Randomata

alternateorg on May 21, 2004

Some interesting things:

This guy doesn’t know what he’s talking about, and I can’t wait until John Gruber responds, although it’s so cliché that he probably won’t.

Preview of the new mature-style Zelda game due out next year.

Totally boss Gran Turismo 4 video

Not related to cool video or Macs: 5 of the 6 latest comp presentations here at Spiremedia have resulted in the client picking my design, including local furniture store The Furniture Room (which is cooler than it sounds, and that links to the current site, which obviously, is not my design). So yay for me.

Actual OSX Hole

alternateorg on May 19, 2004

As you’ve no doubt heard by now, there’s a real, actual, MacOS X vulnerability in the news. And this time it ain’t no proof-of-concept. A rundown of the issue:

  1. Safari allows you to automagically download and open/run/execute files that Safari considers “safe.” These include PDFs, Disc-Images (.dmg files), Stuffit files, etc.
  2. The Apple Help viewer application is scriptable via AppleScript.
  3. There’s a nifty protocol built into MacOS X named “help:” that allows apps or websites to open specific help files when needed.
  4. AppleScripts can execute shell scripts (but Help’s URL scriptability is limited to commands without spaces – not sure if URL-encoded spaces work in place, my guess is not)
  5. Since Help allows scripts residing on your hard drive to be run via a specific URL handler (god knows why), a website can automatically run a shell script or other malicious AppleScript via Safari’s cozy relationship with Help using a “help:runscript=Path/To/An/AppleScript.scpt%20string=’Bad-Shit-Goes-Here” href or JavaScript auto-relocate.
  6. Since Safari can auto-mount disc-images, a website could have you download a DMG that contains a malicious script, auto-mount it, send you to a page to containing a refresh to the “help:” handler that uses Help to execute the script you just downloaded. Whew.

The fix? Download MoreInternet 1.1.1, install it, and set the handler for “help” to Chess or TextEdit, apps that won’t execute scripts automatically via the help protocol. More info available at MacOSXHints.

Apple really dropped the ball on this one. I mean come on, scripts that can be executed when they’re part of a URL? Christ.

Here’s an example of one that lists a directory’s contents. A said above, they can be made to do much more.

UPDATE: Phil says if you’re clicking random links you deserve it.

Luca

alternateorg on May 13, 2004

Luca, a cocoa-based accounting system written in Java using MySQL as it’s database looks really neat, and I’d love to integrate it into the system I’m writing for Tai’s company. But god damn, where are the icons? Push-buttons in the top bar for print and export? For a guy who waxes philosophical about the Mac’s many advantages, he doesn’t seem that interested in making nice-looking applications. Sheesh.

MS to rely on 3D rendering

alternateorg on May 6, 2004

3D graphics on a PC have long been stuck with a “for games only” reputation. Of course, you could rightfully argue that 3D performance has been the driving force behind most recent PC performance increases; usually, the “application” that needed all the horsepower your PC could muster wasn’t an application at all, but a high-powered 3D game. But now the shroud of illegitimacy is about to be lifted, as Microsoft prepares to rely on 3D performance to power its Longhorn operating system.

Wow. Pretty ground-breaking, out-of-the-box thinking going on at Microsoft.

Haha.. oops. I guess that link should have pointed here. Sigh. It’s getting boring talking about this kind of thing. Or it’s actually been boring for well, I guess about 9 years now.

Xsan

alternateorg on April 20, 2004

Wandering around Apple’s website recently, I stumbled upons Xsan, their in-development foray into Storage Area Networks. This product and microsite are both a wild departure for Apple for a number of reasons. 1. They’re telling us about something way in advance. We can’t get next-gen G5 release dates, but we know about Xsan before it’s available. 2. It’s enterprise-level stuff. You have to be a badass with networks and storage and servers to get it. Except maybe now with Apple’s GUI tools it’ll be a little easier, but still not easy.

I’ve done work for SAN companies before, and the networks are just expansive and vast in their capabilities but also in price. $999 ain’t bad for software to manage one. One of my prior clients sells usability-deficient stuff for probably much, much more. If Apple can seriously reduce the cost of SAN management, it’ll be a boon to their enterprise market. Unsurprisingly enough, it only works on Xserve RAIDs and Xserves.

I’m not trying to be negative here, but what happens if Xsan goes the way of NetInfo, WebObjects, MacOS X Server 1.2, A/UX, and all of Apple’s other enterprise-level products that went virtually unknown and some of which that died? Are enterprises even considering Macs or Xserves for mission-critical applications? I do little work in this field now and I’m not sure Apple’s in the IT mind yet as a solution to take seriously. I just wonder how difficult it’ll be to start competing with EMC, StorageTek, Sun, HP and other companies heavily embedded within the enterprise storage market.

One thing’s for certain, though. Apple doesn’t just make pretty iMacs anymore:

Xsan includes high availability features to eliminate potential single points of failure, so you can use high performance storage networking for enterprise consolidation and network-attached storage (NAS) replacement projects. Xsan uses one system connected to the SAN, called a metadata controller, to manage access to shared storage. If this machine fails for any reason, Xsan picks another computer on the SAN to take over this role. Cascading metadata controller failover ensures that you can access your data as long as any one system on your SAN is active. In the event of a loose cable, Xsan uses multipathing to automatically route traffic to the system through a second cable on dual-port Apple Fibre Channel HBA. And during critical operations, you can clear a path on your SAN for any system using Xsan bandwidth reservation.

Playfair

alternateorg on April 5, 2004

Sick of the hassle of only being able to play your Protected-AAC files you purchased from the iTMS on YOUR 3 computers? Want to share those files with your friends?

Looks like you need Playfair, the FairPlay DRM stripper.The playfair program is quite simple. It takes one of the iTMS Protected AAC Audio Files, decodes it using a key obtained from your iPod or Microsoft Windows system and then writes the new, decoded version to disk as a regular AAC Audio File. It then optionally copies the metadata tags that describe the song, including the cover art, to the new file.

MacPlus Travesty

alternateorg on January 25, 2004

The ultimate Mac insult.

I mean, seriously. Not only is it an Athlon machine, but the Apple logo isn’t even right. Tai can draw one by hand, and if a Mac was around, they could have just typed option-shift k in just about any font to get a perfect vector of the logo.

Damn.