Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Software Businesses Apple

Apple Quietly Releases Safari 3.2 129

99BottlesOfBeerInMyF writes "Yesterday Apple quietly slipped out an update to their Safari Web browser to version 3.2. The notable feature is that it finally adds anti-phishing technology, an area where Safari has lagged behind competitors. Aside from that, it provides some security fixes, improved JavaScript performance, and a slightly newer version of Webkit, pulling their Acid3 score up to 77." Apple forums across the Net are reporting frequent crashes in Safari 3.2, some possibly caused by 3rd-party add-ons, others perhaps related to the anti-phishing feature.
This discussion has been archived. No new comments can be posted.

Apple Quietly Releases Safari 3.2

Comments Filter:
  • TFA doesn't call this out at all - does this update the Mac version only or is Windows also at 3.2?
  • And? (Score:2, Interesting)

    by jrothwell97 ( 968062 )

    New version of Safari. Does this mean /. is turning into a slightly more fleshed-out VersionTracker? I don't see how this is newsworthy: maybe the addition of anti-phishing capabilities would be worth mentioning in passing, but a minor update which causes a few crashes is nothing new.

    • Re: (Score:1, Informative)

      An update addressing one of the most important shortcomings of one of the most important web browsers; I fail to fail to find this noteworthy.
      • Re:And? (Score:5, Funny)

        by neuromanc3r ( 1119631 ) on Sunday November 16, 2008 @08:54AM (#25777001)

        An update addressing one of the most important shortcomings of one of the most important web browsers;

        We really need sarcasm tags.

      • Re: (Score:1, Flamebait)

        Comment removed based on user account deletion
        • Re: (Score:3, Insightful)

          It's the most important for mac users. Mac users may not be the majority but I don't think it's contentious to say they're an important minority.
          • Re:And? (Score:5, Insightful)

            by InsurrctionConsltant ( 1305287 ) on Sunday November 16, 2008 @09:43AM (#25777239)
            What's more, Safari is playing a great role in creating an "arms race of web standards". All in all, I'd say Safari, though not as much as Firefox, is more *important* than IE.
            • by Threni ( 635302 )

              > All in all, I'd say Safari, though not as much as Firefox, is more *important* than IE.

              Why? If a site doesn't work in IE then it doesn't matter if it works in Safari - unless it's a Mac only site. If there is stuff which only works in Safari then it doesn't make any difference. Likewise, if it only breaks in Safari it doesn't make any difference. There's not many people who pay web designers to do sites for them who say 'wait - it does work properly on Safari 3.2 on Macs, doesn't it?`.

          • by babyrat ( 314371 )

            I use a mac. Two of them actually. Typing this on my macbook right now.

            I can't remember the last time I browsed the web with Safari...well maybe I can. I believe the first and only site I went to was getfirefox.com.

        • Ditto. Safari is maybe a couple percent share, and it's not likely to grow much.

          The story does seem newsworthy to me though, at least by /. standards.

        • by maxume ( 22995 )

          The first two things mean you are less likely to reach the third as a conclusion, not more.

          Someone who didn't like the way Apple operated would be much more likely to conclude that Safari needs anti-phishing features.

        • Re:And? (Score:4, Informative)

          by Phroggy ( 441 ) <slashdot3@@@phroggy...com> on Sunday November 16, 2008 @04:09PM (#25779795) Homepage

          shortcoming yes, important web browser? Dude Im a mac users, a claimed Apple zealot, and all that and even I dont see the importance in Safari.

          There are four major HTML rendering engines right now, two of which are commercial (Microsoft's Trident and Opera's Presto) and two of which are open-source (Mozilla's Gecko and Apple's WebKit). Of these, only WebKit is really growing right now - more and more browsers are being built on it. Safari is the reference implementation for a WebKit-based browser. That's why Safari is important.

          In addition to Safari (and the mobile version of Safari used on the iPhone and iPod touch), WebKit is also used by Adobe AIR [wikipedia.org], Google Chrome [wikipedia.org], and Nokia's S60 browser [wikipedia.org]. Also, Konqueror [wikipedia.org] is still using their own KHTML, but they're working on switching over to Apple's fork [arstechnica.com], eventually.

        • by Ofenza ( 928943 )
          I believe the importance resides in WebKit and how Safari made it (KHTML) the new rendering engine. Chrome uses it, I.E. will probably start using it to... I ask other slashdotters to correct me if I'm wrong.
  • by Gundamdriver ( 1288510 ) on Sunday November 16, 2008 @08:29AM (#25776913)

    A bit off-topic: Both Safari 3.1 and 3.2 (@ Tiger) freezes the loading progress randomly, but ping google.com still works. I have tried to reset Safari, but it didn't help.

  • by apathy maybe ( 922212 ) on Sunday November 16, 2008 @08:35AM (#25776933) Homepage Journal

    Personally I don't use Safari (I don't have a Mac, nor do I use MS Windows). I just thought I would take the time to rant about "anti-phishing" things.

    I always turn such "features" off on my own computers, and would do so on any computer where I was the "tech support" (after appropriate consultation and education).

    Why? Because blacklists don't work. Want to not get phished? Simple instructions that even the most computerphobic person can understand:

    When you want to go to the website of your bank, credit union etc., type in what you see on the printed material you have in front of you! (Alternatively, for the more computer literate folks, create a bookmark/favourite after having typed in the address from the printed material from your bank. And only access it via that link.)

    Never trust a link via an email, never trust a link from another website, not even if the address looks the same. (Character encoding, bad eyes and other things can make two strings look the same, even when they aren't.)

    Simple advice and works for everyone whom I've told it to. (The same with, "don't download files from your email unless you were expecting them, which is a bit over the top, but the slightly more complicated, don't download executable files got reduced somehow.)

    End rant.

    I did have a look at the article, and to be frank, there isn't anything exciting in there. It seems that the only reason this got to the front page is that Safari crashes a lot. Umm..., I guess I don't care.

    • by Anonymous Coward on Sunday November 16, 2008 @08:56AM (#25777005)

      But anti-phishing is not about blacklists... Some might include that too but it is just a minor addon. Anti-phishing is about browser warning you when link with an anchor text "Your-Bank.com" is about to actually take you to "Your-Bank-fake.com".

      Educating users is important but having a backup feature like that is helpful.

      IF it was just anbout blacklists (blocking sites absolutely known to be scam) why would you turn it off? What harm would that do to you? :D

      • Re: (Score:2, Interesting)

        Yourbank.com [slashdot.org]...

        command.com [example.org]...

        Umm, and I seeing a problem with that idea? Yes I am.

        And the reason to turn it off, it doesn't always work (false positives, and false negatives), and it leads to a false sense of security. Like running a virus checker and then not caring about downloading random shit from the web. Better to just not download random shit from the web.

        • Better to just not download random shit from the web.

          And then you'll get hit with every single virus that doesn't rely on user intervention (and there's been plenty of those on the win32 platform, let me tell you). And if somebody gets infected with, say, Sality (wraps EXE files) and sends you something, bam, you're infected, even though it came from a ``trusted'' source. Better to run a Virus Scanner AND not download random shit. It's almost like complacency will bite you, but so will ignoring the safeguards already there. I believe the correct answer is som

    • >> create a bookmark/favourite after having typed in the address from the printed material from your bank. And only access it via that link.)

      Some thoughts:

      * Computer-phobics today don't know how to create a bookmark. Nor type a URL. They just type what they assume is some kind of address in a google bar and click the first or second result.
      * Even typing a correct URL you're not free from dns-poisoning
      * Sometimes I've tried to explain those issues to a couple of friends (anthropologists for reference)

      • Re: (Score:2, Interesting)

        by shitzu ( 931108 )

        * Even typing a correct URL you're not free from dns-poisoning

        How does a blacklist of urls address that?

        • Maybe blocking the url at start, so the browser never asks anything to the dns server.

          • Blocking what URL, "http://www.citibank.com/"? DNS cache poisoning attacks valid domains.
            • Of course a single URL has not enough information. But (for example) if you're in China and the government poisoned the records of citibank, at least in China it is better the browser to deny access to a fake "citibank". BTW I don't imply that it is easy to implement with the current infrastructure.

      • * Computer-phobics today don't know how to create a bookmark. Nor type a URL. They just type what they assume is some kind of address in a google bar and click the first or second result.

        There were two parts, the bookmark was for the slightly more literate types. As to Google, you've interviewed a random sampling of computer-phobes have you? You know what they do do you? You're making shit up aren't you.

        * Even typing a correct URL you're not free from dns-poisoning
        Yeah, that's why I just type in the IP addr

      • * Even typing a correct URL you're not free from dns-poisoning

        Anti-phishing techniques do not make you safe from dns-poisoning, either.

        But that's why you have SSL certificates. Unless one of your CAs has gone bad, nobody will have a certificate for that domain except for the person that owns the domain.

        Even if (like me) you don't trust your CAs, you can keep track of certificates by their fingerprints. There are some extensions that will keep track of certificates for you so you can be alerted if your

        • >> Anti-phishing techniques do not make you safe from dns-poisoning, either.

          Totally agreed. The point (bad expressed by me) was that writing literally an URL don't make you safe. Besides, *maybe* a strong anti-phising infrastructure can help when you don't have https, if we could have a list of compromised dns servers, or zones, additionally to suspected domains...

          >>But that's why you have SSL certificates. Unless one of your CAs has gone bad, nobody will have a certificate for that domain excep

    • by Ilgaz ( 86384 )

      What bugs me is the lack of documentation. Where is the data coming from? Is it offline or online (e.g. every URL submitted), how is the data secured?

      1 Password added phishing protection to Safari long before Apple did and while being just a shareware developer, they gave all the details. It is powered by community powered phishtank (opendns).

      Now, we gotta run Wireshark here to see where the data comes from, how it acts etc. The "live" online phishing check is a horrible privacy risk since every URL you vis

    • Yes, simple advice and education works, you should not rely on anti-phishing tools. However people make mistakes.

      It is, in my opinion extremely foolish to turn off the advisories, or tell other people to do so. You don't rely on the crumple zones in your car to stop you in traffic lights either, do you? But do you argue against cars with crumple zones?

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      When you want to go to the website of your bank, credit union etc., type in what you see on the printed material you have in front of you!

      Fails to protect against DNS poisoning. Next!

    • by martinX ( 672498 )

      Want to get rid of spam? Hit the delete key.

      Or get a spam filter (like the nice one in Mail) which trashes 99% of the spam I get, leaving me to delete one every now and then.

      This phishing filter will work for users on the same principle: protect users from a lot of phishing expeditions, leaving them to deal with the few that slip through. This also helps stop people from getting "security fatigue" that comes from being hit by crap every time they log on. Same with spam - if spam filters weren't in place, a

  • webkit project (Score:4, Informative)

    by thanasakis ( 225405 ) on Sunday November 16, 2008 @08:43AM (#25776963)

    Safari is based on Webkit [webkit.org], which can achieve an almost perfect acid3 score. Anyone using windows or macosx can easilly try it.

    • perfect score (Score:3, Informative)

      by edalytical ( 671270 )

      I thought it was a perfect score. [webkit.org] Not a almost perfect score.

      What I really want is some screenshots of what the anti-phishing behavior looks like. For all this talk about Safari 3.2 no one has bothered to try out the new features.

      • What I really want is some screenshots of what the anti-phishing behavior looks like. For all this talk about Safari 3.2 no one has bothered to try out the new features.

        The hard part is finding known phishing sites that are still up and detected by the phishing detection. I think I did get it to work for one page (http://chaseonline.chase.com.ssl.com.kg/ [ssl.com.kg]) and it was a simple dialogue box, but I haven't been able to repeat it with any other page to confirm. Using Google to look for a test suite comes up with dozens of links to the same whitepaper about testing Firefox, but without any links to the actual test pages used. Aside from that, lots of commercial products with no

        • Just FYI, I can confirm that Safari 3.2 (Mac) does put up a dialog box when I clicked on the link included in the above post.
    • Re: (Score:3, Informative)

      by Tubal-Cain ( 1289912 ) *

      Anyone using windows can easily try it.

      By downloading Chrome (or the open source version Chromium [chromium.org])

  • Crashes (Score:5, Informative)

    by Rick Zeman ( 15628 ) on Sunday November 16, 2008 @08:50AM (#25776989)

    Apple forums across the Net are reporting frequent crashes in Safari 3.2, some possibly caused by 3rd-party add-on

    Yep, PithHelmet (anti-ad plug-in) causes 3.2 (Mac, of course) to blow up every time when using multiple tabs. Removing its bundle from /Library/Application Support/SIMBL/Plugins/ made it stable as a rock again (no problems at with about 15 tabs open, with varying kinds of embedded content), but, sadly, I'm buried with ads again.

    • Re:Crashes (Score:5, Informative)

      by frdmfghtr ( 603968 ) on Sunday November 16, 2008 @08:55AM (#25777003)

      Yep, PithHelmet (anti-ad plug-in) causes 3.2 (Mac, of course) to blow up every time when using multiple tabs. Removing its bundle from /Library/Application Support/SIMBL/Plugins/ made it stable as a rock again (no problems at with about 15 tabs open, with varying kinds of embedded content), but, sadly, I'm buried with ads again.

      Try this: Adblock for Safari [sourceforge.net]

      • Adblock for Safari

        Cool dat. I use Adblock on my Firefox at work; last time I looked around this didn't exist for Safari. Wow...really helpful info on /.--what a concept! :-)

      • by Lars T. ( 470328 )

        Try this: Adblock for Safari [sourceforge.net]

        Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.

        • by Phroggy ( 441 )

          Try this: Adblock for Safari [sourceforge.net]

          Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.

          It's GPL. If you want to make it work on older operating systems, you're welcome to download the code, figure out why it doesn't work, and submit a patch. If they don't like your patch, you can fork it. Don't complain that the work other people are willing to share with you isn't good enough; they don't owe you anything.

          • by Lars T. ( 470328 )

            Hey, great, a OSS Adblock software that requires you have the latest OS. Yeah, I'd pay to use that.

            It's GPL. If you want to make it work on older operating systems, you're welcome to download the code, figure out why it doesn't work, and submit a patch. If they don't like your patch, you can fork it. Don't complain that the work other people are willing to share with you isn't good enough; they don't owe you anything.

            No thanks - in a world where you can freely download music and videos of the internet, "free" software better be perfect without me having to do anything.

      • Re: (Score:3, Informative)

        It looks like another input manager though. You can't really trust "plugins" (they're not really plugins but elaborate memory hacks) like those to work when a new version of Safari comes out. The simple solution is just to use a custom CSS file that blocks ads, like the one on http://www.floppymoose.com/ [floppymoose.com].

    • Re:Crashes (Score:4, Informative)

      by DavidDK ( 48129 ) on Sunday November 16, 2008 @08:56AM (#25777009)
      GlimmerBlocker [glimmerblocker.org] is a more stable ad-blocker. It's an http proxy and not an awful InputManager hack, so you can freely upgrade Safari without having Safari going into crash me mode.
  • What about WebKit? (Score:2, Insightful)

    by oreaq ( 817314 )
    The WebKit nightly builds have been passing the ACID3 test for months and are still 4 times faster than Safari 3.2 according to the SunSpider Javascript Benchmark. Why is Safari so far behind?
    • Re: (Score:3, Informative)

      The WebKit nightly builds have been passing the ACID3 test for months and are still 4 times faster than Safari 3.2 according to the SunSpider Javascript Benchmark. Why is Safari so far behind?

      They're probably still working out bugs between Webkit and the applications they have that use it. As I mentioned in the summary, however, most of the javascript improvements seem to have made it in this time. On my machine Safari was getting about 11 on the sunspider test, before this update and is now getting about 3. The nightly of Webkit on the same machine comes in at 1, which is better yet, but not that significantly.

    • WebKit ToT is nowhere near as stable as the Saf3.2 branch. It crashes a bit more, and there are a lot of regressions (of websites breaking). Currently, there are 225 P1 (priority 1, i.e., top priority) bugs [webkit.org]. It's nowhere near shippable.
  • by toupsie ( 88295 ) on Sunday November 16, 2008 @09:13AM (#25777081) Homepage
    Its odd that Apple released this version quietly. Last time a major point release was available, Steve Jobs was walking down the streets of Cupertino firing a shotgun into the air screaming, "Time to download the next motherf*cking version of Safari!" followed by USC Trojan band playing John Philip Sousa marches.
  • Great. (Score:3, Funny)

    by danwesnor ( 896499 ) on Sunday November 16, 2008 @09:27AM (#25777153)

    Apple Quietly Releases Safari 3.2

    Great, now you've gone and blabbed their secret to everybody.

  • EV-SSL (Score:5, Informative)

    by lseltzer ( 311306 ) on Sunday November 16, 2008 @09:27AM (#25777155)

    It also now supports EV-SSL. That and the anti-phishing were two major beefs of companies like PayPal.

  • There is something a little odd about this particular update-- Safari on my Mac had been acting very strangely lately-sucking up lots of processor, computer acting a bit odd. This is unusual. This seems to have been fixed by the update. Maybe just a coincidence?

    The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!

    • by zaajats ( 904507 )

      The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!

      I'm not sure (lousy memory etc), but I believe (some) previous Safari updates have required a reboot too. It might have something to do with the Webkit engine being used by apps other than Safari

    • Re: (Score:3, Informative)

      The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!

      It replaces more than the Safari application. It also, slightly, updates Webkit, which is a core library that numerous programs use. You can get by without rebooting if you just kill the update at the end then restart all the programs that use Webkit... but that's a bit advanced for most people and a reboot is easy.

      The erratic behavior of Safari could be caused by damaged resources which were replaced in this update, making it more useful to you than the average bloke.

  • "Quietly"? (Score:5, Insightful)

    by realinvalidname ( 529939 ) on Sunday November 16, 2008 @01:32PM (#25778805) Homepage

    How does putting Safari 3.2 on Software Update, where by default it will be received by every internet-connected Mac OS X user in the world, count as a release that was "quietly slipped out"?

    Granted, they're the new Bad Guy on /., but can we be a little less lazy and more accurate in our snide characterization of Apple's activities?

    • How does putting Safari 3.2 on Software Update, where by default it will be received by every internet-connected Mac OS X user in the world, count as a release that was "quietly slipped out"?

      Well, if they announced it weeks in advance, over a bullhorn, with a marching band, it would have been released loudly.

    • Granted, they're the new Bad Guy on /., but can we be a little less lazy and more accurate in our snide characterization of Apple's activities?

      We're going to be snarky until they bring back anti-glare screens.

  • ...now it's been posted on /. everyone's gonna hear about it

    *sigh*
  • by Anonymous Coward

    pulling their Acid3 score up to 77.

    If a browser doesn't score a 100 on the Acid3 test, it fails. Period. A browser that scores an 18 doesn't fail any more (at least officially) than one that scores an 88. They both fail, and that's it. What's more, a browser could theoretically get a 100 and still fail the test. In order to pass, you need a score of 100 and the test page needs to look pixel-for-pixel like the reference rendering (which is a little redundant, but that's what it says on the test page itself).

    • Re: (Score:3, Informative)

      If a browser doesn't score a 100 on the Acid3 test, it fails. Period. A browser that scores an 18 doesn't fail any more (at least officially) than one that scores an 88.

      Then why do they bother with scores instead of just putting up the word "pass" or "fail"? Each part of the test hits a problem area of rendering and the more points a browser gets, the more of those cases they are compliant for. Higher scores do translate into greater standards compliance for the tested set.

      In order to pass, you need a score of 100 and the test page needs to look pixel-for-pixel like the reference rendering (which is a little redundant, but that's what it says on the test page itself).

      More than that, it has to run the animation smoothly using the specified reference hardware... at least according to the authors of the test.

      The higher score should raise a footnote perhaps, but you shouldn't be too concerned about it.

      It's more abut how current the version of Webkit they're incl

    • The latest nightlies are at 100 on Acid3, so, yeah.

    • by MacDork ( 560499 )
      Not only that, but the animation has to render smoothly as well. The browser can be capable of passing, but fail because the hardware is old and slow. Anyway, you aren't going to get a 100 with 3.2, but that's why there's webkit nightlies. [webkit.org] It's basically the latest version of Safari if you don't want to wait for Apple's official release.
  • Reboot (Score:2, Informative)

    by saunabad ( 664414 )
    And it looks like once again I'll have to reboot my Leopard macbook because of an update in a fucking web browser application. I've been really quite happy with OS X for last five years but lately this all has become really rather pointless. Too many lock-ups, too many bugs, too many reboots. Didn't see any of that with my iBook running Panther before. Looks like Apple tries to compete with price and the quality is gone.
    • Could be worse, you could have to reboot your *server* because of a browser update. I hate that OSX server forces you to update iTunes and Safari and other crap just to get updates for other things.

      • by ista ( 71787 )

        Simply uninstall safari and iTunes on your server, depending on your mileage for "server", they're useless anyway and shouldn't be installed on the box.

        Yes, the Apple gui installer doesn't give you a way to do so, but there are tons of free 3rd party tools to accomplish this.

      • by Pope ( 17780 )

        Bollocks. You can choose to ignore any update that comes down the pipe from Software Update. Uninstall iTunes and ignore all subsequent updates to it, it's not needed on a server. Maybe you should be a better admin! :)

    • by ista ( 71787 )

      Well, the reasoning is simply that the update swapped some shared libraries, which are in use by more than a few known applications.
      Of course, Apple might say "Please restart at least your browser after updating and any other open application which somehow misbehaves", but many people do fail to do so ("well, I'll do it later" - and suddenly remember that thought once their browser plugins break down). And the fail-safe enduser-doable "solution" to this is simply to reboot their box. The default button in

  • Did they really link to a twitter post? Wow.

  • Anti phishing software is a travesty. it slows your browsing significantly and really....who needs it? complete fkn idiots. Let the complete fkn idiots get scammed for all I care...
  • I really wish that instead of copying failed technology from Microsoft (like the whole travesty of their 'you downloaded this file from the interwebs, oh noes!' security dialogs) they would recognize when something is "security theatre" and NOT follow the crowd. What's next, antivirus?

    How do you turn their "anti phishing" bloatware off?

  • It earned its keep when I signed onto my bank. I got through the the first layer of security, and the lock appeared. When my password was validated, and I went to the main page, there was the name of the Bank, outlined in green. If I'm stupid, and get fooled by a phishing scam, I'll remember to look in the upper right corner. About time, really. Apple should have done this much sooner, like Firefox and IE.

Beware the new TTY code!

Working...