Ryan Pickren:
This vulnerability allowed malicious websites to masquerade as trusted websites when viewed on Desktop Safari (like on Mac computers) or Mobile Safari (like on iPhones or iPads).
Hackers could then use their fraudulent identity to invade users’ privacy. This worked because Apple lets users permanently save their security settings on a per-website basis.
If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom […]
[…] Apple considered this exploit to fall into the “Network Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data” category and awarded me $75,000.
From ‘About Safari & Privacy’ in iOSes Safari Settings:
When Fraudulent Website Warning is enabled, Safari will display a warning if the website you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as usernames, passwords and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution or email service provider. Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.
Mozilla released Firefox 67 a few days ago and they introduced support Dark Mode, as Safari did a while ago too. This prompted me to finally tackle implementing this feature here, on Infinite Diaries, hacking through my CSS. I should have spent the time to rewrite it from scratch, using CSS variables, but that will have to be done another day.
P.S. You might have to clear your browser’s cache to get it to work.
Tom Warren:, writing for The Verge:
Something had to give. Microsoft had to change its Edge browser in a big way. That meeting with Nadella ultimately led to Microsoft’s huge decision to jettison the browser it built in house and start from scratch using Chromium as a new foundation. The stakes for success couldn’t be much higher: the future of Windows and the web itself could hinge on this project.
This is the story of how Microsoft made that monumental decision and what could happen next.
I’m not personally interested in Edge or particularly happy that Microsoft joined the Blink/Chromium camp. I would have definitely been more please had they based Edge on WebKit or Gecko…
And speaking of WebKit…
I’m deeply disappointed in Apple for discontinuing Safari for Windows and not expanding to Linux and other operating systems. I don’t trust Google or Microsoft’s priorities (Google’s especially), and Chrome needs to lose some market share for our benefit. History has shown that a monopoly in the browser department doesn’t end well. Apple had the unique ability to challenge Google on competing desktop OSes and they forfeited that fight. Yes, Safari is holding its own on mobile. For now. That could change, when something new comes along, replacing our iOS and Android devices. At this point, all I can do is also root for Mozilla and Firefox.
From Apple’s iOS 12.2 release notes:
Smart Search Field queries can now be modified by tapping the arrow icon next to search suggestions.
I missed this when reading the release notes on the day iOS 12.2 was released but I found it today by accident. I have been probably waiting for this feature for at least 5 years, if not longer. All I can now say is…
Finally!
From the comments section:
From the description of the declarativeNetRequest API, I understand that its purpose is to merely enforce Adblock Plus (“ABP”)-compatible filtering capabilities. It shares the same basic filtering syntax: double-pipe to anchor to hostname, single pipe to anchor to start or end of URL, caret as a special placeholder, and so on. The described matching algorithm is exactly that of a ABP-like filtering engine. If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin (“uBO”) and uMatrix, can no longer exist.
Please don’t use Chrome (or Chromium unfortunately). Just switch to Safari or Firefox (I use it as my second browser and it’s fine). And while you’re at it, switch out your search engine to DuckDuckGo — it works surprisingly well, even in Poland when searching for Polish content.
via @khron
John Gruber, on Daring Fireball, detailing how he got to change Safari’s behaviour to open new tabs next to the active tab:
If I have, say, 10 tabs open in a window and I’m currently using, say, tab 2, when I type ⌘T to open a new tab it feels like the rightmost end of the row of tabs is “way over there”, but what I want is the new tab to open “right next to where I am” — like what happens when I ⌘-click a link.
A few months ago I asked on Twitter if there was a secret preference in Safari that would change this to what I want — which is for new tabs to always open right next to the current tab. There is no such preference. I set about trying trying to figure out if this could be done using AppleScript, but I couldn’t figure it out.
Jeff Johnson figured it out, though, and was kind enough to share the solution and explain the rather ungainly syntax required.
John used FastScripts for this but I decided to try my luck with Keyboard Maestro…
Zac Bowden:
Microsoft’s Edge web browser has seen little success since its debut on Windows 10 back in 2015. Built from the ground up with a new rendering engine known as EdgeHTML, Microsoft Edge was designed to be fast, lightweight, and secure, but launched with a plethora of issues which resulted in users rejecting it early on. Edge has since struggled to gain any traction, thanks to its continued instability and lack of mindshare, from users and web developers. Because of this, I’m told that Microsoft is throwing in the towel with EdgeHTML and is instead building a new web browser powered by Chromium, a rendering engine first popularized by Google’s Chrome browser. Codenamed Anaheim, this new web browser for Windows 10 will replace Edge as the default browser on the platform. It’s unknown at this time if Anaheim will use the Edge brand or a new brand, or if the user interface between Edge and Anaheim is different. One thing is for sure, however; EdgeHTML in Windows 10’s default browser is dead.
Having used many different browsers over the years, Safari has always appealed to me most for a number of different reasons. Since it was discontinued on Windows a few years ago, I have defaulted to Firefox on my only PC (I still naturally use Safari on my Mac), especially since Mozilla appears to be pushing privacy hard, but I really wish Safari was still around. I tried and tested Edge a few times, but it never appealed to me much. Chromium would be my second choice and I’m curious what Microsoft will do with it.
iCloud Tabs is a wonderfully useful feature in Safari for iOS and MacOS. It allows us to view what tabs we have open all our other devices and close them if necessary (swipe left). Unfortunately, after I restored my iPhone X iTunes backup to the iPhone XS, the new phone would not show up in iCloud Tabs. The fix is really simple…
You can enable showing website icons in tabs in Safari’s Tabs preferences.
In case you really want icons in tabs but aren’t running Mohave.
Alex Hern, writing for The Guardian:
Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced […]
In response, Apple noted that: “Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the internet.”
This is great news (!) and means that Apple is on point with the implementation details of their new feature. The practices of the ad industry are horrific and should have been addressed years ago. I strongly believe their shady practices have basically killed their own business — people basically hate most web ads — which is in stark contrast to podcast ads.
Filip Pizlo, for WebKit.org:
This document explains how Spectre and Meltdown affect existing WebKit security mechanisms and what short-term and long-term fixes WebKit is deploying to provide protection against this new class of attacks.
I feel so guilty for wasting Don Melton’s time today. It all started with his post regarding the switch to Nanoc from WordPress. I admit I have been thinking about switching to a static site generator for years now, but I never could justify spending the time to do so. Anyway, I was teasing Don about his CSS in IE problems…
Mobile Safari seems to have an issue with my CSS. Quite frankly, it’s probably an issue with my CSS, not Safari, but I’m too stupid to find the solution.
Hello Don. It’s simply amazing to be halfway around the world and have a conversation with the guy who created Safari transcodes stuff.
I just added this paragraph, with a grey background, and a link, just to make it easier to test.
The paragraph above should have the same font size as the others. It doesn’t on iPhone’s Mobile Safari. Fine on iPad and in desktop Safari, in the responsive design tool.
Dean Jackson:
The past few years have seen a dramatic improvement in display technology. First it was the upgrade to higher-resolution screens, starting with mobile devices and then desktops and laptops. Web developers had to understand high-DPI and know how to implement page designs that used this extra resolution. The next revolutionary improvement in displays is happening now: better color reproduction. Here I’ll explain what that means, and how you, the Web developer, can detect such displays and provide a better experience for your users.
This will seem a hassle until multiple profiles can be included in one image. I can see only photographers caring for this in the meantime. But it’s great that this is finally coming to the web.
Safari Technology Preview dropped today and while the big news is that you can use it with your iCloud account because it’s signed by Apple, there are a few basic settings you should remember about — you are setting this up as a new browser after all.
Ricky Mondello:
Starting today, there’s a new, convenient way to see what features and improvements are coming to Safari and other applications that use WebKit. Safari Technology Preview is a version of Safari for OS X, distributed by Apple, that includes a cutting-edge, in-development version of the WebKit browser engine. It’s a great way to test upcoming WebKit features and give feedback to the people building them when it’s most useful — early in development.
Safari Technology Preview is a standalone application that can be used side-by-side with Safari or other web browsers, making it easy to compare behaviors between them. Besides having the latest web features and bug fixes from WebKit, Safari Technology Preview includes the latest improvements to Web Inspector, which you can use to develop and debug your websites. Updates for Safari Technology Preview will be available every two weeks through the Updates pane of the Mac App Store.
Chris Thoburn:
Chrome has taught us to idealize features for so long that we’ve become blind to its many glaring faults (…)
I’ve learned the hard way that Chrome is the new IE. I’ve learned that you have to architect an application well from the beginning for it to work well on all platforms. I’ve learned you can ship large ambitious JS apps to mobile, but it takes dedication and experience, and every trick you know to do it well for Android. I’ve learned that Apple loves the web, probably more than Google, and has invested heavily in ensuring we have a high quality platform upon which to build apps. But most of all, I’ve learned that we’re wasting a ton of effort right now trying to fix Chrome from the outside. We’re dancing around the issue; pretending that universal rendering, service workers, app-shell architecture, and keeping more of our applications on servers (where they don’t belong) is more than just a workaround for how bad Chrome is. Yes, these ideas have uses, merits, and probably are the future; however, our need and love of them right now is because our performance expectations have been badly distorted by the situation Chrome has left us in.
Opening links in the background is something which I do all the time on a Mac, using either the contextual menu under a two-finger tap or simply holding down the ⌘ key while clicking on a link. This means I am free to continue reading or doing whatever it is that I am doing and going back to that link later. This option is also available under iOS in Mobile Safari, but it needs to be turned on first.
Benjamin Mayo:
Watch out for a new prank circling Twitter and other social media today. Visiting CrashSafari.com on an iPhone, iPad or Mac will cause Safari app to crash … and potentially cause your device to restart. The bug is otherwise harmless, but be warned it will likely cause you to lose your open tabs.
Craig Hockenberry:
The recent release of Safari 9.0 brought a great new feature: pinned tabs. These tabs are locked to the lefthand side of your tab bar and stay in place, even when you open a new window or relaunch the browser.
The default behavior is to display the first letter of the site’s name on a color from the site’s theme. If you work on a site with a strong branding element, you’ll want to customize the icon on the pinned tab. Anthony Piraino and I have been working on one for the Iconfactory and would like to share some of the things we learned.
Personally, I went with John Siracusa’s approach and it worked fine. I had to use Affinity Designer though, Illustrator did not output a compatible file for some reason. I really should get around to making one for this site…
Myles Maxfield:
Web content is sometimes designed to fit in with the overall aesthetic of the underlying platform which it is being rendered on. One of the ways to achieve this is by using the platform’s system font, which is possible on iOS and OS X by using the “-apple-system” CSS value for the “font-family” CSS property. On iOS 9 and OS X 10.11, doing this allows you to use Apple’s new system font, San Francisco. Using “-apple-system” also correctly interacts with the font-weight CSS property to choose the correct font on Apple’s latest operating systems.
Tempted to try it on here…