Yes, but what's easier to fix - fix it once in the OS, or fix it over and over again with millions of people? I vote to make the OS deal with this better.
With Skype in particular, no only do they shaft their employees, but what about all the company executives that were fired shortly before the Microsoft acquisition so that they didn't need to get paid any bonuses on the sale of the company. Talk about grade-A psychopaths indeed.
I deploy it as my standard unarchiving utility on all desktops I manage. It replaces the Mac OS X built-in BOMArchiveHelper which isn't as smart about handling extracting multiple files at once, and it handles a vast range of file formats that you'd otherwise have to resort to the command-line to deal with. News of it adding RARv3 is the icing on the cake - not that I've encountered a RARv3 file, but because now I don't need to worry if I do as my standard utility will deal with it.
Disclosure: I've done some work as a commercial photographer, mostly because I enjoy the occasional change from the usual 9-5 IT work. Feel free to hit up the link in my sig.
Dear Anonymous Coward. You forgot to turn on your sig in your user preferences.
OK, I've just tested this (with another installer, not the malware) and you are right.
Safari downloads the file, unzips it and launches the Installer app.
I completely agree with you that this is an absolutely crazy default setting and it should be changed.
I'm adding the following script line to the first login script that I add to every SOE that I create: defaults write com.apple.Safari AutoOpenSafeDownloads -boolean No
I will also be putting this setting in Workgroup Manager just to be 100% sure.
The installer will ask for an administrator password, but you do need to step through it. It will also warn you if the installer has a preflight or installer check script as well that is executed before the installation is performed, although just about everyone (myself included) would click OK to this.
It did not download and execute, it downloaded and opend the installer. Your wife would have had to go clicking through a an installer, and provided her admin credentials, in order to have installed/run something.
Sorry, I'm not a Mac expert. All I know is that it automatically downloaded something, and automatically executed something.
What it did was automatically download a zip file. The default option for safari is to open "safe" files after downloading, and this includes zip files. Yes, this option is bad in my opinion, but it's relatively safe. Safari will not open up a.pkg file automatically.
After Safari downloaded and unzipped the zip file, you would then have ended up with a file in your ~/Downloads directory - the case I've seen is MacProtector.mpkg which is an installer package that has to be double-clicked on to launch and then this software needs an Administrator password to be entered. If you're not an admin user, you will need to enter the username and password of an administrative user to proceed, if you are running as an admin user, you just need to enter your password. If you are running as an admin user, I'd suggest you stop this straight away, this more than anything else will help keep your computer secure.
This software comes from somewhere in Russia (there are ru.lproj files in the package and no en.lproj as you normally see). Once you have the software on your machine, it can be quite difficult for a non-technical user to clean up, but it's not incredibly difficult (kill the processes and trash the app)
Just to recap though - Safari did download a file to your wife's computer. Safari did automatically unzip the file (or extract it from a dmg disk image if that's how it was distributed). From this point onwards though, it's the user's fault the software was installed. They would need to double-click on the downloaded installer and then enter an administrator's password to continue to install the malware.
To be fair, the web page I saw this on pops up a new browser window that has either a Windows or Mac (depending on your platform) specific layout - the Windows one looks similar to My Computer and the Mac one looks like a Finder window. This window then runs a "quick scan" that tells you your computer is infected and the downloaded file will, of course, remove this infection.
At the end of the day, a user's blind insistence to open an unknown installer and install this software with their administrator password burned you good and hard. It'll take minutes to force-quit the process and delete the offending app (although, had this been installed on my machine, I'd nuke from orbit too, just to be sure)
When you're rebuilding your wife's Mac, make an admin user when you first boot the machine. Then make a regular user account that your wife uses for her every-day usage. Finally, go into Safari > Preferences > General and untick Open "safe" files after downloading
Not only does that link still work after being reported, but it seems that they've crafted a Mac version of the page as well. Going to that link from Safari on a Mac launched a Finder-like window reporting all these issues with my machine, as well as downloading anti-malware.zip and I'd say it would be enough to fool a non-technical user for sure.
Completely off-topic - but I love hard SF. I see you've got quite an extensive bibliography - for someone who is unfamiliar with your work, where would be a good place to start. Kindle eBooks preferred for the instant gratification factor, dead trees will be considered though.
A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?
Linux users and Mac users could accidentally infect a Windows user.
Exacty. This is when I deploy mail servers on Macs, for Mac clients, they all have anti-virus enabled. The good ol' macro viruses have also reared their head on Macs as well...
Whether or not Macs and Linux machines can or can not get viruses, it's a policy decision - it's easier to mandate that ALL computers MUST have antivirus, not just some of them.
Bose's real high-end products, their pro audio and their commercial products are pretty good. Their in-car audio systems likewise are pretty good. About the only "good" audio equipment you can get retail however are their (overpriced) quiet comfort headphones.
All the shiny things you see in a Bose retail store are just a fraction of the things that Bose actually make.
Bose make some very good speaker systems. They also make some quite average-sounding speaker systems. They are all overpriced for what they deliver though, but the marketing behind them, and the sleek industrial design, makes sales for them.
Some of the high-end Bose stuff is quite good. Their midrange stuff is probably what was being referred to when mentioning no midrange.
Bose's more popular systems are the small coffee-cup sized satellite speakers and a large subwoofer. The satellites are great at producing high frequency sounds and the sub can generally put out more than enough bass for the system, but there's usually a lot of midrange sound missing. They are very carefully eq'd in store and set up in such a way that they sound as good as they can, and it's usually the abundance of warm and smooth bass that gets people hooked on them (along with the marketing)
Bose also do a vast amount of work that's completely unknown by the majority of the population - things like an experimental electromagnetic suspension system for cars - I've seen a video of what looks like a regular saloon car taking speed humps at a decent speed and the body of the car barely moves, it's all soaked up in the suspension. It's very heavy though and needs large amounts of power, which is why we're not driving around with it today, but aspects of it are working their way into production systems...
Simple things, things that should have never passed QA, and would never get out of the lab at Apple without being fixed.
Take, for instance, the simple matter of resizing a window. You can grab the window border and resize the window horizontally or vertically. This is good, what could be bad about a feature like this, Windows has let you do this for years.
Well, the target to grab, the window border's active draggable area is 2 pixels wide. Paul Fitts would like to say something about that.
You also use units to denote your level of precision - hence architects will often measure large quantities with small units, such as the 2600mm ceiling. a 2.6m ceiling could really be anywhere between 2550mm - 2649mm whereas a 2600mm ceiling implies that it's an accurate measure to the nearest millimetre.
...Although everybody seems to disagree about whether to use m, cm, or mm. We have native metric users that can't even agree on that.
Yes, and the whole point of the metric system is that things like this just don't matter as you just move a decimal point, the numbers are all the same.
One thing I love (or not) is when we have an article on an Aussie version of a US site, such as gizmodo.com.au which is sourced from the gizmodo.com site. They, for instance, are discussing a new car. They helpfully convert fuel economy from the imperial miles per gallon (which is fairly widely used) to kilometers per litre (which isn't used by anyone on earth) instead of converting it to litres per 100km...
In a way. The US is a big country so it takes a while to change things. All the signs would need changing, all the measurements in laws, all the schools, and much of the culture
There was an abandoned project in the 80's (I think) where highway signs in parts of the US were using metric and imperial measurements on it, however as these signs have aged they're getting replaced with imperial only versions.
I also understand that in US schools they're taught metric measurements as well as imperial measurements (however I'm sure the focus is vastly in favour of imperial units)
The laws, that's a big issue, but one that can change gradually. If the speed limit is 100km/h or 60mph, it's (almost) the same, and if you're caught going 75mph or 125km/h, it's still the same amount over the limit...
Culture - now, there's one thing that's going to be harder - hence the posting of this question...
Re: needing a pass for Experts Exchange - if the content isn't available freely then google can't index it. If you land on an Experts Exchange page from a google search just scroll... scroll... and scroll some more and you will see the actual content right at the very bottom of the page. No pass needed.
I used to hate experts exchange with a passion for their spamming of google results, now I don't really like them but there is at least some useful information there if you scroll to the bottom of the page.
It absolutely boggles my mind that this can still happen.
Adobe specifically have put in a redaction feature into Acrobat Pro just to do this, and it couldn't be easier to use.
You select the redaction tool and drag your mouse over the text to redact. Select as many pieces of text as you want, they're hilighted while you're doing it so you can see what you're doing.
Then, when you're done, click the Apply Redactions button and it's done.
Not only is the text on the page redacted, but any metadata (and there's often quite a bit in your average PDF) that could potentially leak important information is removed too. You now have a PDF that's safe to distribute and I'd wager that it's actually easier to do it this way than it would be to draw black rectangles over everything you want to hide.
Now, to you and I, $168M is an unimaginable amount of money. To some people, $168M is their personal fortune. To a company like Google, $168M is a single line item on their annual report. To a first-world government, $168M is a rounding error.
I am amazed that this is the world's largest solar tower plant and it only cost less than $200M. If these things are so cheap (ever priced up a coal-fired power station recently?) why aren't they being put up all over the place?
Thanks for digging that up - it's not the obtaining Office (and OneNote) as the school will provide the Windows version (but no the Mac version) at no extra cost under their Microsoft licensing agreement.
I'm also not against the use of Microsoft Office in general as it's pretty well the industry standard, and there are alternatives (Microsoft's own Mac version, as well as OpenOffice etc)
What I am annoyed about is their insisted reliance on something such as OneNote that doesn't have any alternative if you want to exchange information with other people using OneNote. I personally feel that something like a wiki would be a better and more flexible solution...
In breaking news from 150 years ago: "The clash of two titans — physics and chemistry — are major barriers to human heavier than air flight, and may well make it impossible... at least with current technologies."
You can't stream video to an AirPort Express, so there's no new analog hole for video content. Even with protected audio content, you could still burn this to a CD as Red Book CDDA audio, which you could then freely "Rip, Mix, Burn" so it hasn't really enabled anything new for audio either.
What it does allow for is replacing a dead AirPort Express with something more reliable. Those little fuckers (earlier models at least) had a very bad habit of just randomly dying, and usually after a bit more than one year old, conveniently out of warranty. The fault was 200V rated capacitors used in the power supply that were fine in a 110V supply area but eventually died when on 240V...
Slashdot Mirror
Yes, but what's easier to fix - fix it once in the OS, or fix it over and over again with millions of people?
I vote to make the OS deal with this better.
I would have loved to click the link in the article, but I couldn't as I too have given up my mouse...
With Skype in particular, no only do they shaft their employees, but what about all the company executives that were fired shortly before the Microsoft acquisition so that they didn't need to get paid any bonuses on the sale of the company. Talk about grade-A psychopaths indeed.
Just think how much they could make mining Bitcoins on this thing... Oh, actually, hang on...
I'll put in a big thanks for The Unarchiver.
I deploy it as my standard unarchiving utility on all desktops I manage. It replaces the Mac OS X built-in BOMArchiveHelper which isn't as smart about handling extracting multiple files at once, and it handles a vast range of file formats that you'd otherwise have to resort to the command-line to deal with. News of it adding RARv3 is the icing on the cake - not that I've encountered a RARv3 file, but because now I don't need to worry if I do as my standard utility will deal with it.
Big double-thumbs up to Dag Ågren. Cheers.
Disclosure: I've done some work as a commercial photographer, mostly because I enjoy the occasional change from the usual 9-5 IT work. Feel free to hit up the link in my sig.
Dear Anonymous Coward.
You forgot to turn on your sig in your user preferences.
OK, I've just tested this (with another installer, not the malware) and you are right.
Safari downloads the file, unzips it and launches the Installer app.
I completely agree with you that this is an absolutely crazy default setting and it should be changed.
I'm adding the following script line to the first login script that I add to every SOE that I create:
defaults write com.apple.Safari AutoOpenSafeDownloads -boolean No
I will also be putting this setting in Workgroup Manager just to be 100% sure.
The installer will ask for an administrator password, but you do need to step through it. It will also warn you if the installer has a preflight or installer check script as well that is executed before the installation is performed, although just about everyone (myself included) would click OK to this.
It did not download and execute, it downloaded and opend the installer. Your wife would have had to go clicking through a an installer, and provided her admin credentials, in order to have installed/run something.
Sorry, I'm not a Mac expert. All I know is that it automatically downloaded something, and automatically executed something.
What it did was automatically download a zip file. The default option for safari is to open "safe" files after downloading, and this includes zip files. Yes, this option is bad in my opinion, but it's relatively safe. Safari will not open up a .pkg file automatically.
After Safari downloaded and unzipped the zip file, you would then have ended up with a file in your ~/Downloads directory - the case I've seen is MacProtector.mpkg which is an installer package that has to be double-clicked on to launch and then this software needs an Administrator password to be entered. If you're not an admin user, you will need to enter the username and password of an administrative user to proceed, if you are running as an admin user, you just need to enter your password. If you are running as an admin user, I'd suggest you stop this straight away, this more than anything else will help keep your computer secure.
This software comes from somewhere in Russia (there are ru.lproj files in the package and no en.lproj as you normally see). Once you have the software on your machine, it can be quite difficult for a non-technical user to clean up, but it's not incredibly difficult (kill the processes and trash the app)
Just to recap though - Safari did download a file to your wife's computer. Safari did automatically unzip the file (or extract it from a dmg disk image if that's how it was distributed). From this point onwards though, it's the user's fault the software was installed. They would need to double-click on the downloaded installer and then enter an administrator's password to continue to install the malware.
To be fair, the web page I saw this on pops up a new browser window that has either a Windows or Mac (depending on your platform) specific layout - the Windows one looks similar to My Computer and the Mac one looks like a Finder window. This window then runs a "quick scan" that tells you your computer is infected and the downloaded file will, of course, remove this infection.
At the end of the day, a user's blind insistence to open an unknown installer and install this software with their administrator password burned you good and hard. It'll take minutes to force-quit the process and delete the offending app (although, had this been installed on my machine, I'd nuke from orbit too, just to be sure)
When you're rebuilding your wife's Mac, make an admin user when you first boot the machine. Then make a regular user account that your wife uses for her every-day usage. Finally, go into Safari > Preferences > General and untick Open "safe" files after downloading
Not only does that link still work after being reported, but it seems that they've crafted a Mac version of the page as well. Going to that link from Safari on a Mac launched a Finder-like window reporting all these issues with my machine, as well as downloading anti-malware.zip and I'd say it would be enough to fool a non-technical user for sure.
Completely off-topic - but I love hard SF. I see you've got quite an extensive bibliography - for someone who is unfamiliar with your work, where would be a good place to start. Kindle eBooks preferred for the instant gratification factor, dead trees will be considered though.
A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?
Linux users and Mac users could accidentally infect a Windows user.
Exacty. This is when I deploy mail servers on Macs, for Mac clients, they all have anti-virus enabled.
The good ol' macro viruses have also reared their head on Macs as well...
Whether or not Macs and Linux machines can or can not get viruses, it's a policy decision - it's easier to mandate that ALL computers MUST have antivirus, not just some of them.
Bose's real high-end products, their pro audio and their commercial products are pretty good. Their in-car audio systems likewise are pretty good. About the only "good" audio equipment you can get retail however are their (overpriced) quiet comfort headphones.
All the shiny things you see in a Bose retail store are just a fraction of the things that Bose actually make.
Bose make some very good speaker systems. They also make some quite average-sounding speaker systems. They are all overpriced for what they deliver though, but the marketing behind them, and the sleek industrial design, makes sales for them.
Some of the high-end Bose stuff is quite good. Their midrange stuff is probably what was being referred to when mentioning no midrange.
Bose's more popular systems are the small coffee-cup sized satellite speakers and a large subwoofer. The satellites are great at producing high frequency sounds and the sub can generally put out more than enough bass for the system, but there's usually a lot of midrange sound missing. They are very carefully eq'd in store and set up in such a way that they sound as good as they can, and it's usually the abundance of warm and smooth bass that gets people hooked on them (along with the marketing)
Bose also do a vast amount of work that's completely unknown by the majority of the population - things like an experimental electromagnetic suspension system for cars - I've seen a video of what looks like a regular saloon car taking speed humps at a decent speed and the body of the car barely moves, it's all soaked up in the suspension. It's very heavy though and needs large amounts of power, which is why we're not driving around with it today, but aspects of it are working their way into production systems...
Simple things, things that should have never passed QA, and would never get out of the lab at Apple without being fixed.
Take, for instance, the simple matter of resizing a window. You can grab the window border and resize the window horizontally or vertically. This is good, what could be bad about a feature like this, Windows has let you do this for years.
Well, the target to grab, the window border's active draggable area is 2 pixels wide. Paul Fitts would like to say something about that.
I'm sure if they talked to the right person at, say, Comodo if they could have an ssl cert for *.google.com, they'd probably just hand it out...
You also use units to denote your level of precision - hence architects will often measure large quantities with small units, such as the 2600mm ceiling. a 2.6m ceiling could really be anywhere between 2550mm - 2649mm whereas a 2600mm ceiling implies that it's an accurate measure to the nearest millimetre.
...Although everybody seems to disagree about whether to use m, cm, or mm. We have native metric users that can't even agree on that.
Yes, and the whole point of the metric system is that things like this just don't matter as you just move a decimal point, the numbers are all the same.
One thing I love (or not) is when we have an article on an Aussie version of a US site, such as gizmodo.com.au which is sourced from the gizmodo.com site. They, for instance, are discussing a new car. They helpfully convert fuel economy from the imperial miles per gallon (which is fairly widely used) to kilometers per litre (which isn't used by anyone on earth) instead of converting it to litres per 100km...
In a way. The US is a big country so it takes a while to change things. All the signs would need changing, all the measurements in laws, all the schools, and much of the culture
There was an abandoned project in the 80's (I think) where highway signs in parts of the US were using metric and imperial measurements on it, however as these signs have aged they're getting replaced with imperial only versions.
I also understand that in US schools they're taught metric measurements as well as imperial measurements (however I'm sure the focus is vastly in favour of imperial units)
The laws, that's a big issue, but one that can change gradually. If the speed limit is 100km/h or 60mph, it's (almost) the same, and if you're caught going 75mph or 125km/h, it's still the same amount over the limit...
Culture - now, there's one thing that's going to be harder - hence the posting of this question...
Re: needing a pass for Experts Exchange - if the content isn't available freely then google can't index it. If you land on an Experts Exchange page from a google search just scroll... scroll... and scroll some more and you will see the actual content right at the very bottom of the page. No pass needed.
I used to hate experts exchange with a passion for their spamming of google results, now I don't really like them but there is at least some useful information there if you scroll to the bottom of the page.
It absolutely boggles my mind that this can still happen.
Adobe specifically have put in a redaction feature into Acrobat Pro just to do this, and it couldn't be easier to use.
You select the redaction tool and drag your mouse over the text to redact. Select as many pieces of text as you want, they're hilighted while you're doing it so you can see what you're doing.
Then, when you're done, click the Apply Redactions button and it's done.
Not only is the text on the page redacted, but any metadata (and there's often quite a bit in your average PDF) that could potentially leak important information is removed too. You now have a PDF that's safe to distribute and I'd wager that it's actually easier to do it this way than it would be to draw black rectangles over everything you want to hide.
Now, to you and I, $168M is an unimaginable amount of money.
To some people, $168M is their personal fortune.
To a company like Google, $168M is a single line item on their annual report.
To a first-world government, $168M is a rounding error.
I am amazed that this is the world's largest solar tower plant and it only cost less than $200M. If these things are so cheap (ever priced up a coal-fired power station recently?) why aren't they being put up all over the place?
Thanks for digging that up - it's not the obtaining Office (and OneNote) as the school will provide the Windows version (but no the Mac version) at no extra cost under their Microsoft licensing agreement.
I'm also not against the use of Microsoft Office in general as it's pretty well the industry standard, and there are alternatives (Microsoft's own Mac version, as well as OpenOffice etc)
What I am annoyed about is their insisted reliance on something such as OneNote that doesn't have any alternative if you want to exchange information with other people using OneNote. I personally feel that something like a wiki would be a better and more flexible solution...
In breaking news from 150 years ago: "The clash of two titans — physics and chemistry — are major barriers to human heavier than air flight, and may well make it impossible ... at least with current technologies."
You can't stream video to an AirPort Express, so there's no new analog hole for video content.
Even with protected audio content, you could still burn this to a CD as Red Book CDDA audio, which you could then freely "Rip, Mix, Burn" so it hasn't really enabled anything new for audio either.
What it does allow for is replacing a dead AirPort Express with something more reliable. Those little fuckers (earlier models at least) had a very bad habit of just randomly dying, and usually after a bit more than one year old, conveniently out of warranty. The fault was 200V rated capacitors used in the power supply that were fine in a 110V supply area but eventually died when on 240V...