RDN should look a bit better on your iPhone these days. I migrated the whole site over to an updated version of Drupal and then made some tweaks to auto-check for the browser-type and render appropriately for mobile devices, with some special attention paid to the iPhone.

There were some "canned" solutions for this I had hoped to use that wound up not working. I am also a bit disappointed in the state of the Drupal 6 series and hope Drupal 7 kicks some serious butt, otherwise I'll be heading elsewhere for content management.

I'll be tweaking the iPhone rendering over time, but I wanted to get something up quickly in the event folks feel the need to visit the site while mobile (or if you're using a mobile Twitter client and click a link that goes to a post I made here on RDN). Once I get a decent base I'll see about submitting it to drupal.org and will definitely post a "how to" here.

If anything is broken that you relied on, let me know in the comments and I'll try to get it back in. I went light with the modules this time and disabled some features.

UPDATE: It should look even better now. Added some additional CSS and a few elements from the iUI toolkit.

I haven't been slackin'...just lots of Apple postin' on TAB...

• Twiterriffic 3.1 beta
• ScreenSteps 2 mini-review
• iPhone Development Preview
• iPhone Web Development Starter
• My Apple TV Upgrade Experience

I take a look at one of the more interesting security tools to hit Apple desktops in quite a while in TrueCrypt 5.0 Brings Plausible Deniability To OS X Users over on The Apple Blog:

If you need/desire cross-platform compatibility, then TrueCrypt is a perfect choice. You can encrypt a virtual disk image onto a USB drive and take it from Windows to Linux to OS X and gain access to your all your secret data, something that is not possible with OS X secure disk images.

Josh did the WordPress magic incantations once again and my notes on the recent update to MarsEdit is available for your critical review.

Be kind, folks...it's been a tough week.

UPDATE: Now up on TAB (Josh is teh cool) with good discussion in the comments on the efficacy of the executable.

[NOTE: Once/if Josh posts this to TAB, I'll be modifying the entry to just link over there...only posting it now in the interest of time (since it's after 1AM on the right coast). It needs to be on TAB so the widest audience gets the security fix info.]

For those that have installed Office 2008, you may have seen some news floating on the internets about improper permissions — that were created by the installer — potentially allowing another local user to access your documents. It's not a remote exploit issue and most folks are probably not vulnerable (you only need to be concerned if you've created another user on the system).

Erik Schwiebert posted instructions for a temporary fix over at Mac Mojo and Microsoft will be issuing an official patch/update to address the issue as well. Erik's instuctions require some Terminal-fu, so I wrapped them into an executable – Fix Office 2008 Permissions.

Just download/extract the archive and run the executable. You will be prompted for your password since the fix requires elevated privileges.

If you have any issues with the executable or following Erik's instructions, post them in the comments and I'll see if your particular install requires any tweaking.

New post over @ TAB on the KDE 4 port to OS X...

This week Slashdot (and many, many others) reported that KDE 4.0 has been released for Windows and OS X. KDE (K Desktop Environment) has been a popular GUI for *nix systems and there have been ways of getting it to run (mostly) on OS X prior to this native port if you were willing to use X11 on OS X). RangerRick (of OpenNMS “fame” did much of the heavy lifting for the Mac side of this project, including the package distributions.

*13* days (those devs are maniacs!) after 1.2 comes another update from the Adium folks... enhancements below, full deltas in the changelog :

• Group chats now reconnect automatically when their accounts reconnect after being disconnected (#1880)
• Greatly improved accessibility, including the chat window, the Accounts, Events, and Advanced preference panes, the File Transfer progress window, and the contact list
• Decreased Adium's memory footprint
• Jabber conferences now use the account's display name as the handle by default (#8757)
• Improved performance when connecting multiple accounts with saved passwords
• Updated the Stockholm message style (#8353)
• Added date opened property (#8859) [AppleScript]
• Allowed access to service images for accounts [AppleScript]
• Added a global status property [AppleScript]
• Updated Norwegian localization
• Added Slovenian localization

Who sez Twitter is just a bunch of noise! (they are @Adium. Me, I'm just @hrbrmstr, but you'll get tweets when Mary & I post!)

Here is what was fixed, security-wise in the 1.1.3 update:

Foundation
CVE-ID: CVE-2008-0035
Available for: iPhone v1.0 through v1.1.2, iPod touch v1.1 through 1.1.2
Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of URLs.

Passcode Lock
CVE-ID: CVE-2008-0034
Available for: iPhone v1.0 through v1.1.2
Impact: An unauthorized user may bypass the Passcode Lock and launch iPhone applications
Description: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode. This update addresses the issue through an improved check on the state of the Passcode Lock.

Safari
CVE-ID: CVE-2007-5858
Available for: iPhone v1.0 through v1.1.2, iPod touch v1.1 through 1.1.2
Impact: Visiting a malicious website may result in the disclosure of sensitive information
Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy.

CVE-2008-0034 (bypassing of the passcode lock) is ugly and I hope this is the last time this feature has a vulnerability. CVE-2008-0035 is what was used by those "cool" folks to break their phones to run apps on it. I still stand by my position that it is unwise to publish the means to decimate the security of any device for the sole purpose of being able to make it do what you want it to do. Who knows how many folks were exposed to real iPhone vulnerabilities as a result of the work of these "fine" engineers.

Jobs' keynote may have been the center of attention at Macworld 2008, but Garmin took the wraps off of Bobcat, an OS X-only application that will no doubt be the center of all things Garmin GPS-related on your Mac.

It's a beta (sigh) and Universal application for OS X 10.4+. There is no word on whether they will be charging for the 1.0 release, but I suspect the app will remain free since they make the big bucks on the map$.

Bobcat has the following features:

• allows you to transfer waypoints, tracks, and routes between your Mac and Garmin device and manage your data using your Garmin maps
• provides the ability to search for points of interest from the convenience of your Mac and then send the locations to your Garmin GPS
• serves as a backup tool for your Garmin GPS. You can receive all your waypoints, routes, and tracks from your GPS and Bobcat will save them automatically

If you want to get your Garmin maps from your PC to your Mac, they've put together a guide [PDF] to help you along (you'll need MapConverter for your PC).

Here's a look at the Bobcat main screen:

I'll post a full review of Bobcat once I put it through its paces (loading my PC maps, importing from my various Garmin GPS devices and testing out the general functionality).

You can entertain yourself until then by perusing the new Mac section on Garmin's site and loading some of their Mac software. If you're at Macworld definitely stop by their booth and cheer them up (Steve can't have all the attention there).

Fire up Software Update or head on over to QuickTime's official download page to grab the 7.4 update. While it fixes:

• CVE-2008-0031: A maliciously crafted Sorensen 3 movie file may lead to arbitrary code execution
• CVE-2008-0032: A maliciously crafted movie file may lead to arbitrary code execution during the handling of Macintosh resource records
• CVE-2008-0033: A maliciously crafted movie file may lead to arbitrary code execution during parsing of Image Descriptor atoms
• CVE-2008-0036: A maliciously crafted PICT image may lead to arbitrary code execution

it does *not* fix the most recent QuickTime flaw, however, so continue to watch which sites you visit. Remember what your mother taught you: don't accept streaming media from strangers!

Another post by me over @ TAB looking at opensnoop, a cool dtrace utility that lets you monitor file opens.

Lots of good stuff came with Apple incorporating DTrace into Leopard. Load the Developer tools to get access to Instruments.app for some GUI-DTrace goodness and poke around man -k dtrace for some command-line DTrace fun.

DTrace is great for developers, but it has some security benefits as well, which I'll hopefully get some time to explain in the coming weeks.

If you're interested in what makes it to my MBPro post-Leopard, you can head over to The Apple Blog and read my latest post.

Quite the rabid followers of iStat Menus amongst the reader over there :-)

NOTE: Josh is much better at these serious article headlines than I am.

Anyone who follows LOST knows that a viral marketing campaign came out recently encouraging you to Fly Oceanic Air!

If you follow the link to download the "press release" PDF file, you'll find the following in the document properies:

What can we glean? Well, "Kelly" created the document in Microsoft Word for the Mac on an OS X 10.4.11 box pretty late at night at the end of December.

How much of this data was altered just for the viral campaign and how much is accidental cannot be said for sure, but it serves as a reminder to neutralize all the document properties before wide distribution. In this case, no special clues were revealed and no unintentional information was disclosed, but this could have been a situation where we learned more about the behind-the-scenes goings-on than we should have been able to.

(It's cool when fantasy & reality intersect with security!)

If your Desktop or Documents folders have ever been caught up in a sea of PDF files you need to read the review of Papers by fellow TAB blogger Stephanie Guertin. Looks like a pretty decent app. (And, yes, I know iTunes can already store PDF files)

Ars has a short take on the Papers as well.

Microsoft is set to release their new Office 2007 for Mac later this month and if you didn't have the opportunity to take advantage of some of the decent discount programs offered at the end of the year, here is your best bet for an inexpensive way to get the full monty of Mactopia goodness.

Rather than go directly for the whole bundle of Microsoft Office 2008 for Mac Special Media Edition-- which includes support for Microsoft Exchange and an illustration program -- at a cost of almost $500.00 (USD), consider grabbing Microsoft Office 2004 for Mac Student and Teacher instead. It will set you back around $130 (USD) and you will be eligible for a full upgrade [PDF] for just the cost of shipping.

If you bought an iPhone as an early adopter and still have store credit, you can also purchase Office 2004 at the Apple store and potentially get Microsoft's newest offering almost free.

While it is required software if you need full compatibility with its Microsoft's Windows counterpart and despise Rosetta (as I do), Numbers, Pages and Keynote are all great alternatives.