• Explore the magic and the mystery!



  • Newsletter Issue #286

    May 23rd, 2005

    THIS WEEK’S TECH NIGHT OWL LIVE UPDATE

    On May 19th, we revisited the world of digital music. First up was author Christopher Breen, who talked about about the future of the iPod, Apple’s music service and whether the new subscription plan from Yahoo is going to make much of an impact. Despite the fact that it’s Windows only and won’t work on an iPod, Chris says he actually likes the new service, although it works best for sampling new music before you buy it. Music was also on the mind of Joe Wilcox, the senior analyst from JupiterResearch, who joined us with an update on the future of Apple’s music initiative and other topics.

    If you have a Mac that is not officially compatible with Tiger, you’ll be pleased to learn that Ryan Rempel, author of XPostFacto, has a solution at hand for you. In case you haven’t heard, XPostFacto lets you install Mac OS X on older models, going as far back as the 7300 Ryan still uses as a production computer.

    Our May 26th show will include a visit to the David Biedny Zone, plus Tiger tips and tricks from Wiley Hodges of Apple Computer and Matt Neuburg, author of “Take Control of Customizing Tiger.” You’ll also hear a preview of Macworld Boston from Paul Kent, the event’s conference chairperson.

    And don’t forget our weekly contests. So far we’ve given away iPod shuffles, memory upgrades, and we’ll have more goodies on hand for upcoming shows.

    If you haven’t heard our program, be sure to visit The Tech Night Owl LIVE Web site to listen to our archives. Enjoy.

    THE TIGER REPORT: THE GREAT DASHBOARD WIDGET FLAP

    The possibility of security leaks in Mac OS X has been bubbling under the surface for a while, but it’s now poised for a major flare up. Sure, Apple has released security updates from time to time, and I suppose the things the updates fix could, conceivably, cause grief if some Internet criminals decided to exploit them. The same holds true for those “proof of concept” computer viruses that have caused some of the companies that produce virus prevention software to raise warning flags.

    The latest alleged threat comes from a Mac OS X feature that’s supposed to make your computing experience more pleasurable. I’m talking about Dashboard, the component of Tiger that dims your screen and displays little applications, or widgets, designed to provide simple functions. Some deliver eye candy, such as dancing figures, while others serve more functional purposes, such as displaying TV listings, package tracking information, the day’s weather, stock prices and other goodies.

    While some are upset with Apple for producing something that so closely resembles a third party utility, Konfabulator, Dashboard should still stand or fall on its own merits. In fact, if there’s anything in the Classic Mac OS that might resemble a widget, take a look at the original desk accessories. Like widgets, they were tiny single-purpose applications. In fact, up till recently I used one of those desk accessories, Easy Envelopes+, to process my envelopes. I have since switched to a Mac OS X alternative, Addressix, but I always have the hope in the back of my mind that Andrew Welch of Ambrosia Software will take the time to update Easy Envelopes+.

    In any case, the real fear being raised by some is that the widgets might represent a heavy duty security risk, and that you should proceed with the utmost caution.

    So, you may ask, what could a tiny application do to harm your Mac? Well, the theory goes that one of these widgets might seem to have a useful or entertaining function, but hide malicious code that could invade Mac OS X. You see, widgets directly access such system resources as Java and Apple’s WebKit, and I can see at potential for mischief, although the reality argues against the fear mongers. The furor erupted when it was discovered that the original Tiger version of Safari could download a widget and install it without your express approval. That definitely seemed a recipe for trouble.

    In its 10.4.1 update, Apple took the hint and revised Safari so that it would put up the same warning presented when you download an application. You have to click Download to finish the process. However, Safari will still install the widget after you give the OK, behind the scenes. You will not see any visible evidence of what’s happening, but the widget is decompressed and placed in your Users/Library/Widgets folder. Other browsers leave the things on your desktop, leaving you to figure out where they’re supposed to go.

    Now I’m not going to take Apple to task for not providing a more user friendly method to install widgets by yourself, but I’m sorely tempted. In addition, you could, in the course of downloading lots of stuff, click the Download button without thinking, after which it’s too late.

    Or is it?

    There’s an article at CNET’s News.Com that claims Apple hasn’t gone far enough to ensure safe use of widgets. Understand that real journalists have always been told to check and recheck a story. Mainstream newspapers generally require that you verify a story by contacting at least two sources. Clearly CNET’s Joris Evers doesn’t hold to such standards, for the only viewpoint mentioned in the article comes from Jonathan Zdziarski, a software engineer.

    In the article, Zdziarski reportedly claims that “A malicious widget, after it is installed, can run in the background and wait until a time when the user logs in as administrator.” Now before you go and dump all your widgets before they can cause any damage, pay closer attention to that claim, that a widget “can run in the background.” Evidently neither Zdziarski nor CNET’s reporter understands how you run or execute a widget.

    Like any application, a widget has to be launched before it does anything. You do that by, naturally, clicking once on an icon in Dashboard’s version of the Dock, or by double clicking the widget itself.

    In other words, the widget won’t actually do anything until you launch it. Don’t believe me? Take a look at the Activity Viewer in Tiger’s Utilities folder and see what’s happening. The only widgets listed are the ones that have actually opened, the ones that appear when you press F12 to activate Dashboard. Do you see where I’m going?

    There are thousands of Mac OS X applications out there. Some are designed to execute Unix command line instructions in the background to begin maintenance functions or change the look and feel of your Mac OS X desktop. Now if a using a widget can be risky, what about these other applications? Couldn’t they represent even greater potential risks? Yes, most require that you enter your administrator’s password to install the application, or allow a system process to run. But how many of you actually think first before entering that password? More than likely, you’re so used to responding to those dialog boxes that you type your password with your mind on automatic pilot.

    The real answer to potential security threats is not to raise unnecessary alarms. The truth is that any application you install on your Mac could be a Trojan Horse that masquerades as a useful utility, while doing its damage without your knowledge. It doesn’t seem logical to just off half cocked and cry wolf. Instead, you should always download software from trusted sources. If you get a widget from Apple, you can depend on the fact that it’s been checked before being posted. You can also feel confident in downloading a file from a software publisher or one of those well-known software update sites. Downloading stuff from a peer-to-peer network courtesy of Bit Torrent or a similar application represents the real risk. Do you really want the safety of your Mac to depend on sources you don’t know?

    In the end, the best route to safe computing is caution. Think about what you’re downloading before you click that button to retrieve a file. Take a deep breath before you respond to a password prompt. Make sure what you’re installing comes from a trusted source and you’ll go a long way towards keeping your Mac safe and sound.

    THE TECH NIGHT OWL: A WONDERFUL ANSWER TO THE POINT AND SHOOT DILEMMA

    Grayson discovered the joys of photography in San Francisco. While we were packing for the Macworld Expo last January, he asked me to pack my old Sony digital camera. Without mentioning the model, it wasn’t a product that Sony would have been proud of, because picture quality was somewhat sub-par. The real development was the fact that Grayson had clearly discovered the joys of photography and, unlike previous trips to SF, I decided to devote a fair amount of time to sightseeing. Grayson filled the camera’s 256MB flash card and then some, as he routinely downloaded his latest creations to my PowerBook every night.

    So when his birthday arrived, on February 19, he didn’t have to tell me what he wanted. No question about it. So I did a little research, looking for something that would deliver the marvelous combination of simplicity of great picture quality, and settled on a Canon PowerShot A510, a 3.2 megapixel model just hitting the store shelves. That resolution is sufficient to deliver 8×10 shots with sharpness roughly comparable to a film camera. Why Canon? Well, the early buzz on the product was mighty encouraging, and my previous encounters with Canon products have been uniformly favorable.

    When I first opened the box, I was surprised, since I hadn’t prepared myself for how small the unit really is. The A510, which carries a street price of around $200, measures just 3.57 inches wide, 2.52 inches high and 1.51 inches deep, the latter because of the nicely contoured grip that suits anyone but the left-handed photographer. It weighs a mere 6.5 ounces, not much more than a camera phone.

    Although it has a plastic case, it feels solid enough, with robust controls that make an appropriately solid click when pressed. The feature set is extensive. If you just want to get rolling without much fuss and bother, you just leave it in the default auto mode, or you can take advantage of a rich selection of customized image models for such scenes as foliage, indoor, beach and night. The A510 also offers a flexible array of manual adjustments affecting such things the automatic exposure system, shutter speed and aperture. So if your aspirations extend beyond simple point and shoot, you should find enough flexibility to suit your needs.

    The built-in flash unit incorporates red eye compensation. The rest of the vast feature set includes 4x optical zoom and a clever feature I welcomed, an automatic lens cover that opens when the unit is turned on and closes when you turn the camera off. After watching Grayson nearly lose the lens cover on my old camera, I was particularly pleased with this feature.

    But Grayson isn’t interested in the technicalities. He just wants to take pictures without fuss, so I was pleased to discover that the basic setup is fairly simple. Just install the batteries and the supplied SD memory card and turn it on. You’ll want to enter the date and time using the scroll buttons, but then you’re good to go. The A510 ships with the required pair of AA batteries and a paltry 16MB SD memory card. Fortunately, I had anticipated the need for a larger flash card, and had purchased one with 256MB capacity when I bought the camera.

    About a minute after turning the unit on, Grayson was happily shooting away. First he caught me in the radio studio editing a show, then ran outside to take some outdoor scenes. Finally he cornered Mrs. Steinberg, who kept protesting that her hair wasn’t quite ready (she looked just beautiful, in case you’re wondering). Before I knew it, Grayson asked me to connect the camera to my Power Mac G5, where, in a few seconds, iPhoto launched to receive the new additions to its photo library. Although one magazine reviewer criticized the feature, I found the simple switch to go from shooting to playback mode a blessing. Other cameras force you to use the mode dial, requiring you to traverse the usual dozen settings to get the one you want.

    Now iPhoto 5 offers a set of simple adjustments to fix poorly exposed pictures, but I rarely needed it with the A510. Nearly every shot looked great without having to fiddle with the settings. Next, I unpacked some glossy photo paper, and printed a few pictures on my Canon Pixma iP4000R printer. Quality was first rate in nearly every respect, with bright, crisp pictures and solid color accuracy. Like most consumer cameras, there was a slight tendency to turn the color saturation up a bit high, but the result was entirely pleasing.

    My nits are few. Standard AA batteries don’t seem sufficient to provide the claimed 80 picture lifecycle, although you can compensate for that limitation by using lithium or rechargeable batteries. In addition, the tripod mount is plastic so you’ll want to be a little careful if you decide to use it. And, typical of most camera makers, the onscreen setup menus are nothing to write home about.

    After Grayson returned to his college dorm, I began to feel a little left out of the loop, so I contacted Canon about examining the A510’s big brother, the A520, which sports a resolution of 4 megapixels and slightly faster continuous shooting speeds. If you need the extra resolution, you’ll have to pay around $100 for the privilege, though you can save a fair amount of you do some online price comparisons before placing your order.

    After using the A520 review unit for a couple of weeks, I’m really tempted to ask the family to buy me one for Father’s Day. It’s that good.

    THE FINAL WORD

    The Mac Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.

    Publisher/Editor: Gene Steinberg
    Managing Editor: Grayson Steinberg
    Marketing and Public Relations: Barbara Kaplan
    Worldwide Licensing and Marketing: Sharon Jarvis



    Share
    | Print This Issue Print This Issue

    Leave Your Comment