Thursday, February 23, 2006

Tech talk Thursday

Because the scribosphere is so wise and artsy, so many of us use Macs. Ever since NSD went comatose, I've been antsy to comment on tech developments, and here are two I can't ignore.

The tech media this week reported a vulnerability in OS X security. It exists and while this exploit can work malicious deeds, a simple setting will prevent it from working.

The offensive item at hand is not a virus or Trojan, but a process. If you surf to a Web page while vulnerable and click on a link, Safari will download the file, which is a Terminal script. Terminal (the OS X command line interface) will open automatically and run the script. Somebody can do a lot of damage to your files and/or hard drive that way.

You can run a benign version of the exploit at Secunia. The process resembles the Widget vulnerability of two years ago that Apple patched in OS 10.4.1.

There are two easy ways to prevent the file from running automatically. You can run Firefox, which won't automatically open files unless you ask it to. Don't do that. In Safari, you need to check the setting of the "Open 'safe' files after downloading" box. Open your Safari preferences and make sure that box is not checked:

That's it. You're no longer vulnerable, although if you open the file manually, you will cause the script to run. Apple needs to secure Terminal more tightly.

You can read discussion at Slashdot for more opinions.

A second development that interests me as a teacher of HTML and online publication is the new Google Pages. Google has come out with an online Web design app and is willing to host any pages you create for free, up to 100 MB worth. It doesn't get better than that. You can work on your pages in a WYSIWYG interface or in straight code. It doesn't work with Safari, but you can use the latest Firefox in OS X and Google Pages will work fine. Here's a small sample page I just mocked up.

If you look at the code, you'll note that Google Pages relies heavily on CSS. Unfortunately, when you use the code edit feature of Google Pages, you can see the code for the entire page. You can only work div by div. That will limit the usefulness of Google Pages in my classes. I'm not sure whether or not you can upload previously coded pages for Google Pages to host. You can upload files, so perhaps you can. I'll have to test that. If you try, please let me know with a comment.


Post a Comment

<< Home