About | Buy | Forum | Industry Watch | Learning Curve | Products | Search | Twitter | Xnews
Home » Products » Reviews » The Very Ugly » Safari Enhancer 2.5.4

Safari Enhancer 2.5.4

Lord of the Cows [sic] Gordon Byrne
Rating: (four burnt toasts)

Juneau
AL US


Collateral damage:
Someone's got your admin password
Megabombs galore on your poor hard drive
Up to you kiddo - PayPal's there and waiting

Can 100,000 downloaders be wrong? This 'review' isn't about Safari Enhancer per se, nor is it about people who want to 'enhance' Safari, but it is about what seems to be one of the dumbest consumer groups anywhere, ever.

Introduction

Safari Enhancer 'enhances' Safari. It does a number of juicy things.

  • It toggles the 'debug' menu.
  • It removes underlines from hyperlinks.
  • It makes small fonts more legible.
  • It toggles Safari's use of a cache.
  • It sets a minimum font size.
  • It sets the colours used for hyperlinks.
  • It toggles the 'textured window' (brushed metal) appearance.
  • It deletes the 'favicon' cache.
  • It imports bookmarks from a great many other browsers.
  • It configures the history menu.
  • It changes the toolbar search engine.

Not bad.

What's unsettling is not just that most users - 100,000 remember - have no clue most of this is command line with 'defaults' or that the proudest of these will loudly boast they're too scared to use the command line, but exactly how this Gordon Byrne goes about doing the rest.

It's all there, supposedly on 100,000 desktops, and yet no one can stop drooling long enough to look at what they've downloaded.

Here are a few tidbits to whet your appetite.

  • How would you feel if you knew the .DS_Store payload for this monster took more storage than the download itself?
  • How would you feel if you found out exactly how all these features like toggling brushed metal were being done, and found out your own Safari was being overwritten?
  • How would you feel if you found out you can't really revert to your original Safari as claimed but to be safe will have to take out your install DVD again?

The features of Safari Enhancer can be divided into three categories.

  • Those that use the 'defaults' commands embedded in the (in turn) embedded AppleScript file. Note the staggering ramifications of this: you have a Cocoa app which in turn embeds an AppleScript file which in turn embeds a Unix shell script file; that's a lot of smoke and mirrors to keep you away from your keyboard, isn't it Spongehead?
  • Those that change the appearance of Safari by unarchiving embedded GZIP tape archive files which contain the entire Safari application with new menus, Aqua and brushed metal interfaces, and whatever else seems to be the Starbucks flavour of the day - and then overwriting your own Safari application files with the contents.
  • Those that change the toolbar search engine. Embedded Python files 'search and replace' in your actual Safari executable on disk. (Yes of course it's dangerous.)

[This is still infinitely better than previously when Byrne simply packaged entire executables for each search engine option - at 700 KB a pop. Dare one hope he's waxing careful? Nah! Ed.]


Gordon Byrne has a right to post any software he pleases, and he certainly has a right to accept 'donations' if people feel so inclined; but it's not so easy dismissing responsibility for those who blindly download and then can't be bothered to right click and choose 'Show Package Contents'.

Perhaps this little journey will induce one or another pointy head to do otherwise in the future.

Inside Safari Enhancer 2.5.4

Safari Enhancer 2.5.4 is a 1.4 MB download; the author thinks it's 1.6 MB but he seems to be mistaken. The exact size is 1484362 bytes.

Before full expansion the application contains 153 files. [The reader should keep this figure in mind as the number of hidden files in this monster is over four times that many. Ed.]

Safari Enhancer 2.5.4 is localised into Dutch, English, French, German, Japanese, and Taiwan Chinese. The actual executable is only 48944 bytes, but a simple Apple ADC operation on this file reduces it to 47136 bytes: the author shipped a 'debug' unstripped image. The credits give thanks to 'Reinhold Penner for answering a whole bunch of Applescript Studio questions'.

The pbdevelopment.plist file was not removed; it gives the location of the Safari Enhancer 2.5.4 project.

/Users/gordon/Projects/Project Builder
/Safari Enhancer Stuff/Safari Enhancer/Safari Enhancer.pbproj

None of the NIBs are cleaned. This results in a considerable junk overhead for the user. The Cocoa part of the application (it's not much - all it does is invoke the embedded AppleScript) was built with GCC version 2.95.

The application contains two 'naked' embedded Unix shell scripts. 'Programming'.

Contents of 'safari_enhancer_version_check':
echo 2.5.4

Contents of 'verifiedsafari':
echo 1.3

There are seven (7) embedded GZIP tar files in the app: aqua.tgz, disabled_cache.tgz, fullrestore.tgz, large_bookmarks_bar.tgz, normal_bookmarks_bar.tgz, normal_cache.tgz, and textured.tgz.

These GZIP tar files expand to 653 (six hundred fifty three) files taking 3,801,088 of disk space. Within this expansion are also 175 (one hundred seventy five) .DS_Store files for a total of 1,474,560 bytes - or only ten thousand bytes less than the total download.

Considering the fact that these GZIP files are never seen - that the user is instead supposed to be dazzled by the 'magic' of Safari Enhancer 2.5.4 - and that after the dirty operation is completed the program will delete the expansion again to leave no trace - then what in the name of all that is smarter than lobotomised is the author thinking when he packages 175 .DS_Store files in there?

If this alone doesn't make the potential user wonder (and hesitate) nothing ever will. It'll be time instead to try one final time to fly off that cliff on the edge of town. It might work this time - the winds are good today.


Safari Enhancer 2.5.4 'works' by literally overwriting your installed Safari application package. The author could have provided you with the raw materials and told you how to go about using them, but it's doubtful you would have dared. What it does is essentially the same anyway.

Safari Enhancer 2.5.4 demands your admin password to start up.

[Note that there are but two options in the above opening dialog - either you have the password and give it up or you just exit the entire program 'just like that'. Ed.]

And if you're not an admin, it refuses to run.

It also needs the BSD subsystem because it's not doing its own programming.

[Note again what options you have once you've seen this bad news - none. You're gone. The application can't do anything on its own. Ed.]

[From a programming perspective we have an entirely separate issue: why construct the obnoxious dialogs when the system is perfectly capable of generating them on its own? There's no advantage - none. The only difference is your download is bursting at the seams and you look the idiot. And there's a dozen such dialogs within the sorry package - 'idiot overkill'. Ed.]

Note as well that the password dialog does not come from Apple: this is not a request from the OS X authorisation services; no, this is a request from Safari Enhancer 2.5.4 itself.


Now you understand what this app is going to do, don't you? For most of its 'wizardry' it's going to do simple things on the command line that you could have done if you'd had any character; but for the rest it's going to overwrite (and potentially corrupt) your very own Safari application.

There's no magic here - only brute force. And 100,000 downloaders can't be wrong.

But how many of them took the time to find out what you now know before running the program?

Appendices

TGZs Xscan
searchreplacer_*
Safari Enhancer Xscan
Safari Enhancer Xstrings
getsettings.scpt Xstrings

About | Buy | Forum | Industry Watch | Learning Curve | Products | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.