Martin Gordon's Blog

When I first saw the headline that the Opera Browser is headed to the iPhone (later confirmed as false), I joking thought that Opera would be releasing a JavaScript web browser that ran in Safari. On second thought, I realized that a JavaScript browser could be used to bypass proxies by requesting pages from the server and passing them to the client via AJAX.

A quick Google search reveals one JavaScript browser called Accent JavaScript Browser, but it was released in 2001 and says it only runs in IE. A quick test of the browser in Firefox on the Mac shows that it doesn't work too well and that the buttons are only a proxy for the client-side JS functions. I also found another "browser", but I couldn't get this one to work in Safari or Firefox.

So far I'm 0/2 on working AJAX browsers. If a working one did exist, would it even be possible to use it for bypassing proxies? I have no need for this functionality, I just thought that it could be a pretty neat loophole.

Technorati Tags: JavaScript, AJAX, proxies, Opera, security, web browser

Enabling third-party applications on your iPhone has never been easier. Just visit jailbreakme.com on your iPhone/iPod touch (hereafter "iPhone"), and thanks to a TIFF exploit in MobileSafari, the website will jailbreak the phone and install Installer.app. As an added bonus, the process will patch the exploit it used to hack your iPhone in the first place. And who said all hackers were bad?

Technorati Tags: iPhone, jailbreak, TIFF, exploit, Safari, iPod touch, hack

From the Apple Hot News weblog (for lack of a better term):

Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February.

I knew this had to come eventually, it was just a matter of when. The timing of a February launch is a bit strange only because a demo of the SDK (Software Development Kit) at January's consumer-oriented Macworld is inevitable. What was Apple's reason for waiting so long?

We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs.

I don't think needing to digitally sign every app is in all parties' best interests. Developers have another hurdle to cross to get apps out there, Apple needs to expend resources validating every app, and consumers lose out due to both of these additional costs. I don't see Apple blocking out unsigned apps completely, and I don't want responsibility to be placed on users to determine the safety of an app. Instead, I think we'll see Apple restricting what APIs an application has access to based on their signed status. This could be an extension of the new Sandboxing feature in Leopard:

Sandboxing
Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do. It restricts an application’s file access, network access, and ability to launch other applications. Many Leopard applications — such as Bonjour, Quick Look, and the Spotlight indexer — are sandboxed so hackers can’t exploit them.

The news item is short on details, so all we can do is speculate at this point. What is certain, however, is that this is undoubtedly good news, and the first good press the iPhone has gotten in a while.

Technorati Tags: Apple, iPhone, SDK, development, open, sandbox

Two very important people are leaving Microsoft. First is Bryan Lee, former VP in the entertainment and device division, who oversaw the Zune launch. Second is Jim Allchin, former Co-President of the platform and services division. The latter had an excellent blog post on a day in his post-Microsoft life. Neither are going to competitors, however, instead both are going to "pursue personal interests," as the Reuters article linked above puts it.

In other Microsoft news, a so-called "vulnerability" has been found in Vista. The vulnerability involves having voice commands from a third-party being played over speakers and doing nasty things to a PC. I don't really see this is as a new problem, as it could have been done on any other OS that had voice recognition (e.g., XP or OS X). The easy solution is to disable voice commands (who really uses them anyway?), but a more long-term solution for people who do want voice commands is to have it require a passcode to be said before the OS runs a command.

Technorati Tags: Microsoft, Vista, Jim Allchin, Bryan Lee, Zune, Windows, vulnerability, voice recognition, voice commands, sound, voice

As you may have no doubt read already, Apple's latest OS X update, 10.4.7, includes a new "feature" in which Dashboard phones home to Apple's servers (supposedly) in order to make sure that the local copy of widgets matches the copy on Apple's servers. The two URLs the new daemon, named dashboardadvisoryd, connects to are:
http://www.apple.com/widgets/widgetadvisory and http://www.apple.com/widgets/parser.info.

Much to the delight of security freaks and the chagrin of Mac haters, Wired's The Cult of Mac Blog has posted a handy one line command that will disable the program. Just launch Terminal and type:

Hit "return", type in your password, reboot and you're all set.

Technorati Tags: Dashboard, Apple, OS X, Mac OS X, widgets, terminal, security