The Talk Show: Live From WWDC
7:00pm Tuesday  •  California Theatre
Tickets Available  •  Fun Will Be Had

By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: November 1, 2006

Wednesday, 1 November 2006

New iPod Shuffles Are Arriving ★

Photos on Flickr showing the new iPod Shuffle packaging.

Dragster 1.0 ★

Very clever $20 Dock-based file transfer utility from Ambrosia. Drag files onto Dragster’s Dock icon and a list of drop targets pops up.

Ou, Baby ★

If I knew who The Macalope was, I’d buy him (her? it?) a beer.

George Ou Jizzes His Pants ★

George Ou is so excited about the “zero day” AirPort exploit released today that, shockingly, he’s gotten important facts wrong, even after they were spelled out for him in detail:

According to Brian Krebs, Apple’s Lynn Fox told him that “This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs.” But the flaw affects all “Airport enabled Macs” which are the PowerPC based Macs that comprise roughly half of the Mac market. The “AirPort Extreme enabled Macs” are the newer Intel based Macs.

Wrong. “AirPort Extreme” is Apple’s marketing name for the IEEE 802.11g 54 Mbps wireless networking protocol. They’ve been using it since January 2003, long before the switch to Intel processors earlier this year. “AirPort”, which is what today’s exploit attacks, is Apple’s marketing name for the older 802.11b 11 Mbps protocol.

So, in short:

• All Intel-based Macs use AirPort Extreme;
• All PowerPC Macs sold after 2003 use AirPort Extreme;
• Today’s exploit attacks regular old non-Extreme AirPort;
• These facts are all easy to discover for yourself by taking 90 seconds to Google for “AirPort Extreme”;
• George Ou is a jackass.

Apple Statement on AirPort Exploit ★

Brian Krebs got the following statement from Apple spokeswoman Lynn Fox:

“We were recently made aware of this security issue in our first generation AirPort card, which has not shipped since October 2003. This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs. We are currently investigating the issue.”

AirPort Exploit Against Older PowerBooks and iMacs Published ★

Note the filename of the example exploit script.

Brian Krebs has a post on the exploit, along with a brief interview with the author, “H D Moore”:

Q: Do you have to using Kismet or the Airport utility to be compromised by this?

HD: This particular exploit only seems to trigger when the card is in active scanning mode. I was able to trigger a similar bug when the card is in “idle” (non-associated) state, but I need more time to investigate it before I can give you more information.

In other words, yes, the published exploit only works when the card is in active scanning mode, so even if you have a vulnerable machine, you’re probably not vulnerable in normal use.

Darren Aronofsky on Computer-Generated Effects ★

His new science fiction film, The Fountain, doesn’t use CGI:

“No matter how good CGI looks at first, it dates quickly,” he says. “But 2001 really holds up. So I set the ridiculous goal of making a film that would reinvent space without using CGI.”

(Via Kottke.)

Using Safari’s Debug Menu to Measure Page Load Time ★

Useful tip for web developers from Maciej Stachowiak.

Trusted Computing for Mac OS X ★

Remember last year when it first became known that Apple’s Intel hardware was equipped with TPM “trusted computing” hardware, and a bunch of ninnies called it the beginning of the end?

The TPM hardware is in fact present on shipping Intel-based Macs, but according to Amit Singh, Apple isn’t using it. Singh has written and released an open source driver for the TPM hardware, along with this documentation and executive summary of how it works. I love the way that Singh doesn’t just publish the software, but takes the time to explain it in such detail.

Working With the WebKit Nightly Builds ★

New ADC article with useful info for both web developers and Mac developers using Web Kit.

George Ou, Still a Jackass ★

Martin McKeay on George Ou:

I don’t want to flame George, but he was wrong, combative and sensationalist. Even when he was shown to be wrong, rather than apologize and admit to his mistake, he furthers his attack on the Computerworld article and Tyler Reguly.

Why Tim Berners-Lee is Wrong ★

Elliotte Rusty Harold:

XHTML is not the problem. Well-formedness is certainly not the problem. Hell, even namespaces aren’t really the problem although they’re clunky and ugly and everyone hates them. The problem is that the W3C has abandoned HTML for years. HTML hasn’t moved forward since 1999. No wonder browser vendors are getting antsy.

FlexTime 1.1 ★

Daniel Jalkut:

This release has a markedly different (improved, I’d say) interface, that was inspired in large part by the HIG speech that John Gruber delivered at C4.

About the Security Content of Xcode Tools 2.4.1 ★

Xcode 2.4.1 is out, and in addition to the usual bug fixes, there’s a security fix for an issue with GDB and DWARF binaries. Just a small 923 MB download.

Insomnia Film Festival ★

Apple is sponsoring a 24-hour filmmaking contest for students:

On Friday, November 10 at 5 p.m. Eastern (2 p.m. Pacific), we will post a list of three elements that you will need to incorporate into your story. From that time, you will have 24 hours to finish and submit your completed short film.

(Via Scott McNulty.)

Speaking of Halloween ★

Fake Steve:

If you hear about some California high school punks sent to the emergency room at Stanford with mouths stuffed with dog shit, well, it wasn’t us. Honest.

So Long, and Thanks for All the Reflections ★

Microsoft shuts down Max, their photo-whatever beta that no one I know ever used. (Thanks to John Siracusa for the headline.)