I hadn’t seen any good spam for a while, even when I indulged my curiosity and looked inside Mail.app’s Junk folder before wiping it clean. This one, however, stood out in the crowd.
Silly me, I didn’t even know the FDIC had an office in Beijing, much less that it was where they hosted their “ATM/Debit/Check Card Protection Program”.
It was, of course, sent to the email address that’s in my WHOIS records, which is not on file with any banking institution I do business with. Not that I’d have fallen for it anyway…
Fun little blog entry documenting the life and death of a bug in Microsoft Word for Mac. A nice reminder of how difficult it can be to predict how your shiny new feature will interact with old code, and, more importantly, why it can take so darn long to fix an “obvious” bug. I’d love to see a similar explanation of Apple’s “can’t use capital U in firmware password” bug.
One thing this story doesn’t touch on is the importance of clear, unique error messages. If Word had actually reported “too many open files” instead of “disk full,” the problem might have been fixed a lot sooner. In one of my own favorite debugging stories, our discovery of the message “oh shit: fState != kParseError” led us directly to one line out of 16,000. It wasn’t clear, but it was at least unique.
This Mac security hole has been all over the web recently. The thing that makes it dangerous is that it’s ridiculously easy to exploit. The thing that makes it annoying is that anyone on the development team should have seen it coming a mile away, especially given the many well-publicized scripting exploits in Windows software.
How did it happen? WebCore. In an effort to produce a common HTML/HTTP library for all applications, functionality that used to be restricted to the Help tool was suddenly embedded in everything that retrieved or displayed web pages. Apple’s pervasive AppleScript support completes the circle.
Ask not what you can do with scriptable applications; ask rather what scriptable applications can do to you…
Update: The official fix is available via Software Update.
Update: You still need to turn off the Open “safe” files after downloading option in Safari, because disk: URLs still work, and mounted disk images can include auto-execute programs. Yes, there are two stupid features in the previous sentence.
"I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy. I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!"
Why, yes, Microsoft often officially releases beta software on peer-to-peer file-sharing networks. Your confusion is understandable, and no one is going to accuse you of being a software pirate. Really.
Besides, I’m pretty sure you won’t be downloading any commercial software in the future…
Update: Oh, and note the clever way the story implies that this had something to do with Intego’s “concept trojan horse” scare story. Sorry, Charlie, but we’re not that stupid. An application that doesn’t do what you think it will ain’t the same thing as an application disguised as an MP3 file.
Not only did I finally get one of the “you use illegal file sharing” extortion scam spams, it actually slipped past OS X Mail’s filters. Just the once, of course, now that I’ve told the system about it.
I’d love to know where they came up with the phony IP address they claim I’ve been using, though. I suspect it’s just boilerplate, since even if I were using a file sharing app, there’s no way they could associate it with that email address. Unless they (gasp!) really did manage to confiscate the contents of my computer. Tee hee.
Of course, there’s also a trojan attachment for infecting Windows boxes, which pretty neatly undercuts any claim that they ever got anywhere near the contents of my Macintosh…
Best part: the use of a phony Italian email address (from a machine that really is in Italy) while claiming to be associated with the FBI’s Department for “Illegal Internet Downloads”. They even supply a phone number.
Worst part: according to multiple news reports, there are quite a few people who are dumb enough (or, to be charitable, “sufficiently unsophisticated about the Internet and con artists”) to fall for this cheesy scam, and the associated “we found illegal porn on your computer” version.
I’d love to supply a link to this extremely cool iPod accessory, except that the manufacturer doesn’t list it on their web site, and Apple’s online store generates nonsensical URLs that don’t share well.
Instead, imagine a white plastic brick, about the size of an O’Reilly book, that opens up into a surprisingly good mini-speaker system that doubles as a fully-functional iPod docking station. It’s quite loud for a system with only 2 watts/channel, and distortion is well-controlled at reasonable volumes. It’s compatible with older iPods and other devices through the Aux port (short cable supplied), which I’m connecting to my PowerBook for a significant sound boost.
They claim up to 24 hours of life on four AA batteries, or you can use the supplied wall-wart to run it on AC.
Just tried to install nVidia’s Linux drivers for the onboard ethernet on my new Shuttle box. After transporting them on the only available media (USB keychain drive, which I had to mount by hand as root from the command line; love that user-friendly Gnome desktop!), I was greeted with a long string of syntax errors in the make output. Of course, I’d already had to abandon the build instructions provided by nVidia, because the version of rpm in Fedora doesn’t support the command-line options they used. It also apparently doesn’t support the C compiler they used.
So, to play with Linux on my shiny new PC, I once again have to play Goldilocks with multiple distributions, until I find the one that’s just right. Fuck that; it’s not worth the headache.
Update: Okay, I gave it another try. Seems I actually could get the network driver to install with Fedora, if I ignored the default OS install options and added the kernel sources. It seems they don’t expect ordinary users to own hardware they don’t provide drivers for. Still, after going through three or four “modern” Linux installers, my new slogan is “Desktop Linux: it’s like Windows without the QA”.
If you’re going to make Linux into Windows, could you please try to match the behavior, not just the window decorations?
Love, J
[translation: I just installed RedHat Fedora, and was astonished to discover that after it popped up a little dialog asking for disc #2, it didn’t detect the presence of the correct disc and continue on its own. It sat there for twenty minutes, patiently waiting for me to click ‘Ok’ to confirm that I had, in fact, inserted disc #2.]