Title buffer overflow in Safari 3.0.2 for Windows
CNET News.com - Jun 25, '07 1:35pmA look at Ruby on Rails IDEs
InfoWorld Daily by Tom Sullivan - Jun 25, '07 2:59pmTorrentSpy begins weeding out copyright content
CNET News.com - Jun 25, '07 12:55pmApple patches Safari a second time
InfoWorld: Top News - Jun 25, '07 11:14am(InfoWorld) - Apple Friday issued security updates to patch four vulnerabilities in Mac OS X and the Safari beta, marking the second time in eight days that the company has had to fix its newest browser, which runs on both Mac and Windows XP and Vista machines.
The 2007-006 update for Mac OS X 10.3, "Panther" and 10.4 "Tiger," fixes a pair of problems in Safari -- the production-quality versions bundled with the operating system -- including a memory corruption vulnerability that could end with an attacker in control of the Mac. "Visiting a maliciously crafted Web page may lead to an unexpected application termination or arbitrary code execution," Apple said in its alert.
The second bug, and to Apple, the less serious of the two, is a cross-site scripting flaw (XSS) in Safari that could be used by phishing sites to steal usernames and passwords.
Apple Friday also updated the Safari beta, first released June 11, to version 3.0.2 for both Mac and Windows. Mac Safari 3.0.2 patches another XSS bug, while the Windows edition fixes that, plus a separate vulnerability that could let an attacker disguise the browser's address bar, perhaps as part of a spoofed site meant to trick users into divulging confidential information, such as bank account passwords.
For Mac users, 2007-006 and the Safari update are mutually exclusive. If a Mac user has installed Safari Beta 3, only the Safari update will be offered; users who haven't bothered to try out the beta will see only the standard Mac OS X update. Windows users can update Safari to 3.0.2 by downloading the new version from Apple's site, or by running the optional Apple Software Update utility.
The just-patched Safari bugs were credited to a team at Adobe Systems, as well as to researchers at Westnet, an Australian Internet service provider, and Westpoint, a U.K.-based security company. None were accredited to Dave Maynor, one of several researchers who dug up vulnerabilities within a few hours of Safari 3.0's launch last week. Maynor, who said he had found half-a-dozen bugs straight away, refuses to disclose his findings to Apple, part of a year-long feud that goes back to a wireless hack demo Maynor and another researcher gave at last August's Black Hat security conference.
"Due to the cries of 'it doesn't count, it's beta,' we are waiting to release any further information till the browser is released in a final state," Maynor said in an e-mail earlier this week.
Visual ReSharper
ASP.NET Weblogs by Bil Simser - Jun 25, '07 11:52amReSharper 3.0 is out now in final form and looks great. Here's a visual walkthrough of some of the 3.0 features, along with some old and otherwise existing ones ReSharper has to offer.
Code Analysis
ReSharper 3.0 has more code analysis features than previous versions. For example here it tells me that I can make this field read-only. Why? Because it's only ever initialized in the declaration and never gets assigned again. You'll also get this suggestion with fields that are initialized in constructors only (but this is a test fixture so there's no constructors). A quick hit of Alt + Enter and I can change this field to the suggestion ReSharper is offering.
Putting your cursor on the field and hitting Ctrl + Shift + R let's you select from a list of applicable refactorings. By applicable I mean they're context sensitive to the type, scope, and value you're looking at. For example here I get a set of refactorings I can do to a field.
Now if I hit the same shortcut on a method I get these offerings. Note that I can now invoke the Change Signature refactoring (and others) but Encapsulate Field is no longer available. ReSharper recognizes I'm in a method and not a field and does things in a smart fashion by filtering the refactoring menu down to only what's valid.
Another suggestion is when methods are only ever referenced by a local class and don't access external values or objects. In that case, ReSharper will suggest that you make the method static. This will reduce on execution time (but we're only talking about saving a few mips here, so don't get too excited).
With this (and other refactorings) you can press Alt + Enter to see a list of options. This also appears as a small light bulb in the left hand gutter and shows you a list of refactorings and optimizations you can perform on a method or variable.
Navigation
ReSharper not only offers great productivity with it's refactorings, but it really helps out when you're trying to navigate around your codebase. With a few simple keystrokes, you'll be flying through your code in no time.
You can search for a type name by pressing Ctrl + N. This brings up a window for you to type in and narrow down the search. For example here I entered "MI" which shows me all the classes that start with "MI". You'll also notice that "ModuleInfoElement" is also included. This is because the search filters on CamelCase names, which you can also filter down even further.
Here we've filtered the "MI" list down a little more by entering "MIC".
Even further we enter "MICV" which shows me the view, presenter, and fixture.
Documentation and Guidance
ReSharper also knows about your code and can tell you about it. This helps as sometimes you just don't know what a method is expecting or why a parameter is passed to a method.
Here I have my mouse cursor in the parameter to the Add method and pressed Ctrl + P to show parameters and documentation. This is culled from the XML comments in your codebase so it's important to document these!
ReSharper also has the ability to generate some simple documentation (via the Ctrl + Q key) in the form of a popup. This provides information about a type, it's visibility, and where it's located (along wtih hyperlinks to types in the popup). Very handy for jumping around (although you do have to engage the mouse).
Other Productivity Features
A few other small features that I always find useful.
Ctrl + Shift + V
This pops up a dialog which contains all of the things you've recently copied to the clipboard. You can just highlight the one you want and insert it. Very handy when you have a small snippet that you want to re-use.
Ctrl + Alt + V
One of my favorites as I hate typing out values for objects. I'd rather just create the object and not worry about it (ala Ruby) however in C# you do sometimes want a variable around. ReSharper helps you by creating a dialog for taking a method and introducing a variable. It understands the return type and even suggests a name for you. Very quick when you want to reduce the keystrokes:
There are a ton of more features that are out there. If you're interested, you should check out Joe White's 31 days of ReSharper he posted back in March/April that has a small tip every day from installation and setup to almost all of the refactorings and tools ReSharper has to offer. Awesome.
LinkedIn to open up to developers
CNET News.com - Jun 25, '07 9:42amPlaxo 3.0: Bringing web and desktop PIM together like never before
Download Squad by David Chartier - Jun 24, '07 8:00pmFiled under: Internet, Productivity, Web services, Social Software
For about a month now, the kind folks at Plaxo have allowed us to play with the beta of Plaxo 3.0, a major update to their unique service that takes the 'management' out of desktop + online PIM. As if the present version's ability to synchronize your contact and calendar information between Mac OS X, Windows, Linux and some online services wasn't enough, Plaxo's ability to automatically update your address book whenever a fellow Plaxo user changes their information was a pretty unique feature that really let the company's vision shine. After playing with this new beta, however, we feel comfortable saying that Plaxo 3.0 could very well be nothing short of revolutionary to world of data management and synchronization.
While the Plaxo folk understandably won't allow us to spill too many details, we can at least give you a general overview of what all the fuss is about. The most significant change in this upcoming version is the addition of some major new 'sync points,' which are applications and web services Plaxo can synchronize with, impressively spanning the entire digital globe of OSes and web brands. In our screenshot above you see five points: Plaxo (of course), Google (yep: Gmail and, soon to come, Calendar), Windows Mail in Vista, Mac OS X's Address Book and iCal and even Yahoo!'s Address Book and (soon to come) calendar. Another major new sync point (requiring a paid Plaxo account) is LInkedIn, allowing users access the increasingly popular social network based on who has worked with who. Never before have we seen so much synchronizing power built in such a smart and streamlined tool. Amazingly, a lot of this new functionality will still apparently be provided for free, with a few select sync points and the rest of Plaxo's services (such as e-cards, Address Book recovery, storing more than 1000 contacts and 24-7 support) being made available to paid accounts.
Other new features in the Plaxo 3.0 beta reveal a new 'dashboard for your life' aspect to the service, which is also pulled off pretty well. Some of the online tools allow you to view basic things like the week's weather, while others allow you to easily watch RSS feeds for Flickr photos, friends' Amazon wishlists and blogs.
That's about all we should talk about for now, however, but stay tuned for a full review and screenshot gallery as soon as we can schmooze the Plaxo guys into greenlighting them. In the meantime, if you're already a current Plaxo user or we have just piqued your interest, we recommend cleaning up your address book and finally getting into the habit of actually jotting down your week's appointments and todos in Outlook, iCal, Google Calendar or any of the other services Plaxo will help you synchronize. This way, if you do it once, the new Plaxo should ensure you might never have to again.Permalink | Email this | Comments
Yahoo reorganizes sales
InfoWorld: Top News by Steven_Schwankert@idg.com (Steven Schwankert) - Jun 25, '07 7:31am(InfoWorld) - One week after Yahoo Inc. named co-founder Jerry Yang as CEO, the company promoted David Karnstedt to head of North American sales, continuing a company restructuring that began in December 2006.
Yahoo also announced plans to merge its search and display advertising units. In December, the company reorganized into three divisions: the Audience Group, the Advertiser & Publisher Group, and the Technology Group, the heads of which all report to the CEO.
With Karnstedt's appointment as head of North American sales, U.S. Chief Sales Officer Wenda Millard will leave the company immediately, Yahoo said.
Keeping up with Yahoo's executive arrivals and departures since the December shakeup requires a scorecard.
Upon announcement of the three new corporate divisions in December, the company announced Chief Operations Officer Dan Rosenzweig would move on, departing in March.
Also in December, former Chief Financial Officer Susan Decker became head of the Advertiser & Publisher Group, before being named president of Yahoo last week. Decker will continue to oversee that group, and will also have the Audience Group in her portfolio. The Technology Group was headed by Chief Technology Officer Farzad Nazem until he left the company June 8.
Yahoo's other co-founder, David Filo, will lead the Technology Group until Nazem's replacement is named.
Former CEO Terry Semel stepped down last week to make way for Yang, but will remain with Yahoo as non-executive chairman.
Google Reader Suffers Down Time
TechCrunch by Duncan Riley - Jun 25, '07 5:43amSpanish police arrest moby virus writer
The Register - Jun 25, '07 9:18amNo one expects the moby-virus police
Spanish police arrested a 28-year old man on Saturday they suspect of involvement with a mobile phone virus.…