My name is Cédric Bozzi. I make websites and apps, and this is my blog dedicated to technology: here you’ll find news, opinions and reviews, all written by a Mac-head who tends to have definite opinions about stuff.
The iPod Book. Cool idea, although the implementation lacks polish.
The Mac Hater. Someone wants to be the new Ellen Feiss.
The <plaintext> virus! Who knew? It’s never too late to learn of a new antique HTML tag.
Astro quotes Le Monde, explaining why the DADVSI will be useless will be of no consequence (of the good kind (for music publishers (besides the fact that a fine, rather than a tax, won’t go into their wallets anyway))):
Someone who downloads copyrighted works for personal use will risk a 38-euro fine. But, technically, it’s impossible to detect such downloading unless you require ISPs to perform systematical eavesdropping on their subscribers’ activity. And that is “excluded by the 2000 European directive regarding electronic commerce”.
And Le Monde proceeds to name a couple programs specialized in RIAA-proof filesharing — and after I had a look at them I still don’t understand why Waste, which seems to me like the best-designed alternative, is pretty much in stasis. Did Nullsoft / AOL / Time-Warner manage to scare developers with their illegal retractation of the open source license? (No links here; I’d have to remove them from the archives when/if DADVSI becomes operational.)
The “OS X is ridden with vulnerabilities” month isn’t over, and here comes a new one (that link is safe, the page linked from there isn’t): an image that crashes Safari, the Finder, and any other program that uses OS X’s image processing routines. Found by Drunkenbatman:
It’s not as though Apple is the only one to ever have problems properly dealing with images without creating security holes and other general wonkiness. Belay the hysterics, but do take it seriously. I wouldn’t be the least bit offended if you wet yourself after realizing what someone seriously capable could be poking around in if I’m able to blindly stumble into this stuff again and again.
It’s apparently Quicksilver’s fault that my Finder quits drag-and-dropping after a while. The irony being that, like another poster wrote, I’ve come to rely on Quicksilver as a workaround in those cases when I can’t drag from the Finder anymore.
(But then, you’ve got to wonder how a third-party app’s bug can disable drag-and-drop in Finder — and Clutter, Camino, and a few others. What functionality are those using, that Safari, for instance, isn’t?)
I didn’t like coComment; co.mments [via] is simpler and more functional. The purpose is less revolutionary: it isn’t so much about managing in one place all the comments you posted elsewhere as it’s about maintaining a list of threads you want to keep an eye on — whether you participated or not.
All you have to do is set the bookmarklet up in your links bar, click it, and (after a bit of Ajax magic, that always looks good) the post is added to your watched list… without even having to registering on the co.mments site, as you can be recognized by a cookie (even the RSS feed works without having to register).
That’s all nice, but not new; what matters is, co.mments manages to auto-detect comments on #FF00AA and my personal blog, both of which use home-made non-standard CMSes; it has a problem with accents, but correctly identifies each comment. A tiny modification to the gayattitude scripts, and all comments there are now taken into account to: I simply had to add an <a name> for each comment, which makes sense, and every blog should have those. And, even in the case where it doesn’t manage to identify comments on a particular blog, at least the post is in your list.
It’s pretty, simple, clean, and it works today, not ten years from now when all blog platforms have been reprogrammed to accomodate it. Heavily recommended to anyone who hasn’t formed the habit yet to bookmark any article they post a comment on.
XP on Mac won’t start the computer’s fans when heat rises, so if you’re using it for a while you might just fry the computer. Which isn’t surprising at all, considering OS X updates have been known to bork fan speeds (and when you think about it, it makes absolutely no sense to defer fan management to the OS rather than handle it with firmware).
[03/21] Or the opposite. There’s already enough people who have tested the XP on Mac thing, so where was this rumor coming from then?
Stapler 1.0 [via] is an interesting new note-taking / to-do-list application. It’s rather rudimentary (and could be prettier) but well thought-out for what it does: each list item is an inline RTF document (i.e. it can take formatting and images), there’s a checkbox to mark items as done (unlike OmniOutliner Pro’s checklist that doesn’t think of changing the item’s color) that remembers what date it was checked, and it seems light and responsive enough. I could very well move my per-project to-do-lists to this.
Shareware (but the website says it’s nag-free and doesn’t mention an expiry date), by the makers of Ulysses, no less. You should definitely see if it fits you.
The Mighty Mouse’s mouse. Scary stuff.
Oh, I’d missed that one: “
Not quite off-topic since it’s about music players: if there’s one iPod accessory Apple should have designed in-house, it’s this battery extension. And likewise for laptops. (Well, not the same exactly, but it’s insane they don’t offer an external battery with some flair and clever integration.)
I don’t really care that the MacBook’s MagSafe connector might burst into flames (Apple quality control has been a joke for a while now, particularly when it comes to hardware, and laptops); I’d like to know, however, which interpretation is true: did Flickr delete the pictures at Apple’s request (on what grounds?!), or did the original poster agree to remove them to please tech support (which shouldn’t have been needed)? It sucks in both cases; but, in the latter, it only involves Apple, not Flickr.
XP on an Intel Mac is a reality, dual-boot included, and the process seems fairly simple to follow. But, if I get this right, it relies on patching some XP system files (or at least some install files), so it may be just a matter of time before an innocuous Microsoft security update surreptitiously kills Wintel Macs. Oh, and the Mac’s peripherals aren’t handled (even the video card isn’t quite recognized — which puzzles me, considering that Apple uses standard chips).
In the beginning, I was interested, but when you think about it, for productivity applications an emulator will still be the simplest way to go (when it’s updated for Intel Macs), and as for games you can just buy a console, or play WoW on OS X.
DRMs eat up to 25% of your music player’s battery life. Makes sense.
FileRun (the Finder replacement vaporware) has gone from “available on March 17th” to “available soon”. There’s a new screenshot, and I’m still not impatient. (But I still check that bookmark because I’m tired of the Finder’s imperfections.)
You know, in this day and age, committing to release a 1.0 version rather than lingering in beta state is quite commendable (unless it’s anachronic), but there’s no way announcing your product early and then postponing the release date over and over again can be a good way to build up brand recognition. Stevie would never do that. (He’d let the rumor sites do it instead.)
How did I miss that? Endo [via] is a new RSS aggregator by the makers of Ecto, with a lot of cool ideas and nice polish. At version 1.0.x, it’s a bit less power-user-oriented than NetNewsWire, though, so I’m not switching — and it makes my iMac’s fans spin like mad when downloading my (700) feeds and their attachments for the first time (even though the preferences were set to 3 maximum concurrent downloads; I didn’t find a way to stop attachment download or even disable it). Still, it might be more pleasant to use than NetNewsWire for the casual user, and in any case it’s very promising.
There’s no such thing as a free iPod and the TRUSTe privacy seal doesn’t mean much. Both big surprises.
New critical vulnerabilities — but in the Flash and Shockwave players, for a change. Download the updates quickly (both Flash and Shockwave), because pretty much everyone, with a Mac or PC and whichever browser, uses the same plugin, so this has to be the most tempting vulnerability ever for hackers to exploit.
Oh, and the OS X Flash install seems pretty stupid in putting the plugin in my user account rather than globally for the system, so unless you want to move files yourself (or there’s a way to make it install correctly, I didn’t look much for it) you’ll have to run it for each user.
Rather than spelling, Bullfighter checks your writing for overuse of cliché business paraphrases. Heh, excellent.
Times change (slowly). And not for the better.
Could it be that Windows Vista would finally have a launch date they could stick to? Well, that might be feasible, considering it doesn’t look to be much more than good old Windows XP with a new Quartz-ish graphics engine (which is probably not that different from XP’s “layered windows” system, only that one was mostly unused, probably just because Microsoft didn’t bother much to demonstrate them) — check out this list of Vista’s best features:
As you can see, Vista offers the best user interface of any operating system available today. The new user interface will make finding your data easier and also allow you to work faster with important new features like Quick Search and Windows Flip3d.
Aha. Hahaha. Oh my god. Those Microsoft comedians never disappoint.
[03/22] Ah, of course it couldn’t be.
And the Vista news don’t stop: now they’re not even using .NET that much. Well, there could be very good reasons for that (heavier, less efficient… or reducing the number of bugs and crashes), but considering how they’ve removed every single improvement from Windows one after another, I don’t see why that wouldn’t be another case of just giving up and making that damn XP 2.0 ship already.
(I loved programming with .NET. Really. Well, except for all the things .NET didn’t do and you had to hook up to the original Windows APIs and it was a pain, but you could expect that to improve over time. That is, unless Microsoft abandons it and remains stuck with C and MFC. Yuck.)
Apple vulnerability of the day (including the Windows versions of iTunes and Quicktime); the way it’s going, on March 31st every Mac in the world is going to self-destruct, right before Apple’s anniversary.
Amazon Simple Storage Service: off-load your website’s bigger files onto the Amazon server grid for $0.15 per GB stored and $0.20 per GB transferred (and it also handles BitTorrent so you can further minimize the bill). Our host doesn’t charge for bandwidth, so I’m not particularly interested until their solution doubles as a SQL server (wouldn’t that be the logical next step?), but it still has a pretty high cool factor, although “obscene” material is forbidden.
Ars Technica’s take: would you trust your most important data to a potential competitor?
FontExplorer X 1.0 (Linotype’s iTunes- and iTMS-inspired font management and online shop for OS X) is available and still free. I’m getting tired of FontAgent throwing beach balls at me for five minutes at a time every time a font is activated, so I’ll have to compare. Someday.
Caboodle [via] is a free information manager (like Yojimbo, only less cute). I’m not going to use it because it lacks proper web link/archive management (if you drop a bookmark into the library, it’ll create a text note containing the URL, and it won’t even be clickable), but it looks good enough for the price, if you’ve got the need for its functionality.
I’m completely lost — I can’t find enough information on online newspapers, the blogs I read are too busy writing about something else (so all it takes to silence protesters is postponing the vote for two months? the internet’s going too fast to linger on the same law twice?), and now all American tech sites announce that Apple is just about to be forced to close the French iTMS because the law would require purchased tracks to be playable on any music player. Which should by definition imply offering them as MP3s, no DRMs or anything.
The law that was supposed to make DRMs untouchable (think DMCA) becomes, after one too many amendments, the exact opposite? Uh, there’s gotta be something wrong here. Judging from the few articles I could dig up, it seems to be a simple misunderstanding to be blamed on a parliamentary who doesn’t get the law he’s in charge of, or doesn’t speak English as well as he thinks, or it’s been taken out of its context and he’s just a victim — again. As it happens, this isn’t the first such misunderstanding about this law: the primates in charge at Universal et al. have developed a habit of saying “free software” when they actually mean “peer-to-peer” (well, there’s “free” in there, so it’s gotta be bad!), triggering misguided hysteria among legions of French geeks late last year (those same geeks who exhibit such a short attention span now).
Anyway, I’ve got to assume the truth is closer to what’s found in this Yahoo! News piece (although it also includes that sentence from Vanneste that’s been quoted everywhere):
It would no longer be illegal to crack digital rights management – the codes that protect music, films and other content – if it is to enable to the conversion from one format to another, said Christian Vanneste, Rapporteur, a senior parliamentarian who helps guide law in France.
(Incidentally, the “rapporteur” is just the parlementarian who’s in charge of bringing one particular law to the Parliament and following it through the debates. That *$%# doesn’t deserve the epithet ‘senior’.) Yeah, it makes more sense. It’s not about forcing Apple to supply an MP3 transcoding utility for iTMS tracks, but just not putting some developer in jail for making and distributing such a program. Funny seeing the article written from the American point of view, taking the DMCA for granted: “It would no longer be illegal…" Well, what do you know, it isn’t illegal for now, and that was kind of the whole point of this new law.
But then, here’s a law that was mostly about sending to jail (or bankrupcy) whoever cracks DRMs, and now they’re introducing a provision to allow pretty much any DRM cracking (by definition, cracking a DRM scheme is about converting the media to another format, isn’t it?). What’s that, but an empty shell?
All that’s left now (I’m not counting the creation of a government-operated iTMS clone for “young talents”, because I don’t think young talents are really waiting for the government to distribute their music, and they sure aren’t dying to put their MP3s on a gouv.fr website) is the definition of fines for downloading and uploading copyrighted material — I wonder whether it’s 150€ per file or a global package for all your past downloads (in which case it’d be a joke), but that clearly beats going to jail as counterfeiters, and it’s the best possible solution (I hate agreeing with all those artists reading Universal-written statements, but the “licence globale” or any other scheme legalizing file exchange is utterly absurd; it makes sense to have an incentive for you to pay artists, provided the sanction is reasonable). I’m worried now — wouldn’t that make DADVSI 2.0, uh… a good law? Well, no, we’re still far from there.
(Any additional source of information is welcome. And, of course, paying $15 for a record so that the artist can get some pocket change isn’t right but, come to think of it, that’s their problem — if they choose to sign a pact with the devil rather than promote their records online and organize their concerts themselves, that means it’s got to work for them somehow.)
A little to change to the www.ff00aa.com root page: for silly possibly hypothetic PageRank reasons, it now redirects to the default language (which, as of this writing, I have decided to be English, probably because I’m half asleep).
En français : Un petit changement à la racine de www.ff00aa.com : pour de sombres et potentiellement hypothétiques raisons de PageRank, elle redirige désormais vers la langue par défaut (qui, à l’heure où j’écris ces lignes, est l’anglais, sûrement parce que je suis complètement endormi). Si vous avez bookmarké la racine et que vous vous retrouvez sur la version anglaise, changez votre bookmark pour www.ff00aa.com/fr.
Si vous lisez ce blog en RSS, pas la peine d’avoir lu ce post.
Reducing guilt is the killer app. There you go! Your magical web 2.0 recipe for success! (No, seriously, it makes sense.)
CD Lamp. Cool idea — and would be even more interesting if you adapted it to store regular CDs (i.e., the ones you do need to have around).
Not quite new but, hey, it’s Saturday: Asimo runs [via]. Well, he doesn’t really run, in that he always has a foot touching the floor (the most likely reason being that it’s so heavy, the joints would have to be that much stronger) but you still have to convince yourself they’re not going to reveal the anorexic teenage girl inside by the end of the vide. And, via a comment, a video of a… thing… with legs, technologically amazing but creepy beyond reason — I’m going to have nightmares with this. (The soundtrack doesn’t help.)
I have to revise my photography workflow — spending half a day editing my pictures on Photoshop was fine when I made a session a month, but if I want to take advantage of living in Paris to use my camera more, and possibly buy a smaller one I could carry everywhere, that just doesn’t work.
I suppose it’s time for me to try out iPhoto, but I don’t expect too much from it. If Photoshop didn’t take four hours to launch and take 400% of my RAM, that would be a good start, too. Suggestions are welcome. (I’m that close to migrating to Flickr, but I really don’t like being dependent on foreign scripts, no matter how advanced.)
Right now I’m trying iView MediaPro, and it works just about perfectly (well, the image editing possibilities are a bit limited), save for one thing: for some insanely absurd reason, if you’re using the embedded image editing functions, then either you’ll overwrite the original picture or you’ll have to manually choose a folder where to save a backup — each time. The default being to save all backups of a given library into the same folder, which makes it totally unmanageable outside of MediaPro. I’m far from having decided to commit to it right now, so I’d very much like my backups to simply go into a subfolder of where the original file is. Am I the only one thinking it’d make more sense? And that it’s insane not to be able to “Save as…” after I’ve done some editing? Even if I choose to save into a different format, the previous version is deleted! I can’t trust my images to a program that’s so insistent on obliterating them.
It’s a shame, because the interface is otherwise well done (even though the program is available for Windows as well), and
it’s all snappy enough. Uh, maybe not — right now it’s spinning a beach ball.
Aperture and Lightroom are off-limits because they’re beta versions, and photo management is too important to deal with that. (Yes, Aperture is a beta, since it doesn’t really run well on any existing computer and it can’t read RAW files correctly yet.)
Turns out you can extend your Yojimbo trial period by deleting its data folder in Application Support, so I could check out the evolution.
Bookmarks now have an iTMS-like arrow button that gets them to open in Safari (which is nice enough, but hardly useful in a productive manner, being too small — this is a productivity application, not a web store, and requirements are different), but it isn’t displayed for web archives, and there’s still no way to go from a web archive to the original URL short of displaying the Inspector window.
Besides, having tried out the competition in the meantime makes me realize how useless Yojimbo’s bookmark management is: there’s a big WebKit pane down there, and yet it won’t use to display the bookmarked page, but only buttons to open it in Safari? What’s up with that?
My second biggest gripe was that you couldn’t decide at drag time whether to create a bookmark or web archive; now you can. But there’s no visual feedback: dragging to the Yojimbo dock uses the regular cursor whether Command is pressed or not, and dragging to the sources list uses the copy cursor (with the green “plus” bubble) in either case (so much for consistency). Still, it’s better than nothing.
Judging by Yojimbo’s brand new AppleScript dictionary, making a script to retrieve the currently selected web archive’s source URL is probably trivial. That might be enough if you could create custom AppleScript-triggering buttons in the toolbar, but they’re not up to that point yet; besides, it shouldn’t be up to the user to fill such an elementary void.
[03/15] The release notes only stated you could import data using AppleScript; I assumed that was an oversight when writing the notes, and nothing else, but I was wrong. Yojimbo’s current scripting capabilities seem to be write-only. Ungh.
In my original review, I wrote Yojimbo might have been promising if it weren’t a 1.0 release already. Considering how little has changed from 1.0 to 1.1, it’s even less promising now — by the time it becomes actually usable it’ll have reached 6.5.
I like Intel’s Montavello 1 prototype — I think it was originally rumored to be a tablet PC (i.e. the screen would also fold back), and it would have been even better, but even as a simple laptop is a nice configuration.
Cool Ajax trick: Windows Live’s infinite scrollbar (see? I can say nice things about Microsoft!) — although, being that it starts and rests in the middle rather than at either end, the appropriate metaphor would be more of a jog-dial. Much more seamless and intuitive… uh, maybe not… pleasant? well, more fun, anyway, and web 2.0, than clicking “Next” over and over again to scroll through long lists. Perfectly applicable to search results, virtual rolodex, blog archives, you name it, and I’m sure it could even work on Safari, if you wanted it to.
Yojimbo has been updated to version 1.1, but it apparently doesn’t extend my trial period, so I can’t test it. (To their credit, the expiration notification offers me to export my Yojimbo library, that’s nice.) But it doesn’t look like the improvements address much of my gripes anyway (actually, they don’t seem to be quite worthy of a point version increase).
Microsoft has a bunch of videos up for downloading [via] under the “Origami Architect” title, all of which are totally unrelated except for the one with “origami” in its title (thank heavens for my big, mighty DSL — I don’t even care I downloaded hundreds of megs of WMV for nothing). The video is mostly uneventful and boring, but still manages to make me want to hold one of these. Like Origami architect Otto Berkes states in that video, this is the perfect form factor for casual computing, to surf the web slouching on the sofa.
Most of the information in the video you could get from all CeBIT reports, but I think it’s a nice touch (in a barbaric “it’s a bit ugly but you gotta” way) that you can change the logical video resolution (i.e., the screen still shows 800x480 pixels, but the system thinks there are more, and the graphics are downscaled) to be able to use any program that expects more real estate — most interestingly, Tablet PC programs. So the Origami’s most important advantage is, it just uses a regular tablet-edition XP (or Vista) — and that’s also its major drawback, because that’s hardly exciting to hold between your hands.
Oh, yeah, there’s that special interface. Shiny, eh? Well, it’s just a launcher — a slightly modernized progman.exe. The underlying Windows interface doesn’t change a bit, even though it was never originally designed for this kind of device.
I can’t quite decide whether the launcher’s icons are following the interface’s perspective or they’re just on an orthogonal grid — but, either way, the buttons are ugly, not to mention the icons. Yeah, it’s Windows alright.
Apart from that, the “Touch Pack” that summarizes the extent of Microsoft’s software involvement in the platform (seriously, how is it a Microsoft project? Intel is subsidizing every PC builder under the sun to improve brand awareness, and they accepted to be Microsoft’s lackey on this one?) includes:
an ugly third-party virtual keyboard — according to Engadget, it’s good and effective, although it sure doesn’t look that way on screenshots, but judging from the developer’s site it should be skinnable (oh, and rein your horses, if the screen had multi-touch functionality, they’d certainly have said so)
a dedicated Windows Media Player skin (whoa)
a Sudoku game
miscellaneous “Touch Improvements” to Windows that I imagine to consist of making desktop icons easier to trigger accidentally
and… uh, that’s all.
Yeah. So very exciting. And yet…
And yet the Samsung prototype is teh sexy. Funny what some shiny black plastic will do — with less buttons and lights, and more overall attention to detail, it might as well be made by Apple. Come on. Seriously. Steve. I can’t afford an Apple Origami, and I have no need or use for it, but damn do I ever want one!
And let me reiterate: by the time the Samsung UMPC hits the streets, I give you two months before a bunch of die-hard Applemaniacs make it run OS X if you don’t announce a tablet of your own.
Oh, yeah, because apparently it’s just called a UMPC now — it figures that “Origami” was way too cool a moniker for Microsoft to keep (and it wasn’t very cool to begin with). Wonder what Windows Vista will be called when it’s released and has to shed its project codename.
I’m sorry, I’d want to give Microsoft some slack sometimes (maybe), but they just can’t help being complete doofuses… doofi… uh, fools.
And it seems like Alexandria (like the Bibliotheca) might well be Microsoft’s response to iTunes and the iTMS. Here’s to hoping they screw that one over badly, despite the momentum they’ll be able to garner as soon as they launch, or we’ll be living in a Microsoft media world. Oh, don’t worry — there’s plenty of potential to screw up, I’m sure they can manage.
Funny that the screenshot would feature Law & Order.
Oh my God. The Windows Media Player skin is totally ugly. They’re insane. (And I can’t figure out whether the Sudoku game does have handwriting recognition. But it sure isn’t pretty either.)
And, no, I’m not gonna apologize for disliking Microsoft and maybe even being slightly biased (actually, no, I’m not — I have no prejudice against the Xbox and I’m using a Microsoft trackball on my iMac). I earned it, using their products for ten years. And they amply deserved it, and keep deserving it again and again and again.
Origami Revealed: It’s a 7-Inch Tablet PC Platform. How… uh… expected. Okay then, let’s review the implications:
The latest Mac mini being a bunch of Intel chips thrown together, there’s no reason why Apple wouldn’t release a tablet mostly based on the same Intel platform as the Origami.
But the Origami will be too associated with Microsoft (and why? it looks more like an Intel than a Microsoft platform), so it’d have to be ostensibly different. Basically, you can expect any screen size but 7 inches.
If the Origami gets any kind of success at all, that’s additional incentive for Apple to finally come out with a tablet. (There’s no point in wondering whether they did develop such a product — it didn’t bother them maintaining an Intel version of OS X for years just in case it’d come in handy — but just when they’ll decide to release it.)
If Apple doesn’t, it’ll only be a matter of time before someone works out the drivers for Origami to run OSx86, with Inkwell handwriting recognition and everything. (Did I miss something or the supposed Microsoft Origami ad doesn’t even hint to handwriting recognition? I gather it’s an older video, but the official one won’t play on a Mac.)
And that’s yet more incentive for Apple to make its own tablet.
You’ve got to admit, it totally makes sense for Steve Jobs to postpone the iTablet launch, let Microsoft try itself at product buzz a bit, and come out with a cooler product a few months later.
Said cooler product will be twice as expensive.
The Origami isn’t that much more yet than a prototype, and Jobs doesn’t like to announce products (long) before they’re available.
I’m sorry, it looks like I couldn’t help but make it all about Apple here. Thing is, I’m a switcher, and there’s no way I ever want to put my digital life in Microsoft’s hands again — so, for me, the most important feature of this platform is that it’s supposed to run all sorts of operating systems. (Though I can’t imagine an Origami-specific Linux distro ever being usable enough for me to consider using it, either.)
Oh, and I wasn’t the only one. Gizmodo:
More baffled reactions which we anticipate regretting once Apple decides to use this as a Newton revival platform after the jump.
And it’s scary not because the OS isn’t powerful and flexible (both XP and Windows CE are perfectly capable systems, despite what the Linux crowd says), but because Microsoft has demonstrated, time and again, that it can’t design a mobile/PDA UI worth a damn.
And that’s exactly why I coudln’t care less about Origami except for the implications on the Apple world: it’s not about integrism, politics, or voting with my wallet; it’s the utter impossibility of having faith in Microsoft’s designers to produce a functional, ergonomic software platform and make it evolve in the right direction over time, too.
How ironic is it that the only thing Microsoft can do right is hardware? (I mean peripherals — I know nothing about consoles, have no opinion.)
You’re likely to read (over and over again, on each and every tech website) a derivative of the “Mac OS X hacked under 30 minutes” story that was published today. What you may not read, however (depending on whether you read Mac-apologist websites, mostly — well, you do, since you’re reading this blog), is the (semi-)rebuttal, so I thought I should mention it here.
The story, as reported: someone put up a challenge on the net to hack the Mac mini he’d setup as a typical web server; the challenge worked so well (well, they tend to), the machine was actually hacked in thirty minutes. Ooh, OS X is so much crap. One wonders how come three to five percent of the online population (and not necessarily the least interesting, in terms of stealable personal or professional data), and a few servers, too, can actually be running this OS at all, what with the “undisclosed vulnerabilities” that any hacker can exploit.
Well, that’s if you only read the ZDNet story (or the myriad copycats that’ll no doubt be published over the next few days) and don’t try to get more facts. If you do, you’ll find out that the challenge was very much rigged: all it took was filling out a form to create a user account you could ssh to. That is, you could remotely login to the machine, as a regular user. And that never ever happens in real life: whether you’re using your home computer on the internet or setting up a webserver, outside people don’t have a valid login and password to your computer (unless your password is easily guessed, which is the case of most people but, hey, their loss) — not to mention that your ssh daemon (i.e., the remote-login server) is unlikely to be running at all (unless you decided to enable it for some reason, in which case it’s really, really your fault if your password is too easily guessed).
Not to minimize the vulnerability that was exploited here — it does exist, and it shouldn’t. Well, unless it’s a hoax, but it’s believable enough: not so long ago, if you had an account, you could actually exploit fast user switching to record everything other users viewed or typed on the computer while you had an open session in the background. But privilege escalation is a staple of computing, it’s inevitable, it’s everywhere, and even on Unix systems it’s a race between hackers and coders (which is where OS X get its vulnerabilities — as I understand it, Apple tends to lag in implementing security patches as they are developed for its parent, BSD). That means you shouldn’t trust any stranger with an account on your machine, whichever operating system is installed.
Geez, and a few days ago I was criticizing how John Gruber was blaming the hypothetical user for opening a downloaded file without double-checking what it was. Well, there’s a difference here — in that case Windows is far from better (historically, I figure it’s been rather worse). Although OS X suffers from being based on a well-documented open-source operating system, the vulnerabilities of which are just well documented, and not being fixed as quickly as it should because Apple engineers do seem to share a bit the delusion that they’re safe no matter what. And that, as I said before, is worrisome indeed.
Some have objected to this [new] test as doing nothing more than testing the security of apache or ssh on a PowerPC architecture. That is correct. And that is how most of the world will see Mac OS X externally. […]
The ZDnet article has been updated to include the sentence, “Participants were given local client access to the target computer and invited to try their luck.” [But with no explanation of what that implies.]
iVisualize lets you create your own iTunes visualizations with Quartz Composer (or download such visualizations from the hundreds that will no doubt be available all over the web pretty soon) that use all available data from iTunes (album art, names, stats, and audio spectrum).
I haven’t quite got the time to try it out now, but if you’ve ever played with Quartz Composer you know immediately how cool this idea is; and if you haven’t, well, it’s time you began (it’s part of the XCode developer tools pack thing).
[03/13] On the other hand, they have dubious marketing practices, ostensibly comment-spamming blog posts that were already hyping them! Yeah, their website design makes much more sense, in retrospect.
The Puzzle Alarm Clock. Heh. Clever (probably too clever, but it’s just made for novelty gift stores, isn’t it?), but the alarm clock on wheels is still cuter.
Apple has fixed the Safari vulnerability and, just as I feared, didn’t solve the right issue. Oh, and they didn’t even remove the “Open ‘safe’ files after downloading” option, either. If that’s the way Apple reacts to social engineering vulnerabilities, when the first real trojans do hit OS X they’re really going to hit hard.
Now Apple sells a $349 boom-box to play your 128kpbs iTunes tracks. (Corollary: whenever they finally release a widescreen iPod, they’ll stil sell videos in 320x240 pixels.) For the price, you’d think it would include AirTunes reception (the Nintendo DS has wi-fi and touch-screens at $150). And not be ugly.
Besides, the design itself is hardly functional: sure, it works on batteries, but you can’t really use it on-the-go because of the way your iPod is exposed (to theft or accident). Oh, and apparently it’s too heavy for carrying anyway.
I love that Apple would release a so-called “audiophile-quality” speaker system when they sell 128kbps songs and they’re consistently criticized for the quality of the iPod’s included headphones, or lack thereof. Of course, strategy-wise, the iPod Hi-Fi (and the leather sleeve, along with last keynote’s FM adapter) is a dubious move: much of the iPod’s appeal is based on the huge accessories market, which Apple shouldn’t want to scare away — but that never prevented them from stealing independent software developers’ thunder one after another, either, so there’s nothing surprising here.
I know an audophile, far away in a foreign country, and I’d be curious to know what he thinks of this thing. And don’t you think the packaging is cuter than the object itself? You’d want to play it inside the box, if the iPod didn’t have to stick out.
And the Mac mini is has an update, pretty unimpressive — unlike its price boost. I don’t know how expensive the G4 mini could get, but you can now reach $1,320 with a reasonably maxed-out setup (2GB RAM, 120GB hard drive and a wireless keyboard and mouse, nothing out of the ordinary). I’m sure Steve has been all this time thinking that thing was too cheap and it was unacceptable and demeaning, and he seized the opportunity to fix that.
So the Core Duo mini can now theoritically smoke my iMac (for $400 more than I bought my own refurbished mini) but it can’t, actually, in a default configuration, because it’s still a 512 MB setup (for the price!) and its on-board Intel video controller now gobbles up a good share of it. Even though the new design now uses two RAM slots instead of one (how did they manage to free up room inside? is it going to be even more awkward to open up than it was, or did they manage to fix that?), which means starting off at 1GB should be that much more affordable than it was before.
The most interesting announcement of the day, and that’s for lack of competition, must have been Front Row with Bonjour (i.e., accessing another computer’s iTunes and iPhoto libraries from the TV-connected mini, finally Front Row’s quite limited potential as a home entertainment system). But we old-timers are still not allowed in.
Leander Kahney seems to be thrilled by the Nintendo DS-inspired MacTablet mockups submitted by Engadget readers — regretting that “
using two screens would drive up the cost of a consumer-level laptop beyond a point where Apple would feel comfortable releasing it”. Yeah, sure, that would stop Jobs. That, as opposed to just the fact that you can’t spend your time typing at a touch-screen’s virtual keyboard if you want it to last more than a month. Or the fact that having only one touch-enabled display out of two means… you can’t move the mouse cursor on the upper screen.
Steve’s Outfit. Heh. Thanks, but no thanks.
When has FileRun been postponed? It was supposed to be released on Feb. 27th. (No, it doesn’t really look like I’ll love it — for the same reasons I don’t like Path Finder — but I’m always curious, and would love to find a decent Finder replacement, even if imperfect.)