| rss2email.ru | На что подписаться? | Управление подпиской |
 |  The Unofficial Apple Weblog (TUAW)The Unofficial Apple Weblog (TUAW) http://www.tuaw.com рекомендовать друзьям >> |
- First Look: RF telphony for iPhone
Filed under: iPhone
Internet Telephony Provider rf.com is getting ready to launch its iPhone-specific PBX service. The service allows you to place calls both internationally and to online providers like Skype using your normal iPhone minutes. So if you have a friend who's on Skype but has no Skype In access, you can call them just as if they had their own number.
RF operates its own PBX, which you connect to over a web client. Once there, it finishes routing the call using VoIP and connects it to your iPhone handset. You use your iPhone calling plan minutes whether you're talking to a guy down the block or your buddy in Beijing.
Because their client is web-based, it works with 1.1.4 and earlier iPhones as well as 2.0 iPhones and later. All the heavy lifting happens at the RF servers, connecting you through the VoIP networks. RF's service is free and still extremely beta -- so be prepared for growing pains as they stabilize their software and roll it out. RF Founder/President Marcelo Rodriguez says they're planning on keeping the basic service free for the forseeable future. They are monetizing by reselling the service to VoIP service providers such as PhoneGnome and will be offering premium features at a later date.
Read | Permalink | Email this | CommentsПереслать - iPhone App News Roundup: June 20, 2008
Filed under: iPhone, App Store, SDK
The thundering herd of announced iPhone apps keeps coming! By popular demand, TUAW will be publishing the iPhone App News Roundup every day as long as we keep getting announcements from developers.
- Hungry? Chef On Your iPhone from Chef's Little Helper can help you pull up recipes and put together a grocery list.
- xhead software is moving info.xhead, their secure information manager for Mac, to the iPhone.
- If you use iZepto for time tracking, it's time to cheer! They'll have iZepto on the iPhone available soon!
- Jeff Grossman wants you to go to the movies! His Movies.app theater and movie finder can tell you what's showing when at the nearest cinema.
- UK developers VisualIT are working on Tube 2 for iPhone and iPod touch. You'll love this app if you ride the London Underground.
- Zoosware is releasing Mobile Holy Quran and American Sign Language for iPhone.
- One of the most popular Windows Mobile PIM apps, Pocket Informant, is being readied for iPhone. The app features full two-way over-the-air synching. Developer WebIS is also working on Note2Self and Touch2Notes.
- Logic High Software is planning for a July release of xHunt, a treasure hunt application leveraging the GPS receiver and camera of the iPhone 3G.
- Developer Dimitri Bouniol is working on a detailed periodic table of the elements app called Periods.
- Last but not least, it's not an app, but longtime iPod case manufacturer Speck is making six colorful PixelSkin cases for the iPhone 3G.
Переслать - iCall VOIP for iPhone
Filed under: iPhone, App Store, SDK
We covered a number of iPhone VOIP applications, but iCall looks particularly impressive. As you can see in the above video, it allows you to seamlessly transfer a regular inbound cell phone calls to VOIP. This means you can save your minutes any time your iPhone is connected via wifi. As of right now calls are free in the US and Canada, and there is an iCall Pro account that lets you make international calls for a fee. Unfortunately, the iCall application is only available for Windows at the moment but they're promising a Mac version soon. Nonetheless, it's clearly the iPhone application that's most exciting and the company is apparently part of the iPhone Developer Program.
Thanks, Ryan!Read | Permalink | Email this | CommentsПереслать - SecureMac identifies first ARDAgent-based trojan
Filed under: Security
SecureMac has identified AppleScript.THT, a trojan-horse type
virusof malware that exploits a Apple Remote Desktop Agent vulnerability publicized earlier this week that can "allow a malicious user complete access to the system."The malware is distributed as a compiled AppleScript, named ASthtv05, or an application bundle named AStht_v06. The files are 60K and 3.1MB in size, respectively.
Users must download and run the scripts in order for their computer to become infected. The trojan will install itself in the /Library/Caches folder, and will set itself to run at startup.
To protect yourself, use extreme caution when running AppleScript files or applications sent to you in an email, or downloaded from the internet.
While we can't say for sure that these are the same people that developed this malware, you can read about the evolution of a very similar exploit script here, including a June 14th mention of the ARDAgent vulnerability. Very depressing.
Read | Permalink | Email this | CommentsПереслать - Sidenote keeps your notes on the side
Filed under: Analysis / Opinion, Software, Cool tools, Productivity
So for quite a while now I've been using nothing more complicated than TextEdit to keep a list of what I've got on my plate any given day -- I stuck an "Untitled" text file in the top corner of my screen, and just kept it open all the time. But I wasn't quite satisfied with that -- at the end of the day, I still had this text file open, I never remembered to save what was in there, and it just wasn't as elegant a solution as I wanted. Wasn't there anything I could keep open as a memopad, that was smart enough to save itself and slide out of the way when I didn't need it?
A friend recommended Sidenote, and it turned out to be exactly what I was looking for -- like the Quicksilver Shelf (which I'm using religiously nowadays) it sits in drawer on the side of your desktop, can be pulled open momentarily (either with the mouse or a hotkey) and then slides right back out of view when you're done. Just like TextEdit, it allows for a nice variety of text formatting, and unlike TextEdit, it saves in a repository rather than a file. I only use one note so far, but there's functionality for multiple notes in there as well.
We last mentioned Sidenote way back in 2005, and since then it's been upgraded to 1.7.3, and streamlined a few already streamlined features. Very nice and easy app -- for the purpose, it was exactly what I needed. It's available as donationware from developer Pierre Chatel.Read | Permalink | Email this | CommentsПереслать - Darwine 1.0
Filed under: OS, Open Source, UNIX / BSD, Developer
Firefox 3 was a pretty historic release this week, but I'd say that Wine 1.0 might actually beat it -- the open source non-emulator (Wine, after all, Is Not an Emulator) for Windows finally reached their first stable release. And Darwine, the OS X-rated version of Wine, also got a shiny 1.0 designation as well. It still won't work exactly perfectly (you've got to have XQuartz installed, and as with all emulators, there are so many different systems trying to talk to each other that you're bound to run into problems when one of them wants to do something complicated), but for standard Windows apps (Solitare and Spider Solitaire, we're told, work beautifully), it'll do ya.
Of course, we have no idea why you'd want to run anything Windows (ahem), but we won't judge. It's your computer: do what you like.
Thanks, Luigi193!Read | Permalink | Email this | CommentsПереслать - MLB At Bat for iPhone
Filed under: iPhone, App Store
We've been running running a few App Store roundups covering applications announced for the iPhone App Store, but as TUAW's resident seamhead I can't help but call one out for special attention. It was demoed at the WWDC keynote and now Macworld has a close look at the upcoming MLB At Bat application. It will be available at launch and provide near real time "wireless score access and in-game highlights for every game on the MLB schedule" for only $4.99 for the rest of the season.
Apparently the video highlights will be available in two versions: one high-bandwidth version for wifi and a lower bandwidth version for EDGE (they haven't said which version the 3G iPhone will load). For the future they're looking into bringing the Gameday service to the iPhone which opens the possibility of Gameday Audio. For the real baseball fanatics out there this would be an absolutely killer app, especially for those of us away from our home team's broadcast area. Imagine being able to listen to any game on your iPhone from anywhere; that's close to baseball nirvana. And though things are looking rather bad at the moment: Go 'Stos!Read | Permalink | Email this | CommentsПереслать - ARDAgent setuid allows root access, but there's a sort-of fix
Filed under: Security
Updates: See the end of the post for current info.
We've been getting quite a bit of email since yesterday's anonymous Slashdot posting of a security problem with ARDAgent on Mac OS X 10.4 and 10.5, and there's plenty of Twittering going on over the issue.
Here's the deal: ARDAgent is the application that responds to Apple Remote Desktop remote administration requests, screen sharing and the like; you can find it in /System/Library/CoreServices/RemoteManagement on 10.5 machines.
In order to go do the voodoo that you do so well when you're administering remote Macs, ARDAgent needs to be 'setuid root' -- it needs to run with the privileges and access that belong to the system administrator, the same way you do temporarily whenever you unlock a system preference or install an application with Apple's installer. This is normal and expected behavior.
What's not so normal and expected is that ARDAgent will execute the 'do shell script' AppleScript command (on behalf of remote admins, normally, who need to run Unix commands from time to time). The problem here is that since ARDAgent is setuid root, any subprocess it launches is running with administrator permissions, and in fact with the right malicious scripting here it would be possible to do a great deal of damage. Granted, in order to activate this vulnerability the attacker would either have to be at the machine, or logged in remotely with the same account that is currently in use... or just convince the user to run a malicious downloaded application. Yikes.
The good news is, there's a very simple workaround (courtesy of the fine folks at Intego -- note that if you actually use VirusBarrier to disable ARD's shell script access as they recommend, and your machine is managed remotely, your administrator may take some umbrage). It turns out that if ARD's remote access features are turned on, via the Sharing pane in System Preferences, you're clear. Even if there aren't any users permitted to administer your machine, the 'do shell script' command that ARDAgent runs is neutered and cannot be exploited in this fashion. Most home and small office Macs wouldn't normally have this turned on, but once you activate it you should be protected. Our basic instructions can be found here. [See update below -- turns out the fix may not protect you fully.]
Stay safe out there!
Update: Thomas Ptacek of Matasano weighs in on this flaw and offers some additional workarounds, but he doesn't seem overly concerned.
Update 2: Commenter (and Mac OS X security pro) Zack Smith, along with Chris Barker, points out that it's possible to kill the ARDAgent process and immediately run the osascript command, which bypasses the protection that running ARDAgent under launchd provides. Under those circumstances an attacker or someone sitting at your machine could still run commands as root, much to your chagrin.
To prevent this, one approach is to change the permissions on the ARDAgent application bundle -- note that this will both break with future system updates or permissions repairs, and may adversely affect administrative access to your machine from legitimate managers:
sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app
You can also simply archive and remove ARDAgent.app if you don't plan to be managed by anyone.
Thanks to everyone who sent this in, and thanks to Intego for pointing out the workaround.
Read | Permalink | Email this | CommentsПереслать - Firefox 3 vs. Safari 3: typography showdown
Filed under: Internet, Graphic Design
Ralf Herrmann recently took a look at the new typography features found in Firefox 3, pitting them against what's been available in Safari 3 for a while. The results show some major advances, and some major problems. The current OpenType or Apple Advanced Typography features in Firefox 3 include promising features like basic ligatures, which is exciting to those who live and breathe typography, but it fails in some non-English languages. Overall, it seems there are a lot of would-be nice new features that don't quite provide enough detail to be universally helpful. But it's a step in the right direction.
Check out the post at Ralf Herrmann's Typography Weblog for a very complete overview and comparison.
Read | Permalink | Email this | CommentsПереслать
| rss2email.ru | отписаться: http://www.rss2email.ru/unsubscribe.asp?c=6894&u=24004&r=484673635 управлять всей подпиской: http://www.rss2email.ru/manage.asp |
