« January 23, 2007 | Main | January 25, 2007 »

January 24, 2007

New Bug-a-Day Web Site Rocks Apple Nation


Just in, via Lee Gomes's "Portals" column in today's Wall Street Journal (WSJ), the news that each day since January 1 of this year, two men — Kevin Finisterre, a 26-year-old Ohioan, and his partner, "LMH," apparently based in Spain — have been putting up on their website, "the Month of Apple Bugs," a new security flaw in the Mac's OS X operating system.

As of yesterday — Monday, January 23 — they were right on schedule, with 23 reported bugs.

Gomes, in his column today, noted that Apple says its official patch for the most serious flaw so far publically identified by the two — in the QuickTime movie player, "that could allow a Web site to use a specially crafted QuickTime video to take over someone's computer" — will be available "soon."

Hey, it could be worse: at least they didn't say "real soon now."

Here's the piece.

    As Duo Publicizes Bugs In OS X, Mac Owners Rush to the Rescue

    With the launch of Microsoft's new Vista operating system next week, this was supposed to be the month for Windows to be in the limelight. But thanks to a pair of self-styled security experts, the Macintosh is also getting its share of attention, though not the sort Apple particularly likes.

    Late last month, a notice began circulating in computer security forums that January would be the "Month of Apple Bugs." It sounds like a merry old festival, and it is, in a perverse way. Each day, a new security flaw involving the Mac's OS X operating system was to be posted online. Two men made the promise: Kevin Finisterre, a 26-year-old Ohioan with a history of being interested in Apple security questions, and his partner, "LMH." The latter refuses to divulge any personal information about himself, though others, by tracing his IP address, say he is based in Europe, probably Spain.

    LMH explained in an email that, "We are doing this for a few reasons. One of them is having fun, enjoying working on new possibilities and researching OS X security. Another important one is the flawed assumption caused by Apple, publicizing the 'fact' that 'Macs are more secure than PCs.' "

    Looking for flaws in software is an entirely honorable calling. Indeed, there have been other "Month of Bugs" efforts involving other big pieces of code, including Linux. And while reasonable people can debate the extent to which Macs are, or are not, inherently more secure than PCs -- as opposed to just being a lesser target for virus makers by virtue of their smaller market share -- it doesn't hurt any piece of software for it to be poked and prodded.

    The polite way to do this, though, is to find what you think is a bug and then to quietly alert the software company responsible for it, giving the company a decent amount of time to fix the problem before it's publicized. But that's pointedly not what the Month of Apple Bugs duo is doing. Instead, the two are telling everyone about each daily bug at the same time.

    The pair's attitude seems to be that two wrongs do make a right. When I asked LMH if their course of action was the responsible thing to do, he emailed back, "The irresponsible thing is making someone pay more than 2k US dollars for a nifty machine with broken software."

    Apple's response is that the Mac has a peerless security record overall.

    Meanwhile, as soon as the bugs started coming over the transom, Mac owners came to the rescue, notably Landon Fuller, a 24-year-old programmer who briefly worked at Apple but who now heads up computer operations at a San Francisco game maker.

    On New Year's Day, Mr. Fuller put word out on the Web that he would try to create a fix for each Apple bug as soon as it was publicized. Others wrote in offering their help, and there quickly emerged a cadre of programmers who each morning would get to work on fixing the bug du jour.

    "It is a technically very challenging thing to do," says Mr. Fuller in explaining his motivation. He also didn't at all like the idea of not telling software makers about the flaws before publicizing them.

    A week or so after Mr. Fuller started his bug-patching program, Mr. Finisterre and LMH emailed him and offered to make him their partner. He would be told early about each bug so that he could start working on his patch, but only on the condition that he not tell anyone else before they announced the bug. Mr. Fuller declined, saying that would make him complicit in a practice he strongly disagreed with.

    You may not like the bug-spotting duo's sense of computer ethics. Or their sense of humor: Some visitors to their Web site get redirected to a porn site. But you have to admire their productivity. As of Monday, Jan. 22, they were right on track with 22 reported bugs.

    Fortunately for Mac owners, not all bugs are created equal. Mr. Fuller says that while a number of the flaws were significant, many others pose little or no security threat. They would simply cause a program to stop working. And some have long been known about in one form or another. Indeed, a number of the affected programs weren't even written by Apple, but by software companies selling products for the Mac, some of which have quite small shares of the market.

    There was, though, at least one "showstopper" bug, says Mr. Fuller: a flaw in Apple's QuickTime movie player that, in theory at least, could allow a Web site to use a specially crafted QuickTime video to take over someone's computer. There is no report of any miscreants taking advantage of the bug. If you're worried about it, you can get Mr. Fuller's patch at landonf.bikemonkey.org, though be warned, the site is something of a geek-only affair.

    Apple released a fix for the QuickTime problem yesterday afternoon; patches for any other serious bugs should be available soon. Unfortunately, it will be a slightly longer wait for the glorious day when computer owners no longer have to worry about this sort of nonsense.


Stop Press

In the spirit of "sunlight is the best disinfectant," it would appear that Apple's apparent nonchalance about its security defects couldn't withstand the glare of the Wall Street Journal's readers: vnunet.com now reports that Apple's just fixed the QuickTime flaw.


I wonder if someday pointing something out here will result in a response other than the usual — the sound of one hand clapping.

January 24, 2007 at 04:01 PM | Permalink | Comments (0) | TrackBack

'The Paris Hilton of television news, Anderson Cooper'


Hey, it's not my opinion: it's a quote by Fox News spokeswoman Irena Briganti, and appears on page 19 of today's New York Times, where it comprises the final words of Bill Carter's story.

You could look it up.


And to think that, before today, I'd never even considered a MorphWorld feature with this pair.

Thanks, Irena.

January 24, 2007 at 03:01 PM | Permalink | Comments (1) | TrackBack

Meet Jane Doe of the Pillow Fight League


Turns out she happened on my posts of January 19 and January 22 and linked to one of them on her MySpace page.

Odd: she's only got 16 MySpace friends (as of 11 minutes ago), the majority of whom appear to be fellow fighters.


Maybe she's too intimidating for most people.

In real life (below)


she's less so.

Though when she's in the ring (below, on top),


it's another story entirely.

January 24, 2007 at 02:01 PM | Permalink | Comments (2) | TrackBack

Inverted Shower


That's right: the water shoots up from below.

It was designed by Danny Venlet for the Austrian company Viteo.

Long story short: you attach a garden hose to the floor plate, which shoots water 13 feet into the air when you step on a button.

From the website: "Ideal for the garden or around the pool. You step onto a white, round plate made of non-slip plastic and with your own weight you launch mechanics which produce a water jet about 4 metres high. The water comes out of little holes along the brink of the disk, then falls gently down the middle."


The shower disk weighs 14 kg (about 31 pounds) and measures 30.7" in diameter X 4.3" high.

Caution: the Viteo website is quite possibly the worst I've ever visited — and that's saying something.

Note: The answer to the question of why the woman demonstrating the shower in the picture up top (taken from the company's brochure) is wearing a rabbit head is way above my pay grade.

Perhaps Skipweasel or Flautist will take the time to explain.

January 24, 2007 at 01:01 PM | Permalink | Comments (2) | TrackBack

'A Financial Plan That Comes With Mug Shots'


That was the headline over John Schwartz's January 7, 2007 New York Times Business section story about Timothy J. Bowers, who came up with a retirement plan for himself that costs us — but not him.

And the best part is, he didn't even have to backdate anything.

Here's the article.

    A Financial Plan That Comes With Mug Shots

    Once in a great while, an honest-to-goodness visionary shows up — someone who sees things in an utterly different way and helps to change our perspective as well.

    Timothy J. Bowers is just such a man. His insights into the world of investing and retirement could reshape the way we look at the future. But you won't find this giant in the case studies at Harvard Business School or sculpted in bronze on Wall Street.

    That oversight could have something to do with the fact that Mr. Bowers is serving a three-year sentence for bank robbery in the Hocking Correctional Facility in Nelsonville, Ohio.

    Plenty of people end up in prison when their plans for ill-gotten gain go awry. But getting rich from a robbery was not the goal of Mr. Bowers. Getting into prison was.

    On May 1, Mr. Bowers — or, as he is known to the Ohio Department of Rehabilitation and Correction, prisoner A535976 — handed a teller a stickup note, got four $20 bills and then handed them over to a security guard, telling the guard that it was his day to be a hero, according to accounts by The Columbus Dispatch and The Associated Press.

    At his trial in October, he explained to the judge that he was about to turn 63 and had lost his job making deliveries for a drug wholesaler. He said that with only minimum-wage jobs available, he preferred to draw a three-year sentence, which would get him to age 66, when, he said, he could live off of Social Security. And that is what he got.

    Mr. Bowers has solved his income problem and the question of health care in a single act. He's a little like O. Henry's character, Soapy the New York hobo, in ''The Cop and the Anthem,'' who hopes to winter over at Rikers Island: ''Three months of assured board and bed and congenial company, safe from Boreas and bluecoats, seemed to Soapy the essence of things desirable.'' The patented O. Henry twist, of course, was that Soapy had a great deal of trouble getting arrested. Mr. Bowers did not.

    His lawyer, Jeremy W. Dodgion, said his client is neither unbalanced nor dim. ''He's as charming as can be,'' he said. ''He's easy-going, very articulate — he's no dummy, by any means.''

    He said Mr. Bowers was addressing an all-too-common problem.

    ''At his age, it was harder and harder to find a job with benefits,'' Mr. Dodgion said, and ''he finally said, to hell with it.'' And while most people would find prison a soul-crushing experience, Mr. Bowers had done time in the 1970s on a robbery conviction, Mr. Dodgion said, and so he knew he could survive.

    The prosecutor, Dan Cable, summed up for The A.P.: ''It's not the financial plan I would choose,'' he said, ''but it's a financial plan.''

    Now if you are a regular reader of this column (Hi, Mom!), you know that I'm all about unconventional plans for investors and outside-the-box thinking. But here's a little inside-the-can thinking, and it's got oomph. In fact, I'd call it incarcer-iffic.

    That beloved financial adviser, David St. Hubbins, mused in the documentary ''This Is Spinal Tap'' that ''It's such a fine line between clever and stupid.'' I'm sure you know where I stand by now on Mr. Bowers.

    Mr. Dodgion, the defense lawyer, told me that he has heard from prospective clients who seem to think that Mr. Bowers had a pretty good idea, and ''who wanted me to do the same thing for them.

    ''I said: 'Are you kidding?' Is this going to be a trend?''

    Maybe so, I boldly predict. Many investors found in 2000 that we're just one market ''correction'' away from losing our nest eggs, and corporate scandals emptied out a lot of stock ownership plans. Employers, meanwhile, seem determined to whittle away at employee pensions and health plans. The pen could be the only safety net left.

    Seen in this light, a stay in prison could even make sense to people who still have assets sunk in 401(k)s. Think of it as the ultimate ''buy and hold'' strategy. Your mutual funds grow, and you don't have to worry about the substantial penalties for early withdrawal. The funds are released when you are.

    While the rest of us fret about the future, Mr. Bowers will be in Hocking, a minimum-security prison that serves as a kind of haven for older criminals; its Web site states, ''We provide quality programming for an aging offender population.'' Delete the word ''offender'' and it sounds like a retirement village. The activities include aerobics, basket weaving and training companion animals. It's less like Oz, more like Kansas. It's just the kind of prison, in fact, that Tom Noe, Mr. Bowers's fellow Ohioan, could be staying at before long if his appeals don't work out.

    Mr. Noe, you may recall, is the formerly well-connected coin dealer now serving federal time for illegal fund-raising for the Republican Party. He's been sentenced to 18 years in prison on state charges that he stole millions of dollars from an unusual $50 million investment fund (based on rare coins) that he ran for the Ohio Bureau of Workers' Compensation, and he must repay Ohio $13.7 million.

    Imagine the conversations they could have after aerobics class.

    And you know what that means, right? Once again, Jeff Skilling and Andrew Fastow of Enron are the smartest guys in the room. By going to prison, they are, again, simply out ahead of the pack.


Over the years, I've discovered a number of useful tricks that are entirely legal but which would disappear instantly once they become widely known.

Some of them I share with close friends, but others will go to the grave with me.

January 24, 2007 at 12:01 PM | Permalink | Comments (1) | TrackBack

Soup and Sandwich Plate


From the website:

    Soup and Sandwich Plate

    Nestling cozily on its sandwich tray, this soup bowl helps you indulge your comfort food cravings.

    Perfectly sized to serve up tomato soup and a grilled cheese sandwich, this ceramic soup and sandwich set lets you end the precarious balancing act of enjoying your favorite quick and comfy meal.

    Safe for use in the oven, microwave and dishwasher, the simple white serving pieces are always ready for those relaxed rainy day meals.

    Plate measures 12.5"W x 6.5"L.

    Bowl is 5.25" in diameter.

    Spoon not included.


January 24, 2007 at 11:01 AM | Permalink | Comments (0) | TrackBack

Notes on building a website that gets linked


When I decide to link to a word's meaning and origin — something I'm doing more and more these days, in response to a lot of "thumbs up" email from China and other countries where bookofjoe readers are not native English speakers (you do understand, don't you, that from the get-go my goal has been total world domination? But I digress...) — it's not a simple matter of going to onelook.com and putting the word in the search box.

Well, that's how it begins, but not how it ends.

Usually the site gives me a list of online dictionaries to choose from.

The link I end up using is the one that's "quietest" — that is, with the smallest irritation factor — as long as its definition appears on the mark.

When a site has flashing or moving stuff on it (Encarta, you know who I'm talking about) I try not to bother you with it: I mean, I've felt your pain, so why should you have to?

That's my job, isn't it, to insulate you from the dross and give you only the gold?

But I digress.

Sites I avoid like the plague are those that put pop-ups on the screen.

That's why, although the American Heritage dictionary is wonderful, it rarely features here: almost every definition is obscured by some pop-up ad.

And that's all I have to say about that.

January 24, 2007 at 10:01 AM | Permalink | Comments (0) | TrackBack

Kosmic Chromatherapy Shower


From Kos, an Italian company, comes this way tricked-out shower (above and below)


combined with the company's proprietary idrocolore fiber-optic system (below





If you'd prefer not to spend five figures but would like to see what chromatherapy in the bathing space might be like, you could do worse than consider the $19.99 Aqua Glow Mood Bath Light.

January 24, 2007 at 09:01 AM | Permalink | Comments (0) | TrackBack

« January 23, 2007 | Main | January 25, 2007 »