I would argue that the speed and responsiveness of the interface is increasing productivity in some way. Having a responsive interface is not just nice window dressing, particularly if I'm doing several things at once.
It is also possible that it is faster instead of just appearing faster. What might have been sped up is the constant factors, the smaller functions, that are usually dwarfed by the time it takes to complete an "actual" task. That is, you might not be able to encode video any faster, because while the act of opening and writing to the video file on the filesystem could have been sped up, the limiting factor is encoding speed. (I'm not saying that's necessarily true about Windows 7, but it could be.
Hmm...strange. It seems to persist some times and not other times. The exploit never seems to work after I touch the Info.plist file or Contents directory, though.
Sorry this isn't as failproof a fix as I thought. On the other hand, it still seems to require physical, logged-in access to the computer, so turn on screen lock and don't leave it unattended.
This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)
That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.
P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.
Also...Cmd-Ctrl-Shift-3 for area-of-screen capture, Cmd-Shift-4 for capture to clipboard, and Cmd-Ctrl-Shift-4 to capture an area to the clipboard.
Of course I remapped all of these to a function key +modifiers anyway...maybe that makes me a bit less of a Mac user but it's more useful to make "capture an area to clipboard" the default case.
Isn't the whole point of "take it with a grain of salt" that a grain of salt is basically worthless? A more emphatic version should be something like "take it with a nanogram of salt" or something.
As a current Mac OS X developer (somewhat) active on http://cocoadev.com/, I can tell you that iPhone development probably won't be significantly easier than OS X, particularly not from being a "smaller" environment. The existing iPhone framework is much like the existing OS X AppKit framework, and they use the same Foundation framework underneath. An iPhone app seems like it would take about the same amount of code but would be harder to get right, as in feel like an iPhone app. On a concept-based PDA like this, an app's UI has to be one of the most important things the developer does, not an afterthought.
I would guess that the only thing that would make writing iPhone apps easier is the fact that the really simple, stupid, everyday apps haven't been written already. So for a while anyone will be able to put their product out on the market and have a pretty good chance of success, rather than being overshadowed by existing giants.
By the way, Objective-C still seems to be the language of choice for native Mac OS X and iPhone apps. Reverse-engineered "documentation" of the iPhone's UIKit framework is available on http://cocoadev.com/. Still, all the existing ObjC bridging technology on OS X will probably work on the iPhone as well...but developers will have to take into account the greatly reduced processor power.
I'd prefer to see the rise of OpenID. Now if Microsoft gave you an OpenID authentication point with your LiveID (preferably with something simple, like adding the OpenID <link> tags to login.live.com or even just live.com), that would be a feature worth using and supporting. And wouldn't require changing the sites that already support OpenID, including, AFAIK, the SixApart family of blogs.
With modern technology, diverse applications are a good thing (healthier market and better apps from consumer selection). Information, however, is more useful the more widely it can be read and used. Unless you are specifically trying to hide something.
Unfortunately, like Live ID, there seems to be more OpenID providers than servers that use them for authentication.
I am not an analyst, but as far as I know the N64 was a very strong brand, especially the "N" logo. (You know, the nifty 3D thing made up of four Ns.)
"Game Boy" makes no sense to me as the device is not a boy, the player is. And today, it's "the player was." Because sexism (intentional or perceived) just doesn't sell anymore. (Although I remember a few boxes with "Boy" crossed out and "Girl" written in, for the "girliest" games.)
PlayStation (or 2, or 3) wasn't much more inherently marketable, if more recognizable than GCN (and AGB for the Game Boy Advance). PSP isn't so bad once you've already got PlayStation/PS2 established.
And let's not forget Xbox, and the real killer, Xbox 360.
Actually, the only really marketable console names I can think of/find are those made by Sega. Oh, here's a cool one...Phantom...oh, wait...
When it comes right down to it, very few consoles are named well. Or computers (even the ones not sold as a commodity). Or actually a lot of technology products.
This has happened to me not once but twice, and I really was at a loss at what to do. Well, and angry and annoyed. The second time I decided enough was enough and set up DomainKeys and DKIM (both because DKIM hasn't quite caught on enough yet). Both of them are ways to sign your e-mail so the receiving server can be sure that it actually came from your domain. It's not yet a real solution because not enough people/sites use it or validate against it, but encouraging adoption is always a good thing.
Of course, signing mail isn't really enough to stop it, so you may have to turn off the "catch-all" feature of your mail just to avoid mail bounced to "xycjdfedf@mydomain.com"
Slashdot Mirror
I would argue that the speed and responsiveness of the interface is increasing productivity in some way. Having a responsive interface is not just nice window dressing, particularly if I'm doing several things at once.
It is also possible that it is faster instead of just appearing faster. What might have been sped up is the constant factors, the smaller functions, that are usually dwarfed by the time it takes to complete an "actual" task. That is, you might not be able to encode video any faster, because while the act of opening and writing to the video file on the filesystem could have been sped up, the limiting factor is encoding speed. (I'm not saying that's necessarily true about Windows 7, but it could be.
Hmm...strange. It seems to persist some times and not other times. The exploit never seems to work after I touch the Info.plist file or Contents directory, though.
Sorry this isn't as failproof a fix as I thought. On the other hand, it still seems to require physical, logged-in access to the computer, so turn on screen lock and don't leave it unattended.
This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)
That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.
P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.
Also...Cmd-Ctrl-Shift-3 for area-of-screen capture, Cmd-Shift-4 for capture to clipboard, and Cmd-Ctrl-Shift-4 to capture an area to the clipboard.
Of course I remapped all of these to a function key +modifiers anyway...maybe that makes me a bit less of a Mac user but it's more useful to make "capture an area to clipboard" the default case.
(In case anyone doesn't get this, it's already here, albeit not yet complete.)
Isn't the whole point of "take it with a grain of salt" that a grain of salt is basically worthless? A more emphatic version should be something like "take it with a nanogram of salt" or something.
Certainly does need debugging...you're missing a close paren in both versions.
Must be because of the MySQL purchase?
Oh wait...
As a current Mac OS X developer (somewhat) active on http://cocoadev.com/, I can tell you that iPhone development probably won't be significantly easier than OS X, particularly not from being a "smaller" environment. The existing iPhone framework is much like the existing OS X AppKit framework, and they use the same Foundation framework underneath. An iPhone app seems like it would take about the same amount of code but would be harder to get right, as in feel like an iPhone app. On a concept-based PDA like this, an app's UI has to be one of the most important things the developer does, not an afterthought.
I would guess that the only thing that would make writing iPhone apps easier is the fact that the really simple, stupid, everyday apps haven't been written already. So for a while anyone will be able to put their product out on the market and have a pretty good chance of success, rather than being overshadowed by existing giants.
By the way, Objective-C still seems to be the language of choice for native Mac OS X and iPhone apps. Reverse-engineered "documentation" of the iPhone's UIKit framework is available on http://cocoadev.com/. Still, all the existing ObjC bridging technology on OS X will probably work on the iPhone as well...but developers will have to take into account the greatly reduced processor power.
I'd prefer to see the rise of OpenID. Now if Microsoft gave you an OpenID authentication point with your LiveID (preferably with something simple, like adding the OpenID <link> tags to login.live.com or even just live.com), that would be a feature worth using and supporting. And wouldn't require changing the sites that already support OpenID, including, AFAIK, the SixApart family of blogs.
With modern technology, diverse applications are a good thing (healthier market and better apps from consumer selection). Information, however, is more useful the more widely it can be read and used. Unless you are specifically trying to hide something.
Unfortunately, like Live ID, there seems to be more OpenID providers than servers that use them for authentication.
I am not an analyst, but as far as I know the N64 was a very strong brand, especially the "N" logo. (You know, the nifty 3D thing made up of four Ns.)
"Game Boy" makes no sense to me as the device is not a boy, the player is. And today, it's "the player was." Because sexism (intentional or perceived) just doesn't sell anymore. (Although I remember a few boxes with "Boy" crossed out and "Girl" written in, for the "girliest" games.)
PlayStation (or 2, or 3) wasn't much more inherently marketable, if more recognizable than GCN (and AGB for the Game Boy Advance). PSP isn't so bad once you've already got PlayStation/PS2 established.
And let's not forget Xbox, and the real killer, Xbox 360.
Actually, the only really marketable console names I can think of/find are those made by Sega. Oh, here's a cool one...Phantom...oh, wait...
When it comes right down to it, very few consoles are named well. Or computers (even the ones not sold as a commodity). Or actually a lot of technology products.
We may be "Isle of Slash"...
This has happened to me not once but twice, and I really was at a loss at what to do. Well, and angry and annoyed. The second time I decided enough was enough and set up DomainKeys and DKIM (both because DKIM hasn't quite caught on enough yet). Both of them are ways to sign your e-mail so the receiving server can be sure that it actually came from your domain. It's not yet a real solution because not enough people/sites use it or validate against it, but encouraging adoption is always a good thing.
Of course, signing mail isn't really enough to stop it, so you may have to turn off the "catch-all" feature of your mail just to avoid mail bounced to "xycjdfedf@mydomain.com"