May 2004

Real live link vulnerability for Mac OSX

I don’t think this has appeared in the wild yet, but no doubt it will soon. It’s an exploit that allows someone to execute arbitrary code on OSX just by visiting a website, regardless of browser, by using Javascript to download a disk image and then using Javascript to open help://Volumes/Rootkit/Rootkit.script. The browser passes the request on to the Help Viewer, which will gladly execute code. The exploit is being discussed on the MacNN Forums and has been summarized on TidBITS.

No solution from Apple yet (though apparently they’ve known about it for two months already — sheesh), but a stop-gap solution is to install MonkeyFood Software’s free MoreInternet and then set the helper app for type “help” to some innocuous program like “chess.”

On the minus side, it’s sad to see OSX suffering the same pain I’ve teased Windows users about all these years. On the plus side, I’d been meaning to play more chess anyway…

UPDATE: In flaming about the above exploit, the MacNN folk found a variation that doesn’t have a full work-around, though you can make it harder for an attacker to get the payload to your machine. See the top of the thread for details.

Real live link vulnerability for Mac OSX Read More »

Statistical Debugging

This is cute — download a special version of open-source software like Evolution, Gaim, The Gimp, Nautilus, or Rhythmbox from The Cooperative Bug Isolation Project and they’ll randomly sample usage paterns to try to automatically detect bugs that make software crash. Unlike the usual “this application has unexpectedly quit, shall I email a crash log to the developer” kind of thing, this one collects sparse data from both crashes and normal use, enabling an automated classifier to tease out what the differences were.

Statistical Debugging Read More »

Sony LIBRIé review

This review of the Sony LIBRIé e-Book reader sounds typical of what I’ve heard — thumbs up the new E Ink screen, interface could be improved but isn’t bad, and as usual the content side of the Sony house is willing to make the whole package next-to-useless by throwing enough DRM on the device to insure no one will want it. I can see the advertisements now:

Read for hundreds of hours without changing batteries — just like paperbacks!
Great resolution — just like paperbacks!
Magically disappears after 60 days — just like paperbacks!

Didn’t they learn anything from minidisc?

Of course, this time their system is Linux-based, and Sony is making at least some of their software available online, so people might be able to write their own content for what sounds like decent and certainly interesting hardware technology. Wonder if that’ll happen fast enough for the LIBRIé to get its legs before Phillips & others make a version that will actually play eBooks already out there?

Sony LIBRIé review Read More »

The bias of science

Scientific American has written an editorial severely critical of the Bush administration’s “disdain [for] research that inconveniences it,” citing misrepresentation of findings, suppression of studies, deletion of data from government web pages, and playing gatekeeper on future studies by making it harder for scientists from “hostile nations” to publish in the US and by trying to give industry scientists more control over the process for determining EPA research. It brings together several criticisms from the past three years that amount to a disturbing step backwards in how our administration gets its facts.

I got word of the editorial from Declan McCullagh’s Politech list, where Declan introduced the piece with this rather odd disclaimer:

It is not unthinkable that scientists have political biases. In fact, it would be remarkable if many were not lifelong Democrats who may be tempted to be a bit more critical of a Republican’s science policies than they would, say, a Bill Clinton’s. Moreover, many scientists rely on government funding of domestic programs, which arguably increases faster under Democratic regimes.

That said, this editorial is pretty disturbing and ties enough threads together to be pretty convincing.

Is our nation so polarized now that anything praising or critical of our president is first assumed to be partisan rather than actually making a valid point? Like the rest of the country, scientists span the whole spectrum of personal political, cultural and religious biases. The common bias in our profession is the one at the heart of science itself: that the truth is worth knowing, even if it isn’t the truth we wish were so, and that society is better off knowing the truth and then having open and reasoned debate than basing our actions on blind dogma, unexamined assumptions and gut feel.

In other news, the US is losing its lead in scientific excellence.

The bias of science Read More »

It takes two to email

Declan McCullagh echos something I’ve heard several places about Google’s Gmail service:

The objections lodged against Gmail are telling, because they illuminate two different views about how to respond to new technologies. The protechnology view says customers of a company should be allowed to make up their own mind and that government regulation should be a last resort. Privacy fundamentalists, on the other hand, insist that new services they believe to be harmful should be banned, even if consumers are clamoring for them.

I’m not one of the people clamoring to ban Gmail (see previous post for my own take) but the above argument does miss the important point that email is a two-way street. Maybe you’re happy to sign away your privacy to a third-party company, but I’ve signed no such agreement. When I send email to you or to a closed mailing list you’re on I have the expectation that, at the very least, you will first read the email before deciding to share it with a third party. I trust Google, but I want that expectation of privacy to continue after all the other email-providers follow suit with their own arrangements.

It takes two to email Read More »

The flavor of Redmond Kool-aid

Chris Pratley has an interesting Microsoft Perspective on the history of Word, in particular talking about how Microsoft beat out WordPerfect as the wordprocessor of choice when platforms shifted from DOS to Windows. Pratley joined Microsoft in 1995, but what interests me most is his version of the Microsoft story prior to his arrival — it gives a great insight into the Redmond Kool-Aid served to new Microsoft employees:

In case you’re too young to remember, Windows development started back in 1983, and it was a joke in the industry. Windows 1.0 (released in 1984 I think) was sort of a demo. Windows 2.0 (1987 or so) was much better, but it was limited in memory (286 processor had a max of 1MB addressable RAM), and ran too slowly for practical usage. It is also hard to believe now, but all the pundits in the industry thought GUI interfaces with windows and dialog boxes and menus and mice (the Mac, Windows 2.0, etc.) were for novices and were basically toys, since they lacked the power of a command line interface. Lotus 1-2-3 and WordPerfect ruled the desktop, with arcane command sequences that a professional user could work magic with, but which new users found impenetrable. Especially interesting was the discussion that came up around the impending release of Windows 3.0 around 1990. In 1989, all the editorials talked about whether application makers should bother with a Windows-version of their DOS apps. WordPerfect was pretty clear – they saw Microsoft as a competitor, Windows as a lame horse, and they felt pretty strongly that they would best serve their customers by sticking with DOS. Their customers knew the WP-DOS interface, it was faster and more professional than the goofy toy-like Windows interface. It became a point of pride that WP would not do a Windows version.

PC-Word, on the other hand, tired of losing reviews and not being able to shake the stranglehold that WP had on the DOS word processor market, had nothing to lose by making a Windows version. Fortunately, that also coincided with the direction that Microsoft was taking: bet the company on Windows. In retrospect, this seems like a no-brainer, but remember that at the time Windows was still considered a joke. Betting the company on it was a big, big bet.

Now I love a “techie bets the company on a radical idea” fable as much as the next geek, but this version leaves out the most important part of the story: WordPerfect wasn’t sticking with DOS — just like the other category-leaders Lotus 1-2-3, dBase and Harvard Graphics, they were spending their resources developing for OS/2, the new windowing OS being developed jointly by IBM and Microsoft. And the reason they bet on OS/2 is that both IBM and Microsoft were endorsing OS/2 as the platform for the 1990s: check out this quote from Bill Gates at the Fall 1989 Comdex. At the time, Windows was seen as essentially an extension of DOS, and was touted as being for low-end computers (a 386 with 4MB of RAM, also known as next-year’s trash). Which is to say, Windows was touted as being “for novices and… basically toys,” but the GUI and OS/2 were taken quite seriously. Now cut to Spring 1992, when Microsoft ships Windows 3.1 and signs a “divorce” document from the deal with IBM to develop OS/2 (much of the technology was later licensed for Windows-NT). Betting the company on Windows wasn’t just a big, big bet, it was also arguably the biggest bait-and-switch of the decade.

Oddly enough, Pratley doesn’t mention OS/2 even in his follow-up post, though he does make the claim that Microsoft built the first office suite:

Some of the posters noted that Word was helped to success by the Office bundle. That is certainly true – that move was a truly inspired marketing decision to use our strength of having enough apps to build a “suite” – something which hadn’t existed up to that point. At first it was just a bundle of three apps for the price of 1.5 apps or so. People said it was crazy – too much of a giveaway.

That’s another impressive claim, considering when Microsoft Works came out in August 1986 (for Mac, the DOS version was 1987) there was already Innovative Software’s SmartWare Suite (1983), Electric Company’s Electric Desk (1984 or earlier, later reborn as AlphaWorks and LotusWorks), Ashton-Tate’s Framework (1984), Migent’s Agility (1985) and Lotus Symphony (1985).

Pratley mentions a few suspect his blog is just a “marketing ploy,” but I figure his admiration for Microsoft’s history is genuine and his posts are from the heart — he just needs to get out of Redmond a little more. Perhaps his blog will be just the thing to cure the memory gaps that are so often caused by years of Kool-aid abuse…

Edit: changed typoed August 1996 to August 1986.

The flavor of Redmond Kool-aid Read More »