Amit Singh's Challenge: Find a Decade-Old Bug

← Back to Stories (view on slashdot.org)

Amit Singh's Challenge: Find a Decade-Old Bug

Posted by timothy on Wednesday April 13, 2005 @07:56AM from the older-than-the-os-that-hosts-it dept.

dreicodan writes "Well this has too many juicy Mac OS X nuggets in one bag! All details are on this page, but I'll summarise. Apparently Amit Singh discovered a 10+ year old serious bug in OS X. The bug started in Nextstep and is still in Panther (and apparently Tiger, too). Then Amit wrote a program to demo the bug, but also made the program capable of hiding what it does using some complicated Mach kernel voodo! He then threw a challenge open to OS X experts to figure out the bug. It turns out that a week and some 1000 downloads later, three brilliant hackers (Alexy Proskuryakov, Andrew Wellington, Graham Dennis) were able to solve the puzzle. Also looks like other than these guys, nobody got anywhere with the problem. Be ready for extremely gory details of how the program was written and how it was decoded. Its a thrilling read, and OS X hacking doesn't get any more hardcore than this! Hopefully Apple fixes this bug now at last."

83 comments

Min score:

Reason:

Sort:

Funny responses by aftk2 · 2005-04-13 08:00 · Score: 4, Funny

While the actual solutions submitted to Singh's challenge were interesting, some of the other responses are more entertaining:
"I think you must be hacking the main frame to crash the kernal. Whatever you're program is doing, its hot stuff!"

"While I haven't looked at your program, but have you checked permissions? I had my system crash at random times due to messed up permissions on my external drive."

"Could you at least of provided a simple Cocoa GUI for your program? Terminal app programs are not very popular with Mac people, you know."

"Who do you think you are for insulting people like this?"
That's some funny stuff.

http://www.kernelthread.com/mac/challenge/result/

--
concrete5: a cms made for marketing, but strong enough for geeks.
1. Re:Funny responses by MyDixieWrecked · 2005-04-13 09:34 · Score: 2, Interesting
  
  "Could you at least of provided a simple Cocoa GUI for your program? Terminal app programs are not very popular with Mac people, you know."
  
  that's the response I got when macupdate.com had automatically picked up one of my sf.net projects. I made an OSX installer package for my binaries and received many complaints about it in the "discuss this software" forum of macupdate...
  
  bastards.
  
  --
  
  ...spike
  Ewwwwww, coconut...
2. Re:Funny responses by Anonymous Coward · 2005-04-13 11:50 · Score: 0
  
  Hahahaha ...
  
  They sound like typical Mac user responses.
3. Re:Funny responses by Bastian · 2005-04-13 12:24 · Score: 2, Informative
  
  They sound like typical Mac user responses.
  
  You don't talk to many Windows users, do you? It's pretty much the same thing.
  
  I've also heard pretty similar things from people who say they use Linux, thoug admittedly not nearly as often.
4. Re:Funny responses by Anonymous Coward · 2005-04-13 12:41 · Score: 0
  
  Stop by http://www.funroll-loops.org/ sometime.
5. Re:Funny responses by Ilgaz · 2005-04-13 20:53 · Score: 1
  
  What they say is true, and if you continue this "open up a terminal lamer" attitude you won't have too much future in OS X or Win32.
  
  Its number 1 thing made me switch to OS X. I hated the attitude of opensource coders. I hated the win32 as well. Linux wasn't serving my needs. Call me lamer too. Whatever.
  
  I currently use Adium X, Growl, Quicksilver as opensource apps but their coders are totally aware of the community they serve by their own decision.
  
  I have no money problem and paid a lot to crap in my first OSX days that I won't name, so I try to donate whenever I can.
  
  No, you can't make a person paid 30, 40% more for usability, no geek bullshit approach, giving up thousands of games to type needless geek commands in OS X terminal.
  
  If you aren't happy with it, don't post your stuff to macupdate, versiontracker. That community pays $50/year for hassle free program updates. You may like them or not, its your choice. I am sure there are Pixar sys admins etc there since they simply can't have time to check updates for 1000 macs/pcs they own, are they lamer too?
6. Re:Funny responses by Ilgaz · 2005-04-13 20:56 · Score: 1
  
  I think opensource community, especially linux standards project should work on a "permission repair" utility rather than joking about the good willing people trying to help.
7. Re:Funny responses by MyDixieWrecked · 2005-04-14 01:29 · Score: 2
  
  Well, I wrote a program to serve a purpose to certain low-level hackers. It wasn't written for OSX, I just coded it and made sure it would compile on BSD, Darwin (OSX), Cygwin, Linux, etc. I also decided to make an OSX installer for the wannabe hackers who may have trouble with the standard ./configure && make && make install tricks.
  
  I worked on a GUI a little, but was having trouble keeping it uptodate with the commandline version, and it also required a complete rewrite to get certain functionality, which I never had the time for.
  
  And MacUpdate picked up the app automagically. I didn't submit anything. All I know is I was checking my website logs and noticed a lot of visitors coming from MacUpdate.
  
  I figured I'd post it to VersionTracker, too, since I used to check that pretty regularly for software updates, so why leave them people in the dark about it?
  
  --
  
  ...spike
  Ewwwwww, coconut...
8. Re:Funny responses by Ilgaz · 2005-04-14 01:45 · Score: 1
  
  In fact, I used versiontracker a long time, even on windows, there was a trial or something coming with something etc.
  
  If you be patient to trolls, I mean if they don't go beyond like "he stole my cc", its a good feedback tool. Oh, you can immediately make those accounts closed as you have developer account. Of course, with a valid reason :)
  
  mac.com gives it free I guess, so many mac people uses it.
  
  I missed the point you say "they picked auto". So, likely an editor from staff added it or a fan of your program submitted it as you did etc. Sorry for that.
  
  If you mark it "development" etc, I don't think it will impress lot of lamers.
  
  But.. The terminal on OS X . Really not very much used unless you are a coder, using grep etc. The OS X gui serves really good. May check opensource projects on versiontracker too, you will be surprised how many uses versiontracker.
9. Re:Funny responses by jonadab · 2005-04-14 11:50 · Score: 1
  
  > if you continue this "open up a terminal lamer" attitude you won't have
  > too much future in OS X or Win32
  
  The other poster was perhaps not clear enough. I will try to explain this clearly so that you can understand it: some programs can never be useful to people who don't want to open up a terminal, just because of the inherently very technical nature of what the programs do. panpipes is exactly the sort of program that such a person would never be interested in using. All it does is make the computer crash. That's all it does. It doesn't do anything else. Furthermore, the whole point of writing it was so that people could analyze it and try to figure out how it does that, in terms of the technical under-the-hood things, the nuts and bolts of what it does to make the computer crash.
  
  Suggesting that a program like that needs a GUI, just because end users don't like to open up terminals, is completely missing the point. This program does not do anything an end user would want to do. Ever. Under any circumstances. Making a GUI for it would be utterly and completely worthless, a total waste of time. People who analyze code that causes kernel panics are *NOT* the sort of people who need a GUI for everything and don't want to open a terminal. For crying out loud, they had to use gdb to analyze the thing -- gdb is really hardcore technical stuff, *way* beyond not having a GUI. Even most people who use the terminal on an hourly bases are not experienced using gdb (or any other lowlevel debugger like that). There is absolutely no way on earth that anyone who doesn't want to open up a terminal window and thinks all applications should have a GUI would have *any* interest *whatsoever* in participating in this sort of contest. If they thought they were interested, it is obviously because they saw the word "contest" and didn't read the explanation of what kind of contest it was, what it was actually about, or what they had to do to participate. If they had, they would NOT have been interested.
  
  As for the other part of your post, suggesting that the other poster will somehow not have a future, just because he writes programs that are technical in nature ... that does not even deserve a response. I suppose the people who design microchips are doomed to extinction by next week, because regular people are not interested in examining their work.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
10. Re:Funny responses by Morlark · 2005-04-15 03:57 · Score: 1
  
  Well, I have to say it's relieving to see that stupidity isn't exclusive to Windows users.
  
  --
  Santa's suicide mission go!
11. Re:Funny responses by mkiwi · 2005-04-15 16:17 · Score: 1
  
  No, windows users are worse. Ask a windows user anything about a kernel and they'll say "whoosa jigga wha?"
10 years? by KingBahamut · 2005-04-13 08:03 · Score: 4, Funny

Thats a long time, almost meets M$ standards.

--
"God of Rock, thank you for this chance to kick ass. "
1. Re:10 years? by Anonymous Coward · 2005-04-13 08:17 · Score: 2, Insightful
  
  Would you care to submit an example of a similar or worse M$ (note clever use of $) bug that they couldn't find or fix for 10 years?
  
  Why is it that M$ (dollar sign, LOL!) gets brought up every time Linux or Apple fucks up big time, when it's not related and usually worse than any similar issues that M$ (clever!) has ever had, let alone left unfixed?
2. Re:10 years? by gantzm · 2005-04-13 08:58 · Score: 2, Interesting
  
  Would you care to submit an example of a similar or worse M$ (note clever use of $) bug that they couldn't find or fix for 10 years?
  
  Does c:\con\con count?
  
  --
  
  Excessive forking causes un-wanted children.
3. Re:10 years? by KingBahamut · 2005-04-13 09:13 · Score: 3, Insightful
  
  I believe that, and a few others might qualify. Win32 API Shatter Attack, have they fixed that yet? Will they?
  
  I think I remember hearing that unless M$ restructures the Sec model, there really isnt a way for them to stop it from happening.
  
  and why do I use M$, well, because Bill Gates exemplified Greed to me. The Largest software developer in the world, Oracle not far behind, M$ exudes Greed, Avarice, and Exclusionism (w?). And that dear friends comes from a 30 developer , not a 13yo, like so many critics of Slashdot seem to think.
  
  --
  "God of Rock, thank you for this chance to kick ass. "
4. Re:10 years? by jweatherley · 2005-04-13 19:12 · Score: 2, Informative
  
  similar or worse M$ (note clever use of $) bug that they couldn't find or fix for 10 years?
  
  This one was in the NT based OSes for a long time:
  for(;;) printf("\t\t\b\b\b\b");
  
  --
  
  --
  Reverse outsourcing: it's the future
5. Re:10 years? by drsmithy · 2005-04-15 00:13 · Score: 1
  
  I believe that, and a few others might qualify. Win32 API Shatter Attack, have they fixed that yet? Will they?
  I imagine Microsoft (justifiably, IMHO) consider that to be a software developer's problem. Programs are only vulnerable if the developer writes them to be.
That Voodoo is evil by holymoo · 2005-04-13 08:03 · Score: 1

I onced used voodoo on someone. I ended up writing a program by accident. Go Figure...
1. Re:That Voodoo is evil by Nasarius · 2005-04-13 14:04 · Score: 1
  
  Ah, of course. The ancient art of voodoo chicken coding.
  
  --
  LOAD "SIG",8,1
What's impressive by fm6 · 2005-04-13 08:03 · Score: 3, Insightful

It is impressive that these uber-hackers could figure out why the kernel was panicking. It is not impressive that NextStep and Apple have known about this panic bug for 10 years but haven't been able to fix it!
1. Re:What's impressive by b-baggins · 2005-04-13 08:14 · Score: 3, Insightful
  
  More likely it wasn't serious enough to warrant the time to fix it.
  
  --
  You can tell a great deal about the character of a man by observing those who hate him.
2. Re:What's impressive by presidentbeef · 2005-04-13 08:21 · Score: 5, Interesting
  
  More likely it wasn't serious enough to warrant the time to fix it.
  
  I agree. Either they didn't know it was there, or they didn't think it was important enough to fix right away.
  But that's different from them not knowing how to fix something, which I'm sure they do.
  
  --
  Everything I need to know about copyrights I learned from Slashdot.
3. Re:What's impressive by Have+Blue · 2005-04-13 09:24 · Score: 5, Informative
  
  I don't see anything in TFA to indicate that Apple knew about this bug before now- he just mentions that the bug has been present with no explanation as to how this was determined. Singh even spends a good bit of text explaining how the bug is triggered by ultra-low-level routines that are not normally used by anything above the BSD layer, so I'd say there's a good chance it has never even been encountered by anyone before, if OS X's own process creation code is sufficiently solid as to never generate the inconsistency panpipes does.
4. Re:What's impressive by HiredMan · 2005-04-13 09:38 · Score: 2, Informative
  
  It is not impressive that NextStep and Apple have known about this panic bug for 10 years but haven't been able to fix it!
  
  Is it clear from his write up that NextStep/Apple has known about this bug? It sounds to me like he uncovered a long standing bug but I didn't see anywhere that he says Apple knows about it. He simply says this bug has 'existed for 10 years' not that he told Steve Jobs about it 10 years ago.
  
  =tkk
  
  --
  Bill Gates - Creationist?!?
5. Re:What's impressive by fm6 · 2005-04-13 09:39 · Score: 1
  
  How is a kernel panic not serious? Except on Windows, of course, where you want to force regular reboots.
6. Re:What's impressive by falcon5768 · 2005-04-13 10:04 · Score: 2, Insightful
  
  yeah from the look of it he found the bud then traced it back OS by OS till he figured out NeXT had the bug as well. It doesnt seem that Apple or even NeXT knew about the bug ever.
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
7. Re:What's impressive by WatertonMan · 2005-04-13 10:28 · Score: 1
  
  he just mentions that the bug has been present with no explanation as to how this was determined.
  
  If you look closely, he wrote code for the bug on NeXTStep 3.3 and presumably ran it on an old box he had.
8. Re:What's impressive by SteeldrivingJon · 2005-04-13 11:10 · Score: 3, Insightful
  
  "How is a kernel panic not serious? "
  
  If you never, ever encounter it, it's not serious.
  
  You could probably cause a kernel panic by driving an iron spike through the boot drive during some critical OS-level operation.
  
  But it'd be daft to write iron-spike-handling code, to prevent a kernel panic in that rare situation.
  
  --
  September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
9. Re:What's impressive by fm6 · 2005-04-13 11:35 · Score: 1
  
  The point of your weird example seems to be that programmers can't anticipate every contingency. Well, they certainly can't anticipate iron spikes (or do anything about them in any case). They can anticipate the possibility that an application will make a perfectly ordinary set of system calls.
10. Re:What's impressive by Bastian · 2005-04-13 13:03 · Score: 4, Interesting
  
  Given that the bug wouldn't be too hard to fix, and is a serious bug, I doubt that that is the case. On the contrary, while it is a bit annoying that this sort of oversight in the kernel design does exist, I think it speaks well for NeXT and Apple that they have not discovered it in all this time.
  
  NEXTSTEP/OS X has an incredibly layered architecture, and those layers are quite well-stratified. That stratification is a great design asset - it makes it a lot easier to keep the whole mess organized, and reduces the number of boundary conditions where bugs (such as this kernel bug :-) can pop up. Now, the fact that OS X has a sort of Mach/BSD - Jekyll/Hyde sort of thing going on in the kernel means that you should expect it to be very tempting for many developers to haphazardly make system calls as they see fit. But if that had been the way development worked at NeXT, you can bet your pants that this bug would have been discovered at least a decade ago. (Mr. Singh doesn't say exactly how far this thing goes back, but I'm going to guess it has been in NEXTSTEP the entire time - about two decades.)
  
  -BUT-, the bug is still there. While I normally hate old bugs as much as anyone, especially ones that cause kernel panics, in this case I am sincerely and profundly impressed at the amount of discipline that must have been present in the development culture at NeXT. (We'll see about Apple - on the inside, Classic MacOS became quite possibly the most tangled kludge of an operating system ever produced in its last few incarnations, and I do get the impression that Apple is starting to take OS X down that path, too.)
11. Re:What's impressive by SteeldrivingJon · 2005-04-13 13:58 · Score: 2, Insightful
  
  If it was perfectly ordinary, it would have been discovered long ago.
  
  If it's gone 10 years without being discovered, if Bank of America's NeXTSTEP trading systems never broke because of it in all the years they've been in use, then it's not a significant bug.
  
  --
  September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
12. Re:What's impressive by Bastian · 2005-04-13 16:22 · Score: 1
  
  How can this not be serious enough to warrant the time to fix it?
  
  This is the software equivalent of the F00F bug - an incredibly simple and perfectly reliable way to make a system crash - hard - that doesn't require any special privileges or anything, just the ability to execute software, which every user has.
13. Re:What's impressive by superpulpsicle · 2005-04-13 17:02 · Score: 3, Interesting
  
  This was this myth I heard from someone at MIT, no I didn't go there....
  
  There was an old terminal machine from the 70s that had a weird bug of permanently hiding processes far beneath "ps" so no admin could ever see it. When the machine was decommissioned in the 90s, the shutdown revealed some student's print-paper-lpr process that got lost for 20 years.
14. Re:What's impressive by tsnorri · 2005-04-13 22:20 · Score: 1
  
  on the inside, Classic MacOS became quite possibly the most tangled kludge of an operating system ever produced in its last few incarnations, and I do get the impression that Apple is starting to take OS X down that path, too.
  
  What makes you say that? Mac OS 9 seemed kludgy even for the user, but what suggests that Apple would develop OS X in a less disciplined manner than NeXT did?
15. Re:What's impressive by Anonymous Coward · 2005-04-14 03:38 · Score: 0
  
  The fact that a big bank uses NS for its trading system may sound impressive, but it doesn't actually say very much. They are likely only using it for a few specialized applications. It's probably pretty high volume, but there is not a lot of variation in the actual code that's running or the system calls that are used.
16. Re:What's impressive by circusboy · 2005-04-15 02:57 · Score: 1
  
  I managed something like that in college, while setting up a Wavefront render (2.0 for people who like to date things)
  
  I don't actually remember what I did to make it work, but I had a render running in the background after logging out that no one noticed for three weeks. Some people noticed that the system was running a little slowly, but I could never find any indication that the process was running at all. (Except for the fact that every hour or so a new file would appear in the frames directory.)
  
  --
  -- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
17. Re:What's impressive by tmasssey · 2005-04-15 05:13 · Score: 1
  
  Better question: What makes you think that they'll develop OS X in a *more* disciplined manner than OS9?
  
  --
  Linux IT Consulting and Domino Development in Michigan
18. Re:What's impressive by Anonymous Coward · 2005-04-15 19:58 · Score: 0
  
  he didn't write how the bug was found? reminds me of Srinivas Ramanujan..
19. Re:What's impressive by idiotnot · 2005-04-16 12:01 · Score: 1
  
  I am going to try this code on my NeXT machine in the next couple of days to see if I can get it to work (use a Mac running OSX for most things, surprise, surprise).
  
  My hypothesis is that you probably wouldn't actually get a kernel panic on the NeXT...only a crashed BSD layer (which would have pretty much the same effect, except the machine might still respond to ping).
20. Re:What's impressive by Anonymous Coward · 2005-04-16 14:12 · Score: 0
  
  I'm not sure what you mean by "BSD layer". NeXTStep and Mac OS X both have Mach/BSD etc. in the same address space ... *IN THE KERNEL* ... so this is a null pointer in the kernel doesn't matter which part of the code. There is no separate BSD layer (you're not thinking microkernel now, are you?) What's more ... how will the machine respond to ping? Where do you think the TCPIP stack lives if not in BSD code?
Reasons by Tordek · 2005-04-13 08:04 · Score: 0, Troll

Well, you know, those bugs stay for that long for only one reason: Copypasting
So there, OS X hackers, Stop the lazyness...

--
Tordek, Dwarven Warrior - Juegos de Rol en Argentina
1. Re:Reasons by Anonymous Coward · 2005-04-13 11:04 · Score: 0
  
  Copypasting
  Don't you mean "drag-and-drop."
To be honest by A+beautiful+mind · 2005-04-13 08:06 · Score: 0, Troll

This adds up to the toy image _some_ claim the Macs have. Why would someone play around with a serious security bug there for 10 years? Well, a mitigating fact is that it was there for 10 years, but still it's bad to delay a fix because of a game.

On the other hand, Microsoft plays this game 24/7, with acknowledging vulnerabilities later.

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
1. Re:To be honest by xenocide2 · 2005-04-13 08:29 · Score: 3, Insightful
  
  Its not like there is any software immune to ancient bugs. Debian had an outstanding bug in apt-get that was recently fixed. Apparently, for seven years there was a lurking 'ignore random files while removing a package' bug in their linked list program. Of course, it wasn't random at all, it simply skipped every other node in the linked list under certain conditions (such as having a list with more than one item).
  
  I don't think the person behind the challenge meant to imply that macs are toys. Only that very few people outside of Apple know much about the inner workings of their beast named OS X. As far as exploits go, a kernel panic is one of the safest out there. No way of intentionally damaging specific files, no remote execution of code. Of course, as one of the many people who doesn't know much about OSX internals, I suppose its possible that the vulnerability could lead to such things. I just don't know, and given that your name wasn't on the list, I surmise you don't either.
  
  --
  I Browse at +4 Flamebait
  Open Source Sysadmin
2. Re:To be honest by Anonymous Coward · 2005-04-13 11:43 · Score: 0
  
  It is a variable = *(NULL); Sorry. No way to make this any more than a crash.
3. Re:To be honest by Bastian · 2005-04-13 16:38 · Score: 1
  
  The bug is a way to cause the kernel to create a process whose bsd_info pointer is null, and then cause the kernel to dereference that pointer. There shouldn't be any way to change bsd_info, so there's really no way to use this to cause anything but a kernel panic. (And even if there were, it would be a completely separate issue that happens to involve the same data structure.)
4. Re:To be honest by guet · 2005-04-13 21:06 · Score: 3, Insightful
  
  This adds up to the toy image _some_ claim the Macs have. Why would someone play around with a serious security bug there for 10 years? Well, a mitigating fact is that it was there for 10 years, but still it's bad to delay a fix because of a game.
  
  Well, apart from the attempt to disclaim responsibility for a statement whilst still presenting it as credible (the '_some_ claim' statement), there's the gratuitous insult aimed at provoking others - 'toy'.
  
  Why bother claiming Macs are toys in a story about an obscure bug? What does a toy mean to you? Ironically one of the most persistent criticisms of Macs is that current games don't play well on them, so they are in fact not very good toys.
5. Re:To be honest by A+beautiful+mind · 2005-04-14 00:42 · Score: 1
  
  Hehe. Look. If you look at my comment history, or ask a subscriber, you can see that i never intended to troll.
  
  Well, apart from the attempt to disclaim responsibility for a statement whilst still presenting it as credible (the '_some_ claim' statement), there's the gratuitous insult aimed at provoking others - 'toy'.
  
  Obviously i inserted the '_some_ claim' because i'm not one of them. I was talking about an image, which can be roughly translated as a perception of the mass. I know far more than the mass about Apple, and it's products for me to claim that Macs are toys. I was stating a fact, that some people have that perception about the Mac that it's more of a toy than a real computer. I actually disagree with them, but do you think this latest competition would help convince someone tech-savvy but not familiar with Macs that Apple takes the issue of security seriously? That's what i ment when i said 'this adds up to the toy image'.
  
  If you disagree with someone, reply, as someone did to my original post, but don't moderate me troll just because you don't understand or you don't agree with my opinion.
  
  --
  It takes a man to suffer ignorance and smile
  Be yourself no matter what they say
6. Re:To be honest by Anonymous Coward · 2005-04-14 18:08 · Score: 0
  
  Why would someone play around with a serious security bug there for 10 years?
  So where did you read that it is a serious security bug? Do you have a linky for this authoritative assertion? Or did you glean this info by sniffing your dump? Do you even know what a kernel is, much less how to induce it to panic and call 911? Do you still wonder why your post is seen as a troll? Why do I sound like Rummy at a press conference?
A reason why there weren't 1000 submissions by Anonymous Coward · 2005-04-13 08:10 · Score: 5, Insightful

I think one of the reasons why only a few people submitted their analysis was because of how the contest was structured.

Singh said he was going to give the prize to the first person with a correct submission. Not the best submission, nor the most complete submission, or the most creative submission.

So I think people just gave up after the first couple of submissions were posted. He shouldn't have displayed the number of submissions that had been received.

Also, this challenge didn't hit Slashdot until after it was finished. I know I didnt' hear about it until after the first two submissions were submitted.

It was fun to track down though.
1. Re:A reason why there weren't 1000 submissions by aftk2 · 2005-04-13 10:25 · Score: 4, Informative
  
  *sigh*
  
  aftk2's recent submissions:
  The Mac OS X Expert Challenge
  Thu Apr 07, '05 01:22 PM
  Rejected
  
  Not for lack of trying, unfortunately.
  
  --
  concrete5: a cms made for marketing, but strong enough for geeks.
2. Re:A reason why there weren't 1000 submissions by Anonymous Coward · 2005-04-13 10:52 · Score: 2, Interesting
  
  Yup, I submitted it too ... twice. Once on the day this was announced, and another a couple days later when a fixed deadline was announced. Challenge still had 5 days to go. Rejected both times. I think OS X people don't want to hurt their heads thinking about bugs and hacking and system level things :)
3. Re:A reason why there weren't 1000 submissions by h0tblack · 2005-04-13 15:37 · Score: 1
  
  Ah sweet irony. A story about about 'OS X people' - whomever they are - hacking the OS, having a troll about 'OS X people' - whomever they are - not wanting hack the OS ;)
  Seriously though, it says a lot about the OS that people like Amit are abusing it and that people on /. consider abuse of the OS newsworthy. More than anything it's reached the position that submissions to /. about such fun can be ignored... now that's what i call going mainstream!
4. Re:A reason why there weren't 1000 submissions by theolein · 2005-04-14 18:10 · Score: 1
  
  I doubt that is the problem, since it's entirely up to the editors on slashdot as to which article gets accepted and which doesn't. Still, I've seen quite a few editors show incredible stupidity about articles in general (preferring politics, posting duplicates other general errors) so this one getting rejected doesn't say much about OSX users, but a lot about slashdot editors.
How zen by daeley · 2005-04-13 08:14 · Score: 4, Funny

If a bug fails in an OS, and no one finds it, does it make a sound?

--
I watched C-beams glitter in the dark near the Tannhauser gate.
1. Re:How zen by Tordek · 2005-04-13 08:47 · Score: 3, Funny
  
  What is the sound of one kernel panicking?
  A lot of cursing, that is.
  
  --
  Tordek, Dwarven Warrior - Juegos de Rol en Argentina
2. Re:How zen by Golias · 2005-04-13 17:43 · Score: 2, Funny
  
  A Mac owner wakes up from a nightmare in which he encountered a BSOD, and wonders to himself... Is he a Mac user who had a nightmare about Windows XP, or is he a PC user, now asleep and dreaming that he uses OS X?
  
  --
  Information wants to be anthropomorphized.
NeXTSTEP had lots of bugs by klui · 2005-04-13 08:24 · Score: 4, Interesting

NS had a lot of old bugs due to its use of 4.2BSD. People would report it but hardly any would get fixed/patched/updated. So I would not be surprised if some of these bugs were not purged by OS X's use of a more up-to-date version of BSD and its subsequent kernel reorg.
Its not a bug ... by u2pa · 2005-04-13 08:30 · Score: 0

... its a feature

--
Officially: "No comments"
Let's all hope by amichalo · 2005-04-13 08:55 · Score: 4, Funny

Hopefully Apple fixes this bug now at last.

Man, What with blowing away their 2Q'05 earnings projections, I hope the first thing Apple does is address this bug that no one has paid any attention to in 10 years. That will make me as a Apple user and share holder happier than if they continue this "innovation" fad.

--
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
1. Re:Let's all hope by Bastian · 2005-04-13 13:07 · Score: 1
  
  Heh, given the way Microsoft has been all along and the way some bits of J-Random-Free-OSnix (like the desktop environments) are going, I'd say that the truly innovative is is steady refinement over obsessive feature-chasing.
Apparently writing Mach kernel voodo is more fun by Anonymous Coward · 2005-04-13 09:32 · Score: 0

than just fixing the bug.
no...it really isn't there by Anonymous Coward · 2005-04-13 09:52 · Score: 0

parent is right...
maybe the apple link is just broken, but where is X??
Nice Tie-In by Lars+T. · 2005-04-13 10:40 · Score: 3, Interesting

with the Russians Claim Their Hackers the Best In the World Article - Winner is a Russian ;-)

--
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
1. Re:Nice Tie-In by Anonymous Coward · 2005-04-13 15:20 · Score: 1, Interesting
  
  Yup. And the problem was formulated (and bug discovered) by a hacker from India.
exploits for dummies by epine · 2005-04-13 15:42 · Score: 4, Insightful

The flaw used by panpipes has existed unnoticed for over a decade. If attackers were indeed actively looking for flaws all along, did they miss this one? If nobody was ever looking for any flaws, could there be more exploitable flaws lurking?

The rest of the article is good fun, but this passage is a brain fart. There are millions of lines of source code in any modern operating system. Exploits don't sprout overnight like mana from heaven. The most useful skill for divining exploits is to notice the existence of edge cases in how various subsystems interact with one another. There is also the important case where "chance favors the prepared mind". This is where something funny happens as a result of an honest mistake, then the "prepared mind" notices (and pursues) the chance event's darker implications.

Serious bugs that lurk for decades are hardly unknown. The ASN.1 bug springs to mind. It's hard to image a bug more widely deployed that escaped detection for such a long time. The question here is why, for such a long time, this simple flaw evaded interactions with dark energy. It's for precisely the same reason that experts rarely make the best testers. There are certain kinds of elementary programming mistakes that the "prepared mind" will habitually avoid. This distribution has a slim tail. If the minions of evil fail to stumble into any telltale clues after five years, chances are good it will remain hidden for a long time yet.

This is in fact the same mistake that Kurweil makes in predicting the imminent singularity: that intellectual power is a fully ordered function, based on the premise that a really smart person can achieve any interesting result that any person much less smart can achieve. To put this in perspective, consider the recently discovered AKS primality test. This is what AKS achieved by some clever tricks using concepts of undergraduate algebra and a 15-year old theorem.

http://www.flonnet.com/fl1917/19171290.htm

Undergraduate concepts in algebra exploited to achieve mathematical immortality. That ought to frame a tiny, unnoticed flaw in OS/X.
1. Re:exploits for dummies by SteeldrivingJon · 2005-04-13 17:44 · Score: 4, Interesting
  
  "There are millions of lines of source code in any modern operating system. Exploits don't sprout overnight like mana from heaven. The most useful skill for divining exploits is to notice the existence of edge cases in how various subsystems interact with one another."
  
  Indeed. I think the problem is not that nobody was looking for flaws, but that they were looking in the parts they're familiar with. They'd be looking in the BSD-oriented parts, or the upper levels of the OS.
  
  They probably wouldn't be looking in the Mach parts of the OS, where this bug appears. I doubt many people have spent the time to learn enough about Mach to think of potential exploits.
  
  --
  September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
2. Re:exploits for dummies by earthbound+kid · 2005-04-13 20:33 · Score: 1
  
  It's a shame the mods haven't noticed this post. It's a good one.
Dr. Norton, are you paying attention? by Anonymous Coward · 2005-04-13 19:32 · Score: 4, Interesting

Companies who sell anti-viral software are conspicuous by their absence from the list "Net-demography of those interested".
People in Capital One, Compound Therapeutics, Fossil, Goldman Sachs, IKEA, and SAAB were interested enough to download this, but no one from the Semantecs/Sophos/Secunas of this world found it worth their while to check it out??!!
I would certainly hope that they are paying attention to the use of dynamic code modification, code obfuscation, and red herrings. While these techniques are not new, none of the (Windows) malware seen so far were designed to be even half as proficient in these matters as panpipes. Further, Amit has stated that he could have made panpipes even more difficult to debug (but didn't).
Kudos to Amit for this highly educational exercise! He certainly seems to know his way about the innards of OS X (not to mention all the other OSes he runs on his 17"PB via VPC.)
(I bet he has some interesting insights about the evolution and workings of OSes from MS (he is running ALL the flavors of DOS and Windows that I know of.)
1. Re:Dr. Norton, are you paying attention? by BandwidthHog · 2005-04-16 04:07 · Score: 1
  
  Either that or they had enough sense not to hit it from within the company's network.
  
  --
  
  Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
If there's one person Apple should hire by theolein · 2005-04-13 22:44 · Score: 4, Insightful

Apple should hire, even if they never hire another person for their OSX team, Amit Singh. It is truly rare that someone as gifted as this appears on the scene and then even has a passion for the intricacies of a kernel that does not garner much attention in the OSS scene.

Given that all the immense amount of detail that Amit has given on OSX as shown on kernelthread and in his upcoming book has been done in his spare time, could you imagine what he could achieve if this was his job. Granted, I'm no HR person, but I would think that Apple should be chafing at the bit to get him on board. I know that if it was up to me, I would offer him an almost blank cheque to write his own salary on.

He is the person who could get OSX into the enterprise.

Of course, if he did work for Apple, then his website would surely suffer, what with NDAs and such. Perhaps it's better that he doesn't work at Apple.
1. Re:If there's one person Apple should hire by loudgazelle · 2005-04-14 02:20 · Score: 3, Insightful
  
  i've been thinking the same exact thing since I started reading his articles.
  Not only is he a brilliant computer scientest who knows his shit in-and-out, but he's a very gifted writer with an uncanny ability to write articles targeted at manny different levels of ability. He also does a great job of staying out of the OS flame war by always looking at OS's from an objective point of view.
  As far as I can tell by looking at the dates on his resume, he's only in his late-twenties or early-thirties, which makes his level of expertise even more impressive.
  
  I'm almost willing to bet that apple has contacted him but he turned down the offer- he has a research position with IBM, and you can tell from his writing that research is where his passion is. If I were him, there wouldn't be a whole lot that could drag me away from that job.
2. Re:If there's one person Apple should hire by cosmo7 · 2005-04-14 02:24 · Score: 0, Flamebait
  
  Thanks, Mrs Singh.
3. Re:If there's one person Apple should hire by suitepotato · 2005-04-14 07:57 · Score: 2, Insightful
  
  Seconded. His website was a dizzying assault on my sense of being in IT and like standing under a clear moonless starry night, it made me feel real small for a moment. I am in awe. Bookmarked.
  
  --
  If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
The problem is it's nonsense by Anonymous Coward · 2005-04-14 02:57 · Score: 0

As far as I can tell, your post suggests that apple deliberately left a bug in Next for ten years for the purpose of running this contest.

That's just silly. Apple didn't even own next back then. Next made this bug. They never noticed it to fix it. Amit Singh noticed it and, seeing that it was still there after ten years, thought it would be fun to make a contest around it. He doesn't work for apple.

You seem to be confused about every aspect of this story. Please read the article again.
A system call not checking input values ?? by javaxman · 2005-04-14 07:59 · Score: 2, Interesting

From a quick read of the analysis, it comes down to a system call not checking it's input values for illegal input, right ?
If that's the only example like that which can cause a kernel panic, I'd be impressed. Especially in kernel-level I/O areas where performance is key, it's even possible that such a check is left out on purpose, and data integrity is meant to be the job of some higher-level or intermediary calling function which is ( nearly ) always used.
Of course, I avoid programming on such a low level if possible, so I could be wrong. But it is likely there's a reason why fixing this isn't terribly important, and why my OS X machine *never* reboots unless I've done some system software update.