Android isn't free.
Apparently Google has found that out that a free OS isn't free. It's going to cost you legal fees. Being sued by everyone under the sun, Google has found itself in a sticky predicament, and has to defend itself with patents. However, Apple still holds the patent on multitouch, so we'll have to see how that all works out.
So they bought Motorola Mobility. yes. That division of Motorola that almost shut down and is nearly bankrupt -- and they paid 12.5B for it. Srsly.
Even Balmer says Android isn't free. Awhile ago. http://tech.fortune.cnn.com/2010/05/21/steve-ballmers-claim-android-isnt-really-free/
Unless you are the end user, when you can download and compile Android "for free" for use on your phone.
Should be interesting.
Please leave comments below.
Showing posts with label Google. Show all posts
Showing posts with label Google. Show all posts
Wednesday, August 17
Wednesday, January 12
H.264 is being dropped from Chrome
Chromium Blog: HTML Video Codec Support in Chrome.
Key sentence from above article:
"Though H.264 plays an important role in video, as our goal is to enable open innovation, support for the codec will be removed and our resources directed towards completely open codec technologies."
Key comment from Slashdot on above article:
"This serves two strategic purposes for Google. First, it advances a codec that’s de facto controlled by Google at the expense of a codec that is a legitimate open standard controlled by a multi-vendor governance process managed by reputable international standards bodies. (“Open source” != “open standard”.) And second, it will slow the transition to HTML5 and away from Flash by creating more confusion about which codec to use for HTML5 video, which benefits Google by hurting Apple (since Apple doesn’t want to support Flash), but also sucks for users."
Google, just when I started to like you again. I turned away from you for about a year and a half because you pissed me off with the Buzz thing. Now you go and do this.
Key sentence from above article:
"Though H.264 plays an important role in video, as our goal is to enable open innovation, support for the codec will be removed and our resources directed towards completely open codec technologies."
Key comment from Slashdot on above article:
"This serves two strategic purposes for Google. First, it advances a codec that’s de facto controlled by Google at the expense of a codec that is a legitimate open standard controlled by a multi-vendor governance process managed by reputable international standards bodies. (“Open source” != “open standard”.) And second, it will slow the transition to HTML5 and away from Flash by creating more confusion about which codec to use for HTML5 video, which benefits Google by hurting Apple (since Apple doesn’t want to support Flash), but also sucks for users."
Google, just when I started to like you again. I turned away from you for about a year and a half because you pissed me off with the Buzz thing. Now you go and do this.
One step forward, two steps back.
Tuesday, November 2
Archiving Emails in Mail.app, there's an app for that.
If you are using Mail.app on OSX, this post is for you.
It's been well known to people that read my blog that I am an Inbox-Zero ninja, and generally pride myself on my ability to get through vast amounts of email quickly because of the system that I have refined over the past several years of experimenting.
One of the things about Inbox Zero is the ability to quickly move an email out of your "Inbox" and into another folder. If you sort your emails that come into your Inbox by topic or subject or whatever, different folders may do good things for you. For instance I have a folder where all Snort related email goes. The three Snort mailing lists go straight to my inbox where I read most of them and then file them away using a keyboard shortcut. Other Snort related mailing lists just go straight to this box, leaving me with only the important ones in my inbox.
Most listserver traffic of the 40 or so listservers that I belong to go straight to a "listserver" folder, where I can deal with it later. You get my point.
But everything that I don't filter, is in my inbox, which usually nets me about 200~ emails a day that I need to deal with. When I read an email I have possible outcomes.
Duh. I don't do enough of this.
This is the meat of the post, and kind of the point of writing this article. I am a firm believer in leaving your hands on the keyboard if possible. Learning the keyboard shortcuts in your favorite app will not only save time, but it also keeps your hands where you need to be doing work. On the keyboard (instead of continually reaching for your mouse). There are keyboard shortcuts for almost anything in OSX, and if you can't find it, or the menu command doesn't have a keyboard shortcut, you can make a keyboard shortcut to do what you want in Snow Leopard. Heck, there are keyboard shortcuts in Gmail (learn em!)
Now, how do you do this in Mail.app, well there is a little app called "Archive" that will allow you to do this.
Archive. Archive allows you to do exactly that. Archive the email that you are presently on. It creates a folder in your email accounts named "Archive", and when you mash the shortcut in your inbox, it puts the email that you have lighted in the appropriate Archive folder. Simple, clean, done.
There is also Mail Act-On, which I've talked about before here, is a nice little app if you need to do more advanced things than Archive, but for 99% of you, check out Archive, it does what you need.
If I think it'll take less than 2 minutes to respond to the email that I am currently reading, I'll bang out a response. I try to not bang out a "quick" response "just to keep the ball moving" as Kevin Rose says. I try to write out a through response. My point in doing this is to eliminate further email by providing any answers I can, by asking the appropriate question so that the response to my email is full of exactly what I need it to be, and so that people don't waste more time by me not wasting theirs with a "short terse banged-out email".
Otherwise known as the "Forward" button. I get a ton of email, not all appropriate for me to handle, some need to go to our web team, some need to go to our research team, but it comes to me, because I "handle" the email, as opposed to ignore it. I don't mind being the conduit to which people communicate, at least I know things are getting done, and I have a pulse on what is going on.
If the email contains an action that I need to perform, but I can't do it right now, I have a keyboard shortcut that allows me to highlight a section of text, mash a keyboard shortcut, and Omnifocus will grab the hightlight-ed input that I selected and makes a Todo out of it, along with a link in Omnifocus back to the email that generated it. (This is called "Clipping" for you Omnifocus nerds, get ON IT.) I quickly set a context (email) and a due date. Then I go onto the next email. Everyday, I get to the bottom of the "Todo"s that are due that day, and that includes the thoughtful emails.
Matter of fact, writing this post about "Archive" was a Todo.
Let me go mark it done.
BTW -- Inbox Zero comes from Merlin Mann. I'm not stealing his work. It's insightful. He rocks. MerlinMann.com and InboxZero.com
It's been well known to people that read my blog that I am an Inbox-Zero ninja, and generally pride myself on my ability to get through vast amounts of email quickly because of the system that I have refined over the past several years of experimenting.
Techniques in Archiving
One of the things about Inbox Zero is the ability to quickly move an email out of your "Inbox" and into another folder. If you sort your emails that come into your Inbox by topic or subject or whatever, different folders may do good things for you. For instance I have a folder where all Snort related email goes. The three Snort mailing lists go straight to my inbox where I read most of them and then file them away using a keyboard shortcut. Other Snort related mailing lists just go straight to this box, leaving me with only the important ones in my inbox.
Most listserver traffic of the 40 or so listservers that I belong to go straight to a "listserver" folder, where I can deal with it later. You get my point.
But everything that I don't filter, is in my inbox, which usually nets me about 200~ emails a day that I need to deal with. When I read an email I have possible outcomes.
- Delete it
- Archive it (if I need it later)
- Respond to it (if it takes shorter than 2 minutes to accomplish this task)
- Delegate it (if I am not the appropriate person to deal with "x" email)
- Make a todo to deal with it later.
Delete it
Duh. I don't do enough of this.
Archive it.
This is the meat of the post, and kind of the point of writing this article. I am a firm believer in leaving your hands on the keyboard if possible. Learning the keyboard shortcuts in your favorite app will not only save time, but it also keeps your hands where you need to be doing work. On the keyboard (instead of continually reaching for your mouse). There are keyboard shortcuts for almost anything in OSX, and if you can't find it, or the menu command doesn't have a keyboard shortcut, you can make a keyboard shortcut to do what you want in Snow Leopard. Heck, there are keyboard shortcuts in Gmail (learn em!)
Now, how do you do this in Mail.app, well there is a little app called "Archive" that will allow you to do this.
Archive. Archive allows you to do exactly that. Archive the email that you are presently on. It creates a folder in your email accounts named "Archive", and when you mash the shortcut in your inbox, it puts the email that you have lighted in the appropriate Archive folder. Simple, clean, done.
There is also Mail Act-On, which I've talked about before here, is a nice little app if you need to do more advanced things than Archive, but for 99% of you, check out Archive, it does what you need.
Respond to it
If I think it'll take less than 2 minutes to respond to the email that I am currently reading, I'll bang out a response. I try to not bang out a "quick" response "just to keep the ball moving" as Kevin Rose says. I try to write out a through response. My point in doing this is to eliminate further email by providing any answers I can, by asking the appropriate question so that the response to my email is full of exactly what I need it to be, and so that people don't waste more time by me not wasting theirs with a "short terse banged-out email".
Delegate It.
Otherwise known as the "Forward" button. I get a ton of email, not all appropriate for me to handle, some need to go to our web team, some need to go to our research team, but it comes to me, because I "handle" the email, as opposed to ignore it. I don't mind being the conduit to which people communicate, at least I know things are getting done, and I have a pulse on what is going on.
Todo It.
If the email contains an action that I need to perform, but I can't do it right now, I have a keyboard shortcut that allows me to highlight a section of text, mash a keyboard shortcut, and Omnifocus will grab the hightlight-ed input that I selected and makes a Todo out of it, along with a link in Omnifocus back to the email that generated it. (This is called "Clipping" for you Omnifocus nerds, get ON IT.) I quickly set a context (email) and a due date. Then I go onto the next email. Everyday, I get to the bottom of the "Todo"s that are due that day, and that includes the thoughtful emails.
Matter of fact, writing this post about "Archive" was a Todo.
Let me go mark it done.
BTW -- Inbox Zero comes from Merlin Mann. I'm not stealing his work. It's insightful. He rocks. MerlinMann.com and InboxZero.com
Thursday, August 5
Google Wave, it's dead. So sad.
In case you haven't heard.
So, on Google's "Official" Blog (which one guys? You have so many!) they announced yesterday that they are pulling the plug on Google Wave.
So sad.
I think Wave had some really good potential, but I'll say it here, as I have said it since the beginning, Wave would have never caught on unless it replaced something else. Wave was pretty neat, it was like a Wiki, Google Docs, Gmail, Gtalk, and god-knows-what-else all rolled into one. It worked, it worked pretty well. But it didn't replace anything for anyone. It was a "and also" technology.
Let's Hope
Google rolls some of the technology they developed for Wave into the rest of their products. For instance, simultaneous typing. That could be useful in Gmail and Gtalk.
I think the collaboration-on-documents idea was great. That would be most useful in a corporate setting. I would have loved to use it at Sourcefire.
Design
Some of their design ideas were great.
Look at the navigation window over here on the right. Look at the shading around the box, Look at the title bar (how it can be collapsed). Look at the "+" button. It all looks very nice. It has icons, it has lots of html5 being used to shade and render it. The drop shadow, the links. Every box on Google Wave seemed to be more carefully thought out and precise. The GUI was a wonderful idea and one couldn't very well argue with that. The scroll bar (not pictured here) was nice to use. Every pane was separated into it's own individual boxes. You could tell there was a difference in between all of them. Take a look at this post over at lifehacker.org: http://lifehacker.com/5400644/google-wave-look-and-feel-coming-to-gmail-other-google-apps. I don't where they got that screenshot, but that's the way that Gmail should look! Look at the boxes, the drop shadows, the shading. The whole look and feel reeks less of a "Web App" and more of a Desktop app. It has polish. It has great design. If you take a look at a screenshot of Gmail, from my own inbox, you will see what I am talking about. Look at the panes here. Look at the navigation windows. This is not good GUI design in a web app, functional? Yes. Good looking and easier to navigate? No.
If Gmail wants to act like they are a desktop email replacement tool, they need to stop looking like "Mutt" and start looking like Wave.In a way, I'm kind of sad to see Wave go. There was a lot of really great ideas there. I enjoyed using it.
However, I can totally see how it didn't work for some people. It was confusing. People didn't understand how it was different from anything else they used. As I said, it didn't replace anything they already had, it didn't have a "need". When the iPhone was invented people immediately saw the "need" for it. A phone that is brilliantly easy to use. It also replaced things. It replaced their phone, it replaced their blackberry. It was simple.
Wave wasn't simple. It didn't replace anything, and that is why it failed. People don't need another email system. In fact, they need less.
Wednesday, July 28
Safari 5.0.1 Posted this morning
Back in June I wrote a post on a problem with Safari 5 creating a black background around certain objects when moved from one application to another. For instance, when you attempt to use the "Mail this PDF" function from Preview. Well, this morning Apple released version 5.0.1 of Safari. This fixes the issue I described here, along with many others. As posted on Apple's website here, the following are fixes:
Safari 5.0.1 also packs in a bunch of security updates. Of course Blackhat and Defcon are this week, so that may have something to do with this update being released.
Safari
Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server
Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds.
Credit to Billy Rios of the Google Security Team for reporting this
issue.
Safari
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari : Preferences : AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be checked. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected.
Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
(Nice work Jeremiah!)
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus.
Credit to Tony Chang of Google, Inc. for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit to wushi of team509 for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit: Apple.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A reentrancy issue exists in WebKit's handling of just- in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices.
Credit to Natalie Silvanovich for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions.
Credit to Peter Varga of University of Szeged for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents.
Credit to Aki Helin of OUSPG for reporting this issue.
Safari 5.0.1 and Safari 4.1.1 address the same set of security issues. Safari 5.0.1 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.1 is provided for Mac OS X v10.4 systems
The thing to remember with the above vulnerabilities is that things that are labeled "Webkit", affect more than just Safari. They could possibly affect anything using the Webkit framework. Chrome included.
- More accurate Top Hit results in the Address Field
- More accurate timing for CSS animations
- Better stability when using the Safari Reader keyboard shortcut
- Better stability when scrolling through MobileMe Mail
- Fixes display of multipage articles from www.rollingstone.com in Safari Reader
- Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems
- Fixes an issue that prevented Safari from launching on Leopard systems with network home directories
- Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image
- Fixes an issue that could cause Flash content to overlap with other content on www.facebook.com, www.crateandbarrel.com, and other sites when using Flash 10.1
- Fixes an issue that prevented boarding passes from www.aa.com from printing correctly
- Fixes an issue that could cause DNS prefetching requests to overburden certain routers
- Fixes an issue that could cause VoiceOver to misidentify elements of webpages
Safari 5.0.1 also packs in a bunch of security updates. Of course Blackhat and Defcon are this week, so that may have something to do with this update being released.
Safari
Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server
Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds.
Credit to Billy Rios of the Google Security Team for reporting this
issue.
Safari
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari : Preferences : AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be checked. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected.
Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
(Nice work Jeremiah!)
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus.
Credit to Tony Chang of Google, Inc. for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit to wushi of team509 for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit: Apple.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A reentrancy issue exists in WebKit's handling of just- in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.
Credit? Apple Internal?
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices.
Credit to Natalie Silvanovich for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions.
Credit to Peter Varga of University of Szeged for reporting this issue.
WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents.
Credit to Aki Helin of OUSPG for reporting this issue.
Safari 5.0.1 and Safari 4.1.1 address the same set of security issues. Safari 5.0.1 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.1 is provided for Mac OS X v10.4 systems
The thing to remember with the above vulnerabilities is that things that are labeled "Webkit", affect more than just Safari. They could possibly affect anything using the Webkit framework. Chrome included.
Tuesday, June 8
Safari 5.0 and Safari 4.1 patches
About the security content of Safari 5.0 and Safari 4.1.
Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it's quite extensive)
The things patched in this update are below:
Check the full list at the above URL for complete details.
Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it's quite extensive)
The things patched in this update are below:
- ColorSync (Windows versions only)
- Phishing
- Handling of PDF files
- Arbitrary code execution (Windows only)
- Webkit (tons of updates here including the infamous wushi exploits from team509, also lots of mentions of Chris Evans and Mark Dowd. Nice work guys.)
Check the full list at the above URL for complete details.
Tuesday, June 1
Google ditches Windows on security concerns
Trying not to bash Windows here, as I personally think that Windows 7 is a much better operating system than it's predecessors. However, I think this is interesting. I've seen this happen at several companies lately. While Google has been very Mac centric for awhile now, according to friends I have in the company, a conscience effort to move everyone off the platform in such a big company is an interesting effort.
FT.com / Technology - Google ditches Windows on security concerns.
FT.com / Technology - Google ditches Windows on security concerns.
Wednesday, May 5
Chromes Unconventional Speed Tests Are Incredible, oh, and fake.
Chromes Unconventional Speed Tests Are Incredible - googlechrome - Gizmodo.
Okay, so here's Google's Chrome browser being speed tested against a potato gun, lightning, and...well... Paint sitting in a speaker (I guess that's supposed to be fast). It's an incredible commercial, I love the imagery. Oh, and as I posted earlier today Chrome beta 5 is fast as heck.
However the commercial is a lie. Maybe not all of it, but the loading of the pages is certainly bullshit.
Watch the commercial, watch it fullscreen, go ahead, I'll wait here.
Watch it! NOW.
The two url's that you can plainly see are not being loaded live. They are being loaded off of /Users/Kevin/Desktop....
Okay, so maybe it's not Kevin, but it's certainly a local load. I went to allrecepies.com with chrome earlier today, and it did load really really fast. But the test is done off of local cache.
If you are going to go to such elaborate "tests", use the real webpage. Not the local cache of one.
Like I said, love the commercial, browser is great, but come on..
Okay, so here's Google's Chrome browser being speed tested against a potato gun, lightning, and...well... Paint sitting in a speaker (I guess that's supposed to be fast). It's an incredible commercial, I love the imagery. Oh, and as I posted earlier today Chrome beta 5 is fast as heck.
However the commercial is a lie. Maybe not all of it, but the loading of the pages is certainly bullshit.
Watch the commercial, watch it fullscreen, go ahead, I'll wait here.
Watch it! NOW.
The two url's that you can plainly see are not being loaded live. They are being loaded off of /Users/Kevin/Desktop....
Okay, so maybe it's not Kevin, but it's certainly a local load. I went to allrecepies.com with chrome earlier today, and it did load really really fast. But the test is done off of local cache.
If you are going to go to such elaborate "tests", use the real webpage. Not the local cache of one.
Like I said, love the commercial, browser is great, but come on..
Chrome 5 is freaking fast.
I've been using Chrome since it came out for the Mac awhile back, off and on, and staying current with the beta builds. However, this build that came out yesterday is AMAZING.
Chrome 5, as a result of some "tuning" they have been doing with the Chrome rendering and javascript engines is noticeably faster. There are some lovely bar graphs on Google's blog here. But, stupid graphs aside, I've noticed a difference this morning when loading my regular webpages (my gmail page, my gmail calendar, my me.com account, etc.) Anything that can load the whole me.com interface in about 2 seconds is a freaking fast browser.
Nice job on this one Google.
To the readers: If you have the ability to check it out, do so. It's pretty impressive.
Chrome 5, as a result of some "tuning" they have been doing with the Chrome rendering and javascript engines is noticeably faster. There are some lovely bar graphs on Google's blog here. But, stupid graphs aside, I've noticed a difference this morning when loading my regular webpages (my gmail page, my gmail calendar, my me.com account, etc.) Anything that can load the whole me.com interface in about 2 seconds is a freaking fast browser.
Nice job on this one Google.
To the readers: If you have the ability to check it out, do so. It's pretty impressive.
Tuesday, May 4
Internet Explorer web browser use drops below 60%
Now remember, that these aren't specifically browsers, these are representations of rendering engines. IE's rendering engine is called Trident, Firefox's is called Gecko, etc. So it's interesting that IE is falling, yes it's still built into every Windows Machine, but the alternative browsers are gaining market in there as well. Look at Firefox, it's up a bit, but the one that is the biggest uptick is Webkit. Webkit is the rendering engine behind Safari (Mac's browser), Chrome (Google's browser), Android's browser, the iPhone browser, and the iPad browser.
Now, I don't know if they counted mobile browsers in this mix (iPhone, iPod, and iPad) but it's an interesting graph none-the-less.
AppleInsider | Internet Explorer web browser use drops below 60%.
Thursday, April 22
Google Code Blog: HTML5 + Quake II
Google Code Blog: HTML5 + Quake II.
This is why Flash is on it's way out.
httpv://www.youtube.com/watch?v=XhMN0wlITLk
As a friend of mine said: "One little division of Adobe is working on Flash, the whole freaking internet is working on html5"
Fantastic.
This is why Flash is on it's way out.
httpv://www.youtube.com/watch?v=XhMN0wlITLk
As a friend of mine said: "One little division of Adobe is working on Flash, the whole freaking internet is working on html5"
Fantastic.
Friday, April 2
Google services on the iPad and tablet computers
Google today rolled out their new version of the Gmail web interface specifically for the iPad. Looks pretty nice.
Official Google Mobile Blog: Google services on the iPad and tablet computers.
Nice side by side pane view, similar to the native iPad Mail app.
Read the post below:
Official Google Mobile Blog: Google services on the iPad and tablet computers.
Thursday, April 1
OAuth access to IMAP/SMTP in Gmail
...another entry from Google on the "Openness" aspect of their solution. They have implemented OAuth IMAP/SMTP for Gmail. So instead of you having to pass a 3rd party website your username and password credentials, you can use OAuth to be able to authorize that 3rd party website to access the information in Gmail. Nice Approach there I think.
Google Code Blog: OAuth access to IMAP/SMTP in Gmail.
Google Code Blog: OAuth access to IMAP/SMTP in Gmail.
Yale Daily News - ITS delays switch to Gmail
Many universities and businesses have switched to Gmail as an email processing, cloud based platform. I like a lot of the features of Gmail, ease of access, simple interface. But I'm not a fan of several things as well.
Yale was thinking about moving to Google Apps as a platform, and said that "everyone was so caught up in wondering how we can do it, and forgot to ask should we do it."
Interesting article.
Yale Daily News - ITS delays switch to Gmail.
Yale was thinking about moving to Google Apps as a platform, and said that "everyone was so caught up in wondering how we can do it, and forgot to ask should we do it."
Interesting article.
Yale Daily News - ITS delays switch to Gmail.
Wednesday, March 31
Fiber Economics — Dave Troy
Fiber Economics — Dave Troy: Fueled By Randomness.
Darn good article by Dave Troy, a business man out of Baltimore, MD. He explains Verizon and Comcast, the two biggest players in Internet access (in terms of "innovation"), and how Google's Fiber ambitions play into that.
Thanks @awilliams for the pointer to that one.
Darn good article by Dave Troy, a business man out of Baltimore, MD. He explains Verizon and Comcast, the two biggest players in Internet access (in terms of "innovation"), and how Google's Fiber ambitions play into that.
Thanks @awilliams for the pointer to that one.
Saturday, March 27
Day Two: No One Even Attempts Hacking Chrome at Pwn2Own Competition
Day Two: No One Even Attempts Hacking Chrome at Pwn2Own Competition - Google Chrome - Lifehacker.
Found this interesting. I didn't make it to CanSecWest this year, but several of my friends did go to this event/competition. While I did see that every other major browser was cracked on day one, (IE8, Firefox, and Safari) Chrome didn't even get tried, apparently.
While Chrome does use the Webkit (safari) engine, Chrome starts each browser tab in a separate process which is in a 'sandbox'.
On the usability side, I've been using Chrome on the Mac since they opened up the dev channel for it, and I really like it.
Found this interesting. I didn't make it to CanSecWest this year, but several of my friends did go to this event/competition. While I did see that every other major browser was cracked on day one, (IE8, Firefox, and Safari) Chrome didn't even get tried, apparently.
While Chrome does use the Webkit (safari) engine, Chrome starts each browser tab in a separate process which is in a 'sandbox'.
On the usability side, I've been using Chrome on the Mac since they opened up the dev channel for it, and I really like it.
Thursday, March 25
Detecting suspicious account activity on your Gmail
Official Gmail Blog: Detecting suspicious account activity.
I found this article interesting. Google has implemented a kind of security feature in Gmail. What it looks like, is now Google keeps track of the IPs that you log into your Gmail account from (which they have for awhile now, check this out from back in 2008) and let's you know of any very strange deviations in pattern.
The example they provide is this:
Google knows, in this example, that this person normally signs in from California in the USA, then suddenly in the middle of all the normal accesses, there is a login in Poland. Which is strange for the user, and you get this popup when you log into your gmail:
I think this is head and shoulders above what any of the other competitors are doing with their free online email solutions, and hopefully this will make strides to curbing some spam and illegal access of accounts.
No doubt that this had something to do with the illegal access of accounts from China during the whole "Google/Intel/insertothercompanieshere debacle". Glad to see Google doing things like this.
I found this article interesting. Google has implemented a kind of security feature in Gmail. What it looks like, is now Google keeps track of the IPs that you log into your Gmail account from (which they have for awhile now, check this out from back in 2008) and let's you know of any very strange deviations in pattern.
The example they provide is this:
Google knows, in this example, that this person normally signs in from California in the USA, then suddenly in the middle of all the normal accesses, there is a login in Poland. Which is strange for the user, and you get this popup when you log into your gmail:
I think this is head and shoulders above what any of the other competitors are doing with their free online email solutions, and hopefully this will make strides to curbing some spam and illegal access of accounts.
No doubt that this had something to do with the illegal access of accounts from China during the whole "Google/Intel/insertothercompanieshere debacle". Glad to see Google doing things like this.
Sunday, March 21
Inbox Zero is fail? Wrong.
Alyssa Gregory, blogger at sitepoint, clearly doesn't get it.
It = Inbox Zero, she says it can't be done.:
Merlin Mann, the de-facto creator of Inbox Zero offered a nice rebuttal, basically saying, "you clearly don't get it."
Then, Alyssa writes another post, basically saying "Uh, yeah, it still won't work."
Of course, this isn't my fight, it's Merlin's, however, as a devout follower of Inbox Zero, relying on it constantly as my day in and day out way of staying sane, I offered this rebuttal, which are basically my feelings about email. (Which I doubt she'll post, but whatever.) Here it is.
Merlin, you are still the man.
It = Inbox Zero, she says it can't be done.:
Merlin Mann, the de-facto creator of Inbox Zero offered a nice rebuttal, basically saying, "you clearly don't get it."
Then, Alyssa writes another post, basically saying "Uh, yeah, it still won't work."
Of course, this isn't my fight, it's Merlin's, however, as a devout follower of Inbox Zero, relying on it constantly as my day in and day out way of staying sane, I offered this rebuttal, which are basically my feelings about email. (Which I doubt she'll post, but whatever.) Here it is.
Merlin, you are still the man.
I believe you are still missing the point. The point in Inbox Zero is to become a “decider” and a “do-er” instead of an email processor. You receive email, you make a decision about it’s purpose, either A) Respond right now if it takes less than 2 minutes, B) If it takes longer than two minutes, Put it into a folder to reply later, C) Make a TODO to DO the thing that is in the email, and save the email, or D) Delete it.
Is the email that is sitting in my inbox right now, that I am staring at, actionable? Do I need to physically do something with the information that is front of me? Yes? Make to-do todo it, then DO it. No? Either file it, or delete it.
Follow this process until you hit ZERO emails in your inbox.
Then CLOSE your email. CLOSE it. And go DO the things that you made todo’s to, do.
Even if those todo’s involve answering the email that you put into a folder under “B", you need to DO them. Only check email about twice or three times a day, and you will be much more productive.
The point in Inbox zero is to process to ZERO, then CLOSE the inbox for the time being and GO CREATE. GO CREATE YOUR WORK BEING DONE.
Then, later, open it back up.
Thursday, February 18
Stop Google Buzz From Showing the World Your Contacts
Stop Google Buzz From Showing the World Your Contacts - google buzz - Lifehacker.
If you are a person who values their privacy and want to secure you Google Buzz contacts, I.E. Not show everyone in the world who is in your contact book, follow the directions above.
I've done this, just for good citizen's sake, as well as manually blocked some people that I don't trust. Keep on top of this stuff people! As an online community becomes more ubiquitous, the more risk you present in revealing too much.
If you are a person who values their privacy and want to secure you Google Buzz contacts, I.E. Not show everyone in the world who is in your contact book, follow the directions above.
I've done this, just for good citizen's sake, as well as manually blocked some people that I don't trust. Keep on top of this stuff people! As an online community becomes more ubiquitous, the more risk you present in revealing too much.
Tuesday, February 2
YouTube in html5, enable it now
I received this link on one of my mailing lists and thought it was the greatest thing since sliced bread. Following up on my "Flash is dead" post, you can enable Youtube.com to work in HTML5.
Go to: http://www.youtube.com/html5 and you can "opt-in". I assume it places a cookie in your browser so that every time you try and view a video, the video plays in html5 instead of flash. My browser doesn't run at 100% CPU or anything. It's awesome. Go do it now, help kill flash.
Go to: http://www.youtube.com/html5 and you can "opt-in". I assume it places a cookie in your browser so that every time you try and view a video, the video plays in html5 instead of flash. My browser doesn't run at 100% CPU or anything. It's awesome. Go do it now, help kill flash.
Subscribe to:
Posts (Atom)