10.5.2 fixes and misses

In addition to the Time Machine security issue I reported (radar link)1, Apple has also fixed Time Machine being almost unusable on my Core Solo Mac mini due to poor graphical performance (radar link). Prior to 10.5.2, the star field animation was too taxing for the little guy. With 10.5.2 and the Leopard Graphics Update, it zips along at a perfectly respectable rate while leaving my Mac responsive enough that I can select files without needing something to keep me busy between clicks.

Unfortunately, Apple has not fixed the problem where the Leopard's new (and totally awesome) menu search can point to the wrong problem (radar link). Still, at least the arrow is close enough. I love this feature.

Two out of three is pretty good, especially considering the one left unfixed is relatively minor.

The bugs that were flagged as duplicate also seem to be fixed. Sadly, my biggest Finder pet peeve (radar link) is still present (click the image to see it demonstrated in a QuickTime movie):

petpeeve.png

I'm pretty sure this one predates Leopard.

I'm one of those who thought that 10.5, even with its bugs, was a better OS choice than 10.4. However, with 10.5.2 I can finally recommend 10.5 without even a hint of reservation.

  1. You won't be able to follow this link; it's in case anyone from Apple stumbles across this post and wants to look up these bugs. See rdar:// urls over at the red shed if you're interested in this. []

Apple claims fix to Time Machine security bug

Apple claims to have fixed the issue where applications could run automatically out of a Time Machine backup. Look for CVE-2008-0038 in Apple's About the security content of Mac OS X 10.5.2 and Security Update 2008-001 .

Thanks to Apple for mentioning me. I certainly would have reported the bug regardless, but it's a nice bonus.

The only thing I wish had happened differently was an earlier acknowledgement from Apple that they realized what I was describing and agreed it was a security problem. I didn't find out Apple considered it a problem until January 22nd, when they asked how I'd like to be credited for discovery. Most of that time I wondered if I should file more details in an attempt to convince them it really was a problem.

Note: I'm saying "claims" only because I haven't installed the update and verified the fix yet. I have no reason to disbelieve Apple. :)

Time Machine failure details

Here's what it looks like:

timemachine.png

Latest backup failed, I see. So what's the latest backup that actually worked? You can't tell here. And what failed? You can't tell that, either.

"Click that red icon!" you might think. Here's what that does:

explanation.png

That's not very helpful. It could at least tell me if the error occurred when reading, writing or in internal logic. That'd be a start.

There's a little more information in the console log, of course. What actually failed? It looks like Time Machine tripped on an email. Nothing special about that email that I can see. But how many end users are going to look in there?

Here's hoping 10.5.1 fixes a few things about Time Machine.

AppleInsider is reporting that Apple is ignoring two Mac data loss issues. One is an old bug (that really should be fixed). The other is an apparent abundance of failing hard drives:

Meanwhile, U.K.-based data-recovery firm Retrodata is warning Apple customers that they risk potential data loss due to a design flaw on certain 2.5-inch Seagate SATA drives, commonly found in notebooks such as the MacBook or MacBook Pro.

"The read/write heads are detaching from the arm and plowing deep gouges into the magnetic platter," says Retrodata Managing Director Duncan Clarke. "The damage is mostly on the inner tracks, but some scratches are on the outer track -- Track 0 -- and once that happens, the drive is normally beyond repair."

The problem is reportedly prevalent with Seagate 2.5-inch SATA drives that are manufactured in China and loaded with firmware Version 7.01. Model numbers affected include ST96812AS and ST98823AS.

Um, yeah. My first generation Intel Mac mini has a ST96812AS with firmware 7.01. I'd be a lot more worried if I wasn't using Leopard and Time Machine.

Mac OS X runs deleted applications

I filed this as radar #5574036, but it seems significant to share:

Imagine that you trash an application because of a security flaw. Say, it handles the URL type foofoo, and is proven to be a security risk. But the developer won't fix it (or hasn't fixed it yet), so you've removed the application from your hard drive to keep yourself safe.

It doesn't work that way — you're not safe. Time machine has made a copy in your time machine backup that Mac OS X will cheerfully launch without a warning.

Steps to reproduce:

  1. Have existing, up-to-date Time Machine backups.
  2. Delete a protocol handler.
  3. Visit a web site that uses that protocol.

Expected results:

  • Mac OS X will respect that the application has been removed.

Actual results:

  • Mac OS X will hand it off to the application on the Time Machine backup volume.

Update: This seems to also be true of standard Finder document bindings. I tried double clicking a TextWrangler document after deleting TextWrangler and it cheerfully launched out of the Time Machine backup. Not that I think there's anything wrong with TextWrangler; it was just a program I knew I could delete safely (and restore after).

Update #2: It was pointed out to me on the Macworld Forums by Rob Griffiths that there is a way to permanently delete a file from all backups. You need to use the context menu within time machine to delete all backups of a file. This means there's a workaround, but it's still a problem that Mac OS X launches applications from the backup folder without even a warning.

Update #3: Apparently, some don't understand why this is a bug. Let me give you a simple example: You find out Adium (for example) has an available exploit that the developers haven't patched yet. You remove Adium, but it continues to exist in your backup. You visit a web page that activates the Adium bug, and Adium is launched from your backup. That you can launch Adium from your backup is not a bug. That Mac OS X will do so automatically without confirmation is a bug. The backup should be considered a vault for the user, not Launch Services.