Slashdot Mirror
Review of Mac OS X 10.3
alphakappa writes "The NY Times has a review of all the new Panther features which states that the 150 odd features added are so good that calling it a 0.1 upgrade is not fair. It finds the new Expose feature and other security features (like being able to encrypt/decrypt the entire home directory on the fly) extremely appealing. Gripes include the $130 price tag and the (somewhat) lack of backward compatibility."
M$'s service packs patch hundreds of holes. Panther offers 150 new *features*. I'd pay for features.
Plant a tree in a developing country.
Since when do we trust newspapers for a review of an operating system? Sort of:"Look at all the new features!!"
much as i hate random GUI improvements being given their own name, the expose concept is damn cool and damn useful. i expect that the KDE folks ought to be able to manage to slip it under the approaching-beta 3.2 release, thanks guys ;-) seriously, this is one feature that apple has really gotten right.
ps: there's really something to be said about incorporating the rendering power of modern graphics cards for eye candy and lightening the load of the CPU.
pps: i find the fast user switching animation a bit gratuitous though.
Hurts linux as well. Too often this is compounded with dependency problems and makes package installation a nagging pain for experienced users and a nightmare for new users. This is one thing that MS has done right. Granted, there's DLL hell on windows as well, but the problem is far smaller than on mac and linux.
As with any complex system, continuous updates will always leave tiny bits and pieces behind that eventually compromise the stability of the whole thing.
That said, there's a middle ground 'archive and install' option that preserves your users and network preferences while avoiding most if not all of the trouble that might come from updating. It's also faster as it doesn't need to check each and every file for updating and just writes everything while storing the old system folder in another place. Works mightily fine.
That $130 cost won't matter to those people whose systems the new version won't run on.
Seriously though - and I've lost track of the number of times I've said this - if you don't want the new features then you don't have to pay for them. And, if you don't pay for them, you're existing system doesn't become any less productive or user-friendly.
It really amazes me that people act as if their computing experience has somehow been crippled just because they don't have the very latest thing, even though their own machine hasn't regressed in anyway and is just as useful as it was the day before.
Watch how this story will generate countless posts that proclaim that Apple has somehow stabbed its users in the back by releasing a significant upgrade packed with both new and improved features and (shock, horror) daring to charge for it.
Newsflash people: software costs time and money to develop. So either pay up or shut up. Apple is a business, not a charity.
And to those of you who just fail to qualify for a free upgrade (if there is such a thing), please, get over it. Life is full of upsets, big and small. In the end, it's an upgrade you're missing out on, not a heart-bypass operation.
Anyone else think that upgrade envy is becoming way too common, on computing platforms and elsewhere in life?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Because the update scripts can't always plan for the havoc that a personal computer user has wreaked on the OS. They can't test to see what every little poorly coded application changed, and how it is affected by the update (and more importantly, how it affects the update).
This doesn't just go for Apple. Given the choice between a fresh install of an OS and a dist upgrade, I'll always take the fresh install (when it's really an option). Why not eliminate the variables? Regardless of the elegance of the OS, PC OS'es are usually made pretty ugly once an end user gets through with it.
-Turkey
Although it is quite popular with hackers, the "works for me" answer simply doesn't solve anybody's problems. The author of the article is referring to third-party applications (mentioning QuickKeys addon specifically), which stopped working. That most likely happened because it was using some undocumented API that got removed.
First it says:
....and the (somewhat) lack of backward compatibility."
review of all the new Panther features which states that the 150 odd features added are so good that calling it a 0.1 upgrade is not fair.
and then:
Gripes include the $130 price tag
Sorry. Not everything is for free. Especially a commercial product from a proprietary hardware/software vendor.
I've heard this is par for the course with Apple, but i didn't say that because i'll get modded down as a troll.
Oh well. FreeBSD 4.9 comes out today! w00!
do() || do_not();
Microsoft, at least, has the decency to wait a few years between upgrades.
I know lame comments like these are essential to journalism and aren't meant to be taken seriously, but I'll bite --
What is indecent about releasing a major upgrade to your operating system after a year?
Should Apple sit on these changes for 2 more years?
If you don't want to buy the upgrade, don't. If you want to wait 2 more years, you'll likely get 10.5 with many more changes. You pay a premium to be a geek with the latest gadgets.
When the new iPod was released, I didn't expect Apple to give me a new one just because mine was only 6 months old. I sold mine on eBay and paid a substantial upgrade fee.
Cars are "upgraded" every year and most people don't drive the latest release because it's too expensive for them to upgrade. In fact, sometimes they only involve very minor cosmetic changes! And often they raise the price! Unbelievable!
Oh, but this is software and no physical manufacturing analogies apply.
Wanna know what's wrong with file-by-file encryption? Lots of stuff, but let's start at the beginning:
file names.
If I look at your laptop and see "Plan for World Domination.rtf," I know you're planning something, even if I can't read the file. Just the simple fact that the file's there--and that it was last modified on Tuesday--tells me something.
What else? Cache files. Windows doesn't encrypt cache and temporary files. Lots of important information can be pulled out of those, particularly if you use a company Intranet with confidential data on it.
The Apple solution, on the other hand, encrypts your entire home directory, caches and preferences and documents and everything, into a single sparse disk image file. If you don't have the password, you can't get anything.
Who's sucking it now?
"Diarrhea" wasn't in the actual NYTimes review. I believe that, along with "sodomy," was added by the helpful poster of the "complete" text for those who didn't want to register with NYTimes.
So let's see. This release is faster, more secure and contains many significant UI and system improvements - encryption, Expose, power on/off scheduling. Also improvements to the apps included as well - TextEdit, Mail etc.
Just because Apple is being modest and only calling it a 0.1 increase doesn't mean it's only a minor upgrade.
This view can only be supported by having a very static view of how software is used. I was using OSX 10.1 when 10.2 was released. I suddenly began running into many commercial and open source products that required 10.2. For example, virtually everything on osxgnu.org now requires 10.2, and this is not because these projects are using 10.2 specific features; they're binary compatibility requirements. Fink is another example, and they already note on their page that 10.3 will require a new install from them. I also encountered this in a substantial number of commercial apps and drivers. Apple itself removed the 10.1 dev tools from their page by the time I went to get them.
For some people, myself included, software is a living, dynamic thing. I don't want 10.3 because of whatever assortment of new features it has; I want it because I'm afraid of being cut off from a bunch of things on which I depend. And if I get it, it's going to force some painful transition choices on me by breaking some 10.2-dependent stuff. In some ways the transitions between these 10.x versions is more jarring than that from 9.x to osx; at least when 9.x was left behind, dual boot and emulation support was provided.
- First they ignore you, then they laugh at you, then ???, then profit.
QuartzExtreme is Jaguar's last year feature.
http://twitter.com/gr
My advice: wait. Apple is trying to get new versions of the G5s released in a couple months, including a dual 2.4 GHz model, and eventually a dual 3.0. When that happens, expect retailers to drop the cost of the dual 2.0 model signifigantly.
(I don't often advise waiting to purchase a computer because "something better is just around the corner," since this is IT we're talking about, and that's always the case. But reviews I've read place the power/performance ratio for the top of the line G5 at higher than its little brothers, a distinction usually reserved for one of the cheaper models. So here, it seems worthwhile to bide your time.)
How is Expose so radical? It sounds exactly to me like the options you have when you right click on your Windows taskbar: Tile Windows Horizontally, Tile Windows Vertically, Minimize all Windows (Show the Desktop on XP).
That feature has been there for years.
The Department of Defense disagrees with you. FileVault uses MILSPEC-standard AES-128. A brute-force attack against AES-128 is impractical in the extreme given today's computing resources.
And when exactly does your Mac ask you to enter the AES key? Oh, it doesn't, it asks you to enter a passphrase to unlock the AES key.
Hence, all you need to do is work out the passphrase and you get the data - and tha passphrase is going to be just as suscpetible to a brute force attack as a simple password mechanism.
One file encrypted someone gets their hands on = safe.
One file encrypted that someone gets their hands on + access to your Mac = not safe.
Beep beep.
Never start a land war in Asia. No, wait, it was never send a monster to do the work of a mad scientist. No, wait, I remember.
Never publish a pro-Mac review by an author who is famously pro-Mac without disclosing it to your readership.
Hey, I'm writing this from a Mac. And David Pogue is a great guy, having written many wonderful Mac books. But NYT should have been more objective. Get a rabidly Mac guy to write a Mac review, and what are they going to say, something BAD about Panther? I doubt it.
I'm sorry, you're completely wrong, this is impossible to do in linux.
part of OS X is bringing the "magic" of unix to a "human being".
i click button X, and Y happens. As opposed to the unix motto..
I configure X,
I compile X,
I build X,
I install X,
I adjust boot X
I now have Y happening.
The two are WORLDS apart, and are the primary reason why Linux is not adopted by everyone.
People are willing to pay huge sums of money, if you allow them to do with ease what they otherwise couldn't. Linux developers need to learn this lesson.
Fink is another example, and they already note on their page that 10.3 will require a new install from them.
Although your point is still valid, Fink is a terrible example of it--like many tools out there, fink will have a new version of the software for 10.3, but will (presumably, since they do it now) continue to offer the 10.1 and 10.2 versions for download. Granted, not all the packages will stay available forever, but there's no reason you can't back up the working versions of all the 10.2 packages you want and call it a day.
While I understand what you are saying, you are choosing to live in a dynamic-software mode, which is probably not a good mode to live your life in if you don't like to pay for upgrades. I know people (in the CS field, not just Joe User) who almost never update anything, and they get along just fine. It's possible to live in a static software world if you are willing to make a few trade-offs. It's up to you to decide whether the money or the cutting edge of everything is most important to you.
Is it really completely virus-free? I find it hard to believe that there aren't any Mac viruses out there.
.Mac, I wouldn't even be running antivirus software on my G4 running OS X.
There are zero known OS X viruses in existence right now. A very few of the Office macro viruses could affect Macs as well as Windows machines, but for the most part a Mac with a virus-infected normal.dot file would just become a carrier and not see any negative effects itself.
There were a handful of "classic" Mac OS viruses around back in the late 80's, but few were malicious and most are extinct. In 12 years of using Macs, I have seen two of them, way back in 1991, and both were benign and easily removed by rebuilding the desktop file on the infected floppy. Until maybe 10 years ago, the leading Mac anti-virus software was a free product a guy maintained in his spare time. If I didn't get it free with
Anyhow, being more secure through obscurity is something that comes with any non-Windows platform. It's certainly an advantage, but it's difficult to say that this is somehow a failing of Windows.
Bullshit. No version of the Mac OS ever automatically executed code stuck in an e-mail message. When Apple came out with AppleScript about 10 years ago, it couldn't even read or write to files for security concerns. Now it's much more powerful and there's little you can't do with it, but the only malicious use of AppleScript we've ever seen was a trojan that had to be actively run by the recipient, and that was around 5 years ago. Outlook and Outlook Express could trigger some viruses just by clicking on the message and having it display in the preview pane. You still can't even effectively run as a non-admin user in Windows, because there are quite a few things that won't work that way. In Mac OS X, even running as admin you still have to authenticate before the system will let you do things like install software. Hell, the root account is disabled out of the box, and there aren't even any ports open by default. Apple has almost always gotten security right, and with OS X they're batting 1.000.
Microsoft spent years putting gee-whiz features ahead of security, and now they are reaping what they've sown. They're getting embarassed by critical exploit after critical exploit. They've drawn the ire of non-Windows-using internet users whose inboxes were crammed full of copies of SoBig and whose internet connections were slowed to a crawl or knocked out by Slammer. And they're trying to blame these things on their customers for not practicing safe computing, when it's Microsoft that is to blame for marketing a complex, high-maintenance system as a simple, low-maintenance one.
They expect people who can't be bothered to set the clocks on their VCRs to be proactive about watching for Windows updates, and then spend hours downloading tens of megabytes over a dialup connection. I just had to upgrade a client's machine from 98SE to XP. It took THREE HOURS and countless reboots to install the OS from CD and then download and apply all of the updates, and that was on DSL. Instead of just giving up and starting over with security at the foundation, Microsoft is attempting to bolt security onto their existing mess after the fact-- which is why they will continue to fail miserably at this "Trustworthy Computing" nonsense.
I'll bet any amount of money that no matter how many Macs you have in the world, even if the marketshare numbers are reversed, there will never be a Mac Slammer, a Mac Blaster, or a Mac ILOVEYOU.
~Philly
It's funny (strange) that Mr. Pogue makes such a big deal ("Now the big one:...") about the $130 upgrade price. I'm willing to bet that his copy of Panther didn't cost him even $0.01. He probably got a "review copy" or a "not for resale copy" or somesuch.
If you're the kind of guy who wants to get a lot of free stuff - books, gadgets, hardware, etc. - you can hardly do better than to become an author and reviewer. Write one or two books, and suddenly every other author in that field wants your name and a quote on the back of their book. I believe Dave Barry has written on this subject, and he's a lot funnier than I am, so I'll leave it to him.
Anyway, the upshot is that you should pretty much ignore anything that any hardware or software reviewer says about money, because they likely haven't spent any of theirs on hardware or software in quite a while.
One thing that is very, VERY good about Mac OS X is the excellent I18N of the system, which works right out of the box. I use Japanese, English and French on a daily basis and the new improved Japanese input method makes this task quite manageable. An excellent idea was also to make the terminal (which still mostly sucks, but still) but UTF-8 by default. Including vim was also a smart move but WHY OH WHY did they have to compile it without multibyte support? It then becomes useless on the terminal they provide... fortunately this is easy to fix yourself.
Brute forcing an actual crypto implementation, when the keyspace is limited by semantics and user constraints, is NOT very hard. The original point is valid: if most users are going to use easily-typed English words, that's the weak point of the system people are going to attack.
In that sense, for the overwhelming majority of Mac users, it wouldn't matter if the cryptosystem used DES, or even pkzip-encryption; a determined attacker is going to break the system with the password.
"Software should be free," is not a double-standard. It's an ideal.
When you hear people griping about spending tons of money on MS products, it's because they are overpriced, bloated, insecure hacks from a corporate megalith that hates innovation because it means they might miss the Next Big Thing. Like the music industry, they don't want surprise hits; they want engineered hits.
Apple, on the other hand, has a corporate philosophy that respest, even *loves*, the computer. I believe this is Wozniak's biggest legacy: the love of the computer. So when Apple makes a product, it is often well worth the admission price.
You are confusing two orthogonal issues: the ideal of free software, and the judgements of the current state of corporate, commercial software. Just because some of us hold the Free Software ideal does not mean we don't hold valid opinions about the commercial software industry.
I hope this helps clarify the issue.
Microsoft is to software what Budweiser is to beer.
If you checked his bibliography, you'll see that David Pogue has also written several books for Windows, such as The Missing Manual series for Windows XP and Windows Me.
Pogue might enjoy Macs, but he's hardly a Microsoft-bashing zealot.
--R.J.
Electric-Escape.net
My original post was actually intended for another, similar-sounding post that said it wasn't worth the money, I just clicked reply on the wrong one.
It does seem odd that apple can't (or won't) maintain some sort of backwards compatibility, even if only to a limited extent. That said, I imagine the value of the time saved in a year for an average worker using a Mac instead of a Windows machine is probably more than $130.
I don't own a mac personally - my OS comes with free upgrades every few hours (Gentoo).
The original point is valid: if most users are going to use easily-typed English words, that's the weak point of the system people are going to attack. [linebreak] In that sense, for the overwhelming majority of Mac users, it wouldn't matter if the cryptosystem used DES, or even pkzip-encryption; a determined attacker is going to break the system with the password.
Hmmm... This is a good point. However, I believe this is very easily corrected by Apple. Let's discuss this for a moment
The issue is "If users use one or more simple dictionairy words as a passphrase, their passphrases can be in recovered by a dictionairy brute-force attack."
First: A large percentage of those who actually need the protection offered by home-directory encryption already know about the dangers of dictionairy based passwords/passphrases (because of familiarity with security [remember, these are the ones that actually need it] ).
Second: Key generation from passphrases can be extremely secure, so long as dictionairy attacks (and the like) are not effective.
Third: This is the part Apple needs to do. When enabling encryption, Apple should bring up a new password generation/creation dialog that clearly explains to the user the dangers of dictionairy and short passwords. This dialog should do a check on any user-entered password and indicate dangers it sees. This is a simple thing, and if Apple hasn't already thought about this, there is a reasonable chance that they will (with some advice from it's userbase).
Conclusion: For a large class of users who actually needs this type of encryption, their need alone provides them with a level of security awareness that will help them choose passphrases that are immune to dictionairy attacks. The majority of the other class of users will never experience attacks, because no one would bother. For the small population of users who requires this type of security, but does not have the sophistication to know they need to be careful with passphrases, we need education and possibly a password wizard attached to encryption activation.
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
I know Windows pretty well. I work with it professionally and have an MCSE in Win2k (I'm not bragging, I swear). I wouldn't use it at home though. Product activation? Trustworthy computing? Please. And if that doesn't change your mind like a bolt of lightning, well I guess you're just a stupid head.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
It's not just the buttons. Looking at your screen shot, I mean this in the most constructive way possible:
Yes, I know the answers and I understand the limitations of the database, but this is exactly what people mean when they say Unix is cryptic. I'd like to see the left pane become a list of Applications, Libraries, and Servers, each grouped perhaps by categories like "audio", "games", "office", and so on. Provide a clickable link to the home page of each application, and perhaps the date of last update, or an indicator of its maturity.
I've been using Mac's since I was a wee lad and am calling Panther OS X 3 (oh-ess-ex three). Just makes things easier.
How many CRC-vulnerable SSH sessions have you broken into?
(crickets)
The point is not that the average Mac user should care about whether a determined attacker is going to break their file encryption. The point, which you'd see if you read the whole thread before commenting, is that it is valid to deconstruct the Apple marketing message here and see that it is based off a bogus assumption.
Regardless of the fact that I, like many Mac users (who include a surprising number of other computer security researchers), do care about how secure the native crypto capabilities are, the notion that you can quantify security by things like key length is a fallacy that knowledgeable people should combat.
> How many AES-128 encrypted files have you broken into?
>
> (crickets)
>
> Then shut the fuck up.
I can't believe people moderated this troll 'Insightful'.
> You fucking idiot. You're completely missing the > point! For the overwhelming majority of computer > users--not just Mac users--there are no
> determined attackers!
No you have missed the point. If a user's login password is short or a common dictionary word then their account and therefore their FileVault will be trivial to crack- like in seconds, not by the NSA with a super-computer, but by any script kiddie out there.
Apple's marketing spiel ignores the fact that the real keyspace is way less than 128 bits.
From Apples site:
AES gives you 3.4 x 1038 possible 128-bit keys. In comparison, the Digital Encryption Standard (DES) keys are a mere 56 bits long, which means there are approximately 7.2 x 1016 possible DES keys. Thus, there are on the order of 1021 times more possible AES 128-bit keys than DES 56-bit keys. Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key.
There may be lots of nice new features, but I ain't paying $130 for them, especially if they're labelled as a dot release.
Unlike Windows versioning scheme that went from 3.1 to 95 (+91.9) to 98 (+3) to 2000 (+1902, whoa!) to Me (NaN) to XP (NaN), Apple use 10.major upgrade.minor update naming scheme.
Besides, I always thought X (read: 10) is a playful pun on its Unix roots, like XWindows or X11, while at the same time it was a continuation from version 9.2. So, it will be a long time before Apple use XI. They still have 6 more upgrades before they have to decide whether it will be 10.10, 10.11, etc. or 11.0, 11.1, etc.
This response was e-mailed to David Pogue in reply to his New York Times article":
> "..that far more software is available for Windows (true; "only"
> 6,500 programs are available for Mac OS X).."
I'm afraid I'm going to have to take exception to the above statement. While it's true that there are more native Windows applications, I think that this is a misleading metric.
The Macintosh is by far the most compatible platform. It runs Classic applications, Mac OS X applications, BSD applications, Linux applications, and X11 applications. As surely you know, the Mac will even run Windows applications via Virtual PC.
This being the case, it's a reasonable conclusion that "far more software is available for Windows" is a false statement. I thank you kindly for an otherwise excellent article.
--- Fox