I don’t like to browse the web with JavaScript and Flash and so-on automatically enabled unless I think I need it. A large percentage of ‘web annoyances’ can be avoided simply by turning off JavaScript and plugins unless you really need them. There’s also a security argument to doing this too.

In Firefox, I use NoScript to do this and it works really well. I’ve been using Safari more and more frequently in recent times, however, and I am not aware of a similar solution for the Mac’s default browser.

So I have devised a couple of AppleScripts, which were heavily inspired by and partially derived from the example on this Mac OS X Hints page. They allow me to toggle on and off JavaScript and plugins, respectively (I never have big Java switched on at any time!)

Please note that this is for Safari for Mac OS X only and is designed specifically for the new Snow Leopard Services functionality.

I have created them as Automator Services. The benefit of making them Services is that you can then assign a keyboard shortcut directly to the script and be able to simply press that keyboard shortcut to quickly invoke the script and do the toggle. It’s a lot quicker than hunting through a script menu or launching an application and doesn’t require any third-party software.

If you’d like to use these Services, download them below. Once unpacked, drop the files in ~/Library/Services, go to System Preferences > Keyboard > Keyboard Shortcuts, select Services from the list and assign your desired shortcut to the two scripts.

These scripts use Growl to notify you of the toggled state after the script has run. You’ll need Growl installed to make full use of it.

Download the Toggle JavaScript and Plugins scripts (zip archive, 270 KB)

I’m not a fan of the new ‘Ribbon’ interface that debuted in Office 2007. I have been playing around with the new beta of Office 2010, where the Ribbon is now the standard user interface across the suite.

In this short screencast rant, I explain why I just don’t like this new user interface and how I don’t think it actually solves the issue it was designed to solve.

Apologies for the poor resolution and audio quality of this screencast; in future screencasts done using this method I’ll be sure to optimise things better.

Comments here or over on YouTube are welcome. I realise many people are happy with, or even passionate about the new Ribbon for good reasons too. I just can’t see how it does any good, yet requires extensive retraining of users!

I was invited back on Matt Hillyer’s Stealth Mac Podcast on Sunday for another roundtable episode, focusing on an Apple gift guide for 2009.

Joining me and Matt were Hugo Poon and Stu Helm. It ended up being quite a marathon podcast (over two hours of recording time) and we did stray into some other topics too, but I had great fun recording it.

Because of the fairly extensive length of the podcast, it has been split up into two parts that you can listen to. Feel free to take a look at Part 1 and Part 2.

You can also subscribe to the podcast in iTunes.

The first worm to infect the Apple iPhone has been discovered spreading ‘in the wild’ in Australia.
The self-propagating program changes the phone’s wallpaper to a picture of 80s singer Rick Astley with the message ‘ikee is never going to give you up’.
The worm, known as ikee, only affects ‘jail-broken’ phones, where a user has removed Apple’s protection mechanisms to allow the phone to run any software.

The news of this worm is likely to attract the attention of some anti-Apple and anti-iPhone crowds and used as an argument as to why the iPhone isn’t secure, and Apple people should no longer feel safe and so on and so on.

To those who would seek to lose a sense of perspective on this story:

This worm works only on jailbroken iPhones (an unsupported procedure), where the user did not change the default root password and left the remote login SSH service running.

This attack says nothing about the security of the iPhone software — it exploits little more than very poor configuration on the user’s part. If you choose to jailbreak your device, you have a responsibility to understand the implications that has. Which means, change the damn root password to something other than ‘alpine’. While you’re at it, also change the password for the user mobile too.

Despite having defended the iPhone thus far, I’m not in the business of assuming Apple get every aspect of security right all the time and I’m not in the business of declaring the Mac or the iPhone to be ιsecure’, or more secure than anything else. As hope I made clear in my previous post, a simplistic black-and-white approach to looking at computer security doesn’t make any sense or do anyone any favours.

I’m not complacent about security because I use a Mac*. I am confident because I feel I have grasped a good understanding of the risks and of trust.

* or Linux, or anything that I perceive as being more secure.

Secure. by Wysz on Flickr

I can’t stand the attitude of “there’s nothing important on my computer, so I don’t care about whether it is secure or not”. The simple fact of the matter is that any infected computer connected to the internet is probably at the mercy of a malicious third party. Even if you don’t care about the impact of your computer being infected, your lazy attitude is affecting innocent other people’s computers, potentially in the form of sending mass spam and attacking unwitting websites.

Computer security is hard and very complex.

How we explain computer security and insecurity to average computer users, non-geeks if you will, is really important. And I really think that we are taking the wrong approach at the moment.

We teach computer users that in order to keep their computer secure and clean, they must have:

• An anti-virus program
• A firewall
• Up-to-date software
• … and other practical, simple steps

While these are all very important steps to encourage (especially keeping software up-to-date, in my mind), I think that we are making this advice a bit too practical. We’re ignoring complexity and only ever offering the most basic practical steps.

In my mind, a lot of computer security comes down to a model of trust. For example, I feel confident that a conversation with my internet bank is secure because:

• I trust the integrity of the SSL connection for the purposes of keeping my information private and untampered with as it goes across the internet
• I trust my local machine to be ‘clean’
• I trust the remote machine at the bank is genuine and set up properly

All three of those things must be in place for me to have that ‘safe’ feeling. A safe SSL connection to your bank is meaningless if there’s nasty software on your local machine sending your keystrokes to a third party.

I’d like to see this model of trust be encouraged amongst all computer users. It maybe does take a little bit more time and effort to understand the basic principles of what is going on, but looking at security this way round, rather than from an entirely practical viewpoint, allows people to make informed security decisions, rather than blindly trusting some ‘security’ software to do everything.

Social engineering is a very easy way to get some nasty inside someone’s computer. It’s disappointing, but oftentimes you can trick the human into deliberately giving permission to something more easily than you can find a hole in software to do the same thing. Instead of relying on ‘last resort’ antivirus programs to catch known malicious programs running at the last minute, we should encourage people to ask questions:

• Why am I being asked to run this software?
• Where did it come from? Do I trust the group of people that wrote this program?
• Is there anything suspicious or unusual about this? Is it really coming from who it says it is?

Obviously, you need to combine this with practical advice and some knowledge to enable people to spot things that are ‘out of place’. But I think if we did, people would be in a much better position to make sensible informed decisions and to understand better what is actually going on.

This rant only really covers one aspect of computer security. As I said at the start, computer security is really complex and really hard to get right. So this approach isn’t necessarily the answer and it isn’t going to be applicable everywhere. There are going to be groups of people for whom this will be too complex, and groups of people that ‘won’t care’. But I’d like to see it done more often.

Photo is Secure. by Wysz from Flickr. Licensed under Creative Commons BY-NC.