Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Mac OS X Services in Snow Leopard

Mac OS X Services let one application supply its powers to another; for example, a Grab service helps TextEdit paste a screenshot into a document. Most users either don't know that Services exist, because they're in an obscure hierarchical menu (ApplicationName > Services), or they mostly don't use them because there are so many of them.

Snow Leopard makes it easier for the uninitiated to utilize this feature; only services appropriate to the current context appear. And in addition to the hierarchical menu, services are discoverable as custom contextual menu items - Control-click in a TextEdit document to access the Grab service, for instance.

In addition, the revamped Keyboard preference pane lets you manage services for the first time ever. You can enable and disable them, and even change their keyboard shortcuts.

Submitted by
Doug McLean

 
 

Apple Adds Nearly Instant MobileMe Sync in 10.5.6

Send Article to a Friend

MobileMe subscribers finally get nearly instant synchronization of their contacts, calendars, and bookmarks with the latest Mac OS X 10.5.6 Leopard update. Deep in the release notes, Apple writes that these items "automatically sync within a minute of the change being made on the computer, another device, or the Web at me.com."

Apple was criticized after the launch of MobileMe for promising that items would synchronize immediately from every source when changes were made. Apple later apologized, and said that desktop software would have a lag of as long as 15 minutes. The company stopped using the term "push" to describe its software, and said it wouldn't describe it that way until they'd improved performance. (See "MobileMea Culpa: Apple Apologizes and Explains Tiger Situation," 2008-07-16.)


Fixing the TARDIS -- The rest of the update contains little of note, despite a variety of fixes to very specific bugs and flaws. One might take some heart from the Time Machine section, which has two items:

  • Fixes issues that could cause Time Machine to state the backup volume could not be found.
  • Improves Time Machine reliability with Time Capsule.

Well, alrighty, then. I know of a number of people (including myself) who have suffered unrecoverable corruption on their Time Capsule backup images, and even after wiping the drive or erasing the images, still experience recurring corruption. That's obviously unacceptable. Maybe this update fixes that problem? This is when it would be nice to have some narrative to go along with the executive summary.


Fixes for Age-Old Exploits -- Apple also released Security Update 2008-008, which fixes a variety of frightening-sounding exploits, as well as this surprising problem with Safari:

"Safari allows Web sites to set cookies for country-specific top-level domains, which may allow a remote attacker to perform a session fixation attack and hijack a user's credentials. This update addresses the issue by performing additional validation of domain names."

Why scary? Because this problem has been known for many years. The major generic top-level domains, initially controlled by the United States, include .com, .net, .org, and so forth. Other nations, like the United Kingdom and Australia, opted to put top-level categories to the left of their country codes: .co.uk, .com.au, and so forth.

This means that in the .co.uk hierarchy, if a cookie were set to .co.uk, any site with a .co.uk suffix would be sent that cookie by a browser. Browsers have typically limited cookies to tertiary domain names outside of the generic top-level domains for that reason. Amazon UK might set a cookie for amazon.co.uk, but a browser wouldn't deliver that cookie anywhere else.

Some countries allow anything to the left of their country code, however, which results in a problem when a server sets a cookie for a secondary domain name, after which a malicious site could read all secondary domain cookies. It's too bad that when browser development was in its infancy, no standard for cookie/domain interaction was formalized. Unfortunately, a next-generation cookie specification that would address this and other security issues has languished.


Downloads -- Mac OS X 10.5.6 is available via Software Update and as a standalone updater for Leopard (372 MB) and Leopard Server (469 MB), as well as a combo updater, which has all updates from 10.5.1 through 10.5.6 for both Leopard (Apple says 71 MB, which must be a typo - 710 MB is more likely!) and Leopard Server (883 MB).

Security Update 2008-008 is incorporated into the 10.5.6 update. Many of the security fixes are also available for Mac OS X 10.4 Tiger, with separate updates for PowerPC (71.6 MB) and Intel (163.2 MB) models running client and server (133 MB). Use Software Update to ensure you get the correct version.

 

Fujitsu ScanSnap Scanners — Save your business time and money
with our easy-to-use small ScanSnap Scanner line. Eliminate
paper piles by scanning documents, business cards, and receipts.
Visit us at: <http://www.ez.com/sstb>