News Blog

Google's Vidnik lets users take videos, trim them, and upload them to YouTube.

(Credit: Google)

Google has released basic software called Vidnik that lets Mac OS X users record video with a Webcam or built-in camera, trim its length, add tags and a title, then upload it to YouTube.

The software also can be used to upload other videos to the company's video-sharing site, and other editing software can be used on the videos taken by Vidnik, David Phillip Oster of Google's Mac team said in a blog posting.

The software is among a host of Mac applications the company has produced. (Another interesting one is Visigami, which lets people search for images on Flickr, Picasa, and Google Images and use the results as an animated screensaver.)

Google has an increasing stable of software that runs on people's computers--Google Desktop is one good example--and is working on mobile phone applications, too, through its Android project. But don't be confused by all this attention to what's known as client software: the company's higher priority is to make the Internet the application foundation of choice.

PGP Corp. is planning to release a version of its whole-disk encryption software for Apple Macintosh computers running OS X.

Jon Callas, PGP's chief technology officer, told me on Monday that the software is "in active development" and will run on Intel-based Macs. Callas didn't want to elaborate on a shipping date, unfortunately.

This promises to be a boon for OS X users, especially laptop users who are more likely to lose their machines or run into snoopy border police and airport security guards who want to poke around the contents of their hard drives. Right now there's no way for OS X users to encrypt their entire boot disks.

OS X already features FileVault, of course, but that focuses on encrypting the user's home directory. Without whole-disk encryption, Unix-derived systems including OS X store in unencrypted form details about VPN usage, login times, and what applications are installed in the default location. Some applications including Thunderbird save working copies of documents in an unencrypted area outside the home directory.

Another problem with FileVault is that it hasn't always been implemented that securely. Earlier versions of OS X didn't encrypt the swapfile used for virtual memory, meaning the password could in many cases be easily extracted. And a paper (click for PDF) published last year by Jacob Appelbaum and Ralf-Philipp Weinmann found other potential security weaknesses.

PGP released its whole-disk encryption utility for Windows in May 2005. A perpetual license for PGP Whole Disk Encryption 9.8 for Windows costs $149.

I should also note here that a free volume encryption utility called TrueCrypt was released for OS X last week (it was previously available for Windows and Linux). TrueCrypt doesn't do whole-disk encryption, but it does offer a way to conceal the fact that an encrypted volume exists--although that handy feature isn't yet available on OS X and Linux.

Linus Torvalds woke up on Mars today (or maybe it was Oz), and had this to say about Windows Vista and Apple's OS X:

I don't think they're equally flawed. I think Leopard is a much better system. On the other hand, (I've found) OS X in some ways is actually worse than Windows to program for. Their file system is complete and utter crap, which is scary. I think OS X is nicer than Windows in many ways, but neither can hold a candle to my own (Linux). It's a race to second place.

I guess when you're famous you can say inane things and get away with it. Yes, Linux does some things better than Mac OS X and Microsoft's Windows Vista on the desktop (security, maybe), but let's be honest: the Linux desktop is "utter crap" compared to either OS X or Windows when it comes to the thing that matters most: usability.

If normal people can't use it, it just doesn't matter how beautifully architected it is. Sorry, Linus. Everyone has to be wrong sometimes. This is your turn to shine.

That said, I found his comments on whether Google is a good open-source citizen much more illuminating:

If what The Register writes is even remotely true, the writing is on the wall for Microsoft's desktop dominance. What does it say? "Game over."

The Register is reporting that Apple may be coding Leopard to run Windows applications natively (meaning, no need for Parallels, Boot Camp, etc.). It's a wild guess at this point, but the clues are there:

Leopard's PE (Portable Executable--a way of encoding executable files) support was uncovered by one Stephen Edwards, who'd been working with Wine, the open source version of the Windows application programming interface (API). He found that Leopard's Dynamic Linker (Dyld) will try to load a PE file. Soon after, Leopard's hunt for DLLs referenced by the PE file appeared as further evidence that the presence of PE support may not simply be a hang over from Apple's use of the Extensible Firmware Interface (EFI).

Apple on Monday released QuickTime version 7.3, addressing seven security vulnerablities for QuickTime 7.2 and earlier. Some of the flaws are serious and can be exploited by luring a victim to a Web site that contains a malicious crafted image or movie. The patches include both Mac OS X and Windows. A month ago, Apple patched another serious flaw within QuickTime for Windows. The latest version is available through the built-in software update feature of QuickTime or from the Apple Downloads site.

QuickTime (image description)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-2395. According to Apple, "a memory corruption issue exists in QuickTime's handling of image description atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution." Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution." Apple credits Dylan Ashe of Adobe Systems for reporting this vulnerability.

QuickTime (Sample Table Sample Descriptor (STSD) )
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-3750. Apple says "a heap buffer overflow exists in QuickTime Player's handling of Sample Table Sample Descriptor (STSD) atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution." Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Apple credits Tobias Klein of www.trapkit.de for reporting this vulnerability.

QuickTime (Java)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-3751. According to Apple, "multiple vulnerabilities exist in QuickTime for Java, which may allow untrusted Java applets to obtain elevated privileges. By enticing a user to visit a Web page containing a maliciously crafted Java applet, an attacker may cause the disclosure of sensitive information and arbitrary code execution with elevated privileges." Untrusted Java applets may obtain elevated privileges. Apple credits Adam Gowdiak for reporting this issue.

QuickTime (PICT image processing I)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-4672. Apple says "a stack buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution." A user opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. Apple credits Ruben Santamarta of ReverseMode.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime (PICT image processing II)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-4676. According to Apple "a heap buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution." A user opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. Apple credits Ruben Santamarta of ReverseMode.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime (QTVR)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-4675. Apple says "a heap buffer overflow exists in QuickTime's handling of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files. By enticing a user to view a maliciously crafted QTVR file, an attacker may cause an unexpected application termination or arbitrary code execution." Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. Apple credits Mario Ballano from 48Bits.com working with the VeriSign iDefense VCP for reporting this issue.

QuickTime (color table)
This patch affects users of QuickTime 7.2 on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, and Windows XP SP2, and addresses the vulnerability in CVE-2007-4677. According to Apple, "a heap buffer overflow exists in the parsing of the color table atom when opening a movie file. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution." Apple credits Ruben Santamarta of ReverseMode.com and Mario Ballano of 48Bits.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

Leopard is Apple's best-looking operating system yet, from its breezy Cover Flow file browsing to the starry-looking Time Machine backup. It's no wonder visual artists love Macs.

But how well does Leopard work for blind users?

"[Vision-impaired] people who use Macs are mostly in the category of, "My boss says we have to use Macs," or "I'm a teacher and that's what I'm stuck with,"" said Crista Earl, director of Web operations at the American Foundation for the Blind.

Among 10 million visually impaired people in the United States, at least 1.5 million use computers, according to the American Foundation for the Blind. To serve this population, Windows machines have traditionally offered more baked-in features and compatibility with third-party software and devices than Macs.

Earl, who is blind, only uses computers running Microsoft Windows. She edits documents in braille and relies upon a screen-reader application to "read" text and links aloud in Internet Explorer and other programs.

However, to serve users such as Earl, Apple has made 17 Universal Access enhancements within Leopard.

Leopard is the first operating system that can be installed using a braille display. It also supports the forms of braille used both for reading and editing. There are enhancements to the VoiceOver tool, which reads aloud text on a page in a male or female voice. Users can now move VoiceOver's preferences from one Mac to another, so they don't have to waste time configuring each new machine. In addition, VoiceOver can recognize misspelled words and jump to chunks of a Web page instead of forcing a user to wait while it reads one word at a time.

Earl said these changes are a step in the right direction, and she hopes to check them out on a friend's Mac. Mac OS X also offers some advantages over Windows for people with limited vision, such as the capability to display the screen in black and white.

"I don't mean I'd give up my Windows computer," she said. "I have work to do. It's gonna take a lot from the last time I saw VoiceOver."

Accessibility features from any vendor are usually more frustrating to use than advertised, Earl added. Part of the problem is that instead of integrating essential tools within their operating systems, Microsoft and Apple have left it up to third parties to fill in the gaps with extra, paid software.

For example, the screen readers within Windows and Mac OS X pale next to applications like JAWS or Window-Eyes. Earl wonders why the tech giants don't just buy one of the better tools, then weave it into their operating systems.

"One of the reasons things haven't gotten very far is that the companies making screen readers are constantly fighting the next battle," Earl said.

Blame the ever-evolving nature of Web site designs. Once screen-reader makers figured out how to make Adobe Acrobat accessible, for instance, Adobe Flash rendered Web pages mute to blind users. Now that more Flash sites work with screen readers, the AJAX coding of the Web 2.0 era poses new challenges.

Both the challenges in making accessibility tools and the market for them are poised to expand. More young people are suffering repetitive stress disorders such as carpal tunnel syndrome, while aging Baby Boomers grapple with diminished vision, hearing, and mobility.

People whose hands and arms suffer keyboard fatigue, or worse, can use speech-to-text software that types what they speak. For them, Windows builds in voice-activated dictation and commands. Leopard enables voice-activated commands only. The rich Dragon NaturallySpeaking from Nuance runs only on Windows. For Macs, the equivalent ViaVoice (or iListen, which I haven't tested) are considered less robust.

I find each of these dictation applications awkward to use. Just spend an hour with one for a few laughs as it garbles your speech.

Nevertheless, hardware and software manufacturers appear to be paying more attention to the needs of an affluent, aging population.

"A newcomer to visual impairment tends to expect, rightly, for things to be a whole lot easier than they are," Earl said. "That pressure of lots of disappointed users might make things better for everybody."

Brier Dudley of The Seattle Times has taken Apple to task for supposedly rushing a buggy operating system out the door.

The problem with Dudley's thesis is that while there's certainly proof of bugs in Leopard, there's no proof of more bugs than in any other major OS release. See, there just isn't any non-anecdotal way to determine this because the "one need only peruse Apple's support forums" theory of applied statistics is about as useful as the "online polls say" theory but without the benefit of a bar chart. Simply put, forum postings and blog comments suffer from self-selection and are not a valid indicator of whether or not a piece of software sucks.

Perhaps a good-looking and technologically savvy reader can think of a valid statistical indicator as the Macalope is at a loss.

Dudley links to a post by Erica Sadun at the Unofficial Apple Weblog which is, frankly, ridiculously dire:

If you have only one computer and it's your production machine, don't upgrade. The 10.5 upgrade is a big one--not a small update, not a few bug fixes.

That's true and people need to take responsibility for their own decision to upgrade. You don't have to upgrade.

Lots of stuff gets broken...

This is pretty irresponsible. The Macalope--like most people--did the default upgrade and nothing was broken. Now, for some people some things may have gotten broken, and some of it may have been important or the breakage may have been severe. But the vast majority of upgrades went smoothly and "lots of stuff" is just an absurd exaggeration.

Apple didn't get its gold master out to third party developers in time for the upgrade path to proceed smoothly.

The same could be said of Tiger. That is, like it or not, Apple's m.o. But it's certainly not the reason for the biggest compatibility issues. The difference between the last developer seed of Leopard and the gold master in all likelihood means that some applications could experience minor issues at worst. If there is a single application that suffered severe problems because developers didn't get the gold master until Friday night, the Macalope has not heard of it. And his ears are particularly large and, apropos of nothing, rather furry.

None of this is to say that all those who upgraded to Leopard had a swell ol' time and that it was nothing but puppies, kittens, and flowers. But it's not like Tiger's release (or Vista's, or XP's or...) didn't have any problems. Let's try to keep it in perspective.

Of course Dudley's reliance on two "sources"--one a commenter who seems to have had an unusual (if not nearly fantastical) experience and the other a Cassandra-esque blog post--is simply silly pundit jackassery.

Our review of Mac OS X 10.5 Leopard last Thursday lauded its lovely interface innovations but withheld judgment about the operating system's speed until we could put it through its paces.

Tests returned from CNET Labs on Saturday show that Leopard didn't perform noticeably faster than Mac OS 10.4.6 Tiger. (See the chart in CNET's review of Tiger.). Because Leopard's improved speeds of between 1 percent and 3 percent fall within the 5 percent margin of error, it's fair to call Leopard and Tiger even.

GarageBand wouldn't run the first time we opened it in Leopard.

Lab tests explored Leopard's boot time, multimedia multitasking, and handling of the Quake 3 game. Similarly, the 2005 release of Tiger did not demonstrate vast speed improvements over Panther, a previous version of Mac OS X.

Still, some users commenting on Leopard-related message boards and stories at CNET and elsewhere swore that they detected faster performance with Leopard.

Unfortunately, CNET Labs could not vouch for the performance of Adobe Systems' Photoshop CS3, which, for reasons not yet understood, wouldn't run on Leopard in our usual battery of automated tests. Don't jump to conclusions, however; the photo-editing application seemed to behave under normal conditions, and Adobe insists that Photoshop can run in Leopard.

However, full Leopard support for all versions of Adobe Creative Suite 3 won't become available until Adobe releases updates in three to four months. Among the applications needing updates are AfterEffects, Premiere, Soundbooth, and Acrobat Pro 8.1.2 (PDF). Sadly, Adobe fans cannot count on running earlier iterations of the Creative Suite or Macromedia Studio uneventfully within Leopard.

Although we find Leopard's interface relatively seamless, the same can't be said for everyone's experience getting started. Some people reported installation headaches, including the famed "blue screen of death," which historically has made so many love to hate the rival Microsoft Windows. Apple has acknowledged that issue as a glitch with third-party software.

Another application that won't run properly in Leopard yet is FileMaker Pro 9, due for an update next month. Some at CNET have found other applications, such as Groupcal and Parallels, failing unexpectedly in Leopard. And although only Safari was also running at the time, GarageBand wouldn't run in our first two attempts to open it in Leopard. A reboot seemed to do the trick.

Leopard also appeared to be converting some Mail settings from administrator to standard accounts; MacFixIt explains a solution. We're looking into these and other issues, and will continue to update our Leopard review as we learn more.

Our conclusion remains that you must have Leopard if you need to run Boot Camp, and you'll want it if you eagerly await Time Machine's elegant backup system. Developers will also like the full, native 64-bit support for both Intel- and PowerPC-based Macs.

Yet the majority of obvious improvements are on Leopard's surface. That isn't necessarily a bad thing; interface tweaks like Cover Flow, Quick Look, Spaces and Stacks offer powerful, practical improvements that make it easier to multitask. The operating system overall is a treat to use, even if it's unlikely to deliver preternatural speed.

So unless $129 feels like a trifle to spend, holding off on this upgrade wouldn't hurt. Depending upon your software toolkit of choice, waiting for third-party applications to catch up to Leopard might even save some frustration.

Leopard--the future of the OS market.

(Credit: CNET Networks)

As many of you are aware, I think Windows Vista is a blunder. And with its annoying UAC system and horrifically slow operation, it won't take long before the majority of home users agree with me. If the recent figures showing Mac OS X is already gaining market share is any indication of the future, look for Leopard to outsell Vista by a staggering margin.

Simply put, Mac OS X Leopard is one of the most significant operating system achievements we have witnessed in years. Not only does it add functionality that Microsoft could only have dreamed of, it does so in a snappy environment that doesn't annoy you with pop-ups asking for permission or all of those security threats we have come to know (and hate) in Windows.

But my belief that Vista will soon bow to Leopard goes far beyond the operating system itself. In fact, the major reason Vista will succumb to Mac OS X has little to do with Apple, but quite a bit to do with Microsoft's current focus. Regardless of where you stand on the issue, one thing is abundantly clear: Microsoft fears Google and is doing everything it can to become the Google slayer instead of competing in its core business--software.

The company is on a slippery slope, and to be quite honest, I don't think it can get off too easily.