Uncategorized

Apple’s iSight: Friend or Foe?

Microsoft’s Windows operating systems have always had a reputation for being virus prone and about a secure as an open cookie jar at a weight watchers seminar.  Bugs of every shape and size have found their way into the deep recesses of the platform.  Some have been extremely malicious while others have just been downright humorous.

My favorite Windows viruses have always been the one that take advantage of users who have web cams attached to their machines.  The best of these sneaky little bugs had the ability to activate the cams without their owners knowledge.  Needless to say, many video are still circulating the interweb.

Being a Mac user, I have always been immune to issues of this nature.  But I ran across a link today that has me wondering how much longer I can consider myself safe.  Chris Adamson over at oreillynet.com has posted page the demonstrates a web page that has an embedded file that displays the feed from the surfer’s iSight cam.  Users with iSight enabled computers can load the page and literally see the page looking back at them!

Though a little startling, this is not a bug in the Mac OS.  The web page simply leverages the operating system to do something completely benign and harmless.  No one else is looking at your iSight video feed.  The browser is simply piping its internal video feed right back out to the users web page.  What interests me is the ease with which Chris was able to add this content to his web page.  If it was that easy to access OS X’s iSight subsystem, what keeps an enterprising AppleScript, shell-script, or virus from doing the same?  Transmitting the feed to an off site server seems well within the realm of possibility.

To be clear, no such virus or malware exists for the Mac OS.  And should some enterprising virus author decide to attempt such a malicious bug, it’s likely the OS X’s internal security mechanisms would prevent this sort of voyeurism.  When Apple released the first iSight cams, the lenses were equipped with an iris mechanism that made it possible to actually close the camera lens and physically shutdown the camera.  But with the release of the new portable MacBook and MacBook Pro computers, as well as the new iMacs, Apple saw fit the embed iSight cameras right into the computers display.  It was a creative and powerful addition to the new machines.  But this time Apple neglected to include a way to physically disable the camera lens!

xxincludexx

Did Apple engineers have a nefarious goal in mind when they eliminated the iris on the latest generation of iSight enabled systems?  I doubt it.  It was simply a matter of practicality.  The original iSight cams were large enough to easily include an iris mechanism to shutdown the camera.  The iSights that are embedded in new computers are simply too small to include such mechanics.  This just leaves me wondering how long it will be before we start seeing home videos circulating the web without their owners knowledge.  The potential certainly exists, as Chris’s web page clearly illustrates.

Paranoid?  Absolutely!  But just because you’re paranoid, it doesn’t mean they’re not watching you!  :-)


Steve

Toast Titanium 7 Goes Universal

This time, the headline pretty much says it all.  Roxio has just released Toast Titanium 7.1.  This is the first release of the staple media burning application for the Mac.  The download is almost 67MB and it includes a number of bug fixes.

Compliments of Macupdate.com, here’s a list of what’s new in Toast Titanium 7.1:

  • Universal Binary
  • Duplicate items are no longer created when an open folder is dragged into the Toast window for data formats.
  • Previewing Apple Lossless audio files in Audio CD format no longer causes a -50 error.
  • Resolves QuickTime Movie video export issues – related to the QuickTime 7.1 update.
  • Resolves menu button highlight issues on Toast authored DVD-Video discs – related to the Mac OS 10.4.6 update.
  • Canceling the User Authentication step during the Toast Setup Assistant no longer causes a -60007 error.
  • The rename file field now moves correctly during scrolling up and down.
  • The content window no longer incorrectly scrolls when no horizontal scrollbar is displayed.
  • Resolves issues related to invalid characters in Mac Only, Mac & PC, and DVD-ROM UDF formats.
  • Resolves issues related to Music DVDs – audio playing back too slowly and static sound with some files at higher quality settings.
  • Resolves issues related to AppleScript – script was causing a -43 error.
  • Media Browser now correctly parses a YesVideo DVD with still images.
  • Includes an updated version of Deja Vu which preserves existing symlinks.


Steve

OS X 10.4.7- Not Without Issues

Apple released the OS X update last night bringing the system to version 10.4.7.  Normally I wait a couple of days and let others flush out any problems.  This is time test advice but this time I failed to follow it.  It turns out that, while 10.4.7 does fix a number of issues, it also introduced one big one.

After installing the system update, my MacBook’s processor usage ran solid at 50% on each core.  You didn’t read that wrong… starting right after boot, my processors jumped to 50% load and stayed there!  At first I assumed that Apple has made a change to a subsystem like Spotlight and guessed that my system was re-indexing its files.  But when the system was still working hard two hours later I decided to investigate.

Checking both Activity Monitor and top from the command line, I saw that no process was taking up more than 1% of my processor.  That conflicted with the processor usage graphs I was seeing in both Activity Monitor and MenuMeters.  And judging by the racket the MacBook’s fans were making, I considered the processor graphs more accurate than the process lists.

I asked a friend if he had heard of any issues.  After he finished scolding me for being “that guy” (the first to install any system update), he told me he would keep an eye out for reports.  That night, I returned home to a message on my answering machine.  He had a good suggestion, but not something I would have thought of on my own.  He reported that someone posted a similar issue and disabling the Windows Sharing service in the Sharing Preference Pane might solve the problem.

I gave it a try, and sure enough!  As soon as I disabled the service, my Mac stopped having a conniption.  As I prepared the post for the site, I did some more research.  This thread from Apple’s Support Forum came up and spelled it all out for me.  I was not the only one experiencing the issue.

If you look down through the thread, EBL was able to attribute the issue to the SMB service.  He also realized that massive log files were being created as a result.  Another user explained that his log file had already accumulated 5GB of data!  Checking mine, I found the log file to be a hefty 882MB.  To check yours, simply enter this into the terminal window: ls –lah /var/log/samba and hit return.  Look at the size of the file named log.nmbd.  To kill the painfully large log file, simply enter sudo rm -f /var/log/smb/log.nmbd into the terminal window and hit return.  In the case of both commands, you will need to enter the admin password to complete the process.

This brings an important question to mind.  If a good handful of savvy users have actually noticed the problem, how many users out there are experiencing it and are simply unaware that their systems are working overtime?  I consider myself something of a freak when it comes to knowing what is happening on my system.  I use MenuMeters to display my memory, processor, and network stats on the screen at all times.  Most people would have to notice the fans in their machines are running loud, or simply that their performance has gone to hell.  I’m not sure the symptoms are immediately evident to an average user.

Granted, this particular issue will only affect users who have the Windows Sharing service active.  Still, I use that feature on a daily basis.  Odds are other users do too!

It seems Apple has some issues to resolve with 10.4.7.  And with one of the issues causing this much trouble, I think we can expect another update shortly.  But, as another friend recently reminded me, the worst day on the Mac is still far better than a good day with Windows.


Update: 7/1/06 9:45am
It’s worth noting that my old G4 tower did not have issues after upgrading to 10.4.7… even with Windows Sharing enabled.


Steve

Parallels Desktop Clears Beta Stage

The powerful virtualization tool, Parallels Desktop has been officially released from beta.  Not so much a milestone for Apple’s transition to Intel processor based computers, this software’s release is certainly a red letter day for Mac power users.  Machines based on the Core Solo and Core Duo chips have proven themselves more powerful than the PowerPC chips that Apple had used in the past.  And thanks to emerging technologies, they have also proven themselves more flexible.

Hardware support for Virtualization was engineered into the Intel Core platform.  Though an odd name for the technology, it has already proven itself a powerful tool to Macintosh users.  Virtualization allows the computers processor to better divide up its processing resources to multiple virtual machines (operating environments).  And while Virtualization is possible without processor level instructional support, having the technology integrated at a processor level simply helps it work more efficiently.

Parallels Desktop is the first product released for the Mac OS that lets OS X run other operating systems as virtual machines.  The true flexibility is realized by users who might have need to run Windows XP, the latest beta of Windows Vista, or virtually any flavor of Linux.  Parallels Desktop allows Mac users to run any of these operating systems in a virtual machine right on top of the Mac OS.  There is no need to reboot and the Mac desktop is within easy reach at all times.

Parallels is still offering Parallels Desktop for Mac at a special discounted rate of $49.95.  That’s $30 off its retail price.  A trial version of the software is also available for anyone looking to test drive the software.  Users will still need access the actual installers for any desired operating system.  Parallels is only offering the virtual machine with witch users can run the OS of their choice.

Based on the development efforts Parallels has put into the beta releases of the product, there is a bright future in virtualization on the Mac.  Parallels released numerous beta updates to the software while the company worked hard to prepare for the products final releases.  Based on customer feedback in the web forum, the engineers where able to fine tune features and refine the product into a top notch Macintosh application.  Take the test drive today!


Steve

Patch Tuesday and the Office 2004 Update

This month, Microsoft’s infamous “Patch Tuesday” includes a patch for the Mac version of Office 2004.  For those unfamiliar with Microsoft’s Patch Tuesday, it an interesting exercise in bug squashing.  In the past, Microsoft had released security patches as needed.  The constant barrage of security patches became too much for already over burdened system administrators and they voiced their frustrations.  To find a middle ground, Microsoft chose the second Tuesday of each month to release its patches in bulk.

This month, Microsoft included the update to Office 2004 for the Mac.  This patch brings Office to version 11.2.4.  While the details of the specific vulnerabilities still remain undisclosed, here is a quote from Microsoft’s site: “This update fixes vulnerabilities in Office 2004 for Mac that an attacker can use to overwrite the contents of your computer’s memory with malicious code. This update also fixes issues in Microsoft PowerPoint 2004 and Entourage 2004, and it includes all of the improvements released in all previous Office 2004 updates.”

The patch is 57.5MB and can be found at this link.

Hopefully this patch will also improve on some of the stability issues I have seen with Office application running on Apple’s new Intel based hardware.

Google Earth Now a Universal Binary

Google has released an update to the Mac version of Google Earth.  The latest version offers a more refined user interface, and is also a Universal Binary.  Now running native on Intel based Mac systems, users will see a performance gain as the application now seems better optimized for the platform.

Those familiar with previous releases of Google Earth will first notice that the navigation controls have moved.  Once located in their own space along the bottom edge of the map, the controls are now simplified and overlaid the surface of the map itself.

Other updates and refinements include:

  • SketchUp integration
  • embedded Navigator interface (top-right, overlaying the 3D view)
  • Localized client to French, German, Italian, Spanish
  • Textured 3D Model files can be loaded (Collada XML file format)
  • Layers: new Core/All/”Now Enabled” views
  • Press the ‘/’ key to access Search from full screen mode
  • Scale Legend
  • Full resolution imagery across entire screen
  • Terrain quality preference setting
  • Improved Garmin GPS device support
  • Toolbar (replaces navigation panel previously shown below the 3dview)
  • Diagonal arrow-key navigation (up arrow + left arrow simultaneously)
  • Menus have been reorganized with new names, locations and shortcuts

As in the past, Google Earth is still available in a free version while those willing to pay will enjoy greater functionality.  Download the update today!

Google’s Browser Sync Extension for Firefox

Today, Google released a powerful browser synchronization extension for Firefox.  It’s a powerful and practical tool for anyone who routinely uses multiple workstations.  Once the extension has been added to Firefox it allows for the synchronization of bookmarks, cookies, saved passwords, and browser history.

Simply install the extension on two or more workstations.  The extension preferences require an existing Google login and a PIN number must be created.  The extension copies the browser information from the workstation to a server at Google where it can then be accessed by other browsers that also have the extension installed.  Since the data being synchronized might be sensitive, Google also allows the information to be encrypted.

Once the data is on the Google server, it can then be synchronized with other copies of Firefox.  As the Firefox information is updated, for example bookmarks added, the extension routinely syncs the data with the remote server automatically.  This makes it easily available to the other copies of Firefox.

The Extension in Action:
For my work habits, this extension is a perfect solution to the last of my synchronization problems.  I routinely switch between my G4 desktop and my MacBook.  I use Apple’s .Mac synchronization services to keep much of my data persistent, but Firefox has always been a problem.  I simply never had a good way of keeping my Firefox bookmarks in sync.  Thanks to Google, this is no longer an issue.

The extension allows the user to select what data they would like synchronized.  With five options to choose from, I chose to synchronize only my bookmarks.  I have no need to keep my history replicated, and I simply will not allow anyone access to my archive of saved passwords.  Google offers an ability to encrypt the data before it leaves the workstation, but the best security is the most paranoid.

One of the technical notes I read on the extension warned that it could take longer for Firefox to launch with this extension installed.  This is because a sync is done at the time of launch and, depending on how much data there is to be synchronized, it could take longer to complete the interaction with the remote server.

Security:
It should be clearly understood that Google is using servers at its facilities to allow the synchronization to occur.  Browsers with this extension installed are not interacting directly with each other.  Rather they each communicate with the Google server and use it as a third party intermediary.  While this is an efficient and logical way to exchange data, it raises security concerns.  First of all, data could potentially be intercepted in transit to or from the Google servers.  To resolve this issue, Google offers users the ability to encrypt there data before it is transmitted.  This is a simple process.  Just check a box in the preferences and the encryption is taken care of.

Secondly, in order for the data to be available for synchronization at any time, a copy of it must be maintained on the Google servers.  This means that the users data is only as safe as Google’s security.  While there are few online services that I trust as much as Google, I’m still not comfortable storing my browser’s saved passwords on any machine that is out of my control.

As a result of these concerns, I selected the option to synchronize only my bookmarks and I encrypted them for safety sake.  And since I am syncing a relatively small amount of data, my browser launch times should remain fast as well.

The Final Word:
Google’s release of the Browser Sync Extension is the solution I needed to finally keep my Firefox information up to date between my desktop and portable computers.  The solution is simple, powerful, and well thought out.  Yet another great innovation from Google.

To install Google’s Browser Sync Extension, follow this link.


Steve

The Internet and the End of Anonymity

Another threat has surfaced that could to be the greatest threat to the privacy of American internet users.  It’s not a security hole in Microsoft Windows this time.  Now the federal government is proposing legislation to effectively destroy the anonymity of the internet as a whole.

Last week, US Attorney General Gonzales and FBI Director Mueller privately met with members of AOL, Comcast, Google, Microsoft, and Verizon.  And the topic of conversation?  The Washington brass wants ISPs (Internet Service Providers) to retain mail, web, and radius logs detailing their users activities for a long as two years.  ISPs normally use these sort of files for billing purposes and to troubleshoot technical issues.  The logs typically have a very short life span, mainly because there is simply too much data to be easily stored and organized.  For example, once and ISP has completed a billing cycle, the authentication logs are typically purged in preparation for the next billing cycle.

The Attorney General and the FBI would like to make it a requirement for these logs, and more, to be maintained for a two year period.  Logs indicating web traffic, search terms, email correspondence, instant chat, and possibly even VoIP communication would be retained in the event that the powers that be find the information necessary in a criminal investigation.

Gonzales claims that this information will be used to fight terrorism and prevent the internet from being used in the exploitation of children.  At first, the concept sounds altruistic.  But the fact is that this is a massive invasion of every American’s privacy.  It can be compared to the same flawed thinking behind gun control initiatives where taking the guns away from the common man somehow puts weapons out of the reach of terrorists.  In much the same way, if the government monitors every move we make on the internet, terrorist are simply going to use underground tools to use the internet in the same way they might have in the past.

Gonzales’ motivations for this sort of oversight are certainly suspect.  History is riddled with examples of personal and civil liberties that have been given up simply due to the wording of the governments intention.  If Gonzales were to approach these major networks and simply stated what the government wanted to monitor traffic, he would have been laughed at.  But when he extends his argument adding that it will protect Americans from terrorists and children from predators, it makes the entire argument a politically charged bomb in that there is only one acceptable response.  Providers lose the ability to dismiss the request outright.  If they did, their respective corporations can be cast in a very negative light.  In short, Gonzales knew how to make his play— fair or not.

In recent months, there have been numerous news stories detailing the theft or loss of sensitive personal information.  In one case, medial information of Veterans was stolen.  There have also been a dozens of cases of high jacked customer information databases stolen from retailers and e-commerce sites.  All of this proves one thing… not every company keeps sensitive customer information as secure as it should.  It will only be a matter of time before Gonzales’ plan for this massive data retention comes back to hurt law enforcement more than it helps.

So, what does the average internet user do if he or she has no devious political agenda and shows no malevolence toward children?  Should we give up your rights to anonymity even if we are doing nothing wrong?  I don’t think so.

While its not possible to keep service providers from logging customer activities online, there are ways for web users to protect themselves from prying eyes.  These means vary depending on the medium of communication, but one product comes to mind that covers many of the communication methods and secures them well.

I have been planning a review of the iPhantom for some time.  The problem I keep running into is that, while the device is easy to use and very simple to install, explaining it great detail can be somewhat overwhelming.  But as it pertains to the proposal by the Attorney General and the FBI, the iPhantom makes a user’s web surfing activity completely anonymous.

When someone surfs any site on the web, their computer interacts with that web site.  It draws content from the server.  That content might be the HTML source code that makes up the page as well as any number of images or media formats.  Each time a users web browser touches the remote web server, it leaves a fingerprint of sorts behind in the server’s log.  The information in that log file is nondescript, but it can generally be tracked back to the person surfing the site.  Information left in the log includes the name of the file or content accessed, the timestamp of the access, a code designating whether for not the content was successfully accessed, and the IP address of the person who accessed the content.

Most people think that this data in no way points back to them as the person surfing the site.  But, if that site contained illegal information or content, there is a way to track down the person doing the surfing.  First, the log details the IP address and timestamp of the person surfing the site.  An investigator can then use that IP address to track down the network provider to whom that IP address belongs.  At that point, the service providers simply pulls authentication logs from their system to find out what account holder was using the given IP address at the given date and time.  This trail simply leads back to the billing contact information on file with the given service provider.

The up shot to all of this is that evil doers can be located and prosecuted.  The down side is that the rest of us are simply not as anonymous as we assume.  An argument can still be made that while this information is available and the process of back-tracking someone is fairly straightforward, it is simply not worth an investigator’s time to do this unless someone has done wrong.

The real question is who gets to decide what is right and wrong?  We can all agree that conspiring with terrorists is wrong.  But if you consider the MPAA and the RIAA’s view point on movie and music piracy respectively, they would (and have) used this sort of procedure to prosecute people for downloading copyrighted material.  And while I have strong feelings about stopping terrorism, my viewpoint on file-swapping is simply not as clear cut.  But under this proposal from the Attorney General and the FBI, there would be nothing to separate the two indiscressions.

This brings me back to the iPhantom.  The methodology it uses is beyond the scope of the particular story, but I will be further explaining the product in an upcoming post.  Simply put, while it is not possible for a user to keep their web browser from leaving a fingerprint in the logs of servers it touches, the iPhantom leaves a fingerprint that simply cannot be traced back to the person doing the surfing.  This provides the person doing the web surfing with a great deal more anonymity that they have ever had in the past.

The Attorney General’s proposal is already becoming a politically charged debate.  There are people on both sides of the argument who will follow one extreme or the other.  In the end, it will be the average internet user who will bear the effects of this sort of oversight.  Most of us have nothing to hide but believe we have a right to go about our business anonymously.  One thing is for sure&m
dash; if the Attorney General has his way, the internet will no longer be a place where people can interact with each other anonymously.

Please checkout the following links for more information on the Attorney General’s proposal:


Steve

Adobe to Continue Development of Golive After All?

It seems there is some confusion about the fate of Adobe Golive.  As reported earlier this week, Adobe announced its intention to discontinue development of the aging HTML editor.  But according to a story from MacCentral, last Wednesday an Adobe representative explained that this is not the case.

Apparently Adobe has plans to further develop both Dreamweaver and Adobe Golive.  This is a strange move on the part of the software developers.  So, why the confusion?  Even Adobe acknowledges that Dreamweaver is more popular the Golive.  And, what’s the point in one company continuing to develop two competing products?

I see two possible explanations for the conflicting reports.  Adobe may have been testing the waters with the initial announcement of Golive’s demise and has since reversed its decision do to customer feedback.  This is possible since Golive, like many Adobe products, is a vital part of many internal corporate workflows.  The second and more likely possibility is that there is some internal confusion at Adobe over this issue, or there is a power struggle is underway between the Adobe and the newly acquired Macromedia engineers.

No matter what the cause, the fate of Golive is surely in question.  This leaves customers to wonder what software will end up a part of Creative Suite 3 when it finally ships.


Steve

Adobe to Replace Golive with Dreamweaver in CS3

A friend of mine just emailed with a link to a post he read on The Unofficial Apple Weblog.  That post actually referred to a story posted on The Mac Observer.  It was amusing to back trace the story that far, but it shows that the web is still all about linking.  In any case, the story explained that Adobe has announced its intention to abandon Golive and replace it with Dreamweaver when Creative Suite 3 is released in early 2007.

To anyone one fluent in Golive, this is heart-breaking news.  While Golive has its quirks and shortcomings, hardcore users have become use to them.  And, to anyone skilled in using Adobe products, the interface for Dreamweaver can be somewhat jarring.  While Dreamweaver’s interface has been refined in recent years, some might recall what it was like five years ago.  The applications interface looked almost alien in origin and was incredibly difficult to use.

Admittedly, I was once a hardcore proponent of Golive.  It did the job and it did it well.  Two years ago I made the switch to Dreamweaver and never looked back.  Golive’s features had languished and Adobe seemed uninterested in devoting effort to its development.  Simply put, Dreamweaver stepped up and started eating Golive’s lunch.  Many professionals found themselves willing to jump ship and learn a new application to take advantage of more sophisticated technologies like CSS and server side meta tags.

With this news, I am betting that the remaining professionals are becoming despondent at the thought of being forced to learn Dreamweaver.  To those people, I can only offer a word of moral support.  You put up a good fight, but Golive’s time has come and gone.  Dreamweaver might be a different animal, but its worth the time and it really is a better HTML editor.  Take the time, you won’t be sorry.  And, thanks to Adobe’s acquisition of Macromedia, now you have no choice!


Steve

1 2 3 4 15  Scroll to top