Weblog of a “Switcher”

There has been a lot of talk on the Apple blogs about a hacking contest where Charlie Miller won $10,000 plus a MacBook Air because he was the first one to hack into the machine and gain root access. How did he do this? He surfed to a test website he setup for the exercise with Safari. He managed this feet in just 2 minutes after CanSecWest security conference opened on the second day. No one was able to hack into any of the laptops setup for this purpose on the first day.

The way this contest was setup, if you can hack into one of the systems to gain root access you get prize money plus the system you hacked into. Hence the name of the contest: PWN2OWN. The first day was OS only attempts. The second day, the OS and software that is released with the OS are fair game, and on the final day, 3rd party software is added to the list.

Apparently, Microsoft Windows Vista was hacked on the 3rd day. No one managed to break into the 3rd system up for grabs, a Sony Vaio running the Linux distro Ubuntu.

I bring this up because one of my favorite bloggers to read brings up some valid points about security and Apple lax attitude for it. It has actually been a point of contention with myself an a lot of MacZelots. I constantly hear how secure OS X is due to it's Unix Kernel BeOS. Sure, that Kernel is probably very secure. However, there is a lot of software running on top of it that may no be so secure and the CanSecWest PWN2OWN contest shined a very bright light on that fact.

Safari is not clean software. This has been proven time and time again via Safari running on Windows machines and even the iPhone. It's hard to say how many problems are in other software that Apple produces, but Safari is a popular piece of software to attack these days. Especially since Apple all but forced it on Windows users recently.

This brings me back to my comment about a point of contention with MacZealots. See, I state that the reason Apple's OS X hasn't seen any major successful security exploits so far, is due to it's lack of market share. The old "security thru obscurity" argument. I have been ridiculed over and over again by my stating this.

What I mean by this is pretty simple. Since Apple owns a very small percent of the home computer market, virus writers don't see the OS X and the Macintosh as a viable platform for their attacks. Back in the 80's and 90's, virus writing was more of a personal pride thing. Hackers wanted to be able to claim that they were the ones to take down thousands of computers using their "handles" or monickers. Apple and Microsoft were targets back then.

Currently, virus writers are finding huge profit in the work they do. They write elaborate systems to allow spammers to get out their messages without drawing attention to themselves by using millions of "zombie" systems to do their dirty work for them. They are willing to pay big money to do this. In fact, there are viruses out there that actually have anti-virus software in their code to eradicate competing viruses so that only their virus is on the unsuspecting computer users system. They don't take computers down like before, but try their best to not be noticed at all.

Trust me when I say this is a big business. Spammers make millions of dollars spamming us, they are very willing to share some of that wealth to good virus writers to make sure that they have their way of sending out spam messages.

So what happens when Macintosh and OS X becomes more popular? Say when they see 30% market share or better? The Mac and OS X will wind up being a target just as much as Windows. Will that ever happen? I don't know for sure, but Apple is doing everything in their power to make Macintosh and Apple a very popular name. It also doesn't hurt that Microsoft has put out a dude of an OS called Windows Vista. Windows users are re-evaluating their decisions and seeing their friends running Tiger and Leopard and seeing that they don't have any problems with speed and usability.

The last couple of months, Apple has seen great sales numbers. Better than they have ever seen in their Notebook and Desktop computer lines.

If Apple keeps up this trend, they are really going to have to step up their security efforts in their software to make sure that they are secure. One thin Apple does have going for it is that when an exploit is discovered, it's fairly quickly corrected. Apple doesn't wait for "monthly updates" like Microsoft does. When they have a security update that needs to go out, they send it out.

So I am really hoping that Apple starts looking more closely at security and stops sitting on it's hands thinking that they are the best when clearly they have work to do.

written by Dave M. \\ tags: Apple, Bloggers, Charlie Miller, Clean Software, Fair Game, Gain Root, Grabs, iPhone, Lax Attitude, Microsoft Windows Vista, Os X, Party Software, Point Of Contention, Prize Money, Reason Apple, root access, Safari, Security Conference, Security Exploits, Security Tag, Sony Vaio, Test Website, Unix Kernel, Windows Machines, Windows Users, Wit

I came across a great tip at A NEW MAC TIP EVERY DAY that pointed out that you can change the volume in OS X finer than by just using the volume keys on the keyboard. If you hold down Shift and Option when tapping the volume-up and volume-down keys, it will take four taps to change as much if you were not holding Shift and Option.

This tip apparently only works in Leopard. (Thanks, Stephen!)

If you look at the screenshot on the right, you see that there are 16 positions you can set the volume to when just tapping the volume keys. Notice the 6th box from the left. It has half of it's box white and half dark gray.

So with the Shift and Option keys held down, you get 64 volume positions instead of the normal 16.

Something I found out while playing with this was that if I just held the Shift key down when changing the volume, the OS doesn't play that short sound that lets you know that you are changing the volume and also lets you know what the volume level sounds like. This might be nice if you want to change the volume without having to hear that noise while you are listening to the latest Maroon 5 song.

So to summarize:

: Will adjust the volume in 16 steps with sound.

+ Shift: Will adjust the volume in 16 steps without sound.

+ Shift and Option: Will adjust the volume in 64 steps with sound.

This is just one more example of how great OS X is and how much attention to detail Apple puts into the software it creates.

"Share and enjoy!"

written by Dave M. \\ tags: Apple, Attention To Detail, Control, Keyboard, Mac Tip, Maroon 5, New Mac, Option Keys, Os X, Os X Leopard, S Box, Screenshot, Shift Key, Sounds, Taps, Volume Control, Volume Down, Volume Level

This doesn't have anything to do with the Macintosh or even computers...

I was watching television yesterday and an ad for our local waste removal service came up. They were talking about wasted energy in our homes due to all the electronics we have in our house. Even when those electronics are turned off.

They claimed that a Television that is turned off uses more energy than when it is on! On the surface, that just sounds absolutely insane.

They were referring to the fact that most electronic devices these days have "standby" modes. So even if something is off, it's drawing energy. OK, this is true. You should see all the LED glowing away in our house at night. Their solution suggests to plug all your electronics into power strips and simply switch the power strip off when you are done using them.

I still think that the statement is absurd, so I decided to look up some data. The manual for my Sharp Aquos 42" LCD HD television states that when it is on, it draws 247 Watts. OK, just under the amount that a 3-way lightbulb uses on it's highest setting. Not really all that much power.

The manual didn't have anything to say about when it was in standby mode and a quick search in Google took me to a site that showed me how much it uses. A whopping 3 Watts.

Now, I'm no electrician, so my math here may be wrong, but 3 Watts seems a bit smaller than 247 Watts. It's over 80 times less in fact. So doesn't that mean that I would have to leave my Television off for over 80 hours to draw as much power as when it is on for 1 hour?

If I am correct here, then the ad is full of male cow droppings!

I am certainly not going to suggest to anyone to use a power strip to turn off their electronics when they are not using them. They would have to reset clocks and other settings over and over again each time they want to use them and that is just not acceptable. Not in this day and age.

Back when all televisions had was a power switch, channel knob and volume knob, then I would say OK. The only problem with that is that those units didn't have a standby mode since they obviously didn't need one. No user settings or clock times were being saved.

I just felt I had to get that off my chest.

written by Dave M. \\ tags: Clocks, Cow, Drawing, Electrician, Electronic Devices, Google, Hd Television, Lightbulb, Macintosh, Macintosh Computers, Math, Modes, Power Strip, Power Strips, Power Switch, Search Google, Sharp Aquos, Standby Mode, Televisions, Volume Knob, Watching Television, Watts

Secrets is a Leopard Preference Pane that allows it's users to modify settings in Leopard that before were only accessible from Terminal.app. This allows the "less savvy" population of computer users to customize their Leopard installations as a pro might.

It all starts with downloading and installing the Preference Pane from http://secrets.textdriven.com/. Just unzip the downloaded file and double click on the "Secrets.prefPane" file. Leopard knows that this is a Preference Pane and will copy it to the correct location. OS X is just awesome that way.

It will then open the Preference Pane which looks like this:

As you can see from the screenshot, there are quite a few "Secrets" to choose from. The light blue (iTunes like pane) on the left side of the window shows all the programs that have "Secrets" to choose from. There are also two special items. "Top Secrets" shows the most popular secrets and "All Secrets" which will show all the secrets that can be chosen.

When you find an item you which to change, clicking on it will reveal a bit more information about the secret:

You can then click on the User Interface control that changes the secret. In the above example, that would be the checkbox. Depending on what the secret changes, you might be prompted to quit the application that will be effected. This appears at the bottom of the Preference Pane next to the "Revert" button.

A really nice touch to this Preference Pane is the "Update Secrets" button. Clicking this button will tell Secrets to go out to the server that holds the database of all the secrets and see if there is a need to update the database stored on your computer. It also checks to see if the Preference Pane needs to be updated as well. The "?" (Question Mark) button takes you to the Google Code page where the Secrets Project is being maintained. The "Revert" button will restore the secret setting back to it's default value and the "More Info ->" button takes you to the database entry were the selected secret is stored on the server's database.

I personally am not all afraid of using Terminal.app to make these kinds of changes. This can be a problem since I don't always remember that I have made them and then don't know how to set them back to their default value. The Secrets Preference Pane makes this a no-brainer.

If you like the idea of personalizing your installation of Leopard, hope over to their website and give it a try. Best of all, it's free.

Update (5/8/08): It looks like development on the Secrets Preference Pane has either stopped or really slowed down. I talk about it here along with a really good replacement program and a possible reason for the lack of development here: MacPilot: New Version Kills Secrets Preference Pane Utility

written by Dave M. \\ tags: Checkbox, Computer Checks, Computer Users, Correct Location, Customize, Database, Database Entry, Double Click, Downloaded File, Google, Info Button, Interface Control, iTunes, Leopard, Os X, Population, Preference, Preference Pane, Question Mark Button, Screenshot, Secrets, Top Secrets, Unzip File, User Interface

Welcome to the new home of
Weblog of a "Switcher"!

If you don't understand why you are being welcomed, then pop over to the WordPress.com home and read the moving notice post.

As time goes on here, there will probably be new features added to the site as I find plug-ins and other features that will hopefully make the site a pleasure to go to and read.

Since I have no control over search engines like Google and Yahoo!, there will still be folks starting over at the WordPress.com site. Hopefully they will see the sidebar notice that the site has moved and head over hear looking for the post that they want to comment on. I don't plan on closing comments out on the WordPress.com site, so conversations will continue there until they run dry. I suspect new conversations will start up here, at least I hope they will.

I have set the WordPress.com site to not let search engines crawl the site, so I suspect in time, the search engines will loose references to the WordPress.com site.

For those of you that have made the necessary adjustments to keep following me here, thank you very much. I hope I can keep posting interesting enough articles to keep you checking out the site from time to time.

written by Dave M. \\ tags: Closing Comments, Control, Conversations, Google, Google Yahoo, Moving Notice, Necessary Adjustments, New Features, Pleasure, Plug Ins, Pop, Search Engines, Search Google, Search Yahoo, Weblog, Yahoo

So, thanks to Andy Ihnatko and a Twitter tweet he posted yesterday, I found a really cool photo sharing site called Photoshop Express.

So, I popped over and signed up for the service to check it out. It's actually quite interesting. It's based on Flash and there is one thing that really annoys me about it, but minus that one annoying thing, the rest of the site seems quite useful. In fact, the screenshot above is being hosted on their site.

Adobe Photoshop Express is a free photo sharing site. They allow you 2GB's of storage to store your pictures into. They are currently supporting external photo sharing sites Photobucket and Picasa as well as photos stored in Facebook. Simply login to one of those sites from within Photoshop Express and presto, Photoshop Express will start pulling down thumbnails from your photos on that sharing site. You can then drag pictures from one of those sites into your Photoshop Express library.

Now, the thing that annoyed me about Photoshop Express was that since it being run by Flash, I am not able to use my mouse wheel to scroll the thumbnails displayed in my library up or down. I have to use the scrollbar on the side and grab the scrollbar thumb button to scroll the thumbnails. There isn't even up and down arrows in the scrollbar to allow my to scroll by line.

This is a beta web service, so it's very likely that this will be addressed by the time it goes out of beta. It's just a pet peeve of mine when it comes to Flash. I know Flash supports the mouse scroll wheel. It just has to be programmed to support it.

Not this is meant to be a quick review of the service. I suspect that Mr. Ihnatko will be writing more about it soon and I'll post a link to his review when I see it posted somewhere.

So for now, enjoy yet another great photo sharing web service!

written by Dave M. \\ tags: 2gb, Adobe Photoshop, Andy Ihnatko, Annoying Thing, Arrows, Beta Web, Cool Photo, Facebook, Free Photo, Mouse Scroll, Mouse Wheel, Pet Peeve, Photo Hosting Site, Photo Sharing Sites, Photobucket, Picasa, Scrollbar, Thumb Button, Twitter, Web Service

Seems that now iLounge is playing the sensational news headline game. I just caught an article there with the headline: Report: Amazon now #2 digital music retailer

That caught my attention since it was just a few weeks ago that I heard that Apple was the second largest music retailer in the world.

So what happened? Did Amazon sneak past Apple as #2? Well, it doesn't really look to be true. From the article quoted by the iLounge story:

Amazon takes on Apple with copy-protection-free music
Amazon's (AMZN) MP3 store — which sells only songs without copy protection — has quietly become No. 2 in digital sales since opening nearly six months ago, say the four major labels. That's even though Apple (AAPL) dominates digital music with its iTunes Store (the second-largest music retailer in the world, after Wal-Mart) (WMT) and its hugely popular iPod.

Maybe what is being said here is that Amazon is now #2 in DRM-Free digital music sales.

Apple now has 2 million songs from EMI and independent labels available without DRM, out of its 6 million-song catalog. Amazon offers 4.5 million DRM-free songs.

If that is the case, who is #1 in DRM-Free digital music sales? Wouldn't you think we would have heard of them?

Also, doesn't Mr. Starrett know what a paragraph is? Now, I am going to state up front that I am clearly not a good writer. I'm sure a true writer or journalist would go to town over my lack of grammar and style. However, I would think that an article with 216 words would have at least 2 paragraphs. Hmm. Ah well.

Could someone please clear this story up for me. I would hate to look bad again with this claim, but from where I sit, it sure looks like an overly sensational headline to me.

Update (7:40pm): So, during my regular blog reading, I came across another article on this topic from AppleInsider. They state:

Amazon MP3 takes number two spot behind iTunes

Although it's been an option only since September, Amazon MP3 is now in second place behind iTunes in the US for downloadable music sales, USA Today says.

No independent explanation for the jump is available, though Amazon digital music chief Pete Baltaxe points to a larger DRM-free library of 4.5 million songs that allows all its music to work with any portable player, including iPods.

"They appreciate that everything is DRM-free and so comprehensive," Baltaxe claims.

In contrast, Apple has only 2 million unrestricted songs and only obtains major-label music from EMI versus additional support from Sony BMG, Universal and Warner at Amazon.

OK, so now it's clear that iTunes is the number one store for "downloadable music". Not DRM-Free based. So, this makes the iLounge article a bit inaccurate. iLounge's headline should read: Report: Amazon now #2 digital music retailer behind iTunes.

Now I realize that this might make the headline redundant, but considering the article to follow isn't clear at all that the #1 digital music retailer is iTunes, it seems necessary. The way the article reads, they make it sound like iTunes is #3 which would beg the question as to who #1 is.

written by Dave M. \\ tags: Aapl, Amazon, Amzn, Copy Protection, Digital Music Retailer, Digital Music Sales, Free Digital Music, Free Songs, Headline Game, Independent Labels, iTunes, Largest Music, Misleading Headline, Mp3 Store, News Headline, Sensational Headline, Song Catalog, True Writer, Wal Mart, Wal Mart Wmt

While checking out my statistics at Site Meter this morning, I notices something rather disturbing. The majority of my readers are using Firefox 1.x.

It's not disturbing that those users are using Firefox. In fact, I would further suggest that all you Internet Explorer 6.x and 7.x users (22.2%) should consider looking at Firefox, Opera, Safari, or any other browser that doesn't use Internet Explorer as it's rendering engine (means of displaying web content). Your Windows computers will be much happier if you do.

No, actually I'm concerned that 37.4% of my readers, the majority, are using older versions of Firefox. Firefox 2.x has been out for quite some time now and is a faster, more reliable version than it's older 1.x version. In fact, version 2.x (and many later versions of version 1.x) support the ability to update themselves automatically. In fact, click the image below to go straight to Firefox's download page:

Download Firefox

Making sure that Firefox automatically update's itself is very important. The folks that develop Firefox stay on top of security issues that arise from security experts and hackers finding holes in Firefox. As soon as a fix is made and tested, it's released as an update that Firefox will prompt you for the minute it detects it.

To make sure that Firefox will update itself for the Mac, go to the "Firefox" Menu and select "Preferences..." (or Command-,) to bring up Firefox's Preferences dialog.

To make sure that Firefox will update itself for Windows, go to the "Tools" Menu and select "Options..." to bring up Firefox's Options dialog.

Once there, switch to the Advanced tab by clicking on the word Advanced tab (the icon that looks like a gear), and select the Update tab inside. Now, make sure that "Automatically check for updates to: Firefox is checked. The "When updates to Firefox are found: options will allow you to have Firefox automatically download and install any updates, or ask you to update when you are ready. Even the automatic update will ask you if you want to update now or later, so it's pretty safe to use either option.

Making this change will allow Firefox to keep itself up-to-date and safe from any malicious website bent on making your web browsing experience, and general computer experience, unpleasant.

written by Dave M. \\ tags: Explorer 6, Firefox Browser, Hackers, Internet Explorer, Older Versions, Opera, Options, Os X, Safari, Security Experts, Security Holes, Security Issues, Site Meter, Statistics, Tools Menu, Update Windows, Upgrade Browser, Web Content, Windows Computers, Windows Os, Windows Upgrade

I have to admit; as much as I wasn't happy with ars technica's article that I wrote about in my previous post. Mr. Foresman does make a valid point:

Being able to quit Software Update during an update is just not a good idea.

This is a bug, plain and simple. Once the update process has begun, one of two things should happen:

1. The Quit Software Update menu item should be disabled
2. If the user attempts to quit, a dialog should appear telling them that an update is in progress and either...
1. not allow them to quit.
2. allow them to quit, but when it is absolutely safe to do so.

Allowing the user to quit while in the middle of an actual update script is just not a good thing. No matter what is being updated.

Now, the question that comes to mind for me as a software developer, is this something that can be reported as a bug to Apple, or is this something that would go into a feedback bucket. If the later, I get the feeling that it would never get addressed.

I now ask that any developer that is a part of the Apple Developer Program that reads this, could you please make sure that Apple knows about this problem so that it can be addressed. This is really a problem that needs to be fixed and can be fixed fairly easily. There really is no excuse for someone to be able to do serious damage to their installation of OS X just because they accidentally quit Software Update. Thank you in advance!

To Mr. Foresman, please accept my apology for being so harsh on your post at ars technica. Maybe a sensational headline like that will get the attention of someone at Apple and that is certainly a good thing.

written by Dave M. \\ tags: Apology, Apple Developer, Apple Software, Ars Technica, Developer Program, Dialog, Excuse, Feedback, Os X, Sensational Headline, Software Developer, Software Update

I usually find most of the articles on "ars technica" pretty informative and well researched. However, this latest bit of "reporting":

An errant Command-Q could leave your Mac unbootable:
By Chris Foresman | Published: March 25, 2008 - 03:02PM CT

Command-Q to Quit. Many of us know that shortcut so well that it's used without conscious thought. The shortcut is even honored with its own t-shirt. But an unfortunate MacOSXHints reader ran into some trouble when he hit Command-Q while installing the latest Safari update.

The update was being installed remotely using Screen Sharing. Software Update was showing the progress before rebooting, so Chris Platts hit Command-Q to quit Screen Sharing. However, the keystroke was sent to the remote machine, causing the update to quit. Since Safari 3.1 included a major WebKit update, applications that relied on WebKit started crashing after the aborted update. Oops.
A manual install of the update package cleared things up. But if an OS X update had been in progress, it could have rendered the machine unbootable. Until Apple puts some kind of protection in place, you'll want to keep your hands off the keyboard while updates are in progress."

Leaves me to wonder if they let anyone willing to write report on their site. I almost get the impression that this author "Chris foresman" has only just started using a Macintosh.

I have been using a Mac since May of 2006. My memory of security updates and OS updates are that they are done in such a way that it's impossible to quit Software Update in the process of the update. Maybe not the download, but the actual update itself. In Leopard, I have seen Software Update download the update, then reboot the computer to do the actual install after the system boots back up but before the OS actually starts up.

If Mr./Mrs. Foresman had actually been using a Mac for longer than a week, I think he/she would actually know this fact and not be reporting that it's possible that an errant Command-Q could destroy your OS
I'm actually surprised that Software Update allowed him to quit his update for Safari 3.1. I thought that when I updated that, my system rebooted and finished the update the same way an OS update does. However, I can't say for sure because I wasn't paying that close attention to the update. Plus, I don't go around pressing Command-Q when I'm doing something as important as a software update anyway.

I do run updates via Screen Sharing to my MacBook which is upstairs. I usually let the updating computer kill the connection to screen sharing or I'll close the window with the mouse. I just don't quit Screen Sharing by trying to use Command-Q. Maybe this is because I use "Chicken of the VNC" and Command-Q doesn't work to quit that program unless you have all connections to other computers closed.

Anyway, I hope that ars technica reads the comments about this questionable post and maybe reviews future articles from Mr./Mrs Foresman before he/she is posted on their site. Articles like this make sites like ars technica look a little amateurish. Much like my blog.

(Via ars technica.)

written by Dave M. \\ tags: Apple, Ars Technica, Author Chris, Keyboard, Keystroke, Macintosh, Macosxhints, March 25, Memory, Mr Mrs, Os Updates, Os X, Platts, Safari, Security Updates, Sharing Software, Software Update, System Boots, T Shirt, Unbootable