When I started getting alarms that oslo was unresponsive from the systems that couldn't dump backups on it anymore, I tried to bring it back up after work and noticed I was missing the array's core HFS+ volume (the array is partitioned into three). While the array's UFS volume seemed intact, none of the files verified; worse, not only was the HFS+ volume on it completely hosed, DiskWarrior actually crashed trying to repair it after throwing an error I'd never seen before (2351, -36 in case anyone is searching in the future).
Now, this is a backup array, so it could be dispensed with, but I wanted to understand what was going on first before wiping it. In the interest of ruling out the controller, I first decided to see if it was a problem with the array hardware and connected the RAID over FireWire to the iBook instead. To my surprise and delight, the files on the UFS volume checked out! I quickly booted DiskWarrior on the iBook and managed to get the HFS+ volume repaired -- it was pretty hideously mangled but spot checks on the files seemed to validate. So that ruled out the array.
At this point I concluded it must have been something wrong with the FW800 card. I'm notorious for keeping large amounts of spares on hand, so I got a spare FW800 card out that I'd bought as a Fry's special six years ago, pulled the old one from the bottom slot and installed the new one in the same place, and connected the array. This time, no volumes mounted, and System Profiler actually crashed when I asked it to enumerate FireWire devices. I powered off the system and said something intemperate, then started to wonder if it was something about the slot or (grr) the logic board. Fortunately, I could dispense with the Grappler+ since it was just occupying space, so I pulled that and put the new card in its slot instead. Everything mounted. Whew! Conclusion: bad PCI slot, possibly bad card as well, not clear if or which one caused the other, but I'm not going to take chances -- that card's going in the eWaste bin. Either way, the moral of this story is to not only keep backups, but keep spare parts on hand, because you never know when you'll need them. And oslo has a complete body double in the stock closet for the day it might blow its logic board entirely. Still, not bad for a machine that was built 15 years ago.
Now to the main event. I mentioned a while back a couple of secret projects I've been working on, and while one of them is probably going to get invalidated by Google again in the very near future, this second one has bigger import: no less than a safer, sandboxed way to run Flash and other plugins on Tiger. Let me introduce you to SandboxSafari.
First, let's be painfully clear about two important points: both Flash and Java remain unsafe to run on Power Macs, and TenFourFox's no-plugins policy remains inviolate. That's not ever going to change. But there are still sites people want to visit that insist on requiring a plugin and some of the sites either still work or can be coerced to work with the older version of Flash Player available for PowerPC. While not all the problems can be mitigated, it seemed to me that there could be a safer way of doing so that would reduce a potential attack profile.
Because our primary operating system of interest is Tiger (Leopard is supported, but I've always been frank that the best reason to still own a Power Mac is to run Classic apps, and that means 10.4), we can't use the Leopard sandbox, and the Leopard sandbox has at least one sandbox escape that was never fixed (though I suppose in the future it could be part of a blended implementation). So SandboxSafari takes a different approach: it runs a very limited WebKit instance in a separate process as nobody so that it doesn't run within TenFourFox or even run as you. By limiting the functionality it exposes and the privileges it can wield, it reduces the chance of an unsafe operation because it can't do many such operations.
In fact, SandboxSafari is so limited you can't even use it as a regular browser; there's no tabs, no downloads, only a single window and almost no chrome except for a right-click context menu for navigation. You feed it URLs through Launch Services, not through a typical address bar -- because there isn't one! It can't even save its own settings, nor can any plugin it instantiates, let alone anything else. The overriding idea is "as little as possible to go wrong."
So how do you use it? TenFourFox integrates with SandboxSafari through an enabler add-on included in the package. Let's say you're on one of those troublesome sites and you need Flash to operate on it. Just right-click on an open area of the page and from the context menu select the option to pass the URL to SandboxSafari (or pass it and close the tab simultaneously, such as a video site you don't need to keep open in TenFourFox). SandboxSafari will open to that URL; when you're done, just close the window and it will return to the previous app (invariably TenFourFox). You can drive SandboxSafari from your own application with AppleEvents, btw; see the openurl tool in the source code bundle.
SandboxSafari is not at all complete protection. Even though crashes are limited to the SandboxSafari process, it may still be possible for a malicious or misbehaving site to trigger other OS bugs, and while it's designed to resist modifying old files as well as creating new files, it may still be able to read other files and possibly be manipulated to upload them. A subverted plugin may also be able to activate input contexts that capture all keyboard events or draw things that look like password dialogues, and while these would disappear when SandboxSafari quits, they could potentially grab data anyway if you type in sensitive information while SandboxSafari is running. These kinds of operations are not generally dependent on the user ID in use or cannot otherwise be blocked with this method of sequestration. There are other limitations with what it can access and you should read the documentation thoroughly beforehand so you understand why.
SandboxSafari is also provided to you "best effort" and strictly "as-is." It's a means to get obsolete, insecure software to run a little more safely, but the software in question is unmaintained and known to have problems, and that means you should expect to have problems with it too. Because I don't want to turn my life into a living hell with people who can't read and don't care sending me complaints I don't want, the policy is explicit: bug reports that do not include fixes will be ignored (unless it's an obvious security issue over and above the security issues I already know it has). Don't write it here, don't post it to Tenderapp, don't E-mail me. If you're having trouble with it and you don't know why or don't care to find out how to fix it, then don't use it. I'm serious. I have enough to worry about with TenFourFox without regretting anything else I maintain. :P
Download SandboxSafari here, after reading the page thoroughly, and God have mercy on your souls.
