|
|
THIS is why I don't use Safari!
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Chicago
Status:
Offline
|
|
(View in Safari
Kagi - Kagi
It happened with my G5, and now on my fresh new Intel. I thought I had some settings
wrong, and now I realized this garbage browser was flawed all along, and still is!
Try viewing the above link, and can anybody figure out why these characters are so drunk they're tripping all over each other? I mean what the hell is this?
Half of the webpages would load up like this when I used it.
Viva Firefox.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status:
Offline
|
|
Not sure if this is a joke or what... looks fine to me. You just trolling?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2001
Location: Sydney, Australia
Status:
Offline
|
|
Site displays fine for me (Safari).
|
You can't eat all those hamburgers, you hear me you ridiculous man?
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Chicago
Status:
Offline
|
|
Trolling? Of course, there's nothing better to do on the verge of the nicest day in Chicago this year to date.
No seriously, how come 2 dif. operating systems, a PB, G5 and now this 2.66. all of which never networked or met each other. They all show Safari in this manner.
Even the Apple Start Page looks like this...!
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Looks like you have a font problem to me.
The page loads fine for me, too.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status:
Offline
|
|
Originally Posted by Headshot
...and now I realized this garbage browser was flawed all along...
Trolling? Of course, there's nothing better to do on the verge of the nicest day in Chicago this year to date.
Well.. typically when one makes such broad statements using inflammatory language it can be assumed they are flaming/trolling.
I can't explain what is going wrong. However you have to be smart enough to realize that Apple wouldn't publish their own website in a manner that wouldn't allow it to render correctly in their own browser.
The common denominator in your two computers is... you! So obviously you have done something to your installations that has affected Safari adversely.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Chicago
Status:
Offline
|
|
I'll do a clean install on my G5 when I get ready to sell it, so I'll check again on an unmolested machine.
Wonder if it has something to do with the 800 some fonts I use.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Chicago
Status:
Offline
|
|
Yeah, it's probably me. But what?
These are the possible "customizations" I employ, and I might add, cannot really live without!
You Control (all)
Unsanity Haxies
Spyder II Monitor Calibration
Imageprint RIP software
Oh well, forget it for now, I simply found Firefox to be lightyears ahead, just thought folks could use their Enigma of the Day, lol.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status:
Offline
|
|
THIS is why I use this forum less and less!
|
-- Jason
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Nov 2001
Location: fourth sector
Status:
Offline
|
|
Originally Posted by Headshot
bla bla...
Unsanity Haxies
bla bla...
nexus5.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jul 2001
Location: Behind the dryer, looking for a matching sock
Status:
Offline
|
|
Originally Posted by Headshot
Yeah, it's probably me. But what?
These are the possible "customizations" I employ, and I might add, cannot really live without!
You Control (all)
Unsanity Haxies
Spyder II Monitor Calibration
Imageprint RIP software
You have your Macs littered with haxies, yet you don't test for the problem w/o the hacks installed. And then you post a thread announcing it must be Safari's problem. Makes sense to me.
Oh well, forget it for now, I simply found Firefox to be lightyears ahead, just thought folks could use their Drama Post of the Day, lol.
Corrected for accuracy.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
800 fonts - there is probably a conflict or corruption issue. Try clearing your font caches and validating your fonts.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
@OP
You have basically answered your own question. It's ok if you prefer Firefox (I prefer Camino to Firefox, but hey, choice is good ), good. But don't blame Safari when it's not at fault here.
Chances are that it's a fonts issue and I would check your fonts as you might experience problems with other apps as well.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2004
Location: Portugal
Status:
Offline
|
|
I've had the same happen to firefox
It was a font conflict. Does that mean that you'll stop using firefox?
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by mduell
Because it's impossible for a bug to cause arbitrary code execution if a browser isn't "too integrated into the OS to be secure"?
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2003
Location: Somewhere
Status:
Offline
|
|
Originally Posted by mduell
Dude, common, get real with that. Don't take that hack too seriously. I'm suprised anyone would. It took a contest for someone to hack into Safari. Unlike the other browser we all know, I.E. no effort is necessary to jack it up.
Apple has been on point with their security updates and Mac users haven't been hurt so far so one contest loses all trust? Get real. If that convinces you Safari is not be trusted then spend an hour using Internet Explorer on Windows logging into all of your banking websites. That will bring your trust back to Safari.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2003
Location: Somewhere
Status:
Offline
|
|
Originally Posted by jasong
THIS is why I use this forum less and less!
And yet you are here right now.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Originally Posted by Chuckit
Because it's impossible for a bug to cause arbitrary code execution if a browser isn't "too integrated into the OS to be secure"?
Originally Posted by hldan
Dude, common, get real with that. Don't take that hack too seriously. I'm suprised anyone would. It took a contest for someone to hack into Safari. Unlike the other browser we all know, I.E. no effort is necessary to jack it up.
Apple has been on point with their security updates and Mac users haven't been hurt so far so one contest loses all trust? Get real. If that convinces you Safari is not be trusted then spend an hour using Internet Explorer on Windows logging into all of your banking websites. That will bring your trust back to Safari.
Visiting a web page should never allow a remote console or arbitrary code execution. Never.
As far as it "[taking] a contest for soemone to hack into Safari" this isn't the first vulnerability like this for Safari and the contest went nowhere before they added a $10k prize in addition to the MB (one analyst suggested that such an exploit is worth $20k in the black hat market).
As I implied in my post, I don't use IE anymore. I'm not sure why you're telling me to use it.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2003
Location: Somewhere
Status:
Offline
|
|
Originally Posted by mduell
Visiting a web page should never allow a remote console or arbitrary code execution. Never.
As far as it "[taking] a contest for soemone to hack into Safari" this isn't the first vulnerability like this for Safari and the contest went nowhere before they added a $10k prize in addition to the MB (one analyst suggested that such an exploit is worth $20k in the black hat market).
As I implied in my post, I don't use IE anymore. I'm not sure why you're telling me to use it.
I was making a point, it was a pun. See you took that seriously about Internet Explorer as you take that contest seriously. My whole point is aside from the actual news about Mac exploits has any Mac user reported their security being jeopardized? Has anyone reported spyware from Safari? Malware? That's my point. It's been long enough where Macs have been advertised as being relatively safe for internet use and still there's no known viruses or worms.
Safari has it's issues with rendering but security is not one of it's problems.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by mduell
Visiting a web page should never allow a remote console or arbitrary code execution. Never.
Well, duh. Nothing should allow for unintended code execution.
Anyway, my point is that your suggestion that this is somehow inherent in Safari rather than just a common bug is unfounded. We also don't know if just visiting the Web page is enough to trigger it or what. They haven't released the details of the exploit.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by Chuckit
We also don't know if just visiting the Web page is enough to trigger it or what.
They haven't released the details of the exploit.
This from computerworld:
Dino Di Zovie, who lives in New York, sent along a URL that exposed the hole. Since the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.
The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said.
The vulnerability won't be published. 3Com Corp.'s TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.
And this from the Fireball:
It is not specific to Safari; Firefox – and, I presume, Camino – are also vulnerable. Turning off Java in your browser should defend against it.
|
-HI-
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Sep 2001
Status:
Offline
|
|
Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.
That's all we got? Hey, I'm impressed! A flaw/exploit/what-have-you in Safari is not a flaw of OS X. They don't say how much user interaction is required, nor how many actual steps of interaction need to be taken for this exploit, or what it even is.
Impressive that the Mac can just sit there and be completely fine, though. I know few people paranoid to be on the internet at all on their Windows machines, and I don't blame 'em.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Originally Posted by mduell
Visiting a web page should never allow a remote console or arbitrary code execution. Never.
Agreed.
As I implied in my post, I don't use IE anymore. I'm not sure why you're telling me to use it.
You seem to confuse a few things about integration: OS X has integrated the rendering engine to a certain degree, it can be and is used by many other applications `for free' (e. g. AdiumX or TextMate). However, Safari itself isn't integrated. In the case of windows, it's different, IE is used as a file browser (which isn't true here) and this is actually a source of evil. However, I've read a few articles on how to replace IE's rendering engine with the gecko engine, for instance.
So the source of the problem is the way IE (and not necessarily just the rendering engine) is integrated into the OS. (A friend of mine crippled his Windows ME installation by deleting IE after installing Firefox, priceless )
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Originally Posted by MindFad
That's all we got? Hey, I'm impressed! A flaw/exploit/what-have-you in Safari is not a flaw of OS X.
I would say that the flaw in OS X here is that the exploit allows the hacker to take over the whole system. Fair enough (though not at all desirable) if a flaw in your browser or other software makes your home directory vulnerable, but it shouldn't be possible to own the system. This is meant to be what is different about OS X and its security cf. Windows - the contents of your home directory have always been vulnerable to malware (e.g. a trojan) ever since 10.0, but the system should remain untouched because it should be impossible for it to gain access to the root level.
Fwiw, from the descriptions I have read, all that was required was for a person to visit a specially crafted website (hence the 0 day moniker) and nothing else.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by JKT
I would say that the flaw in OS X here is that the exploit allows the hacker to take over the whole system. Fair enough (though not at all desirable) if a flaw in your browser or other software makes your home directory vulnerable, but it shouldn't be possible to own the system.
For clarification, I don't believe this is accurate. There is a separate challenge to gain root privileges, which has not been won to my knowledge. This one only grants user-level privileges.
Originally Posted by OreoCookie
You seem to confuse a few things about integration: OS X has integrated the rendering engine to a certain degree, it can be and is used by many other applications `for free' (e. g. AdiumX or TextMate). However, Safari itself isn't integrated. In the case of windows, it's different, IE is used as a file browser (which isn't true here) and this is actually a source of evil. However, I've read a few articles on how to replace IE's rendering engine with the gecko engine, for instance.
I don't think it's even fair to say WebKit is integrated into the system any more than, say, Ruby is integrated into the system. Both are included with the system and available for programs to use as they see fit, but it's not like WebKit has some kind of overly close relationship with the OS. It doesn't use secret APIs, and the system doesn't depend on WebKit for its operation.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Originally Posted by Chuckit
For clarification, I don't believe this is accurate. There is a separate challenge to gain root privileges, which has not been won to my knowledge. This one only grants user-level privileges.
You are correct - I was going on the basis of the reports I had read yesterday and it seems that they weren't entirely accurate either
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Originally Posted by Chuckit
FI don't think it's even fair to say WebKit is integrated into the system any more than, say, Ruby is integrated into the system. Both are included with the system and available for programs to use as they see fit, but it's not like WebKit has some kind of overly close relationship with the OS. It doesn't use secret APIs, and the system doesn't depend on WebKit for its operation.
That's exactly what I said, isn't it?
Also in case of IE, the problem is not the rendering engine, but that IE is so closely knit into the system (e. g. as file browser).
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by OreoCookie
That's exactly what I said, isn't it?
Also in case of IE, the problem is not the rendering engine, but that IE is so closely knit into the system (e. g. as file browser).
I was just clarifying that even WebKit is really nothing more than a framework that's distributed with the system. There's no special "integration" going on between that and the underlying layers of OS X.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by Chuckit
There is a separate challenge to gain root privileges, which has not been won to my knowledge.
This one only grants user-level privileges.
This exploit didn't -- in-and-of-itself -- gain 'root' access, (AFAIK).
However... a few so-called "local" exploits, as yet unpatched by Apple
(vis-Ã -vis MOABs #5, 15 and 21) are some of the methods an admin
intruder could employ to run scripts/commands as root, without any
user ever typing (or even knowing) a single password!!!
This shows why it's less than sensible when people scoff at "local" exploits,
arguing that *physical access* trumps everything, so therefore [supposedly]
it isn't worth the bother to fix such types of vulnerabilities.
Unfortunately, as soon as someone finds some other remote entry-point,
they instantly have a tool-chest available to them for acquiring pwnership.
I am not saying this is what happened here... but it would be possible, no?
Am I correct... MOABs #5, #15 and #21 still remain intact and ready to go?
|
-HI-
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2002
Status:
Offline
|
|
Originally Posted by OreoCookie
In the case of windows, it's different, IE is used as a file browser (which isn't true here) and this is actually a source of evil.
Is a true file browser different to being able to access a file in Safari with
file:///Users/... ?
I just dropped a folder of pictures onto my Bookmarks bar in Safari and they were all accessed fine (although Microsoft Office docs didn't show up).
Just curious.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Originally Posted by PER3
Is a true file browser different to being able to access a file in Safari with
file:///Users/... ?
I just dropped a folder of pictures onto my Bookmarks bar in Safari and they were all accessed fine (although Microsoft Office docs didn't show up).
You can view local files with Safari (well, the formats Safari can understand, e. g. various image file formats and html files), but Windows' Explorer is based on Internet Explorer, i. e. essentially IE is the Finder.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Chicago
Status:
Offline
|
|
Originally Posted by xi_hyperon
You have your Macs littered with haxies, yet you don't test for the problem w/o the hacks installed. And then you post a thread announcing it must be Safari's problem. Makes sense to me.
Corrected for accuracy.
Haxies that I really couldn't function without: Windowshades (remember that?), multiple desktops, RIP software for my business, etc.
How am I supposed to know this when I post this thread??? If I knew everything I wouldn't very well be here would I?
Besides look at all this wonder dialog this has opened up. And if Safari is that weak and vulnerable to be affected by these or a font-conflict (which doesn't seem to affect ANYTHING else) then I go back to my original statement: THIS IS WHY I DON'T USE SAFARI!
Makes sense to me.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by Headshot
And if Safari is that weak and vulnerable to be affected by these or a font-conflict (which doesn't seem to affect ANYTHING else) then I go back to my original statement: THIS IS WHY I DON'T USE SAFARI!
There are lots of valid reasons why somebody might not use Safari. I'm using Firefox right now because it's better suited to my needs here. But your misapprehensions about some weird concept of "weak software" are not one of those valid reasons.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2007
Status:
Offline
|
|
Guess what? I found that the standard fixed width font courier 13 does not always work well. Go to Safari>Preferences>Appearance and Change Fixed Width Font to Helvetica 13. At least that is what worked for me. You can view the changes as you view the page- refresh if necessary.
To review-Changed Fixed Width to Helvetica 13 or other common font. I hope it works for you!
(
Last edited by PhotoMacUser; Apr 26, 2007 at 04:20 AM.
Reason: typo- clarification)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Um, don't do that - Helvetica is not a fixed-width font. You'll break the display of some pages by choosing anything other than e.g. Andale Mono, Courier, Courier New, or Monaco (which are the fixed-width fonts that ship by default with OS X - if you've installed any others you can pick those too).
Headshot - even if Safari is the only app where your font conflict or other issue is exhibiting itself (fwiw, it won't be as e.g. other apps make use of WebKit too), you do still have a problem which needs to be solved. This isn't the first time this display issue has happened in Safari for people.
Read e.g. here for more info and a probable solution (do you have Helvetica Fractions and/or Times Phonetic fonts installed?)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2007
Status:
Offline
|
|
Originally Posted by JKT
Um, don't do that - Helvetica is not a fixed-width font. You'll break the display of some pages by choosing anything other than e.g. Andale Mono, Courier, Courier New, or Monaco (which are the fixed-width fonts that ship by default with OS X - if you've installed any others you can pick those too).
Headshot - even if Safari is the only app where your font conflict or other issue is exhibiting itself (fwiw, it won't be as e.g. other apps make use of WebKit too), you do still have a problem which needs to be solved. This isn't the first time this display issue has happened in Safari for people.
Read e.g. here for more info and a probable solution (do you have Helvetica Fractions and/or Times Phonetic fonts installed?)
I just want to be clear and I am not saying you are wrong. I can find nothing in the Apple documentation that says you "cannot" use something other than the Fixed width fonts for fixed width in the browser. It makes sense to use them for the reasons you site, however the worst that can happen is that certain pages won't look right. If that is the case I will open appearances and switch the font back to a Fixed Width. I do prefer my helvetica font and to this point I have had no conflicts. That's why they are "preferences" - they are my preferences. If you like or prefer Monaco or Andale or the ever popular Courier and have no problems knock yourself out.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: May 2002
Location: Toronto, Canada
Status:
Offline
|
|
Ahh . . . Headshot, this Kagi page looks fine to me using Safari on both PowerBooks and my iBook - all running 10.4.9. I don't understand your beef. It sounds to me you messed up some sort of setting (Text Encoding?). Consider installing a fresh copy of Safari. Consider using Pacifist for this. Google it.
Safari hack? It is a basic Java exploit (not to be confused with JavaScript). Just turn off JAVA in your browsers till a patch is offered. That's right - broweserS, as this could affect all of them. No big deal really - we went through this in the late '90s.
Have a nice day.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Mar 2007
Location: Humacao, Puerto Rico
Status:
Offline
|
|
Originally Posted by Headshot
This is a common occurrence for me in iTunes. Don't ask me why, I just know it does that.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2000
Location: New York, NY, USA
Status:
Offline
|
|
It's a font issue. For me it has often been traced to the font Helvetica Fractions, which messes things up. If you've installed MS Office, or Creative Suite, they install numerous Truetype fonts which can be auto-activated and cause the problem.
|
The era of anthropomorphizing hardware is over.
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2007
Status:
Offline
|
|
It's a font issue. I believe it was covered in MacWorld's May issue. I don't have access to it now, but they told a way to easily solve the situation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|