As for the current information, the only known exploit is with Apple's help: protocol. Disabling the help: protocol from the browser, which is surely not that important does plug that remote exploit.
Many people are looking to make sure that this kind of exploit isn't possible from another proprietary protocol handler. If another one shows up, I'm sure the information will be available quickly.
It doesn't get around normal permissions but if you installed it then it can delete anything owned by you. No password required.
Don't brush this off, this thing is real and dangerous. Ignorance is a bad reason to lose all of your files. Sure, it won't damage your OS if you have reasonable security but it certainly can propogate to other machines.
This thing is both an MP3 file and an full blown CFM application. If you drag and drop the file on iTunes it plays (safely since iTunes won't run the code). But if you double click it, it is an application and it can deliver destructive payloads before it launches iTunes to hide its true nature.
Google Groups For more information from the author of the demonstration trojan.
This thing is real. It is both an MP3 file and a full blown CFM application with an icon that makes it look like an MP3 file.
If you drag and drop it on iTunes, it opens and plays (safely since iTunes won't run the code). But if you double click it, it runs the application payload and then opens iTunes to hide its nature.
This is a bad thing for OS X (but not unexpected eventually).
You can legally make as many perfect CD copies of songs you've downloaded
No, it is lossy.
No, burning a CD is pretty accurate conversion of an already lossy format (AAC) to a lossless format CD-Audio. Unless the AAC to AIFF conversion has bugs, the resulting AIFF audio should be the same as the original AAC audio with only a single generation of lossy compression artifacts.
1) Make a CD from the protected AAC file 2) Rip the CD to unprotected AAC 3) there is no step 3
If you have a Mac with iMovie you can use iMovie to convert the protected AAC file to an unprotected AIFF file in 1 easy step and save $0.25 on the CD.
I still remember when Steve Jobs came to Boston to hype the new NeXT Cube. Awesome demo. Amazing machine at the time if a little pricey. But you couldn't buy it. Had to be in school or a developer.
Ok, I'm a developer.
Steve is in the hall after the event answering questions. Someone asks, "how can I become a registered developer?" Steve's response, "well we don't need any _garage_ developers." Nice.
Never bought a NeXT after that. I suspected they weren't going to be popular.
If you think switching from old apple MRJ (carbon) to Cocoa and a very standard JVM is trivial you are sadly mistaken.
This release is a huge win for OS X users. It puts the Mac in parity with Sun JVMs for the first time in many years. The UI is greatly enhanced by the use of Aqua and hardware graphics acceleration.
I suspect that finally OS X can stay nearly in parity with Sun's releases.
The new 1 GHz G4 PowerBook looked good until I saw the specs on the SuperDrive DVD writing. It is 1x. Pretty slow. I assume the 1x is because of the very slim form factor for the optical drive. Still disappointing though. I guess I will stick with my 800 MHz G4 for a while longer.
This could be a very bad thing for the Mac in general and OS X in particular if AOL doesn't actually switch their Windose users too.
I use Mozilla and love it but it isn't nearly compatible enough with the lousy websites out there for your average AOL user to use.
Now if they do the same for AOL on MSFT Windows then that is a whole different story. That is a very good thing because it will force many of those poorly designed websites to actually do W3C compliant sites. That will be good for everybody except Microsoft's monopoly.
Re:All I want to know is..
on
Bitter Java
·
· Score: 1
yeah, cause nobody ever learned nothing from a book.
Are you sure about the OS not having much impact on the test? I've read that there is a floating point library in Mac OS X that is significantly slower than the equivalent in OS 9. Also, the virtual PC people have spent months on OS X getting the speed up on VPC due to issues in OS X with priorities and time-slicing.
I don't know much about how these benchmarks are written or how the compilers actually generate FP code but if they use a standard OS library that isn't particularly optimized then that would show up in the SPEC FP tests.
SPEC doesn't just measure CPU speed, it measures it in conjunction with the complete system that is being used to run the test. Unless they've changed their charter, this was always acknowledged by the SPEC consortium.
I would love to know what kind of impact OS X has on the benchmarks. Has anyone done the equivalent study using Yellow Dog Linux?
I know people are going to claim that the SPEC marks aren't susceptible to bias but the SPEC suite only test traditional architectures. As far as I know, they don't test for SIMD vector processing like the altivec.
No one ever claimed that the FP alone on the G4 was at supercomputer status, just that the G4 in conjunction with Altivec could crunch at FLOPs at "supercomputer" speeds.
Keep in mind that OS X is hardly optimized for this kind of test. OS X has just recently reached the point where it is useful as a general purpose platform. But Apple is making a big push in the scientific computing area so I expect that you will find vast improvements in the SPEC FP suite in the future.
Escrow systems don't necessarily work. I've worked for a company that had its source code in escrow for a large client.
I wrote a signifcant amount of the code. When I left, the version in escrow was 3 or 4 months old. The company has subsequently moved on to a complete rewrite that actually bears little resemblence to the original.
Now I don't really know but what are the odds that the version of the software that I worked on for 4 months which is now over a year old got placed in escrow? Not likely. If the large client ever needed to exercise the escrow agreement, they would only find a year old version of the software.
But, I can hear you, that is breach of contract. Yup. Sure is. Probably why the company wouldn't be in business anymore, which is specifically why you wanted the code in escrow in the first place.
The only reasonable solution to this problem from the large client's point of view is open source CVS archives. From the providers point of view, it was just a lawyer exercise and not very important.
Most interesting to me is that when I read the DIVX FAQ when DIVX first came out, they stated quite clearly what they intended to do in the case of insolvency. They stated that if you had purchased extended licenses that those licenses would be further extended for free or for an additional fee.
This is emphatically not what they actually did. They just closed up shop and went away and if you had actually purchased additional time on your DIVX movies, you lost out.
As far as I know, they never did enable the DIVX Gold viewing which was the "forever" mode. Only Silver which was a rent it for less mode or something. At the time, none of it was very appealing so I didn't pay much attention.
I won't buy a Clie because the "MagicGate" Memory Stick is CPRM (Content Protection for Recordable Media)enabled. This is just a sneak attack by the RIAA & MPAA. It is the boil-a-frog scenario. You can't boil a live frog by dumping it into a pot of boiling water. Nope, you need to start with cold water and boil it gradually.
Nobody cares if the data in their Palm is protected but this is just a method to get people used to CPRM devices.
Boycott the Clie until Sony (a member of MPAA with Sony Pictures) removes the CPRM from the device!
First, you should check with your professor. That is a simple rule. This isn't the real world but academia and different rules apply.
Second, and I suspect that the prof would tell you this, you don't get to reuse someone elses work without attribution. You give credit where it is due and you probably won't have a problem.
When I was in college whole scale duplicating of programming projects was the rule. The profs didn't clamp down on it and it. I did original work but many people took programming lab courses just because they were considered easy to cheat in.
Why do you lose vested options, simple. In my case the company wasn't public nor even funded in any real way. When I quit I had 90 days to purchase 10s of thousands of options at $1 per. I could have done it but it would have wiped out my savings completely. I concluded that the risk was too high. I could have exercised some portion if I wanted to as well but I opted to invest the cash instead, safer but lower potential return.
For someone with limited funds, I can see that in a pre-IPO company you just can't afford to spend the $s necessary to purchase your options.
In a public company, if the options have any value then you will always buy them because you can always sell enough to purchase the rest.
Slashdot Mirror
As for the current information, the only known exploit is with Apple's help: protocol. Disabling the help: protocol from the browser, which is surely not that important does plug that remote exploit.
Many people are looking to make sure that this kind of exploit isn't possible from another proprietary protocol handler. If another one shows up, I'm sure the information will be available quickly.
You can find an application to fix the remote exploit here:
MisFox
Tab to the Protocol Helpers, find help:, choose a different application. I used TextEdit.
You can verify that the exploit is disabled by cutting and pasting the following to your Safari Address Bar:
help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt
TextEdit runs, but the (harmless) script doesn't.
Someone please mod the parent up. The exploit is possible even if you don't have open safe files turned on.
The parent poster is correct and it isn't flamebait. The original story is not completely accurate.
Don't brush this off, this thing is real and dangerous. Ignorance is a bad reason to lose all of your files. Sure, it won't damage your OS if you have reasonable security but it certainly can propogate to other machines.
This thing is both an MP3 file and an full blown CFM application. If you drag and drop the file on iTunes it plays (safely since iTunes won't run the code). But if you double click it, it is an application and it can deliver destructive payloads before it launches iTunes to hide its true nature.
Google Groups For more information from the author of the demonstration trojan.
This thing is real. It is both an MP3 file and a full blown CFM application with an icon that makes it look like an MP3 file.
If you drag and drop it on iTunes, it opens and plays (safely since iTunes won't run the code). But if you double click it, it runs the application payload and then opens iTunes to hide its nature.
This is a bad thing for OS X (but not unexpected eventually).
No, burning a CD is pretty accurate conversion of an already lossy format (AAC) to a lossless format CD-Audio. Unless the AAC to AIFF conversion has bugs, the resulting AIFF audio should be the same as the original AAC audio with only a single generation of lossy compression artifacts.
The answer is yes, as long as you know how to login to cvs, checkout the playfair module, configure, make, and make install.
It is actually quite easy.
1) Make a CD from the protected AAC file
2) Rip the CD to unprotected AAC
3) there is no step 3
If you have a Mac with iMovie you can use iMovie to convert the protected AAC file to an unprotected AIFF file in 1 easy step and save $0.25 on the CD.
Wow, thanks. This was truly one of the most informative posts I have ever seen on /.
And me without any mod points of course.
I still remember when Steve Jobs came to Boston to hype the new NeXT Cube. Awesome demo. Amazing machine at the time if a little pricey. But you couldn't buy it. Had to be in school or a developer.
Ok, I'm a developer.
Steve is in the hall after the event answering questions. Someone asks, "how can I become a registered developer?" Steve's response, "well we don't need any _garage_ developers." Nice.
Never bought a NeXT after that. I suspected they weren't going to be popular.
Handwriting just hasn't been the same since Quill pens were replaced. Nobody knows how to trim a quill pen anymore.
A great loss.
I just made an audio CD from an EP I bought for $4.95. A coworker was able to rip the first track on a windows PC without restriction.
No DRM on the music is evident.
There are some minor limitations in Apple's software for the Mac but they are completely unobtrusive for real world fair use.
I'm very happy with Apple. They've done it right.
You CAN burn to an audio CD. I just did it (and only as an experiment, no flames) a coworker of mine is ripping it now on his windows PC.
That is equivalent to no DRM as far as I'm concerned.
Ignorance is bliss.
If you think switching from old apple MRJ (carbon) to Cocoa and a very standard JVM is trivial you are sadly mistaken.
This release is a huge win for OS X users. It puts the Mac in parity with Sun JVMs for the first time in many years. The UI is greatly enhanced by the use of Aqua and hardware graphics acceleration.
I suspect that finally OS X can stay nearly in parity with Sun's releases.
The new 1 GHz G4 PowerBook looked good until I saw the specs on the SuperDrive DVD writing. It is 1x. Pretty slow. I assume the 1x is because of the very slim form factor for the optical drive. Still disappointing though. I guess I will stick with my 800 MHz G4 for a while longer.
This could be a very bad thing for the Mac in general and OS X in particular if AOL doesn't actually switch their Windose users too.
I use Mozilla and love it but it isn't nearly compatible enough with the lousy websites out there for your average AOL user to use.
Now if they do the same for AOL on MSFT Windows then that is a whole different story. That is a very good thing because it will force many of those poorly designed websites to actually do W3C compliant sites. That will be good for everybody except Microsoft's monopoly.
yeah, cause nobody ever learned nothing from a book.
Are you sure about the OS not having much impact on the test? I've read that there is a floating point library in Mac OS X that is significantly slower than the equivalent in OS 9. Also, the virtual PC people have spent months on OS X getting the speed up on VPC due to issues in OS X with priorities and time-slicing.
I don't know much about how these benchmarks are written or how the compilers actually generate FP code but if they use a standard OS library that isn't particularly optimized then that would show up in the SPEC FP tests.
SPEC doesn't just measure CPU speed, it measures it in conjunction with the complete system that is being used to run the test. Unless they've changed their charter, this was always acknowledged by the SPEC consortium.
I would love to know what kind of impact OS X has on the benchmarks. Has anyone done the equivalent study using Yellow Dog Linux?
I know people are going to claim that the SPEC marks aren't susceptible to bias but the SPEC suite only test traditional architectures. As far as I know, they don't test for SIMD vector processing like the altivec.
No one ever claimed that the FP alone on the G4 was at supercomputer status, just that the G4 in conjunction with Altivec could crunch at FLOPs at "supercomputer" speeds.
Keep in mind that OS X is hardly optimized for this kind of test. OS X has just recently reached the point where it is useful as a general purpose platform. But Apple is making a big push in the scientific computing area so I expect that you will find vast improvements in the SPEC FP suite in the future.
I wrote a signifcant amount of the code. When I left, the version in escrow was 3 or 4 months old. The company has subsequently moved on to a complete rewrite that actually bears little resemblence to the original.
Now I don't really know but what are the odds that the version of the software that I worked on for 4 months which is now over a year old got placed in escrow? Not likely. If the large client ever needed to exercise the escrow agreement, they would only find a year old version of the software.
But, I can hear you, that is breach of contract. Yup. Sure is. Probably why the company wouldn't be in business anymore, which is specifically why you wanted the code in escrow in the first place.
The only reasonable solution to this problem from the large client's point of view is open source CVS archives. From the providers point of view, it was just a lawyer exercise and not very important.
This is emphatically not what they actually did. They just closed up shop and went away and if you had actually purchased additional time on your DIVX movies, you lost out.
As far as I know, they never did enable the DIVX Gold viewing which was the "forever" mode. Only Silver which was a rent it for less mode or something. At the time, none of it was very appealing so I didn't pay much attention.
Anyone have a copy of the original FAQ??
I'm sure that Ben Franklin just didn't understand that he would stop innovating if he couldn't have a 17 year monopoly.
That's what patent proponents keep saying anyway.
Nobody cares if the data in their Palm is protected but this is just a method to get people used to CPRM devices.
Boycott the Clie until Sony (a member of MPAA with Sony Pictures) removes the CPRM from the device!
Second, and I suspect that the prof would tell you this, you don't get to reuse someone elses work without attribution. You give credit where it is due and you probably won't have a problem.
When I was in college whole scale duplicating of programming projects was the rule. The profs didn't clamp down on it and it. I did original work but many people took programming lab courses just because they were considered easy to cheat in.
For someone with limited funds, I can see that in a pre-IPO company you just can't afford to spend the $s necessary to purchase your options.
In a public company, if the options have any value then you will always buy them because you can always sell enough to purchase the rest.