In your software update:

Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:


CoreFoundation
IPSec
Kerberos
libpcap
lukemftpd
NetworkConfig
OpenLDAP
OpenSSH
PPPDialer
rsync
Safari
tcpdump



For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

Safari? What should be wrong with safari? The version and build is the same...

Just installed on iMac G3 - no meltdown so far!
Damn - I wish I just installed Win SP 2 so I would have something to moan about. Guess I'll have to suffer an easy life. :rolleyes:

Safari? What should be wrong with safari? The version and build is the same...

Just checked the link, and apparently this one is only for 10.2.8 users. Newer versions of Safari are unaffected. (It's a javascript/array bounds check issue)

just becasue they update libraries belonging to the application doesn't mean they have to increment the version number

here is the complete list of changes:

Component: Apache 2
CVE-IDs: CAN-2004-0493, CAN-2004-0488
Available for: Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: Exposure to a potential Denial of Service.
Description: The Apache Organization has released Apache version 2.0.50. This release fixes a number of denial of service vulnerabilities. We have updated Apache to version 2.0.50 which only ships with Mac OS X Server, and is off by default.

Component: CoreFoundation
CVE-ID: CAN-2004-0821
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: Privileged programs using CoreFoundation can be made to load a user supplied library.
Description: Bundles using the CoreFoundation CFPlugIn facilities can include directions to automatically load plugin executables. With a specially crafted bundle this could also occur for privileged programs, permitting a local privilege escalation. CoreFoundation now prevents automatic executable loading for bundles that already have a loaded executable. Credit to Kikuchi Masashi <kik@ms.u-tokyo.ac.jp> for reporting this issue.

Component: CoreFoundation
CVE-ID: CAN-2004-0822
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: An environment variable can be manipulated to cause a buffer overflow which can result in a privilege escalation
Description: By manipulating local environment variables a program could potentially be leveraged by a local attacker to execute arbitrary code. This can only be exploited with access to a local account. Validity checks for local environment variables are now provided. Credit to <aaron@vtty.com> for reporting this issue.

Component: IPSec
CVE-ID: CAN-2004-0607
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: When using certificates, unauthenticated hosts may be able to negotiate an IPSec connection.
Description: When configured to use X.509 certificates to authenticate remote hosts, a certificate verification failure does not abort the key exchange. Mac OS X does not use certificates for IPSec by default so this issue only affects configurations that have been manually configured. IPSec now verifies and aborts a key exchange if a certificate verification failure occurs.

Component: Kerberos
CVE-ID: CAN-2004-0523
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier could permit remote attackers to execute arbitrary code.
Description: The buffer overflow can only be exploited if "auth_to_local_names" or "auth_to_local" support is also configured in the edu.mit.Kerberos file. Apple does not enable this by default. The security fix was back ported and applied to the Mac OS X versions of Kerberos. The Mac OS X and Mac OS X Server version of Kerberos is not susceptible to the recent "double-free" issue reported in the CERT vulnerability note VU#350792 (CAN-2004-0772). Credit to the MIT Kerberos Development Team for informing us of this issue.

Component: lukemftpd
CVE-ID: CAN-2004-0794
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: A race condition that can permit an authenticated remote attacker to cause a denial of service or execute arbitrary code
Description: If the FTP service has been enabled, and a remote attacker can correctly authenticate, then a race condition would permit them to stop the FTP service or execute arbitary code. The fix is to replace the lukemftpd FTP service with tnftpd. lukemftp is installed but not activated in Mac OS X Server, which instead uses xftp. Credit to Luke Mewburn of the NetBSD Foundation for informing us of this issue.

Component: OpenLDAP
CVE-ID: CAN-2004-0823
Available for: Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: A crypt password can be used as if it were a plain text password.
Description: Backwards compatibility with older LDAP implementations permits the storing of a crypt password in the userPassword attribute. Some authentication validation schemes can use this value as if it were a plain text password. The fix removes the ambiguity and always uses this type of field as a crypt password. This issue does not occur in Mac OS X 10.2.8. Credit to Steve Revilak of Kayak Software Corporation for reporting this issue.

Component: OpenSSH
CVE-ID: CAN-2004-0175
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: A malicious ssh/scp server can overwrite local files
Description: A directory traversal vulnerability in the scp program permits a malicious remote server to overwrite local files. The security fix was backported and applied to the Mac OS X versions of OpenSSH.

Component: PPPDialer
CVE-ID: CAN-2004-0824
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: A malicious user can overwrite system files resulting in a local privilege escalation
Description: PPP components performed insecure accesses of a file stored in a world-writeable location. The fix moves the log files to a non-world-writeable location.

Component: QuickTime Streaming Server
Available for: Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
CVE-ID: CAN-2004-0825
Impact: A denial of service requiring a restart of the QuickTime Streaming Server
Description: A particular sequence of client operations can cause a deadlock on the QuickTime Streaming Server. The fix updates the code to eliminate this deadlock condition.

Component: rsync
CVE-ID: CAN-2004-0426
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: When rsync is run in daemon mode a remote attacker can write outside of the module path unless the chroot option has been set.
Description: rsync before version 2.6.1 does not properly sanitize paths when running a read/write daemon with the chroot option turned off. The fix updates rsync to version 2.6.2.

Component: Safari
CVE-ID: CAN-2004-0361
Available for: Mac OS X 10.2.8, Mac OS X Server 10.2.8
Impact: A JavaScript array of negative size can cause Safari to access out of bounds memory resulting in an application crash.
Description: Storing objects into a JavaScript array allocated with negative size can overwrite memory. Safari now stops processing JavaScript programs if an array allocation fails.
This security enhancement was previously made available in Safari 1.0.3, and is being applied inside the Mac OS X 10.2.8 operating system as an extra layer of protection for customers who have not installed that version of Safari. This is a specific fix for Mac OS X 10.2.8 and the issue does not exist in Mac OS X 10.3 or later systems.

Component: Safari
CVE-ID: CAN-2004-0720
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: An untrusted web site can inject content into a frame intended to be used by another domain.
Description: A web site that uses multiple frames can have some of its frames replaced with content from a malicious site if the malicious site is visited first. The fix imposes a set of parent/child rules preventing the attack.

Component: SquirrelMail
CVE-ID: CAN-2004-0521
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements
Description: SquirrelMail before 1.4.3 RC1 is vulnerable to SQL injection which permits unauthorized SQL statements to be run. The fix updates SquirrelMail to version 1.4.3a

Component: tcpdump
CVE-IDs: CAN-2004-0183, CAN-2004-0184
Available for: Mac OS X 10.2.8, Mac OS X 10.3.4, Mac OS X 10.3.5, Mac OS X Server 10.2.8, Mac OS X Server 10.3.4, Mac OS X Server 10.3.5
Impact: Maliciously crafted packets can cause a crash of a running tcpdump
Description: The detailed printing functions for ISAKMP packets do not perform correct bounds checking and cause an out-of-bounds read which results in a crash. The fix updates tcpdump to version 3.8.3.

here is the complete list of changes:


This is why we have hypertext. The link's in the first post anyways.

DO you get the feeling we are not about to have to start worrying about viruses? :D

I've just put my crappy XP machine on the internet, and already, just a day later, i'm being bugged by this; http://www.doxdesk.com/parasite/LinkReplacer.html

It's a right pain in the ass, but at least the pop-ups start with something that makes sense.... "Microsoft Warning!" fair point.

I CANNOT wait until my G5 iMac arrives and I can thow this noisy piece-o-****** away.

Had an odd hang when it went to restart, but I did an fsck and permissions repair afterwards and all seems to be fine.

Kudos to Apple for the detail they provide about the fixes (they even mention who alerted them -- how cool is that?). This openness should go a long way towards correcting Apple's reputation for secrecy regarding security.

It is me or does it seem that there are more security updates than ever from Apple??

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

DO you get the feeling we are not about to have to start worrying about viruses? :D

I've just put my crappy XP machine on the internet, and already, just a day later, i'm being bugged by this; http://www.doxdesk.com/parasite/LinkReplacer.html

It's a right pain in the ass, but at least the pop-ups start with something that makes sense.... "Microsoft Warning!" fair point.

I CANNOT wait until my G5 iMac arrives and I can thow this noisy piece-o-****** away.

And that's your fault for using Internet Imploder. :rolleyes: If you don't know how to drive a car get off the road. If you don't know how to operate Windows safely get off the platform. And if you are forced to either drive a car or use Windows then LEARN how to use it safely. Easy no?
No one who is interested in a secure environment takes Internet Exploder seriously. That was your first mistake. Second. Do you have a firewall? No? Second mistake. Third. Windows Update? Never did it? Game over man! Game over!!

I don't notice a thing different.

It is me or does it seem that there are more security updates than ever from Apple??

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

No its reality kicking in. To clue people in who think the fabled perfect OS exists *hands them a cheat sheet that says: No such thing!!!!!*

No OS is going to be flawless and that sure as heck includes OS X or OS XI or OS XII. or OS pi.

I have a theory - can anyone back me up on it. Apple releases a new major OS update which is quick because it doesn't have to patch all this stuff. People find security holes and now all the patches get in the way and slow things down. It just seems like each time I install one of these patches things to slow down a bit. Any experience from anyone?

It is me or does it seem that there are more security updates than ever from Apple??

I don't see much of a change given the history...

http://docs.info.apple.com/article.html?artnum=61798
http://docs.info.apple.com/article.html?artnum=25631

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

More folks then ever are using Mac OS X hence more developers, etc. playing around finding issues as well as Mac OS X is including more and more functionality (Apples own and third-party). Also Apple is being relatively proactive about getting patches out quickly more so then in the beginning of Mac OS X. I don't think is shows much of a quality issue...

You shouldn't notice any slowdown if you take the proper procedures. (although I've never experienced any slow down of any kind when installing an Apple update, rather an increase in speed)

Repair Permissions
periodic daily/weekly/monthly
fsck
update prebindings
pray to god that your computer does not melt down.

You shouldn't notice any slowdown if you take the proper procedures. (although I've never experienced any slow down of any kind when installing an Apple update, rather an increase in speed)

Repair Permissions
periodic daily/weekly/monthly
fsck
update prebindings
pray to god that your computer does not melt down.
I know about the first 2. What's fsck and prebindings?

DO you get the feeling we are not about to have to start worrying about viruses? :D

I've just put my crappy XP machine on the internet, and already, just a day later, i'm being bugged by this; http://www.doxdesk.com/parasite/LinkReplacer.html

It's a right pain in the ass, but at least the pop-ups start with something that makes sense.... "Microsoft Warning!" fair point.

I CANNOT wait until my G5 iMac arrives and I can thow this noisy piece-o-****** away.


hey dude, if you're gonna throw it away, i'll pay for shipping/pick up and get it from you. I wouldn't mind another websurfing machine :)

And that's your fault for using Internet Imploder. :rolleyes: If you don't know how to drive a car get off the road. If you don't know how to operate Windows safely get off the platform. And if you are forced to either drive a car or use Windows then LEARN how to use it safely. Easy no?
No one who is interested in a secure environment takes Internet Exploder seriously. That was your first mistake. Second. Do you have a firewall? No? Second mistake. Third. Windows Update? Never did it? Game over man! Game over!!

So you're saying then, that:

1. It's not Microsoft's fault if an XP user uses Internet Explorer and bad things happen;

2. You must learn to fully and properly use the software before using a computer (this would prohibit 99% of people from using them)

3. The user, not the software manufacturer, is responsible for making the software secure enough to use in real-life applications...

Need I go on?

Seriously, it's one thing to blindly say "PCs suck Macs rule end of debate", but everything he mentioned were valid points that many, many users deal with. PC users, not Mac users. I've never had a page hijack my browser simply because I dared use the software that came installed :eek:

having a bad day are we?

paul

just installed. i havent had any sercurity issues in the past but i suppose its better not to tempt fate :)

I know about the first 2. What's fsck and prebindings?

I have absolutely no idea. :D

I just know it's good for your computer if you do it a couple of times every month.

Google it if you want more info. ;)

EDIT: i forgot how to use them. open up the terminal, type fsck, fsck will do it's thing then when your done type 'sudo update_prebinding -root -force /' and that will update your prebindings. to repair permissions in the terminal type 'diskutil repairpermissions /'.

And that's your fault for using Internet Imploder.

hey man, where exactly did I say IE? :confused: I may have to switch back to XP for a while but i'm not suicidal! Firefox all the way. :)

As to the updates.. i wish I could've gotten that far. It says there's 18 or so updates, but it completely died while trying to install them. :eek: I don't think it'll ever get to SP2 at this rate. And have installed about 5 virus checkers which all tell me that I have x and y viruses but than ask for $z to remove them. :(

I know about the first 2. What's fsck and prebindings?

fsck: Info from Apple here (http://docs.info.apple.com/article.html?artnum=106214) (or try here (http://huseac.fas.harvard.edu/cgi-bin/simpleforum.cgi?fid=04&topic_id=1067662368))

prebindings: Look here (http://www.macdevcenter.com/pub/a/mac/2003/11/21/maintenance.html) and scroll down to the "Update the prebinding" section.

pray to god that your computer does not melt down: This site (http://www.beliefnet.com/) might help. :D

Installed update.

Restarted.
Repaired permissions.
Opened Safari.
Tried to reply to this thread.

Kernel Panic!

Stupid security update. :mad:

And that's your fault for using Internet Imploder. :rolleyes: If you don't know how to drive a car get off the road. If you don't know how to operate Windows safely get off the platform. And if you are forced to either drive a car or use Windows then LEARN how to use it safely. Easy no?
No one who is interested in a secure environment takes Internet Exploder seriously. That was your first mistake. Second. Do you have a firewall? No? Second mistake. Third. Windows Update? Never did it? Game over man! Game over!!

Kind of harsh. It's easy to say, but learning the platform and its problems can take a while. I have to have a PC because of my work. Setting it loose on the internet is like dropping off a hot promiscuous teen in the inner city, that is, it is quickly infected.

I didn't see anything sneak in that would have affected audio encoding. I know it's not "security" per se, but I'd sure like to see Apple go ahead and "secure" their DRM from the Real turds.

Wow, a security update, well that will give us all something to post about.

But seriously all those who question why so many security updates and whether our OS is full of holes, no not really, but it's not perfect. That doesn't mean Apple did a lousy job when they wrote the OS.

You gotta think of it a bit like warfare. First of all they made a tank, then someone made armour piercing shells, so they made the armour on the tank a bit thicker and so on.

Guess we are lucky in that Apple has a small share of the market and there arn't so many people making armour piercing shells to fire at our tanks.

I'm no M$ fan, but they do have a whole load of people attacking their OS and this is why M$ has such a problem with security. It ain't really a failing on the part of M$, but because of the market share they enjoy, you should expect to have to patch their stuff more often.

I have a theory - can anyone back me up on it. Apple releases a new major OS update which is quick because it doesn't have to patch all this stuff. People find security holes and now all the patches get in the way and slow things down. It just seems like each time I install one of these patches things to slow down a bit. Any experience from anyone?

I think what you're running into is what's called Negative Placebo Effect.

If you knew anything about the majority of the programs being patched, you would know that they aren't core components of MacOS. Furthermore if you notice how simple some of these fixes can be (literally one line of changed code in some cases) you're not going to notice anything different at all.

Come on people, what did you expect, your 1ghz iMac to run like a 2Ghz G5 after installing this update? waaaa "I don't notice a difference." Get Real.

And thank you Apple for staying on top of things.

/dale

Well there are a number of things going on here now.

Number one is that there are more organized attackes on the Internet know than ever before. Security is simple a bigger problem than it ever was.

The next thing you should notice is that much of the software beign updated is open source. This means that there are continous improvements being made even after a release. Many times problems are spotted and fixed before they are acknowledged to the community as a whole, to try to keep one up on the hackers and others out ot attack systems. In other words fix it before it gets exploited mentality.

Lastly you have to realize that OS/X is a huge leap forward with repsect to OS services than what Apple had before. There is simply more to exploit due to the features available.

Thanks
dave


It is me or does it seem that there are more security updates than ever from Apple??

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

Just wanted to kinow....why are there folks repairing permissions after every flipping update? I mean you'd hope Apple would have the permissions right when they did the update package right? Just seems to me I see more Mac users do alot of inane things.....just like Windows users do(always run this once a month whether it needs it or not.....). I have yet to find the need to run fsck once or twice a month! ;) The file system should be smart enough to call it up on it's own and usually does if it's sufficiently dirty. HFS+ seems well behaved with that regard.

Login passwords no longer seem to be stored in the swapfiles. :)

I do the grep mentioned in the bugtraq and I get a lot of gobbledygook, but no passwords. Yay!

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

No, it indicates an increase in quality control.

It also indicates that OS 9 was mature (not all in good ways) while OS X is relatively new.

Then again, OS 9 did have a FEW viruses. OS X has none.

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.


It loads up for me. I have a FP iMac (800mhz) and Jaguar

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.

I forgot to mention that both computers are running Panther... No third party applications running with Safari.

This installed on my mac without a problem. I was holding my breath for a while...but i could breathe again.

fsck: Info from Apple here (http://docs.info.apple.com/article.html?artnum=106214) (or try here (http://huseac.fas.harvard.edu/cgi-bin/simpleforum.cgi?fid=04&topic_id=1067662368))

prebindings: Look here (http://www.macdevcenter.com/pub/a/mac/2003/11/21/maintenance.html) and scroll down to the "Update the prebinding" section.

pray to god that your computer does not melt down: This site (http://www.beliefnet.com/) might help. :D
Thank you. Those links are fantastic.
Thank you Musicpyrite too for your info.
:)

The next thing you should notice is that much of the software beign updated is open source.

Exactly, the majority of fixes for OS X so far haven't actually been for Apple-created code, and like you said they're fixed before they're exploited.

Safari has had quite a few, but then you'd expect it for an immature application who's sole premise is the internet...

AppleMatt

installed.
restarted. (bootup took a lil longer than normal.... ) :rolleyes:
posting on this message board now..
all seems swell. :D

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.


I tried it, same here! I'm running Panther on a 2.0 G5 so it's not just you. You can sleep easy now!

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.
I'm running panther on G4 Powerbook. I get the same thing as you - a blue page with no workable links. I hope someone here can help.

Improvements to open source products are essentially continuous. Apple has to decide how often to issue these improvements. Security improvements are generally more important than other improvements, but the question remains.

It's a tradeoff. Daily updates would be most secure but way too annoying. Semi-annual updates would be very convenient but leave security holes far too long.

By bundling updates for a few products together, and issuing Security Updates such as this one though Software Update every month or two, Apple has made their choice about frequency and made it as convenient as possible. I think their timing is about right.

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.

I see the same thing. However, you can scroll to the bottom and get the regular page. This is definitely due to the update.

I have not installed the last few updates, and I can get CompUSA just fine.

And that's your fault for using Internet Imploder. :rolleyes: If you don't know how to drive a car get off the road. If you don't know how to operate Windows safely get off the platform. And if you are forced to either drive a car or use Windows then LEARN how to use it safely. Easy no?
No one who is interested in a secure environment takes Internet Exploder seriously. That was your first mistake. Second. Do you have a firewall? No? Second mistake. Third. Windows Update? Never did it? Game over man! Game over!!

This is one of the most asinine posts I have ever seen.

The idea that Bill Gates has managed to foist on the world that they should accept their computers working as poorly as the do is just absurd.

It should not be up to the user to have to jump through all sorts of hoops to get their computer to work like it is intended to.

I tried it, same here! I'm running Panther on a 2.0 G5 so it's not just you. You can sleep easy now!

Me too. :mad:

All I have to say is:


Yeah new software even if it is an update. :-D



can you tell I have been having a boring day. :o

http://news.com.com/Apple+fixes+15+flaws+in+Mac+OS+X/2100-1002_3-5350010.html?tag=nefd.top

:p :o :eek:

Thankyou to Apple for providing detailed information on the security update changes :)

It is me or does it seem that there are more security updates than ever from Apple??

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

Nope. It's a reflection of how many eyes are out there looking over the code for the open source compenents of the system: note how many of them are the targets of these security fixes (SSH, Apache, etc.) Finding and fixing bugs isn't a sign of poor Q&A - not finding and fixing them, and getting caught with your pants down by an exploit in the wild is. Don't worry too much until you start hearing about viruses that take down a lot of machines - but DO install the security updates; if you don't, you're wasting a lot of people's time and energy, and just setting yourself up for a fall, because NO OS is flawless.

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.

Possibly Comp USA was having a big sale on CD-Rs and the webpage guy had to go attend the cash registers, and left the page like this.

prebindings: Look here (http://www.macdevcenter.com/pub/a/mac/2003/11/21/maintenance.html) and scroll down to the "Update the prebinding" section.
I thought Panther was supposed to take care of prebinding? I remember hearing that that was only really necessary in prior versions of OS X.

I've often heard that pre-binding's no longer needed. Installers do it automatically ("optimizing") and the OS also does it again--invisibly, and only if needed--each time you launch an app. True? I've never done it in my life :D

I've heard less often that you no longer need to repair permissions (which seems like an obvious thing for an installer to do as well). Unless you have a problem or crash. Repair permissions would then be in the same category as running Verify and Repair--a troubleshooting/recovery measure, not required maintenance. True or not? I still do it every few months... I guess I just feel like I have to do SOME preventive maintenance as a placebo? :D


Login passwords no longer seem to be stored in the swapfiles. :)
I do the grep mentioned in the bugtraq and I get a lot of gobbledygook, but no passwords. Yay!
Is this a big deal? I've seen people focus in on that as the reason OS X is (or used to be?) "useless" for business. It's not a subject I'm familiar with.

I think what you're running into is what's called Negative Placebo Effect.

If you knew anything about the majority of the programs being patched, you would know that they aren't core components of MacOS. Furthermore if you notice how simple some of these fixes can be (literally one line of changed code in some cases) you're not going to notice anything different at all.

Come on people, what did you expect, your 1ghz iMac to run like a 2Ghz G5 after installing this update? waaaa "I don't notice a difference." Get Real.

And thank you Apple for staying on top of things.

/dale

I'm not talking about the patch making things work faster. I'm talking about it being slower on the same machine after the patch. I don't expect my G4 to run like my G5 (that's why I bought a G5). I was just wondering if it was more code to go through and slowed it down. I am also glad that Apple is staying on top of things.

Hey all. I have had no problems. And for those people who are ragging on those who have said that they "haven't noticed any difference"... STOP! All comments are welcome. A comment saying that they haven't noticed a difference is a comment saying that there haven't been any negative side effects that the user can tell.

And that's your fault for using Internet Imploder. :rolleyes: If you don't know how to drive a car get off the road. If you don't know how to operate Windows safely get off the platform. And if you are forced to either drive a car or use Windows then LEARN how to use it safely. Easy no?
No one who is interested in a secure environment takes Internet Exploder seriously. That was your first mistake. Second. Do you have a firewall? No? Second mistake. Third. Windows Update? Never did it? Game over man! Game over!!

Not using IE does not mean it's removed from your machine. What if some other app invokes IE?

Do you always have to be arrogant and bitter? :rolleyes:

Could anybody double check the following? I'm trying to access CompUSA's web page (http://www.compusa.com ) after applying the security update and I'm getting a blue page with no workable links :confused:

I've verified this error in both a PB G4 and one iMac G4.


Scroll down some and it appears. I'd be more interested in does it do this on any version of IE. It looks, to me, to be more a issue of the web develper changed the page recently and it got messed up! ;)

That said, I think someone else had stated the Safari update was only for 10.2.8.

Ok, I installed the security update and it killed my wireless and ethernet. I don't even see them in the network configuration. Fantastic...anyone else have this problem?

So you're saying then, that:


1. It's not Microsoft's fault if an XP user uses Internet Explorer and bad things happen;

Nope never said that. I did say that if you are going to jump on an inherently unsecure platform you better know what you are doing before you get behind the wheel.

2. You must learn to fully and properly use the software before using a computer (this would prohibit 99% of people from using them)

Then so be it. I'm not making up the rules when dealing with Windows I'm just telling you how it is. Don't like it. Use a Mac.

3. The user, not the software manufacturer, is responsible for making the software secure enough to use in real-life applications...

I'd call it 30%/70% Would you suggest that any person be allowed behind the wheel of a car without training? From my house I can see my neighbors:
1. Unprotected WIFI network.
2. Unprotected (read: no password) router.
3. Unprotected (Read: no password on admin) Windows XP box.

I don’t care who you are a computer is not a VCR or a toaster. There is some responsibility involved in using a PC. Less so on a Mac due to its inherent secure state. If you are going to use a PC you better deal with its insecure state. Many ISP’s are taking proactive measures by disabling certain ports that adware and virus infected systems are pouring spam out of. So what happens? ISP’s have to play cleanup for an untrained user. Again I don’t fully blame the user and I don’t fully blame MS. There is a percentage of responsibility here and AGAIN if you can’t deal with taking responsibility for your computer then IMHO you shouldn’t be using the platform or shouldn’t be using a computer. Harsh yes. But I deal with the IT side of things day in and day out. I’m just getting tired of this crap. Personally I would love to see a license program happen. Before you are allowed to buy an IBM PC clone you need to attend Bob’s basic computer training course and get a license.

I've never had a page hijack my browser simply because I dared use the software that came installed :eek:

Then you aren't in a large enough PC environment. I would say of the 178 PC's I admin 30% have some form of spy/adware and of that 10% are critical enough to warrant a reimage of the user's system. (I've done 10 in the last 4 months about to start on my 11th prob before the end of the week.)
Not to intentionally get out of the bounds of good taste, I can't find a better analogy, but browsing with IE is like having sex without a condom. You may not get an STD for a while but your luck WILL run out depending on who you are with or in this case what site you go to. With that I will leave you with this pretty picture that I have as a reminder of how bad it can get. Try and count the adware. This isn’t just an MS flaw its also a user flaw. Using a computer, be it Windows or Mac, takes a brain. Clicking on every popup that occurs takes a serious level of stupid that is “special”

I've often heard that pre-binding's no longer needed. Installers do it automatically ("optimizing") and the OS also does it again--invisibly, and only if needed--each time you launch an app. True? I've never done it in my life :D
Yeah, I heard it was part of that "optimizing" process. The optimizing thing is kind of annoying to me because I never really know what it's doing :rolleyes: Anyway, I did the update and all's well :)

Not using IE does not mean it's removed from your machine. What if some other app invokes IE?

Do you always have to be arrogant and bitter? :rolleyes:


Where are you getting arrogant from? I’m being realistic. I deal with this crap all day long. If you are confusing experience with arrogant sorry.

As for another app calling out to IE. It’s possible. However there are several factors keeping this from happening. One. From what I understand, I’m hardly a programmer, the API’s that can be invoked by external apps can’t be called from an alternative browser, the scope of the discussion. I know for a fact that there is a whole heck of a lot that can be called from IE. FireFox? Not so much.

If I come off bitter it’s from dealing with more and more outbreaks of severe adware on people’s computers in my office. As a test I’ve installed FireFox on 12 systems in the office as an alternative browser but not a replacement since there are internal apps the were developed out of corp that require IE. :rolleyes: All 12 users are adware and Trojan free. Coincidence? Possibly. But I doubt it. The rest of the systems? I get to go to at least a handful every day with users swearing up and down they didn’t do anything. Even though when I go to their browser history I see them going to www.bobssupercoolstampcollection.com or some other WAY off website that prob gets its bandwidth money from adware distributors. While I get to spend an hour attempting to clean someone’s system of spy\adware because they don’t know enough not to click on the popup. Yes I’m a bit bitter or possibly a bit burned out. Not sure which at this point.

Ooh we are a grumpy lot in this thread today. I will leave the IE arguement to others that is why I have a Mac :)

I have installed security updates as and when they appear for the last 4 years from Apple on 2 machines G3 iMac and G4 Powerbook (Just out of Nursery Skool) and only ever had minor issues e.g. Would not sleep properly.

Apple don't seem to be abusing their nice software update feature. Steady updates to ensure their users have the latest and best, combined with acknowledging who found the weakness seems very fair to me. The downloads are quick and painless in most cases.

Life is too short to get wound up about a software update which makes your beloved Mac stay ahead of the game. Chill be cool and look forward to the weekend.

Hello? Where am I? the last post (This one, before editing it) said "Tepi :p" no fu****ng idea what it means and no idea who wrote that I just went out a bit and came back to see new post but I found one from my self :eek:, one I never wrote... I changed passwords, just in case but, holycr*p ... that scared me a lot !!!

Hey everyone look on the bright side, the Red Sox are in first for the wild card!


(I know, totally unrelated) :D

... And have installed about 5 virus checkers which all tell me that I have x and y viruses but than ask for $z to remove them. :(

Panda Activescan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) is a really good free online virus scanner, although if its a really nasty virus you may have to scan then restart and repeat.

And if you want some AV software AVG antivirus (http://free.grisoft.com/freeweb.php/doc/2/) is free for personal use.

Thankyou to Apple for providing detailed information on the security update changes :)

I have to agree. I hadn't bothered to look at the Kbase info for updates before now, because it didn't give you much extra information above what is in Software Update. It seems as if since June, the policy has changed to be more fully open about exactly what, why and how they are fixing security issues. I think this is a fantastic improvement by Apple.

I don't think that PC heads really appreciate the level at which security updates on Mac's are working. They are worrying about whether enabling security by default (SP2, doh! :eek: ) will have an impact whilst we're worrying about whether some obscure set of conditions might open a security opening, if we have chosen to take down some security to allow us to, say, FTP files to/from our machines.

Sanj

Yeah, I heard it was part of that "optimizing" process. The optimizing thing is kind of annoying to me because I never really know what it's doing :rolleyes: Anyway, I did the update and all's well :)

That's true for installs that use the Installer application. Its never completely clear whether they are doing a full prebinding update, or just on what has been installed.

Where the prebinding needs to be considered is where over time you have installed a number of apps with the drag-into-/Applications-and-drop method. In theory they should get pre-bound when they are first run and the pre-binding should get updated whenever you install updated libraries using the Installer. However with any of this sort of thing, things are likely to get out of sync, and it does no harm and can potentially improve performance of your machine.

I highly recommend Panther Cache Cleaner for doing all the tasks (daily / weekly / monthly, prebinding, fixing permissions, etc.)

Sanj

I am pleased to see Apple releasing updates such as this (with credits and CVE-ID), and applying them to Jaguar (10.2) too. Many non-technical and home users will still be running 10.2, and it's important they're kept as secure as possible too.

We need to adjust to the security environment we face. All operating systems suffers from defects and security issues, openly tackling them is the most effective way of dealing with the problem.

Would you rather there were less updates and your machine was less secure? Is ignorance really bliss? I don't think so.

I just looked at the CompUSA page, very odd. It seems to work fine in FireFox, although there is a big delay before the content gets loaded.

I just looked at the CompUSA page, very odd. It seems to work fine in FireFox, although there is a big delay before the content gets loaded.

Same story with the Fedex.com and BestBuy.com websites.

Just wanted to kinow....why are there folks repairing permissions after every flipping update? I mean you'd hope Apple would have the permissions right when they did the update package right?


Yes, BUT...

1. Apple made 'dual booting' OS X and OS 9 possible to ease the transition for early adopters, and

2. Apple made the 'Classic' environment possible, and pre-installed on all systems, and

3. There are a lot of whiners going "waaaa, I want my type-and-creator metadata",

THEREFORE

Apple chose to use HFS+ as the filesystem instead of UFS (or JFS/XFS/ext3/reiserfs) to accomodate 1 - 3 above.

HFS+ is the most unstable filesystem I've ever seen. Remember repairing 'bundle bits' and 'catalog btree' on old pre-OS-X systems? That is HFS+ eating itself. On OS it tends to lose the permission flags. Hence, the need for regular repair.

Fedex works ok ... about bestbuy and compusa ... is apple taking marketing tactics up? ... :p ... Apple must be working on that...

I don't see much of a change given the history...

http://docs.info.apple.com/article.html?artnum=61798
http://docs.info.apple.com/article.html?artnum=25631



More folks then ever are using Mac OS X hence more developers, etc. playing around finding issues as well as Mac OS X is including more and more functionality (Apples own and third-party). Also Apple is being relatively proactive about getting patches out quickly more so then in the beginning of Mac OS X. I don't think is shows much of a quality issue...

I think you are a little misguided actually. The reason patches are coming out quickly is due to Apple using Open Source software components which are present in Linux, BSD and Unix, etc. systems around the world. It's more down to increased usage of these softwares that these fixes are being created, than anything to do with Mac usage (which I believe is actually falling a little?). Look at most of the fixes, I can only see Safari, Quicktime and CoreFoundation (Darwin? Open?) that are actually closed and controlled by Apple - the rest is freely available and widely used.




joss

Glad to see this update works with 10.3.4 -- 10.3.5 was unstable for me. FWIW, the Compusa site runs fine on my Ti400 with the security update and 10.3.4.

I think you are a little misguided actually. The reason patches are coming out quickly is due to Apple using Open Source software components which are present in Linux, BSD and Unix, etc. systems around the world. It's more down to increased usage of these softwares that these fixes are being created, than anything to do with Mac usage (which I believe is actually falling a little?). Look at most of the fixes, I can only see Safari, Quicktime and CoreFoundation (Darwin? Open?) that are actually closed and controlled by Apple - the rest is freely available and widely used.
joss

yeah, say the BSD people find something amiss with their OS. They fix it and tell Apple about it so Apple fixes and probably waits a while to gather enough fixes to qualify for a security update.

I am pleased to see Apple releasing updates such as this (with credits and CVE-ID), and applying them to Jaguar (10.2) too. Many non-technical and home users will still be running 10.2, and it's important they're kept as secure as possible too.

We need to adjust to the security environment we face. All operating systems suffers from defects and security issues, openly tackling them is the most effective way of dealing with the problem.

Would you rather there were less updates and your machine was less secure? Is ignorance really bliss? I don't think so.

Absolutly - therefore I don't understand why so many people are voting negative. At the moment there are 60 positive votes and 40 negative votes. Is that because a lot of people are having problems with this update ? Just would like to know that before I am installing it.

Thanks and Cheers
CmdrLaForge

Glad to see this update works with 10.3.4 -- 10.3.5 was unstable for me. FWIW, the Compusa site runs fine on my Ti400 with the security update and 10.3.4.The site "fails" for me (yes, you can scroll down, but still...). Worse, it never seems to stop loading. This is on 10.3.5/Rev A dual-2.0.

BTW, it does eventually load for me - but it takes "forever". And I'm not sure where it's getting the list of keywords that shows up at the top (each one is duplicated). It's not readily (to this untrained eye) apparent from the source.

I bought the iMac G3 I am using at CompUSA three years ago, and haven't had a problem since. I've learned more about Apple computers since but reading this thread had me worried. I had never heard of prebinding or 'fsck' before this thread. By the end of it I was wondering how much damage I had done by not having done these things before. Luckily though things are working about as well as they did before the update.

I did try the CompUSA site before and after and there was definately a change. After a restart the CompUSA page changed to a blue page with a list down the left hand side in black. The content is at the bottom but it's a change. Not that it matters, it was the first time I've visited that site.

I just wish that Apple would fix Safari. It's great but there are too many things I can't do with it as far as sites go. It doesn't work well with game sites, most car companies can't display content they have. It's a waste of time having 4 browsers sitting on the Dock because there isn't one browser that can do everything.

Ooh we are a grumpy lot in this thread today. .

lol, and i have learnt my lesson. DO NOT MENTION ANYTHING WINDOWS XP RELATED ON MAC SITES. :cool:

actually, as time goes on and Microsoft fades away (and with the Longhorn disaster its possible) maybe we should get Arn to ban the word 'Microsoft' in these bulletins? After all, we're all saine Mac users right? Why should we spend even 1 second talking about how the other half live. They've got a crap house with bad wireing and no door, as opposed to our sleek mansion with a lockable door.

Or at least get the word replaced with 'M$' :D

After update:
Safari crashes and I cannot launch most of apps, no ICal, DiskUtility, Iphoto, IMovie, SoftwareUpdate, not even message that app has crashed. It just makes few jumps in the Dock and that's about it. Launching of any app takes forever.
Closing an app takes forever as well, if it closes at all.

I installed update on 10.3.5. I did repair permissions with panther cache cleaner.

Now I have to go for clean install I guess. Any sugestions?

Thanks

Miro
www.fotoserver.sk

Killed my ftp service.. can't log in anymore.. apple forums say something about where tnt looks for the passwords. apple - please fix! :)

I just wish that Apple would fix Safari.While, granted, there are certainly Safari problems, note that a lot of the "bugs" in Safari are because it actually implements standards correctly. Most pages which don't load are IE-specific or are "broken" so as to work in IE. As IE is pushed to the back burner, perhaps more sites will actually use the real web standards when building their pages.

Use the W3C's Validator (http://validator.w3.org) and CSS Validator (http://jigsaw.w3.org/css-validator) to show how bad most sites are.

maybe we should get Arn to ban the word 'Microsoft' in these bulletins?:D

Glad you laughed, not sure that banning free speech is the way forward. I would love a little Microsoft icon in the reply to tool. This would put in your text a randomly generated Microsoft Emoticon.

e.g.

>>>>>> :-( Sinking under the weight of viruses
:-o Just saw the blue screen of death
:-\ Imminent switching
}:-) Pleased with their new Longhorn features
etc.


John

15" Al PB, 10.3.5 all updates applied prior to this security update.

Installed flawlessly and rebooted without any dramas. as others have mentioned, compusa.com does have a rendering glitch but that's the only issue I have seen amongst all the main apps. I even tried ssh, sftp, etc. all fine.

FWIW.

J

I just wish that Apple would fix Safari. It's great but there are too many things I can't do with it as far as sites go. It doesn't work well with game sites, most car companies can't display content they have. It's a waste of time having 4 browsers sitting on the Dock because there isn't one browser that can do everything.

Unfortunately, this is the result of living in a M$ (IE in particular) dominated internet world. The problem doesn't lie with Safari so much, it's with all of these sites built basically to only support IE. They don't care if their site doesn't work well (or at all) with Safari because the overwhelming amount of their visitors are using IE. Hopefully this will continue to change for the better now that IE has started to see it's market share slip a little bit at least.

While, granted, there are certainly Safari problems, note that a lot of the "bugs" in Safari are because it actually implements standards correctly. Most pages which don't load are IE-specific or are "broken" so as to work in IE. As IE is pushed to the back burner, perhaps more sites will actually use the real web standards when building their pages.

Use the W3C's Validator (http://validator.w3.org) and CSS Validator (http://jigsaw.w3.org/css-validator) to show how bad most sites are.

That's good to know, I'll continue to recommend Firefox to every PC user I know. When are people going to get tired of using substandard products already? On a side note, I feel lucky not to have had any update related technical problems. Knock on wood.

After update:
Safari crashes and I cannot launch most of apps, no ICal, DiskUtility, Iphoto, IMovie, SoftwareUpdate, not even message that app has crashed. It just makes few jumps in the Dock and that's about it. Launching of any app takes forever.
Closing an app takes forever as well, if it closes at all.

I installed update on 10.3.5. I did repair permissions with panther cache cleaner.

Now I have to go for clean install I guess. Any sugestions?

Thanks

Miro
www.fotoserver.sk

Hello Miro,

sorry to hear that, but thanks for the update. I will not install this ! :(

Scratch that..... I'm just slow.
I did the update.. had no problems at all.

It's more down to increased usage of these softwares that these fixes are being created, than anything to do with Mac usage (which I believe is actually falling a little?).

Actually, that's the common "user base" vs. "market share" confusion. Mac usage is increasing, not falling. More users does mean more chances to catch issues. The only way Mac usage could decrease is if more Macs were being thrown away than bought. Even when an old Mac is replaced with a new Mac it is sometimes (even often!) given to someone else or otherwise made useful, rather than thrown out. And lots of Macs go to people who never had one before (former PC users, "adders," and first-time computer buyers like students).

And if Mac usage is increasing, OS X's share of that is increasing even faster: it's not 100% of the Macs already out there, but it IS nearly 100% of the Macs being sold today. Also, an old OS 9 or lower Mac is far more likely to be thrown away than a recent OS X Mac. And people are switching some older machines from 9 to X too.

Current Mac buying is at a lower rate than current Windows buying--but that just means Windows is growing faster. Mac is still growing too.

And in fact, PCs don't last as long and stay usable--so old PCs are more likely to get thrown out than old Macs. So I wouldn't be at ALL surprised if Mac usage is increasing faster than Windows usage. Sales numbers don't tell us that.

For those that are confused on prebinding. WHen a system update does "optimizing" it is just running the update_prebinding command that you are free to run from the command line.

This is *not* disk optimizing that Panther does automatically (for files under 20MB).

I have a theory - can anyone back me up on it. Apple releases a new major OS update which is quick because it doesn't have to patch all this stuff. People find security holes and now all the patches get in the way and slow things down. It just seems like each time I install one of these patches things to slow down a bit. Any experience from anyone?

Uhm... no. A patch isn't like patching a tire. Apple doesn't add code to the system, they replace it. Your system isn't doing this
- run crappy code
- ooh! a patch, ignore crappy code
- run good code.

When you install an update, it replaces old code with new code. The new code usually only has a few lines added or changed - basically checking array sizes, etc. for overflows. It won't run noticeably slower.

After installing the update I now can not access the itunes music store UK (or any other countries for that matter). When trying to access the store itunes gives me the message "You must upgrade to the latest version of itunes to use the itunes Music Store", I am using version 4.6 and accessed the store earlier today. I am also having the web site rendering issues with the sites mentioned above, however it is possible to get around this by using a different agent. 800mhz imac :mad:

The update killed my FTP, as well.

Of course, my file sharing between mac and pc has never worked quite like it's supposed to, so maybe I'm due for a re-install to try to work out those issues. That and how slow my machine has gotten lately.

Anyhow, the FTP issue looks like a major oversight in the testing for this update. :mad:


Killed my ftp service.. can't log in anymore.. apple forums say something about where tnt looks for the passwords. apple - please fix! :)

Absolutly - therefore I don't understand why so many people are voting negative. At the moment there are 60 positive votes and 40 negative votes. Is that because a lot of people are having problems with this update ? Just would like to know that before I am installing it.

Thanks and Cheers
CmdrLaForge

I only vote negative to prove the fact that the ratings are meaningless. What does negative mean?

Does it mean I don't like apple, does it mean I don't like updates, does it mean I don't like to reboot my machine after an update, does it mean it hosed my machine after installing?

So I pretty much vote negative on every article. Unless of course most folks are voting negative, then I will vote positive. It is pretty much meaningless so I would never pay any attention to the positive/negative ratings.

Fedex works ok ... about bestbuy and compusa ... is apple taking marketing tactics up? ... :p ... Apple must be working on that...

Every system in our office running Safari has trouble with the layout of Fedex.com after the update.
IE looks fine and systems pre-update look fine in IE or Safari.
Anyone know what is going on here??

After update:
Safari crashes and I cannot launch most of apps, no ICal, DiskUtility, Iphoto, IMovie, SoftwareUpdate, not even message that app has crashed. It just makes few jumps in the Dock and that's about it. Launching of any app takes forever.
Closing an app takes forever as well, if it closes at all.

I installed update on 10.3.5. I did repair permissions with panther cache cleaner.

Now I have to go for clean install I guess. Any sugestions?

Thanks

Miro
www.fotoserver.sk

I had exactly the same problem on both a rev A DP 1.8 amd a Sp 1.25 G4

I did an archive install and got things working again. I am wonderng if this is related to the font issue that alot of apple aps were having. i have moved a few fonts in my systems. hummmm.

-ray

I suppose the security flaw in File Vault is not fixable with 10.3?

Every system in our office running Safari has trouble with the layout of Fedex.com after the update.
IE looks fine and systems pre-update look fine in IE or Safari.
Anyone know what is going on here??

you're right, fedex became crazy... but scrolling down has helped, still is really terrible that kind of rendering...

The biggest problem I noticed is that my ftp server died! I should have waited because that is a critical app for me now I have to wait until Apple fixes it!!! Is there a way to do a system restore like in XP??

Killed my ftp service.. can't log in anymore.. apple forums say something about where tnt looks for the passwords. apple - please fix! :)

sorry to sound like a nerd but you really shouldn't use FTP. at the very least, use sftp. SCP is better. If you use FTP, even as a casual user, you're asking for trouble.

The biggest problem I noticed is that my ftp server died! I should have waited because that is a critical app for me now I have to wait until Apple fixes it!!! Is there a way to do a system restore like in XP??

Yes, i installed Panther again on the same HD, the installer will ask you if you want to replace the "more current" system, say yes and and under options choose archive and install, this will preserve your settings. there will still be a few things that you will have to fix (quark 6.1 needed to have some componets reinstalld, etc.) but both my machines are up ad running SANS the secrity update after doing this.

-ray

It is me or does it seem that there are more security updates than ever from Apple??

A couple of years ago security updates were infrequently, but now it seems that they a coming every couple of months - does this indicate slippage in quality control??? :confused:

You're right Apple shouldn't be releasing any security updates, and should just leave Mac OS X vulnerable.

Fried my permissions, couldn't shut down, couldn't reboot.

It's always the same couple of files every damn time, plus a few new ones.

I spose it's got lots to chose from, Mac OS X is pretty damn extravagant.

I remember in the OS 9 days, my system folder had exactly 232 files and I used to be able to name half of them off the top of my head. OS X just doesn't have any personality, it just works all the time.. so depressing, I miss my 6400/200 :(

Here's a pic (note that the below drive does not have any user home directories, just a couple programs and OS X):

I just spent the last 3 hours fixing my roommates Wintel computer that has been restarting as many as 4 times a day for some unknown reason. STOP errors are so much fun. Once I got that fixed it had a driver_corrupted_mmpool error that took an hour by itself to figure out how to fix (being a Mac user it took me a little longer than many seasoned wintel users i am sure) and then downloaded SP2 which proceded to really start messing **** up. First it didnt recognize the keyboard, and once i got into the BIOS we found that his 2500+ Barton had been OCed to 10% higher than it should have been. Thankfully it all works now (also had some problems with the video card driver for some reason).

At the end of the day to get online and get a simple security update and have it work is almost anti climactic. There is no fear of me becoming a Wintel user in the forseable future.

Has anyone noticed any problems with waking up your system aftet the last security update?

My 17" PowerBook has been having some problems waking up. I am sure it is from the last security update since it was not doing it before.

Has anyone noticed any problems with waking up your system aftet the last security update?

My 17" PowerBook has been having some problems waking up. I am sure it is from the last security update since it was not doing it before.

Apologies to those for whom I am teaching to suck eggs, but with all the problems, particularly this one, the FTP servers, the iTunes not working, try repairing permissions:

Open /Applications/Utilitities/Disk Utility, select your hard drive and click on "Repair Disk Permissions". Ideally you should do this after every Installer based install (as opposed to drag and drop install) and regularly (once a month or so for me seems to be fine).

I highly recommend Panther Cache Cleaner for this and other maintenance tasks, especially on laptops. Running daily/weekly/monthly maintenace scripts through PCC does wonders for my TiBook performance.

Hope it helps.

Sanjay

Apologies to those for whom I am teaching to suck eggs, but with all the problems, particularly this one, the FTP servers, the iTunes not working, try repairing permissions:

Open /Applications/Utilitities/Disk Utility, select your hard drive and click on "Repair Disk Permissions". Ideally you should do this after every Installer based install (as opposed to drag and drop install) and regularly (once a month or so for me seems to be fine).
Sanjay

If you are installing through sys pref --> software update it should automatically repair permissions.

If you are installing through sys pref --> software update it should automatically repair permissions.

I thought it updated pre-bindings ("Optimising...") but not repair permissions?

From www.macfixit.com:

Upgrade procedure In order to help avoid problems like the aforementioned from occurring, be sure to follow our recommended procedure for applying significant system updates:

-Make sure your hard drive is in good shape: Boot from the OS X Install CD and run Disk Utility's Repair Disk function (or use a third-party drive utility such as DiskWarrior or TechTool Pro).
-When booted from the volume containing Mac OS X, run Disk Utility's Repair Disk Permissions function.
-Install the update.
-After rebooting, again run Repair Disk Permissions.

Sanjay

Has anyone noticed any problems with waking up your system aftet the last security update?

My 17" PowerBook has been having some problems waking up. I am sure it is from the last security update since it was not doing it before.

I have. My 15" SuperDrive PowerBook crashes sometimes when waking from sleep. No Kernel Panic, no anything, it just completely locks up. :(

Yes.. The FTP is broken now. Thanx apple.

after the patch
FTP server (tnftpd 20040810) ready.

on my other mac without the patch
(lukemftpd 1.1) ready.

I need FTP for transfering files between my PC and Mac.

We all know how sucky the SMB is. I get 12meg sek when I FTP. When I use SMB iget 1megabit.. transfer one DVD takes 12 hours instead of 8 minutes. :eek:

Has anyone noticed any problems with waking up your system aftet the last security update?

My 17" PowerBook has been having some problems waking up. I am sure it is from the last security update since it was not doing it before.

not for me. 15" al PB superdrive. no problems at all waking up.

J

Apologies to those for whom I am teaching to suck eggs, but with all the problems, particularly this one, the FTP servers, the iTunes not working, try repairing permissions:

Open /Applications/Utilitities/Disk Utility, select your hard drive and click on "Repair Disk Permissions". Ideally you should do this after every Installer based install (as opposed to drag and drop install) and regularly (once a month or so for me seems to be fine).

I highly recommend Panther Cache Cleaner for this and other maintenance tasks, especially on laptops. Running daily/weekly/monthly maintenace scripts through PCC does wonders for my TiBook performance.

Hope it helps.

Sanjay

Eggs or not, I ran repair permissions and also checked my system with TechTools Pro 4. As an added bonus I ran Macaroni which conducts maintenance regularly on my system.

All I know is, and I'm obviously not 100% sure that this was the cause, that after having installed this update, my sound card has gone AWOL, first some clicks then a screech, like feedback, and the dead, after a reboot still nothing, after another reboot, Volume at full volume, but then drifting in and out, I have set the volume to the lowest setting possible, and it still blows my ears off, surely it can't be the soundcard has just died! :mad:

17" Power Book and a very unhappy owner right now.

I have. My 15" SuperDrive PowerBook crashes sometimes when waking from sleep. No Kernel Panic, no anything, it just completely locks up. :(

I'm having the same problem since the security update, but additionally I'm having Kernal panics. Unfortunately for me, I did the security update and upgraded my RAM (transcend 512mb) at the same time, so I'm trying to figure out if its the ram or the update.

The locking up is weird. I'll close the lid and it'll go to sleep, but then the display doesn't come back up and the sleep light doesn't come on. Usually I'll have to reboot about 4 or 5 times before it comes back to life.

Quite a bummer. Maybe there will be an update in the next few days.

Yes, BUT...

3. There are a lot of whiners going "waaaa, I want my type-and-creator metadata",

THEREFORE

Apple chose to use HFS+ as the filesystem instead of UFS (or JFS/XFS/ext3/reiserfs) to accomodate 1 - 3 above.



bwahaha...whiners. Yeah, because metadata is much less elegant than...uh, you know, file extensions, which sometimes appear at the end of filenames, which sometimes don't, and the mere presence of which can fool certain users into believing files will open with a particular application.

You're just grumpy that 10.4 is going to offer more support for HFS+ features, not less. (http://daringfireball.net/2004/07/spotlight_on_spotlight)

bwahaha...whiners. Yeah, because metadata is much less elegant than...uh, you know, file extensions, which sometimes appear at the end of filenames, which sometimes don't, and the mere presence of which can fool certain users into believing files will open with a particular application.

You're just grumpy that 10.4 is going to offer more support for HFS+ features, not less. (http://daringfireball.net/2004/07/spotlight_on_spotlight)

I used UFS on OS X for a while, until I found out everything is case sensitive.. I don't know that crap!

I wonder if some of the symptoms people report after an update (especially the ones reported by only a single person) are simply the result of previous problems that came to light because the Mac was restarted.

I'm not talking about the patch making things work faster. I'm talking about it being slower on the same machine after the patch. I don't expect my G4 to run like my G5 (that's why I bought a G5). I was just wondering if it was more code to go through and slowed it down. I am also glad that Apple is staying on top of things.

Of course your machine is going to seem slower right after you boot up - there's hardly anything populating the various caches that were populated before you rebooted. Filesystem cache. Linker cache. Finder's memory caching.

Makes sense now?

/dale

Looks like this security update broke Safari. A number of websites that used to open up fine before the update now do not work right. Compusa, Fedex, etc... are having problems. I hope Apple can put out a fix for this soon.

Looks like this security update broke Safari. A number of websites that used to open up fine before the update now do not work right. Compusa, Fedex, etc... are having problems. I hope Apple can put out a fix for this soon.

It's not Apple's fault. Rather, its poor planning on the part of a often-used web page authoring tool. Read this for an explanation:

http://xlr8yourmac.com/archives/sep04/090804.html#S18029

/dale

...browsing with IE is like having sex without a condom.

Damn. This makes me almost want to try IE again. What version has this "feature"? I'm guessing that you must have some sort of special input device. :D :p


I think Microsoft should use this in a marketing campaign.

It's not Apple's fault. Rather, its poor planning on the part of a often-used web page authoring tool. Read this for an explanation:

/dale

You can blame whoever you like...

I look to apple (and pay apple for) a browser that works.

If they have to make adjustments so be it...

Apple owns this one

You can blame whoever you like...

I look to apple (and pay apple for) a browser that works.

If they have to make adjustments so be it...

Apple owns this one

Poor coding of a website is not Apple's fault, if these sites followed guideline's there would not be a problem.

Reminds me of FrontPage...

Looks like this security update broke Safari. A number of websites that used to open up fine before the update now do not work right. Compusa, Fedex, etc... are having problems. I hope Apple can put out a fix for this soon.

Considering that the W3C validator claims 14 errors for Fedex and can't validate CompUSA because of junk characters, perhaps they should be fixing their websites rather than Apple or anyone else generating workarounds.

You can blame whoever you like...

I look to apple (and pay apple for) a browser that works.

If they have to make adjustments so be it...

Apple owns this one

If you paid for Safari, you got ripped off. http://bellsouthpwp.net/g/s/gserv2/gifs/lol.gif

I just wish more and more webmasters would look at their pages in other browsers to see how they load (or don't load). But because every one thinks everyone out there is using IE they don't. :(

Note: I do not know what the stats are on what browser in lead. Just making a note of what I have seen in some of the ISPs I've worked for in the past.

Hugh



While, granted, there are certainly Safari problems, note that a lot of the "bugs" in Safari are because it actually implements standards correctly. Most pages which don't load are IE-specific or are "broken" so as to work in IE. As IE is pushed to the back burner, perhaps more sites will actually use the real web standards when building their pages.

Use the W3C's Validator (http://validator.w3.org) and CSS Validator (http://jigsaw.w3.org/css-validator) to show how bad most sites are.

If you paid for Safari, you got ripped off. http://bellsouthpwp.net/g/s/gserv2/gifs/lol.gif

I think he means that he payed for OS X which entitles him to use Safari (so he is in essence paying for Safari).

Really, it can't be too easy to keep on top of every OS flaw, it's a work in progress. I'm sure they will have a fix soon.

The bottom line is, they fixed a security/rendering flaw in safari that allowed this improperly scripted menu system to run. IE is generally viewed as forgiving to poor code, this is one of my big pet peeves, they are just promoting non-standards code, which is why pages like these are now not appearing correctly.

For those having problems, go to Accelerate Your Mac (http://www.xlr8yourmac.com), as mentioned. They have some fixes and advice.

Looks like some of these webmasters are fixing there websites so when Safari opens them they don't look like a mess. Compusa, FedexUS, etc.. are all starting to work fine now.

Poor coding of a website is not Apple's fault, if these sites followed guideline's there would not be a problem.

Reminds me of FrontPage...

I am not assigning fault... I don't care and it does not get me anywhere.

I am assigning responsibility to make it work... and I am assigning it to Apple.

You can spread blame however you like... but the company that makes it works is the one that will get the business.... regardless of who is at fault.

Like it or not... it is apples job to make Safari robust enough to work

Update worked fine for me, as always.

Lots of Winblows trolls around here I think.

I am not assigning fault... I don't care and it does not get me anywhere.

I am assigning responsibility to make it work... and I am assigning it to Apple.

You can spread blame however you like... but the company that makes it works is the one that will get the business.... regardless of who is at fault.

Like it or not... it is apples job to make Safari robust enough to work

That does not make any sense, why should Apple have to make their product inferior to work with some crappy script that has holes. Comp USA appears to have resolved the issue already, so the problem was obviously on their site.

That does not make any sense, why should Apple have to make their product inferior to work with some crappy script that has holes. Comp USA appears to have resolved the issue already, so the problem was obviously on their site.


How exactly does making a product work on MORE sites make it inferior?

How exactly does making a product work on MORE sites make it inferior?

the idea is that only improperly coded sites don't load in safari. they might work in IE since IE is so forgiving of bad code. however, changing safari to not follow the rules isn't entirely a good thing, even if it lets less well written web sites load up. every site that has been coded properly can load up. that is the responsibility of those web site creators, not safari.

I have the ability to contact and speak to the authors of the knowledgebase, and they are currently investigating as to the causes of the problems with web browsing after the security update. They know that websites designed with an older version of OpenCube software break with the latest Security Update, and that a new version of OpenCube that software should fix that problem for those webmasters who use it. Contact the webmasters whose sites break with Safari and let them know an update to OpenCube is imminent if not already released, and that they should apply it for better compatibility with web browsers. Meanwhile, you can change your User Agent with Safari Enhancer's enabling of the Debug menu to another browser while using Safari and browsing those websites. Safari Enhancer can be downloaded here:

http://www.lordofthecows.com/safari_enhancer.php

the idea is that only improperly coded sites don't load in safari. they might work in IE since IE is so forgiving of bad code. however, changing safari to not follow the rules isn't entirely a good thing, even if it lets less well written web sites load up. every site that has been coded properly can load up. that is the responsibility of those web site creators, not safari.

You can debate it all you like, but people will eventually move to browsers that work fastest with the most sites.

If there is another browser that can load more sites than Safari.... regardless of fault or responsability... that is a plus for that browser over safari.

You can debate it all you like, but people will eventually move to browsers that work fastest with the most sites.

If there is another browser that can load more sites than Safari.... regardless of fault or responsability... that is a plus for that browser over safari.

Personally I am glad that Safari has fixed this flaw, if sites are broken it is now going to be painfully apparent to the webmaster, forcing them to use standards compliant code. If more websites are coded properly it will raise awareness of accessibility needs.

It's a win win situation, so way to go out for pointing out glaring flaws in design, force them to make their sites work properly with added market share. I hope that Mozilla creates a similar fix to raise the number of user affected. Cut the IE specific crap already.

How exactly does making a product work on MORE sites make it inferior?

You have an incorrect view of the Internet. Browsers do not work on sites, sites work on browsers. Web authors create websites, and they can choose to be lazy and only worry about one browser, or try to stick to standards and ensure their site will work on more than one browser - but it's their choice, and their responsibility if they work for an organization whose site should be usable by lots of people.

It's like writing software for different Operating Systems. You can write for Windows and leave it at that because most people use Windows, or your company can get more business by supporting Mac OS X and Linux... Of course, it will cost them more to support multiple OSes, and maybe it's not worth it to them.

If the next version of Intuit's Quicken didn't work correctly on Windows XP, it's up to Intuit to make sure they fix it.

Sure, it's possible that Safari could have a bug (or bugs) such that it improperly interprets some standard web code - but you wouldn't know that just by finding a site that doesn't work. Your first thought with any standards-compliant web browser should be "Hey, this site doesn't work, I'm going to contact the site owners and let them know they may have an error in their code" just like you would contact Quicken if you found a bug in *their* software.

Then the site owners might discover their code is correct and complain to Apple, or tell you to complain to Apple - that's fine. But the first assumption should be that the website running on the browser is broken, not that the browser running it is broken.

OK, was that a bowling ball I just heard drop or did the average IQ on these boards drop around 100 points? Microsoft have a browser that hates PNG files, which are more than slightly common. It also throws up errors on the most basic of pages. Sure, Safari sometimes has glitches, but IE is pretty much the same. The difference is, Safari displays all the pictures and is only a few years old.

PNG. Remember that. IE doesn't like PNG. Makes the bugs in Safari look like ants before a hippo.



Rich::

Personally I am glad that Safari has fixed this flaw, if sites are broken it is now going to be painfully apparent to the webmaster, forcing them to use standards compliant code. If more websites are coded properly it will raise awareness of accessibility needs.

It's a win win situation, so way to go out for pointing out glaring flaws in design, force them to make their sites work properly with added market share. I hope that Mozilla creates a similar fix to raise the number of user affected. Cut the IE specific crap already.

unfortunately life does not work that way... most people will either not use the site or, if they need/want it badly enough, will download a browser that the site can load into.

The question is, does apple want to make their browser more robust and give it the ability to load sites that are poorly written or not.

for a company that needs to gain market share, not lose it the answer is clear. Make your product strong enough to overcome the deficiencies others may have.

Personally I am glad that Safari has fixed this flaw, if sites are broken it is now going to be painfully apparent to the webmaster, forcing them to use standards compliant code. If more websites are coded properly it will raise awareness of accessibility needs.

It's a win win situation, so way to go out for pointing out glaring flaws in design, force them to make their sites work properly with added market share. I hope that Mozilla creates a similar fix to raise the number of user affected. Cut the IE specific crap already.

Who will be aware if no one tells them? Web developers don't always test for every browser, esp. if their development tools don't care about Safari or Mozilla browsers. I've been on websites that did not work correctly and sent feedback to the webmaster, only to be told that everything works fine in Internet Exploder.

There are some government agencies and organizations that prohibit use of Internet Explorer because of security concerns. Perhaps that will help convince businesses that there is more to life than Internet Explorer as they develop and test their web sites.

That's true. UK residents have been advised to use alternative browsers, such as Opera and Netscape.




Rich::

Who will be aware if no one tells them? Web developers don't always test for every browser, esp. if their development tools don't care about Safari or Mozilla browsers. I've been on websites that did not work correctly and sent feedback to the webmaster, only to be told that everything works fine in Internet Exploder.

I email webmasters links to the W3 validator all the time letting them know if their site does not work properly in certain browsers, I think some admins are starting to get the message. CompUSA obviously got the message that their site was improperly coded.

In regards to making browsers "more robust" this is a fallacy, there are a set of standards set forth by the W3 that will allow any page to be displayed properly in any browser. In addition to being cross browser compliant it will allow for adaptive software to read pages properly. The bottom line is that the web has a clearly defined purpose, it is a medium of information exchange not an advertisement. Information in this medium should be made freely available anyway that the user wants to access it.

I email webmasters links to the W3 validator all the time letting them know if their site does not work properly in certain browsers, I think some admins are starting to get the message. CompUSA obviously got the message that their site was improperly coded.

In regards to making browsers "more robust" this is a fallacy, there are a set of standards set forth by the W3 that will allow any page to be displayed properly in any browser. In addition to being cross browser compliant it will allow for adaptive software to read pages properly. The bottom line is that the web has a clearly defined purpose, it is a medium of information exchange not an advertisement. Information in this medium should be made freely available anyway that the user wants to access it.


EXACTLY!

CompUSA's web page was broke in Safari thanks to this fix. I then went through to the feedback page and told them what was wrong. they e-mailed me back that they'd check into and in LESS then a day it was fixed (maybe I was nto the only one). Apple fixed a bug that allowed the page to work. That bug needed to be fixed. Microsoft on the other hand let's all kinds of crap through. That would include all those exploits. I would rather have the following:

1. A browser that follows standards or at least tries to. Safari does this very well.
2. The Webmasters to design pages that work on all browsers. Come on people...it's NOT that hard!
3. Having anything say sorry will only work in IE or on Windows will send me TO ANOTHER COMPANY!
4. Making Apple's browser load and render incorrectly coded web pages is something noone wants. Trust me. It also doesn't make the browser more "robust". You want ActiveX plugin's to work? You want the same damn thing poor Windows users have to put up with day in and day out...then just use Windows....leave activex outta my Mac. I don't want spyware and the like being dropped on my machine.

Again, webmasters should check. I don't care if you use frontpage....you should still check. I don't care if you use Windows, PLEASE check!

looks like bestbuy.com is having some problems as well. check it out.

looks like bestbuy.com is having some problems as well. check it out.

Looks like the same thing that we saw on the other sites. Just use the contact button and inform them! :D

not sure if it's been mentioned but: http://www.opencube.com/updates.html

EXACTLY!

4. Making Apple's browser load and render incorrectly coded web pages is something no one wants.




Why would somebody not want a browser that would load and render all pages regardless how well they were coded?

If its possible for a browser to render a page ... even if the code is not perfect, is this not an advantage over one that can't?

You are taking a very strict stance on this issue that does not apply to the real world. People just want it to work. If it words on IE and not Safari they think that IE is better (which is a logical conclusion). The general population does not turn around and blame the site for poor code. They don't think about it that hard. They know two things. It works on the M$ product and not the apple.

Looks like they have a fix. See Software Update for Security Update 2004-09-07 Version 1.1.

Why would somebody not want a browser that would load and render all pages regardless how well they were coded?

If its possible for a browser to render a page ... even if the code is not perfect, is this not an advantage over one that can't?

You are taking a very strict stance on this issue that does not apply to the real world. People just want it to work. If it words on IE and not Safari they think that IE is better (which is a logical conclusion). The general population does not turn around and blame the site for poor code. They don't think about it that hard. They know two things. It works on the M$ product and not the apple.

Oh where do I start? Let's see....if a web page is coded incorrectly just like any other computer problem it should have a problem rendering it. The only standard that hsould be adhered to is the standards as set by W3C...NOT MICROSOFT. If everyone just coded their page to that standard, we'd not have issues of pages breaking when Apple finds a hole. If this kind of thing starts, you will have a literal break down of the internet. W3C sets these standards for interopability. Granted, if they fix it, it will only because we users wanted it the wrong way instead of the right way. This will end up like the netscape/IE war all over again except it will also include Safari/Konquerer, Opera and other browsers. I am sick of browsers that don't follow the standard. Safari has been pretty good with this respect. Also, as some have noticed, it's easy to get some companies attention. Case in point, when the patch was released, CompUSA's website was broken. Within less then a day, they had it fixed. How many of you e-mailed website developers and had that quick of a response? They even replied to my e-mail.

Looks like they have a fix. See Software Update for Security Update 2004-09-07 Version 1.1.
Yep, I just got it. Glad to see they were able to fix the Safari/web site issue. There's also an explanation on Yahoo about it: http://story.news.yahoo.com/news?tmpl=story&cid=77&e=1&u=/mc/20040914/tc_mc/securityupdate20040907revised

And sleep mode fix for SP G5s is out too! Yay

In addition to the FTP problems noted by others, I started having issues with Mail and Safari. Mail wouldn't reliably connect to my mail accounts, either inbound or outbound, and Safari seemed to hang on every other page. It felt as though dns lookups were randomly failing. Meanwhile, my wife's in the other room doing mail and browsing without problems (XP):(

Anyway, I applied the v1.1 update and all is well, again.