Link

Google Music for Mac (Desktop Application)

I’ve been using this OS X desktop app for Google Music for a few weeks now and absolutely love it.[1] One of the big weaknesses of Google Music (as made available by Google) is the absolute reliance on the web browser for desktop playback. In my case, I tend to have 4–5 windows, each with 10–40 tabs, on most work days.

In that mess of windows and tabs, hunting for the lone tab controlling my music is a royal pain in the ass. To the point where I’d rather use iTunes.

If Google doesn’t flat out hire the developers of the (unofficial) desktop app then I pray that Google at least leaves the developers/API sufficiently alone so that they can keep providing this very awesome application for us unwashed masses. Otherwise I’m going to have to spend a lot more time in iTunes (again).


  1. Note that if you haven’t played with your security settings, and are running a contemporary version of OS X, by default you won’t be able to install or run the application. To run the application open ‘Preference’ >> ‘Security’. In the ‘General’ tab click the unlock botton (lower left corner) and enter your administrative credentials. Then, on the same tab, select ‘Mac App Store and identified developers’; you should subsequently be able to authorize the Google Music application. You may have to repeat this process each time you update the application.  ↩

I’m typing this post while connected to my Time Capsule router. You’d never know that from looking at the Airport Utility, which can’t identify the router on the network. Never run into this problem before updating to Snow Lion.

Fun aside: last night my MBP couldn’t find its backup images on the router. The ‘solution’ was to delete the existing image bundle on the Time Capsule – I could navigate to them in Finder – and then OSX could see the Time Capsule and backup to it.

Link

The Pwnies Are Out

I admit to having a preference for the attack on MySQL. The description:

“Are we there yet?” MySQL Authentication Bypass (CVE-2012-2122)

Credit: Sergei Golubchik

On vulnerable versions of MySQL simply asking to authenticate repeatedly enough times is enough to bypass authentication: “Can I log in as root now?”
”How about now?”
”Now?”

That said, the various nominees for Epic Ownage are pretty hilarious as well:

“Flame” Windows Update MD5 Collision Attack

Flame Authors

Any attack that requires a breakthrough in cryptography to pull off is pretty cool in our book. And being able to pwn any Windows machine through Windows Update is pretty mass 0wnage.

Certificate Authorities

Everyone

It turns out that Certificate Authorities themselves are one massive security vulnerability. How many more CAs need to get popped before we as an industry realize that allowing Bob’s Bait, Tackle, and Certificates to issue wildcard certificates is a bad idea?

iOS Jailbreaks

iPhone Dev Team and Chronic Dev Team

We love the jailbreakers and you should too. They publicly drop all of their exploits as 0day, convince millions of users to disable the security features on their own devices, and then keep those devices vulnerable to the released exploits until new exploits can be developed and released in the patched versions of iOS.

It’s been a ‘good’ year for massive security deficits. Check up on the Pwnies – and watch the various streams from the summer’s security conferences – to appreciate why pencil and paper (or, barring that, actual fiscal and legal liability for writing bad code) is an ever-appealing idea.

As an early adopter I know that I’ll stumble into bugs and problems in Apple’s newest OS. The first I’m come across stems from Safari’s integration with Twitter.

Note in that in image on the left there is no ability to cancel a tweet once you click send. I suspect that I’m running into this problem because Twitter is presently (at the time of this screenshot/writing) experiencing downtime. Regardless, the inability to cancel the tweet is particularly inconvenient because the send tweet window hovers over all Safari tabs (as seen in the right-hand image).

This persistent hovering means that if integration with Twitter stalls then Safari ceases to be a useful browser until the send attempt times out. Ideally a future patch will link the ‘send to Twitter’ window with the specific tab the tweet is being sent from, as well as ensure that users can cancel tweets at all times. Hopefully we see a point upgrade soon, to iron out this and other bugs that are being reported across the ‘net.

Comment on Lion’s Internet Recovery

I’ve recently added a new non-spinning disk to my system and decided to give Lion’s disk recovery system a try: how did it actually perform, where were there problems, and how were they resolved?

I was incredibly impressed with the general functionality of the Internet-based recovery mechanism. After adding the new disk I was asked to connect to a local wireless network and then basic recovery data was streamed into RAM. From there I successfully downloaded and installed the OS, and restored files and settings from encrypted network storage. Total time to restore the OS and about 200GB of data: 3.5 hours.

Were there any problems? Yes, though only one is truly significant to my mind. While the password for logging into the OS remained the drive encryption that I’d set up through the OS (i.e. Filevault 2) had to be re-intitialized. When I attempted to do so I received warnings that the disk could not be encrypted.

This constituted a major problem for me.

The solution was relatively simple, though annoying. Apparently the Internet-based recovery process fails to install a recovery partition on the disk. Without this partition Filevault 2 cannot be enabled. The solution was to reinstall Lion from within the OS. This doesn’t change any settings and, effectively, is just used to create the disk-based recovery partition. After the partition is set up Filevault 2 can be enabled without a problem.

I don’t have a particular issue with having to jump through some hoops to re-enable the disk encryption. I do, however, have issues with the fact that there are no warnings that this security setting isn’t enabled/carried through when re-installing Lion and importing data and settings from a Time Capsule. In effect, if I wasn’t poking around settings to ascertain whether they had been carried over I likely would have never known that the disk hadn’t been encrypted. This is a particularly serious information flow error as far as I’m concerned. Hopefully Apple will integrate some kind of a notice system in the future to alert users about which settings were and were not carried over, as well as more verbosity concerning why Filevault 2 cannot be enabled after an Internet-based OS restoration.

Why I Can’t Recommend gfxCardStatus

A recent Ars Technica article got me interested in a neat piece of donation-ware called gfxCardStatus. See, contemporary 15″ Macbook Pros have two GPUs. One is discrete and the other is integrated. The theory is that when you’re on battery power you’re more likely to hop over to the integrated GPU to save battery, though whenever you need the power of the discrete GPU you have a seamless transition over to it.

This is really cool in principle. Unfortunately it never seems to work out very well.

Ars notes that there are a whole series of frameworks that cause OS X to transition to the discrete GPU. Many of these frameworks are routinely used by such graphic-intense programs as Twitter, Reeder, and Skype. Consequently, if you have these open you don’t enjoy the battery savings associated with the integrated GPU.

The proposed solution is gfxCardStatus, which lets you force the OS to use either the discrete or integrated GPU. You can also let OS X run things and maintain dynamic switching. This is handy: it increased my battery life some by letting me choose the GPU I wanted to run.

The program is less handy insofar as it breaks the ability to use a second monitor. While annoying to troubleshoot in an office setting, it’s incredibly problematic when I can’t connect to a projector when giving a presentation.

I don’t know if this is a regular or abnormal problem. I do know that it’s a deal breaker for me: a little more battery life doesn’t – can’t – justify breaking core OS functionality.