DrunkenBlog

 Posted by: Mike at March 28, 2006 04:16 PM

Saved by Firefox!

 Posted by: Jason Terhorst at March 28, 2006 04:21 PM

It was part stupidity and part curiousity in the way that, after opening this page in Firefox, I dragged the image onto my Finder desktop. Dumb. Don't do it. I was laughing hysterically for about 5 minutes, until I realized, "oh, crap"... it wouldn't stop relaunching, and I didn't have any easy way to get rid of the thing... I had to restart and grab it elsewhere and delete it before it loaded again.

 Posted by: adrien at March 28, 2006 04:26 PM

I also suggest that one not drag this image to the desktop (like I did) especially if one has icon previews turned on (like I do) because it makes the Finder unhappy. (or if you do, have a copy of Terminal open, and remember 'rm Desktop/jag_towcar.jpg' because otherwise the finder will crash cyclicly.

 Posted by: Pascale Soleil at March 28, 2006 04:26 PM

For what it's worth, Safari (2.0.3) didn't CRASH for me... but I did get the SPoD. After a few minutes waiting to see if there would be more dire consequences, I did an uneventful Force Quit.

Running 10.4.5. on PPC.

 Posted by: adrien at March 28, 2006 04:27 PM

Jason and I have the same IQ.

 Posted by: Andy at March 28, 2006 04:27 PM

For those of you trying to read this in Safari, click the 'Report..' button then the 'Send this to Apple...' button.

:-)

- Andy

 Posted by: vastheman at March 28, 2006 04:34 PM

What le hell? Safari shows this page fine for me! Safari 1.3.2 on Mac OS X 10.3.9 with Quicktime 7.0.3 working great here.

 Posted by: Nathaniel at March 28, 2006 04:42 PM

Count me among the other masochists who immediately dragged it to a finder window (not my desktop though -- even I could see what a bad idea it would be! :P)

 Posted by: patr1ck at March 28, 2006 04:43 PM

Camino FTW

 Posted by: Martin Pilkington at March 28, 2006 04:49 PM

Pointing out a security flaw is one thing, crashing people's browsers is another. I have all the blogs I read in a bookmark folder in safari so I can just do open as tabs, but until this image get's off the DB homepage I can't actually do that without it crashing, unless I remove DB from that set of bookmarks. I also won't be able to read DB in Safari.

I'm not saying what you did was wrong, I'm just saying you should consider the problems you could cause. The least you could do is move to the image to the "read more" section giving a warning that it will crash for safari users. That way you aren't blocking out the majority of mac users from viewing your site.

 Posted by: Gareth Potter at March 28, 2006 04:52 PM

Whoa, dude! That is cool!

Kinda.

Then I think about the implications.

*sigh*

 Posted by: stern at March 28, 2006 04:53 PM

The March newsletter from Nintendo Europe will crash Mail.app immediately if I try to view it. Contrary to my expectations, saving the mail using another client, stripping out all mail headers and then viewing the HTML in Safari works OK. It almost makes me wish I had the skills and will to isolate exactly what it is that causes the crash, I would then send special mails to annoying people who keep going on about how great and stable Macs are.

 Posted by: Rosyna at March 28, 2006 05:00 PM

By the way, this is not specifically a real security issue. Yes, it is a crash based on input. This makes it "security" related. But that does not mean it is possible to exploit this and have it run arbitrary code.

 Posted by: dave at March 28, 2006 05:08 PM

What do you mean it's similar to the last Safari Image of Doom? This one is a car!

 Posted by: sterling at March 28, 2006 05:16 PM

Thanks, jack ass.

Next time why not just provide a hyperlink to the offending image. Now I get to go back in my history and find the 10 other sites I had open that had items of interest on them.

 Posted by: Miguel Arroz at March 28, 2006 05:18 PM

Sh*t! You could have an external link to the image! I spent some time discovering what was the page that was crashing Safari when I click my "Mac Info" bookmark group on the toolbar! :P Nice bug!

 Posted by: Cale at March 28, 2006 05:21 PM

I totally had about 10 tabs open...

 Posted by: something at March 28, 2006 05:25 PM

Wow. You made some people loose their tabs. You're a real hax0r. I'm sure the all Apple team is working on a fix thanks to you. You saved the world again.

WTF is your point? That there is bugs in OS X? What a news. And you really needed to purposedly do some evil to make your point?

You have too much spare time, I guess. Childish.

 Posted by: chris at March 28, 2006 05:26 PM

I had just enough time to read the "apps based on webkit and webcore" line, think "That's OK, I use Camino" and then have NNW crash in the bad way.

Oops...

 Posted by: Jeff at March 28, 2006 05:44 PM

Here's another vote for Safari 1.3.2 on OS X 10.3.9–no crashing or SBoD here...

Hmmm...I hope they fix it quickly...I'm planning on finally moving to 10.4 soon!

 Posted by: Lee at March 28, 2006 05:44 PM

Embedding instead of linking? Tsk tsk. Good thing you have plenty of hard core followers coz you're permanently losing plenty of Safari readers.

 Posted by: Matt at March 28, 2006 05:45 PM

So, after reading how it crashed the finder after they dragged the image to the desktop, I decided to try something similar.

In Camino, I copied the image to the clipboard, then in the finder, I went to "Edit > Show Clipboard". I exeected the finder to Crash, but imagine my surprise when a little window popped up with the image. No problem at all.

I wonder why? I figure either the data that crashes is stripped out when you copy it to the clipboard, or some older carbon method is used to display the image. Interesting.

 Posted by: at March 28, 2006 05:50 PM

Ow. God damn. Crashes my MacBook Pro. Took me 5 minutes to figure out what bookmark in the folder caused it, too.

Fuck man, most of your target audience can't get to your site now!
-J

 Posted by: Steve Kirks at March 28, 2006 05:53 PM

For future reference, the best way to make a point is not shove that point in someone's eye.

Thanks for nothing.

 Posted by: Zetetic at March 28, 2006 06:15 PM

Not suprisingly it also crashes mdimportserver if you drag it to the desktop (or it does for me). Then, because I'm an idiot, I tried to delete it with QuickSilver. Which also promptly crashed. Back to the terminal I go...

It is a shame when convienent frameworks like this go wonky. But I'm damn happy they exist at all.

 Posted by: todd at March 28, 2006 06:18 PM

Posting that image inline, while slightly evil, definitely raises the public awareness of this bug and how major it really is.

What makes it curious to me is whether there was any exception handling being done on Safari's side into the WebKit call, or whether there's none of it on the WebKit side.

Things like this really shouldn't crash Safari. At the most, it should show the equivalent to the red X image.

 Posted by: Graham at March 28, 2006 06:26 PM

You know, I used to really enjoy your blog. I was thinking to myself today, "Self, I haven't seen a db post in a long time. Why don't we go to the site and see if he's still alive." Then BLAM! Safari with a dozen tabs goes bye-bye. Try it again. Boom!

Yeah, it's a bug, and yeah, it should be fixed. But inlining it so there's no warning -- that merrits a hearty "FUCK YOU" from me.

 Posted by: Glenn at March 28, 2006 06:27 PM

You tricky bastard, I out-smarted you! I'm reading this post on a Windows box.

Having said that, I'm sure I'll forget the above warnings and take a peek next time I'm on my mac.

 Posted by: Waldo at March 28, 2006 06:33 PM

I think DB's whole point is to get Apple's attention with this. And after how long these problems have been festering, I don't blame him... So I will be crashing Safari right after I finnish this post using FF.

thanks DB

 Posted by: todd at March 28, 2006 06:33 PM

Strike my last comment regarding exception handling... my brain was in managed code mode.

 Posted by: Nigel at March 28, 2006 06:37 PM

Count me among the people who don't understand why you reported this the way you did. From your post, it sounds like you considered the effect it would have on a large part of your audience, and decided to post the image inline anyway. Having also read the post about the previous problematic image, I still don't see why you think this was necessary.

Luckily I only crashed NNW which doesn't matter at all. However if I had been unlucky enough to crash Safari with lots of pages open, some of them containing work-in-progress, I'd be mighty pissed at you.

But then, why should you care about being responsible on your blog? Apparently you think this bug is serious enough that Apple should re-focus all their energy on it and get it out the door yesterday. If you think that's the case, fine. At least give some valid reasoning as to why it's OMGsupercritical!!111 Because what you've written so far fails to convince.

 Posted by: Small Paul at March 28, 2006 06:38 PM

*sings* I love Camino, I love Camino... *stops singing as all the Safari users look at him in a decidedly edgy way*

Still, love the guy who said DB must have too much spare time :)

 Posted by: icedtrip at March 28, 2006 06:40 PM

I'm sure glad I read this at work before going home tonight; otherwise I would be spending a lot of time trying to figure out what was crashing Safari.

DB, although I respect the way you are doing this (inline image and all), it is a little evil my friend. You won't lose me as a reader, but you may lose some.

The point here that I see you making is that people need to be aware of this, and Apple needs to address the issue. This is an image that could be used in any blog simply to show off a car. The average consumer wouldn't know that an inline image in one of their RSS feeds was causing the crash, just to find that one day, Safari miraculously fixes itself (no longer in the feed).

Yes, I am not pissed as I am not one of the ones that had several tabs opened, doing research, etc, ect; and yes, I would be pissed if I had been. After the fact I would find it very amusing, but DB, you may want to have some second thoughts on this one. I am not one to say I don't think you should have it up as an inline image, as I see the point and appreciate it, but I can also see the other side. It would be a debate for me, but seeing that you disappeared for weeks just to come back pissing people off, you may want to be careful.

 Posted by: Nigel at March 28, 2006 06:41 PM

I want to add: software has bugs, no one is surprised at that. It sounds like what you're getting at is you think Apple's internal development & QA processes let through many more bugs than they should. You've definitely hinted at this before. I'm willing to believe that, but if it's the case then do a piece exposing these faulty processes. Stuff like this isn't good for anything.

 Posted by: Mac at March 28, 2006 06:58 PM

Well- as soon as I get $30 I'm buying another one of your $30.00 Tee shirts.

 Posted by: Kelt at March 28, 2006 07:36 PM

After confessing love to my copy of Camino, I crashed mail.app, preview and safari a few times. Just to make sure, Apple gets a error report from me. ;)

 Posted by: Edward at March 28, 2006 07:37 PM

The point is that ANY bug that can cause a crash is also highly likely to be exploitable with the right input, its just a matter of someone spending the time to find the exact cause.

Remember how much fuss was made about the recent WMF exploit on Windows? This could very well fall into the same catagory.

True, most apps that read images will not be running as root most of the time, but imagine the result if a potential exploit of this type, set to wipe out home folders, was spammed to half a million harvested .mac email accounts.

 Posted by: Andrew at March 28, 2006 07:45 PM

FWIW, I think its a great idea to link the image inline. The more people that hit this bug the better. Perhaps it will piss off enough people that they will direct their aggression at Apple instead of DB. Don't shoot the messenger, folks! Thankfully, I am reading the post at work where I'm stuck on a 10.3.9 install.

 Posted by: Wes McGee at March 28, 2006 07:47 PM

Welcome Mac Folks to the world of Windows where many security firms, and quite a few hackers will publish such proof of concept code before Microsoft publishes a fix -- they frequently say Microsoft takes too long to fix such flaws.

Now I'm reinstalling Tiger on my iBook, specifically so I can crash Safari! (Crashing the Finder? Hah! I can crash it by looking at it funny!)

 Posted by: James Bailey at March 28, 2006 07:58 PM

Well you just lost me. Maybe I'll come back when you grow up. This was truly childish on your part.

 Posted by: SamR at March 28, 2006 08:00 PM

I wholeheartedly agree with the comment regarding SOAP support. Web Services, and XML serialisation in general, are both well behind the times on OS X in terms of what we expect from modern platforms.

I guess these have been triaged by the developer product team as 'enterprise' features rather than 'consumer' features.

 Posted by: at March 28, 2006 08:15 PM

I feel like an abused child!

First you don't post anything for weeks then you lay this on us!

Are you drinking while you blog?

Not happy

 Posted by: mikeash at March 28, 2006 08:15 PM

It's funny to see how many people are ripping on DB for making this post, and I see not one person making any comment towards Apple. Was this post done in bad taste? Yes, it was. But the crash is not DB's fault. He shouln't have deliberately caused it to unsuspecting people, but in the end this is Apple's problem, and Apple needs to fix it ASAP.

For those of you who don't understand what the big deal is, consider that if you can make it crash, you can probably exploit it further. So think about using your current buggy browser, clicking on a link, and suddenly your computer start performing a spotlight query for all personal data stored on your computer and sending it to an Elbonian hacker, without you even realizing it. Aren't you glad that you first experienced the bug on DB's crasher image, rather than the Elbonian hacker's exploit image?

As for people who lost work in their browser when it crashed, I can only wish that I lived in a world where my browser was so reliable that I could take those kinds of chances with my work. Unfortunately, my browser crashes several times a week even without provocation from imbibing superheroes.

 Posted by: willc2 at March 28, 2006 08:16 PM

I hearby name this a Basilisk Attack™.

I saw your post in Bloglines but not the image, so I went to your site and Safari goes BLAMO!

Luckily I have IE for Mac which is how I'm posting this. teh irony.

I'm glad you did this. A bug this bad is intolerable.

Who KNOWS how many Safari crashes this has been responsible for in the past? Apple simply can not allow this state of affairs to continue.

Eventually some joker is going to distribute this widely and surfing is going to suck for a while. I'll live.

Some may not want to hear it, but you have done the Mac community a service today. Stay Strong.

 Posted by: Mac-arena the Bored Zo at March 28, 2006 08:22 PM

GraphicConverter predates the days of “Gigantor APIs”, and the others are cross-platform products. That's why they have their own implementations.

 Posted by: Ryan at March 28, 2006 08:37 PM

Yeah, managed code is great! Until there's a bug in the runtime...

It's really nice to have one Gigantor runtime that many different things call upon for functionality as opposed to having them all spread out. The other side of the coin is that if there's a flaw, now everything interacting with it carries the same flaw.

Oh, wait. That's what you said above.

 Posted by: JTM - Liverpool at March 28, 2006 08:39 PM

Mac users get a taste of the Windows World where anything you click can be dangerous and turn into whiny little girls.

 Posted by: Joe at March 28, 2006 08:41 PM

Don't shoot the messenger???

I think the complaint about posting this inline is that the people who experience the crash in a whole lot of cases won't ever *get* the message.

 Posted by: Paul M. at March 28, 2006 08:49 PM

Yeah, managed code is great! Until there's a bug in the runtime...

It's really nice to have one Gigantor runtime that many different things call upon for functionality as opposed to having them all spread out. The other side of the coin is that if there's a flaw, now everything interacting with it carries the same flaw.

Oh, wait. That's what you said above.

I believe you are misconstruing DB's words. He can correct me if I am wrong but I do not believe he was saying a "gigantor API" was bad. He was giving a quick explanation of the trade off for them and how all these applications were affected the same.

Hey DB, maybe you could consider moving the image "below the fold" so the home page is accessible to Safari users?

 Posted by: Chris at March 28, 2006 08:56 PM

Gonna have to fire up Safari just so Apple can see it some more. DB, you crack me up, buddy.

-satisfied camino user, of course...

cl

 Posted by: Garrett Murray at March 28, 2006 09:05 PM

It's really jerky to include the crasher in the post like that. Most people would link to it, in case someone might want to read what you've written on the subject without BEING FORCED to switch to another browser.

In fact, one might be even angrier if one clicked this link from a newsreader without realizing you exactly what you said and then lost all the tabs one had open in their browser.

I understand there's a bug and you know how to prove it. That's great. LINK to proof, don't stick it in the entry. There's no reason you should force me to use Firefox to read this entry so that you can show off your ability to crash my browser.

 Posted by: jmaudio at March 28, 2006 09:25 PM

That's ok, I need to restart Safari every once and a while or else it gets slow as hell anyway... thanks for the help!

 Posted by: OmniWeb User at March 28, 2006 09:51 PM

It kills OmniWeb too...

(you might want to add that to the title of the post, especially since OmniWeb's ability to save state can cause it to crash again when you relaunch)

 Posted by: Wes at March 28, 2006 09:52 PM

DB, The responses to this post have been a most amusing. However I suspect that this is because I'm at work reading this on a Linux PC. If I had read the post at home it would probably have taken out Vienna, which wouldn't have been the end of the world but annoying nonetheless. I suspect your motives for posting the image inline have not been fully revealed yet and I look forward to the follow-up. My next challenge is to not accidentally click it when I get home.

 Posted by: Wes McGee at March 28, 2006 09:55 PM

Interesting that it is bad EXIF data... I had thought OS X was getting more tolerant of corrupted EXIF... This image here would refuse to open in Preview from versions 10.3.x and earlier, or in numerous Linux image viewing applications, but would open fine in Windows, and it finally started opening in OS X 10.4's version of Preview.

 Posted by: Aaron at March 28, 2006 10:09 PM

Thanks, jack ass.

They complain when you don't post . . .
then they they complain when you do.

Some people can't be pleased, some people can't spell jackass, and some people are vegans. Whatcha gonna do?

Now I may have to fire up the Mac to watch it crash. Might have to capture it to on video. Otherwise, who'd believe me.

 Posted by: matt at March 28, 2006 10:31 PM

Umm.. Why does Safari crash? It not likey likey cars?

 Posted by: JC at March 28, 2006 10:56 PM

Read whatever you will into the fact that while these things did occur to me, I'm attaching it inline instead of linking to it separately anyways.

OK, I'm game...here's what I'm reading into it...

You've devolved into an even bigger douche than you've been before your "hiatus". First you pissed off jesus and you got pwned--and now you've done it to your core audience. I'm dying to see how this one all turns out! LOL

(btw, I viewed it in OmniWeb, so you didn't take me down! ;)

 Posted by: WTF at March 28, 2006 10:56 PM

"Applications out there which aren't hitting the crashiness have all basically rolled their own support instead of using what Apple provides. You are able to open the image with Photoshop, and Graphic Convertor, and of course things like Camino and Firefox will view this page just fine. If a developer can't trust Apple's included solution to be robust, there's little point in throwing it in aside from bullet points."

WTF? Are you suggesting that the reason a cross-platform browser engine that was developed before OS X rolled its own image library is because they found OS X's image handling too fragile?

And what's your point? Home-rolled solutions are bug free? Gecko doesn't choke on this particular image, but it's had its share of security updates for image exploits. If Apple and Mozilla can't get it exactly right, even with all their man hours and exposure, why would Joe Programmer's home-rolled, poorly tested implementation be better? Because that's what everyone would have if Apple followed your apparent suggestion of not making an API for anything without being totally 100% sure that nothing could possibly go wrong with it ever--i.e., didn't have APIs for anything.

 Posted by: WTF at March 28, 2006 11:00 PM

Oh, and by the way: I'm glad you feel that you have the right and duty to waste other people's time. Screwing your readers is one thing; they have the choice of not coming here. But what about the inevitable bunch of bugs filed against the NNWs and Operas out there, telling them to fix a problem that isn't their fault? It's great that you think their QA time is yours to do with as you see fit. I guess having jackasses virtually ensure that pointless bugs are reported against their software is their punishment for daring to use a system API.

 Posted by: Thanks dude. at March 28, 2006 11:17 PM

Of course, crashed my newsreader (and a few dozen open tabs). Thanks for the warning.

 Posted by: Vienna User at March 28, 2006 11:52 PM

How noble of you, crashing your reader's browsers and causing Apple to be inundated with Problem Reports. You take one for the team- people get pissed at you, you lose readership, but maybe Apple fixes the bug. Seriously, the world doesn't need any more righteousness like his.

 Posted by: Wes McGee at March 29, 2006 12:09 AM

In Camino, I copied the image to the clipboard, then in the finder, I went to "Edit > Show Clipboard". I exeected the finder to Crash, but imagine my surprise when a little window popped up with the image. No problem at all.

I wonder why? I figure either the data that crashes is stripped out when you copy it to the clipboard, or some older carbon method is used to display the image. Interesting.

Given that the problem is with the EXIF field specifying "Camera Type", I suspect that it is simply ignored by Camino and Firefox. Quite frankly, I don't know why Safari even processes the image metadata. With that said, I'm getting the feeling that DB is pissed more at the overall security and code auditing at Apple, if you add this in to comedy of errors from LaunchServices autolaunch vulnerability from earlier this month, the near bald-faced lie Bud Tribble about how great Apple handles security, the update that killed 64-bit from last year, the other issues with LaunchServices, earlier issues concerning image processing.

 Posted by: dhcmrlchtdj at March 29, 2006 01:46 AM

i had like infinity tabs open and saw the rss headline on google. "don't look if you're in safari..." oh, but a headline like that is too tempting. i had to click, knowing full well the probable outcome.

i'd been meaning to install firefox anyway, since that's what i use everywhere else. i wonder, is there a future for safari? it's hard to argue that it's significantly better than firefox in some way. other than browser ecosystem diversity, which is definitely a good thing, what can safari offer?

 Posted by: Jacob at March 29, 2006 01:48 AM

DB, I think this is the best set of comments you've had on a post in the history of your blog. Keep up the good work!

 Posted by: just som guy. at March 29, 2006 01:57 AM

hmm not breaking down in Safari ver: 1.0.3 (v85.8.1)

But really DB. I think it is bad form to put the image in the post rather than linking to it. Not all Safari users are zealots you know.

 Posted by: at March 29, 2006 02:06 AM

Well, we've just witnessed the transition from Drunken Batman to Crack-head Batman.

 Posted by: steve at March 29, 2006 02:22 AM

Managed code is not a solution, as Microsoft have found out with Vista and .Net... There is no "just do this and it'll work" flippant answer that Apple should do.

Managed code _sucks_ unless you just want to write a quickie script that doesn't do anything serious, doesn't need speed, and isn't being any part of an operating system.

These kinds of problems are just the way things are, until there's a massive revolution in computer science (which has been the same since the 1940's).

 Posted by: Chucky at March 29, 2006 02:25 AM

"Well, we've just witnessed the transition from Drunken Batman to Crack-head Batman."

I believe his appropriate new name is either "fuckwad" or "George W Bush".

 Posted by: Chucky at March 29, 2006 02:26 AM

I'd suggest someone go burn down DBM's house to teach him a lesson about not coating all of his possessions with asbestos.

 Posted by: at March 29, 2006 02:37 AM

What is it with the USA?

First Bush Now DB is dropping bombs on people

Give up on the bad oil will ya?

 Posted by: andrew fox at March 29, 2006 02:46 AM

I'm with Martin Pilkington above.. please remove it from the homepage, or your site will (regretfully) be removed from my bookmarks. I always open a large selection of blogs in a bookmark folder as tabs - and it took me ages to figure out that it was the image causing chaos. Ta!

 Posted by: engrish at March 29, 2006 03:36 AM

Thank you Firefox, you're a good, huh, dog.

 Posted by: Jackie at March 29, 2006 04:15 AM

Nice one dickhead. You just lost another reader.

 Posted by: Mac-arena the Bored Zo at March 29, 2006 04:43 AM

Thanks, jack ass.

They complain when you don't post . . .
then they they complain when you do.

The complaints aren't about the fact that he posted, they're about the fact that the new Safari Image of Doom is directly embedded rather than behind a hyperlink. So any attempt to view this page, or the front page as long as this post is on it, will crash Safari (taking zero or more other tabs and windows with it).

 Posted by: Chucky at March 29, 2006 05:51 AM

The sad thing is that I bet DBM is enjoying all the hate comments. It's the pathetic mindset of the virus writing script kiddie.

Wow! Look at me! Look at how many people I pissed off! I'm really kool!

 Posted by: David Masters at March 29, 2006 06:03 AM

Imagine the scene: I'm just demonstrating how reliable Mac OS X is to a potential switcher, click to open up about thirty tabs each with different blogs, then watch with dismay as Safari quits, taking with it all the other windows that were open, including the one to the online Apple Store... Try again - same thing happens. One potential switcher is now waiting for Vista, and is off telling their friends that "Macs can't even open web pages without crashing!"...

I appreciate your attempt to bring this to people's attention, but am really disappointed in the way you've gone about doing so.

 Posted by: vastheman at March 29, 2006 06:14 AM

To the person saying Firefox is better than Safari in every way, I bet you only speak English. No browser engine can come close to WebCore for multi-lingual support. Firefox is abysmal. Even setting the preferred language preferences is a nightmare with the Fox.

 Posted by: stern at March 29, 2006 06:38 AM

Even setting the preferred language preferences is a nightmare with the Fox.

Preferences -> Advanced -> Edit Languages -> sort the list according to your preferences. Real nightmare, yeah.

One potential switcher is now waiting for Vista, and is off telling their friends that "Macs can't even open web pages without crashing!"...

Well, that's how Mac fanatics demonstrate other OSes, so...

 Posted by: Jonathan at March 29, 2006 06:54 AM

You could make the frontpage picture a Safari safe one! It's really ennoying having safari crash on me all the time I try to view your site.

Great to see read from you again. It's been a while.

 Posted by: Antidragon at March 29, 2006 07:06 AM

Normally I resent being forced to use Windows at home and at work but I guess this time I lucked out! :D

Sure is a way to make a loud noise - congratulations! Who knows how many sites and images are out there that could cause the same problem?

Good to have you back.

 Posted by: Jens T. at March 29, 2006 07:45 AM

Sheesh ... since you're spending "more and more time in Linux now" anyway, I'd recommend you do as John Gruber suggested and *stay there* ...

(back to searching for the google-result pages I had open ...)

 Posted by: Lachlan at March 29, 2006 08:23 AM

I guess you've finally cracked under the strain of being a cult icon hey?

What's next, now you've reached that tipping point where you turn on your fans? (Not like that either - though I can't speak for all - maybe some like flagellation...)

The lack of respect is what saddens me, but I guess we are a bunch of sycophants who wouldn't know our arses from our elbows - just a pity you had to go and point it out so graphically and with no empathy whatsoever.

Hope you get well soon.

 Posted by: J.D. at March 29, 2006 08:31 AM

Some of you need to chill out. It's not that big a deal that your browser crashed and you lost a set of tabs. Is it annoying? Yes. The end of the world like some of you are making it? No. Hopefully you at least sent Apple the crash report since it's their fault not drunkenbatman's.

 Posted by: stern at March 29, 2006 08:31 AM

By the by, did anyone else see the AppleInsider post mentioning the latest build of OS X 1.4.6? This build was seeded quite soon after the last one, and developers are reportedly asked "to test Quartz- and ImageIO-based applications." Coincidence or conspiracy? Same time, same bat-blog...

 Posted by: Anthony at March 29, 2006 09:52 AM

I can understand why people are pissed that he's intentionally crashing their browsers, but I find Mac zealots constantly bragging about security far more annoying than a browser crash.

 Posted by: jojo at March 29, 2006 10:10 AM

Go DBM! Go Camino!

 Posted by: richardx at March 29, 2006 11:22 AM

What pisses me off is that you are fucking with ME and my system to prove a point. Do you honestly think we wouldn't get "it" if you just said it or linked to it? (the "it" here I’m assuming is that this is oh-so-ultra-serious!)

That’s Bullshit. Who do you think you are? You *intentionally* wrote a post that would crash, what, somewhere between 50-70% of your readers browser? That makes sense to you?

I think what bugs the crap out of me the most is the mentality that seems to be on display here - "Here let me do this bad thing to you to demonstrate to you that this bad thing is really really bad!"

Helluva a way to alienate your readers, dude. Good luck with your next post.

 Posted by: simplisticton at March 29, 2006 11:52 AM

I'm totally laughing my ass off at the people whining about DB killing their browser session. That is EXACTLY the point.

 Posted by: SHIERKER at March 29, 2006 12:16 PM

Point taken ...

Camino is my friend

 Posted by: Retard at March 29, 2006 12:17 PM

Nice to see you back DB. And a lovely way of saying hello too! I like it. Couldn't work out why safari kept on crashing when I had lots of tabs open...

Teach me for opening multiple tabs at the same time. Though I had already the post. I think I might be a little dumb...

 Posted by: BD at March 29, 2006 12:43 PM

I'm with the group who finds the idea behind the post important, but finds the execution to be rather lacking... It's not like Apple has the first - or only! - HTML rendering engine to get hit by image rendering bugs.

Demonstrate the problem (preferably by giving people a choice in whether or not they'd like to crash their browser or newsreader), then tell them what they can do about it, and people are probably much more likely to help out; poking them in the eye when they're least expecting it just to "make a point" isn't particularly brave or clever.

 Posted by: Krioni at March 29, 2006 01:49 PM

Um, I read this in Camino - no problem. I'm posting this from OmniWeb 5.1.3 - also no problem. Did you swap in a safe image because of all the whining?

 Posted by: Yeroc at March 29, 2006 02:15 PM

Unsubscribing... you've demonstrated a clear lack of judgement.

As others have said: I have no problem with you disclosing the vulnerability/crash and linking to an example image that demonstrates the problem would have been fine... but sticking it inline?!?

 Posted by: Cliff Biffle at March 29, 2006 02:33 PM

blog--; // That was poorly thought out

 Posted by: Stephen Mackenzie at March 29, 2006 02:38 PM

Another vote for the power of Panther! ;-)

Seriously though, folks, why does this happen?

In my (non-developer) opinion, loading a picture should never ever make a program crash.

 Posted by: tea_earl_gray_hot at March 29, 2006 03:04 PM

"blog--; // That was poorly thought out"

My impression is that it was well thought out, he has expected these things. People are playing into DB's hands. Straight from the machiavelliaism playbook.

 Posted by: Rob at March 29, 2006 03:34 PM

I have often enough had Safari lights out while surfing to know this isn't an isolated instance. Good for the Batman stirring things up a bit. That's why we read his blog after all.

Still I hate _having_ to use FireFox. It is so clunky. No system spell checker, dictionary, etc. Just none of the things are are so wonderful about OS X are evident in FireFox. Of course they can't put those things into FireFox because then it wouldn't be FireFox anymore. The experience wouldn't be the same everywhere. A self evident experience...

So yeah please fix the uber apis. :)

 Posted by: Kelt at March 29, 2006 03:52 PM

It's not like Apple has the first - or only! - HTML rendering engine to get hit by image rendering bugs.

BD, I think you're missing the point. The pic with the bad EXIF gladly crashes Finder, Preview, Mail.app, and so on. It's kinda systemwide problem.

 Posted by: vastheman at March 29, 2006 04:19 PM

I know where to set preferred languages in Firefox, but I maintain it is a piece of crap. You've got a tiny scrolling box, you can't drag to change the order, the buttons just disable themselves for no good reason. You've obviously never had to use it yourself.

 Posted by: at March 29, 2006 04:19 PM

You sure can make an entrance.

 Posted by: Mood: Perplexed at March 29, 2006 04:45 PM

Did you file a bug with Apple? If not, you should. Not doing so is unproductive. Safari has that "report a bug" button, and I hear the Crash Reporter thing can be handy. Some people actually pay attention to submitted bug reports. You could easily submit one yourself instead of conning others into doing it for you.

(My bellyache: CBS Sportsline occasionally serves up an ad image that'll crash Safari. That's under Panther; otherwise, Safari's been rock solid for me. As tracking down which specific ad in their rotation is a culprit then finding a way to direct-link to it has been a pain in the rear, I've learned to visit that site with Camino instead.)

 Posted by: mennonot at March 29, 2006 07:02 PM

After reading through all 102 comments so far, my personal theory is that DB was tired of the responsibility of writing for such a large audience. So he's found a simple and effective strategy to significantly reduce the number of subscribers and readers.

The only further question to consider: what type of readers did he weed out? And what type will remain?*

*Besides the obvious Mac/Windows divide of course.

 Posted by: at March 29, 2006 08:27 PM

it was kinda fun trying to delete the file on the desktop right before the Finder crashed...good job...

 Posted by: dwhs at March 29, 2006 08:36 PM

Please, losing your tabs is not that big of a deal unless you're in some extraordinary set of circumstances. Get a hold of yourselves.

I keep reading people saying, "you think we wouldn't get the point if you just put a link to it?" The answer is, no, you wouldn't. Flash back to the original Safari-Image-of-Doom. How upset did Safari users get over that? Myself, I filed it away as "Well, Apple's not perfect, but it doesn't get in my way." Well, db has made the point now that this *does* get in my way.

That said, I'd like to second the motion to move the image "below the fold." I got the point, and I hope Apple does too. But can we make it so I don't have to fire up a different browser to view the homepage? Further, if a reader chooses to read a post that warns him/her that it will crash his/her browser, well, that's definitely not db's fault.

 Posted by: h. l. lang at March 29, 2006 08:48 PM

Mh. I am visiting this page and downloading the image via iCab on a German OS 9. (built in1999). Finder stays healthy as ever and GraphicConverter opens the picture flawlessly. Guess I will keep my renegade attitude and let the crowd check out the known and unknown unknowns.

:-)

Regards

 Posted by: elmusafir at March 29, 2006 08:58 PM

The original "jag_towcar.jpg" crashes Safari, preview and finder in my system as well. (OS X 10.4.5)

Removing all metadata from the file using "smallimage.app" makes the file safe. The problem is indeed in the EXIM data, since retaining the ICC and IPTC data still makes the file safe.

Funny thing is that checking the remaining metadata with the "mdls" command, I see no difference there (except for the kMDItemFSSize, which, surprisingly, is larger in the original than in the "small" [pruned] version). It must be something else that the command does not show.

In case you are interested. Here's the "mdls" output for the original and the pruned files respectively:

Original
---
kMDItemAttributeChangeDate = 2006-03-29 19:30:56 -0600
kMDItemContentCreationDate = 2006-03-29 19:30:36 -0600
kMDItemContentModificationDate = 2006-03-29 19:30:36 -0600
kMDItemContentType = "public.jpeg"
kMDItemContentTypeTree = ("public.jpeg", "public.image", "public.data", "public.item", "public.content")
kMDItemDisplayName = "jag_towcar.jpg"
kMDItemFSContentChangeDate = 2006-03-29 19:30:36 -0600
kMDItemFSCreationDate = 2006-03-29 19:30:36 -0600
kMDItemFSCreatorCode = 0
kMDItemFSFinderFlags = 0
kMDItemFSInvisible = 0
kMDItemFSIsExtensionHidden = 0
kMDItemFSLabel = 0
kMDItemFSName = "jag_towcar.jpg"
kMDItemFSNodeCount = 0
kMDItemFSOwnerGroupID = 501
kMDItemFSOwnerUserID = 501
kMDItemFSSize = 24117
kMDItemFSTypeCode = 0
kMDItemID = 7425664
kMDItemKind = "JPEG Image"
kMDItemLastUsedDate = 2006-03-29 19:30:39 -0600
kMDItemUsedDates = (2006-03-29 19:30:39 -0600, 2006-03-29 18:00:00 -0600)
--

Pruned
--
kMDItemAttributeChangeDate = 2006-03-29 19:32:57 -0600
kMDItemContentCreationDate = 2006-03-29 19:32:32 -0600
kMDItemContentModificationDate = 2006-03-29 19:32:32 -0600
kMDItemContentType = "public.jpeg"
kMDItemContentTypeTree = ("public.jpeg", "public.image", "public.data", "public.item", "public.content")
kMDItemDisplayName = "jag_towcar-small.jpg"
kMDItemFSContentChangeDate = 2006-03-29 19:32:32 -0600
kMDItemFSCreationDate = 2006-03-29 19:32:32 -0600
kMDItemFSCreatorCode = 0
kMDItemFSFinderFlags = 0
kMDItemFSInvisible = 0
kMDItemFSIsExtensionHidden = 0
kMDItemFSLabel = 0
kMDItemFSName = "jag_towcar-small.jpg"
kMDItemFSNodeCount = 0
kMDItemFSOwnerGroupID = 501
kMDItemFSOwnerUserID = 501
kMDItemFSSize = 35534
kMDItemFSTypeCode = 0
kMDItemID = 7425690
kMDItemKind = "JPEG Image"
kMDItemLastUsedDate = 2006-03-29 19:32:34 -0600
kMDItemUsedDates = (2006-03-29 19:32:34 -0600, 2006-03-29 18:00:00 -0600)
--

See if someone can make heads or tails out of that.

elmusafir

 Posted by: Jennifer Hodgins at March 29, 2006 09:32 PM

Can someone please tell me the terminal commands to remove this from my iBook? I saved it to the desktop without thinking and it restarts before I can delete it. :-( I don't know how to use terminal except to open it.

 Posted by: at March 29, 2006 09:48 PM

Gosh, some cry babies hear...'oh i lost my tabs' boo hoo you were warned!! I disabled images then loaded the page, no crash. For others you should install SAFT, it will save all your tabs and load them after Safari crashes.

For others, try reading before posting, the guy said in the first few lines it effects Tiger only, yet im reading ppl saying 'fine here on 10.3.9'

 Posted by: at March 29, 2006 10:05 PM

'rm Desktop/jag_towcar.jpg'

 Posted by: stern at March 29, 2006 10:20 PM

know where to set preferred languages in Firefox, but I maintain it is a piece of crap. You've got a tiny scrolling box, you can't drag to change the order, the buttons just disable themselves for no good reason. You've obviously never had to use it yourself.

Of course I have. At most, those are small annoyances, not a "nightmare."

 Posted by: EssKay at March 29, 2006 11:05 PM

Awesome....
Try putting it in a TextEdit RTF or sending it in an iChat.

You r00l DB

 Posted by: Chucky at March 29, 2006 11:07 PM

"After reading through all 102 comments so far, my personal theory is that DB was tired of the responsibility of writing for such a large audience. So he's found a simple and effective strategy to significantly reduce the number of subscribers and readers."

That thought also occurred to me...

 Posted by: Anthony at March 30, 2006 02:07 AM

I'm totally laughing my ass off at the people whining about DB killing their browser session. That is EXACTLY the point.

Indeed. Bugs like this give others power over your computer. They can crash you on purpose, or they can crash you by accident and never realize they've done it. Either way, you have to accomodate them.

A browser isn't there to accomodate others. That's why we have popup blockers. A bug that gives the webmaster more power than he should have is a problem. In the past, DB has (IMO) improved the platform by refusing to pretend that major problems don't exist, as Apple won't be under any pressure to fix them otherwise. This is more of the same.

You might get pissed at DB for doing this, and he might even care that you're pissed, but I doubt many other webmasters would give the same consideration.

 Posted by: panther at March 30, 2006 02:22 AM

i have Safari(1.3.2) open on 10.3.9 and there is no crash or something... :-)

 Posted by: oliver schurr at March 30, 2006 02:30 AM

Dear DB

Thanks for pointing this bug out.

BUT, U R a jackass for posting it on the front page.

Keep up the good work :-)

Oliver

 Posted by: Graham at March 30, 2006 02:32 AM

"Gosh, some cry babies hear...'oh i lost my tabs' boo hoo you were warned!!"

Sorry? How the fuck was I warned? I opened the blog in Safari and BOOM. Crash.

DB, you've lowered yourself to the realm of l33t hax0r script kiddies with this one.

 Posted by: Cochrane at March 30, 2006 04:07 AM

It is certainly Apple's fault that ImageIO has this bug. If someone who has no idea about this bug posts such an image on the web without knowing it, that's bad, but not his fault. But someone posting such an image knowing that this is fit to annoy a lot of people, that's just mean.

Apple is certainly not responsible for DB posting this image here, so I see no reason to direct my anger about the crashed Safari to Apple. Their bug was the main reason behind this crash, but it wouldn't have come upon so many unsuspecting people if DrunkenBatman hadn't posted that image. Sure, that way more people notice Apple's bug, but seeing the comments here, I don't think this helped the cause in any way.

 Posted by: rotelle at March 30, 2006 05:58 AM

OK, you've had your 15' (or is it 15") of fame. Now fix the problem in the OS that causes the crash.

 Posted by: michel at March 30, 2006 06:54 AM

I am disapointed by DB.

it was not nice to put inline the picture... really nice. you hope thousands of millions people will go to Apple to cry and apple fix it in one hour ?
or to provoke a huge ZDnet story "os x is crapp, go buy dell"?

still it was NOT a good way to do that and it can bring upon _you_ some real legal problems (not from me , of course).
please, be careful with your own blog.

And yes, we know os x has serious issues, thanks guy to remind us. Now, can I we continue TO WORK ?

 Posted by: Marc Albrecht at March 30, 2006 08:45 AM

Hi,

no crash with Safari 1.3.2 (v.312.6) on OS X 10.3.9

Any idea?

 Posted by: Not Amused at March 30, 2006 09:21 AM

This is like finding a flaw in Ford's seatbelts, and slamming into people's cars to prove the point that Ford should fix them. Yes, they might all sue Ford, and it'll get fixed ... oh, wait, their next of kin will sue Ford.

Idiot.

 Posted by: Sarcastro at March 30, 2006 09:47 AM

Apple has put massive refinements into Tiger's "iAesthetic" sense. Thus, while 10.3 and earlier are cretinous enough to accept such an image 10.4 is, understandably and justifiably, so appalled by the very concept of an XK-140 Shooting Brake (that's a station wagon for us 'merkins) that it quits rather than display such a horror.

 Posted by: stern at March 30, 2006 09:54 AM

This is like finding a flaw in Ford's seatbelts, and slamming into people's cars to prove the point that Ford should fix them. Yes, they might all sue Ford, and it'll get fixed ... oh, wait, their next of kin will sue Ford.

If people die because a browser crashes you need to re-think your system design.

 Posted by: Cochrane at March 30, 2006 10:01 AM

To those who wonder why this doesn't crash on anything below 10.4: ImageIO is only available since Mac OS X 10.4, as you can see here: http://developer.apple.com/documentation/GraphicsImaging/Reference/CGImageSource/Reference/reference.html

 Posted by: eff at March 30, 2006 10:08 AM

What the fuck? You crash my browser on purpose because Apple hasn't fixed a bug in webkit?? That has got to be the most idiotic thing I've heard/seen in years.

What exactly do you think this is going to achieve? That I'm going to send bug report to Apple? The only thing I've done is to delete the DB bookmark from all my browsers and the RSS feed from NNW.

If the purpose was to make yourself look like a self-righteous twat though - my compliments on a job well done.

And no, I hadn't come here to see what the image from hell looks like - I (used to) visit your site frequently.

 Posted by: Rod Shuffler at March 30, 2006 10:09 AM

OS X is by no means invulnerable, but statistically I'll take my chances with "proof of concept" over actually being pwned any day.

Sure, Mac users can be wankers, but you seem to think Windows users are somehow different? Like follow the herd man, BLEET!

 Posted by: Chuck at March 30, 2006 10:14 AM

The ignorance in these comments is hilarious and as a Mac user I am appalled to be in the same group with these people. I cannot tell how many even READ the post. "Did you file a bug report?" He has the bug number in bold! Do you KNOW how many times Mail.app has crashed while checking my email because of an image? Be honest, the majority of this is Mac users upset DB rocked their mental image of OS X and made the problem hit home by making them look sideays at the OS and company they worship instead of saying "someone could do this and it would be bad mmkay move along to your next hyperlink." If you get any emotion at ALL it is more than you have for any other OS X bug let alone a security flaw! If his mailbox is like these comments I could see why he would downsize his readers on purpose.

 Posted by: GG at March 30, 2006 10:18 AM

Shiira ( http://hmdt-web.net/shiira/en ), based on Safari's engine, crashes too.

Of course, I'm now using Camino
( http://www.caminobrowser.org/ ).

 Posted by: xyz3 at March 30, 2006 10:20 AM

I have yet to encounter a developer needing to use SOAP services in a serious way on OS X that hasn't given up on what Apple's provided to the point where they just write their own stack. If you encounter someone that hasn't, ask them if they wish they had.

Ack. Been there, and I agree. So much for standards.

Terribly depressing.

 Posted by: Orlando at March 30, 2006 10:21 AM

Anyone tried to download the pic?
I used Firefox to view the page, but when the pic is downloaded to the Desktop, the Finder keeps quitting and restarting itself - weird behaviour - I didn't even try to open the pic - I had to use the terminal to remove the pic - otherwise nothing worked....

 Posted by: Simon at March 30, 2006 10:21 AM

iCab is safe.

http://www.icab.de/dl.php

 Posted by: peeweejd at March 30, 2006 10:30 AM

wow, good thing I'm at work on my pee see right now or I'd be pissed.

Remind me to delete your bookmark when I get home since this will be here for 17 years (calulated using your current rate of posting which is 0.25 posts/fortnight).

*you can insert your snappy "whatever buh-bye" response now*

 Posted by: Jon at March 30, 2006 11:10 AM

Ugh, for the past few days FeedLounge has been crashing Safari on me and driving me nuts. Finally found the culprit...

Not impressed, DB.

 Posted by: MacGeek at March 30, 2006 11:39 AM

Um... no, it didn't crash my browser. Help, I want to duplicate this. I have Safari 1.3.2

 Posted by: Mark at March 30, 2006 12:00 PM

I wonder if this can explain the crashes that happen quite frequently at CBS Sportsline and the Weather Channel?

OSX 10.3.9, Safari 1.3.2

I've filed a report EVERY time (which is a time or two every week on average). These sites have been problematic since 1.0!! I'm not convinced they read bug reports if they do not include the solution.

Not being an uber-geek, I am not able to diagnose the difficulties.

 Posted by: KBallweg at March 30, 2006 12:02 PM

What's hysterical is that no one's taken exception (unless I accidentally scrolled past it) to one critical point:

"The problem with stuffing one's pants is that, given enough time, you might actually believe the sock is you. I really, really wish Mac users would stop walking around like they want to slap it on the table and measure when it comes to security."

That's fair and funny, and the real point of the post I think.

It also seems like a large number of folk found a way around this souless, dasterdly, immature safari-crashing, tabs wiping out deed to post their indignation. Serious inconvience indeed.

So, as contradictory as it sounds: put a sock on it, and post away, "big boy".

 Posted by: Frankie at March 30, 2006 12:34 PM

Yes, OS X's image libraries have a couple known crash bugs due to malformed metadata. I reported one to Apple a couple years ago (I think it got fixed in the next point version).

Crash bugs certainly suck, HOWEVER not all of them are exploitable. The one I reported, for example, was not. And until someone can demonstrate the ability to run code hidden in EXIF, it is unfair and irresponsible to call this a security failure.

 Posted by: Steven Fisher at March 30, 2006 12:40 PM

"I've filed a report EVERY time (which is a time or two every week on average)."

Well, an important point:
- Mac OS X 10.3 is not the same as Mac OS X 10.4.

This has two immediate implications:
- If the crasher being discussed is Mac OS X 10.4 only, it will not affected you on Mac OS X 10.3.
- While not guaranteed, there's a strong possibility that your crasher has already been fixed in Safari 2.x/Mac OS X 10.4.x. (I'd be interested in knowing this.)

 Posted by: ninjabong at March 30, 2006 01:06 PM

Actually I blame the original camera manufacturer for corrupting their own EXIF tag, specificly the 'IFD0.Make' which contains an illegal byte count and is triggering the flaw and crashes in Apple's products.

 Posted by: Gorman Christian at March 30, 2006 01:18 PM

I use camino and safari simultaneously most of the time (which is how i am here posting now)

However, when I am in safari lately, I have been taking advantage of the new "Quit Safari" feature located in the bookmarks bar. Saves me a keystroke.

Why didn't apple think of this! Thanks drunkenbatman!

p.s. im not being sarcastic, I understand your frustration with apple's increasing shoddy releases and inattention to quality and presume that is your reason for crashing my browser full of many tabs of schoolwork - i didn't want to read those articles anyway.

 Posted by: stm at March 30, 2006 02:16 PM

safari did not crash! there's only the message... but i have no problems with this image (10.4.5 - G4)

 Posted by: Anthony at March 30, 2006 02:39 PM

Crash bugs certainly suck, HOWEVER not all of them are exploitable. The one I reported, for example, was not. And until someone can demonstrate the ability to run code hidden in EXIF, it is unfair and irresponsible to call this a security failure.

Of course it's a security failure. Someone else can do something to your computer that they shouldn't be able to.

More importantly, someone will probably take a closer look at this. A significant percentage of the time, it's possible to extend the exploit in order to produce an arbitrary code exploit. Also, the same shoddy coding practices that led to this bug also lead to arbitrary code exploits. Without a commiment to validating input very carefully, both types of bug occur.

 Posted by: Jasyn Jones at March 30, 2006 03:07 PM

Omniweb 5.1.3 (563.66), OSX 10.4.5, Quicktime 7.0.4:

No crashing for me.

I guess not everyone is affected.

 Posted by: Paolo at March 30, 2006 03:17 PM

Panther rocks ;D

 Posted by: Knowledgeable at March 30, 2006 03:22 PM

Just to let you know, I've got the following :

- Commodore 64
- Contiki Browser

Doesn't crash for me either. Must be something in your html code. Did you make sure to include a head tag and stuff ? That's sometimes the problem in web design which leads to crashes.

 Posted by: Jason at March 30, 2006 03:25 PM

There's also some video's that crash Safari, if u search around Myspace u'll find a few...kids and their stupid obsession for putting crappy music videos on their site

 Posted by: Lars at March 30, 2006 03:26 PM

OmniWeb 5.1.3 (which uses WebKit) on 10.2.8 shows now troubles here.

 Posted by: Brent Traut at March 30, 2006 03:30 PM

Just add this one to the list. Apple still hasn't fixed this one, either:

http://www.btraut.com/killsaf.html

 Posted by: MacAdict at March 30, 2006 03:44 PM

Hey, this has some uses. You can make folders that close all finder Windows. Name the folder " " and give it a custom icon and you have a "close all Finder windows" button anywhere you want it!

 Posted by: Takio at March 30, 2006 04:32 PM

OSX 10.3.9 + Safari 1.3.2 (v312.5) = no problemo
I am soooo skipping over tiger... i'll wait till the eye-candy wears off and a new real OS comes along.

 Posted by: tom at March 30, 2006 04:42 PM

you can close all finder windows by clicking the 'x' in any finder window while pressing alt/option. just in case you didn't know...

 Posted by: L'g at March 30, 2006 04:51 PM

If you can control the machine of a user through e.g. this image... it is a security issue.

Happily browsing the web since last year with Camino. Using Entourage since I lost all my mails using Apple Mail in a low HD-mem situation.

So no urgent problem for me. ;-)

 Posted by: Joel Bruner at March 30, 2006 05:34 PM

Yah, man, WTF.
I had a day or two's worth of tabs open in Safari. Don't inline that shit, gimme some warning.

 Posted by: Lars-Göran Eriksson at March 30, 2006 05:42 PM

OmniWeb 5.1.3 or iCab 3.0.2 or Opera 8.0.2 running on a PowerBook G4 12" 1 GHz with OS 10.4.5 has no problems with the image.

 Posted by: 0.02 at March 30, 2006 06:50 PM

If a browser crashes, and no one is around to hear it, does it still make a sound?

 Posted by: Jennifer Hodgins at March 30, 2006 07:38 PM

Thank you for your help, my iBook works now! :D

 Posted by: ky at March 30, 2006 08:07 PM

Your comment:
If a developer can't trust Apple's included solution to be robust, there's little point in throwing it in aside from bullet points.

I doubt that the apps you mention that don't use ImageIO do so because of robustness. Those apps are either cross platform, so they wouldn't likely use something only available on OS X, or predate ImageIO. Of course Camino isn't cross platform, but it's based on something that is.

 Posted by: wilbur at March 30, 2006 08:36 PM

No crash here with 10.3.9 and Safari 1.3.2.

 Posted by: aarku at March 30, 2006 09:03 PM

RAUBLE RAUBLE RAUBLE RAUBLE RAUBLE RAUBLE RAUBLE RAUBLE RAUBLE !!! ;-)

 Posted by: safarite at March 30, 2006 09:07 PM

uhh.. just read fine on my safari (10.3.9 i admit, but still)

 Posted by: freakman at March 30, 2006 09:26 PM

YOU, DRUNKEN BATHMAN, CAN SUCK MY DICK
YOU ARE AN EVIL BASTARD WHO DESERVES TO DIE!!!!!!!!!!!!!!!
YUO SUCK.
WTF IS WRONG WITH YOU!?!
I had like 20 tabs open in safari :(
I'm not going to read your stupid blog anymore if you pull another stunt like this

 Posted by: burble at March 30, 2006 09:35 PM

Wah wah wah. Screw your tabs. What a bunch of friggin whiners. Prolly the same people running around talking about how bulletproof the mac is. Get over your little crashes. Any halfway sensible person would be using camino or ff.

 Posted by: brandon at March 30, 2006 10:10 PM

nice job - actually no matter what they say you helped the mac community, helped apple realize that they have a pretty big flaw (im in firefox atm) - i salute you

 Posted by: brady at March 30, 2006 10:19 PM

Running Mac OS X 10.3.9 and everything works fine. No Crash in Safari whatsoever!

 Posted by: norm at March 30, 2006 10:24 PM

Irony indeed...

From DB not that long ago:
Mac users have this knack for picking a goal, then finding a course of action which not only makes them look silly but actually harms whatever cause they were allying their support to.

Furthering the irony is the fact that it too was about a picture.

 Posted by: dipshitblog at March 30, 2006 10:51 PM

What a juvennile little bitch.

 Posted by: Your Boss at March 31, 2006 12:18 AM

If you lost actual work from this bug, then maybe you should stop browsing the web at work before I fire your ass!

 Posted by: Tez at March 31, 2006 12:38 AM

Why visit this site at all if the proprieter is a retard and posts inline images that crash Safari?

Dont read his stupid blog, dont link to it, etc.

 Posted by: Mark at March 31, 2006 12:50 AM

Map. Props.

 Posted by: Matt at March 31, 2006 01:03 AM

Nothing unusual. See also www.jwz.org/xdaliclock/
(yes, it was reported to Apple a few couple of back).

 Posted by: mac at March 31, 2006 02:31 AM

Hey- thanks for doing this. Not only was the post very instructive, but about one out of 20 of the comments are too. Maybe less. I'll buy a shirt when I can. (there's a lot more complete fucking idiots out there than I ever suspected)

 Posted by: doot at March 31, 2006 03:33 AM

Hahaha aww are the apple fags upset cause they cant handle a little exploit? ;(

 Posted by: Antidragon at March 31, 2006 05:48 AM

Just a thought - DB could have posted an image inline for any of his posts and caused the exact same problem without realising it.

DB didn't cause Safari to crash. The bug/image did. The only complaint you could have for DB is that fact that *this time* he was aware of the problem. But he could quite easily have stuck up a little holiday snap or the like with no hidden motives *and still have caused the same problem*.

How many other websites out there are hosting images that do the exact same thing? The webmasters can't be held responsible for those instances. So where does the blame lie there?

This isn't a new bug. It's old and it's been ignored and left to fester.

I'm not ususally vocal on these comments. And I *can* see the moral ambiguity of knowingly posting such an image. But I also apreciate that sometimes you need a loud noise to make people sit up and take notice of something important.

Not so quiet anymore, is it?

 Posted by: RobinHood at March 31, 2006 06:12 AM

I'm a developer and long-time mac freak but I've been recently I've been spending a lot of time elsewhere on the net. It's just funny to come back and see how irritable and inflamitory some of you panty-waste nerds can be. :P Oh no, you have to open the History menu... You guys should grow up and learn to take it like a man, damnit!

^^ doot, just pull the trigger.

 Posted by: Maxim at March 31, 2006 06:55 AM

Here's a question. It seems this bug is coming from a camera tagging error, and not from someone's attempt to crash opera.

So, what I'd like to know is whether anyone has any idea what camera it is that's mistagging these files and causing the crashes. It'd be nice to be able to avoid this camera, so that things like this won't happen.

Alternately, is it more likely that it's not a camera at all, and instead whatever program was used to edit/resize the image, that added this corrupt info to the EXIF?

 Posted by: Scott at March 31, 2006 06:55 AM

I'm not sure who needs a life more...

All you whiners just because the image crashed an app. or two... or ME for READING all the bitching here.

Ummm... geee... it wasn't that long ago that I was rebooting and FORCE-Rebooting my Mac one to TWO DOZEN times a day from overall bugginess and instability (OS9) and thought a GOOD day was only needing to reboot 4-5 times...!

Now, with such a VAST improvement in-place, how soon we forget and take-out your frustrations on this person who was trying to illustrate a bug.

What's wrong with you people...?

What is the ABSOLUTE worst thing that happened to any of you because of this? Cancer? House exploded? Dog died? -no- Okay, did you lose data? Did any hardware damage occur? -hmm... no- So basically, you were inconvenienced momentarilly.

Grow the *expletive deleted* up!

Sheesh!

 Posted by: Dr. Ted Frapp at March 31, 2006 08:19 AM

Scott wrote on March 31, 2006 06:55 AM
"What is the ABSOLUTE worst thing that happened to any of you because of this? ...basically, you were inconvenienced momentarilly."

Actually, you're dead wrong, man. I am a doctor at a hospital and use a Macbook Pro to wirelessly keep track of my patient's data. Yesterday, I was about to check which medication to give to Mrs. Perkinsen, one of our older patients, when I accidentally hit this blog's URL on my bookmarks tab. Well, Safari crashed and I couldn't check the website we have the list of medicines on. So I rushed to Mrs. Perkinsen's room, laptop in hand, and there she was in obviously really bad shape ! She whispered "Where is my medication doctor ?" and all I could do was tell her "its that DrunkenBatman blog, it made my browser crash, hang in there girl..." As I frantically tried to restart Safari, Mrs. Perkinsen's condition got worse and worse until she slipped away with only these last words : "Why is this internet man doing this to me, why... I'm just an innocent old lady..."

So, you see, I am afraid Mrs. Perkinsen, an innocent old lady, lost her life because of the direct actions of DrunkenBatman. Think about that.

 Posted by: Dune_Tripper at March 31, 2006 08:31 AM

Irony indeed...

From DB not that long ago:
Mac users have this knack for picking a goal, then finding a course of action which not only makes them look silly but actually harms whatever cause they were allying their support to.

Furthering the irony is the fact that it too was about a picture.

I bet you have been saving that up, but how is it ironic and what is the relationship you are trying to connect? You imply he has failed at a goal, yet do not say how or what that goal was. People seem to think it is to have users send in crash reports, but it does not ask for that anywhere in the post.

 Posted by: Tyler Durden at March 31, 2006 09:01 AM

Thanks for crashing my browser and all my open tabs, you fucking cunt. You've just been removed from my "weekly visits list" and I'll never, ever be coming back.

 Posted by: Batman at March 31, 2006 09:14 AM

Sorry but I don't get your point. It seems to me that your some kind of wantabe, look, getting somthing to crash is nice. A real help would be to report these things to the company so tehy can fix them. I butt hole would simply post the thing to see who they could piss off. I know of no OS or browser that is 100% but I can say with out hesitation that in the last 5 years I have not had, virus, spyware, aps that crash the OS or anyting else. I have had some aps that crash but so what? I can live with this since I dont have the bugs and piss poor code of windows running :) or the crap IE ap.

 Posted by: Sho at March 31, 2006 09:42 AM

Heheh this is hilarious!

OH NOES MY WEB BROWER CRASHED!!! NOW I CANNOT USE THE INTSTNERTYS!

What a bunch of spoilt, whining children. You'd think that having their web browser crash and them lose their tabs was the worst thing that ever happened to anyone in the world. Well guess what people - it's actually pretty far from the worst thing that can possibly happen to you, so STFU.

 Posted by: something at March 31, 2006 12:07 PM

I'm wondering how many OmniWeb crashes I have had could be attributed to such an image? I commonly have over 50 tabs open in OmniWeb (one reason I use it, I can actually easily access the tabs). And it sux more since OmniWeb automatically opens the same tabs on starting OmniWeb again.

I end up going offline, off the internet entirely, when I run into an OmniWeb crash, so I can prune the tabs.

 Posted by: Peter da Silva at March 31, 2006 12:22 PM

I won't repeat my usual comments on Apple and security...

http://www.scarydevil.com/~peter/io/apple3.html

I will say that due to the lack of ActiveX and the default-closed network, and the generally robust and well engineered UNIX network stack... the chance of Mac OS X becoming the kind of security nightmare that is Windows is low...

HOWever, any folks at Apple who are worried about OS X security REALLY need to read my comments on the way Safari treats what they erroneously refer to as "safe files".

 Posted by: Peter da Silva at March 31, 2006 12:33 PM

"Sho" writes: "What a bunch of spoilt, whining children. You'd think that having their web browser crash and them lose their tabs was the worst thing that ever happened to anyone in the world."

If the image can cause a crash, then odds are very good a suitably tailored image can lead to remote code execution.

I shouldn't have to explain why.

 Posted by: Dan Saul at March 31, 2006 12:40 PM

I have to agree that this is in real bad taste, I once thought of this blog as a reputable source of conjecture in the Mac community, but now I see that the author and the readers of it are a group of immature babies who cannot either refrain from making blatant statements about the alleged "mac" community, nor can think ahead enough to post an image like this as a link. I'm on my PC at the moment posting this (omg!) so I was not affected by this however I do not think I will read this blog any longer. So long.

 Posted by: Josh at March 31, 2006 01:21 PM

I'm so glad I found this post... That photo was on Autoblog (a personal favorite) and it kept crashing Safari. I had no idea why, but now it all makes sense. In cases you just want to see it there, you can go to http://www.autoblog.com/2006/03/20/jaguars-next-x-type-a-shooting-brake/

Thanks drunkenbatman!

 Posted by: drunkenwhore at March 31, 2006 02:24 PM

Here's hoping that this turd pirate walks in front of a bus sometime in the near future.

 Posted by: DON'T DO THAT! at March 31, 2006 03:03 PM

Damn, don't go crashing people's browsers. Your post was otherwise appreciated.

 Posted by: jonathan a.k.a Cherdevall at March 31, 2006 04:49 PM

Lay off already, DB did what he did for a reaction but wtf.

Stop whining about your f. tabs.

If you feel hurt by DB go and cry in a corner. But seriosly if you don't want to read this blog go away already.

I for one will stay put for some time. One of teh best mac/other blog on the net.

P.S I hope apple will fix this bug pretty fast, I want to read this blog with Pulpfiction and Safari again.

 Posted by: dumbfuck a.k.a Cherdevall at March 31, 2006 07:27 PM

Good, you stay put. Personally I wouldn't want to see a worthless little shit like you turn up on any other sites.

In fact why don't you just go get your nuts cut off and make sure that you don't ruin another generation with your mental inferiority?

 Posted by: dumbwhore a.k.a Cherdevall at March 31, 2006 07:30 PM

Wow, another circle-jerk fanboy who thinks he's an admin on someone else's site.

Go get your nuts cut off, you'll be doing a favour to the gene pool.

 Posted by: Nathan Sweeney at March 31, 2006 11:49 PM

Ahhh, it was from Autoblog! I was wondering why NNW kept crashing on that one post a while back.

I love Camino, but I wish it had inline spell check, and though NNW is webkit based, there is a reason it is the most popular news reader on any platform (even though it is mac only!), so I will continue to use it until someone makes a gecko based reader that is remotely comparable.

 Posted by: Moo! at April 1, 2006 04:45 AM

Lol at the plethora of macfags whining :p.
I gotta try this out at work

 Posted by: jonathan a.k.a Cherdevall at April 1, 2006 05:08 AM

Very mature.

If you don't like my comment why even bother toanswer it? Just go to and click the litle X in the left corner of that nice brushed metal tab, and go surf wherever you want.

But seriously grow up!!!

 Posted by: Anthony at April 1, 2006 09:48 AM

If only you had done this today... people would not have been so upset.

 Posted by: Hidden Gnome at April 1, 2006 12:45 PM

Well, using Safari RSS (and of course, subscribed to this feeds), I got loads of crashes just starting the browser, and i did not know the cause, until i discovered the "why".

Note that using Firefox, the title of the feed includes "Do not read this post with Safari". Thats a warning, but when using Safari, you have ZERO CHANCE of seeing the warning. The intentions (that is the warning) were good, but you did not think about the ones using Safari, who could'nt even read the title of the feed.

Someone wrote:

"I'm totally laughing my ass off at the people whining about DB killing their browser session. That is EXACTLY the point."

Well, if you run a webserver and another guy discovered a flaw in Apache (or whatever).Does it justify the second guy to hack your server?. Acording to you, that would "EXACTLY the point". So messing with other people objects (without their consent) is justified? That shows a lot of your real self.

 Posted by: crashedme at April 1, 2006 01:50 PM

u crashed me u insensitive clod
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u
i should crash u

 Posted by: Ian King at April 1, 2006 02:15 PM

If you drag and drop the picture and place it say on the desktop, it will repeatedly crash and restart the Finder. It will continue to stay in this loop until you gain the speed to drag it to the Trash and then empty the trash.

 Posted by: WastedRobin at April 1, 2006 05:54 PM

DrunkenBatman, can I be your sidekick??

 Posted by: Eris at April 2, 2006 02:40 AM

I am a Mac user, and a Safari user—and I approve of this message. I was happy to send an error report for this bug.

Mac users are so immature. I found some of the comments here to be absolutely hilarious.

 Posted by: Eris at April 2, 2006 02:42 AM

Mistyped my URL, sorry. Not that anyone should care. :)

 Posted by: TBoneWalker at April 2, 2006 11:05 AM

The comments of those who strenuosly objected to DB's "alert" reminded me of these observations in a different context. (The entire article is interesting.):

http://arstechnica.com/staff/fatbits.ars/2006/2/19/2918 "Paths in the grass" by John Siracusa
...

"People are inscrutable; Mac users, doubly so. Their computing desires follow suit. You can waste all the time and energy you want explaining why some feature is dumb or foolish or will actually make the people who use it less effective or efficient or whatever objective metric you're using to judge such things. But if it makes someone happy, you're sunk. Argument over."
...

It seems sometimes that only when a business process dependent on computer software is being brought to a disastrous failure at a critical moment by a software flaw will the "end users" accept the alarm and the inevitable disruption of what they are doing that is needed to correct a problem that they think they can live with. It also seems to be true that these kinds of situations help to concentrate the attention of those people whose job it is to fix the problems.

DB is very likely a lot deeper than superficial scanning of some of his blogs will reveal.

 Posted by: Shane at April 2, 2006 02:14 PM

I don't know if this is relevant, but if you use Safari to view the page source of an image, Safari displays the EXIF data.

 Posted by: Joe at April 3, 2006 04:25 AM

So for everybody who considers this "whining" ... are you ok with lots of websites intentionally fucking with your browser/pc if they find a flaw that they can exploit? Might make for a rather interesting online experience, but hey, have a ball.

I submit that there are more reasonable ways to get the message across about bugs in the software.

Bottom line: The guy is an asshole. Have a good rest of your life...

 Posted by: axel at April 3, 2006 12:45 PM

Please, remove the picture so that I can start visiting this page in safari again

 Posted by: craigtheguru at April 3, 2006 05:01 PM

I second the post by axel. I used to read DrunkenBlog daily, but now I won't until that image is off the homepage.

DrunkenBlog is one of many sites I keep in a bookmark group in Safari and I open them all at once to read while eating lunch. I had to remove your site because it would crash out Safari unless I diligently closed the tab before it was fully loaded.

Your point has been made and we appreciate it, but I think it's time to give your readers a break!

 Posted by: craigtheguru at April 3, 2006 05:03 PM

Furthermore, the comment system produces this error at the bottom of the page when Previewing a coment.

MT::App::Comments=HASH(0x8355290) Use of uninitialized value in sprintf at lib/MT/Template/Context.pm line 1187.

 Posted by: stern at April 3, 2006 05:15 PM

This crash was NOT fixed by the 10.4.6 update. Boo!

 Posted by: Cap'n Hector at April 4, 2006 02:41 AM

Heh, something tells me Apple is working on this, and I'd think a security update (2006-003?) would be the place to find the fix if/when it comes out.

Also, check this out: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1552

 Posted by: iMac600 at April 4, 2006 02:46 AM

Same case as Vastheman, it appears to be an issue with OS X Tiger that's causing the problem. I have no such problem with
this image, as a matter of fact i'll drag it to my desktop right
now and test.

And I know the Terminal command should something blow it.

 Posted by: iMac600 at April 4, 2006 02:50 AM

Ok, completed all the tests. No errors, crashes or bugs were
found in the process.

Looks like OS X Panther 10