Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Your Own .Mac Server

Posted by CmdrTaco on from the isn't-that-useful dept.

c13v3rm0nk3y writes "A clever fellow named Otto Moerbeek has publish a short article on getting an OpenBSD box to emulate a .Mac server. Using Apache/DAV/SSL and a roll a duct-tape, he describes how you can get most .Mac functionality without paying Apple for it." This is useful because then you can use apple's backup tools to backup to a local server, and not have to backup over your piddly internet connection.

6 of 257 comments (clear)

  1. Another trick: Using iSync without .Mac by Ford+Fulkerson · · Score: 5, Informative

    Jeremy Beker has more informations about using iSync to syncronize calenders, addresses, etc. without using .Mac

    --

    Somewhere in the heavens... they are waiting.
  2. Just in case... by RudeDude · · Score: 5, Informative
    A mirror of it.

    Provided by Mr HOSTBOT

    --
    RudeDude
    Perl/Linux/PHP hacker
  3. .Mac's security is bad by slamb · · Score: 5, Informative
    I saw this in the article:

    A self signed certificate will do, since Backup does not check the certificate.

    That's really bad. It means that anyone can launch a man-in-the-middle attack against someone using .Mac for backup purposes. I'm sure people are using .Mac to backup their Quicken financial data and other things they'd consider sensitive.

    I hope Apple fixes that...I'd be pretty pissed if I were a .mac user.

    1. Re:.Mac's security is bad by spicyjeff · · Score: 4, Informative

      Ironically, if you try to backup a Quicken 2003 data file via Backup 1.2 (latest version) the application will lock-up.

      Apple has known about this bug for awhile and apparently are "working on a fix" with Intuit but nothing in the past few months.

  4. Big Whoop by maggard · · Score: 4, Informative
    1. This backup trick has been well known/well documented amongst Mac-folks for awhile now. It hasn't been earth-shaking news even though it has finally hit Slashdot. Doubtless Apple's folks have read the same reports and to date haven't changed anything.

    2. However there likely will indeed be a change to the authentication in the future. As the hack's author writes Apple's current method really is pretty lame and better ones should have been used from the start. At that point it'll be stick with the old backup client or go with the current and more secure/featureful.

    3. For all the sheep bleating on about Apple cease-&-desisting this etc. Apple has litigated to protect their trade dress, not this sort of material. After awhile repeating that same sort of foolishness just becomes trolling and unworthy of "News for Nerds. Stuff that Matters"

    4. While this is indeed a clever hack to make the backup function work to other servers it doesn't replicate .Mac, there's a whole lot more to it then that. Among other things it does offer WebDAV, software distribution, good website templates, virus-scanning, an excellent webmail client, superlative integration with their Mail client, IMAP, and of course ties throughout their OS. Whether or not it's worth what Apple is charging is worth suffering the limitations Apple has imposed (unannounced/uncontrollable email filtering, undefined bandwidth quotas, less-then-impressive availability, poorly implemented "family accounts") is open to question.

    5. Also note that this whole thing is a bit of a pain to enable for a somewhat useful utility. It prevents the Mac(s) from connecting to Apple's .Mac and frankly there are equally good or better backup methods. Again, clever hack but hardly useful as a serious long-term solution.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  5. Re:Irresponsible? by Samosmatiker · · Score: 5, Informative
    From the author's main page:
    Is this illegal? As far as I know, it is not. I am not changing Backup, I am only changing the environment in which it runs. I am not trying to hack the iDisk or .Mac servers. The license does not even mention a .Mac subscription. While technically easy, I am not offering this as a service to the public. I've written these pages only to educate, showing that Apple has taken a short cut to proper server authentication.