Apple Quietly Releases Safari 3.2 129
99BottlesOfBeerInMyF writes "Yesterday Apple quietly slipped out an update to their Safari Web browser to version 3.2. The notable feature is that it finally adds anti-phishing technology, an area where Safari has lagged behind competitors. Aside from that, it provides some security fixes, improved JavaScript performance, and a slightly newer version of Webkit, pulling their Acid3 score up to 77." Apple forums across the Net are reporting frequent crashes in Safari 3.2, some possibly caused by 3rd-party add-ons, others perhaps related to the anti-phishing feature.
Update of Windows version too? (Score:1)
Re: (Score:1, Interesting)
But for that matter, this would have passed me by in any case, since even on my MacBook I still prefer to use Firefox...
Re:Update of Windows version too? (Score:5, Informative)
Windows version is there too and it is a serious sounding security update.
The actual release notes are at http://support.apple.com/kb/HT3298 [apple.com]
You should subscribe to Apple Security Updates mailing list for non PR infested update announcements.
http://lists.apple.com/mailman/listinfo/security-announce [apple.com]
Re:Update of Windows version too? (Score:4, Informative)
TFA doesn't call this out at all - does this update the Mac version only or is Windows also at 3.2?
TFA provides a link to download the Windows version.
And? (Score:2, Interesting)
New version of Safari. Does this mean /. is turning into a slightly more fleshed-out VersionTracker? I don't see how this is newsworthy: maybe the addition of anti-phishing capabilities would be worth mentioning in passing, but a minor update which causes a few crashes is nothing new.
Re: (Score:1, Informative)
Re:And? (Score:5, Funny)
An update addressing one of the most important shortcomings of one of the most important web browsers;
We really need sarcasm tags.
Re: (Score:1, Flamebait)
Re: (Score:3, Insightful)
Re:And? (Score:5, Insightful)
Re: (Score:1)
> All in all, I'd say Safari, though not as much as Firefox, is more *important* than IE.
Why? If a site doesn't work in IE then it doesn't matter if it works in Safari - unless it's a Mac only site. If there is stuff which only works in Safari then it doesn't make any difference. Likewise, if it only breaks in Safari it doesn't make any difference. There's not many people who pay web designers to do sites for them who say 'wait - it does work properly on Safari 3.2 on Macs, doesn't it?`.
Re: (Score:1)
I guess it doesn't really matter that much. [sarcasm] Does anyone actually use IE? OK, maybe a few Windows users do. [/sarcasm] And I guess things sort of work in Opera too. Big deal. If we disregard ideologies, in my experience, pretty much anything that works in one browser will more or less work in another, at least well enough to be understood. If it doesn't, it's probably not worth looking at at all.
Re:And? (Score:4, Insightful)
I have one word for you:
iPhone
See now how important Safari is? Oh, and WebKit is used on Nokia phones too, and it's becoming a major player on the embedded browser market.
Re: (Score:3, Funny)
"iPhone Bitch!" [youtube.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And the Google phone, too, uses WebKit.
Re: (Score:3, Informative)
Apple pushED the Safari via iTunes and QuickTime updates, but Apple has not done it long time now.
Safari is possible to install via Apple Update but you need to select it first from secondary downloads list to get it. It does not come automatically.
Re: (Score:1)
the last time i upgraded iTunes it was on the list along with iTunes and Quicktime and checked by default. Apple is certainly still trying and seems to be hoping that people will install it by mistake by neglecting to uncheck it.
Re: (Score:2)
I use a mac. Two of them actually. Typing this on my macbook right now.
I can't remember the last time I browsed the web with Safari...well maybe I can. I believe the first and only site I went to was getfirefox.com.
Re: (Score:1)
Re: (Score:2)
Ditto. Safari is maybe a couple percent share, and it's not likely to grow much.
The story does seem newsworthy to me though, at least by /. standards.
Re: (Score:1)
The first two things mean you are less likely to reach the third as a conclusion, not more.
Someone who didn't like the way Apple operated would be much more likely to conclude that Safari needs anti-phishing features.
Re:And? (Score:4, Informative)
shortcoming yes, important web browser? Dude Im a mac users, a claimed Apple zealot, and all that and even I dont see the importance in Safari.
There are four major HTML rendering engines right now, two of which are commercial (Microsoft's Trident and Opera's Presto) and two of which are open-source (Mozilla's Gecko and Apple's WebKit). Of these, only WebKit is really growing right now - more and more browsers are being built on it. Safari is the reference implementation for a WebKit-based browser. That's why Safari is important.
In addition to Safari (and the mobile version of Safari used on the iPhone and iPod touch), WebKit is also used by Adobe AIR [wikipedia.org], Google Chrome [wikipedia.org], and Nokia's S60 browser [wikipedia.org]. Also, Konqueror [wikipedia.org] is still using their own KHTML, but they're working on switching over to Apple's fork [arstechnica.com], eventually.
More WebKit browsers.... (Score:1)
Google's Android, and Sun's Java FX (FCS expected by Dec 02) and Java FX Mobile (expected sometime in late Q2'2009).
Re: (Score:2)
Konqueror [wikipedia.org] is still using their own KHTML, but they're working on switching over to Apple's fork [arstechnica.com], eventually.
Very interesting, I hadn't heard of that before. The linked article is quite old, do you have any more recent information about the switch? Is it still on?
CJ
Re: (Score:2)
Konqueror [wikipedia.org] is still using their own KHTML, but they're working on switching over to Apple's fork [arstechnica.com], eventually.
Very interesting, I hadn't heard of that before. The linked article is quite old, do you have any more recent information about the switch? Is it still on?
CJ
I know nothing; I found that with Google.
Re: (Score:1)
Safari still has an annoying bug... (Score:3, Interesting)
A bit off-topic: Both Safari 3.1 and 3.2 (@ Tiger) freezes the loading progress randomly, but ping google.com still works. I have tried to reset Safari, but it didn't help.
Re: (Score:2)
Want to re-login 250 sites? (Score:4, Informative)
I tell you the real annoying bug. It erases cookies sometimes. Yes, the file itself (~Library/Cookies/Cookies.plist). It was documented by unsanity and said to be fixed at least on Intel but we, poor PPC users who made the mistake of jumping to Leopard still suffer from it.
http://www.unsanity.org/archives/apple/apple_hates_bug_filers.php [unsanity.org]
Ironically, it generally hits you when you report a bug to Apple, that is where the title comes from.
I had to restore 2.2 MB of cookies from Time Machine today.
Anto-phishing? Fuck that. (Score:4, Interesting)
Personally I don't use Safari (I don't have a Mac, nor do I use MS Windows). I just thought I would take the time to rant about "anti-phishing" things.
I always turn such "features" off on my own computers, and would do so on any computer where I was the "tech support" (after appropriate consultation and education).
Why? Because blacklists don't work. Want to not get phished? Simple instructions that even the most computerphobic person can understand:
When you want to go to the website of your bank, credit union etc., type in what you see on the printed material you have in front of you! (Alternatively, for the more computer literate folks, create a bookmark/favourite after having typed in the address from the printed material from your bank. And only access it via that link.)
Never trust a link via an email, never trust a link from another website, not even if the address looks the same. (Character encoding, bad eyes and other things can make two strings look the same, even when they aren't.)
Simple advice and works for everyone whom I've told it to. (The same with, "don't download files from your email unless you were expecting them, which is a bit over the top, but the slightly more complicated, don't download executable files got reduced somehow.)
End rant.
I did have a look at the article, and to be frank, there isn't anything exciting in there. It seems that the only reason this got to the front page is that Safari crashes a lot. Umm..., I guess I don't care.
Re:Anto-phishing? Fuck that. (Score:5, Insightful)
But anti-phishing is not about blacklists... Some might include that too but it is just a minor addon. Anti-phishing is about browser warning you when link with an anchor text "Your-Bank.com" is about to actually take you to "Your-Bank-fake.com".
Educating users is important but having a backup feature like that is helpful.
IF it was just anbout blacklists (blocking sites absolutely known to be scam) why would you turn it off? What harm would that do to you? :D
Re: (Score:2, Interesting)
Yourbank.com [slashdot.org]...
command.com [example.org]...
Umm, and I seeing a problem with that idea? Yes I am.
And the reason to turn it off, it doesn't always work (false positives, and false negatives), and it leads to a false sense of security. Like running a virus checker and then not caring about downloading random shit from the web. Better to just not download random shit from the web.
Re: (Score:2)
Better to just not download random shit from the web.
And then you'll get hit with every single virus that doesn't rely on user intervention (and there's been plenty of those on the win32 platform, let me tell you). And if somebody gets infected with, say, Sality (wraps EXE files) and sends you something, bam, you're infected, even though it came from a ``trusted'' source. Better to run a Virus Scanner AND not download random shit. It's almost like complacency will bite you, but so will ignoring the safeguards already there. I believe the correct answer is som
Re: (Score:2, Insightful)
If users could be trained, we could solve a lot of problems. Users don't care about learning, only about function.
Re: (Score:1)
>> create a bookmark/favourite after having typed in the address from the printed material from your bank. And only access it via that link.)
Some thoughts:
* Computer-phobics today don't know how to create a bookmark. Nor type a URL. They just type what they assume is some kind of address in a google bar and click the first or second result.
* Even typing a correct URL you're not free from dns-poisoning
* Sometimes I've tried to explain those issues to a couple of friends (anthropologists for reference)
Re: (Score:2, Interesting)
* Even typing a correct URL you're not free from dns-poisoning
How does a blacklist of urls address that?
Re: (Score:1)
Maybe blocking the url at start, so the browser never asks anything to the dns server.
Re: (Score:2)
Re: (Score:1)
Of course a single URL has not enough information. But (for example) if you're in China and the government poisoned the records of citibank, at least in China it is better the browser to deny access to a fake "citibank". BTW I don't imply that it is easy to implement with the current infrastructure.
Re: (Score:1)
* Computer-phobics today don't know how to create a bookmark. Nor type a URL. They just type what they assume is some kind of address in a google bar and click the first or second result.
There were two parts, the bookmark was for the slightly more literate types. As to Google, you've interviewed a random sampling of computer-phobes have you? You know what they do do you? You're making shit up aren't you.
* Even typing a correct URL you're not free from dns-poisoning
Yeah, that's why I just type in the IP addr
Re: (Score:2)
Anti-phishing techniques do not make you safe from dns-poisoning, either.
But that's why you have SSL certificates. Unless one of your CAs has gone bad, nobody will have a certificate for that domain except for the person that owns the domain.
Even if (like me) you don't trust your CAs, you can keep track of certificates by their fingerprints. There are some extensions that will keep track of certificates for you so you can be alerted if your
Re: (Score:1)
>> Anti-phishing techniques do not make you safe from dns-poisoning, either.
Totally agreed. The point (bad expressed by me) was that writing literally an URL don't make you safe. Besides, *maybe* a strong anti-phising infrastructure can help when you don't have https, if we could have a list of compromised dns servers, or zones, additionally to suspected domains...
>>But that's why you have SSL certificates. Unless one of your CAs has gone bad, nobody will have a certificate for that domain excep
Re: (Score:2)
What bugs me is the lack of documentation. Where is the data coming from? Is it offline or online (e.g. every URL submitted), how is the data secured?
1 Password added phishing protection to Safari long before Apple did and while being just a shareware developer, they gave all the details. It is powered by community powered phishtank (opendns).
Now, we gotta run Wireshark here to see where the data comes from, how it acts etc. The "live" online phishing check is a horrible privacy risk since every URL you vis
Re: (Score:2)
Yes, simple advice and education works, you should not rely on anti-phishing tools. However people make mistakes.
It is, in my opinion extremely foolish to turn off the advisories, or tell other people to do so. You don't rely on the crumple zones in your car to stop you in traffic lights either, do you? But do you argue against cars with crumple zones?
Re: (Score:1, Insightful)
When you want to go to the website of your bank, credit union etc., type in what you see on the printed material you have in front of you!
Fails to protect against DNS poisoning. Next!
Re: (Score:2)
Want to get rid of spam? Hit the delete key.
Or get a spam filter (like the nice one in Mail) which trashes 99% of the spam I get, leaving me to delete one every now and then.
This phishing filter will work for users on the same principle: protect users from a lot of phishing expeditions, leaving them to deal with the few that slip through. This also helps stop people from getting "security fatigue" that comes from being hit by crap every time they log on. Same with spam - if spam filters weren't in place, a
webkit project (Score:4, Informative)
Safari is based on Webkit [webkit.org], which can achieve an almost perfect acid3 score. Anyone using windows or macosx can easilly try it.
perfect score (Score:3, Informative)
I thought it was a perfect score. [webkit.org] Not a almost perfect score.
What I really want is some screenshots of what the anti-phishing behavior looks like. For all this talk about Safari 3.2 no one has bothered to try out the new features.
Re: (Score:2)
What I really want is some screenshots of what the anti-phishing behavior looks like. For all this talk about Safari 3.2 no one has bothered to try out the new features.
The hard part is finding known phishing sites that are still up and detected by the phishing detection. I think I did get it to work for one page (http://chaseonline.chase.com.ssl.com.kg/ [ssl.com.kg]) and it was a simple dialogue box, but I haven't been able to repeat it with any other page to confirm. Using Google to look for a test suite comes up with dozens of links to the same whitepaper about testing Firefox, but without any links to the actual test pages used. Aside from that, lots of commercial products with no
Re: (Score:2)
Re: (Score:3, Informative)
Anyone using windows can easily try it.
By downloading Chrome (or the open source version Chromium [chromium.org])
Crashes (Score:5, Informative)
Apple forums across the Net are reporting frequent crashes in Safari 3.2, some possibly caused by 3rd-party add-on
Yep, PithHelmet (anti-ad plug-in) causes 3.2 (Mac, of course) to blow up every time when using multiple tabs. Removing its bundle from /Library/Application Support/SIMBL/Plugins/ made it stable as a rock again (no problems at with about 15 tabs open, with varying kinds of embedded content), but, sadly, I'm buried with ads again.
Re:Crashes (Score:5, Informative)
Try this: Adblock for Safari [sourceforge.net]
Re: (Score:1)
Adblock for Safari
Cool dat. I use Adblock on my Firefox at work; last time I looked around this didn't exist for Safari. Wow...really helpful info on /.--what a concept! :-)
Re: (Score:2)
Try this: Adblock for Safari [sourceforge.net]
Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.
Re: (Score:2)
Try this: Adblock for Safari [sourceforge.net]
Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.
It's GPL. If you want to make it work on older operating systems, you're welcome to download the code, figure out why it doesn't work, and submit a patch. If they don't like your patch, you can fork it. Don't complain that the work other people are willing to share with you isn't good enough; they don't owe you anything.
Re: (Score:2)
Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.
It's GPL. If you want to make it work on older operating systems, you're welcome to download the code, figure out why it doesn't work, and submit a patch. If they don't like your patch, you can fork it. Don't complain that the work other people are willing to share with you isn't good enough; they don't owe you anything.
No thanks - in a world where you can freely download music and videos of the internet, "free" software better be perfect without me having to do anything.
Re: (Score:3, Informative)
It looks like another input manager though. You can't really trust "plugins" (they're not really plugins but elaborate memory hacks) like those to work when a new version of Safari comes out. The simple solution is just to use a custom CSS file that blocks ads, like the one on http://www.floppymoose.com/ [floppymoose.com].
Re:Crashes (Score:4, Informative)
What about WebKit? (Score:2, Insightful)
Re: (Score:3, Informative)
The WebKit nightly builds have been passing the ACID3 test for months and are still 4 times faster than Safari 3.2 according to the SunSpider Javascript Benchmark. Why is Safari so far behind?
They're probably still working out bugs between Webkit and the applications they have that use it. As I mentioned in the summary, however, most of the javascript improvements seem to have made it in this time. On my machine Safari was getting about 11 on the sunspider test, before this update and is now getting about 3. The nightly of Webkit on the same machine comes in at 1, which is better yet, but not that significantly.
Re: (Score:2)
Apple loudly released Safari 3.1 (Score:5, Funny)
Re:Apple loudly released Safari 3.1 (Score:5, Funny)
Its odd that Apple released this version quietly. Last time a major point release was available, Steve Jobs was walking down the streets of Cupertino firing a shotgun into the air screaming, [..] followed by USC Trojan band
I guess the anti-phishing feature filtered out the Trojans this time then? ;-)
Re: (Score:2)
Re: (Score:1)
That's a lie (Score:3, Funny)
The Trojan marching band only knows how to play one song.
Great. (Score:3, Funny)
Apple Quietly Releases Safari 3.2
Great, now you've gone and blabbed their secret to everybody.
EV-SSL (Score:5, Informative)
It also now supports EV-SSL. That and the anti-phishing were two major beefs of companies like PayPal.
I wonder what really got fixed... (Score:2, Insightful)
There is something a little odd about this particular update-- Safari on my Mac had been acting very strangely lately-sucking up lots of processor, computer acting a bit odd. This is unusual. This seems to have been fixed by the update. Maybe just a coincidence?
The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!
Re: (Score:1)
I'm not sure (lousy memory etc), but I believe (some) previous Safari updates have required a reboot too. It might have something to do with the Webkit engine being used by apps other than Safari
Re: (Score:3, Informative)
The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!
It replaces more than the Safari application. It also, slightly, updates Webkit, which is a core library that numerous programs use. You can get by without rebooting if you just kill the update at the end then restart all the programs that use Webkit... but that's a bit advanced for most people and a reboot is easy.
The erratic behavior of Safari could be caused by damaged resources which were replaced in this update, making it more useful to you than the average bloke.
"Quietly"? (Score:5, Insightful)
How does putting Safari 3.2 on Software Update, where by default it will be received by every internet-connected Mac OS X user in the world, count as a release that was "quietly slipped out"?
Granted, they're the new Bad Guy on /., but can we be a little less lazy and more accurate in our snide characterization of Apple's activities?
Re: (Score:2)
Well, if they announced it weeks in advance, over a bullhorn, with a marching band, it would have been released loudly.
Re: (Score:2)
Granted, they're the new Bad Guy on /., but can we be a little less lazy and more accurate in our snide characterization of Apple's activities?
We're going to be snarky until they bring back anti-glare screens.
They released it QUIETLY for a reason... (Score:1)
*sigh*
Don't pay so much attention to the Acid3 score (Score:1, Informative)
If a browser doesn't score a 100 on the Acid3 test, it fails. Period. A browser that scores an 18 doesn't fail any more (at least officially) than one that scores an 88. They both fail, and that's it. What's more, a browser could theoretically get a 100 and still fail the test. In order to pass, you need a score of 100 and the test page needs to look pixel-for-pixel like the reference rendering (which is a little redundant, but that's what it says on the test page itself).
Re: (Score:3, Informative)
If a browser doesn't score a 100 on the Acid3 test, it fails. Period. A browser that scores an 18 doesn't fail any more (at least officially) than one that scores an 88.
Then why do they bother with scores instead of just putting up the word "pass" or "fail"? Each part of the test hits a problem area of rendering and the more points a browser gets, the more of those cases they are compliant for. Higher scores do translate into greater standards compliance for the tested set.
In order to pass, you need a score of 100 and the test page needs to look pixel-for-pixel like the reference rendering (which is a little redundant, but that's what it says on the test page itself).
More than that, it has to run the animation smoothly using the specified reference hardware... at least according to the authors of the test.
The higher score should raise a footnote perhaps, but you shouldn't be too concerned about it.
It's more abut how current the version of Webkit they're incl
Re: (Score:2)
http://trac.webkit.org/log/branches/Safari-3-2-branch [webkit.org] shows it's a fork of the Saf 3.1 branch with selected patches.
Re: (Score:2)
The latest nightlies are at 100 on Acid3, so, yeah.
Re: (Score:1)
Reboot (Score:2, Informative)
Re: (Score:2)
Could be worse, you could have to reboot your *server* because of a browser update. I hate that OSX server forces you to update iTunes and Safari and other crap just to get updates for other things.
Re: (Score:1)
Simply uninstall safari and iTunes on your server, depending on your mileage for "server", they're useless anyway and shouldn't be installed on the box.
Yes, the Apple gui installer doesn't give you a way to do so, but there are tons of free 3rd party tools to accomplish this.
Re: (Score:2)
Bollocks. You can choose to ignore any update that comes down the pipe from Software Update. Uninstall iTunes and ignore all subsequent updates to it, it's not needed on a server. Maybe you should be a better admin! :)
Re: (Score:1)
Well, the reasoning is simply that the update swapped some shared libraries, which are in use by more than a few known applications.
Of course, Apple might say "Please restart at least your browser after updating and any other open application which somehow misbehaves", but many people do fail to do so ("well, I'll do it later" - and suddenly remember that thought once their browser plugins break down). And the fail-safe enduser-doable "solution" to this is simply to reboot their box. The default button in
Twitter? (Score:2)
Did they really link to a twitter post? Wow.
Anti-Phishing (Score:1)
What's next, and how do you turn it off? (Score:2)
I really wish that instead of copying failed technology from Microsoft (like the whole travesty of their 'you downloaded this file from the interwebs, oh noes!' security dialogs) they would recognize when something is "security theatre" and NOT follow the crowd. What's next, antivirus?
How do you turn their "anti phishing" bloatware off?
Don't turn it off (Score:2)
It earned its keep when I signed onto my bank. I got through the the first layer of security, and the lock appeared. When my password was validated, and I went to the main page, there was the name of the Bank, outlined in green. If I'm stupid, and get fooled by a phishing scam, I'll remember to look in the upper right corner. About time, really. Apple should have done this much sooner, like Firefox and IE.
Re:Quietly? (Score:5, Funny)
I'm sure they attempted to force it on every user with iTunes... hardly quiet.
I hear they're working on iLube to adress this problem.
Re:Quietly? (Score:4, Informative)
Worse, I downloaded Safari for Windows for testing and they tried to force iTunes on me. They said it was a security update. I've since removed their update 'service' (like servicing a cow) and I guess I'll have to update Safari manually.
Admittedly, this was a while back and maybe they've cleaned up their act. Then again, Firefox 3.0.4 refuses to install because I need to run as an account with more rights than a full administrator. All I need now is Opera to give me grief.
Re: (Score:2)
Admittedly, this was a while back and maybe they've cleaned up their act
They haven't. Their updater for a few programs I barely use is more intrusive than any other updater on my computer. How does that make any sense?
Re: (Score:2)
They seperated "Updates" with "New Software" now so you won't be pushed iTunes or other kind of software. So you better re install Apple software update (Safari installer should do it)
This one is indeed a serious security update on Windows (and OS X), check http://support.apple.com/kb/HT3298 [apple.com] for reference.
Re: (Score:2)
There was an older version of Apple Software Update that tried to install new applications as if they were updates. People (rightly) bitched, and Apple quickly fixed it.
If you're using a recent version of Apple Software Update, and it tries to download an update to iTunes (rather than just offering it as an optional download if you want), it's because you already have an old version of iTunes installed.
Re: (Score:2)
I would rather take a nice walk in the park and feed sqiuirrels
But 'Safari' sounds a lot cooler than 'Bag of Peanuts' as a name for a browser.
Re: (Score:2)
And what better way is there to go meet Nelson Malambe or Chief John Aka Bamba, than on a Safari to their homeland?
Re: (Score:1)
I would rather take a nice walk in the park and feed sqiuirrels
But 'Safari' sounds a lot cooler than 'Bag of Peanuts' as a name for a browser.
Their former browser was called "CyberDog", and it referred to a dog just strawling around the cyberspace. "Safari" also feels like a nice trip, but in less comfortable places. Just fyi'ing. Back on topic: the anti-phishing thingy was something I was waiting for: Mac-users aren't immune to phishing, whatever they say. I did the Sonicwall Phishing Test http://www.sonicwall.com/phishing/ [sonicwall.com] with my class and none of my students passed. Most of them too gullible. Something Mac-users might or might not recognise.