Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Safari On Windows Broken On First Day

kdawson posted more than 7 years ago | from the bigger-they-come dept.

Bug 595

An anonymous reader writes "David Maynor, infamous for the Apple Wi-Fi hack, has discovered bugs in the Windows version of Safari mere hours after it was released. He notes in the blog that his company does not report vulnerabilities to Apple. His claimed catch for 'an afternoon of idle futzing': 4 DoS bugs and 2 remote execution vulnerabilities." Separately, within 2 hours Thor Larholm found a URL protocol handler command injection vulnerability that allows remote command execution.

cancel ×

595 comments

Sorry! There are no comments related to the filter you selected.

He notes in the blog that his company does not (2, Insightful)

gsfprez (27403) | more than 7 years ago | (#19473621)

report vulnerabilities to Apple because he is a total fsckwad loser attention hound.

Thanks for the news about the vunerabilities, Paris Maynor.

Re:He notes in the blog that his company does not (0, Flamebait)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#19473641)

because he is a total fsckwad loser attention hound.

I wondered who'd be the first to launch an ad hominem attack - and look, right in the first comment.

Thanks for reaffirming my faith in Apple Fanboi nature.

Re:He notes in the blog that his company does not (5, Insightful)

ubernostrum (219442) | more than 7 years ago | (#19473837)

I wondered who'd be the first to launch an ad hominem attack - and look, right in the first comment.

How about we try it this way:

Maynor claims to be a professional security researcher. One of the cornerstones of professionalism in that field is responsible disclosure of discovered vulnerabilities. Another is full disclosure of vulnerability details after a vendor has had a reasonable amount of time to correct the vulnerability. Yet another is working to advance the overall state of computer security. But Maynor has a track record of irresponsible, partial-at-best disclosure: he claims discovery of vulnerabilities while proclaiming that he will not report them to the vendor, and strives to hide the details of his discoveries from open review by his peers in the security community (for example, witness the endless controversy over the alleged MacBook wifi hack, all of which could have been settled quickly and objectively by simple peer review of the exploit he claimed to have used). And none of this can, so far as I can see, be construed as advancing the state of computer security in any fashion.

In other words, there is no sense of the word "professionalism" for his field which seems to be reasonably applicable to Maynor. Before you go screaming "ad hominem" or "Apple Fanboi", take note of two things:

  1. All I've criticized here are the man's methods, not the man himself. I don't even speculate to his motives for operating the way he does.
  2. I'm typing this on a MacBook Pro, and I do like both it and the operating system it runs, but neither are particularly essential to me -- at this point I can move between (Unix-y) operating systems with relative ease, and occasionally do as needed (prior to this MacBook, I used various forms of Linux exclusively for about six years, and still use them on a regular basis. The only OS I have a prejudice against is Windows, and I've even got that available, virtualized, when I need to test things in it).

I await your reply.

shooting the messenger is now + 5 insightful? (-1, Troll)

siddesu (698447) | more than 7 years ago | (#19474087)

Wow, a company releases a product that puts their customers in danger, and boo-hoo, the fanbois go after the whistleblowers. How about the professionalism of Apple developers/testers/managers?

Re:He notes in the blog that his company does not (1)

kernelpanicked (882802) | more than 7 years ago | (#19473861)

Well no shock that you were modded flamebait. I mean you made a rational comment on an Apple article, WTF. Looks like I'll have to read comments at -1 yet again to get anything insightful out of this discussion, as is the case with just about every Apple related article. Truth is, if the guy had reported the bugs/vulnerabilities to Apple, they more than likely would have done what they always do, wait months to push a fix out or just deny their existence altogether.

Re:He notes in the blog that his company does not (5, Insightful)

argent (18001) | more than 7 years ago | (#19474047)

Truth is, if the guy had reported the bugs/vulnerabilities to Apple, they more than likely would have done what they always do, wait months to push a fix out or just deny their existence altogether.

Did you read the disclosure policy?

Keeping with our disclosure policy, we do not report bugs to Apple.

It doesn't say

Keeping with our disclosure policy, we do not wait for a response to the bugs we report.

If it said that, your comment would make sense. That would be something like ... "We don't think Apple will fix it, so we won't wait before announcing it". I could see that (though not agree with it). But "We don't think Apple will fix it, so we won't even TELL them about it" is totally irresponsible. The only "rational" interpretation of that is he actively wants to make it harder to improve the security of Safari.

Do you have a better explanation, or a justification for that approach?

Re:He notes in the blog that his company does not (1)

speaker of the truth (1112181) | more than 7 years ago | (#19473899)

As someone who has never used a Mac or Apple software, its pretty dicky of him not to report it.

Re:He notes in the blog that his company does not (5, Insightful)

Kadin2048 (468275) | more than 7 years ago | (#19473645)

Yeah -- what the hell.

I can understand not sitting on a vulnerability -- there are some valid points both for and against full disclosure -- but not notifying the company at all? WTF.

This is the sort of stuff that just makes the whole IT security industry, and everyone involved in it, look dangerous and irresponsible.

Re:He notes in the blog that his company does not (-1, Flamebait)

aichpvee (631243) | more than 7 years ago | (#19473695)

Maybe they should start paying for the world. Releasing buggy software and expecting people to QA it for you FOR FREE is insane. Maybe apple, microsoft, and the rest of these asshole companies should start hiring some decent testers. You fanbois can stop whining too, or are you offering to compensate these guys for bug testing your favorite lame software?

Re:He notes in the blog that his company does not (3, Interesting)

DA_MAN_DA_MYTH (182037) | more than 7 years ago | (#19473795)

Maybe they should start paying for the world. Releasing buggy software and expecting people to QA it for you FOR FREE is insane. Maybe apple, microsoft, and the rest of these asshole companies should start hiring some decent testers. You fanbois can stop whining too, or are you offering to compensate these guys for bug testing your favorite lame software?

Ah yes, giving away FREE software and expecting people to use it for FREE. In turn for that FREE use, if someone finds a bug it's absolutely ludicrous to expect them to report it.

Now mind you I understand why they may be giving it out for FREE, probably so people can FREEly develop for the iPhone, widgets and browser.

Maybe they should have created an IDE that wasn't FREE so you can pay for the tools to develop on their FREE platform, and use that money to pay for the QA department, so I can be FREE of you haters and your whining.

Re:He notes in the blog that his company does not (3, Insightful)

speaker of the truth (1112181) | more than 7 years ago | (#19473961)

Ah yes, giving away FREE software and expecting people to use it for FREE. In turn for that FREE use, if someone finds a bug it's absolutely ludicrous to expect them to report it.
Of course it is. There is no way I'd expect my mother to report a bug. However what isn't ridiculous is expecting someone who deliberately seeks out a bug, has the ability to reproduce it, and has blogged about it and also calls themselves a security analyst, to actually report the bug. Heck, only a link to his blog post would probably be helpful to Apple. That takes very little effort on his part, so its not unreasonable to expect it.

Re:He notes in the blog that his company does not (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19474115)

There is no way I'd expect my mother to report a bug.
Why on earth would you be letting your mother run beta software?

Re:He notes in the blog that his company does not (1)

dwater (72834) | more than 7 years ago | (#19474111)

Nothing apple does is for free. Everything they do is designed to make you want to give them more of your money. That might be now, it might be later, but none of it is free. It's a US public company, so what else would you expect?

Re:He notes in the blog that his company does not (1)

Tickletaint (1088359) | more than 7 years ago | (#19474139)

Nothing you do is for free. Everything you do is designed to make others want to give you more of what you want. You're only human; what else would you expect?

IOW, a copout argument.

Re:He notes in the blog that his company does not (1)

jeffasselin (566598) | more than 7 years ago | (#19473827)

Yeah! Really! You talk to them dude! They should like totally do like my best friends and CHARGE them for the PRIVILEGE of beta testing their applications!

They released a beta version of a program with the usual disclaimers about how it's not finished, and should not be used in a production environment, and are not forcing anyone to use it. What's your problem?

Re:He notes in the blog that his company does not (1)

lena_10326 (1100441) | more than 7 years ago | (#19473869)

They released a beta version of a program with the usual disclaimers about how it's not finished, and should not be used in a production environment, and are not forcing anyone to use it. What's your problem?
Nobody forces anyone to use Firefox... but the bugs are taken pretty seriously and get fixed pretty quickly with that one. Huh.

Even if your software is free, you really oughta do your best to make sure it's not crippled with fatal security holes--discovered within hours I might add.

Re:He notes in the blog that his company does not (1)

ceoyoyo (59147) | more than 7 years ago | (#19474129)

Have you ever used a beta of Firefox? The bugs might get taken seriously but they are definitely there. Remember, Safari for Windows is a Beta. Not only that it's a pre-1.0 version (it may not be numbered that way, but it has never been released before).

Re:He notes in the blog that his company does not (1)

KillerBob (217953) | more than 7 years ago | (#19473865)

the whole point of a beta is the "we think we got it working right, seems to work in the lab, but we know we missed something so we're going to let the enthusiasts try it out because we know they'll find it" phase.

Re:He notes in the blog that his company does not (1)

Jeff DeMaagd (2015) | more than 7 years ago | (#19474021)

Why should he even bother to discover the hole? He's not getting money for it. He's doing it for the attention, I guess. Does that attention net him any more customers? I don't know, but given that most white-hat security researchers have an ethos to report security flaws, I guess that puts this guy as likely being in the gray-hat category, and I wouldn't want to support him.

I know that companies should put out better software, but this is a beta. Very buggy for beta, but still. I don't know why Apple released it, I think they too just needed PR or to prove that it's not a vaporware product. I'm pretty sure that they are aware that it's still a seriously flawed, premature product.

Re:He notes in the blog that his company does not (0)

Anonymous Coward | more than 7 years ago | (#19473859)

This is the sort of stuff that just makes the whole IT security industry, and everyone involved in it, look dangerous and irresponsible.

What bullshit. You know what makes the IT industry look bad? Companies that constantly release programs RIDDLED WITH SECURITY HOLES.

Seriously, step back and think about it. What responsibility does this guy have to Apple, to you, to me, to anyone? ZERO. Now think.. is it more than the responsibility that *APPLE* has to its customers?

It's shameful that software quality gets *worse* and *worse* with every year that goes buy.

Now it's your turn to go "WAH WAH WAH PROGRAMMING IS HARD!!!" and tell me I should just suck it up and deal with the fact that "all software had security holes". Then I'll tell you, if that's the case, that YOU should suck it up and EXPECT THEM TO BE REPORTED.

telling Apple would be insane (5, Funny)

r00t (33219) | more than 7 years ago | (#19474097)

These things are worth a lot. Spammers, governments, mobsters... all will pay. You even get your choice of payment method:

*euros
*credit card numbers
*yuan
*underage virgins
*dollars
*shekels
*death to your enemies
*rubles
*pounds, British money
*pounds, crack cocaine

Just be sure to not rip off the buyer. Most of the buyers have nasty ways to kill you. Some of them have polonium. Some of them have penis pills.

Re:He notes in the blog that his company does not (1)

krswan (465308) | more than 7 years ago | (#19473659)

I'm sure that Apple appreciates the volunteer work he has done on their beta software.

NO BECAUSE APPLE USERS ARE FUCKING FAGS (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19473673)

YOU GAY ASS APPLE FANBOYS BEND OVER AND FUCK EACH OTHER IN THE ASS WITH STEVE JOBS ANUS LUBE, WHO THE FUCK WOULD USE THIS CRAP ON WINDOWS?

Important Stuff
Please try to keep posts on topic.
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
If you want replies to your comments sent to you, consider logging in or creating an account.
Problems regarding accounts or comment posting should be sent to CowboyNeal.

Re:He notes in the blog that his company does not (1)

AchiIIe (974900) | more than 7 years ago | (#19473753)

Agreed, and I would also like to remind fellow slashdotters that Maynor did indeed fake the wifi hack,
Here is a video I made debunking their proof: http://video.google.com/videoplay?docid=1468187717 11399295 [google.com]
My guess is that they got a buffer overflow but had not yet found the correct location in memory to write their shellcode. They still have not...

Re:He notes in the blog that his company does not (1, Troll)

timmarhy (659436) | more than 7 years ago | (#19474023)

he already outlined why he did it - apple threatened to sue if he disassembled the airport, so he used a clone no name model which used the exact same drivers (where the problem lays).

Where is the bookmark sidebar? (1)

NateE (247273) | more than 7 years ago | (#19473771)

I've never tried Safari before. Haven't had any major problems with it on XP so far.

However, I'm desperate to have a bookmark sidebar. I can see all my bookmarks in the Bookmarks menu. Also the Bookmarks Bar works fine. I can Show All Bookmarks to display them all in a page. How can I have a bookmark sidebar like Firefox or IE? Thats the only way I normally surf!

I actually use the nice Menu Editor add-on in Firefox to hide the Bookmarks menu. Since I never used it.

Re:Where is the bookmark sidebar? (1)

Myen (734499) | more than 7 years ago | (#19473879)

New Safari user here too. Yay win32.

The little book icon on the left end of the bookmarks toolbar, or Bookmarks -> Show All Bookmarks.

Re:Where is the bookmark sidebar? (1)

NateE (247273) | more than 7 years ago | (#19473981)

When I click on that button it does a Show All Bookmarks. I want an always open sidebar where I can navigate around within my bookmark folders.

Not to do a Show All Bookmarks. Find my bookmark. Click. Taken to the web page. Want to open a 2nd bookmark in a new tab. Have to re-open Show All Bookmarks.

Re:He notes in the blog that his company does not (0)

Anonymous Coward | more than 7 years ago | (#19473819)

report vulnerabilities to Apple because he is a total fsckwad loser attention hound.
But he's soooo LEET! I want to suck his cock!

Re:He notes in the blog that his company does not (1)

timmarhy (659436) | more than 7 years ago | (#19473977)

i wouldn't either, apple are ligitgation happy

Re:He notes in the blog that his company does not (0)

Anonymous Coward | more than 7 years ago | (#19473979)

gsfprez, you are a karma whore. looking at some of your previous posts it's pretty damn clear if this was a MS product you would have been cheering him on. Grow up you hypocrite.

Maybe that's because... (5, Insightful)

YowzaTheYuzzum (774454) | more than 7 years ago | (#19473625)

... it's a beta version.

Re:Maybe that's because... (0, Troll)

nschubach (922175) | more than 7 years ago | (#19473729)

...and it's on Windows.

Re:Maybe that's because... (0)

Anonymous Coward | more than 7 years ago | (#19473801)

...and it's on Windows.

muwahahahahaha...

(okay I saw this joke a few days ago here, I just need to get it off my system.. :) )

Re:Maybe that's because... (2, Insightful)

jeffasselin (566598) | more than 7 years ago | (#19473945)

Indeed. The issue not being that Windows is less secure, but that it's a different platform, and as such would expose any code to completely different vulnerabilities.

Re:Maybe that's because... (3, Interesting)

gbulmash (688770) | more than 7 years ago | (#19473773)

What makes me scratch my head... if these guys can find holes in a few hours, why can't Apple? It's not like these guys spent months to find some really obscure bug. They banged away with known attack vectors and got near-instant results. In a case like that, "it's a beta", particularly when it's been hyped at a big event, rings VERY hollow.

IMO... If you release it quietly, so only the diehards are really pounding it, you can keep the "it's a beta" excuse. If you hype the release, you lose the excuse.

- Greg

Re:Maybe that's because... (3, Insightful)

cgenman (325138) | more than 7 years ago | (#19474063)

What makes me scratch my head... if these guys can find holes in a few hours, why can't Apple?

Because 100,000k security researchers and hackers all typing away at keyboards will eventually write Shakespeare?

I don't care how bright your engineers are or how well you've planned your security model, the moment you put it on the 'net it WILL be hacked. That doesn't mean it will stay hacked, so much as the task of securing a system against simulated internal attacks will uncover different problems than putting it in the wild.

Re:Maybe that's because... (0, Flamebait)

DogDude (805747) | more than 7 years ago | (#19473775)

A software beta means that the developers are reasonably sure that it's ready for the public to use. They're relatively sure they've gotten out all of the bugs found in Development and Alpha testing. Beta isn't supposed to find major crashes. It's designed to find the smaller bugs that the testing team overlooked, and tweak the user experience.

Apple does not release decent Windows software. Case in point: iTunes is a terrible mess. I'm not surprised Safari Beta is this bad.

Re:Maybe that's because... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19473933)

Dude, that's what beta meant twenty years ago. Today, Beta means they've not found any show-stopper bugs during in-house testing.

Fact of the matter is that most of the larger pieces of software running around are in a continual state of development and testing; from the day of release, to the day the product is EOL'd, people are hacking around on it. If you're going to be pedantic, go crawl up Microsoft's ass, you might find someone else like yourself.

Re:Maybe that's because... (4, Insightful)

moosesocks (264553) | more than 7 years ago | (#19474107)

Eh. iTunes on Windows is alright in my opinion.

It's quicktime that's the absolute mess -- It's gotten better since iTunes came along, but compared to the lightweight framework that it is on the mac, the windows version absolutely sucks. It's just an incredibly sluggish, and somewhat useless media player.

On OS X, Quicktime is essentially a fairly versatile media framework that, given the proper codec, can play just about anything. Virtually all mac applications that require the manipulation of media files utilize it. The file format also allows for some pretty darn cool nondestructive editing -- Final Cut Pro is more or less just a fancy utility for manipulating QuickTime files.

QuickTime player is simply a front-end application that makes use of the framework. Its Windows counterpart is a mere shadow of its former self.

On the other hand, VLC natively plays every format under the sun on every platform under the sun. Come to think of it, it's the only app I know of that works extremely well on all 3 major platforms (Firefox isn't so hot on the mac)

Many people blame the presence of a Windows version for preventing Apple from transitioning iTunes over to a Cocoa app. I can hardly blame them either -- Cocoa apps tend to be a bit more stable and 'snappy' (it's a really nice framework)

I wouldn't completely knock Safari without giving it a chance. Safari itself was based off of KHTML (and the Apple devs still contribute back regularly to the KDE/Konqueror folks). If they ported it once, porting it twice shouldn't be a terribly huge issue once the initial kinks are worked out.

Re:Maybe that's because... (1)

LO0G (606364) | more than 7 years ago | (#19473863)

Could you imagine the screams of outrage if Microsoft, Mozilla or Opera would have released a beta browser with those kinds of problems?

Think about it - whileit's unquestionable that both Thor and David are very talented hackers, but they both indicated that they didn't even look very hard to find the problems they found.

Re:Maybe that's because... (3, Insightful)

Jeff DeMaagd (2015) | more than 7 years ago | (#19473901)

Given the complaints I've seen elsewhere, I think that the quality is closer to alpha stage development. Usually, "public beta" is done on software that's almost ready for use, but has minor bugs. The reports I've seen are that there are a lot of serious bugs in rendering and stability, and now, major security problems.

Beta (0)

Anonymous Coward | more than 7 years ago | (#19473627)

They call it beta for a reason...

It has not been released (0, Redundant)

Utopia (149375) | more than 7 years ago | (#19473629)

Its still in beta.

looks like apple's learning from google (0, Redundant)

everphilski (877346) | more than 7 years ago | (#19473677)

keep stuff in beta :P

Uhhh...its beta? (1, Informative)

protohiro1 (590732) | more than 7 years ago | (#19473631)

I mean, you kind of expect there are going to be some bugs...this is a Good Thing and the reason you release a public beta, (in addition to getting buzz) you can shake out the bugs.

Well... (0)

ch0ke (129779) | more than 7 years ago | (#19473633)

Um, beta.

Wow (5, Informative)

mabinogi (74033) | more than 7 years ago | (#19473639)

Bugs in the first public beta release!
Who would've thought it!

Incidentally, it doesn't seem to like authenticating proxies at all, so my first experience with it was a bug too :/

However, making a big deal of, but not reporting bugs found in a beta release of something seems more than a little silly.

Bugs in a beta?! (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19473643)

I am SHOCKED!

Say it isn't so! (1)

QuijiboIsAWord (715586) | more than 7 years ago | (#19473647)

Bugs in a beta version of a program thats being incredibly heavily scrutinized by everyone looking for something to crow about!?
That's unpossible!

I've said it before and I'll say it again (2, Insightful)

pboyd2004 (860767) | more than 7 years ago | (#19473649)

I'm not surprised. Apple really doesn't write more secure code, they just have a lower market share and thus aren't as much of a target.

And alot of their success at security on Mac OS is just them inheriting some of their security from the BSD kernel which I'm positive beats the hell out of the Windows kernel in terms of security.

Re:I've said it before and I'll say it again (1)

Grail (18233) | more than 7 years ago | (#19473803)

I'm not surprised. Apple really doesn't write more secure code, they just have a lower market share and thus aren't as much of a target.
... and these vulnerabilities aren't in the Mac OS X version of Safari because ... ?

Re:I've said it before and I'll say it again (0)

Anonymous Coward | more than 7 years ago | (#19473951)

Who says they aren't? Why wouldn't they?

If they aren't, maybe it's because Apple is trying to drum up ill will against Windows for being insecure? I wouldn't put it past them.

Re:I've said it before and I'll say it again (1)

clang_jangle (975789) | more than 7 years ago | (#19474017)

Yes, I'm sure you did and certain you will, but it's too bad really. You are just showing off your lack of understanding of OS design principles.

Installing Safari 3 public beta on G4? (1)

nebbian (564148) | more than 7 years ago | (#19473651)

OK the system requirements say that you need OS X 10.4.9, 256MB RAM, and 50 meg of disk space.

I'm running 10.4.9, 1.25 GB RAM on a Powerbook G4, have 18 GB spare on my HD, yet the installer says:
"You cannot install Safari Beta 3 on this volume. This volume doesn't meet the requirements for this update."

Anyone else getting this error? Anyone know of a workaround? How can you tell why the installer is stopping?

Re:Installing Safari 3 public beta on G4? (2, Informative)

Anonymous Coward | more than 7 years ago | (#19473757)

Make sure your current copy of Safari is still in /Applications/. The beta won't install otherwise.

Re:Installing Safari 3 public beta on G4? (1)

nebbian (564148) | more than 7 years ago | (#19474007)

Perfect, I moved it back and now everything's installing fine.

Thanks for that!

Re:Installing Safari 3 public beta on G4? (1)

appleguru (1030562) | more than 7 years ago | (#19473841)

You can always go grab the latest webkit over at http://webkit.org/ [webkit.org]

It's the same as Safari, but without the installer... Nightly builds are made from the current source code repositary.

Today's build (r22084) is the same as the 3.0 public beta (Version 3.0 (522.11))

Re:Installing Safari 3 public beta on G4? (1)

gorrepati (866378) | more than 7 years ago | (#19473881)

May be it is not a Universal binary.

Re:Installing Safari 3 public beta on G4? (0)

Anonymous Coward | more than 7 years ago | (#19473903)

Your Mac has detected the lack of Kool-aid consumption to complete the install. ...Actually I just think I just invalidated my mac with this comment.

Re:Installing Safari 3 public beta on G4? (0)

Anonymous Coward | more than 7 years ago | (#19473935)

Put Safari.app back in the Applications folder, then try again.

Safari...? Windows...is the issue - backend! (0, Troll)

djupedal (584558) | more than 7 years ago | (#19473653)

And...when Safari reaches, oh, say, 10% ~ 20% of the level of breach-possibles that any of the current IE clients are facing, let us know, eh?

Until then, the mud on the carpet came in on your shoes, not mine.

Beta (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#19473655)

Wait - someone found bugs in a public beta?

And yet, (0, Troll)

WindBourne (631190) | more than 7 years ago | (#19473663)

it is still more secure than MSIE.

it's beta (0, Redundant)

pbjones (315127) | more than 7 years ago | (#19473669)

it's beta, report the bugs

Re:it's beta (2, Interesting)

josepha48 (13953) | more than 7 years ago | (#19473745)

I have noticed posts like this on /. in the past year or so. Someone releases a beta and then people say it has bugs and it is broken. They said the same thing when IE7 beta's were released. What is it about the word beta that people on /. don't get?

From wikipedia -> http://en.wikipedia.org/wiki/Software_release_cycl e#Beta [wikipedia.org] , this is a prototype / preview / early access.

Report the bugs and they will probably get fixed.

I'm amazed that things like this get to the story line on /. .

You think the apple developers will be up late (1)

lena_10326 (1100441) | more than 7 years ago | (#19473715)

....tonight? :)

*stretch* *yawn*

Time for bed. I know I'll be sleepin while they be codin.

Fuzzing, not futzing. Proofread much? (3, Informative)

lennier (44736) | more than 7 years ago | (#19473717)

The quote is "an afternoon of idle _fuzzing_". As in fuzz testing [wikipedia.org] .

Re:Fuzzing, not futzing. Proofread much? (1)

modecx (130548) | more than 7 years ago | (#19473985)

Dammit all to hell, I was looking forward to a thoughtfully written analysis on belly-button lint... And this is what you come up with? Pfeh...

yes, safari is faster! (4, Funny)

alta (1263) | more than 7 years ago | (#19473759)

Remote code execution 2.5 times faster than FF on windows!

the point? (0, Redundant)

thesupermikey (220055) | more than 7 years ago | (#19473787)

isnt this the point of betas....to find bugs?
why is this news?

Alpha or Beta? (5, Informative)

eebra82 (907996) | more than 7 years ago | (#19473789)

I was actually looking forward to try this browser out, but to my surprise, I could not even make it work.

The installation was smooth without any unexpected bumps on the road. First when I loaded the program, I noticed that no menu fonts nor any fonts whatsoever on the web pages existed. To make it worse, the browser would crash every time I clicked on anything with interactivity, such as the stop button. I have read quite a few solutions to this problem but so far no success. I run Win XP SP2, btw.

Anyway, there are more problems around the corner. According to the Apple forum, people can't play Windows Media files, dual monitor support is very buggy, some buttons screw up the GUI when pressed down and dragged, loads of spontaneous lockups, random letters appearing everywhere, installation problems, parental control issues and more. [apple.com]

Also, I am not a big fan of customized GUI:s for crucial applications like a web browser. We should be able to use Windows ClearType instead of the ported OSX version (which sucks), and most importantly, we should be able to use the standard Windows themes. I don't get why Apple thinks the average Windows user would want a significantly altered browser that looks nothing like the rest of the operating system he or she is using. How would Mac users react if Internet Explorer was ported with the Windows theme?

I think it looks like a promising project, but I am worried because it's not in Apple's nature to release beta software with so many bugs and so little heart put into it.

Re:Alpha or Beta? (1)

falcon5768 (629591) | more than 7 years ago | (#19473871)

How would Mac users react if Internet Explorer was ported with the Windows theme?
Ask them, IE 5 WAS ported with the windows theme. It wasnt until Office X that the MBU started designing things more along the lines of the Mac ascetic but even then, you can tell its a windows program.

Re:Alpha or Beta? (2, Funny)

SpeedyDX (1014595) | more than 7 years ago | (#19473889)

How would Mac users react if Internet Explorer was ported with the Windows theme?
If it's Internet Explorer, the theme would be the last thing I'd be worrying about.

Re:Alpha or Beta? (2, Interesting)

cowscows (103644) | more than 7 years ago | (#19474127)

I have no inside knowledge of any of Apple's plans, but I wonder if they didn't sort of rush the Safari for Windows beta release to quell a bit of the noise that some people have been making about the lack of 3rd party development for the iPhone. Along with this new version of safari, Apple announced today that the way to get your app onto the iPhone is through web applications, and safari is what the iPhone is going to be running. And I guess they decided to release Safari for windows now, just to show that they're serious about letting devs work on iPhone Apps.

Apple most likely wants as much free press about the iPhone as is possible as it gets closer to its release date, so why not get the dev community a little more excited. It sucks that this safari beta isn't quite ready, but safari is pretty well respected on the mac, so I have faith that it'll quickly improve on Windows.

So many keep saying "but it's a BETA" (5, Insightful)

lena_10326 (1100441) | more than 7 years ago | (#19473793)

..."that you should expect bugs in a BETA"

Come on. You have to admit remote execution of any cmd is pretty bad even for a beta. This ain't your run of the mill bug, like a UI glitch or rendering type of bug. It makes the beta unusable and thus not a very useful beta. (Unless you're testing how your own trusted website looks under Safari.)

Re:So many keep saying "but it's a BETA" (4, Insightful)

mabinogi (74033) | more than 7 years ago | (#19473853)

Well the point of a Beta release is to increase the userbase so as to increase the amount of testing.

If they could guarantee they could get the security bugs out before releasing a Beta version, then they'd be able to guarantee they could get all the other bugs out too, so then it wouldn't be a Beta release, but a final release.

You just have to accept that if a company has said "this is a beta release, it will have bugs", that it will have bugs - all types of bugs, not just "safe" bugs. Also, the severity of the effect of a bug has no correlation with how easy it is to locate.

People have become way too complacent about trying beta quality software these days. Don't try it if you don't want to take the risk.

Re:So many keep saying "but it's a BETA" (4, Insightful)

lena_10326 (1100441) | more than 7 years ago | (#19473983)

Well the point of a Beta release is to increase the userbase so as to increase the amount of testing.
Yea. Increase the userbase. Of course, they just did the opposite and scared them away. Lesson here: never show your unfinished work. A first impression only comes once.

You just have to accept that if a company has said "this is a beta release, it will have bugs", that it will have bugs - all types of bugs, not just "safe" bugs.
A bug that lets any old script kiddie put up a page that can execute del /S c:\* on my PC is beyond the level of anyone's expectation of a bug. Why would I bother with Safari now? Sure. They'll release another, new, improved beta... bug free, but will I trust them?

No.

Even with a free beta I have a reasonable level of expectation. That the program not destroy my machine with basic usage. That the program not allow remote execution. That the program provide some core functionality as advertised. This version of Safari is well below those expectations.

It's nice that they're offering an alternative (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19473797)

But I won't be trying it since other Apple products like iTunes and Quicktime still run like crap on Windows.

Thanks but no thanks.

Another hackable part of Safari/Windows (2, Interesting)

Bri3D (584578) | more than 7 years ago | (#19473815)

Apple includes CoreFoundation.dll and CoreGraphics.dll, which have the same exports as the OSX frameworks.
Therefore it's possible to use the OSX CoreFoundation and CoreGraphics headers to link to the Windows DLLs natively and create native Windows "psuedo-OSX" apps.
I believe CoreFoundation.dll has been around with WebObjects for Windows NT for a while, but I think CoreGraphics.dll is a new Apple "release" (I remember some anger over Apple not porting CoreGraphics when WebObjects/NT first came out).
I've documented some of what I've poked around today (just a screenshot and simple description for the moment) at http://pages.brianledbetter.com/ [brianledbetter.com]

Re:Another hackable part of Safari/Windows (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19474149)

your "proof" consists of a screenshot of an irc session in which you claim it works. Try again.

gives a new meaning to: (0)

Anonymous Coward | more than 7 years ago | (#19473825)

bugs on a safari trip.

Raping Infants To Death HOWTO by Scott Lockwood (0)

Anonymous Coward | more than 7 years ago | (#19473849)

ror?

It's crap (0, Troll)

MSBob (307239) | more than 7 years ago | (#19473897)

I just installed it and fired it up on XP. Resizing the browser window takes 4 seconds on a 3 GHz P4 with 1 Gig of Ram. I am not joking. In terms of UI sluggishness nothing beats apple software. Not even Java Swing. It's absolutely horrendous. Save your selves the trouble and skip this browser. Truly nothing to see here.

Re:It's crap (1)

AKAImBatman (238306) | more than 7 years ago | (#19474003)

Why don't you try giving it a chance to load? On my computer it's slow for the first 30 seconds, then speeds up. Presumably this is because it's still background loading all the features, menu items, graphics, etc. A final release would presumably have this load time either hidden behind a splash screen or optimized away.

Re:It's crap (1)

lena_10326 (1100441) | more than 7 years ago | (#19474117)

Hmm. I found it to be rather speedy on XP. On a lowly AMD 1.1 GHz with 1GB RAM. Fully patched.

If not for the super thin 1 pixel wide left and bottom window edges; the resize issue as you and others mentioned; the very poor font smoothing that I could not turn off; and, these security problems, I'd have given it a fair chance over the coming week.

Re:It's crap (1)

KarmaMB84 (743001) | more than 7 years ago | (#19474123)

Well, with my slower CPU it just barely lags behind the mouse when I resize the windows. Perhaps it's a graphics driver/card issue on your machine.

Maybe I need a tinfoil hat... (5, Insightful)

AikonMGB (1013995) | more than 7 years ago | (#19473919)

... but the first thing that I thought of was that here you have an app (Safari) that works perfectly fine on Macs; as soon as it gets ported to Windows, BAM, instantly full of vulnerabilities. Would Apple go so far as to break their own product to deface an opponent in the OS arena?

Aikon-

Re:Maybe I need a tinfoil hat... (1)

ibentmywookie (819547) | more than 7 years ago | (#19474099)

That would just make Apple look bad, not windows. Apple software on windows has to shine, otherwise people will get turned off them and will never bother trying a Mac.

Re:Maybe I need a tinfoil hat... (1)

theantipop (803016) | more than 7 years ago | (#19474119)

Not when they have so much to gain through widespread adoption of their browser. Apple released Safari multiplatform so developers would be more confident developing with Safari support in mind. Undermining MS isn't worth the potential loss of revenue this move could bring in.

Safari or Windows vuls? (4, Informative)

BRSloth (578824) | more than 7 years ago | (#19473965)

I wonder how many of those vulnerabilities are actually Safari/KHTML code and how many of those are Windows vulnerabilities.

IIRC, Firefox had that "URL protocol handler command injection" vulnerability (or something around those lines, correct me if I'm wrong) a few years ago and FF developers said it was the way Windows handles protocols. In the end, they had to change the way URLs are handled inside FF to prevent Windows from catching it.

Re:Safari or Windows vuls? (1)

argent (18001) | more than 7 years ago | (#19474073)

OS X has the same problem.

http://www.scarydevil.com/~peter/io/osx-security.h tml [scarydevil.com]

(and several other notes on http://www.scarydevil.com/~peter/io/ [scarydevil.com] )

As I noted in my comment on larholm.com, this is a long running design flaw in both ahem-mainstream-ahem operating systems. It's really not safe for any browser or other application to trust LaunchServices *or* Windows protocol handler database. The handlers that are suitable for a desktop environment are not generally the ones you want to use from untrusted documents.

I've found some bugs, too.. (1)

the_rajah (749499) | more than 7 years ago | (#19473999)

The http://wunderground.com/ [wunderground.com] site has multiple functions that cause a MS error message, which I don't allow to send information to MS, and then it closes the browser. I used the bug report feature in the browser when I restarted it.

Non security bugs (0)

Anonymous Coward | more than 7 years ago | (#19474029)

Seems to disappear when I maximize it on my second monitor. Lets see if reporting bugs via the menu actually works.

It is also pig slow, hopefully because it is a debug build.

GOD HELP US ALL! (0, Redundant)

milatchi (694575) | more than 7 years ago | (#19474035)

bugs in the Windows version of Safari mere hours after it was released. 4 DoS bugs and 2 remote execution vulnerabilities, a URL protocol handler command injection vulnerability that allows remote command execution.

GOD HELP US ALL!
Then again, it is a beta.

Beta (0, Redundant)

hanju (1001674) | more than 7 years ago | (#19474061)

Ummm. It's beta. or didn't you notice that.

not safari specific (0)

Anonymous Coward | more than 7 years ago | (#19474075)

the command exploit is actually due to inherent problems with the gopher protocol, not safari's handling of it. IE had the same problem (MS eventually removed gopher support entirely to fix it). Firefox/mozilla/netscape had the same problem (they now run a url sanitizer which breaks some legal urls, but nobody uses gopher anyhow). Despite his claim contrary, the bug is in windows/firefox's handling of command line arguments. Yeah, apple could sanitize it or disable gopher altogether.

It's a BETA (0, Troll)

Dragon of the Pants (913545) | more than 7 years ago | (#19474077)

This is completely outrageous. Betas aren't allowed to have bugs! For the love of God they could ruin us all!

Netscape? IE? (1)

OrangeTide (124937) | more than 7 years ago | (#19474147)

the first versions of those were so stable though?

(so stable that many of us used Mosaics until maybe 10 years ago, when netscape 4.0 came out)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?