With this release of VMware Fusion we’re now approaching what virtualization should be. Check out these features:

• Improved Unity functionality so that you can run your Windows apps right on your Mac. Now includes Linux Unity support
• Mapping and mirroring folders between Windows and OS X, e.g. Pictures, Documents, etc.
• Vastly improved performance and less resource usage
• Full support for all major guest operating systems
• Keyboard and mouse keyboard mapping
• Automated snapshots for a “Time Machine”-like backup experience for virutal systems
• View Windows content with Leopard’s QuickView
• Dock and Status bar notifications for guest applications

Links

[ VMware Fusion | vmware.com ]

Delicious Library is one of the coolest pieces of software I’ve seen in years. It allows you to categorize your books (and other media) using OS X. It has a crapload of features, but I only need to tell you about 1.

Yeah, you read it right. You use your iSight camera on your Mac to scan in your media using the barcode. Then it pulls all the book’s content from Amazon.

Truly sick.

ArsTechnica

A fellow security blogger, Michael Farnum, has posted a piece that I felt compelled to respond to. In the post he essentially complains that most of the pro-pc/anti-mac commentary he reads at Computerworld get modded down, while the pro-mac/anti-pc stuff he sees usually gets modded up.

He goes on to write:

So if you own a Mac and you think it is the best thing since sliced silicone, then more power to you. Just get off your preppy horse with a quasi-Mohawk and an earring and quit telling us PC owners that we are stupid. Sheesh…

I can help you, Michael. The problem is that just as some Mac fanboys are too rabid about loving their Macs, you’ve become too emotional as well — but in the opposite direction.

The fact is that there are extremely compelling reasons to be using a Mac instead of a PC — especially if you’re in information security. OS X is more stable, more secure (the reasons why is a separate discussion) and gives you access to UNIX power and great package management systems all from a highly usable GUI. These are the reasons people love it.

Look at Jeremiah Grossman. Look at Marty Roesch. Do you think they are silly fanboys on a bandwagon? Hell, just go to any serious security conference and see what most of the speakers are using. In the vast majority of cases it’s OS X or Linux. Most high-end security guys that I know who use Windows have to do so because of where they work, and they’re pissed about it.

There’s a reason for that.

Seriously, man, don’t be emotional about it. I agree the fanboy frenzy is annoying at times, but the reactions you’re seeing are actually powered by truth. Spend a month using OS X exclusively and see if you don’t agree.:

Safari is an excellent browser for many reasons; its speed, clean aesthetics and ease of use are attractive from the outset. In addition to these obvious strengths there are a few extremely attractive features of Safari that most are unaware of.

1. Browsing and Search Snapback
2. URL Path Navigation
3. Web Inspector
4. Activity Window
5. Inline Dictionary
6. Selection to Speech
7. Quick Notes
8. Email Page Link
9. Visual History

Browsing and Search Snapback

Search snapback allows you to instantly jump back to the original search you made after clicking on a bunch of results. So if you originally searched for programming, and you clicked on a bunch of Wikipedia links and didn’t find what you want you can, with one action, instantly get back to the original Google results.

There are two ways to do it; you can click the little orange arrow to the right of the search as seen above, or you can use the keyboard shortcut — option-command-s

You can do the same thing with browsing as well, but it works slightly differently. If you type an address into the URL bar and go to that page as your initial page in a tab or window, that page is marked as your snapback page. You can then go anywhere else and snapback to it by hitting the orange arrow or by using the keyboard shortcut — option-command-p

You can also set a new snapback location by marking a current page as your snapback location. The fastest way to do that is with the keyboard shortcut — option-command-k , but you can do it from the history menu as well.

URL Path Navigation

It’s also possible to view and navigate through the various levels of a nested site using Safari. So on my site, for example, I have the root, then /study, then various pages. Well from one of the nested pages I can right-click the title of the page and see exactly where I am on the site. And from there I can navigate up if I want to.

Web Inspector

With the latest version of Safari (3.1) you can now inspect HTML and CSS elements right from your browser. The functionality is similar to the Firebug extension for Firefox, and gives you all sorts of information that’s helpful during web development and design.

To enable the functionality just go to Preferences –> Advanced, and select Show Develop Menu in Menu Bar. Once you’ve done this you can then right-click on various elements in the browser and select Inspect Element.:

Activity Window

The Activity Window is visible by going to Window –> Activity on the menu bar, or via the shortcut — option-command-a. This functionality lets you see what pages, images and scripts are downloading behind the scenes when you browse the web. Open a few pages and check out the Activity Window; it’s surprising how much goes on when you click a single link.

Inline Dictionary

Safari, being a Cocoa app (OS X), allows us to instantly define words we find. Simply highlight the word and hit the ctrl-cmd-d shortcut. So if I highlight the word “functionality” in Safari and hit the shortcut, here’s what I get.

Selection to Speech

This is another one that Cocoa affords us and is therefore available in Safari. It’s probably not useful on a day-to-day basis, but it’s great for showing OS X off to those who have yet to see the light. When in Safari, highlight any portion of text and select Services –> Speech –> Start Speaking Text. The amount of power we have from that Safari menu, through Cocoa, is just staggering.

Quick Notes

One of the really powerful features of Safari is the ability to instantly capture text to a note-taking interface — in this case Stickies. When you’re browsing and need to capture a bit of information, simply highlight the text in question and click shift-cmd-y. This will take whatever you had highlighted and pull it into a Stickie note for safe keeping.

Email Page Link

Another task that’s frequently performed is emailing the link to the current page you’re on. So normally when you want to send the link to a friend it takes multiple steps, but you can copy the link and paste it into a new email in a single keyboard shortcut — shift-cmd-i.:

Visual History

One of Safari’s nice touches is the ability to visually recognize sites in your history based on their favicons. It’s minor, but in a major way.

Conclusion

I think these features, combined with the obvious ones, make a pretty strong case for Safari being the best browser out there. If we could just get a few bits of functionality from Firefox and/or Opera it’d be a done deal. Also, many thanks to the commenters on the original article who pointed out the features that I included in this expanded version.:

If you’re an efficiency/productivity nut like I am you are probably also obsessed with keyboard shortcuts. One of the main ones for me is the ability to close documents in OS X without saving them.

So, given the dialog above, how do you select “Don’t Save” without using your mouse? You can’t use the arrow keys, and you can’t use the tab key. It was annoying me, so I looked it up.

Turns out it’s simple enough: ⌘-D — for “Don’t Save”. :)

[ Edit: Evidently you can also just hit the spacebar if you have full keyboard access turned on. Thanks Jon. ]

Safari is an excellent browser for many reasons; its speed, clean aesthetics and ease of use are attractive from the outset. In addition to these obvious strengths there are a few extremely attractive features of Safari that most are unaware of.

1. Browsing and Search Snapback
2. URL Path Navigation
3. Web Inspector
4. Activity Window
5. Inline Dictionary
6. Selection to Speech
7. Quick Notes
8. Email Page Link

Browsing and Search Snapback

Search snapback allows you to instantly jump back to the original search you made after clicking on a bunch of results. So if you originally searched for programming, and you clicked on a bunch of Wikipedia links and didn’t find what you want you can, with one action, instantly get back to the original Google results.

There are two ways to do it; you can click the little orange arrow to the right of the search as seen above, or you can use the keyboard shortcut — option-command-s

You can do the same thing with browsing as well, but it works slightly differently. If you type an address into the URL bar and go to that page as your initial page in a tab or window, that page is marked as your snapback page. You can then go anywhere else and snapback to it by hitting the orange arrow or by using the keyboard shortcut — option-command-p

You can also set a new snapback location by marking a current page as your snapback location. The fastest way to do that is with the keyboard shortcut — option-command-k , but you can do it from the history menu as well.

URL Path Navigation

It’s also possible to view and navigate through the various levels of a nested site using Safari. So on my site, for example, I have the root, then /study, then various pages. Well from one of the nested pages I can right-click the title of the page and see exactly where I am on the site. And from there I can navigate up if I want to.

Web Inspector

With the latest version of Safari (3.1) you can now inspect HTML and CSS elements right from your browser. The functionality is similar to the Firebug extension for Firefox, and gives you all sorts of information that’s helpful during web development and design.

To enable the functionality just go to Preferences –> Advanced, and select Show Develop Menu in Menu Bar. Once you’ve done this you can then right-click on various elements in the browser and select Inspect Element.:

Activity Window

The Activity Window is visible by going to Window –> Activity on the menu bar, or via the shortcut — option-command-a. This functionality lets you see what pages, images and scripts are downloading behind the scenes when you browse the web. Open a few pages and check out the Activity Window; it’s surprising how much goes on when you click a single link.

Inline Dictionary

Safari, being a Cocoa app (OS X), allows us to instantly define words we find. Simply highlight the word and hit the ctrl-cmd-d shortcut. So if I highlight the word “functionality” in Safari and hit the shortcut, here’s what I get.

Selection to Speech

This is another one that Cocoa affords us and is therefore available in Safari. It’s probably not useful on a day-to-day basis, but it’s great for showing OS X off to those who have yet to see the light. When in Safari, highlight any portion of text and select Services –> Speech –> Start Speaking Text. The amount of power we have from that Safari menu, through Cocoa, is just staggering.

Quick Notes

One of the really powerful features of Safari is the ability to instantly capture text to a note-taking interface — in this case Stickies. When you’re browsing and need to capture a bit of information, simply highlight the text in question and click shift-cmd-y. This will take whatever you had highlighted and pull it into a Stickie note for safe keeping.

Email Page Link

Another task that’s frequently performed is emailing the link to the current page you’re on. So normally when you want to send the link to a friend it takes multiple steps, but you can copy the link and paste it into a new email in a single keyboard shortcut — shift-cmd-i.:

Conclusion

I think these features, combined with the obvious ones, make a pretty strong case for Safari being the best browser out there. If we could just get a few bits of functionality from Firefox and/or Opera it’d be a done deal. Also, many thanks to the commenters on the original article who pointed out the features that I included in this expanded version.:

This is an nmap (3.50) scan of all 65,535 TCP ports on a default, non-hacked 1.1.3 iPhone. The scan was performed from an OS X system (MacPorts) sitting adjacent to the iPhone on a wireless network.

It appears there’s just one tcpwrapped service, on port 62,078, and Fyodor has evidently already added the requisite fingerprints since nmap’s OS detection pegged it perfectly as an iPhone.

kairin ~ $ sudo nmap -p 1-65535 -sV -O 10.10.126.2

Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-24 20:50 PST

Interesting ports on 10.10.126.2:
Not shown: 65534 closed ports
PORT      STATE SERVICE    VERSION
62078/tcp open  tcpwrapped

MAC Address: 00:1C:B3:70:6A:DA (Apple)
Device type: phone|media device
Running: Apple embedded
OS details: Apple iPhone mobile phone or iPod Touch (Darwin 9.0.0d1)

Many are wondering how OS X will fare against malware once it becomes a serious target. We won’t have to wait long; OS X is taking off and we’re going to see major efforts focused on it starting this year.

Some say it’ll be shown to be an open wound as soon as it’s given attention, while others think it’s inherently more secure than Windows and will handle the pressure fine.

I think we have a decent model to evaluate — Firefox.

A very similar debate existed prior to Firefox making it big, and what was the outcome? The answer is rather complex, but I think most will agree it reduces to something like this.

Firefox ended up having a significant number of vulnerabilities — far more than its fanboys ever imagined. But even after having its aura of invulnerability stripped away it still comes out far better than Internet Explorer in terms of relative risk to a user.

That’s my opinion, of course, but I think it’s an impartial and informed one. I’ve triaged upteen kagillion Windows systems that have been owned by malware, but I can’t recall a single one where the only browser used was Firefox. True, we need to take into account the kind of user that employs Firefox exclusively, i.e. an advanced one, but still.

My point is very simply that I expect the same kind of result from OS X.

It will take a massive thrashing starting in 2008 as its marketshare grows, and there will be an eruption of articles and blog posts exclaiming, “OS X just as vulnerable as Windows afterall!”.

But in the end, once things have stabilized and we have time to look back, the vulnerability numbers (and more importantly the relative impact) will show that OS X is far more secure than Windows. Not secure, not even almost secure, but much better than Windows.:

For those that have been struggling with Safari’s inability to tame Google Reader tabs, the 10.0.2 release of Saft solves the problem.

It’s $12 to purchase and $6 for an upgrade. I’d check it out if you use Safari. I use it for the tab control but it has a number of other features as well.

[ Saft 10.0.2 ]

A new “trojan” has been identified by Intego that enables phishing attacks to take place against Mac users. But before you get too worried, let’s take a look at how it works.

1. Go to a malicious site.
2. Get prompted to install software.
3. Choose to install it.
4. Put in your admin password when it asks for it.
5. Get pwned.

So basically a hostile, unknown website asks you to install software on your system with elevated privileges, and if you willfully go through the entire install process (including entering your administrator password) something bad will happen.

Scary.

In other news, if someone sends you an email that says to run sudo rm -rf / on the command line (and enter your admin password when it asks you to) — don’t do it. Interesting attack method — send someone malicious software and ask them to install it as administrator. The defense? Don’t install it.

Make no mistake — this is not the same kind of threat that we’ve faced in Windows over the years. That threat is very specifically the drive-by installation of software without the user knowing or having a chance to stop it.

In summary, this social-engineering-based attack requires a high level of interaction and it will have very little impact on the Mac user community.: