they left out the word inherently when they were typing this up.
Macs are not inherently safer than PCs, however, Apple has a MUCH better track record when it comes to writing secure code than Microsoft does...
I think the first Mac OS X virus we will see will be an Apache exploit [good luck, guys].
I also recommend that browser developers on all platforms, especially Mozilla developers, give it a hard look and take a lesson from its elegance.
Agreed, but PLEASE don't take a lesson from their [lack of] standards compliance.
Previous [and possibly current?] versions were riddled with Javascript bugs...
Some HTML is still parsed incorrectly...
and I think I've already beaten the CSS issue into the ground enough for one day...
and for the 97.3% of the web for which those things don't matter, Omniweb is a really nice browser to work with
I severely doubt that only 2.7% of websites use either HTML, Javascript, or CSS, but I do agree that everyone should try out OmniWeb for themselves.
The OmniGroup should be congratulated for all the work they've put into this pretty awesome browser, but I can't ignore some obvious flaws it has.
- Nicer interface (although Chimera has Aqua interface widgets, the ones in OmniWeb are nicer).
I don't care how nice the interface is if it doesn't render pages correctly! Get the rendering right, then make it pretty. I am still eagerly awaiting CSS support... This is one of the reasons why Chimera is bound to beat out OmniWeb eventually - they're using an already standard rendering engine, so they don't have to worry about half the stuff that the OmniWeb developers have to.
By the way, Omni Group wants you to pay for OmniWeb, and they give you little 'encouragements' to do so, but it's not crippleware
No, you're right, it's not crippleware, but if you leave a window alone for long enough, it gets a HUGE "unlicensed" watermark. Imagine how embarrassing that would be in an important presentation... so, I guess that's one of the encouragements.
Don't forget OmniWeb's use of MacOS X's spell checker. Very useful in forums like/., Fark.com, the MacGamer.com forums.
That's one of the many reasons why Cocoa based browsers will be more well liked than Carbon based ones... They get the added support of all sorts of system wide services (like spell checking, for instance).
(Chimera and OmniWeb seem to be the main contenders for Cocoa Web Browsers at this point...)
If OmniWeb would only support CSS correctly, it would be my primary browser.
I think the majority of people who are using OmniWeb are using it for one of these two reasons:
Pretty anti-aliased text
It's not microsoft made.
The first reason will disappear as soon as the next version of Mac OS X comes out - it will allow Carbon Apps to use the pretty quartz text - meaning IE will probably be as slick.
I know I keep pushing it, but once Chimera hits primetime it will be the best browser around.
Quite frankly, if you can't even remeber your password for a host, you shouldn't not be messing around at the command line at all and are likely to break something quite badly.
I agree.
The whole point of this article in the first place was to provide a way for lazy (or really crunched for time) people to bypass authentication for SSH.
I do not suggest using this method for many of the reasons that you said, as well as many that I said.
I know exactly how the Keychain works, but as I went to great pains to point out, this program fails to save time effectively if you are still prompted for authorization each time and if you are not, then it is insecure, and that's why IMO it's a bad idea.
For some reason (because it didn't fit your argument) you selectively ommited that part of my post from your reply and chose instead to ignore it.
Cool it. I think that rather than attacking me, you should be thinking about what the keychain was originally intended for: Maintaining secure information in such a way that requiring one password could provide access to tons of info. In X, at login your keychain is unlocked.
If you're going to talk about security, remind people that you can have your keychain automatically lock after periods of time.
Sorry this seems to have hit a vein, but I'm really not disagreeing with you about the insecurity of the "SSH Agent on Login" post. I am just making it very clear that the Keychain is the weakest link here, not the programs that someone posted.
As another poster mentioned, mouse events can spawn windows... This means that while a greedy website owner who put their window.open() in the onLoad tags would have their popups blocked, anyone could make it so mousing over a link to go to another page could spawn popunders, and such.
In addition, the point that I was trying to make is that just because a pop-up occurs when the page is loading doesn't necessarily mean that it is unwanted.
Perhaps more options would be helpful on browsers that offer this service...
Until a browser can read your mind (or have intelligent pop-up filtering code), it is far-fetched to say that it blocks all unwanted popups and doesn't block any wanted ones.
Both Chimera and Omniweb allow blocking of unwanted popups, if you're running Mac OS X.
Yes, I'm sure we all agree that popups are truly a pain, but we also run into some other issues with this: at what point do you draw the line between annoying and helpful?
What if a page is designed to use window.open() in a helpful way? Is disabling it in this scenario beneficial?
This was most of the reason why <blink> disappeared (mostly... now it's available in CSS): There weren't ANY ways to use it without being obnoxious.
If you store your passwords on your machine and permit programs to access your keychain (which stores them encrypted but *outputs* them as plain text), a malacious program could steal all your account passwords without you knowing.
Your assumption that any program can access any keychain item at any time is false. Each keychain item has specific programs assigned to it with different realms. Take a look at your keychain program, and you'll see a section that restricts program access.
The real security risk that you should be worried about is the fact that if your keychain is unlocked, anyone can go into your keychain application and view in plaintext any of your passwords.
If you make sure the Keychain prompted you before allowing applications to access the Keychain, then that would be all well and good, but then that would elimiate most of the useful functionality of this method
There is an option that you're overlooking: in the keychain manager you can set programs to only prompt you once. Anytime the program itself is modified (if you make a new build, or if you install an update), you are presented with a dialog asking you if you want to allow the program to have access to the keychain item. you can say "deny", "allow", and "always allow"
I don't wish to detract from someone's work, but this seems like someone's excuse not to have to remeber passwords.
I believe that was the entire point!
I don't recommend doing this trick if you're going to leave your keychain unlocked all the time, but if you have it set up more securely it could prove to be a very helpful addition to your setup.
According to the Taipei Times this disk is semi-transparent... and the picture confirms this.
My assumption is that this media is double-sided with higher density than a DVD.
My question is this: Given that the disk is almost clear, and that we have little to no information on the method by which the data is read and written, wouldn't applying any sort of label to the disk have negative adverse effects on the ability of the drive to read its contents?
In addition, when they say "The 100-gigabyte disc is larger than any other similar product in the world," they must surely be speaking of physical size, not capacity, correct?
According to the article at The Register, this is the result of Microsoft-AOL disputes. Here is a quote from that article:
AOL has been using IE for six years, since it inked a deal with Microsoft to use the software in exchange for AOL icons being placed on the Windows desktop. That deal expired in January 2001, and the companies decided not to renew it after disagreeing on terms such as the default media player.
This being the case, I would find it highly unlikely that this is just a Mac OS X change.
The way I see it, this is the first step for AOL to migrate over to Netscape (remember... AOL-Netscape?), their own browser on all of their supported platforms.
Don't hesitate to correct me if you know more stat than I do.
The author/editor is trying to say that flipping a coin 1000 times would have a higher percentage of "successes" than this machine did.
He's partially correct, and partially incorrect.
probability of getting 470 heads or less out of 1000 flips:
z=(.47-.50)/(sqrt(1000(.50)^2)=-.00189. p(z<=-.00189)=.49924.
Thus, there's almost a 50% chance of getting 47% or less successes purely by chance.
Now, a two proportion Z Test:
2-PropZTest(x1:500,n1:1000,x2:470,n2:1000,test p1!=p2)=z=1.3422.p=.1795
From the data presented in the article, there is no evidence that the proportion of correctly matched faces in the sample given is different from the proportion of heads you would receive if you flipped a fair coin 1000 times.
Conclusion:
Well, I would have to say that even after subtracting the cost of the coins, the airports would save lots of money if they just bought rolls of coins instead.
I suppose they expected the majority of people who heard the press about "bug squashing month" immediately decided that Microsoft was going to become more conscientious about security in the future...
Why doesn't Microsoft:
Hire people to spend each and every day trying to break their products, then report back on the vulnerabilities before the product release/update.
Read the [many] MSIE exploit pages, then fix those exploits.
Follow this important principle from perl's taint mode: Don't define what can't be done, define what can be done. That way you don't miss anything.
IMHO- It is normal to have vulnerabilities in software, but it is NOT normal to have them stay around as long as MS lets them.
I see a lot of comments around here of people insulting MS for having vulnerabilities... but I doubt you could cite any [relatively complex] piece of software that didn't have any bugs.
Attack them for not fixing the bugs, but don't attack them for having them.
However, what is the point of a Mac
server? I don't see any advantage to OS X Server over Linux, and x86 hardware is still cheaper and has better performance than PPC hardware.
This is almost completely true, but what you didn't consider is that a large percentage of the organizations who will be buying these servers will use them for Mac Manager.
As far as I know, there are no Linux Mac Manager servers.
Between this and all the Adobe/Macromedia patent infringement lawsuits, why isn't anyone [in DC] doing something about frivolous patents?
Is it possible for the US Gov't to revoke patents?
It's too bad that apple hasn't set up a method for others to use the software updater to keep all software on the machine upto date.
I think the only reason why apple hasn't done this yet is the fact that it opens up some security vulnerabilities.
For example, someone with bad intentions could post up an update to apple's software updater that updates every computer with OS 10.1 or higher... the updater would look like something important to some users, who would then install it. Now, you have the first OS X virus.
The risks of providing other people's software on that large of a scale requires a bit more thought than apple would like to put into it. (IMHO)
Slashdot Mirror
btw- the plural of virus is viruses not virii.
Macs are not inherently safer than PCs, however, Apple has a MUCH better track record when it comes to writing secure code than Microsoft does...
I think the first Mac OS X virus we will see will be an Apache exploit [good luck, guys].
whoops!
note to self: reading between the words is bad.
He is definitely NOT fifteen...
There's a clip later with the fifteen year old, but it's a different person.
Previous [and possibly current?] versions were riddled with Javascript bugs...
Some HTML is still parsed incorrectly...
and I think I've already beaten the CSS issue into the ground enough for one day... I severely doubt that only 2.7% of websites use either HTML, Javascript, or CSS, but I do agree that everyone should try out OmniWeb for themselves.
The OmniGroup should be congratulated for all the work they've put into this pretty awesome browser, but I can't ignore some obvious flaws it has.
(Chimera and OmniWeb seem to be the main contenders for Cocoa Web Browsers at this point...)
I think the majority of people who are using OmniWeb are using it for one of these two reasons:
The first reason will disappear as soon as the next version of Mac OS X comes out - it will allow Carbon Apps to use the pretty quartz text - meaning IE will probably be as slick.
I know I keep pushing it, but once Chimera hits primetime it will be the best browser around.
The whole point of this article in the first place was to provide a way for lazy (or really crunched for time) people to bypass authentication for SSH.
I do not suggest using this method for many of the reasons that you said, as well as many that I said. Cool it. I think that rather than attacking me, you should be thinking about what the keychain was originally intended for: Maintaining secure information in such a way that requiring one password could provide access to tons of info. In X, at login your keychain is unlocked.
If you're going to talk about security, remind people that you can have your keychain automatically lock after periods of time.
Sorry this seems to have hit a vein, but I'm really not disagreeing with you about the insecurity of the "SSH Agent on Login" post. I am just making it very clear that the Keychain is the weakest link here, not the programs that someone posted.
Take Care
In addition, the point that I was trying to make is that just because a pop-up occurs when the page is loading doesn't necessarily mean that it is unwanted.
Perhaps more options would be helpful on browsers that offer this service...
Until a browser can read your mind (or have intelligent pop-up filtering code), it is far-fetched to say that it blocks all unwanted popups and doesn't block any wanted ones.
Yes, I'm sure we all agree that popups are truly a pain, but we also run into some other issues with this: at what point do you draw the line between annoying and helpful?
What if a page is designed to use window.open() in a helpful way? Is disabling it in this scenario beneficial?
This was most of the reason why <blink> disappeared (mostly... now it's available in CSS): There weren't ANY ways to use it without being obnoxious.
The real security risk that you should be worried about is the fact that if your keychain is unlocked, anyone can go into your keychain application and view in plaintext any of your passwords. There is an option that you're overlooking: in the keychain manager you can set programs to only prompt you once. Anytime the program itself is modified (if you make a new build, or if you install an update), you are presented with a dialog asking you if you want to allow the program to have access to the keychain item. you can say "deny", "allow", and "always allow" I believe that was the entire point!
I don't recommend doing this trick if you're going to leave your keychain unlocked all the time, but if you have it set up more securely it could prove to be a very helpful addition to your setup.
...Now everyone who insults Microsoft's code will now be marked (-1) Redundant instead of (-1) Troll.
My assumption is that this media is double-sided with higher density than a DVD.
My question is this: Given that the disk is almost clear, and that we have little to no information on the method by which the data is read and written, wouldn't applying any sort of label to the disk have negative adverse effects on the ability of the drive to read its contents?
In addition, when they say "The 100-gigabyte disc is larger than any other similar product in the world," they must surely be speaking of physical size, not capacity, correct?
{billing example} ...... $1.00 ... $999.00
Changing One Line of Code
Knowing Which Line To Change
i was missing some parenthesis around .50^2
thanks for pointing that out.
This being the case, I would find it highly unlikely that this is just a Mac OS X change.
The way I see it, this is the first step for AOL to migrate over to Netscape (remember... AOL-Netscape?), their own browser on all of their supported platforms.
The author/editor is trying to say that flipping a coin 1000 times would have a higher percentage of "successes" than this machine did.
He's partially correct, and partially incorrect.
probability of getting 470 heads or less out of 1000 flips:
z=(.47-.50)/(sqrt(1000(.50)^2)=-.00189.
p(z<=-.00189)=.49924.
Thus, there's almost a 50% chance of getting 47% or less successes purely by chance.
Now, a two proportion Z Test:
2-PropZTest(x1:500,n1:1000,x2:470,n2:1000,test p1!=p2)=z=1.3422.p=.1795
From the data presented in the article, there is no evidence that the proportion of correctly matched faces in the sample given is different from the proportion of heads you would receive if you flipped a fair coin 1000 times.
Conclusion:
Well, I would have to say that even after subtracting the cost of the coins, the airports would save lots of money if they just bought rolls of coins instead.
Why doesn't Microsoft:
IMHO- It is normal to have vulnerabilities in software, but it is NOT normal to have them stay around as long as MS lets them.
I see a lot of comments around here of people insulting MS for having vulnerabilities... but I doubt you could cite any [relatively complex] piece of software that didn't have any bugs.
Attack them for not fixing the bugs, but don't attack them for having them.
BAM! Instant Webcast.
Well, that and external storage, but everybody has beaten that reason to death already.
As far as I know, there are no Linux Mac Manager servers.
Between this and all the Adobe/Macromedia patent infringement lawsuits, why isn't anyone [in DC] doing something about frivolous patents?
Is it possible for the US Gov't to revoke patents?
For example, someone with bad intentions could post up an update to apple's software updater that updates every computer with OS 10.1 or higher... the updater would look like something important to some users, who would then install it. Now, you have the first OS X virus.
The risks of providing other people's software on that large of a scale requires a bit more thought than apple would like to put into it. (IMHO)
You can spin the iPod's wheel, and it will adjust the current position.