St. Clair Software
Search St. Clair Software:

Online Store

Auto-Update Vulnerability in Sparkle

February 10th, 2016 by Jon

A security vulnerability has been found in Sparkle, the framework used by many Mac applications to check for and download software updates automatically. Full details are at:

http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/

While some of our applications (like HistoryHound) are using older versions of the Sparkle framework at the moment, they all use encrypted HTTPS connections to check for and download updates, so there’s no chance of a man-in-the-middle attack, as described in the report.

So you can safely leave automatic update checking turned on in all of our products – it’s being done safely.

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Hey folks, I’m not out to get you!

January 21st, 2016 by Jon

I probably shouldn’t be writing this – I’ve certainly got better things to do with my time – but heck, this really gets to me. I’ve gotten several emails over the past week that are similar to this one:

I am fairly sure you sneakily intended to try to get me to have to BUY a new key for DF 5. Please note I used the word SNEAKILY. 

Sorry, it won’t work, I won’t be using it.  Maybe that is what you intended…

His email was in response to a mailing announcing Default Folder X 5, which said:

… And because you purchased an earlier version, you can upgrade to Default Folder X 5 for only $14.95 USD.

and gave the recipient a link to a web page that says:

If you bought a license before June 1, 2015, there is a $14.95 upgrade fee for version 5.

and which has a download button that shows you a page that says:

Before you install version 5, we’d like to make sure you know that you’ll be asked to pay a $14.95 upgrade fee if you purchased Default Folder X before June 1, 2015. We don’t want anyone to feel that they weren’t told about this before trying the new version.

So now – “SNEAKILY”? Really? I’ve tried to be as up-front about this as possible. Yes, I am asking you to buy a new key for Default Folder X 5. No doubt about that. It’s written everywhere. And based on the feedback I’ve gotten from the vast majority of folks out there, that’s entirely reasonable. I certainly think it is. The last time I charged for a Default Folder X upgrade was 8 years ago. Long enough that people had started sending me money out of the blue because they thought I should have charged them something by now for reliably supporting and upgrading the product for that long.

So listen folks. I’M NOT OUT TO GET YOU! Yes, I’m asking you to pay for software that saves you time and frustration on a daily basis. I’m not trying to sneak that by you. I’m not trying to dupe you. I’m not playing you for a fool. I’M RUNNING A BUSINESS. And yes, if you don’t think Default Folder X is worth as much as a meal at Denny’s, you certainly don’t have to buy the upgrade. It’s your choice – you can vote with your wallet.

Now to everyone else who’s sent me notes of congratulations, thanks, appreciation, and generally just been awesome – THANK YOU SO MUCH! You’re one of the big reasons that owning and running a small software company is so rewarding. I really appreciate your input and feedback.

Glad I got that off my chest :-)

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Finally! Default Folder X 5.0 Released!

January 11th, 2016 by Jon

 

Default Folder X 5.0 is finally done and out! You can get it from http://www.stclairsoft.com/DefaultFolderX/index.html now. A quick list of the new features is at http://www.stclairsoft.com/DefaultFolderX/release.html, though there’s so much new and improved that it’s impossible to really list it all. It’s a ground-up rewrite that brings in all the improvements I’ve wanted to do for years.

Important details, for those of you who haven’t been following the betas:

  • It’s fully compatible with El Capitan and doesn’t require that you turn System Integrity Protection off anymore.
  • Yes, it’s a paid upgrade. It’s $14.95 unless you bought your license on or after June 1, 2015.
  • There are more features that are on the way – I held back a few in order to get 5.0 out sooner.
  • Localization in other languages still needs to be done – that’s a high priority now.
  • Version 5 also runs on Yosemite, but not on earlier versions of OS X.
  • If you turned off System Integrity Protection to use version 4 on El Capitan, you can turn it back on now.
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5.0b14 – it’s just about done!

December 25th, 2015 by Jon

Merry Christmas / Happy Holidays!

I just posted beta 14 of Default Folder X 5 – it squashes a bunch of miscellaneous bugs and now checks your serial number. If you bought your version 4.x license (full or upgrade) after June 1, 2015, it’ll automatically give you a free upgrade to version 5.

My bug list is down to just a couple, so it’s looking good for release in the first week of January. Thanks for your patience – this has been a much longer beta period than I expected. Despite a few bugs that have trickled in over the last couple of weeks, I’m very happy that the feedback has been extremely positive, with Default Folder X working trouble-free for most of the people who are running it.

There are a few issues, of course – one being a bug in Photoshop that renders Default Folder X inoperative in the Save for Web dialog. I’m afraid there’s not much I can do with it until Adobe fixes Accessibility support in that dialog (my bug report is here, if you’d like to “me too” it in hopes of making it more of a priority in Adobe’s eyes).

Anyway, Merry Christmas! I’m taking the day off to go skiing – you should get away from your computer too :-)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5.0b6 – Happy with the progress!

November 23rd, 2015 by Jon

It seems like it’s taking forever (at least to me), but there are a lot of good changes in the latest beta (5.0b6) which I just posted at http://www.stclairsoft.com/DefaultFolderX/beta.html

Older Carbon apps will no longer always start in your Documents folder, the Finder-click feature once again allows you to click on the Desktop as well as on Finder windows, and there are significant improvements in several areas that speed things up and make Default Folder X more reliable.

My bug list has gotten much shorter, and there are only a few features missing now – yay!

Thanks for all the feedback (both positive and negative) and all your support. Please let me know if you run into any problems with 5.0b6!

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

We interrupt your normally scheduled Default Folder X development for… expiring App Store receipts??

November 12th, 2015 by Jon

The Problem:

So I started getting emails yesterday complaining that Jettison was suddenly telling users their trial period was over – even though they’d already purchased a license. When I got the first few, I thought they’d just deleted their preference files and needed to re-activate their licenses, but then the trickle became a deluge – what the heck?

So I dropped everything and looked into it – I needed an answer ASAP or I was gonna spend the next couple of days doing nothing but answering email. It turns out everyone who was affected had bought Jettison through the Mac App Store and then upgraded to the direct-from-the-website version (because it’s better, of course – instructions here if you’re interested). When you do this, Jettison copies your Mac App Store receipt to a safe place so that it can verify that you’ve actually bought a license, even if you delete the App Store copy of Jettison.

Lucky for me, I’d bought a copy of Jettison myself when testing this mechanism, so I had my own receipt still sitting in ~/Library/Application Support/ so I could look at it. Printing the certificates in the receipt showed this little tidbit:

[...]
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations [...]
Validity
    Not Before: Nov 11 21:58:01 2010 GMT
    Not After : Nov 11 21:58:01 2015 GMT
Subject: CN=Mac App Store Receipt Signing, OU=Apple Worldwide Deve [...]
[...]

See that “Not After:” entry in the Validity section? “Nov 11 21:58:01 2015 GMT” – yeah, that’d be yesterday. When the emails started. Apple signed the receipt with a certificate that expired yesterday, so if you have one of these receipts, Jettison no longer thinks you’re legit. Sorry about that – I hadn’t considered that eventuality. And reading the news this morning, it appears that Apple hadn’t either.

The Fix:

So what to do? I’ve wrapped up Jettison 1.5 and posted it. You’re going to have to do a little dance again to get Jettison to update your receipt, but this version will do the right thing once you follow these instructions:

  1. Put every copy of Jettison on your Mac in the Trash and empty the Trash.
  2. Open the App Store application and click on the Purchases tab.
  3. Re-download the copy of Jettison you purchased. It will include a new, non-expired receipt.
  4. Download the latest version of Jettison (http://www.stclairsoft.com/download/Jettison-1.5.dmg)
  5. Double-click the .dmg file to open it, then double-click on Jettison before copying it to your Applications folder.
  6. After Jettison tells you that it has found your App Store license, you can copy it to your Applications folder.

Sorry for the hassle. But hey, at least it forced me to get the version 1.5 update out the door, so there’s some benefit there, eh? And thanks Apple – I didn’t need to sleep last night anyway.

– Jon

P.S. I’m seeing a bunch of people buying non-App Store licenses directly from the St. Clair Software store today instead of jumping through these hoops to deal with the App Store. I have to say I’m all for that :-)

Update:

A bit more info that’s interesting and could use some corroboration: I think this problem only affects apps that were downloaded before September 24 (either via purchase or update). When I download a new copy of Jettison from the App Store, the receipt is signed with a cert valid within these dates:

            Not Before: Sep 24 19:09:31 2015 GMT
            Not After : Oct 23 19:09:31 2017 GMT

So in my sample size of 1, copies of Jettison purchased or updated today will work until Oct 23, 2017, and could have worked with this receipt only as far back as September 24. If Apple has been using the same certificate to sign all App Store receipts (which seems reasonable), then anything that has been downloaded from the App Store after September 24 won’t expire until 2017. And apps downloaded prior to that have some other expiration in their receipts. If I had more time, I’d dig through all of my App Store apps to find out when each cert expires, but alas, I’ve got work to do and have killed enough time on this already…

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5.0b3 is available

November 10th, 2015 by Jon

So there was some faulty logic in 5.0b2 that caused the shortcuts for Favorites to be pretty flaky – sorry about that. They’re fixed in b3, along with numerous other things (some of which didn’t make it into the release notes, now that I’m looking at them again). The biggest changes in b3 are internal – I spent quite a bit of time tightening up Default Folder X from top to bottom to make sure that no resources are left open, in hopes of fixing the “The application Default Folder X is not open anymore” error message that some of you have gotten. You may see that error one more time (and will have to restart to make it go away), but it shouldn’t occur when Default Folder X auto-updates in the future (from b3 to b4, for example). If it does, please let me know!

Progress has been slower than I’d like over the last few days – mostly due to the aforementioned analysis of Default Folder X’s internals – and now that’s done and the flaky shortcuts are fixed, I should be able to get back to forward progress.

As always please let me know if you encounter any issues or have any suggestions!

Oh yeah – you can get the new build with “Check for Updates” if you’ve already got b2 running on your Mac, or go to http://stclairsoft.com/DefaultFolderX/beta.html and download it from the link at the bottom of the page.

– Jon

P.S. Yes, I know that the buttons at the top of the beta page download version 4. If you’re beta testing, you should certainly be patient enough to read through the page and find the link at the bottom. Let’s just call that a first-order filter to get into the beta program 😉

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5.0b2 is now up, with a bunch of fixes.

November 7th, 2015 by Jon

Thanks to everyone that’s given me input and bug reports on the first public beta of Default Folder X 5. There’s now a new build based on your feedback – you can can click “Check for Updates” if you’re already running 5.0b1, or grab it from:

http://stclairsoft.com/DefaultFolderX/beta.html

If you submitted a bug or feature that’s not in yet, that doesn’t mean I’m not listening. I was just anxious to get this build out because it fixes several big problems that affect quite a few people.

I’m particularly happy that I was able to find the bizarre one that was causing the Save button to stop working in save dialogs. It’s actually a bug in OS X that Default Folder X was triggering – get this: If a file dialog is showing the contents of a folder and you tell it to show the contents of that same folder, the Save button stops working. Who knew? So the hugely complicated fix was just to make sure that Default Folder X checks to see what the current folder is, then just does nothing if the file dialog is already showing the folder it wants to go to (which it really should have been doing all along in the interest of efficiency anyway).

You can reproduce the bug by hand pretty simply (turn off Default Folder X before doing this – otherwise its Finder-click feature will get in the way):

  1. Run TextEdit
  2. Create a document
  3. Choose File -> Save
  4. Switch to the Finder and drag any folder into the file dialog to make the dialog show that folder
  5. Drag that same folder to the file dialog again
  6. Now try to click the Save button. It doesn’t work!

Pretty cool, eh? Not really >:( This has been stressing me out for a couple of days because I had no idea what was going on. Glad it turned out to be easy to fix after a bunch of you helped me track it down and reproduce it here. It’s really nice when beta testing works like it’s supposed to :-)

So thanks everyone! And keep the feedback coming.

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5 Public Beta is up!

November 5th, 2015 by Jon

Here it is! http://www.stclairsoft.com/DefaultFolderX/beta.html

Please read the list of what’s still to be implemented. Then download it and let me know how it goes. Thanks for your patience!!

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Default Folder X 5 public beta tomorrow!

November 4th, 2015 by Jon

So I just finished the preference file conversion – version 5 now imports your settings, favorites and default folders from version 4. It was surprisingly gratifying to get that done, I guess because I’ve been dreading doing it for a while. Converting data and moving it from one place to another is rarely something developers enjoy doing…

The current testers report that version 5.0a19 is working well for them (well, except for the new drag and drop area, which is still a work in progress). There are still some things that need to be done, but version 5 is definitely functioning well enough and is complete enough that I feel comfortable putting it out into the world tomorrow – at least with the “public beta” moniker to let everyone know that there are still some rough edges.

As long as nothing comes up in the next 24 hours, we’ll finally have Default Folder X up and running on El Capitan with System Integrity Protection turned on. Yay :-)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Home | Products | Downloads | Purchase | Support | Contact | Blog

© 1996-2015 St. Clair Software