News | Mac Sage

MacBook Tablet Finally Shipping

by patrick

The Axiotron Modbook was originally announced almost a year ago at MacWorld Expo 2007. At that time, this after-market hardware modification, done by a team of German and American engineers, created quite a buzz.

This mod is built primarily for mobile users, artists, or anyone who wants to draw and write directly on the screen. It uses OS X’s built in handwriting recognition software. It comes with an iSight built in, integrated CD/DVD combo drive that can be upgraded to a DVD burner, and a Global Positioning System. Yes, a GPS system, which turns this puppy into a nice, large-screen, in-car navigation system!

The top shell and interior display frame are built from magnesium alloy. The LCD panel and iSight camera are protected by replaceable screen covers made from chemically strengthened ForceGlass

More Blather from ZDNet and Dignan

by patrick

It’s pretty well known by now that ZDNet is the CNN of tech reporting. Basically, they’re one big infomercial for the highest bidder. I usually don’t bother with these things. But Dignan’s posting of December 18 is a really good example of yet another MicroSoft shill’s take on the disaster that is Windows Vista.

He uses this handy little Terrorist-Threat-Color-Coded table to show that Mac OS X users should arm themselves and hide under their beds waiting for the impending doom:

Even assuming that these numbers represent anything close to reality, one has to wonder if Dignan recognizes the very significant distinction between a vulnerability and an exploit. We should expect these kind articles to continue from establishments like ZDNet, given that MicroSoft is taking a major hit in Vista sales because it’s not only buggy, but it presents some very real security concerns.

One of the many responses to this posting summed it up quite well when he labeled the article a classic Tu Quoque:

“Tu Quoque is a very common fallacy in which one attempts to defend oneself or
another from criticism by turning the critique back against the accuser. This is a
classic Red Herring since whether the accuser is guilty of the same, or a similar,
wrong is irrelevant to the truth of the original charge. However, as a diversionary
tactic, Tu Quoque can be very effective, since the accuser is put on the defensive, and
frequently feels compelled to defend against the accusation.”

Carry on…

Pile of Patches for Leopard and Tiger

by patrick

Apple just released a big old pile of patches for the security-burdened Leopard and Tiger operating systems. Among the addressed problems:

Address Book
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CFNetwork
Impact: Visiting a malicious website could allow the automatic download of files to arbitrary folders to which the user has write permission
Core Foundation
Impact: Usage of CFURLWriteDataAndPropertiesToResource API may lead to the disclosure of sensitive information
Desktop Services
Impact: Opening a directory containing a maliciously-crafted .DS_Store file in Finder may lead to arbitrary code execution
Flash Player Plug-in
Description: Adobe Flash Player is updated to version 9.0.115.0 to address CVE-2007-5476.
Further information is available via the Adobe site at http://www.adobe.com/support/security/advisories/apsa07-05.html
Credit to Opera
GNU Tar
Impact: Extracting a maliciously crafted tar archive could overwrite arbitrary files
iChat
Impact: A person on the local network may initiate a video connection without the user’s approval
IO Storage Family
Impact: Opening a maliciously crafted disk image may lead to an unexpected system shutdown or arbitrary code execution
Launch Services
Impact: Opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
Impact: Opening an executable mail attachment may lead to arbitrary code execution with no warning
Mail
Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
Quick Look
Impact: Previewing a file with QuickLook enabled may lead to the disclosure of sensitive information
Impact: Previewing a movie file may access URLs contained in the movie
Safari
Impact: Visiting a malicious website may result in the disclosure of sensitive information
Safari RSS
Impact: Accessing a maliciously crafted feed: URL may lead to an application termination or arbitrary code execution
Samba
Impact: Multiple vulnerabilities in Samba
Shockwave Plug-in
Impact: Opening maliciously crafted Shockwave content may lead to arbitrary code execution
SMB
Impact: A local user may be able to execute arbitrary code with system privileges
Software Update
Impact: A man-in-the-middle attack could cause Software Update to execute arbitrary commands
Spin Tracer
Impact: A local user may be able to execute arbitrary code with system privileges
Spotlight
Impact: Downloading a maliciously crafted .xls file may lead to an unexpected application termination or arbitrary code execution

Get a look at Apple’s full descriptions of issues and fixes at their site: Security Update 2007-009

Gmail IMAP and Mail

by patrick

Google has now made IMAP an available option for their gMail account holders. Now you can synchronize it with a desktop mail client like OS X’s Mail. This is especially nice for folks who travel and would like to have their mail folders available via Mail wherever they go.

Google has created extensive help pages for setting up IMAP with several different mail clients. Check it out here: IMAP Access

Move To Leopard Could Prove Troublesome

by patrick

As the debut of Apple’s latest operating system nears, the rumblings about incompatibilities and problems increases. Although the new features are impressive, the problems and barriers to easy upgrade for exiting Tiger users is making quick adoption more difficult.

It’s not clear to me that this new OS will make my life easier/better in the educational environment I manage. For the first time, I will be testing this OS on a non-essential machine, and watching carefully the feedback from folks on several online forums. My move to Leopard will be slow and careful, despite my enthusiasm for new technology.

Check these concerns about Leopard: Leopard Compatibility