Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Extract Directly from Time Machine

Normally you use Time Machine to restore lost data in a file like this: within the Time Machine interface, you go back to the time the file was not yet messed up, and you restore it to replace the file you have now.

You can also elect to keep both, but the restored file takes the name and place of the current one. So, if you have made changes since the backup took place that you would like to keep, they are lost, or you have to mess around a bit to merge changes, rename files, and trash the unwanted one.

As an alternative, you can browse the Time Machine backup volume directly in the Finder like any normal disk, navigate through the chronological backup hierarchy, and find the file which contains the lost content.

Once you've found it, you can open it and the current version of the file side-by-side, and copy information from Time Machine's version of the file into the current one, without losing any content you put in it since the backup was made.

Submitted by
Eolake Stobblehouse

 

 

Related Articles

 

 

Mac OS X 10.1 Security Issues Fixed

Send Article to a Friend

Mac OS X 10.1's significant improvements in performance and usability may have plenty of people considering a switch from the reliable workhorse of Mac OS 9, but it seems clear we can never go home again with regard to the issue of security. A number of security issues, most with Mac OS X's Unix underpinnings, have surfaced since the operating system's initial release, and although the Mac OS X 10.1 release offered fixes for a number of concerns that had arisen, three more cropped up almost immediately. One affected Internet Explorer 5.1, another dogs WebDAV and iDisk, and a third enables any application to run with root privileges. Apple reacted more quickly than in the past, publishing a workaround for the Internet Explorer problem within days and offering fixes for the Internet Explorer and root access problems on 19-Oct-01, less than three weeks after Mac OS X 10.1 shipped.

That's good, but other aspects of Apple's approach to addressing security issues remain problematic. After an initial quiet period following the release of Mac OS X 10.0 during which many (including TidBITS) called for Apple to make public statements about security breaches, Apple finally created a security announcement mailing list and a set of related Web pages, one of which lists security updates to Mac OS X. Unfortunately, the mailing list has been used only once since it was created in May of 2001, and then only to tell subscribers to visit the Security Updates page. Worse, that page has not yet been updated to explain the 19-Oct-01 fixes. Even if it's not completely up to date, it's worth visiting that page periodically to see at least those security concerns Apple has acknowledged and addressed.

<http://www.apple.com/support/security/>
<http://www.apple.com/support/security/security_ updates.html>

Let's look at the three recent issues, including the concern with WebDAV and iDisk, which remains outstanding.

Mac OS X Easily Rooted -- Although we generally think of crackers taking over machines remotely over the Internet, local exploits are becoming a concern to some users given Mac OS X's Unix underpinnings and multi-user capabilities,. In previous versions of the Mac OS, anyone who could sit down at a Mac unprotected by third-party software (or in Mac OS 9, Apple's built-in file encryption) could access any data on the Mac. The old Multiple Users feature was helpful for keeping kids from messing up a Mac, but wouldn't stop anyone who wanted to break through. With Mac OS X, though, there's more of an assumption of security, so it was troubling to discover that there was a trivially easy way to gain root access for anyone at the desktop, even if you've never enabled root access. All you had to do was launch certain applications that always run as root (like NetInfo Manager, Disk Utility, or Print Center), then launch another application from the Apple menu's Recent Items menu (or from anywhere in the Apple menu). Apple fixed this problem with Security Update 10-19-01, available via the Software Update preferences panel (choose About this Mac from the Apple menu, then click "Version 10.1". If "Version 10.1" is replaced with "Build 5L14", you have the fix.) You may still find it interesting to read Stepwise.com's explanation of how this breach worked.

<http://www.stepwise.com/Articles/Admin/2001-10- 15.01.html>

Why was this a concern? From the Unix perspective, root access is a big deal, since it gives someone complete control over the machine despite any previous restrictions. But from the perspective of a normal Mac owner, who likely has only a single user and has that user set to login at startup, this security hole wasn't a major concern. I'm far less worried about someone gaining root on my iBook locally than stealing it, which seems a lot more likely given the need to have physical access to the machine. To be fair, the discovery of this exploit also points out the need to be careful with remote control programs like Netopia's Timbuktu Pro and the various VNC servers and clients.

<http://www.netopia.com/software/products/tb2/ mac/>
<http://www.osxvnc.com/>
<http://www.webthing.net/vncthing/>

For an additional bit of perspective, remember that anyone can reboot a Mac OS X system using a Mac OS installation CD or a copy of Mac OS 9 installed on the hard disk. Afterwards, this person has full control of the system, since Mac OS 9 doesn't recognize or honor Mac OS X file permissions on local disks. Apple is working on securing Open Firmware to close these holes, but Open Firmware restrictions can still be bypassed by resetting Open Firmware or transplanting the disk to another computer. As a result, this local root exploit is best thought of a reminder that anyone with physical access to a machine effectively has full control over it, despite any software security short of an encrypted filesystem.

Internet Explorer 5.1 Automatic Execution -- By default, Microsoft Internet Explorer 5.1 is set to decode MacBinary and BinHex files automatically during download. Nothing new here, and that's not a security concern. But for some reason under Mac OS X 10.1, Internet Explorer 5.1 automatically launched at least some applications that were encoded in MacBinary or BinHex without being compressed by StuffIt as well. With normal applications, that wouldn't be a problem, but if someone posted a Trojan horse - a malicious application that masqueraded as something benign - damage could result. It's not entirely clear what types of applications (Classic, Carbon, Cocoa, etc.) would be automatically launched or why, but it's moot now that Apple has released Internet Explorer 5.1.3 via the Software Update preferences panel. If you aren't able to update right away for some reason, the problem is easy to work around. In the Download Options pane of Internet Explorer's Preferences window, turn off "Automatically decode MacBinary files" and "Automatically decode BinHex files." Changing these settings has no functional liability; all it does is cause Internet Explorer to hand off decoding tasks to StuffIt Expander rather than performing them internally.

<http://db.tidbits.com/getbits.acgi?tlkthrd=1490>
<http://docs.info.apple.com/article.html? artnum=106503>

iDisk via WebDAV Exposes Passwords -- In Mac OS X 10.1, Apple modified the Finder so it accesses your iDisk via WebDAV rather than the older Apple Filing Protocol (AFP). Unfortunately, as Alan Oppenheimer of Open Door Networks has pointed out, Mac OS X's WebDAV implementation sends your password as unencrypted text across the Internet. This is a violation of the WebDAV specification and basic security principles. Someone who could monitor your Internet connections could discover your password and use it to access your iDisk and mac.com email account (and since many people reuse the same password many times, other services could be compromised as well). AFP remains secure, but to use it you must access your iDisk by choosing Connect to Server from the Go menu and then typing "afp://idisk.mac.com" (after which you can make an alias to the iDisk or add it to your Favorites for easier future access). FTP also sends passwords as unencrypted text, so your level of concern here should match your level of concern over exposing passwords via FTP. If you must use FTP or iDisk via WebDAV, common sense would dictate not reusing passwords used for those services with more sensitive services. As an alternative for FTP, try Interarchy 5.0.1 or RBrowser, both of which can use SSH encryption (built into Mac OS X 10.0.4 and later) for secure connections.

<http://www.opendoor.com/macosxalert.html>
<http://asg.web.cmu.edu/rfc/rfc2518.html#sec- 17.1>
<http://www.interarchy.com/>
<http://www.rbrowser.com/>

As far as we can tell, this WebDAV security hole was not fixed in the Security Update 10-19-01, although Apple is aware of the problem. A related discussion on TidBITS Talk indicated that Mac OS X 10.1's WebDAV implementation may support only Basic authentication, which eliminates one of the significant advantages of WebDAV over FTP.

<http://db.tidbits.com/getbits.acgi?tlkmsg=11678>

The moral of the story is that it's definitely worth letting Software Update look for updates regularly, since that will almost certainly be the fastest way to receive any updates that Apple releases. In the meantime, if you're interested in learning more about some of the basics of security in relation to Mac OS X, Roland Miller has posted a report about 10.0 that applies in large part to 10.1 as well.

<http://www.sans.org/infosecFAQ/mac/OSX_sec.htm>

 

New for iOS 8: TextExpander 3 with custom keyboard.
Set up short abbreviations which expand to larger bits of text,
such as “Tx” for “TextExpander”. With the new custom keyboard,
you can expand abbreviations in any app, including Safari and
Mail. <http://smle.us/tetouch3-tb>