They day we’ve all been waiting for has finally arrived! No, we’re not talking about the hardware and software unlock solutions for the iPhone - although those are pretty significant milestones. We’re talking about the day that a natively installed IM chat application becomes available for the iPhone. Apollo IM gets the honor of being the first chat client that brings instant messaging to the iPhone sans the web-app inconvenience.
The Apollo IM application can be natively installed using the uber-easy-to-use Nullriver Installer and is available in a v.-1 pre-beta release. Just hit up the Nullriver iPhone Installer that you have installed on your phone (you do have it installed, right?) and find the Apollo IM application. Install it - nice and easy.
We love the fact that a native chat client has finally hit the iPhone, but we’re not excited about this pre-beta’s buggy performance. What does excite us, however, is the thought of what’s in store for iPhone users. With some more development and a little refinement, the Apollo IM chat client could beat Apple’s Mobile iChat.
Hey Apple, are you really going to let a third-party beat you to the punch? We’re still waiting on an iPhone update that does more than fix bugs, tighten security, and make things a little faster. How about we all just focus on iChat?
Tuesday, August 28, 2007
Apple iPhone finally gets a native iChat application
Friday, July 20, 2007
Safari 3.0.x beta issues? Try updating to latest WebKit
The underlying engine used by Safari and other HTML rendering applications in Mac OS X -- WebKit -- is persistently updated by an open-source team, meaning that you may not have to live with bugs afflicting the current release of Safari 3.0.x beta from Apple.
Though it may lead to decreased stability and other problems for final Safari releases, updating to a newer version of WebKit has proven highly successful in alleviating issues related to the beta releases of Safari. It can also provide substantial speed boosts.
As stated in the WebKit documentation:
"Performance is a top priority for WebKit. We adhere to a simple directive for all work we do on WebKit: The way to make a program faster is to never let it get slower. We have a zero-tolerance policy for performance regressions. If a patch lands that regresses performance according to our benchmarks, then the person responsible must either back the patch out of the tree or drop everything immediately and fix the regression."
One of the reasons for the nightly WebKit build's stability is that it does not support any type of extensions, including Input Mnagers, Application Enhancers etc (we've noted several issues related to these, especially with regard to Safari -- here's our most stern warning) Apple should probably consider adopting the same policy for its Safari builds.
A MacFixIt reader writes:
"I recently downloaded the most recent (r24441) and have found that the problems that I had experienced in Mail and Safari using Spell Catcher have been fixed."
The current WebKit nightly build is 6.7 MB, and available for immediate download.
Friday, July 13, 2007
Apple Leopard beta leaked online
The beta build of Apple's Mac OS X 10.5 "Leopard" operating system handed out to developers at teh company's Worldwide Developers Conference has leaked to the internet and is being downloaded by users of PirateBay, the Swedish torrent tracker.
Apple chief executive Steve Jobs and other company officials spent much of the conference discussing the forthcoming operating system, due for release in October. Just days later, the beta labelled build "9A466" was uploaded to PirateBay.
The first upload did not take off - there was only one "seeder", the term for a computer that has a complete copy of the torrent file - but a second upload is being downloaded and assembled, according to comments left by numerous users.
Yesterday, only four seeders were available, with 181 "leechers" - computers that have downloaded only part of the complete torrent. By yesterday, however, the numbers had climbed to 44 seeders and more than 1,500 leechers.
The beta was also posted to the private, invitation-only torrent tracker Oink yesterday, according to technology blog CrunchGear. But when CrunchGear exposed the leak, Oink pulled the beta. That sent the downloaders into a verbal rage during which they vented their collective spleens at the blogger who outed Oink. "go [expletive deleted] yourself you [expletive deleted] rat," ranted one.
It is not known whether Apple will pursue the leakers, or what actions it might take against PirateBay. The company has so far declined to comment. But last time a development version of Mac OS X ended up on BitTorrent, Apple brought out its lawyers.
In December 2004, Apple sued three men, as well as 25 others identified only as "Does", for releasing a developer preview of Tiger, Mac OS X 10.4, via the BitTorrent file-sharing network. All three were members of the company's own Developer Connection, Apple claimed, and had illegally leaked their copies of Tiger.
But after several Apple notables, including co-founder Steve Wozniak, pleaded for leniency in blogs and other online postings, Apple backed off a bit.
During a 10-month span from March to December 2005, Apple signed settlements with the three named defendants: students Vivek Sambhara, David Schwartzstein and David Steigerwald. Each promised to never again release information about the company or its products, while media accounts reported that Schwartzstein and Steigerwald also distributed repentant statements and paid damages to Apple.
Sunday, June 24, 2007
Apple’s Leopard beta eludes software pirates
One of the first things done surrounding Windows Vista was releasing all the betas to the public in mass; it is very well known that any savvy user can obtain a full working copy of nearly any Microsoft operating system via bit torrents or other means. However, such is not the case with OS X Leopard, as there are no copies of the near-complete OS circulating the internet; could this be due to a more unified and progress-minded user base in Apple fans?
I am not one to utilize the base means of software “sharing” with torrents, newsgroups, and p2p clients, but I was alerted by a close friend of mine that he searched the internet up and down for a working copy of the Leopard beta, and to his (and my own) surprise, no such copy could be obtained.
I found this completely ironic, as a multitude of Vista builds can be found on nearly any torrent site, and that operating system is in need of a serious overhaul (just after launch), whereas OS X Leopard is virtually complete and has been heralded as the greatest operating system to date…but no beta copies to be found outside the hands of approved developers.
Anyone familiar with the nature of piracy knows that when people want something (in the software or media realm), with enough work it becomes mass-available. If that is the case, why hasn’t Leopard made it into pirate hands? Here is my reasoning for why Leopard could theoretically stay safe until official release:
1. Apple has done an admirable job of distributing software to those that should receive it. Unlike Microsoft’s vast casting call to all who would beta-test Vista, Apple is aware Leopard is well-designed and not in need of mass testing to iron out bugs and quirks.
2. The developers who received Leopard share a truly vested interest in the success of both Apple and Leopard; not akin to the free-for-all, every man for himself mentality existent within the Windows community, developers do not wish to detract from the success of Apple (what a novel concept!).
3. Apple users are not (on the whole) a bad community looking to take advantage of Apple. The beauty of the Apple community is that it appreciates what Apple provides, and identifies itself with Apple products; as such most of us aren’t trying to exploit Apple at every turn. There really aren’t many users looking to pirate Leopard, as many are willing (and eager) to spend the meager sum of $130 for the next greatest operating system; additionally, many understand the work Apple is putting into Leopard and are willing to wait until October to see it in its final glory.
To sum up, the reason Leopard hasn’t made it into pirates’ hands is because developers and users both want Apple to succeed, and are ok with its decision to delay Leopard until October. Talk about corporate-consumer synergy!
Apple Security Update - Safari 3 Beta Update 3.0.2 (APPLE-SA-2007-06-22)
Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of
the address bar
Description: In Safari Beta 3.0.1 for Windows, a timing issue allows
a web page to change the contents of the address bar without loading
the contents of the corresponding page. This could be used to spoof
the contents of a legitimate site, allowing user credentials or other
information to be gathered. This update addresses the issue by
restoring the address bar contents if a request for a new web page is
terminated. This issue does not affect Mac OS X systems.
Safari
CVE-ID: CVE-2007-2400
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari's security model prevents JavaScript in remote
web pages from modifying pages outside of their domain. A race
condition in page updating combined with HTTP redirection may allow
JavaScript from one page to modify a redirected page. This could
allow cookies and pages to be read or arbitrarily modified. This
update addresses the issue by correcting access control to window
properties. Credit to Lawrence Lai, Stan Switzer, Ed Rowe of Adobe
Systems, Inc for reporting this issue.
WebCore
CVE-ID: CVE-2007-2401
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when
serializing headers into an HTTP request. By enticing a user to
visit a maliciously crafted web page, an attacker could conduct
cross-site scripting attacks. This update addresses the issue by
performing additional validation of header parameters. Credit to
Richard Moore of Westpoint Ltd for reporting this issue.
WebKit
CVE-ID: CVE-2007-2399
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets
could lead to memory corruption. Visiting a maliciously crafted web
page may lead to an unexpected application termination or arbitrary
code execution. Credit to Rhys Kidd of Westnet for reporting this
issue.
Note: This update will appear for systems running Safari 3 Beta. It
includes the entire contents of Security Update 2007-006. Security
Update 2007-006 itself will not appear via Software Update for
systems that have installed Safari 3 Beta.
Safari 3 Beta Update 3.0.2 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
For Mac OS X
The download file is named: "Safari302Beta.dmg"
Its SHA-1 digest is: b8ee8d7c1ac3237de2ab0524077a20bae7f55001
Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: 3cbbf5a09ece4cac7f35b79f67b6990d5c0565f3
Safari+QuickTime for Windows XP or Vista
The download file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 7f0ea984bbdcbba4a3a85d785f2fdb810ed3954a
Friday, June 15, 2007
Apple Patches Three Bugs in Safari for Windows Beta
JUNE 15, 2007 | Just days after researchers started pulling up bug after bug in Apple's shiny new Safari for Windows beta release, the company issued a new version of the software that patches three of the vulnerabilities.
Safari 3.0.1 Public Beta for Windows fixes two flaws that only affect the Windows version of Apple's browser, along with one vulnerability that affects Windows and also could crash the browser running on the Mac OS X operating system.
"I think it was obvious they had to do this to save the day since there were so many problems with the release," said Johannes Ullrich, chief research officer of the SANS Institute and chief technology officer for the Internet Storm Center, in an interview. "For a beta product like this, it's really in development, so it's for people to play with and test. And they really have."
Ullrich said it's hard to track how many bugs have been found in the beta software this week because some have been posted, but are unproven, and yet others may be duplicates. He estimates that there have been five to 10 proven vulnerabilities found since Monday.
Alfred Huger, vice president of Security Response at Symantec, said he has a tally of four proven Safari for Windows bugs. "It speaks well that they've turned patches around so quickly," he said in an interview. "It's a positive sign that they're being responsible. How quickly a vendor responds is part and parcel of the quality of the software."
Since this is a beta release, Ullrich said he expects to see fairly frequent updates coming out.
According to an Apple advisory issued Thursday, a command injection vulnerability in the original beta could be used to trigger remote code execution. The bug could be exploited if the user visits a malicious Web site. This update fixes the vulnerability by performing additional processing and URL validation, according to the advisory.
The two other bugs being fixed in this beta version also can be exploited if a user visits a malicious Web site.
One bug could allow cross-site scripting. The flaw enables a hacker to gain access to JavaScript objects or to remotely execute JavaScript in the context of another Web page. This flaw does not affect Mac OS X systems.
Apple describes the last bug being patched as an out-of-bounds memory read issue, which could lead to unexpected application termination or arbitrary code execution when a user visits a malicious Web site. This, too, does not affect Mac OS X systems.
The patches are quick on the heels of widespread news that researchers have been finding a mounting number of vulnerabilities in the beta. Researchers were finding flaws in the new browser's coding within an hour of its release, according to Ullrich.
This for the browser that Apple touted as enabling "worry-free" browsing. "Apple engineers designed Safari to be secure from day one," the company said on its Web site.
Researchers, who generally don't delve all that forcefully into Apple's code looking for vulnerabilities, were lured to this beta because it's a Windows version of the browser. And researchers typically comb through Windows applications, particularly browsers.
— Sharon Gaudin, Information Week
Apple Safari for Windows beta review
As part of WWDC last night, Steve Jobs unveiled possibly the most important piece of news of the night to consumers - Safari, Apple's very own web-browser, was to become available on Windows.
Quite why any self-respecting Windows user would want to taint their hard drive with El Jobso's machinery, and quite why Apple are interested in placing their software on Windows in the first place, no one knows. But then, the same thing was said when they announced iTunes would be available on Windows, and there's no way in a-black-turtleneck-and-jeans heaven the iPod would have seen anywhere near the amount of success had this not been implemented.
So, we know Safari already owns 5% of the market share in web browsers - but will this new availability of the browser for Windows-users increase the popularity? Read on below for my review - and yes, I've tried not to wear my Bill Gates-adoration on my sleeve *too* much here, to give you the most unbiased review I possibly can.
Downloading the software is easy, and takes no time at all, however I wish the same could be said for actually rendering the home page. From the moment of clicking on the Safari icon, to taking me to the first page - apple.com, natch, is a process which takes eight seconds.
Considering the speed which my computer takes to point me to Google on both Firefox and Internet Explorer - under a second - this is extremely disappointing. Of course, this could be due to the no-doubt millions of downloads the browser has had, thus the added millions accessing apple.com, slowing the loading speed.
According to Apple, Safari 3 is double the speed of Internet Explorer and 42% faster than Firefox, however I find these figures to be highly incorrect. Not just is the home page slow to render, but after typing in URLs, it's the same, if not slower, to whisk me off to the site than Firefox is.
Having actually owned a Mac for three years, and accustomed to using Safari regularly (although admittedly I preferred Firefox on my Mac), I can't say I can notice too many differences. The one major flaw that jumps out at me is that when typing in a URL, several selections come up which I most definitely have never entered before, so are obviously paid-for adverts. Not cool, Apple, not cool at all.
The key features for Safari on Windows include tabbed browsing, SnapBack, and the muchly-adored pop-up blocking, standards users expect from their web browsers these days.
There are however some new features to Safari not seen before in previous versions, such as the ability to drag tabs out of the main browsing window, thus turning it into its own browser window (flawless, and one feature I could definitely become accustomed to), and the private browsing which doesn't automatically save Google searches and page histories using the caching features.
Speaking of Google, it's got a Google search-bar built in, (evidence of that Google-Apple love-in we've been seeing recently), but no Google toolbar, which will really be the make-or-break feature for some people. Personally I can't stand the toolbar so this won't be missed by me, but I know Google purists who would miss this incredibly, particularly the GMail and Googler bookmarks buttons.
One thing I noticed instantly was that there was no home button built into the toolbar. Sure, you can click on 'View', then 'Customise toolbar', and add it yourself, but really...a web browser without home built in automatically?!
Those downloading Safari on Windows are no doubt familiar with the web browser already, but for any newcomers, having the 'OK' and 'Cancel' buttons reversed in dialogue boxes could be dangerous - think of how many mistakes they'll make!
RSS feeds are built in automatically for news of interest, but I'm sure those techy enough to actually download the browser already have Bloglines or Google's own RSS feeds.
The browser may've already been live for less than 24 hours, but reports have emerged that it's already been hacked. Only time will tell how the browser will fare against the already-popular IE and Firefox, but I'm betting it won't overtake either.
Apple announced last night that Safari will be of high importance for developers creating applications for the iPhone - obviously when creating these apps it's important for Apple to be on the Windows platform as well as Mac OS.
One thing I'm interested in is how far Apple will take this, whether Safari will be bundled together in the iTunes installation, or even with QuickTime. These two programs will obviously be in much greater demand than Safari for Windows, so it makes sense for Apple to offer them together.
An official response has yet to be heard from Microsoft, but we expect it shortly. Meanwhile, with the several security vulnerabilities already been revealed, it seems a case of the ol' Trojan Horse to me, the perfect way for Apple to rile up Microsoft, and Microsoft users.
Safari for Windows: for those who want a streamlined, slim web browser without all the bloat of IE and Firefox. In other words, for simpletons who don't want to maximise their browsing time.