Skip to content

Safari 5.0 and Safari 4.1 patches

About the security content of Safari 5.0 and Safari 4.1.

Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it’s quite extensive)

The things patched in this update are below:

  • ColorSync (Windows versions only)
  • Phishing
  • Handling of PDF files
  • Arbitrary code execution (Windows only)
  • Webkit (tons of updates here including the infamous wushi exploits from team509, also lots of mentions of Chris Evans and Mark Dowd.  Nice work guys.)

Check the full list at the above URL for complete details.

View Comments

Categories: Google, apple, browser, security, software, updates.

By Joel
June 8, 2010 at 20:26

Safari 5. A smackdown to Google?

Safari 5, released yesterday from Apple, introduced many new things (also patched a bunch of Security vulnerabilities as well, I’ll touch on those in a second).  One of the things introduced could be interpreted as a smackdown to Google.

I’ll make another list:

1)  Faster Javascript Engine

Safari uses a Javascript Engine named “Nitro”.  Apple claims that it runs 30% faster than Safari 4, 3% faster than Chrome, and over 2x as fast as Firefox.  I don’t know what the degree for error is in those percentage numbers, but that 3% sounds mighty close to me.

2) DNS Prefetching and improved caching

DNS Prefetching works like this.. when you go to a webpage, or you search for something, Safari uses DNS prefetching to look up all the URL’s that are found through hyperlinks on a given webpage. I think Chrome has been doing this for awhile, and I know Firefox has been doing it for years, so it’s good to Safari doing this as well.  Every little bit helps when it comes to the web I guess.

3) Bing

Apple added the Bing search engine in addition to Google and Yahoo! that were already in the browser.  I’ve only used Bing a couple times when it first came out, thought it was inferior and stuck with Google.  However, since it’s a choice now in the search bar of the Safari Browser (I switch back and forth between Safari and Google Chrome) I’ll give Bing a shot.  We’ll see.

4) Safari Extensions

Apple has had extensibility in Safari for a couple versions now, so it seems the only thing that is new about it is that they are pushing it hard now.  Already there are a bunch of extensions coming out, so we’ll see how far this goes.

5) Smarter Address Field

Sure.  Not really a big deal, but it does better suggestions using your history than it used to.

6) Location Services

It’s been in Chrome for awhile now, so glad to see it’s in Safari finally, but the browser can now be aware of your location.  For a good example of how this works, go to http://maps.google.com with either Safari or Chrome, and hit this button (the blue one):

That’s the location button, the browser should use CoreLocation and be able to find you.

7) Better Html5 support

Hooray.  But every browser should be doing this.

8) Full-screen view and Closed Captions for html5 video

Good. Also glad when computers can help out in Assistive ways (like Closed Captioning)

9) and Finally, Safari Reader

This is the thing I think is the smackdown to Google.  Reader is kinda like a “cleanup” for webpages.  Kinda like Readability is, I blogged about that awhile back as well.  So, let me give you an example, I’ll just browse to TUAW.com right quick:

Ad, Ad, Ad, header, links, annoying, annoying…

Now, in the url bar you’ll see a button that says “Reader”:

When you hit that button, everything is stripped away from the page, and you only get the article:

Nice.  Very nice.  Then, if you mouse over it, you get these options:

Zoom, (and it remembers how big you want your text too!), Email (just the “Reader”-ized version of the webpage), Print, and close.

Why do I say this screws Google?  How does Google make money?  Ads.

This removes Ads.

View Comments

Categories: apple, browser.

By Joel
June 8, 2010 at 20:13

iPhone 4

Yesterday Steve Jobs got up on stage and announced the new iPhone, iPhone 4.  It has a list of slick features, I’ll write a couple, then an opinion or two about each.

1. FaceTime

Facetime is a new feature to the iPhone family.  It’s basically, Video Calling.  Using the front or the back camera of the iPhone you can make a Video call with one another.  Right now FaceTime is limited to Wifi only, and Apple is going to work with the cell carriers to get their networks up to speed to allow FaceTime on 3G calling.

Opinion:  I think is a really neat innovation.  I can see a lot of use for this, however…  I have a feeling that no one will use it, it will be a pain in the ass for it to work, and it’ll get bad press.  I am sure there will be ports to open on the firewall for it to work, and it won’t work for $REASON.  I guess we’ll find out, but overall I think this is really neat and I’d love to use it with my family, especially after my new baby is born.  It’s also going to be an “Open Standard”, so hopefully lots of people build this into their phones/apps.  iChat probably won’t get it until 1o.7, and the iPad won’t get a camera until Round 2.

2. Retina Display

The Retina Display is a higher resolution screen 960×640 at 326 dpi.  It seals the front glass to the LCD by lamination (I believe that’s how it works) so it eliminates the “Depth” in between the front glass and the icons.

Opinion:  Cool.  Love me some higher resolution.  Not much bad you can say about that.

3. Multitasking

The iPhone 4 has Multitasking through the use of services (instead of full apps running in the background).

Opinion:  Cool.  About time.  I’ve been really, really content with using one app at a time, EXCEPT when I am using something like Instant Messenger, or where I need to go back and forth really quickly between apps, and the app I need to switch back and forth to doesn’t remember where I was at the last time I used the app.  Really annoying.  So glad this is getting fixed.  I’ve occasionally wanted multitasking on the iPhone, but I’ve wanted it more on my iPad.

4. HD Video Recording

You can now record HD (720p) video on the iPhone with it’s new 5 Megapixel camera, put it into iMovie (a new app for the iPhone) make your own home movies and send them out on the internet.

Opinion:  Good.  I’ve been very content with the camera that is in my iPhone 3GS, so a better camera is always welcome, however, I know once you record video on the 3GS and try and MMS it to someone, it can be annoying as shit waiting for the upload to take place.  I know uploading a video from the iPhone 4 to Youtube, unless some magic happens, especially on the processor side..  sending a 720p video somewhere is going to be awful and take forever.

5. Mail

Unified inbox, email threading, and multiple Exchange accounts

Opinion:  About time.  I’ve been just fine the way it has been, however, I’m glad they are making it better.  The unified inbox especially.

6. Folders

The ability to group your apps together in a single button.

Opinion:  Useful.  I’ll definitely use it to group things like games and Productivity apps together.  I’ve tried not to put too many apps on my phone.  But I’ve met some people that have pages upon pages of apps and this will be good for them.

7. iBooks

The ability to read your iBooks that you’ve purchased for your iPad up until now, on your iPhone.  Also includes a PDF reader (also coming to the iPad).

Opinion:  Okay.  I think reading a book on that small of a screen will be difficult, but we’ll see.  I really like reading on my iPad, but it’s big.  I also like the fact that PDFs can now be in a native app.

8. Stainless Steel case design

It doubles as the antenna for the phone and it gives it rigid stability.

Opinion:  Great.  Especially if it reduces the amount of calls I drop.  Looking at you AT&T.

9. Glass front and back

It has black (or white) Glass on the front and back of the phone as faces.

Opinion:  Am I going to scratch the shit out of this thing?  My iPhone glass hasn’t scratched yet, so I feel okay I guess.  Whereas the plastic black of my iPhone 3GS is scratch city.

10. Extra Microphone for Noise Cancellation

There is now a Microphone on the top of the phone to listen to ambient noise and cancel it out.

Opinion:  If it’s as good as the Jawbone, AWESOME.

Things that are missing still:

  • The ability to open a .ics file (Calendar invite) in Mail and add it to your calendar.  I mean, seriously?  It’s not clear if iOS 4 will allow this, but we’ll see.
  • Note syncing OTA.  Really?  I still have to plug in my iPhone to my laptop to sync notes?  No thanks, I’ll use Evernote.
  • The ability for the “place” in a movie or song to auto-sync back to your actual library, through MobileMe, and down to other devices.  That way when I put down my laptop and pick up my iPad to watch the same movie, it’s at the same place.

View Comments

Categories: apple, iPad, iPhone, osx, rants.

By Joel
June 8, 2010 at 18:16

Burnout videos of 2010 All-Ford Nationals at Carlisle, PA

Here are some videos that I shot this past weekend of the Burnout contest in Carlisle, PA.  These are kinda loud, so mind your speakers.

Enjoy:

This lady was 63 years old, she went the whole 3 minutes and smoked the tires!

This was a Starsky and Hutch replica 1975 Gran Torino, complete with sirens, flashing lights, and flashing headlights.  This was a great car:

This one was great, a piece of the rubber flew up and hit me in the arm (that’s why the camera moves suddenly when the tire shreds).  Yes, it was hot.

This car was named “Uncle Buck”, both of his tires shredded at the same time:

View Comments

Categories: car, funny.

By Joel
June 7, 2010 at 20:33

Single Threaded Data Processing Pipelines and the Intel Architecture

VRT: Single Threaded Data Processing Pipelines and the Intel Architecture.

I wanted to bring this post to the attention of my blog readers as well, just in case my readers are also not subscribers to the VRT blog.

Marty Roesch (Sourcefire’s benevolent dictator/CTO) guest-blogged on the VRT blog about Snort, multi-threading, Intel architectures, hyperthreading, and cores.  It’s a really great post about why

Multithreading isn’t all it’s cracked up to be, and is only useful when used correctly.  Just because you “Multithread” everything, doesn’t mean it’ll run faster.  That’s a common misconception that Marty is trying to debunk here, and I encourage a read of his article.  Snort is an extremely well performing piece of software and we get a lot of questions about why we aren’t pushing “Snort 3.0″ harder (as it has multithreading)

Hopefully this post answers some of that.

View Comments

Categories: Snort, Sourcefire, VRT, blogs.

By Joel
June 7, 2010 at 20:25

Pictures from the 2010 Carlisle All-Ford Nationals

Here are some pictures I took at the 2010 Carlisle All-Ford Nationals this weekend up in Carlisle, PA.

I didn’t take as many pictures as I should have/wanted, but there were so many cars there it just became overwhelming to try and remember them all.  I annotated each of the photos in the gallery, so for the full caption, just click on the individual photo to make it bigger.

http://gallery.me.com/joel.esler/100207

View Comments

Categories: pictures.

By Joel
June 7, 2010 at 08:24

Pictures by a 3 year old

We occasionally let my daughter have one of our cameras so she can take pictures (which she apparently loves to do).  Here are a few of her shots.

http://gallery.me.com/joel.esler/100199

Yes, I know this is just a link to MobileMe, but that’s where I am putting my pictures.

View Comments

Categories: funny, pictures.

By Joel
June 7, 2010 at 07:25

ATM Skimmers: Separating Cruft from Craft

Below is a link to a good article by Brian Krebs (Former reporter for the Washington Post on security) about ATM Skimmers.  I know when I go to an ATM I give the card reader a good yank and fiddle around with it a minute to make sure there isn’t anything stuck on there.

Recently my wife’s card was used for some fraudulent transactions, and while we still don’t know (investigation is underway) how people got the card, the bank did catch the fraud.

You have to be careful out there, even in my small town recently, the local gas station had skimmers installed, which were promptly removed — but still, you have to be aware of the threat out there.

ATM Skimmers: Separating Cruft from Craft — Krebs on Security.

(Sorry about posting links to other articles recently, I am just trying to keep all my links in one place instead of spreading it across the Internet on a bunch of social media applications.  I figure if I just post everything here, it propagates out.)

View Comments

Categories: security.

By Joel
June 3, 2010 at 09:41

Google ditches Windows on security concerns

Trying not to bash Windows here, as I personally think that Windows 7 is a much better operating system than it’s predecessors.  However, I think this is interesting.  I’ve seen this happen at several companies lately.  While Google has been very Mac centric for awhile now, according to friends I have in the company, a conscience effort to move everyone off the platform in such a big company is an interesting effort.

FT.com / Technology – Google ditches Windows on security concerns.

View Comments

Categories: Google, Microsoft, apple, hacking, windows.

By Joel
June 1, 2010 at 06:44

Stop the lies! The day that Microsoft saved Apple

Stop the lies! The day that Microsoft saved Apple | ZDNet.

An interesting article from ZDNet about the days when Microsoft bought 150M of non-voting stock shares and committed to producing MS Office for the next 5 years. A lot of people claim that Apple would have died if not for MS saving Apple back then. That may be partially true, but only because MSFT had to pay them a considerably large amount of cash for the patents.

Check out the article above.

View Comments

Categories: analysis, apple.

By Joel
May 31, 2010 at 06:27