Microsoft may not be the only software company that uses secret techniques to make its own applications work better with its operating system -- a Mozilla Firefox developer has discovered similar practices at Apple.
While looking for ways of speeding up the performance of the upcoming Firefox 3 browser, developer Vladimir Vukicevic said this week that he came across dozens of secret tweaks built into WebKit -- the software at the core of Apple's own Safari browser.
Separately, security researchers said this week they have found a way of locally bypassing the security of Mac OS X's Keychain password system.
Vukicevic was able to use a publicly documented technique to get the efficiency gain he wanted, but noticed that WebKit has its own, undocumented way of getting around the problem.
"Apparently, there is a way to do this programmatically, along with some other interesting things like enabling window update display throttling -- but only if you're Apple," he wrote in a blog post. "All these WebKit methods are undocumented, and they appear in binary blobs shipped along with the WebKit source."
He said there are more than 100 such undocumented techniques in the WebKit library. "Would any other apps like to take advantage of some of that functionality? I'm pretty sure the answer there is yes, but they can't," he wrote.
Safari is based on open source software, but the concealments are a demonstration that Apple isn't fully committed to open source, Vukicevic argued.
"Despite my frustrations with Linux, this type of hiding isn't really possible in a real open source environment," he wrote. "I don't think this is malicious, it's just an unfortunate cutting of corners that is way too easy for a company that's not fully open to do."
David Hyatt, a WebKit developer, responded that the undocumented parts of Safari are kept hidden for a reason.
"Many of the private methods that WebKit uses are private for a reason. Either they expose internal structures that can't be depended on, or they are part of something inside a framework that may not be fully formed," he wrote on Vukicevic's blog. "As you yourself blogged, there was a totally acceptable public way of doing what you needed to do."
Separately, Apple confirmed a security bug that could allow local users to get access to a Mac OS X user's passwords.
The problem was discovered by programmer Jacob Appelbaum, one of the researchers who last week published methods for cracking hard disk encryption systems.
The password problem, which is specific to Mac OS X, is down to a programming error that stores the user account password in the computer's physical memory even after it's no longer needed.
Techworld is an InfoWorld affiliate.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Platforms Resource Alerts
8 Recommendations
