News for Friday, 24 February 2006

More about Safari/OSX security flaw
Sylvain lets us know of his thoughts and tests about the leak found in Safari.

I downloaded and tested the demonstration virus linked in a former news item.
It actually works: Terminal opens and displays the inside of my Home folder. Then I tried to create one based on the same model with the Terminal (I want it to create a "Dummy" folder in my Home directory). However when I double-click on the file ("virus.jpg", 36 Bytes) the system tries to open it with Preview, unsuccessfully of course.
Trying to find out why, I remember the Type/Creator parameters inherited from OS9. Could it be the key? I checked with ResEdit, but no answer came from that direction.
Then I noticed that the downloaded file (Heise.jpg) contains a resource fork (also inherited from Mac OS 9) of more than 1KB (and 76 Byte for the data fork). Resorting to ResEdit, I opened the resource fork and there - hey surprise! - was a resource called "usro" containing some code (1,028 characters) showing the way to Terminal.app, which is the reason why when you move Terminal, the attempt will be unsucessful.
Indeed this is not one but two security leaks in Mac OS X and Safari. Actually, Safari should only unzip the file but certainly not open it (this functionality apparead with Dashboard for the download of widgets). On the system's side, OSX's mistake is to read and run the resource fork prior to opening the file.
I'm starting to believe Apple are right in their decision to get rid of Mac OS 9 (Classic).

Note that there's also been evidence the same problem occurred
with Mail.app.

Mass production of computer chips is a hazardous process and, as a statistic rule, a variable part of this production has to be disposed of for quality reasons.
The more complex the chip, the more chances there are it will end up in the bin. Of course this has consequences on the retail price, for the overall production cost remains the same regardless of the default rate.
One of the main chip manufacturer, TSMC, has found a new technique called "immersion lithography" which significantly reduces this rate. With this process, the burning of the silicium wafers takes place in a liquid and transparent material such as water. Another bonus is that the machines used for production will last longer. When this technology goes mainstream, we can hope a fall in the price of complex chips such as GPUs.

If you didn't manage to grab the official documents Apple released about the MacBook Pro, the site iFixit offers a step by step tutorial, with very nice pictures, showing how to dismantle it.
Here's the picture from the machine motherboard with its soldered CPU.

To get a clue about its actual size, look bottom right at the SO-Dimm connectors.
The board is amazingly compact. On the site, you'll see how the 3 chips, covered with thermal paste, lay on the cooling system heatpipes.

In its next chipsets, which will come out in a few months, Intel chose to rock the boat and use SATA at the expense of ATA. While hard disks have already been massively migrated to that norm, it's quite another story for other devices such as DVD burner, and manufacturers will probably feel pushed by the move.
For sure, PC mainboard makers still have the option to implement an additional ATA controler, but it is unlikely that Apple will do so, if you take into account recent events such as the leaving hehind of FireWire 800 in the MacBook Pro: as Intel wasn't supporting it, Apple gave up.
In our opinion, this proves that Cuppertino isn't into such inhouse solutions anymore and prefers focusing on other fields.
With luck, the good side of Apple's forced migration to that norm will be the early arrival of the mainly SATA based blue laser drives.

Sony and their PSP introduced UMD medias. That's the format used for games, as well as for films.
Yet, the sales of the latter proved disappointing. A blockbuster will reach 100,000 copies, while less successful movies will eventually sell 50,000.
Actually if the PSP is an excellent playing machine, it's not the ideal multimedia reader, especially for reading a film costing over 20 Euros.
To try and save the format, you'll see DVD+UMD packs around 40 Euros. This is still very expensive and you'll actually feel like you pay twice for the same movie.
It doesn't seem things will turn out better as Sony, a company with multiple and sometimes contradictory interests, sell Memory Sticks with ever increasing capacities, and ever cheaper, that allow stocking of hours of video that anyone might encode from their own DVDs, provided this is not illegal.

DVD burners compatible with LightScribe format don't meet the expected success. It is partly due to the important royalties that make the burners 20 to 30% more expensive, as well as for compatible medias.
To try and boost this norm, Samsung cut their LightScribe burners prices by 20%. Their competitors now expect to see if this works before they follow the move.
Another technology, called LabelFlash, also tries to find their public and might well be successful, knowing that the license is twice less expensive, and burning an image on the bunch is much faster. That's the reason why Pioneer, one of the market leaders, should implement it in their future DVR-111.

The Google hydra, still multiplying their activities in order to capture more Internet users, now gets involved in web pages creation.
Google Page Creator allow any one to create quite decent Internet pages.
The base of this system is AJAX, an highly promising new encapsulation format. It will allow creating very dynamic and low bandwidth and resources consuming pages, as updates will be possible on some parts without refreshing the whole shebang.
For instance AJAX is used in our [French] forums when you edit one of your messages.
To try Google Page Creator :
http://pages.google.com

The Inquirer gives many information from NVidia.
For starters, the next Geforce 7900 will officially roll out in March during CeBIT and won't just come on top of 7800s, but simply replace them. Their chips will be sold until stocks are depleted.
It finally seems the Geforce 7900 will be identical as for conception to the 7800, but will be engraved 90nm against 110. This new thinner die will allow reaching 650 MHz for the Geforce 7900 GTX, thus beating the latest ATI. On top of that, they'll be sold a very agressive $499. And be available in huge quantities as soon as they roll out.
Only trouble will be for those who bought a Geforce 7800 GT or a quadro FX 4500, both based on chips that are now EOL.

The fast paced renewal of Apple line continues.
The Powerbook G4 15'' disappeared from European Stores.

They were still to be found on the US Store, probably until the stocks are depleted.

Thanks to Paranox for the interesting trove:

...They're in advance for porting Windows on Macintel (before Vista, they say SP3 will support EFI), or are they preparing a transparent, X11 like VPC (I don't dare mention WINE or DarWINE)???
I don't know anything, yet either this is a typo or it's some maintainance guy joke...
Funniest thing is that the listing is the same whichever the language.

If Microsoft were to port DirectX on the Mac, it would necessarily be an attempt to kill Open GL, a consortium they already left.

First there's Paul testimony:

Just to let you know the curse of Airport Express with 220 volts stroke again last night.
Bought on Februay 15th, 2005, the base station passed away at 6h15, that is to say in the fatal 13th month.
A call to the Apple Care and they granted me an exchange within 48 hours.
I told them about the important amount of disorders revealed in the forums, yet they still had no official indication from Apple about it!!!.

Luckily for Paul, his base station went down in this thirtheenth month, beyond which Apple refuse any intervention.
As now testimonies became more sparse, one might hope there was only a defective series involved. Only guessing, actually, as if this were the case, Apple could as well, without making it official, exchange the hundreds of faulty ones. This would make everyone happy.

Here are some more hints that the market of clones or counterfeit nano iPods has become worldwide. First here's Pierre-Yves talking.

Just to let you know I found false iPods here in Tana (Madagascar).
Here they're sold openly, in a cell phone shop (there was a real iPod nearby).
This is not a European only phenomenon.
They cost 135,000 Ariary, which is 51 euros (a month and a half of average loan). 675,000 Fmg is the price in a former monetary unit in Madagascar.

And now there's Harry comment and photo.

They're everywhere in Thailand, and some even read 'Samsung'...
I'm just back from Bangkok, where they could be found in every shops - yet quality is hopeless.

Launched by Apple Insider, the word has started to spread on the web: a MacBook Prp 17" will supposedly be available in June.
A reason why this computer won't come out before is the shortage of the very slim, specific type of DVD burner it requires, as we wrote on 12 January.
This is a bit of a worrying information. Apple is now competing hard with Wintel computers manufacturers. If proof is needed just look at how quickly Steve announced and delivered the first Core Duo configurations.
Yet, according to Intel's roadmap, the heir to Yonah will come out sometime in October, which would have Apple renew its configurations lest they become outdated. Do they really want to start delivering in June a computer that'll become obsolete four months later?
This we'll have to wait a few more months to know.

According to this blog, a company that wanted to order a significant amount of Mac minis was told it was not possible at the moment.
From this incident, one could guess that this product is drawing to its end and will soon be replaced - why not on the 28th ?
C'mon Steve... one more MacIntel!

A 12.7 MB Patch is available to convert Doom 3 into Universal Binaries. If you're the lucky owner of a Mac core Duo, please send us your feelings and benchmark results.
This is good news indeed: as the rendering engine has been optimized for MacIntel, all the games based on it will be MacIntel native from now on.
To tell the truth, we didn't think developers would get at the Mac X86 so quickly.