1832 posts • joined 18 Jun 2009
This is quite a gaping hole though
Summary of the article: lock down your machine all you want and in as many ways as you can, someone can still stroll along, plug in a dongle and take an image of your RAM. Furthermore, in OS X in particular they can use that image to find your password and thereby have unfettered access to everything else — though just the RAM bit is a major concern.
Story appears to contradict itself
In Lion, turning FileVault disk encryption on has the effect of disabling automatic login. So if the latter defeats the vulnerability then, contrary to the article, the former isn't vulnerable.
That aside, Firewire was designed when people were still very naive about security and manages to be faster than USB mainly by keeping the CPU out of the loop, so I'm not sure Apple can fix this in software. Hopefully Apple and Intel have been smarter with Thunderbolt, but we'll see.
Future product transitions are more likely
As in "oh dear, phones risk eating away at our iPod money, better make a phone" and "the phone now seems to have some decent competition, better ship a tablet or something". I think the share price is more based on the perception that Apple are very good at churning out new consumer hits, even with the occasional misfire, rather than that they're tied to any market in particular.
Of course, if any shareholders based their purchase on the idea that a third of US consumers are going to buy an iPhone then they're in for a disappointment as this survey is clearly way off the mark. I guess some sort of iPhone Nano could alter the balance but I don't see any reason the Android-for-the-mass-market juggernaut should stop.
Not correct (or incorrect), just historical
Per OED, in modern usage decimate may just mean "remove a large proportion of". The meaning has shifted since antiquity, as it has for many other words.
Obvious comments, mostly:
Re: removing Java, I assume the intention is to remove it just as any other bit of code included in 10.6 but not in 10.7 is removed. I hope there's some logic that tries to preserve it if you've been using it (e.g., if you have Java-utilising apps installed) and that it just didn't work here, but can't claim to be particularly confident. However, there are lots of reasons not to include software in an OS distribution other than politics. Apple's defence that if they make it an OS feature then they become responsible for maintaining it and that nobody else ships it as an OS feature is reasonably convincing, though you're probably right that politics was involved.
Re: Versions, as already pointed out, this not only ensures that what is on disk is kept up-to-date with whatever edits you've made, but also retains all older version for browsing. So there's no "too late!" in your example — just scroll back through the revisions and find the one you like. Though I'm unclear as to what the behaviour is when exporting a file to an OS that can't do revisions, such as when you email a file, copy it to a flash drive, use an external server, etc.
While I agree that it'd be nice to be able to turn off restore permanently and wouldn't be surprised if Apple added it (after all, they gave us the opaque menu bar back eventually), I'd be surprised if Versions becomes an optional feature. If anything I'd expect it to be baked into the filing system proper at a later date, rather than handled via a SQL database that is itself a file.
If you equate real searching with regular expressions then no. However the same (nested) Boolean, wildcard, case and date stuff carries over. So the search is glob-like, which I guess also doesn't do a real search by your criteria.
For documentation, see http://developer.apple.com/library/mac/#documentation/Carbon/Conceptual/SpotlightQuery/Concepts/QueryFormat.html
I stand corrected, but in my defence I was thinking of a careless security mistake in a piece of software that was actually exploited. As the article you link to says "Having the passwords will not do anybody any good for the moment [...] nobody even seems certain that the accounts access the machine at all". However it was my mistake to conflate the two things and to claim that you were wrong.
As to the rest of my original post, I'm still uncertain as to how one would put damaging software onto an Apple battery. I don't deny that there's a potential security problem here (though if the battery firmware could be altered only by a piece of software already running as root on the machine then I might, since then logically the number of attack vectors isn't increased, just the number of attacks) but I'm curious what a prudent person should do in response.
Minor correction: Apple have never hard coded the root password for iOS devices; certain jail break tools used to do that, creating a security flaw for users of those tools only.
I otherwise agree with you mostly, Apple's attitude seemingly being that security updates aren't very urgent.
One thing I'm unsure of from the article: how do you perform the attack? Do you need physical access and/or root permissions? Anything of that nature that comes through Software Update requires an administrator password - does this flaw get around that somehow?
They've a vested interest in upsell, though
As will anybody else that enters the market. And once Windows for ARM is out, somebody else will have exactly the same motivations that they did during the period in which Intel netbooks mysteriously doubled in price.
@ Someone has used "a handle is required"
If your only complaint against Objective-C is the manual memory management (which is reference counted so as to keep all management decisions local, but that's about the only positive thing you can think of to say about it), then you're behind the times. A garbage collector was added in 10.6, albeit that it was a hassle to write suitable code, and automatic reference counting is added in the new compiler and 10.7, which does it all for you at runtime via [a limited form of] static analysis. It's so easy to use and so trusted that it's enabled by default for new projects. You can even enable or disable it file-by-file so as to migrate existing projects and to continue to interface with standard C and C++ code without problems.
Of course, most people's complaints against Objective-C go a lot deeper so you probably have other concerns, but that's the only complaint I've ever agreed with and now seems to be solved.
Adobe are so infuriating
They've gone the same route as Opera and a hundred other under-staffed open source projects previously; their version of supporting OS X is not to use the normal system APIs to achieve normal system integration, but to attempt to mimic it by other means. Adobe's mimicry is a lot better than most, but suffers the same problems: it's built on a series of empirical observations and assumptions, and is prone to sticking out like a sore thumb as soon as extra or changed built-in functionality is provided by the OS.
In the case of Opera/etc you usually end up at the conclusion that the software producer doesn't really care but with Adobe I tend to get the impression that they spend most of their days layering hack upon hack upon hack to try to keep a twenty-year-old code base from falling apart. That may well be the most profitable thing to do, but it's not exactly surprising that they seem to stumble from technical issue to technical issue.
InDesign being the exception to the rule?
The reason InDesign took so much market share from Quark Express, even before the Creative Suite, was that it worked on OS X a lot earlier. It's a shame Adobe didn't seem to learn very much from that early embrace of a new technology.
I think it's the sandboxing that makes the story
The story is quite clear, as you point out, that ASLR and full disk encryption are areas in which OS X has now caught up with Windows and Linux (or Ubuntu as it seems to call it). It then suggests that sand boxing processes and designing the applications (and daemons) that come with the system to isolate different logical parts into different processes within different sandboxes constituted a step in advance of any of the competing operating systems. So that's the leapfrog jump — the fact that the supplied browser, email app, PDF viewer, etc are all now aggressively using sand boxing, for which there is now high level API support.
Whether or not that's a valid assessment is one thing; just repeating what the article already says about areas where Apple have played catch up is quite another.
Re: pre-emptive multitasking, citing Apple's failure to transition to a modern OS until around 2000 feels a bit disingenuous as a comment on the OS they transitioned to.
Re: 64bit, that's been a feature since 2005. The difference in approaches has been that Apple have uncharacteristically gone for a gradual transition, though I think that's because the hardware has made a gradual transition.
iOS is behind on some of the features listed
For example, jailbreakme.com uses a PDF exploit — a buffer overrun or some other flaw that allows a maliciously crafted PDF to perform arbitrary code execution. The cat and mouse with Apple from that specific method of jailbreaking has surrounded finding exploitable flaws in the PDF renderer and fixing them.
In Lion, PDF parsing and rendering is devolved to one or more separate, sand boxed processes that don't have the ability to read or write to files or otherwise communicate very widely with the outside world. So Lion takes a big step forward in trying to secure against that type of exploit.
Of course there are likely to be further flaws and exploits, but Lion is a step up from iOS in terms of overall security. Since iOS and OS X use the same kernel and share many of the system APIs (though the user interface stuff is deliberately very different), the general rule is that whichever was released most recently has Apple's most up-to-date security. I expect the new OS X stuff will migrate to iOS in the near future.
A fluff piece, but too much hyperbole on your part
"OSX was the worst security offender in the world with 1500 vulns as per securnia"
Secunia issue advisories. Each advisory may mention multiple related vulnerabilities.
They lists 1555 vulnerabilities for all versions of Mac OS X between 2003 and 2011 combined. In terms of advisories, they are aware of 8 unpatched advisories from a total of 155 in the full 8 years they've been tracking the OS. The most severe unpatched advisory is rated by them as "Moderately critical".
Compare to Windows, which is broken down by release. Like all versions of OS X added together, Windows Vista has 8 unpatched advisories, from pretty much the same all-time total (157 versus 155, but whatever). The most severe unpatched advisory is rated as "Highly critical".
Windows 7 has only 5 unpatched advisories of 76 to date but the most severe is again "Highly critical".
Linux is broken down by distribution, which makes it hard to compare. But that's not just a statistical tabulation difference, it's a real on-the-ground difference so fair enough. For the record, Ubuntu 10.10 has been the subject of 133 advisories to date but all have been patched. So kudos to the Linux crowd.
But to go from that to "OSX was the worst security offender in the world" feels like overreaching. It requires you to compare eight years of Apple's problems with two years of Microsoft's, to ignore the advice Secunia are actually giving as to the seriousness of the problems and to conflate problems that were solved with ones that remain an issue.
@AC: not quite that simple
OS X's sandboxing is exposed for use of all applications via a high-level API and is implemented across all applications that the OS comes with. So those are both huge steps, but the sand boxing doesn't apply to software that isn't written to use it. So your existing applications aren't sand boxed, at least in the sense that the term is being used here.
Apple have stated that applications must use the sand boxing to be accepted onto the App Store as of some date later in the year, so there is a carrot and stick aspect to it, but you can still download any old application you want from the Internet and it can still do whatever it wants (or, more relevantly, expose exploits that allow malicious agents to use it as an agent to do whatever they want).
Is it usable outside of Windows?
The Steam system requirements list Windows 2000/XP/Vista but also "Sound Cards Supported: AdLib compatible cards, SoundBlaster compatible cards and the Roland LAPC-1". So does it come in a form where I could transfer it to DosBox on another platform?
You're not allowing for the separate educational store
"University and college students or students accepted to university or college" qualify, and educational pricing for the MacBook Air is "from £730" (though I'm not sure exactly what you get for being in the student category, as you can't access the store other than from your campus network).
The original MacBook also lives on for bulk educational purchasers, much as they had exclusive access to the eMac for quite a few years back in the early-to-mid 2000s.
Not quite right on the facts
Small correction: Mini DisplayPort and Thunderbolt have the same physical connector and any Thunderbolt-equipped Mac can use the exact same accessories as a Mini-DisplayPort-equipped Mac for connection to external displays.
Obviously you can also connect any old DVD drive you want, no need to buy an Apple-branded one.
I'm a hawk on eliminating the optical media drive from all computers on the grounds that I barely use mine and don't recall ever having used one away from my home. So investing in a single, external drive and keeping that with the USB floppy drive on my shelf feels like an acceptable way to reduce the cost and size of any future computers I buy. You know, across the whole industry, irrespective of whether specific individual manufacturers pass savings on.
It's not a video port; it is backwards compatible
The new port, codeveloped with Intel, can be used to interface to displays, storage (at better-than-eSata speeds), peripherals, external graphics cards, etc. That's why it has been developed. The objective is to further shrink the number of ports on computers, and a secondary benefit taken advantage of by this monitor is that the monitor can act as a break-out box since it provides USB, Firewire, ethernet and Thunderbolt ports while connecting to the computer via a single cable.
If you have any mini-displayport peripherals, you can plug those directly into your Thunderbolt port instead. It's backwards compatible.
I think some people can be oversensitive, given how often Flash support is used as a proxy by those that determine in advance that they want to say something negative for its own sake and only subsequently pick through the feature list to find something specific to say.
I also don't think the comment deserved any down votes.
Allowing for VAT...
... UK prices are actually cheaper. 69p - VAT = 57.5p. 57.5p converted to USD is 92 cents. The 99 cents doesn't include sales tax because there is no national US tax; if you live in a state that collects tax on digital downloads then it'll be added to the $0.99.
Not sure where the £120 comes from...
... but you can upload e-books from any source to your Kindle, subject to file format restrictions. Its most native format is mobi, not the more common epub, with plain text and PDF support also available, though panning and zooming on a PDF is very, very painful due to screen response times so you ideally want one formatted for A5 or smaller.
It'll confirm everything you secretly suspected about open source user interface design, but Calibre (and others I've forgotten the names of) can do conversions for you if you have any suitably non-DRMd epubs about. Project Gutenberg will give you mobi files directly, but that's generally unnecessary since Amazon seem to have grabbed them all and put them into their shop already. Though you often have to navigate thirty chancers who have opportunistically uploaded the same content with a price tag.
Piracy! Someone call FAST!
You know, because another way of obtaining Manic Miner is to connect your Spectrum up to the headphone socket of your computer and play the YouTube video you've helpfully embedded. Ummm, unless the usual psychoacoustics have stripped too much. The Kansas City Standard, as on the Electron and BBC, used 1200 and 2400 Hz near-sinal waves but switching between them digitally to give quite a complicated DCT. Not sure what the Spectrum ROMs did in exact frequency terms, but it was a digital output with serialisation and de-serialisation handled on the CPU if I recall correctly (ie, it was the exact same circuits as the 48k sound output), so probably that loses even more in MP3s.
Not such a great plan
In that it would create unpredictability for every other party wanting to use HTML5 that has played properly and hence doesn't have patents to trade with W3C.
But, yes, I support the sentiment that Apple's hand should be forced somehow.
Android devices have been on the market for about 75% as long as iOS devices, Android phones outsell iPhones in several major markets, yet they manage only about 50% as much traffic per this article. And that's seemingly discounting the iPod Touch.
My feeling is that because Android is flexible and open, a lot of people are getting Android phones with expensive data plans, and in terms of quantities shipped it's still primarily a phone operating system. So there's no real one versus the other conclusion to be drawn, other than - as I say in my title - claiming pretty impressive market share based on little time in the wild doesn't add up.
... they probably had someone much cheaper doing the ordinary "social networks, telephones and other social-engineering vectors" testing, or already had them done. Or the point was to prove to somebody that those aren't the exclusive points of attack rather than that the system is safe.
To be fair though...
... Android has probably just reached its stable share, having reached it very quickly because growth was so incredible last year. Apple will obviously want to try to chip away at that because gain from anyone is good for them, but it's not a fight to the death. Markets can contain more than one leading brand and market share generally doesn't operate like a game of Risk. While we're talking the realities of the real world, is it also safe to point out that open versus closed ideologies are basically a fringe debate?
@AC: you're arguing a different point
The contentious statement was "People have been opting for android because of apple and the company ethos", which even you don't agree with, instead citing considerations about the actual product. The other posters have similarly supplied a bunch of reasons that people — including well educated people with no other motivations — choose an Android handset over the iPhone. To try to boil this conversation down into Apple fanboys versus the world requires incredible blinkers.
Pretty safe guesses then?
Bits I could have figured out for myself:
(1) Apple will launch a new iPhone this year;
(2) it'll be faster than the old iPhone.
Adding a higher resolution camera is something I might not have guessed, though that's because I don't see the point; photos I take on my phone tend to be imperfect for a bunch of non-pixel resolution related reasons, and as good as anything I get from any other point and shoot camera.
I guess the form has more or less settled down again.
Pros and cons though
While I'd prefer to keep myself insulated from News International, The Telegraph Group, etc, and Apple already have my details, I'm quite against Apple for imposing the price match condition. Fair enough if they want to impose a 30% charge on subscriptions, if that's what they've calculated the market will tolerate then good luck to them, but to then say that even if the iOS App Store isn't the most cost effective way to deliver to consumers then the extra costs can't be passed on puts far too much of a burden on producers.
Disagree on a bunch of points, but by no means all
(c) and (h): these extra features tend to be things that people don't actually care about, outside of a tech blog niche, and in any case can generally be found on Android phones too — with similarly few people particularly interested.
(e): I attended a Nokia development day recently, where we were given free phones and lots of information, and told about the latest cash prize development competitions. The Nokia employees were very nice and are clearly trying very hard.
(g): actually, I think quite a lot of people can tell you that Nokia phones come with Carl Zeiss lenses. They just also (very erroneously) think that it's a made-up brand ala Matsui. So this hits the (c)/(h) point of people not being particularly interested. On screens they're not really any better. The iPhone still has the leading DPI, and I think that Samsung's AMOLED screens provide the best overall colour. I have the feeling Nokia use a similar OLED technology at the top of the range, but they're definitely not ahead on that front.
On the purely technical/internals front (which I think people definitely don't care about at all, whereas I accept that some people do care about whether they can connect up via HDMI), Nokia are almost alone in being yet to produce an ARMv7 phone, and tend to go with the less powerful Broadcom GPUs rather than the good PowerVR stuff. So I wouldn't say they're technically brilliant.
That said, you're completely right that they do the phone stuff brilliantly. I used a Nokia phone up until 2008 and was very often the only person able to get a signal, especially when I lived in Cumbria. However, I find the OS a bit confused and inconsistent (eg, on the N8, just talking about built-in apps, some scroll areas require you to touch and pull a scroll bar, some are direct manipulation with no inertia, some have inertia but it varies from app to app), have never understood their holy devotion to having just one slightly peculiar font — especially as it makes web pages look really awful.
So, ummm, conclusion: hardware very good in some areas, good enough in all others, software definitely needed a change.
It'd just look like the TV is constantly halfway between a fade from one to the other, surely?
If it follows the normal App Store rules, then you can have unlimited downloads for as long as the product is available. Which, I appreciate, answers only one of your very minor concerns, but there you go.
Might be smart to do a completely clean install, grab a Time Machine backup right then, and any time you want to refresh just chose 'restore from Time Machine backup' via the recovery disk that came with your machine (which was also the OS disk, at least up until now).
Who are you talking about?
You seem to have some sort of confirmation bias. Scroll up the screen and look at the comments posted before the 31st of May at 13:28 and there's nothing like a flock of anyone in particular, and almost no whining.
It's 70% of those returned
Since the overall proportion returned is probably, I don't know, 10% at the absolute worst, the average smartphone punter isn't imputed at all. What they're probably trying to do is put pressure on Google by stating publicly that Marketplace policies have given them a dramatic increase in returns.
Like you, I suspect that this isn't much of a problem at all to most people.
Fingers crossed for new development tools
You're probably quite safe
Demographic differences are the most relevant thing I think - amongst the Mac demographic is a significant group of people with no technical grounding. A desktop Linux user is unlikely to believe that there's some magical piece of antivirus software installed that they didn't know about, and weirdly never saw before becoming 'infected', or alternatively that you can virus scan from within a browser, and is very unlikely to act without secondary confirmation (by manual inspection of the filing, possibly) and without first checking the web for suitable open source tools.
At a guess...
... they'll adapt the x86 emulation code they bought with Virtual PC and deploy on the XBox 360 when running XBox games. Obviously it'll need some work because the target processor is ARM rather than PowerPC but it's probably easier than starting from nothing.
Quite the opposite
Per the Bloomberg article you link to: "Microsoft, the world’s largest software maker, will showcase the interface running on hardware with an Nvidia Corp. (NVDA) Tegra chip, the people said last week, declining to be identified because the plans are confidential."
So that would make it sound like they're interested in doing tablets with ARM and ARM only.
One more difference
Apple got out of its funk by abandoning the existing software platform, bringing in external management and merging in an external development team, then segueing into a brand new market and then several other new markets.
Nokia already switched management and are outsourcing a large part of the software stack. But they're effectively ceding a significant part of their destiny, something Apple have always managed to avoid.
That said, I agree with the article. Nokia's nothing like finished, its old strategy was on a crash course long before Elop turned up, and the platform switch gamble is the only workable way forwards. You can argue about the decision to use Windows Mobile versus other comers, but its hardly the most significant of his decisions.
There's a difference in approach though
Apple assume everything to be malevolent until they've discovered it to be otherwise. Google assume everything to be benign until they've discovered it to be otherwise. And that's without getting into the tests each applies to determine what they think shouldn't be made available to customers.
They're trojans though
So OS security doesn't really come into it. That's the whole point of the trojan horse — the security is sufficiently onerous that you just get someone trusted to let you in.
Slight problem versus the NDK, presumably?
And I was under the impression that the only way to compile C code is via NDK, bypassing Android's virtual machine, giving a lazy option to EA, Epic, etc when porting their engines. I guess it'll be fine though — I'll bet that 99% of applications are purely Dalvik based.
... or you could just copy and paste the file URL from the 'Activity' window to the 'Downloads' window. No need to include bit.ly or anything similar, whatever happens. Or install the ClickToFlash extension (from about halfway down the page you go to if you click 'Get Extensions'), right click on the youtube video and select 'Download Video'.
Then go back to doing whatever you were really browsing for in whatever browser you like.
The inclusion of an anti-malware tool with versions of the OS since 2009 — per the article — would appear to make your comment a little late.
You're accusing iTards of ad hominem attacks? Surely some sort of satire?
I'm of the opinion that the 'i' has outlived its welcome, but I guess it makes it very easy to come up with brand names that are legally protectable and which associate new products with a person's existing perceptions of Apple.
I was sort of hoping that MobileMe indicated a move away from iEverything, with the iPad getting the name because the similarity to iPod was just too alluring, but I guess that wasn't the case. Oh well, they're just names.
From the article, Apple's complaints — and my guesses at the reasoning behind them are:
"infringed upon patents and violated its trademark", i.e. manufactured (if he was painting them himself as other commenters allege) and sold equipment with the Apple logo on without permission.
"using deceptive practices in the creation and sale of the product", presumably by making some sort of claim that these were authentic Apple parts for genuine white iPhones rather than genuine black parts, repainted.
Though it's ironic that Apple appear to be using (amongst others) laws with the purpose of allowing a company to protect is reputation to sue a 17-year old who through significant initiative managed to fill a gap they'd created when they failed to ship a simple product for an extended period of time. I think they're being really stupid on this one.
The "rabid fanboi" of your imagination doesn't exist. It's just a cheap caricature, calculated to inflame, that you've conveniently picked upon to be a scapegoat.
The default user is an Administrator in OS X parlance. Such privilege is not the same as and is significantly less than root.
- Updated HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
- Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
- NOW we know why Apple went running to IBM: iPad is an iFAD
- PROOF the Apple iPhone 6 rumor mill hype-gasm has reached its logical conclusion
- Black Hat anti-Tor talk smashed by lawyers' wrecking ball