Apple Now “Owns” the Page Turn

A blog posting at the New York Times:

“Yes, that’s right. Apple now owns the page turn. You know, as when you
turn a page with your hand. An “interface” that has been around for
hundreds of years in physical form. I swear I’ve seen similar
animation in Disney or Warner Brothers cartoons.  (This is where
readers are probably checking the URL of this article to make sure
it’s The New York Times and not The Onion.)”

Yet more proof that the US patent system, and possibly the whole concept of intellectual property law, is well and truly insane.

What’s even funnier is that, when I read the New York Times blog page that carries this story, I noticed that NYT may be in grave danger of having their pants sued off by Apple (which is, after all, a much larger and more litigious corporation).  At least two of the animated graphical ads on the page feature a little character that rolls down a corner of the ad, inviting you to “Click to see more.”  If you click or even mouseover the ad, then the little figure “turns a page” to let you see the rest of the ad.

(This interface appears to be a standard for either the NYT or Google Ads, since refreshing the page a few times gave me the same display for two different auto manufacturers and, somewhat ironically, for Microsoft.)

(In discussing this with Gloria, she mentioned an online magazine based in Australia which uses a graphical page turning interface for the electronic version of the magazine.  Prior art?  Or are they in danger of getting sued by Apple as well?)

Share

Apple and “identity pollution”

Apple has obtained a patent for “identity pollution,” according to the Atlantic.

I am of not just two, but a great many minds about this.  (OK, admit it: you always knew I was schizophrenic.)

First off, I wonder how in the world they got a patent for this.  OK, maybe there isn’t much in the way of prior art, but the idea can’t possibly be called “non-obvious.”  Even before the rise of “social networking” I was prompting friends to use my “loyalty” shopping cards, even the ones that just gave discounts and didn’t get you points.  I have no idea what those stores think I buy, and I don’t much care, but I do know that they have very little about my actual shopping patterns.

In our advice to the general population in regard to Internet and online safety in general, we have frequently suggested a) don’t say too much about yourself, and b) lie.  Isn’t this (the lying part) exactly what Apple is doing?

In similar fashion, I have created numerous socmed accounts which I never intended to use.  A number of them are simply unpopulated, but some contain false information.  I haven’t yet gone to the point of automating the process, but many others have.  So, yet another example of the US patent office being asleep (Rip-Van-Winkle-level asleep) at the technological switch.

Then there is the utility of the process.  Yes, OK, we can see that this might (we’ll come back to the “might”) help protect your confidentiality.  How can people find the “you” in all the garbage?  But what is true for advertisers, spammers, phishers, and APTers is also true for your friends.  How will the people who you actually *want* to find you, find the true you among all the false positives?

(Here is yet another example of the thre “legs” of the security triad fighting with each other.  We have endless examples of confidentiality and availability working against each other: now we have confidentiality and integrity at war.  How do you feel, in general, about Apple recommending that we creating even more garbage on the Internet than is already there?)

(Or is the fact that it is Apple that is doing this somehow appropriate?)

OK, then, will this work?  Can you protect the confidentiality of your real information with automated false information?  I can see this becoming yet another spam/anti-spam, CAPTCHA/CAPTCHA recognition, virus/anti-virus arms race.  An automated process will have identifiable signs, and those will be detected and used to ferret out the trash.  And then the “identity pollution” (a new kind of “IP”?) will be modified, and then the detection will be modified …

In th meantime, masses of bandwidth and storage will be consumed.  Socnet sites will be filled with meaningless accounts.  Users of socmed sites will be forced to spend even more time winnowing out those accounts not worth following.  Socnet companies will be forced to spend more on storage and determination of false accounts.  Also, their revenues will be cut as advertises realize that “targetted” ads will be less targetted.

Of course, Apple will be free to create a social networking site.  They already have created pieces of such.  And Apple can guarantee that Apple product users can use the site without impedance of identity pollution.  And, since Apple owns the patent, nobody else will be able to pollute identities on the Apple socnet site.

(And if Apple believes that, I have a bridge to sell them …)

Share

New computers – Mac – batteries and the Apple Store

My MacBook battery, which has had problems in the past, suddenly decided not to charge at all.  Well, one Mac fanatic friend had been on at me to take it in to an Apple Store and have it repaired, as it was still under warranty.I have now had my first, and hopefully last, experience of an Apple Store.

I’m fortunate.  I live in one of the few places in BC where you are less than 500 miles away from an Apple store.  I looked it up on the Web.  I even made a reservation.  Turns out that was porbalby a good thing.

I made the appointment later in the day, after business hours.  The Apple store I chose was in the downtown core, so I figured that I had best do it after office hours, to reduce demand from businesspeople needing to have their devices fixed.

As I approached the Apple Store, I could see which one it was.  This is because, unlike every other store in the mall, it had signage sticking out into the mall.  All the other stores had signage above the front face of the store.  The Apple was relatively small and tasteful.  But it also seemed to indicate a “the rules don’t apply to us” attitude.

Since it was late in the day, the mall was not crowded.  However, my second indication that I was near the Apple Store was a crowd of people outside the store, all looking at iPhones or iPads or with iPods plugged into their ears.

As I got to the store, I could see that it was narrow, but fairly deep.  There were devices of all types (in boxes) wallpapering the walls.  There were two rows of tables, with various devices and laptops on them.  And hordes of people.

It was packed.  It was crowded.  It was noisy.  It was a zoo.  I had a hard time fighting my way to the back to the service desk.  (Sorry.  “Genius Bar.”)

One of the staff asked what I wanted, and I told him repairs.  I told him my name and the time of my appointment.  He said someone would be with me shortly, probably before my appointment time.

At the appointment time, someone found me.  He asked what the problem was.  (At least, I think so.  He had a slight accent, but the noise of the crowd made it extremely hard to hear anything.)  I told him about the consistent problem with charging time, the refusal to charge, and the fact that, after having tried all kinds of rebooting and pulling plugs and checking profiles, that leaving it plugged in while I did some other work had apparently resulted in it finally charging up.

He looked at it and told me it was charged up.

I told him about the consistent problem with charging time, the refusal to charge, and the fact that, after having tried all kinds of rebooting and pulling plugs and checking profiles, that leaving it plugged in while I did some other work had apparently resulted in it finally charging up.

He said he couldn’t do anything while it was charged.

All this had taken place at one of the tables, not the “genius bar.”  (I guess you have to be relatively near the bar to be an actual genius.)  So we moved over there, and he decided that looking at some YouTube videos might run the battery down a bit.  (I suggested that news sites seemed to be faster, but he’s the genius.)  After running the battery down a bit, he looked at the power profile.  Then he rebooted and looked at some diagnostic utility that must be built in, but not accessbile to us plebes.  Then he looked at some other similar utility.  Then he looked at some logs.  Then he ran a short diagnostic.  He told me there the utilities showed that the battery was fine, but the logs said that at one time it wasn’t.  So I’d have to get the battery replaced.  He gave me some forms to sign and disappeared into the back.

I signed the forms and waited.  And waited.  And waited.  Eventually I started to think that maybe he was, in fact, doing the battery replacement.  I waited some more.  And more.

Finally he came back.  He said he had replaced the battery.  It certainly seemed to have less charge than before.  He showed me the power profile, and it now showed 0 cycles rather than the 47 it had showed before.  (This is less comforting than you’d think, since one of the other diagnostics had showed 42 cycles.)

I will take it on faith that he replaced the battery.  Since then I have run down the battery (watching an hour of live video on what was supposed to be a five hour charge), fully charged it, and run it for about seven hours.

But I sure don’t have much faith in them …

Since then, another Mac fanatic has told me that I should buy the extended warranty on the MacBook, since it was really comforting to know that Apple would fix all the problems that would happen over a three year period.

This advice is less reassuring than one might suppose …

Share

REVIEW: “Mac OS X Snow Leopard: The Missing Manual”, David Pogue

BKMXSLMM.RVW   20110202

“Mac OS X Snow Leopard: The Missing Manual”, David Pogue, 2009, 978-0-596-15328-1, U$34.99/C$43.99
%A   David Pogue david@pogueman.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-15328-1 0-596-15328-7
%I   O’Reilly & Associates, Inc.
%O   U$34.99/C$43.99 800-998-9938 fax: 707-829-0104 nuts@ora.com
%O  http://www.amazon.com/exec/obidos/ASIN/0596153287/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0596153287/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596153287/robsladesin03-20
%O   Audience i+ Tech 3 Writing 2 (see revfaq.htm for explanation)
%P   885 p.
%T   “Mac OS X Snow Leopard: The Missing Manual”

The introduction to the book states that it is intended for all levels of users, although it is primarily directed at those with an intermediate level of familiarity with previous Mac versions.

Part one introduces the Desktop, and general interface functions.  Chapter one is about folders and windows.  It definitely provides the information necessary to begin to operate the computer, but it also gives the lie to the statement that the Mac is easy to use.  There are a huge number of options for different functions, so many that it is impossible to remember them all.  The material is generally organized by topic, but there are notes, tips, and mentions buried in the text, and it is almost impossible to find these again, when you go back to look for them.  (Given the size of the book, I hesitate to suggest an expansion, but a page or two, at the end of each chapter, listing the points made, would probably be quite helpful.  And the “delete” key definitely needs to be listed in either the index or the key shortcuts appendix.)  The descriptions of operations are also incomplete in some cases.  There is mention of an indicator under Dock items which have open windows, but not that processes with no open windows may still show this indicator.

Chapter two proceeds in much the same way, dealing with the filesystem, and a great deal of trivia related to the associated windows.  The search function, referred to as Spotlight, is very, very detailed in chapter three.  The Dock and Desktop, further aspects of the operating interface, are described in chapter four.  The review of the functions is sometimes annoying in terms of the jargon used: does “go straight to the corresponding window” mean that the window becomes active, or comes to the foreground?  Does it open a window if it doesn’t exist?  Does it relate to programs, or just folders?  You need to work through the material with the book in one hand, and the Mac under the other.  (This process is not aided by inconsistencies in the operation of the Mac itself.  As I was working through this content I tried to create a new document from within the TextEdit program, and found that I did not have any options to create a file in any of the new folders I had established previously.  Later in the chapter there was mention of dragging folders to the Dock, and so I tried that to see whether it would allow me to use that folder.  Lo and behold, now I could create files in any of the new folders I had made, not just the one I dragged to the Dock.  Handy for my purposes, but not very informative in terms of why it worked that way.)

Part two deals with applications and utilities that ship with the Mac.  Chapter five outlines programs in general, along with documents (in terms of association with specific programs) and spaces (virtual, multiple, or external screens).  (More inconsistency: hiding the Finder behaves differently from hiding other applications.  And hiding used with Expose can give you some very … interesting effects.  The book warns you about neither.)  There is also an overview of the Dashboard and “widgets.”  Various aspects of data (entering, checking and moving it) are addressed in chapter six.  At this point in the book, items and tips start to repeat in the content, which possibly addresses the shortcomings in organization and the index.  Scripting (AppleScript) and mechanization (Automator) of common operations are dealt with in chapter seven, along with a set of somewhat related functions known as services.  As could be expected with an activity of the complexity of programming, the description of the associated applications is unclear, but there are some examples that take the reader in lock step through the process, and this exploration should provide a better understanding.  Chapter eight discusses the installation of the Microsoft Windows operating system on a Mac.  The review of Boot Camp (multi-boot installation) is detailed, but the outline of the virtualization options is limited to a mention of functions.

Part three is entitled “The Components of Mac OS X,” which sounds odd in view of the pieces that have already been covered.  Chapter nine addresses System Preferences, which are fundamental and significant settings and operations.  The programs generally provided along with a new Mac are described (in varying levels of detail) in chapter ten.  Removable storage, such as CDs and DVDs, are outlined in chapter eleven, which also notes the iTunes system.

Part four is entitled the technologies of Mac OS X (which sounds a bit odd given that the whole book would be about said technologies).  Chapter twelve deals with account aspects and functions.  Given the importance of access control, it is a bit disappointing to see security factors dispersed throughout, and not presented clearly.  Networks and sharing are discussed in chapter thirteen, with an odd gap in terms of sharing a wired Internet connection.  Printing, in fourteen, misses out on the sharing of printers in a mixed environment.  Chapter fifteen lists some aspects of multimedia, but is strangely reticent about video capture.  Some commands from the default UNIX bash shell are described in chapter sixteen.  Chapter seventeen notes a few customizations, mostly dealt with via outside programs.

Part five stresses the Mac OS online.  Chapter eighteen examines the setup of an Internet connection (and the discussion of sharing it is still limited and confusing).  Setup and operation of the Mail program is covered in chapter nineteen.   The Safari Web browser is dealt with in chapter twenty, and, as usual, there are a number of little tricks which would probably take you years to find out (by accident) on the “intuitive” Mac.  Chapter twenty-one explains iChat, the networks you need to make it run, and an enormous number of tweaks for such a simple function.  Some Internet server programs are listed in chapter twenty-two.  They are given the level of detail that any average computer user would need–except that the average computer user would have no idea of the network connections needed to set up a server on the Internet.

Part six is a set of appendices.  The dialogues for basic installation are listed in the first, but I was sorry not to see anything about installation on non-Apple hardware.  Appendix B has handy tips and suggestions for troubleshooting the most common types of problems.  One of the appendices is a Windows-to-Mac dictionary, which can be
quite handy for those who are used to Microsoft systems.  It could use work in many areas: the entry for “Copy, Cut, Paste” says they work “exactly” as they do in Windows, but does not give the key equivalent of “Command” (the “clover” symbol) -C rather than Ctrl-C.  You also need to know that what the book, and most Apple keyboards, describes as the “option” key is portrayed, in Mac menus, with a kind of bashed “T.”  Appendix D has URLs for a number of resources.  A set of keyboard shortcuts is given in the last.  This can be handy, but I found, in trying to rediscover keystroke combinations that I vaguely recalled from somewhere in the book, that I could not find many of them in the appendix.

There is a style issue in the written material of the book: the constant assertions that the Mac is better than everything, for anything.  The first sentence of chapter one says “When you first turn on a Mac running OS X 10.6, an Apple logo greets you, soon followed by an animated, rotating `Please wait’ gear cursor–and then you’re in.  No progress bar, no red tape.”  Well, if the gear cursor isn’t an analogue of a progress bar, I don’t know what it’s supposed to be.  (While we’re at it, I’m not sure what the difference is between the “gear cursor” and the “spinning beachball of death/SBOD.”)  Also, this statement is false: when you first turn on a Snow Leopard Mac, you have to go through some red tape and questions.  This is only one example of many.  This style may have some validity.  After all, anyone who does not use a Mac comes across the same attitude in any Mac fanatic, and, even without the system chauvinism, a positive approach to teaching about the computer system is likely helpful to the novice user.  However, the style should not get in the way of factual information.

For those using the Mac, this book is enormously helpful, and contains a wealth of information.  It’s not limited to the novice, or even the intermediate user: I found items in the work that none of my Mac support contacts knew.  With some minor quibbles I can definitely say that it is a worthwhile purchase.

copyright, Robert M. Slade   2011     BKMXSLMM.RVW   20110202

Share

New computers – Mac – some additions

I seem to have avoided the problems with Lion, by virtue of not having gotten around to buying it for a while.  Procrastination has its uses.

The battery problems (not those that Charlie Miller found, which seem to have been rather overblown by the media) appear to be getting worse: the battery is still taking forever to charge, and the charge doesn’t last as long. The power management “decisions,” on the part of the computer, are inconsistent.  Often, even when the computer is actually plugged into the mains, the mouse will be shut down, presumably to save power.  On the other hand, sometimes when the computer goes (or is put) to sleep, the USB power is obviously still running, and the mouse sitting there glowing like a nightlight.

Something is not right between Apple and Twitter.  Looking at Twitter via the Web interface (using Safari) is fine–as long as you are only looking at a few screenfuls of postings.  if you go back several hours, and are dealing with a Web page with hundreds of postings, the Mac becomes almost unusable.  The same size of page viewed with an old netbook running XP and Firefox is slow, but definitely works.

Share

New computers – Mac (Flash)

First off, I probably have to modify the perception that I may have left, in this series of postings, that I hate the Mac and everything it stands for.  Not true.  While I find the “Apple knows best” attitude frustrating at times (all right, many times), the MacBook Pro that I purchased is a nice machine in many ways.  For one thing, it’s the most powerful machine I’ve got at the moment.  (Until I get the time to install the new desktop, anyway.)  For another, it hibernates (or suspends, or sleeps, or whatever you want to call it) really well.  I appreciate that ability to simply close the lid, and open it up, and all my stuff is still ready to go, within seconds.  (This has been a particular frustration with the Asus netbook, which sometimes hibernates, and sometimes decides to think about it.  Forever.  Or, until I take the battery out, whichever comes first.)  I like the ongoing and very accurate battery indicator (although I’ll have more to say about that in another post).

It was the battery indicator that first alerted me to the issues with Flash.  As one of my Mac resource helpers noted when I found this out, Flash may, single-handedly, be responsible for global warming.  It is rather odd to pull up a YouTube video, or any other page with a high Flash content (news sites are particularly vile in this regard) and watch the battery life almost instantly cut in half (or drop even further).  To get your battery life (well, most of it, anyway) back again, all you have to do is drop the offending Flash page.

The thing is, I’ve never noticed this before on my other laptops.  Certainly Flash, on Windows, doesn’t have anything like that same effect on the battery life.  Yes, it’s more of a drain, and, yes, you’ll probably have to keep an eye on heating issues.  But the battery life isn’t half of what it was simply because of viewing videos.

Apple doesn’t like Flash.  The converse may also be true.  Because, despite the Mac’s much-vaunted prowess in multimedia areas, online video definitely seems to be a problem for it.

At home, we’ve recently been watching some TV programs via the Internet.  (We’ve done this because, at home, I get Internet service from Shaw, which provides our cable TV, as well.  And, they seem to be just as unreliable at providing the uninterrupted TV feed as they do at providing Internet service or help.  So we’ve had to fall back on the Internet to catch up on shows we’ve missed while the cable was out.)  Because of this, I’ve had a chance to do some comparison between a seven-year old Windows (XP) desktop machine, and a brand new MacBook Pro.  The old Windows machine wins, hands down.  We’ve watched streaming feeds of shows from the company Websites of CBC, GlobalTV, and Bravo, all at the standard presented resolution, and in the full-screen display.  All of these sites use Flash.  And the old (seven years old, remember) Windows machine, using Firefox, has won every round against the Mac, using Safari.  The streaming is just as good (which is odd, considering the sheer age of the Windows box), but the Mac tends to lock up (or go random places) any time we use the controls to rewind, or pick up a missed segment.

To repeat what I started out with, the Mac is great in many areas.  Viewing Twitter, even with the new (and heavily script-laden) interface, the Mac is very much faster, and Safari opens new windows and loads them quickly.  Which I why I found the online video weakness to be so odd …

Share

New computers – Mac (operations and video)

The review of the Mac functions in my little book is sometimes annoying in terms of the jargon used: does “go straight to the corresponding window” mean that the window becomes active, or comes to the foreground? Does it open a window if it doesn’t exist? Does it relate to programs, or just folders? You need to work through the material with the book in one hand, and the Mac under the other. (This process is not aided by inconsistencies in the operation of the Mac itself. As I was working through this content I tried to create a new document from within the TextEdit program, and found that I did not have any options to create a file in any of the new folders I had established previously. Later in the chapter there was mention of dragging folders to the Dock, and so I tried that to see whether it would allow me to use that folder. Lo and behold, now I could create files in any of the new folders I had made, not just the one I dragged to the Dock. Handy for my purposes, but not very informative in terms of why it worked that way.)

(More inconsistency: hiding the Finder behaves differently from other applications. And hiding used with Expose can give you some very … interesting effects. So far I have not had the nerve to play with hiding, Expose, and Spaces all at the same time.)

One of the constant claims made by Mac devotees is that the Mac is better at media. Well, over the past couple of weeks we’ve had occasion to try and watch a couple of TV shows over the Internet. (Once we just forgot: once the cable went out in the middle of the show.) Since the current desktop is seven years old, I figured that the Mac should be given a chance to prove its worth and strut its stuff. We watched one show on the desktop, and one on the Mac.

Mac: total FAIL. Choked, gasped, stopped for no apparent reason (no, it wasn’t the net feed dying: it skipped a bunch of the show, and went to the next series of ads), would not respond to commands, and overall a general lack of “good viewing experience.” The old desktop was grinding away with the fan running full out most of the time, but at least it played the show all the way through.

Share

New computers – Mac (learning curve)

I’m working through a book to learn about my new Mac.  (You’ll see the review eventually, and probably recongize some of this text when you do.)  It provides the information necessary to begin to operate the computer, but it also gives the lie to the statement that the Mac is easy to use.  There are a huge number of options for different functions, so many that it is impossible to remember them all.  The material is generally organized by topic, but there are notes, tips, and mentions buried in the text, and it is almost impossible to find these again, when you go back to look for them.  (The “delete” key definitely needs to be listed in either the index or the key shortcuts appendix.)

One of the appendices is a Windows-to-Mac dictionary, which can be quite handy for those who are used to Microsoft systems.  It could use work in many areas: the entry for “Copy, Cut, Paste” says they work “exactly” as they do in Windows, but does not give the key equivalent of “Command” (the “clover” symbol) -C rather than Ctrl-C.  (It was also only in working through some practice that I discovered that what the book describes as the “option” key is portrayed, in Mac menus, with a kind of bashed “T.”  Yes, I suppose that, once you know this, it does look kind of like a railroad switchpoint, but it’s hardly intuitively obvious.)

There is a style issue in the written material of the book: the constant assertions that the Mac is better than everything, for anything.  The first sentence of chapter one says “When you first turn on a Mac running OS X 10.6, an Apple logo greets you, soon followed by an animated, rotating `Please wait’ gear cursor–and then you’re in.  No progress bar, no red tape.”  Well, if the gear cursor isn’t an analogue of a progress bar, I don’t know what it’s supposed to be.  Also, this statement is false: when you first turn on a Snow Leopard Mac, you have to go through some red tape and questions.  This is only one example of many.  This style may have some validity.  After all, anyone who does not use a Mac comes across the same attitude in any Mac fanatic, and, even without the system chauvinism, a positive approach to teaching about the computer system is likely helpful to the novice user.  However, the style should not get in the way of factual information.

I’m used to UNIX, and I’m already into Terminal, but it’s annoying to have that be the only way to access some of the material, given the repeated assertion that the Mac is so easy to use.  Another little quirk today: yes, you can access Windows servers, but you can’t save anything to them.  (I did find a way around that: create the file in Windows, open it on the Mac, copy information into it, and then save.  Easy, right?)

Share

New computers and old network problems

Well, I don’t know if this is a continuation in the “new computers” series, or just rehashing an old problem.

I’ve noted before the problem of the complexity of trying to establish an ad-hoc network under Windows.  And, I’m trying various things with the new Mac.  So, in a situation, right now, where I have one network cable, and two computers downstairs, I decided to see what an ad hoc network was like with a Mac.

I remembered to do the bridging thing on Windows, and I’ve set up an ad hoc network with a pre-shared key.  (At least, I think I have.  That seemed to be the way it worked, and the Mac connected with a password, but, on the Windows machine, when I go back and look at it, it says it’s open.)  The Mac wouldn’t show the network when I looked at the list, but, when I gave it the name and password it seemed to connect just fine.

I got a Web site correctly on the Mac.  Then I went to connect to the Windows machines as servers, and that worked out fine.  Then I went to do some work on the Web, and … nothing.  The Mac wasn’t able to get onto the Internet.  I was still connected to the Windows servers, but couldn’t get a Web page.

And, then, suddenly, I could, again.  And then I couldn’t.  (At the moment, I can’t.)  (Sorry, started working again just before I finished this entry.)
I’ll have to give it a shot with the Mac connected to the cable, and see if I can set up an ad hoc wireless connection that the Windows netbook can use, but, at the moment, Mac networking is not working any better than Windows in the ad hoc environment.

Roll on PopulistNet.

Share

New computers – Mac (nets)

One of my Mac fanatic contacts, when I mentioned that I needed to connect to my old Windows machines, said that it was easy, you just had to open “Networks,” and there they all are!  Well, no, not quite.  Not by a long shot, in fact.  I knew there was something called “Finder,” which was basically the interface to the filesystem on the Mac OS.  I even figured where to find it, going to the icon on the extreme left end of the top of the screen, and figuring that choosing the “Finder” under that option would change the top menu items from the browser that was active at the time.

So, I found Finder, and I even found the Network part of it.  And I asked it to search for servers.  It didn’t find any.  So I asked it to find a specific server.  It didn’t find that, either, but the fact that the name I had specified popped up with “afp:” at the beginning gave me an indication that I had to specify a protocol for Windows machines.  I went searching in the help files, and, eventually, found it.  Not too hard to figure out that it was “smb:”  at least, not too hard once you know it.  I then was able to figure out, on my own, that specifying the machine name with a leading “//” was wrong, because the Mac helpfully and intelligently adds “//” to whatever you type, but is too stupid to figure out that “////” is wrong.

Share

New computers – Mac (basics)

My father-in-law is a dedicated Apple fanatic (as are a number of my friends).  Since I had an MS-DOS machine when we first met, he tagged me as an IBM person.  (It was vain to point out that, although I had once installed a Baby 36 for a charity, I did not, in fact, have a System 360 installed in the non-existent basement of my apartment.)  He eventually figured out that Microsoft made the operating system, but, even though I have worked on (among others) a predecessor to AOS(VS), Apple DOS, UNIX, TOPS-10, VMS, JCL, and CP/M, and make no secret of my frustrations with Windows, he still considers me to be one of “the enemy.”

Well, I’ve always wanted to have a crack at Macs.  I got the first one installed in one company I worked for, over twenty years ago, used it for a while, and, despite the frustrations, was still interested in getting one of my own.  So, this year, while I had the need to update at least two machines, and since the price had come down from “completely-out-of-the-question” to merely “obscene,” I decided to get one.

The experience has been interesting.  I shall, no doubt, have more to say about aspects of operation in the future, but it has been an education to get a new Mac (a MacBook Pro laptop) and take it out of the box.

To give credit where credit is due, I’ve got to say that I’ve been impressed with the performance of the Mac and the Safari browser on the Web, which is what I’ve done with it so far.  The overall design is nice, of course.  I like the battery life (so far), and the “sleep” mode performance.  The machine recognized a generic mouse I plugged into it, and happily connected to the Internet when through a wired LAN.  The minimal (well, OK, slightly more than minimal) experience I’ve had with Mac OS X was quite sufficient to get me started on the machine, and I’ve even managed to puzzle out some things with the help of the “Help” system (but more on that later).

The big thing with Mac advertising, and Mac devotees, is that the Mac is easy to use “right out of the box.”  And, yes, that is partially, and possibly even mostly, true.  But not completely.

The reason that I needed to plug in a mouse was that I could not figure out how to “choose” or activate something with the trackpad.  I could move the pointer around, no problem, but then there were no buttons to push.  Tapping didn’t work.  I remembered seeing people tapping hard on the trackpad on Mac laptops, so I tried that.  Sometimes it worked, and sometimes it didn’t.

Experienced Mac laptop users will be smirking, of course, knowing what I eventually found out.  You don’t tap the trackpad, or even tap it hard.  You press, deliberately, and you can actually feel a detent “click” when you’ve pressed hard enough.  (And, of course, whatever you wanted to activate gets activated.)  This is sort of implied in the documentation (when I found it), but even there isn’t really made clear.  And it certainly isn’t “intuitively obvious.”

Ah, yes, the documentation.  Once you’ve figured out how to open up the box the laptop comes in, you take the laptop out of the clear cellophane “envelope,” and open it up.  Since it is shipped with the battery charged, as soon as you take the protective foam sheet off the keyboard, and figure out the power button (not *too* hard, if you’ve got good eyes: white on silver is pretty, but not exactly clear) things start happening.  Once you’ve gotten over the excitement, you may notice that there are power cords in a bay at the back of the box.  You are less likely to notice that there is a black cardboard envelope nestled into the black packing material at the front of the box.  Pulling on a tab in just the right way starts to loosen this, although you still seem to have to find a finger hole in the envelope in order to get it out, and then figure out how to open it.  Once you do, you will find a brief booklet which does tell you which of the two power cords is actually a power cord, and which is a mere (and very short) extension cord.  It also tells you a few other things that would have been handy, had I not already figured them out by trial and (mostly) error.  (There is also a CD or DVD which I haven’t yet had the time to try out.)

OK, some of the design is great.  (Not insanely, but great.)  Not all of it.

Share

Apple Safari Denial Of Service (iPhone, iPad, iPod, OS X, Windows) 0-Day

I’ve spent a lot of time thinking about what to do with this one, and when I say a lot of time, I really mean just over 3 months now. I also informed Apple that I would be writing this article, and asked for an official quote from them, and also a rough date as to when the relevant patches would be disclosed.
I found this one by fuzzing Safari 5.0 on the night that it first came out, I was using Browser Fuzzer 2 (bf2)and then spent a while playing with it to see if I could turn this into more than just a Denial Of Service (DoS), unfortunately I wasn’t able to. This is not to say that it’s not possible to do so, I’m just not too sure on how to do it, it may very well be more than just a DoS with a few tweaks to the code.

I initially tried selling this one to ZDi, but their response to me was fair and to the point:

“Dear xyberpix

We have reviewed your recent case and discovered it was a duplicate of an issue we received in January of this year. We have also determined that this issue is likely non-exploitable. Due to this we are going to pass on the opportunity to pursue acquisition of this vulnerability information through the ZDI program.

Thank you for the submission and we look forward to your future work.

Regards,
The ZDI Team”

So, January 2010 and to date, this still has not been fixed by Apple! People give Microsoft and Adobe a hard time about their time to release patches, but seriously 8 months is really pushing it!

So I figured I’ll see what Apple has to say about this one, and sent it along to their product security team, asking if they were willing to reward vulnerability researchers for their time. I wasn’t asking for anything major at all, maybe the cheap iPad or even just a copy of Logic Studio 9 for my trouble. That’s really not too much to ask really is it? I didn’t have any high hopes though, and well here was their response:

“Hello Xyberpix,

When we address an issue in a Security Update, we give credit to the person who reported the issue to us.  However, Apple does not directly provide financial reward.”

Okay, fair enough, I didn’t go looking for bugs for financial gain, but it would have been a nice token nonetheless. I guess the fact that I’ve been a loyal Apple fan boy for close on 8 years now means nothing to them at all. I guess this is why I’m a firm believer in the No More Free Bugs movement, in the same sense though I can’t sit around idly and wait for what’s been over 3 months since I found this issue, and Apple has not released a patch yet!

Apple also came back to me stating that they had addressed this vulnerability in iOS 3.2 and iOS 4.0, well, erm, dunoo how to tell you guys this but, nope you didn’t. So being the nice guy that I am I sent them the relevant crash logs as requested. Their response was the following:

“Hello xyberpix,

Thank you for forwarding this issue to us.  We take any report of a potential security issue very seriously.

After reviewing the issue, it appears that this denial of service issue results in the unexpected termination of MobileSafari, but not of the host operating system or a system service.  For our internal tracking purposes, this will be classified as a “Crash / Hang” issue. Although we do not see additional security concerns, we do consider this to be an important issue, and are working with the engineering team to address it.

If you have reason to believe that the issue has ramifications beyond terminating Safari (such as terminating the operation of the host operating system or system service, or executing arbitrary code), we would appreciate the steps to reproduce this, or crash logs from when you observed it.”

I then replied asking about this issue on platforms other than iOS, namely Windows and OSX, to which I recieved the following response:

“Hello xyberpix,

The crash is still a security issue on platforms on which it has not been addressed.  So far, it has only been addressed on iOS.

For the protection of our customers, we ask that you do not disclose details of this vulnerability until it has been addressed on all platforms.

When we release an update to address this issue on other platforms, you will be credited for the vulnerability.”

Okay, so let me get this straight, this is not a security issue on iOS, it’s a crash/hang issue, which they have apparently addressed in iOS 4, and I had to bug Apple about the Windows and OS X Safari issues, even after I informed them that it was possible to crash Safari on all platforms, not just iOS? Something’s not quite right here…

When I asked for a rough timescale on when a patch for this is going to be released, I was given the following response:

“The following information should be considered confidential.  We are sharing this information as a status update on an issue you reported.  Please do not share this information with others.

This issue has already been assigned CVE-20xx-xxxx, when it was fixed on iOS.

The issue is currently planned for our next available software update.  I don’t have a date for you yet, but we will coordinate with you closer to the release of the udpate.

I completely understand confidentiality, but I also believe that security researchers should get more than just credit for discovering a vulnerability that Apple’s testers should have found in the first place.

Oh wait, it seems they did find it, but they just claimed to have fixed it, instead of actually fixing it, did I get that right?

My last attempt at contacting Apple was on the 2nd August 2010 to ask if they could please give me an official statement on this issue that I could include in this post, and if there was still no chance at all of getting some sort of reward for this finding. Their response was this:

“Hello xyberpix,

We do appreciate the time you took to find and report the issue to us.

As mentioned, it is not our policy to provide financial compensation for issues.”

I really don’t want this post to be taken the wrong way, yes I was looking for compensation for the vulnerability, but not thousands of dollars, just a little something to make the time spent on this one worthwhile. I also wanted to have an official statement from Apple on this one as to when they are likely to release a patch, neither of which they were willing to do. Personally I don’t feel that either of these things were too much to ask at all from a company that is growing in leaps and bounds each year.

If any Apple employee’s would like to discuss this one further with me, the case number for this issue is 111476071, and you have all my contact details.

As a matter of courtesy and security I will not be publishing the code for this DoS, as I do not believe that would be responsible, once a patch that works has been released by Apple, I will upload the code. I have also removed the CVE number and also the specific function that causes the crash.
I’m really looking forward to all your comments on this one people, as I’d love to hear your views.

Share

Apple iPhone/iPod Touch/iPad Security Update

Yesterday Apple released a security update that patches the Jailbreakme vulnerabilities to stop people Jailbreaking their Apple devices.

Okay, so maybe I’m looking at this the wrong way around, but it seems that when a vulnerability gets a lot of media attention, Apple work the backsides off to get this one patched. I understand that we are talking serious vulnerabilities here, but still. I’ve personally been in contact with Apple for a couple of months now in regards to a DoS vulnerability that I discovered, and still have no time line on when a patch for this will be released, so maybe all that’s needed is to turn this into some media hype, hmmm.

So the vulnerabilities that this patches are the following:

  • FreeTypeCVE-ID: CVE-2010-1797

    Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later

    Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution

    Description: A stack buffer overflow exists in FreeType’s handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.

  • IOSurfaceCVE-ID: CVE-2010-2973

    Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later

    Impact: Malicious code running as the user may gain system privileges

    Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.

Share

Safari AutoFill Exploit

So it seems that Safari uses the details from your Address Book to AutoFill forms on web sites, this is enabled by default. In theory this is a great idea, until someone writes some malicious JavaScript to get these details passed to a hidden form without your knowledge. Looking through all the possible available fields in the Apple Address Book app, it really gets quite troubling. Name, Address, Job Title, Department, Anniversary. This could all be used nicely for a really fun Social Engineering exercise, or really help with an identity theft scam.

There is a PoC of this hosted here.

Personally I’d suggest disabling AutoFill in Safari’s preferences, better safe than sorry.

Share

Why Is Paid Responsible Disclosure So Damn Difficult?

So I’ve been sitting on an Apple vulnerability for over a month now, and I’m really starting to realise that maybe just sending the details to the Full-Disclosure mailing list and Exploit-DB.com is the right way to go about disclosing vulnerabilities and exploits.

I initially contacted ZDI to see if they would be at all interested in buying the exploit off of me, as I spent a lot of time researching and finding this one, and I’d like to get something for my efforts. I am a firm believer in the No More Free Bugs movement, I understand and appreciate what ZDI are doing, but the fact that it took them just under a month to get back to me, is really not good enough to be very honest. If they don’t have the researchers, then advertise worldwide, instead of just US only. I know I for one, would be happy validating bugs all day, and this is the the type of work that can be remotely.
Yesterday I also submitted the same information to iDefense Labs Vulnerability Contributor Program (VCP), who claim to get back to me within 48 hours, so we’ll see how that goes. I will update this post as and I when I know more.

I also took the off chance of mailing Apple directly, and asking if they offer any rewards for vulnerabilities that have been found, and if so what they would be. I don’t have high hopes on Apple offering anything, but to be honest, I would prefer to  disclose this one directly to Apple. They however  have paid staff to do this work on a full time basis on all their products, so why aren’t they doing it properly, and I feel that anyone else finding bugs for them, should be compensated appropriately. However, I e-mailed them yesterday and recieved an automated response, so we see how long it takes them to respond to me as well.

This may end up being a rather long post, but let’s see. I’m also expecting to see quite a few interesting comments on this post as well, so come on people.

UPDATE 30/06/2010:

Received a response from iDefense last night,and a request for more info. So just over 24 hour response time, which is brilliant, I’m really impressed so far.

Recieved a response from Apple, and if I would like any reward (aside from credit for the find), then I was informed that I should go through ZDI or iDefense.

Share

iPhone Data Protection

Now that Apple has released IOS 4 there are a couple of funky security features that you can make use of, namely Data Protection and strong passcodes.

“Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages and attachments. Third-party applications can use the data protection APIs in iOS 4 to further protect application data.”

For more information on how to enable this feature, please see the Apple article HT4175.

Stong passcodes means that you can finally do away with the standard 4 digit PIN to lock your iPhone and you can now set up complex passwords instead. To enable this, go into Settings->General->Passcode Lock and then turn off Simple Passcode.

Share