Qualy’s Browser Check
|
|
OP
Joined: Aug 2009
|
MacBook OS 10.6.8
I use Qualy’s Browser Check to check for updates but recently it reports Apple Safari 5.1.9 to be insecure and offered to fix it. Thing is I am running Safari 5.1.10. Am I , or Qualy’s missing something, or can their report be ignored? I have tried to contact Qualy's, but have had no reply You advice please. Kate
Last edited by cyn; 01/25/14 12:46 AM. Reason: Topic moved from Mac OS X Applications to the Networking forum.
|
|
Re: Qualy’s Browser Check
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Same OS X 10.6.8 & Safari 5.1.10, same "Insecure Safari 5.1.9" warning.
Seems like Qualys has got its own issue.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Qualy’s Browser Check
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
I had an issue like that with a different developer and the problem was the way in which the app reads the version. My guess is that QBC reads 5.1.10 as 5.1.1; it doesn't see the final 0. When I notified the developer in my case (this was a long time ago with a much different app), he was able to fix it. So, you'll have to hope that the developer responds.
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: Qualy’s Browser Check
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Your issue sounds like the one that was raised as a potential with OS X 10.4.10, but since Qualys is specifically mentioning v 5.1.9, this issue is different.
"Insecure" suggests to me that the Qualys app is reading the final zero, not recognizing it as a possibility, and reporting that v 5.1.10 is a corrupt v 5.1.9.
Edit: And how it knows that v 5.1.9 is installed is anybody's guess. (v 5.1.10 has been around for 90 days, already; you'd think that Qualys would have either adjusted or compensated for it by now.)
Last edited by artie505; 12/12/13 12:07 AM.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Qualy’s Browser Check
|
|
OP
Joined: Aug 2009
|
Thank you all for your comments, I will watch, wait, and update you, if I ever hear from Qualys. Kate
|
|
Re: Qualy’s Browser Check
|
|
Joined: Aug 2009
|
Version numbers are stored internally as a sequence of four bytes, and displayed as a string by expanding each byte to a decimal number and putting periods between them, similar to the way IPv4 addresses are formatted. (The fourth byte of a version number is a little different. Instead of representing a number, it encodes whether this is a developer/alpha/beta/release version. Instead of formatting it as a period followed by a decimal number, it's formatted as a trailing d, a, b, or nothing, respectively.)
A common mistake when comparing version numbers is to compare their display strings as strings instead of comparing the underlying bytes. Thus x.y.10 seems to be an earlier version than x.y.9, because the character '9' is less than the character '1' and a string compare stops looking once it finds characters that don't match. Comparing correctly as a sequence of bytes, the number 9 comes before the number 10, giving the opposite result.
A similar problem occurs when x.y.z is thought to be an earlier version of x.y.zb, even though the underlying bytes make it clear that a production version is newer than a beta version with the otherwise identical version number.
|
|
Re: Qualy’s Browser Check
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
A common mistake when comparing version numbers is to compare their display strings as strings instead of comparing the underlying bytes. Thus x.y.10 seems to be an earlier version than x.y.9, because the character '9' is less than the character '1' and a string compare stops looking once it finds characters that don't match. Comparing correctly as a sequence of bytes, the number 9 comes before the number 10, giving the opposite result. (Did you really mean to say "the character '9' is less than the character '1'"?) Thanks for explaining the nuts and bolts of how the .9/.10 thing works or, as the case may be, doesn't work; I always find the inner workings of OS X fascinating. Unfortunately, though, I'm not sure which question or comment you were responding to. (If you were explaining why the Qualys software thinks 5.1.10 is "insecure" 5.1.9 I didn't follow at all.)
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
|
|