Comments on: Security Update 2008-002 Compatibility Fix

By: Paul Kafasis

Paul Kafasis — Fri, 20 Jun 2008 19:38:26 +0000

Stuart, we’re certainly sorry you experienced a problem. Hopefully, you’re all set now.

As for emailing, this really never even crossed our minds. For most customers, this information would be either redundant, not useful in the first place, or just ignored. It would be a huge waste of time for nearly everyone. Does Apple email you when an issue is discovered? I’ve certainly never received such an email. Email’s just not a vector that’s generally used to inform users of bug fixes, by anyone.

We issue updates as quickly as possible, and we post info here for all to read. We also do our best to make it as easy as possible to update our software, which can be done right in the app. Just as with Mac OS X, it’s best to always be running the very latest versions, of everything.

By: Stuart

Stuart — Wed, 18 Jun 2008 12:58:27 +0000

I spent AGES trying to fix the print problem on my Mac, messing up my configuration and doing things that I was very uncomfortable with as I urgently needed to be able to print (none of them worked).

Why did you not email your customers to let them know of this issue when it came to light?

Are you planning to email them?

Will you email them in future if such an issue arises again?

By: Jeff

Jeff — Thu, 03 Apr 2008 15:19:20 +0000

Printing was fixed with the Hijack update however I am also having trouble with Panic’s Transmit. I installed the new update and now the Transmit problem is different– getting a connection timed out, server hung up error. Does anyone know anything about this?

By: J Greely

J Greely — Mon, 24 Mar 2008 04:39:38 +0000

Geoff, I’m sure you don’t think you’re dodging the issue, but reading the contents of the .ssh directory is useless without also intercepting my passphrases, which you’d need a keylogger for (or a malicious program that uses the same hook Instant Hijack does…). Yes, some people’s passphrases can be brute-forced, but that’s an unrelated problem.

You’re right in one respect, though: if I discovered that an application was poking around in .ssh, it would also go onto the banned list, and I’d force everyone who ran it to create new keys after it was scrubbed from their machines.

-j

By: Geoff Greer

Geoff Greer — Mon, 24 Mar 2008 03:03:36 +0000

J Greely: Any program that runs as your user can read ~/.ssh/id_* and send it to whoever. Stealing your private keys doesn’t require process inspection.

By: Mike Ash

Mike Ash — Fri, 21 Mar 2008 02:52:27 +0000

Under the application menu, select Install Extras. Then select the Instant Hijack tab, and if it is already installed, the button at the bottom right will allow you to uninstall it.

By: Simon Townley

Simon Townley — Thu, 20 Mar 2008 07:52:50 +0000

How does one uninstall Instant Hijack? Sorry, but I think I want it off my system.

By: Paul Kafasis

Paul Kafasis — Wed, 19 Mar 2008 21:28:19 +0000

Nike: You can install from Audio Hijack Pro, yes. Instant Hijack is indeed shared across all the apps. As for Airfoil 2, we've posted v2.1.1 with the fix on our Legacy page.

By: Nike Vatsal

Nike Vatsal — Wed, 19 Mar 2008 20:44:02 +0000

Hi,

Is the updated version of Instant Hijack available for users of Airfoil 2.1? I have not upgraded to version 3.

Also, is the instant Hijack component shared with Audio Hijack Pro? I have AHP version 2.81, and was wondering if I could just install the Instant Hijack component from there.

Thanks in advance!

By: Dan

Dan — Wed, 19 Mar 2008 20:27:10 +0000

Thanks for fixing the problem so fast. You guys rock. I use Airfoil 3 everyday. It’s a fantastic app and you just keep making it better. You have won yourselves a customer for life.