Jaharmi’s Irreality renewable hyperlinks with 0% transfat since 1999

It’s certainly an understatement to say that there’s been a lot of talk about the Adobe Flash Player on Apple platforms in the last year. On Mac OS X, Apple bundles the Flash Player and tends to distribute some — but not all — updates to it.

I wanted compare the bundled Flash Player version against the latest version from Adobe, which is currently v10.1.82.76. So, let’s look at what comes with Snow Leopard from the perspective of a codesigned executable.

A quick look at the bundled plugin shows that it is codesigned. This means that it has a known signature. If the executable is modified, the signature will no longer be valid. The signature is tied to the identity of a signing authority, which is generally the source of the software.

It may be helpful to think of codesigning as a tamper-resistant seal from the manufacturer. It’s not going to protect you from lots of different kinds of vulnerabilities, but if its cryptographic signature is intact and valid, you have a good idea that the software hasn’t been modified by a third party.

Mac OS X Leopard and Snow Leopard have shipped with applications signed by Apple. The Flash Player plugin comes from Adobe. So, who signs the bundled Flash Player?

You’d be forgiven for not having your eye drawn to the answer immediately, but it’s right there on the “Authority” lines. Just as with the rest of Mac OS X, Apple signed the Flash Player plugin they bundled with the OS.

Now, let’s upgrade the plugin to the latest version available from Adobe and see what happens to the signature. Courtesy of Preston’s WatchedInstall tool, we can see that the plugin’s CodeResources file is removed during this upgrade. Interestingly, the “Adobe Flash Player Install Manager” application installed with the update is codesigned.

The newer Flash Player version, however, seems to consist of two new plugins contained within the overall structure of a parent plugin. Neither the parent nor the new applications within the same bundle install a new code signature. This results in three unsigned executables:

Therefore, you trade the known security vulnerabilities of the older version of Flash Player bundled with the operating system with a different kind of security problem with the new version. It would be silly to not make that trade if you are browsing the Web at all on a Snow Leopard-based computer.

However, it’s also difficult to understand why a large corporation with the resources of Adobe cannot codesign a piece of software as critical to the Mac OS X browsing experience as the Adobe Flash plugin is — especially when its “Install Manager” application is signed.

It’s also puzzling why Apple continues to trail well behind the latest releases of Flash Player. Add to that mystery the question of why Apple never updates the absolutely antique bundled version of the Shockwave Player plugin.

I’ll admit to being a bit ticked that Thomas Vanek of the Buffalo Sabres was not on this list of the Top 25 most significant players of the NHL’s first half for the 2008-2009 season.

He was third in the league for goals scored. He was tied for first in power play goals. He went to the All-Star Game. The Sabres — should the season end today — would be a playoff team. That is a mark they missed last year, when Vanek was not playing as well as he is this year.

Of course, looking over stats for this, I discovered that Derek Roy had had six game winning goals — which tied him for sixth in the league. Not too shabby.

The New York Times’ Executive Suite Blog says that The Worst Is Yet To Come: Anonymous Banker Weighs In On The Coming Credit Card Debacle.

I’ve been pondering this very topic for a while, and wonder what’s in store for all of us in the spring.

[Via Daring Fireball.]

Contrast this story at Daring Fireball, refering to this “Can You Count on Voting Machines?” story at the New York Times, with this article from our local paper regarding New York State’s tardiness in complying with the Help America Vote Act. Choice lines in the first two graphs:

“State officials took another step in New York’s slowest-in-the-nation process of implementing an election-modernization law by filing a court-ordered timetable for having accessible voting equipment by September of this year and replacements for lever voting machines by fall 2009.

Board of Elections officials, who were excoriated by U.S. District Court Judge Gary Sharpe last month for running afoul of the Help America Vote Act, said the plan calls for the board to decide Jan. 23 which machines counties can choose for the disabled.” [My emphasis, especially on “excoriated.”]

I’m all for accessible voting machines, if indeed our level-based ones and whatever alternatives are offered are not sufficient. But I’m a computer person, and as in the Daring Fireball commentary, I’m generally against implementing these new electronic voting systems just for the sake of having something new. There seem to be major problems with the systems that have been in the news, and I have a hard time wanting to lay our democracy on them at this time. Therefore, I have to wonder if New York State’s delay isn’t actually for the better.

(I wish I had a link handy at this very moment for the simple paper-based system I came across a few months ago, which sounded like a great solution that allowed anonymity, automated counting, and a verifiable vote.)

ABC News is but one news outlet saying that a Faster iPhone on Its Way, after AT&T Chief Executive Officer Randall Stephenson “spilled” this news last week. (Nevermind that, as others have said, Apple’s own CEO has said much the same thing already.)

What really annoys me is that every time I’ve looked into AT&T’s 3G coverage, the glaring lack of it has become apparent. Sure, you have to delve down into a lower level than their national coverage map, but you can look for yourself.

In New York State, only the New York City metro area had coverage when I’ve looked. (See The iPhone objections and At least 2G is better than nothing, and you can blame AT&T.) Forget upstate and its several MSAs in the top 100 in the nation by population.

So why, exactly, would a 3G iPhone be of broad interest in the U.S. if AT&T is the exclusive carrier? What good is a 3G iPhone if I can’t use 3G where I am? Is there something AT&T isn’t showing us? Right now, it seems like they are the bigger part of the problem, yet every story I see seems to focus on how this is Apple’s fault. I’m not trying to be a fanboy, but let’s at least get some balanced media coverage on this.

[Via MacInTouch.]

The class demonstrated in the wake of the hit on Buffalo’s Chris Drury continues. For example, take this clip from the Ottawa Sun’s Rematch brawl the rage:

Murray said he is concerned the usual “code,” which allows the most talented players on the ice certain relief from abuse at the hands of the tough guys, has been shattered.

“What’s happened now is the respect for the skilled players is not there between us,” said Murray. “Beyond that, we'll dress a lineup and try to get the two points.”

Er … yeah. This is the same code that lets Chris Neil make a late hit the Sabres’ co-captain and leading scorer, Drury, in Thursday night’s game. The same code apparently condones the twenty stitches and concussion suffered by a player who apparently isn’t talented enough to be afforded “certain relief” in Murray’s estimation. The code only applies when the Sabres retaliated against his team’s skilled players when no penalty was called. The same code is brought up by Murray, after earlier blaming the seriousness of the injury on how loose Drury’s helmet was, claiming that the veteran wasn’t wearing it correctly (yes, he really did, I watched Murray say so in the postgame on Thursday). Since the league takes the ridiculous stance that Neil’s hit was a clean one, the NHL is now complicit.

It should be noted that what Neil did would most likely have been a penalty if Drury had been hit into the boards. The only difference I can see is that the hit came in open ice. Why that was not a penalty at the time is beyond me, and why the NHL denies it was dirty is also unfathomable.

It is for this and many reasons that the Sabres’s owner, B. Thomas Golisano, wrote a public letter on the matter to the commissioner of the NHL (PDF). Bravo.

More quotes as I find them. Especially if I can find some that were mentioned during the tonight’s rematch as supposedly uttered by Chris Neil.

The Sabres came up with two great wins this weekend.

On Friday, they beat the Florida Panthers in overtime. Thomas Vanek made some big plays in the crease, even though he wasn’t able to score on a penalty shot. He came up with two goals for the game, including the sudden death winner.

On Saturday, the Sabres also took Philadelphia into overtime. Martin Biron, still in net while Ryan Miller is injured, stoned the Flyers’ during a three-on-none breakaway late in the third. While Biron didn’t look terribly sharp in this game to me, this save made up for a lot.

It energized the Sabres enough for Daniel Briere to score on a one-timer at the other end with about two minutes left. Briere then notched the win during a man advantage (too many men on the ice!) in overtime.

The Flyers had 27 giveaways, which certainly didn’t help their cause. Overall, though, they look like a much better team than I saw in the playoffs last year. The lineup looked much different, and included Geoff Sanderson, the former Sabre.

On the postgame coverage Saturday, announcer Jim Lorentz noted that the Sabres were “only the second team in NHL history to win three consecutive overtime games.” The crew also noted that Buffalo is 9-0 on the road to start the season. This is getting more amazing to watch with each game.