An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

orenh writes "Recent data indicate that Apple engineers have significantly lower salaries than their Silicon Valley peers: $89,000 at Apple, versus $105,000 at Yahoo and $112,000 at Google. Paying lower salaries had a major impact on Apple's bottom line when it was struggling in the market up until 2004. But now that Apple is highly profitable, these lower salaries are no longer a factor in Apple's success. Will Apple have to raise salaries to match the market rate, or face defections?"

99BottlesOfBeerInMyF writes "AppleInsider is running an article about Apple's new SproutCore Web application development framework, utilizing Javascript and some nifty HTML 5 to offer a 'Cocoa-inspired' way to create powerful Web applications. Apple built on the OSS SproutIt framework developed for an online e-mail manager called 'Mailroom.' Apple used this framework to build their new Web application suite (replacing .Mac) called MobileMe. Since SproutCore applications rely on JavaScript, it seems Apple had good reason to focus on Squirrelfish for faster JavaScript interpretation in Webkit. Apple hosted a session last Friday at WWDC introducing SproutCore to developers, but obviously NDAs prevent developers from revealing the details of that presentation. Apple has a chance here to keep the Web becoming even more proprietary as Silverlight and Flash battle it out to lock the Web application market into one proprietary format or another. Either way, this is a potential alternative, which should make the OSS crowd happy." TechDIrt's writeup on the browser evolving towards acting as an OS expands on the theme AppleInsider raises.

JD-1027 writes in to kick off a discussion of OS X Snow Leopard. Apple's stated goal: "Taking a break from adding new features, Snow Leopard — scheduled to ship in about a year — builds on Leopard's enormous innovations by delivering a new generation of core software technologies that will streamline Mac OS X, enhance its performance, and set new standards for quality." The technologies: Grand Central to get better use of multiple processors and multicore chips, OpenCL to tap the power of the GPU, 64 bit so we can finally have our 16 TB of RAM, QuickTime X for optimized modern codec performance, and built in Exchange support in iCal, Address Book, and Apple Mail that most likely will help get Macs into corporate environments. We've previously discussed ZFS in the server version of Snow Leopard."

number655321 writes "Apple has confirmed the inclusion of ZFS in the forthcoming OS X Server Snow Leopard. From Apple's site: 'For business-critical server deployments, Snow Leopard Server adds read and write support for the high-performance, 128-bit ZFS file system, which includes advanced features such as storage pooling, data redundancy, automatic error correction, dynamic volume expansion, and snapshots.' CTO of Storage Technologies at Sun Microsystems, Jeff Bonwick, is hosting a discussion on his blog. What does this mean for the 'client' version of OS X Snow Leopard?"

snydeq writes "A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers. The source code can be used to run unauthorized software on a victim's machine, and could be used by criminals in Web-based computer attacks, security experts say. The public example of the attack code allows attackers to litter a victim's desktop with executable files, an attack known as 'carpet bombing.' In combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim's computer."

In January we discussed a blog entry revealing that Apple had "crippled" its DTrace port. As the author notes in a followup post, to say that DTrace had been "crippled" was at least overstated: "Unfortunately, most reactions seized on a headline paraphrasing a line of the post — albeit with the critical negation omitted." In an updated entry, the poster notes that Apple has made good (so we have too): "One issue was that timer based probes wouldn't fire if certain applications were actively executing (e.g. iTunes). This was evident both by counting periodic probe firings, and by the absence of certain applications when profiling. The good news is that Apple has (quietly) fixed the problem in Mac OS X 10.5.3."

An anonymous reader writes "It looks like Apple and its wireless operator partners have finally figured out a way of cracking down on iPhone unlockers by making it a requirement to sign up for a contract before you can get your hands one. "It's obvious why this has happened though. This method means you're tied into a contract, or you're paying O2 and Apple a massive wad of cash for the privilege of owning a 3G iPhone. We're disappointed about this decision, but it does make business sense." Both ATT in the US and O2 in the UK are implementing the new activation system on July 11th, when the iPhone 3G goes on sale."

Many of us have been watching Apple's WWDC 2008 keynote unfold live. There are many exciting tidbits, but most of all is the announcement of the 3G iPhone. Featuring an even thinner profile, black plastic back, metal buttons, flush headphone jack, improved audio, GPS support, and improved battery life, this is bound to make quite a few people stand up and take notice. Update 18:54 GMT by SM: Best of all it looks like they really took the price point to heart, 8GB iPhones are now $199 and a 16GB model will be available for $299, coming to an Apple store riot near you on July 11,2008.

Joe Jay Bee writes "The British rock band Radiohead, who previously stated that they wouldn't want to have their music on Apple's iTunes Music Store (and, indeed, were unhappy when their Kid A album was released via the store) have performed something of an about-face; virtually their entire catalog, including singles and their B-Sides, has appeared on the store. The band previously said they only wanted their work sold as complete albums, which Apple refused to go along with; however their tack has apparently changed, and all their songs are available to mix and match, including their most recent work, In Rainbows. The albums are all available in DRM-free AAC format."

Ian Lamont writes "In the runup to Apple's WWDC 2008, Chris Tompkins thinks that the iPhone's gaming potential 'might finally put the lackluster Java-based cell phone gaming market to death.' He cites the iPhone's use of Core Animation adapted for ARM processors, which he says allows for the advanced effects of OS X and now OpenGL-accelerated 3D games, as well as the importance of an on-demand store and Internet connection. Tompkins says that while certain genres lend themselves to the iPhone's touch controls, such as real-time strategy games (think StarCraft) the lack of physical controls will force developers to creatively approach the multitouch and accelerometer on the iPhone. His advice to Apple — make a compelling overture to independent game designers, and treat them like rock stars. Tompkins, incidentally, is one of several people who have recently pointed to Apple's mobile gaming potential."

TedCHoward writes "On the heels of the recent mention of HyperCard comes the launch of a brand new site called TileStack. Cnet's Webware blog writes, 'The idea behind it is to bring old HyperCard stacks back to life by putting them on the Web, meaning you can take some of those long lost creations from the late '80s and early '90s and make them working Web apps. You simply upload them to TileStack's servers and they'll be converted and hosted for just you or the entire world to use once again... Since the service runs without Flash... TileStack is perfect for the iPhone and other devices that run on the Web.' They also have a video showing the upload process."

andrewmin writes "iCall, a company well known for offering free VoIP calling for Windows users, has just announced the first iPhone app that offers free phone calls over WiFi. It's also one of the first legal (in other words, non-jailbroken) VoIP apps. I don't have an iPhone, but if I did, you can be assured that I'd be on this in a second."

mjasay sends us a link to a CNet story, which begins: "In the '20 percent time' that Google employees have to work on projects of personal interest, it turns out that an increasing number are spending time writing open-source projects for their Macs. Google has long had a fondness for the Mac, with upwards of 6,000 of its 20,000 current employees opting to use the Mac over Windows. It is in the 20 percent employee development time, however, where this statistic becomes interesting. At Google, development time translates into products. The more Mac-friendly employees, the more Mac-related development. The more Mac-related development, the more Google-sponsored Mac-based open-source code. As Google's Mac Developer Playground demonstrates, some of this code is quite interesting."

4roddas writes "Reports circulated Wednesday that Apple may demo the next iteration of Mac OS X next week or even release code to developers in preparation for an early-2009 launch. According to an account on Mac enthusiast site TUAW (The Unofficial Apple Weblog), Apple may provide early copies of Mac OS X 10.6 at next week's Worldwide Developers Conference (WWDC), which opens Monday and runs through next Friday in San Francisco. Mac OS X 10.6 will run on Intel-based hardware only, said TUAW, and so will mark the ditching of support for the older PowerPC processor-equipped Macs. Apple announced it would shift to Intel processors three years ago, and unveiled the first systems in January 2006; most analysts have said that move is largely behind the reason for Apple's renewed success selling personal computers. It has never disclosed how long it would support the PowerPC with OS upgrades, however. Ars Technica also weighed in Wednesday on Mac OS X 10.6; its sources pegged with OS with the code name 'Snow Leopard.'"

JavaScript is everywhere these days. Now WebKit, the framework behind (among others) Safari and Safari Mobile, as well as the yet-unreleased Android, is getting a new JavaScript engine called Squirrelfish, which the developers claim provides massive speedups over the previous one. The current iteration of the engine is "just the beginning," they claim; in the near future, six planned optimizations should bring even greater speed. With JavaScript surviving as a Web-page mainstay despite many early gripes, and now integral to some low-powered mobile devices, this may mean many fewer wasted seconds in the world.

Wormfan writes to share ZDNet's brief mention of and a link to "Apple's release of a ~250 page PDF of security best-practices and tips to protect Mac OS X Leopard clients. The guide is aimed at experienced users, Apple says, familiar with the Terminal application and its command-line interface."

benjymouse writes "The Register has picked up on a recent Microsoft security bulletin which urges Windows users to 'restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.' This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Essentially, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem." Now while downloading a hundred files to your desktop won't automatically execute them, Microsoft's position is that a secondary attack could execute them for you.

Achromatic1978 writes "The NYT has a story on the next revision of the iPhone, and discusses what will become of the iPhone, now that the hype is starting to slow (Jobs goal for 2008 was ten million iPhones sold — as of the first quarter, only 1.7 million have left the shelves). The WWDC is the rumored release date for a next version, and Jobs has promised that this year will see a 3G iPhone released."

jaymus of dawning writes with word that, as promised, "Apple has just released the latest major revision of OS X. The update yields improvements to tons of system components and applications including the Software Update system, Address Book, AirPort, Automater, iCal, iChat, Mail, Parental Controls, Spaces, Time Machine and VoiceOver. This release contains 200 bug fixes from 10.5.2. See Apple's release page for all the delicious details."