My MacBook battery, which has had problems in the past, suddenly decided not to charge at all.  Well, one Mac fanatic friend had been on at me to take it in to an Apple Store and have it repaired, as it was still under warranty.I have now had my first, and hopefully last, experience of an Apple Store.

I’m fortunate.  I live in one of the few places in BC where you are less than 500 miles away from an Apple store.  I looked it up on the Web.  I even made a reservation.  Turns out that was porbalby a good thing.

I made the appointment later in the day, after business hours.  The Apple store I chose was in the downtown core, so I figured that I had best do it after office hours, to reduce demand from businesspeople needing to have their devices fixed.

As I approached the Apple Store, I could see which one it was.  This is because, unlike every other store in the mall, it had signage sticking out into the mall.  All the other stores had signage above the front face of the store.  The Apple was relatively small and tasteful.  But it also seemed to indicate a “the rules don’t apply to us” attitude.

Since it was late in the day, the mall was not crowded.  However, my second indication that I was near the Apple Store was a crowd of people outside the store, all looking at iPhones or iPads or with iPods plugged into their ears.

As I got to the store, I could see that it was narrow, but fairly deep.  There were devices of all types (in boxes) wallpapering the walls.  There were two rows of tables, with various devices and laptops on them.  And hordes of people.

It was packed.  It was crowded.  It was noisy.  It was a zoo.  I had a hard time fighting my way to the back to the service desk.  (Sorry.  “Genius Bar.”)

One of the staff asked what I wanted, and I told him repairs.  I told him my name and the time of my appointment.  He said someone would be with me shortly, probably before my appointment time.

At the appointment time, someone found me.  He asked what the problem was.  (At least, I think so.  He had a slight accent, but the noise of the crowd made it extremely hard to hear anything.)  I told him about the consistent problem with charging time, the refusal to charge, and the fact that, after having tried all kinds of rebooting and pulling plugs and checking profiles, that leaving it plugged in while I did some other work had apparently resulted in it finally charging up.

He looked at it and told me it was charged up.

I told him about the consistent problem with charging time, the refusal to charge, and the fact that, after having tried all kinds of rebooting and pulling plugs and checking profiles, that leaving it plugged in while I did some other work had apparently resulted in it finally charging up.

He said he couldn’t do anything while it was charged.

All this had taken place at one of the tables, not the “genius bar.”  (I guess you have to be relatively near the bar to be an actual genius.)  So we moved over there, and he decided that looking at some YouTube videos might run the battery down a bit.  (I suggested that news sites seemed to be faster, but he’s the genius.)  After running the battery down a bit, he looked at the power profile.  Then he rebooted and looked at some diagnostic utility that must be built in, but not accessbile to us plebes.  Then he looked at some other similar utility.  Then he looked at some logs.  Then he ran a short diagnostic.  He told me there the utilities showed that the battery was fine, but the logs said that at one time it wasn’t.  So I’d have to get the battery replaced.  He gave me some forms to sign and disappeared into the back.

I signed the forms and waited.  And waited.  And waited.  Eventually I started to think that maybe he was, in fact, doing the battery replacement.  I waited some more.  And more.

Finally he came back.  He said he had replaced the battery.  It certainly seemed to have less charge than before.  He showed me the power profile, and it now showed 0 cycles rather than the 47 it had showed before.  (This is less comforting than you’d think, since one of the other diagnostics had showed 42 cycles.)

I will take it on faith that he replaced the battery.  Since then I have run down the battery (watching an hour of live video on what was supposed to be a five hour charge), fully charged it, and run it for about seven hours.

But I sure don’t have much faith in them …

Since then, another Mac fanatic has told me that I should buy the extended warranty on the MacBook, since it was really comforting to know that Apple would fix all the problems that would happen over a three year period.

This advice is less reassuring than one might suppose …

BKMXSLMM.RVW   20110202

“Mac OS X Snow Leopard: The Missing Manual”, David Pogue, 2009, 978-0-596-15328-1, U$34.99/C$43.99
%A   David Pogue david@pogueman.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-15328-1 0-596-15328-7
%I   O’Reilly & Associates, Inc.
%O   U$34.99/C$43.99 800-998-9938 fax: 707-829-0104 nuts@ora.com
%O  http://www.amazon.com/exec/obidos/ASIN/0596153287/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0596153287/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596153287/robsladesin03-20
%O   Audience i+ Tech 3 Writing 2 (see revfaq.htm for explanation)
%P   885 p.
%T   “Mac OS X Snow Leopard: The Missing Manual”

The introduction to the book states that it is intended for all levels of users, although it is primarily directed at those with an intermediate level of familiarity with previous Mac versions.

Part one introduces the Desktop, and general interface functions.  Chapter one is about folders and windows.  It definitely provides the information necessary to begin to operate the computer, but it also gives the lie to the statement that the Mac is easy to use.  There are a huge number of options for different functions, so many that it is impossible to remember them all.  The material is generally organized by topic, but there are notes, tips, and mentions buried in the text, and it is almost impossible to find these again, when you go back to look for them.  (Given the size of the book, I hesitate to suggest an expansion, but a page or two, at the end of each chapter, listing the points made, would probably be quite helpful.  And the “delete” key definitely needs to be listed in either the index or the key shortcuts appendix.)  The descriptions of operations are also incomplete in some cases.  There is mention of an indicator under Dock items which have open windows, but not that processes with no open windows may still show this indicator.

Chapter two proceeds in much the same way, dealing with the filesystem, and a great deal of trivia related to the associated windows.  The search function, referred to as Spotlight, is very, very detailed in chapter three.  The Dock and Desktop, further aspects of the operating interface, are described in chapter four.  The review of the functions is sometimes annoying in terms of the jargon used: does “go straight to the corresponding window” mean that the window becomes active, or comes to the foreground?  Does it open a window if it doesn’t exist?  Does it relate to programs, or just folders?  You need to work through the material with the book in one hand, and the Mac under the other.  (This process is not aided by inconsistencies in the operation of the Mac itself.  As I was working through this content I tried to create a new document from within the TextEdit program, and found that I did not have any options to create a file in any of the new folders I had established previously.  Later in the chapter there was mention of dragging folders to the Dock, and so I tried that to see whether it would allow me to use that folder.  Lo and behold, now I could create files in any of the new folders I had made, not just the one I dragged to the Dock.  Handy for my purposes, but not very informative in terms of why it worked that way.)

Part two deals with applications and utilities that ship with the Mac.  Chapter five outlines programs in general, along with documents (in terms of association with specific programs) and spaces (virtual, multiple, or external screens).  (More inconsistency: hiding the Finder behaves differently from hiding other applications.  And hiding used with Expose can give you some very … interesting effects.  The book warns you about neither.)  There is also an overview of the Dashboard and “widgets.”  Various aspects of data (entering, checking and moving it) are addressed in chapter six.  At this point in the book, items and tips start to repeat in the content, which possibly addresses the shortcomings in organization and the index.  Scripting (AppleScript) and mechanization (Automator) of common operations are dealt with in chapter seven, along with a set of somewhat related functions known as services.  As could be expected with an activity of the complexity of programming, the description of the associated applications is unclear, but there are some examples that take the reader in lock step through the process, and this exploration should provide a better understanding.  Chapter eight discusses the installation of the Microsoft Windows operating system on a Mac.  The review of Boot Camp (multi-boot installation) is detailed, but the outline of the virtualization options is limited to a mention of functions.

Part three is entitled “The Components of Mac OS X,” which sounds odd in view of the pieces that have already been covered.  Chapter nine addresses System Preferences, which are fundamental and significant settings and operations.  The programs generally provided along with a new Mac are described (in varying levels of detail) in chapter ten.  Removable storage, such as CDs and DVDs, are outlined in chapter eleven, which also notes the iTunes system.

Part four is entitled the technologies of Mac OS X (which sounds a bit odd given that the whole book would be about said technologies).  Chapter twelve deals with account aspects and functions.  Given the importance of access control, it is a bit disappointing to see security factors dispersed throughout, and not presented clearly.  Networks and sharing are discussed in chapter thirteen, with an odd gap in terms of sharing a wired Internet connection.  Printing, in fourteen, misses out on the sharing of printers in a mixed environment.  Chapter fifteen lists some aspects of multimedia, but is strangely reticent about video capture.  Some commands from the default UNIX bash shell are described in chapter sixteen.  Chapter seventeen notes a few customizations, mostly dealt with via outside programs.

Part five stresses the Mac OS online.  Chapter eighteen examines the setup of an Internet connection (and the discussion of sharing it is still limited and confusing).  Setup and operation of the Mail program is covered in chapter nineteen.   The Safari Web browser is dealt with in chapter twenty, and, as usual, there are a number of little tricks which would probably take you years to find out (by accident) on the “intuitive” Mac.  Chapter twenty-one explains iChat, the networks you need to make it run, and an enormous number of tweaks for such a simple function.  Some Internet server programs are listed in chapter twenty-two.  They are given the level of detail that any average computer user would need–except that the average computer user would have no idea of the network connections needed to set up a server on the Internet.

Part six is a set of appendices.  The dialogues for basic installation are listed in the first, but I was sorry not to see anything about installation on non-Apple hardware.  Appendix B has handy tips and suggestions for troubleshooting the most common types of problems.  One of the appendices is a Windows-to-Mac dictionary, which can be
quite handy for those who are used to Microsoft systems.  It could use work in many areas: the entry for “Copy, Cut, Paste” says they work “exactly” as they do in Windows, but does not give the key equivalent of “Command” (the “clover” symbol) -C rather than Ctrl-C.  You also need to know that what the book, and most Apple keyboards, describes as the “option” key is portrayed, in Mac menus, with a kind of bashed “T.”  Appendix D has URLs for a number of resources.  A set of keyboard shortcuts is given in the last.  This can be handy, but I found, in trying to rediscover keystroke combinations that I vaguely recalled from somewhere in the book, that I could not find many of them in the appendix.

There is a style issue in the written material of the book: the constant assertions that the Mac is better than everything, for anything.  The first sentence of chapter one says “When you first turn on a Mac running OS X 10.6, an Apple logo greets you, soon followed by an animated, rotating `Please wait’ gear cursor–and then you’re in.  No progress bar, no red tape.”  Well, if the gear cursor isn’t an analogue of a progress bar, I don’t know what it’s supposed to be.  (While we’re at it, I’m not sure what the difference is between the “gear cursor” and the “spinning beachball of death/SBOD.”)  Also, this statement is false: when you first turn on a Snow Leopard Mac, you have to go through some red tape and questions.  This is only one example of many.  This style may have some validity.  After all, anyone who does not use a Mac comes across the same attitude in any Mac fanatic, and, even without the system chauvinism, a positive approach to teaching about the computer system is likely helpful to the novice user.  However, the style should not get in the way of factual information.

For those using the Mac, this book is enormously helpful, and contains a wealth of information.  It’s not limited to the novice, or even the intermediate user: I found items in the work that none of my Mac support contacts knew.  With some minor quibbles I can definitely say that it is a worthwhile purchase.

copyright, Robert M. Slade   2011     BKMXSLMM.RVW   20110202

I seem to have avoided the problems with Lion, by virtue of not having gotten around to buying it for a while.  Procrastination has its uses.

The battery problems (not those that Charlie Miller found, which seem to have been rather overblown by the media) appear to be getting worse: the battery is still taking forever to charge, and the charge doesn’t last as long. The power management “decisions,” on the part of the computer, are inconsistent.  Often, even when the computer is actually plugged into the mains, the mouse will be shut down, presumably to save power.  On the other hand, sometimes when the computer goes (or is put) to sleep, the USB power is obviously still running, and the mouse sitting there glowing like a nightlight.

Something is not right between Apple and Twitter.  Looking at Twitter via the Web interface (using Safari) is fine–as long as you are only looking at a few screenfuls of postings.  if you go back several hours, and are dealing with a Web page with hundreds of postings, the Mac becomes almost unusable.  The same size of page viewed with an old netbook running XP and Firefox is slow, but definitely works.

First off, I probably have to modify the perception that I may have left, in this series of postings, that I hate the Mac and everything it stands for.  Not true.  While I find the “Apple knows best” attitude frustrating at times (all right, many times), the MacBook Pro that I purchased is a nice machine in many ways.  For one thing, it’s the most powerful machine I’ve got at the moment.  (Until I get the time to install the new desktop, anyway.)  For another, it hibernates (or suspends, or sleeps, or whatever you want to call it) really well.  I appreciate that ability to simply close the lid, and open it up, and all my stuff is still ready to go, within seconds.  (This has been a particular frustration with the Asus netbook, which sometimes hibernates, and sometimes decides to think about it.  Forever.  Or, until I take the battery out, whichever comes first.)  I like the ongoing and very accurate battery indicator (although I’ll have more to say about that in another post).

It was the battery indicator that first alerted me to the issues with Flash.  As one of my Mac resource helpers noted when I found this out, Flash may, single-handedly, be responsible for global warming.  It is rather odd to pull up a YouTube video, or any other page with a high Flash content (news sites are particularly vile in this regard) and watch the battery life almost instantly cut in half (or drop even further).  To get your battery life (well, most of it, anyway) back again, all you have to do is drop the offending Flash page.

The thing is, I’ve never noticed this before on my other laptops.  Certainly Flash, on Windows, doesn’t have anything like that same effect on the battery life.  Yes, it’s more of a drain, and, yes, you’ll probably have to keep an eye on heating issues.  But the battery life isn’t half of what it was simply because of viewing videos.

Apple doesn’t like Flash.  The converse may also be true.  Because, despite the Mac’s much-vaunted prowess in multimedia areas, online video definitely seems to be a problem for it.

At home, we’ve recently been watching some TV programs via the Internet.  (We’ve done this because, at home, I get Internet service from Shaw, which provides our cable TV, as well.  And, they seem to be just as unreliable at providing the uninterrupted TV feed as they do at providing Internet service or help.  So we’ve had to fall back on the Internet to catch up on shows we’ve missed while the cable was out.)  Because of this, I’ve had a chance to do some comparison between a seven-year old Windows (XP) desktop machine, and a brand new MacBook Pro.  The old Windows machine wins, hands down.  We’ve watched streaming feeds of shows from the company Websites of CBC, GlobalTV, and Bravo, all at the standard presented resolution, and in the full-screen display.  All of these sites use Flash.  And the old (seven years old, remember) Windows machine, using Firefox, has won every round against the Mac, using Safari.  The streaming is just as good (which is odd, considering the sheer age of the Windows box), but the Mac tends to lock up (or go random places) any time we use the controls to rewind, or pick up a missed segment.

To repeat what I started out with, the Mac is great in many areas.  Viewing Twitter, even with the new (and heavily script-laden) interface, the Mac is very much faster, and Safari opens new windows and loads them quickly.  Which I why I found the online video weakness to be so odd …

The review of the Mac functions in my little book is sometimes annoying in terms of the jargon used: does “go straight to the corresponding window” mean that the window becomes active, or comes to the foreground? Does it open a window if it doesn’t exist? Does it relate to programs, or just folders? You need to work through the material with the book in one hand, and the Mac under the other. (This process is not aided by inconsistencies in the operation of the Mac itself. As I was working through this content I tried to create a new document from within the TextEdit program, and found that I did not have any options to create a file in any of the new folders I had established previously. Later in the chapter there was mention of dragging folders to the Dock, and so I tried that to see whether it would allow me to use that folder. Lo and behold, now I could create files in any of the new folders I had made, not just the one I dragged to the Dock. Handy for my purposes, but not very informative in terms of why it worked that way.)

(More inconsistency: hiding the Finder behaves differently from other applications. And hiding used with Expose can give you some very … interesting effects. So far I have not had the nerve to play with hiding, Expose, and Spaces all at the same time.)

One of the constant claims made by Mac devotees is that the Mac is better at media. Well, over the past couple of weeks we’ve had occasion to try and watch a couple of TV shows over the Internet. (Once we just forgot: once the cable went out in the middle of the show.) Since the current desktop is seven years old, I figured that the Mac should be given a chance to prove its worth and strut its stuff. We watched one show on the desktop, and one on the Mac.

Mac: total FAIL. Choked, gasped, stopped for no apparent reason (no, it wasn’t the net feed dying: it skipped a bunch of the show, and went to the next series of ads), would not respond to commands, and overall a general lack of “good viewing experience.” The old desktop was grinding away with the fan running full out most of the time, but at least it played the show all the way through.

I’m working through a book to learn about my new Mac.  (You’ll see the review eventually, and probably recongize some of this text when you do.)  It provides the information necessary to begin to operate the computer, but it also gives the lie to the statement that the Mac is easy to use.  There are a huge number of options for different functions, so many that it is impossible to remember them all.  The material is generally organized by topic, but there are notes, tips, and mentions buried in the text, and it is almost impossible to find these again, when you go back to look for them.  (The “delete” key definitely needs to be listed in either the index or the key shortcuts appendix.)

One of the appendices is a Windows-to-Mac dictionary, which can be quite handy for those who are used to Microsoft systems.  It could use work in many areas: the entry for “Copy, Cut, Paste” says they work “exactly” as they do in Windows, but does not give the key equivalent of “Command” (the “clover” symbol) -C rather than Ctrl-C.  (It was also only in working through some practice that I discovered that what the book describes as the “option” key is portrayed, in Mac menus, with a kind of bashed “T.”  Yes, I suppose that, once you know this, it does look kind of like a railroad switchpoint, but it’s hardly intuitively obvious.)

There is a style issue in the written material of the book: the constant assertions that the Mac is better than everything, for anything.  The first sentence of chapter one says “When you first turn on a Mac running OS X 10.6, an Apple logo greets you, soon followed by an animated, rotating `Please wait’ gear cursor–and then you’re in.  No progress bar, no red tape.”  Well, if the gear cursor isn’t an analogue of a progress bar, I don’t know what it’s supposed to be.  Also, this statement is false: when you first turn on a Snow Leopard Mac, you have to go through some red tape and questions.  This is only one example of many.  This style may have some validity.  After all, anyone who does not use a Mac comes across the same attitude in any Mac fanatic, and, even without the system chauvinism, a positive approach to teaching about the computer system is likely helpful to the novice user.  However, the style should not get in the way of factual information.

I’m used to UNIX, and I’m already into Terminal, but it’s annoying to have that be the only way to access some of the material, given the repeated assertion that the Mac is so easy to use.  Another little quirk today: yes, you can access Windows servers, but you can’t save anything to them.  (I did find a way around that: create the file in Windows, open it on the Mac, copy information into it, and then save.  Easy, right?)

Well, I don’t know if this is a continuation in the “new computers” series, or just rehashing an old problem.

I’ve noted before the problem of the complexity of trying to establish an ad-hoc network under Windows.  And, I’m trying various things with the new Mac.  So, in a situation, right now, where I have one network cable, and two computers downstairs, I decided to see what an ad hoc network was like with a Mac.

I remembered to do the bridging thing on Windows, and I’ve set up an ad hoc network with a pre-shared key.  (At least, I think I have.  That seemed to be the way it worked, and the Mac connected with a password, but, on the Windows machine, when I go back and look at it, it says it’s open.)  The Mac wouldn’t show the network when I looked at the list, but, when I gave it the name and password it seemed to connect just fine.

I got a Web site correctly on the Mac.  Then I went to connect to the Windows machines as servers, and that worked out fine.  Then I went to do some work on the Web, and … nothing.  The Mac wasn’t able to get onto the Internet.  I was still connected to the Windows servers, but couldn’t get a Web page.

And, then, suddenly, I could, again.  And then I couldn’t.  (At the moment, I can’t.)  (Sorry, started working again just before I finished this entry.)
I’ll have to give it a shot with the Mac connected to the cable, and see if I can set up an ad hoc wireless connection that the Windows netbook can use, but, at the moment, Mac networking is not working any better than Windows in the ad hoc environment.

Roll on PopulistNet.

One of my Mac fanatic contacts, when I mentioned that I needed to connect to my old Windows machines, said that it was easy, you just had to open “Networks,” and there they all are!  Well, no, not quite.  Not by a long shot, in fact.  I knew there was something called “Finder,” which was basically the interface to the filesystem on the Mac OS.  I even figured where to find it, going to the icon on the extreme left end of the top of the screen, and figuring that choosing the “Finder” under that option would change the top menu items from the browser that was active at the time.

So, I found Finder, and I even found the Network part of it.  And I asked it to search for servers.  It didn’t find any.  So I asked it to find a specific server.  It didn’t find that, either, but the fact that the name I had specified popped up with “afp:” at the beginning gave me an indication that I had to specify a protocol for Windows machines.  I went searching in the help files, and, eventually, found it.  Not too hard to figure out that it was “smb:”  at least, not too hard once you know it.  I then was able to figure out, on my own, that specifying the machine name with a leading “//” was wrong, because the Mac helpfully and intelligently adds “//” to whatever you type, but is too stupid to figure out that “////” is wrong.

My father-in-law is a dedicated Apple fanatic (as are a number of my friends).  Since I had an MS-DOS machine when we first met, he tagged me as an IBM person.  (It was vain to point out that, although I had once installed a Baby 36 for a charity, I did not, in fact, have a System 360 installed in the non-existent basement of my apartment.)  He eventually figured out that Microsoft made the operating system, but, even though I have worked on (among others) a predecessor to AOS(VS), Apple DOS, UNIX, TOPS-10, VMS, JCL, and CP/M, and make no secret of my frustrations with Windows, he still considers me to be one of “the enemy.”

Well, I’ve always wanted to have a crack at Macs.  I got the first one installed in one company I worked for, over twenty years ago, used it for a while, and, despite the frustrations, was still interested in getting one of my own.  So, this year, while I had the need to update at least two machines, and since the price had come down from “completely-out-of-the-question” to merely “obscene,” I decided to get one.

The experience has been interesting.  I shall, no doubt, have more to say about aspects of operation in the future, but it has been an education to get a new Mac (a MacBook Pro laptop) and take it out of the box.

To give credit where credit is due, I’ve got to say that I’ve been impressed with the performance of the Mac and the Safari browser on the Web, which is what I’ve done with it so far.  The overall design is nice, of course.  I like the battery life (so far), and the “sleep” mode performance.  The machine recognized a generic mouse I plugged into it, and happily connected to the Internet when through a wired LAN.  The minimal (well, OK, slightly more than minimal) experience I’ve had with Mac OS X was quite sufficient to get me started on the machine, and I’ve even managed to puzzle out some things with the help of the “Help” system (but more on that later).

The big thing with Mac advertising, and Mac devotees, is that the Mac is easy to use “right out of the box.”  And, yes, that is partially, and possibly even mostly, true.  But not completely.

The reason that I needed to plug in a mouse was that I could not figure out how to “choose” or activate something with the trackpad.  I could move the pointer around, no problem, but then there were no buttons to push.  Tapping didn’t work.  I remembered seeing people tapping hard on the trackpad on Mac laptops, so I tried that.  Sometimes it worked, and sometimes it didn’t.

Experienced Mac laptop users will be smirking, of course, knowing what I eventually found out.  You don’t tap the trackpad, or even tap it hard.  You press, deliberately, and you can actually feel a detent “click” when you’ve pressed hard enough.  (And, of course, whatever you wanted to activate gets activated.)  This is sort of implied in the documentation (when I found it), but even there isn’t really made clear.  And it certainly isn’t “intuitively obvious.”

Ah, yes, the documentation.  Once you’ve figured out how to open up the box the laptop comes in, you take the laptop out of the clear cellophane “envelope,” and open it up.  Since it is shipped with the battery charged, as soon as you take the protective foam sheet off the keyboard, and figure out the power button (not *too* hard, if you’ve got good eyes: white on silver is pretty, but not exactly clear) things start happening.  Once you’ve gotten over the excitement, you may notice that there are power cords in a bay at the back of the box.  You are less likely to notice that there is a black cardboard envelope nestled into the black packing material at the front of the box.  Pulling on a tab in just the right way starts to loosen this, although you still seem to have to find a finger hole in the envelope in order to get it out, and then figure out how to open it.  Once you do, you will find a brief booklet which does tell you which of the two power cords is actually a power cord, and which is a mere (and very short) extension cord.  It also tells you a few other things that would have been handy, had I not already figured them out by trial and (mostly) error.  (There is also a CD or DVD which I haven’t yet had the time to try out.)

OK, some of the design is great.  (Not insanely, but great.)  Not all of it.

I’ve spent a lot of time thinking about what to do with this one, and when I say a lot of time, I really mean just over 3 months now. I also informed Apple that I would be writing this article, and asked for an official quote from them, and also a rough date as to when the relevant patches would be disclosed.
I found this one by fuzzing Safari 5.0 on the night that it first came out, I was using Browser Fuzzer 2 (bf2)and then spent a while playing with it to see if I could turn this into more than just a Denial Of Service (DoS), unfortunately I wasn’t able to. This is not to say that it’s not possible to do so, I’m just not too sure on how to do it, it may very well be more than just a DoS with a few tweaks to the code.

I initially tried selling this one to ZDi, but their response to me was fair and to the point:

“Dear xyberpix

We have reviewed your recent case and discovered it was a duplicate of an issue we received in January of this year. We have also determined that this issue is likely non-exploitable. Due to this we are going to pass on the opportunity to pursue acquisition of this vulnerability information through the ZDI program.

Thank you for the submission and we look forward to your future work.

Regards,
The ZDI Team”

So, January 2010 and to date, this still has not been fixed by Apple! People give Microsoft and Adobe a hard time about their time to release patches, but seriously 8 months is really pushing it!

So I figured I’ll see what Apple has to say about this one, and sent it along to their product security team, asking if they were willing to reward vulnerability researchers for their time. I wasn’t asking for anything major at all, maybe the cheap iPad or even just a copy of Logic Studio 9 for my trouble. That’s really not too much to ask really is it? I didn’t have any high hopes though, and well here was their response:

“Hello Xyberpix,

When we address an issue in a Security Update, we give credit to the person who reported the issue to us.  However, Apple does not directly provide financial reward.”

Okay, fair enough, I didn’t go looking for bugs for financial gain, but it would have been a nice token nonetheless. I guess the fact that I’ve been a loyal Apple fan boy for close on 8 years now means nothing to them at all. I guess this is why I’m a firm believer in the No More Free Bugs movement, in the same sense though I can’t sit around idly and wait for what’s been over 3 months since I found this issue, and Apple has not released a patch yet!

Apple also came back to me stating that they had addressed this vulnerability in iOS 3.2 and iOS 4.0, well, erm, dunoo how to tell you guys this but, nope you didn’t. So being the nice guy that I am I sent them the relevant crash logs as requested. Their response was the following:

“Hello xyberpix,

Thank you for forwarding this issue to us.  We take any report of a potential security issue very seriously.

After reviewing the issue, it appears that this denial of service issue results in the unexpected termination of MobileSafari, but not of the host operating system or a system service.  For our internal tracking purposes, this will be classified as a “Crash / Hang” issue. Although we do not see additional security concerns, we do consider this to be an important issue, and are working with the engineering team to address it.

If you have reason to believe that the issue has ramifications beyond terminating Safari (such as terminating the operation of the host operating system or system service, or executing arbitrary code), we would appreciate the steps to reproduce this, or crash logs from when you observed it.”

I then replied asking about this issue on platforms other than iOS, namely Windows and OSX, to which I recieved the following response:

“Hello xyberpix,

The crash is still a security issue on platforms on which it has not been addressed.  So far, it has only been addressed on iOS.

For the protection of our customers, we ask that you do not disclose details of this vulnerability until it has been addressed on all platforms.

When we release an update to address this issue on other platforms, you will be credited for the vulnerability.”

Okay, so let me get this straight, this is not a security issue on iOS, it’s a crash/hang issue, which they have apparently addressed in iOS 4, and I had to bug Apple about the Windows and OS X Safari issues, even after I informed them that it was possible to crash Safari on all platforms, not just iOS? Something’s not quite right here…

When I asked for a rough timescale on when a patch for this is going to be released, I was given the following response:

“The following information should be considered confidential.  We are sharing this information as a status update on an issue you reported.  Please do not share this information with others.

This issue has already been assigned CVE-20xx-xxxx, when it was fixed on iOS.

The issue is currently planned for our next available software update.  I don’t have a date for you yet, but we will coordinate with you closer to the release of the udpate.
“

I completely understand confidentiality, but I also believe that security researchers should get more than just credit for discovering a vulnerability that Apple’s testers should have found in the first place.

Oh wait, it seems they did find it, but they just claimed to have fixed it, instead of actually fixing it, did I get that right?

My last attempt at contacting Apple was on the 2nd August 2010 to ask if they could please give me an official statement on this issue that I could include in this post, and if there was still no chance at all of getting some sort of reward for this finding. Their response was this:

“Hello xyberpix,

We do appreciate the time you took to find and report the issue to us.

As mentioned, it is not our policy to provide financial compensation for issues.”

I really don’t want this post to be taken the wrong way, yes I was looking for compensation for the vulnerability, but not thousands of dollars, just a little something to make the time spent on this one worthwhile. I also wanted to have an official statement from Apple on this one as to when they are likely to release a patch, neither of which they were willing to do. Personally I don’t feel that either of these things were too much to ask at all from a company that is growing in leaps and bounds each year.

If any Apple employee’s would like to discuss this one further with me, the case number for this issue is 111476071, and you have all my contact details.

As a matter of courtesy and security I will not be publishing the code for this DoS, as I do not believe that would be responsible, once a patch that works has been released by Apple, I will upload the code. I have also removed the CVE number and also the specific function that causes the crash.
I’m really looking forward to all your comments on this one people, as I’d love to hear your views.

Yesterday Apple released a security update that patches the Jailbreakme vulnerabilities to stop people Jailbreaking their Apple devices.

Okay, so maybe I’m looking at this the wrong way around, but it seems that when a vulnerability gets a lot of media attention, Apple work the backsides off to get this one patched. I understand that we are talking serious vulnerabilities here, but still. I’ve personally been in contact with Apple for a couple of months now in regards to a DoS vulnerability that I discovered, and still have no time line on when a patch for this will be released, so maybe all that’s needed is to turn this into some media hype, hmmm.

So the vulnerabilities that this patches are the following:

• FreeTypeCVE-ID: CVE-2010-1797

  Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later

  Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution

  Description: A stack buffer overflow exists in FreeType’s handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.

• IOSurfaceCVE-ID: CVE-2010-2973

  Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later

  Impact: Malicious code running as the user may gain system privileges

  Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.

So it seems that Safari uses the details from your Address Book to AutoFill forms on web sites, this is enabled by default. In theory this is a great idea, until someone writes some malicious JavaScript to get these details passed to a hidden form without your knowledge. Looking through all the possible available fields in the Apple Address Book app, it really gets quite troubling. Name, Address, Job Title, Department, Anniversary. This could all be used nicely for a really fun Social Engineering exercise, or really help with an identity theft scam.

There is a PoC of this hosted here.

Personally I’d suggest disabling AutoFill in Safari’s preferences, better safe than sorry.

So I’ve been sitting on an Apple vulnerability for over a month now, and I’m really starting to realise that maybe just sending the details to the Full-Disclosure mailing list and Exploit-DB.com is the right way to go about disclosing vulnerabilities and exploits.

I initially contacted ZDI to see if they would be at all interested in buying the exploit off of me, as I spent a lot of time researching and finding this one, and I’d like to get something for my efforts. I am a firm believer in the No More Free Bugs movement, I understand and appreciate what ZDI are doing, but the fact that it took them just under a month to get back to me, is really not good enough to be very honest. If they don’t have the researchers, then advertise worldwide, instead of just US only. I know I for one, would be happy validating bugs all day, and this is the the type of work that can be remotely.
Yesterday I also submitted the same information to iDefense Labs Vulnerability Contributor Program (VCP), who claim to get back to me within 48 hours, so we’ll see how that goes. I will update this post as and I when I know more.

I also took the off chance of mailing Apple directly, and asking if they offer any rewards for vulnerabilities that have been found, and if so what they would be. I don’t have high hopes on Apple offering anything, but to be honest, I would prefer to  disclose this one directly to Apple. They however  have paid staff to do this work on a full time basis on all their products, so why aren’t they doing it properly, and I feel that anyone else finding bugs for them, should be compensated appropriately. However, I e-mailed them yesterday and recieved an automated response, so we see how long it takes them to respond to me as well.

This may end up being a rather long post, but let’s see. I’m also expecting to see quite a few interesting comments on this post as well, so come on people.

UPDATE 30/06/2010:

Received a response from iDefense last night,and a request for more info. So just over 24 hour response time, which is brilliant, I’m really impressed so far.

Recieved a response from Apple, and if I would like any reward (aside from credit for the find), then I was informed that I should go through ZDI or iDefense.

Now that Apple has released IOS 4 there are a couple of funky security features that you can make use of, namely Data Protection and strong passcodes.

“Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages and attachments. Third-party applications can use the data protection APIs in iOS 4 to further protect application data.”

For more information on how to enable this feature, please see the Apple article HT4175.

Stong passcodes means that you can finally do away with the standard 4 digit PIN to lock your iPhone and you can now set up complex passwords instead. To enable this, go into Settings->General->Passcode Lock and then turn off Simple Passcode.

Yesterday Apple released a new security update for Snow Leopard (10.6), this new update plugs a total of 28 security vulnerabilities.

As always people, please apply this update as soon as possible, and if deploying to production environments, please test this update thoroughly before deploying.

From my side, this installed flawlessly on 3 Macs with no issues.

I have to say that considering Apple has received a bit of a beating in the past about releasing security updates in a timely manner, if you look into the vulnerabilities identified and mitigated below, a lot of these have been found internally by Apple, so well done guys, keep up the great work!
The vulnerabilities along with their relevant CVE numbers are the following:

• CUPSCVE-ID: CVE-2010-0540Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changedDescription: A cross-site request forgery issue exists in the CUPS web interface. Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changed. This issue is addressed by requiring web form submissions to include a randomized session token. Credit to Adrian ‘pagvac’ Pastor of GNUCITIZEN, and Tim Starling for reporting this issue.

• CUPSCVE-ID: CVE-2010-0302Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A remote attacker may cause an unexpected application termination of cupsdDescription: A use after free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking. Credit to Tim Waugh for reporting this issue.

• CUPSCVE-ID: CVE-2010-1748Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd processDescription: An uninitialized memory read issue exists in the CUPS web interface’s handling of form variables. An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd process. By default, only local users may access the web interface. Remote users may access it as well when Printer Sharing is enabled. This issue is addressed through improved handling of form variables. Credit to Luca Carettoni for reporting this issue.

• DesktopServicesCVE-ID: CVE-2010-0545Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A Finder operation may result in files or folders with unexpected permissionsDescription: When “Apply to enclosed items…” is selected in the “Get Info” window in the Finder, the ownership of the enclosed items is not changed. This may cause the enclosed files and folders to have unexpected permissions. This issue is addressed by applying the correct ownership. Credit to Michi Ruepp of pianobakery.com for reporting this issue.

• Flash Player plug-inCVE-ID: CVE-2010-0186, CVE-2010-0187Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Multiple vulnerabilities in Adobe Flash Player plug-inDescription: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2 Further information is available via the Adobe web site at http://www.adobe.com/support/security/

• Folder ManagerCVE-ID: CVE-2010-0546Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Unmounting a maliciously crafted disk image or remote share may lead to data lossDescription: A symlink following issue exists in Folder Manager. A folder named “Cleanup At Startup” is removed upon unmount. A maliciously crafted volume may use a symlink to cause the deletion of an arbitrary folder with the permissions of the current user. This issue is addressed through improved handling of symlinks. Credit: Apple.

• Help ViewerCVE-ID: CVE-2010-1373Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domainDescription: A cross-site scripting issue exists in Help Viewer’s handling of help: URLs. Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain. This may lead to information disclosure or arbitrary code execution. This issue is addressed through improved escaping of URL parameters in HTML content. This issue does not affect systems prior to Mac OS X v10.6. Credit to Clint Ruoho of Laconic Security for reporting this issue.

• iChatCVE-ID: CVE-2010-1374Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChatDescription: A directory traversal issue exists in iChat’s handling of inline image transfers. A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChat. This issue is addressed through improved handling of file paths. Credit: Apple.

• ImageIOCVE-ID: CVE-2010-1411Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.

• ImageIOCVE-ID: CVE-2010-0543Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption exists in the handling of MPEG2 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG2 encoded movie files. For Mac OS X v10.6 systems this issue is addressed in Mac OS X v10.6.2. Credit: Apple.

• KerberosCVE-ID: CVE-2009-4212Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: An unauthenticated remote user may cause an unexpected termination of the KDC process, or arbitrary code executionDescription: An integer overflow exists in AES and RC4 decryption operations of the crypto library in the KDC server. Sending a maliciously crafted encrypted message to the KDC server may lead to an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to the MIT Kerberos Team for reporting this issue.

• KerberosCVE-ID: CVE-2010-1320Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A remote user may cause an unexpected termination of the KDC process, or arbitrary code executionDescription: A double free issue exists in the renewal or validation of existing tickets in the KDC process. A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved ticket handling. This issue does not affect systems prior to Mac OS X v10.6. Credit to Joel Johnson for reporting this issue to Debian, and Brian Almeida working with the MIT Kerberos Security Team.

• KerberosCVE-ID: CVE-2010-0283Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: An unauthenticated remote user may cause an unexpected termination of the KDC processDescription: A logic issue in the handling of KDC requests may cause an assertion to be triggered. Sending a maliciously crafted message to the KDC server, a remote attacker may be able to interrupt the Kerberos service by triggering an assertion. This issue is addressed through improved validation of KDC requests. This issue does not affect systems prior to Mac OS X v10.6. Credit to Emmanuel Bouillon of NATO C3 Agency working the MIT Kerberos Security Team for reporting this issue.

• libcurlCVE-ID: CVE-2010-0734Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Using libcurl to download files from a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A buffer overflow exists in libcurl’s handling of gzip-compressed web content. When processing compressed content, libcurl may return an unexpectedly large amount of data to the calling application. This may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by ensuring that the size of data blocks returned to the calling application by libcurl adheres to documented limits.

• Network AuthorizationCVE-ID: CVE-2010-1375Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8Impact: A local user may obtain system privilegesDescription: NetAuthSysAgent does not require authorization for certain operations. This may allow a local user to obtain system privileges. This issue is addressed by requiring authorization for additional operations. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.

• Network AuthorizationCVE-ID: CVE-2010-1376Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A format string issue exists in the handling of afp:, cifs:, and smb: URLs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of afp:, cifs:, and smb: URLs. This issue does not affect systems prior to Mac OS X v10.6. Credit to Ilja van Sprundel of IOActive, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

• Open DirectoryCVE-ID: CVE-2010-1377Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A man-in-the-middle attacker may be able to impersonate a network account serverDescription: When binding to a network account server via System Preferences, Open Directory will automatically negotiate an unprotected connection to the server if it is not possible to connect to the server with Secure Sockets Layer (SSL). A man-in-the-middle attacker may be able to impersonate the network account server, which may lead to arbitrary code execution with system privileges. This issue is addressed by providing an option to require a secure connection. This issue does not affect systems prior to Mac OS X v10.6.

• Printer SetupCVE-ID: CVE-2010-1379Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Network devices may disable printing in certain applicationsDescription: A character encoding issue exists in Printer Setup’s handling of nearby printers. If a device on the local network advertises a printing service with a Unicode character in its service name, printing may fail in certain applications. The issue is addressed through improved handling of shared printers. This issue does not affect systems prior to Mac OS X v10.6. Credit to Filipp Lepalaan of mcare Oy for reporting this issue.

• PrintingCVE-ID: CVE-2010-1380Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A user with access to the printer may cause an unexpected application termination or arbitrary code executionDescription: An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. A local or remote user with access to the printer may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to regenrecht working with iDefense for reporting this issue.

• RubyCVE-ID: CVE-2010-0541Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A remote attacker may gain access to accounts served by Ruby WEBrickDescription: A cross-site scripting issue exists in the Ruby WEBrick HTTP server’s handling of error pages. Accessing a maliciously crafted URL in certain web browsers may cause the error page to be treated as UTF-7, allowing JavaScript injection. The issue is addressed by setting UTF-8 as the default character set in HTTP error responses. Credit: Apple.

• SMB File ServerCVE-ID: CVE-2010-1381Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: A remote user may obtain unauthorized access to arbitrary filesDescription: A configuration issue exists in Apple’s distribution of Samba, the server used for SMB file sharing. Using symbolic links, a remote user with access to an SMB share may obtain unauthorized access to arbitrary files. This issue is addressed by disabling support for wide links in the Samba configuration file.

• SquirrelMailCVE-ID: CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-2964Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Multiple vulnerabilities in SquirrelMailDescription: SquirrelMail is updated to version 1.4.20 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/

• Wiki ServerCVE-ID: CVE-2010-1382Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3Impact: Viewing maliciously crafted Wiki content may result in a cross-site scripting attackDescription: The Wiki Server does not specify an explicit character set when serving HTML documents in response to user requests. An attacker with the ability to post or comment on Wiki Server hosted content may include scripts encoded in an alternate character set. This may lead to a cross-site scripting attack against users of the Wiki Server. The issue is addressed by specifying a character set for the document in HTTP responses.

I know that this topic has been discussed before, but I am writing this one as a reminder to all the CISO’s out there that allow people to connect their phones to your corporate PC’s.

I do agree that in their default configuration iPhones aren’t exactly the most dangerous of devices to have on your network, however if you take the step to Jailbreak your iPhone, it opens up a whole new playing field.

After Jailbreaking my phone, the first things that I installed were nmap, metasploit, tcpdump and an application to enable my phone as a USB drive. This allowed me to gain access to a corporate network via wireless on my phone, and exploit a windows host in about 10 minutes, all from sitting in the lobby.

Also with a bit of scripting/or paid for applications, I was able to plug my iPhone into a PC and copy everything that was stored in the My Documents folder for that user. Some of this was company confidential data, some of it was personal photos and banking details.
Don’t get me wrong, I love my iPhone, but I believe that corporations should really take smart phones as a serious security risk, and not just write them off as phones. The age of a cell phone being just a cell phone is long gone now, and phones are easy to get into places and no-one bats an eye lid if you spend 10 minutes typing on your phone.

Next time you see someone sitting in a lobby working on their phone, remember this article, and ask yourself, what defenses do you have in place to protect against this threat?