underlying cause because there's other legitimate software that depends on that cause... so all you can do is add new checks. Which means that variants of the original exploit, possibly using a different avenue of approach to the underlying vulnerability, still remain.

    So Microsoft is between a rock and a hard place. Every check they add has the possibility of breaking legitimate content. So instead of preventing the dangerous interaction, they pop up a dialog and ask the user if they really meant to do whatever caused the dangerous interaction to happen. Which pisses users off, and trains them to answer "yes" to "I'm about to do something stupid and dangerous" dialogs.

    When web comics about fuzzy animals are making fun of this problem, you know things are getting bad.

    CATS wants to execute 'setupbomb42.dll'. As a result you may have no chance to survive make your time. Allow (yes) (no)?

    And the really annoying thing is that Firefox (with XPI install through the browser) and Safari (with 'open "safe" files after downloading') have started to follow Microsoft's path of setting users up the bomb and then popping up a dialog asking if they want to detonate. Luckily Apple finally turned 'open "safe" files' off by default, but they've kept the 'set us up the bomb?' dialogs anyway.