Safari 5.0.1 Posted this morning

Back in June I wrote a post on a problem with Safari 5 creating a black background around certain objects when moved from one application to another.  For instance, when you attempt to use the "Mail this PDF" function from Preview.  Well, this morning Apple released version 5.0.1 of Safari.  This fixes the issue I described here, along with many others.  As posted on Apple's website here, the following are fixes:

• More accurate Top Hit results in the Address Field


• More accurate timing for CSS animations


• Better stability when using the Safari Reader keyboard shortcut


• Better stability when scrolling through MobileMe Mail


• Fixes display of multipage articles from www.rollingstone.com in Safari Reader


• Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems


• Fixes an issue that prevented Safari from launching on Leopard systems with network home directories


• Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image


• Fixes an issue that could cause Flash content to overlap with other content on www.facebook.com, www.crateandbarrel.com, and other sites when using Flash 10.1


• Fixes an issue that prevented boarding passes from www.aa.com from printing correctly


• Fixes an issue that could cause DNS prefetching requests to overburden certain routers


• Fixes an issue that could cause VoiceOver to misidentify elements of webpages

Safari 5.0.1 also packs in a bunch of security updates.  Of course Blackhat and Defcon are this week, so that may have something to do with this update being released.

Safari
Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server
Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds.
Credit to Billy Rios of the Google Security Team for reporting this
issue.

Safari
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari : Preferences : AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be checked. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected.
Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
(Nice work Jeremiah!)

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus.
Credit to Tony Chang of Google, Inc. for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit to wushi of team509 for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit: Apple.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A reentrancy issue exists in WebKit's handling of just- in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices.
Credit to Natalie Silvanovich for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions.
Credit to Peter Varga of University of Szeged for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents.
Credit to Aki Helin of OUSPG for reporting this issue.

Safari 5.0.1 and Safari 4.1.1 address the same set of security issues. Safari 5.0.1 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.1 is provided for Mac OS X v10.4 systems

The thing to remember with the above vulnerabilities is that things that are labeled "Webkit", affect more than just Safari. They could possibly affect anything using the Webkit framework. Chrome included.

Black Background in Mail.app

I've noticed that for some reason, after you install Safari 5 on OSX, if you are to do a command where it creates an email out of a file.  For instance:

Open a PDF in Preview and you want to email that to someone else, you go to File, and click "Email this PDF" (or similar)  It'll create a new email message, but the background of the mail message will be black.

I've noticed this in Omnifocus as well, if I use a shortcut key to create a "To-Do" from another application by using the "Clipping" function, the background of the "To-Do" will be black.

Well, at least in Mail there is a fix.

If you want to keep the email HTML, Command -A will select the contents of the email, Cut it (not copy it), (command x), then repaste it with Option-Shift-Command-V  (Paste and Match Style -- this is in the Edit menu).  Or...  You can change the email to Plain Text (which will get rid of the black box), Plain Text is in the Format menu.  Or Command Shift T.

Plain Text is usually better anyway.

Safari 5.0 and Safari 4.1 patches

About the security content of Safari 5.0 and Safari 4.1.

Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it's quite extensive)

The things patched in this update are below:

• ColorSync (Windows versions only)


• Phishing


• Handling of PDF files


• Arbitrary code execution (Windows only)


• Webkit (tons of updates here including the infamous wushi exploits from team509, also lots of mentions of Chris Evans and Mark Dowd.  Nice work guys.)

Check the full list at the above URL for complete details.

Safari 5. A smackdown to Google?

Safari 5, released yesterday from Apple, introduced many new things (also patched a bunch of Security vulnerabilities as well, I'll touch on those in a second).  One of the things introduced could be interpreted as a smackdown to Google.

I'll make another list:

1)  Faster Javascript Engine

Safari uses a Javascript Engine named "Nitro".  Apple claims that it runs 30% faster than Safari 4, 3% faster than Chrome, and over 2x as fast as Firefox.  I don't know what the degree for error is in those percentage numbers, but that 3% sounds mighty close to me.

2) DNS Prefetching and improved caching

DNS Prefetching works like this.. when you go to a webpage, or you search for something, Safari uses DNS prefetching to look up all the URL's that are found through hyperlinks on a given webpage. I think Chrome has been doing this for awhile, and I know Firefox has been doing it for years, so it's good to Safari doing this as well.  Every little bit helps when it comes to the web I guess.

3) Bing

Apple added the Bing search engine in addition to Google and Yahoo! that were already in the browser.  I've only used Bing a couple times when it first came out, thought it was inferior and stuck with Google.  However, since it's a choice now in the search bar of the Safari Browser (I switch back and forth between Safari and Google Chrome) I'll give Bing a shot.  We'll see.

4) Safari Extensions

Apple has had extensibility in Safari for a couple versions now, so it seems the only thing that is new about it is that they are pushing it hard now.  Already there are a bunch of extensions coming out, so we'll see how far this goes.

5) Smarter Address Field

Sure.  Not really a big deal, but it does better suggestions using your history than it used to.

6) Location Services

It's been in Chrome for awhile now, so glad to see it's in Safari finally, but the browser can now be aware of your location.  For a good example of how this works, go to http://maps.google.com with either Safari or Chrome, and hit this button (the blue one):



That's the location button, the browser should use CoreLocation and be able to find you.

7) Better Html5 support

Hooray.  But every browser should be doing this.

8) Full-screen view and Closed Captions for html5 video

Good. Also glad when computers can help out in Assistive ways (like Closed Captioning)

9) and Finally, Safari Reader

This is the thing I think is the smackdown to Google.  Reader is kinda like a "cleanup" for webpages.  Kinda like Readability is, I blogged about that awhile back as well.  So, let me give you an example, I'll just browse to TUAW.com right quick:



Ad, Ad, Ad, header, links, annoying, annoying...

Now, in the url bar you'll see a button that says "Reader":



When you hit that button, everything is stripped away from the page, and you only get the article:



Nice.  Very nice.  Then, if you mouse over it, you get these options:



Zoom, (and it remembers how big you want your text too!), Email (just the "Reader"-ized version of the webpage), Print, and close.

Why do I say this screws Google?  How does Google make money?  Ads.

This removes Ads.

Chromes Unconventional Speed Tests Are Incredible, oh, and fake.

Chromes Unconventional Speed Tests Are Incredible - googlechrome - Gizmodo.

Okay, so here's Google's Chrome browser being speed tested against a potato gun, lightning, and...well... Paint sitting in a speaker (I guess that's supposed to be fast). It's an incredible commercial, I love the imagery. Oh, and as I posted earlier today Chrome beta 5 is fast as heck.

However the commercial is a lie. Maybe not all of it, but the loading of the pages is certainly bullshit.

Watch the commercial, watch it fullscreen, go ahead, I'll wait here.

Watch it! NOW.

The two url's that you can plainly see are not being loaded live. They are being loaded off of /Users/Kevin/Desktop....

Okay, so maybe it's not Kevin, but it's certainly a local load. I went to allrecepies.com with chrome earlier today, and it did load really really fast. But the test is done off of local cache.

If you are going to go to such elaborate "tests", use the real webpage. Not the local cache of one.

Like I said, love the commercial, browser is great, but come on..

Chrome 5 is freaking fast.

I've been using Chrome since it came out for the Mac awhile back, off and on, and staying current with the beta builds.  However, this build that came out yesterday is AMAZING.

Chrome 5, as a result of some "tuning" they have been doing with the Chrome rendering and javascript engines is noticeably faster.  There are some lovely bar graphs on Google's blog here.  But, stupid graphs aside, I've noticed a difference this morning when loading my regular webpages (my gmail page, my gmail calendar, my me.com account, etc.)  Anything that can load the whole me.com interface in about 2 seconds is a freaking fast browser.

Nice job on this one Google.

To the readers:  If you have the ability to check it out, do so.  It's pretty impressive.

Internet Explorer web browser use drops below 60%

Now remember, that these aren't specifically browsers, these are representations of rendering engines.  IE's rendering engine is called Trident, Firefox's is called Gecko, etc.  So it's interesting that IE is falling, yes it's still built into every Windows Machine, but the alternative browsers are gaining market in there as well.  Look at Firefox, it's up a bit, but the one that is the biggest uptick is Webkit.  Webkit is the rendering engine behind Safari (Mac's browser), Chrome (Google's browser), Android's browser, the iPhone browser, and the iPad browser.

Now, I don't know if they counted mobile browsers in this mix (iPhone, iPod, and iPad) but it's an interesting graph none-the-less.

AppleInsider | Internet Explorer web browser use drops below 60%.

Google Code Blog: HTML5 + Quake II

Google Code Blog: HTML5 + Quake II.

This is why Flash is on it's way out.

httpv://www.youtube.com/watch?v=XhMN0wlITLk

As a friend of mine said: "One little division of Adobe is working on Flash, the whole freaking internet is working on html5"

Fantastic.

Day Two: No One Even Attempts Hacking Chrome at Pwn2Own Competition

Day Two: No One Even Attempts Hacking Chrome at Pwn2Own Competition - Google Chrome - Lifehacker.

Found this interesting.  I didn't make it to CanSecWest this year, but several of my friends did go to this event/competition.  While I did see that every other major browser was cracked on day one, (IE8, Firefox, and Safari) Chrome didn't even get  tried, apparently.

While Chrome does use the Webkit (safari) engine, Chrome starts each browser tab in a separate process which is in a 'sandbox'.

On the usability side, I've been using Chrome on the Mac since they opened up the dev channel for it, and I really like it.

WP Greet Box is back

I took away the WP Greet Box for awhile based on the fact that I didn't really have it configured optimally.  I wanted the Greet Box (which is a little pop up widget that say "Hello, welcome to the site, you can subscribe here" -- pretty much) because on several of the themes I have been partial to, had no obvious way to subscribe via RSS.  I've fixed that now with, as the blog will advertise that it has a feed in the URL bar now (for most modern browsers), also with a link over in the sidebar that points you to the feed.  But I wanted a little something, non-intrusive, that pointed to the RSS feed when you came from certain sites.  (Digg, StumbleUpon, things like that).  So it's there again, but only if you get directed from certain webpages to my site.  Which, actually, is the majority of the hits I receive.  Basically it's just an experiment.  Bear with me.

YouTube in html5, enable it now

I received this link on one of my mailing lists and thought it was the greatest thing since sliced bread.  Following up on my "Flash is dead" post, you can enable Youtube.com to work in HTML5.

Go to: http://www.youtube.com/html5 and you can "opt-in".  I assume it places a cookie in your browser so that every time you try and view a video, the video plays in html5 instead of flash.  My browser doesn't run at 100% CPU or anything.  It's awesome.  Go do it now, help kill flash.

Google to kill off IE6 support in 2010

In a big move by Google I just received an email letting me know that Google will be phasing out support for IE6 in Google Apps in 2010.

"In order to continue to improve our products and deliver more sophisticated features and performance, we are harnessing some of the latest improvements in web browser technology. This includes faster JavaScript processing and new standards like HTML5. As a result, over the course of 2010, we will be phasing out support for Microsoft Internet Explorer 6.0 ​as well as other older browsers that are not supported by their own manufacturers."

I think this is a phenominal move by a company as big as Google to say "not anymore". I wish other companies would take such a firm stance against my other pet peeves. You know, ActiveX, Flash, and Silverlight.

Flash, time for you to die

I've been reading a lot of hubbub about the new Apple iPad not having the capability of displaying Flash.  Of course!  It stands to reason that it can't, it has the same OS as the iPhone, which, also can't display Flash.  Which leads me to think, why do we need flash?

Answer is, we don't.  Not anymore.  90% of Flash usage is for audio or video on the Internet and HTML5 can handle <audio> and <video> tags.  It can do Canvas. (Oh and a TON more, I'm just illustrating a point.)  Some of the major browsers have adapted most of these technologies.  Webkit (Invented by Apple, powers Safari, Webkit, and Google Chrome [amongst others], and Presto (The rendering engine that powers Opera) have supported more than the other two majors (Gecko -- The engine that powers Firefox and all of it's kin), and Trident (The engine that powers Internet Explorer).  The last being the worst adopter.  Surprisingly.

I read somewhere (I can't find it now), about most browser crashes come from plugins.  Flash, Java, etc.  Why can't we eliminate these plugins and go with the native protocols?  That's what HTML5 is attempting to do for the most part, and I, for one, am glad for it.

Apple has always been about killing off technologies and moving onto what is on the horizon (killing off serial, going for USB, killing of Diskettes, going to CD, Killing off CD's (Macbook Air), moving more wireless (Airport), Killing off displayport, hdmi, dvi, vga, going with Mini Displayport).  They have never been afraid to just "move on" to the new thing.

I believe they said to Flash, die, HTML5 is here.  Then they turned to web developers and said "fix your stuff".  How did they do that?  Rolled out the iPhone, which has become the largest mobile browsing platform on the planet now.  Slowly and surely, what's happening?  Websites are changing away from Flash.

Unless, you know, of course, you are a band or a restaurant.  (Seriously?  What is with bands and restaurants and your use of Flash?)

I don't even need to get into the security issues of Adobe's Flash.  Look, there is one small part of Adobe working on Flash.  The entire internet is working on HTML5.

Flash (and Silverlight) is dead.  Get over it.

--

100% of the statistics in this post are made up.  ;)

One thing I forgot to mention about the iPad

People are already criticizing it because it doesn't have Flash on it (it runs the iPhone OS). I say to those people, GOOD.

Flash is, as the last year has shown us, a horrible piece of programming and it needs to die. HTML5 will kill it off for the most part, and it needs to stay dead. I don't think that Flash will be around much longer, and frankly, I'm not sad about it.

In the next few years, now that the iPhone is as big as it is, iPad will be all over the place (I think), flash will be dead, and developers will be rewriting their webpages to use things like H.264 and HTML5. There will still be things like the "Punch the monkey" banner ads that need to use flash (and various other games), but those people that develop those games, welp, looks like it may be time to move on.

Firefox 3.6rc1 is out

Mozilla has put out Firefox Release Candidate for version 3.6 of the browser, and as always, it's publicly available via their website.  Just a reminder that this is an RC, not a full version upgrade or anything, and it's essentially beta code, so your milage may vary.

http://en-us.www.mozilla.com/en-US/firefox/3.6rc1/releasenotes/

The list of bugs that go into 3.6 that are fixed are pretty significant, even several security updates.

https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:final-fixed

Which tells me that the release of 3.6 isn't far behind.

Firefox keeps up upgrading, and while it's by far the favorite browser of my blog readers, I can't help plugging Chrome, even in it's Mac Beta/Dev status, it's a great browser.  I am of the opinion that Chrome is much faster than Firefox.  Firefox still feels bloated and slow to me.

One of my favorite features is that Firefox will warn you of out of date plugins, while it did this pretty reliably to begin with, I can't help but think this is better.  This is pretty important for things, obviously, like Flash.

Go to the first link above, check out the release notes, give it a download.  See how it handles, and if you feel like it, report back here and let me know your results.  I'll stick to Chrome for now.

iPhone compatability

When I moved to the current theme, I received a couple emails telling me that the theme is hard to read on an iPhone.  So I fixed that.  If you browse to the blog on an iPhone you will now receive a completely different screen and interface, one that is very iPhone compatible, user-friendly, and still allows you to use all the features of the site (commenting, emailing, etc) as you normally would.

So here's what it will look like now when you navigate to the site on an iPhone:

You notice the drop down at the top right of the screen?  This allows you to view the site via RSS, sort by category, even Email me directly from the blog.

If you don't like how the page looks on the iPhone, you can turn this feature off by scrolling down to the bottom of the page and flicking the switch, as seen below:

This is all made possible by the WPtouch theme.  Thanks Wordpress.

Instapaper is so great

I am not sure if Instapaper has apps for anything other than the iPhone, and I kind of doubt, if that exclusivity exists, that it will last any amount of time.

Instapaper is one of those new 2.0 companies that is web/app based. They provide you a free log in to their website, which by the way, by default, had no password. Past this login you get a bookmarklet, similar to the "readbility" bookmarklet I talked about earlier, which, upon use, allows you to turn any article you are reading into a saved article of sorts.

For example, earlier today I was reading an entry on a blog, it was rather long, and I wasn't going to have time to finish reading it as I was about to head out to go to the dentist.

So, with this combination of app/website, I tapped my instapaper bookmarklet, which takes whatever you are reading, and puts it up in the "cloud". Which, provided you then have the Instapaper app on your iPhone, can sync this content down to your mobile device.

Now, whatever article I was reading, just by tapping one button, is now formatted in nice big text on my iPhone, and I can take with me.

I don't know the size limitation of the file you can put on instapaper, I don't know, for instance if you can put a whole book up there or something, but for now, while I am in the dentists waiting room, I have articles to read instead of the weeks old copies of  "Newsweek".

Why don't I use something like Google reader? Well I can, except for those websites that shorten their rss feeds to force clickthroughs. It's another couple steps, who knows how it is going to be formatted, and who knows what kind of connectivity you are going to have.

Which, also by the way, is why I removed the "shortened rss" clickthrough thing for my blog. It annoyed me, so I figured it was probably annoying you.

Google Chrome for the Mac has reached Beta

Happy to see this, because I know several friends of mine have been working on this in the background at Google, and what a good job they have been doing as well.  I have visions of these guys in dimly lit rooms sitting around keyboards, their faces awash in the white glow of XCode, furiously figuring out the bugs and features to put into the Mac version of Chrome.  Okay, enough of that visual.  (you know, keyboards surrounded by cans upon cans of Mountain Dew...)

This morning Google released the Beta version (this is as opposed to the Alpha version that I talked about here) of Google Chrome for the Mac.  (and Linux as well..)  The biggest thing that I noticed that it supported was that it imported all my bookmarks from Safari for me.  Switching to Google Chrome was like,  basically a kid waiting to be put in the big game in school.  Standing on the side lines, sometimes used, sometimes not.  Safari being my primary resource for anything web-related.  Now, with full pads on, helmet in hand, my Quarterback for surfing the information superhighway is now Google Chrome.   I've handed the playbook of imported bookmarks over to Google Chrome, and my new browser has taken the field.

It's quick, it's stable, and each tab launches in it's own process, or thread.  This is priceless, as a crash in one tab does not mean the whole browser will die.  Just that tab.  Well, that's the theory anyway.

Give it a shot.

http://www.google.com/chrome?platform=mac&hl=en

Please leave comments below.

Google Chrome for the Mac released

Kinda.

Google released a "developer preview" of Google Chrome for the Mac finally.  Actually, you've been able to get a hold of it for awhile, but the copy that you could get, from Google, was essentially the developer developer preview.  It worked, but only in some areas.  I was using that for a long while, and I was quite happy with it.  But Friday of last week, Google finally put out a version of the browser that is a bit more..  "working".

You can grab it here.  I've been using it as my default browser since Friday exclusively, and it's been operating great so far.  The features that I appreciate the most about the browser, for some reason, is the "tabs on top" (considering Chrome is essentially a hopped up version of Webkit (Apple's open sourced 'Safari' browser that they use for development)), and the fact that each tab runs in its own process.  Which means if one tab crashes, the whole tab doesn't crash.  Which I appreciate a lot.

It's super fast when conducting Javascript type applications.  Google Docs, Gmail, Gcal, etc.  I can definitely appreciate the speed when it comes to my Gmail since I have over 7 Gigs of email, the ability to search through that and have it render quickly is a major plus.

Safari was my default browser before this, and while it's also very fast, when comparing the two browsers against Firefox, Firefox, unfortunately doesn't hold a candle, as far as speed goes, on the Mac.  So if speed is your thing, try out Chrome/Safari.


Please leave comments below.

Snow Leopard is coming..

In case you've been living under a rock for the past couple days, as plastered all over Twitter and every computer related gadget site, Snow Leopard, the next release of OSX is coming out on Friday.
This release is mostly enhancements to the Leopard operating system, not really any new "features" per say (even though there are a ton), but mostly bug fixes.

However, today, there has been some news circulated around about an anti-malware solution within Snow Leopard. There have been screenshots all over Gizmodo and Engadget today with this little blurb about OSX Leopard alerting you to the presence of a new piece of malware on OSX.

Now, in the past Apple hasn't taken a proactive stance against any type of malware, running ads claiming that Macs are not prone to viruses and trojans like the Windows platform.

We all know this not to be 100% true. While Apple does have it's own share of DNS Changing trojans and things like that, they are very very few and far between, and even harder to get onto an Apple system than their PC counterparts.
Some trojans and malware requiring you to perform actions like typing in your admin password and things like that. So this "anti-malware" solution is in a new territory.
Turns out there is some details starting to emerge about this anti-malware solution, apparently right now, it's in a Preferences file called "XProtect.plist", and as of right now, it appears that it only checks for two known OSX Trojans.

In addition to that, it only checks the files if they were downloaded through iChat, Safari, Entourage, and several other applications.

Files that are on a CD, Thumbdrive, etc, are not checked against this plist file. Presumably, the things that this XProtect file checks for are all "downloaded" trojans. Attack vectors that appear over iChat, like those that have come out in the past.

I find it interesting that this is taking place. Will Apple keep this file up to date with System Update? Will they enable greater functionality within the system for this file? Scan files?
Right now OSX Server uses ClamAV to check incoming SMTP email messages arriving through the software against known malware, whose to say that Apple doesn't take this solution a step further and make it simple to use?

I can't imagine that OSX as an attack platform will stay isolated for long, but we'll see, with the new security improvements that have been made within OSX, like improved address randomization and things like that, we'll see how much of a successful attack platforms these "next gen" OSes turn out to be.