Slashdot Mirror
How Encrypted Binaries Work In Mac OS X
An anonymous reader writes "By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow. Amit Singh explains the implementation of this protection scheme which makes use of the AES crypto algorithm and a special memory pager in Mach. The so called Do Not Steal Mac OS X (DSMOS) kernel extension helps along the way by decrypting things for the special pager when apps get executed. A funny thing is that if you print the pointer at address 0xFFFF1600 in your own app you get as output Apple's karma poem for crackers! According to the article there are 8 protected binaries in OSX including Rosetta and Spotlight meta data demon. Interestingly Apple's window server is NOT one of those."
This is not the first "Do not steal Mac OS" they've done, although the first version never really got tested in action.
n tosh&story=Stolen_From_Apple.txt&sortOrder=Sort%20 by%20Date&detail=medium&search=stolen
:D
http://www.folklore.org/StoryView.py?project=Maci
History repeating!
"Good news, everyone!"
WM's are huge apps and decrypting one before every startup would add a lot of work that has to be done at boot. According to the article, "the SystemUIServer binary within SystemUIServer.app", is encrypted and that is presumably a larege component of the WM. Also, it's virtually useless without the the dock and finder anyway.
"Mac OS" doesn't rhyme with "uncool."
Disregarding the content of your comment, you're still confusing encryption with obfuscation.
What you see here is obfuscation.
So what? OSX is based on BSD and does not need GPL compliance.
The article explains in detail what is encrypted, how it is encrypted, and where it is decrypted.
However, what is unclear to me is: how does this protect against copying the OS?
Presumably, the AES key to decrypt the binaries is stored somewhere or computed somehow.
Why does this work on original hardware and not on some PC clone?
Is the AES key stored in some secure storage inside an original Apple?
The problem with signed binaries is that you either have a list of binaries that are signed, that is hardcoded into the kernel to check (BAD), or all binaries have to be signed (BAD). The only workable alternative is have a list of files and have that file signed.
What MacOS X does, is try to start the application. If it's encrypted, it's decrypted as part of the load process into memory. If not, well, it's not. I'm certain you can replace OS X's encrypted binaries with unencrypted ones of equivalent functionality - it just won't go through the same code path since it doesn't need decryption. This way, during development, the software isn't signed and it's trivial to get working (rather than having to constantly resign it as part of the build process). Once finalized, it's encrypted, and unless the kernel has a bug, it should work the as if it was unencrypted.
Anyhow, when has DRM really stopped anyone determined to break it? Those who are going through the effort to break this are either doing it for fun, or aren't buying a Mac. I can think of one way to grab the decrypted code right out of memory... (requires external hardware). I'm sure someone else creative can figure it out. There are probably another dozen ways to do it without needing external hardware as well.
... is that, since Apple figures anyone running Mac OS X is running it on Apple hardware, there is no product activation, serial number or anything like that for Mac OS X.
It's commercial retail software with no copy protection whatsoever.
Even though the source is not available, binaries can be reverse-engineered
Just wondering. How easy is it to reverse-engineer a massive closed-source piece of software (like, say, MS Windows)?
Such a reverse-engineering job would be of obvious commercial interest (especially to parties who work in countries with lax regulatory regimes), so there is an obvious incentive to do it.
However, my "armchair" estimation is that it is nearly impossible, since there exist parts of the world with large numbers of skilled computer scientists, and lax copyright laws. But so far there is no evidence that anyone has reverse-engineered Windows, or anything similar, on a large scale (e.g., I am not aware of any Russian web sites where you can download source of closed programs).
However, I am not a software engineer. Are there any experts out there who can enlighten me? I'm rather curious.
Toronto-area transit rider? Rate your ride.
And honestly,unless your Mac is pretty old the Dock is hardly that massive of a resource hog.
How, exactly, does this enhance the Apple user-experience?
"locate" in an xterm works much better. At least removing spotlight entirely was possible.
Does "locate" also search through the contents of text files? PDFs? Meta information on images? All of my stored e-mails?
It doesn't really matter what they protect, they are simply trying to make copying OS X wholesale more cumbersome. Functionally, there is nothing in OS X that would be worth disassembling for anybody: there are already open source implementations of Spotlight, Finder, SystemUIServer, Doc, and all the other stuff, and arguably, the open source versions are technically better. The thing that makes Macs shine and sell is the packaging and integration, not the technology.
Actually they're up to about 6% marketshare in the USA, and I think about 8% in the EU. And as for relevance, Apple, like Google are figureheads. When Apple do something, the rest of the market take notice. Like Widgets in OS X 10.4.....after Apple released this, Microsoft weighed in with 'Gadgets' (Yes, I know widgets come from Konfabulator, but Apple made them famous, and after Apple did so, Yahoo! bought Konfabulator, something that wouldn't have happened without Apple copying it in Tiger). So what Apple do is important because you tend to find 6 months after Apple do something, everyone else does too. I wouldn't be at all surprised if Microsoft use the encrypted binary idea in Vista SP1 or whatever comes after Vista (too late to put in Vista). I also wouldn't be at all surprised if Microsoft totally screw it up.
The truth shall always be free: Boris Floricic is Tron.
By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow.
Actually, I *didn't* know that. I'm not going to "steal" the OS, why is Apple hiding parts of it from me? What else is hiding in there?
Apple seems to be very slowly turning evil again. *sigh*
"Freedom is when you don't have to do nothing or pay for nothing,
I want to be free!" - Frank Zappa, "Teenage Wind"
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I think a patent was just filed for this kind of technology.
The parent was referring to the FSF's definition of "free software", not the GPL. And while the GPL's requirements are based on this definition, the definition itself has nothing to do with the GPL.
If the eyes can see it, it can be copied. If the ears can hear it, it can be copied. If your mind can imagine it, it can be made. All it takes is time.
Thank you JaS.
http://www.kore-net.com/office/1.png
When government fears the people, there is liberty. When the people fear the government, there is tyranny. - Jefferson
I know... I shouldn't feed trolls.... Maybe I should have taken offense at the insinuation that all GNU freaks have beards (including the women) instead....
The so called Do Not Steal Mac OS X (DSMOS) kernel extension...
DSMOS - Do Steal Mac OS?
Basilisk Digital
I'm running 10.2.8 - quite old. Printing 0xFFFF1600 as a string with printf causes a seg. fault on my box.
Everyone, including Apple, knows that no copy/license protection system is foolproof. The best you can ask for is something that's difficult enough to break that it effectively deters the mainstream "casual pirate" - remember, even bank vaults are rated on how long it would take a skilled safecracker to open the lock, and never guaranteed to be impenetrable.
Parent asked legitimate question.
Microsoft would love to do the same thing,
and would I guess that they are planning to, but letting Apple pull it first, as Apple can get away with it.
Microsoft: "Apple used DRM music first, so locking everyone into our music player with DRM/Encrypted-Music is no worse".
Microsoft: "Apple used DRM binaries first, so locking everyone into our OS and Applications with DRM/Encrypted-Binaries is no worse".
widgets and even encrypted binaries existed long before apple "invented" them. Even MS used to have a addon that was a sidebar that utilised the widget equivalent and encrypted binaries have been in common use for decades. apple are way behind in this stuff and simply them finally seeing there benefits does not mean they are innovative or that they invented the stuff. God I hate ignorant fanbois.
Try Quicksilver. It's what the Dock and Spotlight should be. I'm a command line person myself, and seriously, it's pretty neat.
The thing is, Apple's implementation of Widgets is very well done. 10.5 is going to improve it with better memory management and the easy creation of widgets from any section of a webpage. The MS sidebar is a clunky and cumbersome implementation, probably because MS can't design a really good user interface to save their lives.
"Critical real estate on the menu bar"? Exactly how big is your Spotlight icon? Mine is less than half the size of my little fingernail on my 12" iBook, as big across as the menu bar is thick. I hardly call that "critical" but if that's your opinion, then so be it.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
Oh yeah.. let's just add MORE overhead to processing instructions.
I don't need to test my programs.. I have an error correcting modem.
TFA says dsmos_page_transform() decrypts the page. Fine, but where does this get the decryption key? It's essential to store the key in a secure place, but this article doesn't mention it ...
So let me gets this straight. There once was a user who really didn't like Windows (or whatever) and so he decided he wanted to run Mac OS X. Unfortunately, Apple refuses to sell him a copy of Mac OS X that will run on his PC, so he cracks it (or downloads the crack from someone else). Ok, so two questions occur to me:
It kinda frightens me when people feel a moral imperative to justify what they do for a living. I've worked on DRM (actually "product activation", but I guess this crowd would consider that DRM) and the whole time that I did that I never felt anything but kinsmanship towards crackers. It takes a lot of cracking knowledge to create a reasonable barrier that will slow down cracking (and that's all this technology can ever be), so I'm of the opinion that only people who have actually been crackers can make good DRM. How can you go from being a cracker to hating them just because you're on the other side of the fence now? Does your pay check really control your thoughts that much?
How we know is more important than what we know.
To nitpick, market share actually increased from 4.6% in the same quarter last year to 6.1% the last quarter. http://www.macdailynews.com/index.php/weblog/comme nts/gartner_apple_mac_grabbed_61_of_us_market_shar e_in_q3_06/
Apple is, in fact, more anti-competitive than Microsoft is. They not only have a monopoly on the software, they also have a monopoly on the hardware.
Except that "locate" doesn't index the contents all your files... including Email. That is what makes spotlight powerful. But yeah, it sucks what the indexer starts at really bad times. Like if you plug in a Firewire drive.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Yes, I know widgets come from Konfabulator, but Apple made them famous
And mousey-gui-windows are from Apple, but Microsoft made it famous... ahh, you'll never hear a mac fanboy say that!
It's nice to see that Apple is having a go at security, although it's still largely academic because Apple marketshare is still too low to make them a worthwhile target. In fact, very academic, which is exactly what TFA is all about, an academic dissecting bits of OS/X. Still it's a good sign because the more they poke, the more holes inevitably come out. And no, coders who work for Apple are not somehow immune to the average statistical failure rates that all other coders are subject to. The vulnerabilities are there. There's just little interest in finding them at this stage for anyone outside of Apple. Market share is creeping upwards thanks to the iPod giving Apple a budget to leverage their PC business out of the swamp, so if we're lucky we'll see Apple zombies soon, too.
I am government man, come from the government. The government has sent me. -- G.I.R.
OK. So what? OS X is not Open Source. Parts are but on the whole OS X is a closed source application. Secondly Encrypting some vulnerable application help prevent future viruses from infecting some key applications To hide running apps, Logging passwords, etc... I am actually happy to hear this it shows that Apple care about security and are actively preventing future hacks from spreading in the future.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Apple never claimed to have invented encrypted binaries. God I hate ignorant tools.
...because the first image that pops into my head when I read DSMOS is an android with hot pink hair that kicks ass.
The article explained lots of specifics, but none of the general ideas behind it. Are the binaries encrypted, or just signed? Does the hardware have a public key hardwired into it, and if so, can someone just extract that key from a particular mac, for everybody else to use? Can Apple's mechanism be used to forbid people from running software that doesn't come from a vendor that's registered itself with Apple? Are the components we're talking about open-source, or not?
Find free books.
Almost as much as I hate people who don't read post's properly. The AC clearly didn't see that I never claimed apple invented encrypted binaries, merely that because of Apple's standing in the computer industry, Apple using encrypted binaries will most likely cause a cascade effect with companies such as Microsoft 'ripping off' the idea of using said technology. The fact Apple may not have come up with said technology is fairly immaterial; the point is that the mere act of apple using it causes it's popularity to increase dramatically.
The truth shall always be free: Boris Floricic is Tron.
did anyone else notice that DSMOS is an anagram of MS DOS?
HD Trailers
"I can't stand Dock. I've written and posted on this many times. I don't like how much time it takes to use, the resources it takes to animate it, and most annoying is that I can not remove it without trashing Finder. I keep it hidden, and stuffed up under the menu bar."
1. turn off the "magnification" animation.
2. shove it to the left or right side of the screen, as a vertical strip. It isn't the default arrangement, but these days there is usually more screen real estate on the left/right edges than the top/bottom, especially on a wide display (e.g., all the laptops).
3. set the dock size to "small"
4. #1-#3 is the way I run it, but if you like, turn off any of the other animations you don't like, and do the "hide" option.
All are in System Prefs, and with them it is easy to make it a less imperfect, more innocuous dock. YMMV.
Apple isn't locking everyone into their OS and applications. They're just locking some people out.
OS: They have released software that's specifically designed to allow you to run more than one OS on your computer. Microsoft, on the other hand, has a long history of making it damn hard to dual-boot.
Applications: You aren't required to run any of these encrypted apps. Heck, if you don't want them you aren't even required to pay for the operating system - you can download a pretty heavily stripped down version of the OS for free.
And does this actually do jack to dissuade people from stealing Mac OS X, or does it just prevent people from legally purchasing Mac OS X and then using it on a piece of hardware Apple has not blessed?
>> Apple using encrypted binaries will most likely cause a cascade effect with companies such as Microsoft 'ripping off' the idea
:)
Sort of like digital signatures/signing?
That, my friend, is idiotic. Sure, in the extreme one might reverse the bins to get an idea of what's going on. But in practice, it's much easier to listen on the wire and see who's saying what. Then reverse the protocols that way.
In short, GNU's #1 freedom may be violated by this in principle ( were it to even apply to this, which it doesn't ), but in practice it's just a silly jump to make.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
He's talking about Mac OS X updates.
Obama likes poor people so much, he wants to make more of them.
Actually Apple made it famous. Xerox invented the GUI on the Alto.
Two things: 1) I'd say Apple's Macintosh was famous before Windows was. Although Apple didn't invent the mouse-windowed GUI. They nicked it from Xerox. Difference is they never denied nicking it from Xerox. 2) The reason OS X is so secure is nothing to do with Apple's lower market share. First off there's the notable fact that Apple machines tend to be used longer than pc's, and when they are sold, their depreciation rate is tiny in comparison, so in effect, the 'market-share' isn't really realistic. If you look at net usage statistics, you're probably closer to 10-15% Mac OS X usage with another 2-3% pre OS X. So the market share thing isn't even true. But even saying it is, say 5% of all 'net machines are Macs. Now, there are 150,000+ virii for Windows. So, if your argument holds water, then Mac's should have a paltry 5% of that sorta figure, or at least 1% (taking into account scaling issues and cascade thresholds). Sadly for you, there's not 1,500 Mac virii. Not even 150 (.1%). Not even 15. There's none. There was a 'proof-of-concept' that didn't really do even that, since it couldn't self replicate, and I'd hardly call a program that can do bad things if you tell it to a virus. The reason there are no Mac OS X virii is because OS X has a far more secure base than Windows. Any (rare) vunerabilities that do pop up are (usually) patched quickly, and the culture of Apple's development process means if a virus was to emerge, they'd drop everything to make sure it couldn't possibly effect anything ever again. Steve Jobs would probably find the programmer responsible for the security hole and kill his first-born as a warning not to fuck up again. That's not to say there are NO vulnerabilities in OS X. There are. Quite a few. Some of them are even exploitable. But there is a big shit difference between a vulnerability that's exploitable, and one that's automatable (if that's even a word). A qualified, well educated hacker will probably always be able to get in unless you're watching carefully 24/7. But with windows, you don't need a CS degree and a PhD in C++ programming. You need a dodgy exe file from some russian website, and bingo, you're a hacker. Won't happen for Mac OS X. I'm not saying this because I'm some fanboi with his head up Steve Jobs' arsehole. I'm saying this because I understand the underpinnings of Unix (to a degree) and I kow how hard it'd be to hack Mac OS X. Doesn't matter even if Mac OS X reached parity with windows tomorrow. People'll still hack windows, because it's pathetically easy, compared to OS X's extraordinarily hard. Only if Mac OS X completely obliterated Windows to a 90/10 split would you start to see any major exploits out there. And then, thanx to the culture inside Apple, they'd get patched overnight via automatic update, and it wouldn't be a problem.
The truth shall always be free: Boris Floricic is Tron.
"Critical real estate on the menu bar"? Exactly how big is your Spotlight icon? Mine is less than half the size of my little fingernail on my 12" iBook, as big across as the menu bar is thick. I hardly call that "critical" but if that's your opinion, then so be it.
Maybe he's talking about placement. Corners are considered critical because the user can flick the mouse to them without having to get angle or distance right. Although, you can also set your mac to use these "critical" corners for expose, like I do. Then you always end up accidentally activating things when you try to click on corner icons. Doh!
Widgets did not come from Konfabulator, they are a revamp of Apple's own desk accessories.
I wish the whole "ripped off from Konfabulator" presumption never got off the ground, or at least, would die.
OSX is denying the user one of the fundamental Freedoms. Although it is not the worst offender (*cough microsoft cough*) it is moving in the same direction as Vista. The user is not fully in control of the computer system. There are parts of the computer system about which the user is not permitted to know.
> But yeah, it sucks what the indexer starts at really bad times. Like if you plug in a Firewire drive.
:/
It used to do that all the time for me too for my USB drive, but when I reformatted it with Mac OS X Journaling file system, the problems went away (just indexed once, and then updated as necessary.) It seems as though the indexing system doesn't really work to well with FAT32 file systems, so if you only use your drive on your Mac, you might benefit from reformatting it to a Mac file system.
However if you already do have a Mac file system on the drive, and it still indexes all the time, then I'm sorry but I don't have any more suggestions.
Agreed. The NeXTSTEP UI is/was much cleaner than Finder. Given a proper desktop where files and folders could be dragged and dropped, it would have been a winner. Unfortunately, Apple was tied to making OS X look somewhat like OS 9 in order to make the transition easier for the n00bs.
I also can't stand spotlight. It is a resource hog and doesn't work well
Also agreed. Not to mention that Spotlight is a screaming c*nt to get to work with networked directories. It fails if you try to get it to search NFS automounted shares unless they're users' home directories. If you manually mount a network share in Terminal, it also craps out. The only way to get a searchable share, at least in 10.4.7 and 10.4.8, it seems, it to mount it through Finder, either via "Go/Connect to Server" or via the Applescript "mount volume ..." command. Then you have to run a shell script (as real root, not as an "admin" user!) that tells Spotlight to index the share using the mdutil command. Then keep your fingers crossed, because if several Macs are indexing the share, the system sometimes fails. Basically, Spotlight is an immature product that would have been best released after developpment was complete.
-b.
Well that was useless.
Where is the tutorial on how to get our own apps loaded into this special no-pageout protected memory area so that they aren't screwed up by idiots clicking "yes" on a web popup? Every bit of protection helps.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Secondly Encrypting some vulnerable application help prevent future viruses from infecting some key applications
Malware writer: "Darn, I can't easily infect the Spotlight indexer. Guess I'll just have to infect the kernel instead".
I am actually happy to hear this it shows that Apple care about security
Unfortunately this isn't the kind of security that's beneficial to actual users.
(Nifty retro website btw).
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
Then don't use it.
Say I'm a black man. I go into a store to buy some bread to feed my family. The shop keep says "that bread aint for sale". I say I have a moral right to take it. Irrefutable.
Nice strawman. Because we all know, any attempt to control my property is equivalent to trying to starve a poor black family.
Your razor blade argument is equally crap. Those blades belong to the store owner. I don't care what you thought, you have no moral or legal right to steal more blades or to force him to give them to you. End of story. Irrefutable.
If you don't like it, shop somewhere else.
Clear, Dark Skies
The Spotlight menu bar item is infinitely large, as it occupies the top right corner (Fitt's Law).
The grandparent poster is aware of this, and would apparently like to populate it with something that they would utilize more than spotlight. Frankly, I agree, as I tend to key command to spotlight anyhow, then always bring up the window because I want to see the file path, not open the file.
Now, so that you understand why it is infinitely large:
Close your eyes. Move your mouse to the top and right. Give it enough movement to reach it and click. Open your eyes. You will have the spotlight menu open. (Unless you are not in Tiger, then you will have whatever is in the top-right corner)
Repeat this exercise, choosing different starting positions and different lengths of movement. Notice that you always end up on top of the Spotlight menu. (Unless you under-hit it, which is irrelevant because you don't have a penalty if you over shoot it.)
This is the reason the Mac menu bars are at the top- You only have to aim on the x axis, not the y. It is also why contextual menus are handy (you don't have to aim to get to where your cursor is _right now_).
They nicked it from Xerox.
Correction: Apple LICENSED technology from Xerox, and develeoped the GUI far beyond what Xerox had done.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Now, there are 150,000+ virii for Windows. So, if your argument holds water, then Mac's should have a paltry 5% of that sorta figure, or at least 1% (taking into account scaling issues and cascade thresholds). Sadly for you, there's not 1,500 Mac virii. Not even 150 (.1%).
You are ignoring the profit-motive of virii. If it's more profitable to make a Windows virus, why even bother with the 5% of Mac users? Even if it weren't more difficult to make a virus that affected Mac OSX, there still wouldn't be 5% of the Windows virii... the only ones there would be are the ones made as proof-of-concept or just for attention, none of the profit-driven ones that make up a large percent of Windows malware.
I'm not saying I disagree with everything you say, I'm just saying I believe your use of percentages in this case is very flawed.
Conceptually, widgets are similar to Desk Accessories, which shipped in 1984 with the first Mac. Items like a calculator, scrapbook, notepad, and alarm clock allowed a user to perform a quick, specialized task and get back to their larger application program. Of course, HTML and the Web didn't exist in 1984, so today's widget implementation looks different and has considerably more functionality. Regardless, widgets are nothing new.
Reverse engineering does not require inspecting the original code, binary or otherwise. You have the freedom to devise your own algorithims that mimic/use the functionality of the original, Apple has the freedom to make R.E. of it's products difficult.
Don't like encrypted binaries? - Don't buy an Apple.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
So why don't you have to jump through hoops to install OS X? It has no annoying activation or some Apple Genuine Advantage (tm) daemon or anything. All they really do is request you don't illegally redistribute it instead of assuming that you're going to redistribute it and stopping you at any cost.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
An unstated Freedom is you are free not to use the software if you so choose.
if you have a decent AMD64 the Dock is also hardly a massive of a resource hog. :)
GUIs were around in academia long before Xerox. Xerox, not knowing what to do with all this stuff coming from the lab, invested in Apple and let them wander through. None of that made it into the myth, kinda anti-climatic.
Is there anything better than clicking through Microsoft ads on Slashdot?
OSX is denying the user one of the fundamental Freedoms.
Uh, it might be a "fundamental Freedom" if you had a "fundamental Right" of some sort to do as you wish with other people's IP. Unfortunately, you don't. A significant number of people make a good living for themselves and their families working for companies that, while being very understanding and supportive of the free software movement in its proper place, gain competitive advantage over their peers by employing the best intellectual talent to solve problems with technological solutions that if copied would eliminate any sort of advantage that company may have in solving a certain problem.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
Don't I wish.
Actually Douglas Engelbart invented the GUI with the oNLine System.
English is easier said than done.
My eyes! The plural of 'virus' is 'viruses'. I can't take anyone who thinks it's 'virii' seriously, sorry.
"post's"? It's "posts". Learn some damn English. What unholy purpose does randomly putting an apostrophe in a word serve?
The right of a vendor to refuse sale to any person, excepting a few prescribed categories (e.g. racial discrimination) has been long established. (The Great Atlantic and Pacific Tea Co. vs Cream of Wheat Co., U.S.C.C.A. 2nd Ct., 1915 being the earliest I could find.) If you are quoted a fare to get on a bus, or for any other good or service, and you attempt to pay for it with some large bill, the vendor is not obligated to provide change. They could at that point inform you that they didn't have change, and wouldn't be required to give you the service or good for free -- that would be ridiculous. It amounts to legitimizing a theft of services, or requiring everyone to carry around change sufficient to break the largest available denomination of legal tender (in the U.S., several thousands of dollars); if it was true, everyone would be walking around with thousand-dollar bills. That you have been able to get away with it on public buses may be indicative of an internal policy of the bus company or their desire not to create a problem, but I do not see how they are legally obligated to let you ride.
If I go into a penny-candy store and ask to buy 5 cents worth of something, and try to pay with a $20, and the seller doesn't have 19.95 in change, I can't just demand the candy for free. In order to create the oral contract, both parties need to agree to the other party's offer. If my offer is "this candy for five cents," and your offer is "I've got a twenty and I want change," we haven't come to an agreement yet. Both parties make an offer, and then there is consideration, and then there might -- or might not -- be agreement. Only after both parties agree to the terms is there an oral contract of sale created. Just saying 'five cents' doesn't carry with it an implied promise of change from some arbitrarily large denomination of currency that you might want to use, and which could require the vendor to do any number of potentially time-consuming activities (close the store, go to the bank, get change, etc.).
It's not even clear that businesses are required in all U.S. states to accept cash as payment. There is at least one business I know of that absolutely refuses cash, and made it into the national press as a result. A lot of people questioned whether this was legal, and they were in the clear. (It was the cafe "Snap" in the Georgetown neighborhood of Washington, DC. Story here.) And this doesn't even get into the countless thousands of fast-food joints and gas stations which flatly refuse to accept large-denomination bills (usually $100s or larger, although some refuse $50s as well); I haven't heard of any problems with any of them.
If you're claiming that this widespread practice is illegal, then I think the onus is on you to come up with some factual evidence as to why it is.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
... is not what you said.
...
"Congress shall have the Power
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors
and Inventors the exclusive Right to their respective Writings and Discoveries;"
The fundamental purpose is "to promote the useful arts"; giving rights to authors is the means.
We are debating how best to promote the useful arts.
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
Sorry if this sounds crass, but since the OSX public distribution is for Darwin and does not cover the Aqua UI, the Dock, or any of the things this article is talking about, I have to ask: So?
OMG, Apple is making it hard for people to study software that is not and has never been subject to the GPL. How dare they!
Secondly, Darwin is under a Berkeley license is it not? So your GPL ideology goes not even apply.
It's a big problem with commercial software nowadays, they concentrate far more on anti piracy measures like this than actually improving the product...
Their developers are struggling against the cracking groups instead of improving the product, and every end user has to waste processor cycles running this crap and decrypting these binaries. Meanwhile, every version will eventually get cracked and put up on a p2p network.
Whatever Apple do, people will run pirate copies of OSX... But it doesn't run quite so well, it's slow and unstable... Even so, it lets far more people get experience with the OS than would have otherwise, i know several people who ran pirated osx on generic whiteboxes and then went out and bought a mac. Widespread piracy never hurt microsoft either, do you really think windows would be so prevelant in asia and russia if everyone had to pay full price for it?
A pirated OSX is a sub standard experience, like running a demo, and the people who pirate it are people who would never have bought macs to start with... Isn't it better to give them a taster in the hope that a few of them will change their opinion and buy a mac having had a small experience of osx?
From my experience, one of the guys i mentioned above hadn't used a mac since the days of system 7, and didn't like those old versions of macos at all. He'd heard OSX was much better, but had never used it and wasn't willing to buy a mac just to try it... Having run a pirated OSX for a couple of weeks, he bought an imac and now has a macbook too.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I had a great idea, but decided not to put it in this post. Now, see if you can copy it.
Are you implying that OSX wasn't released under a GNU license?!?
I agree somewhat, it might have been nice to have had the Mac brought to the masses instead of the grey pc box. Then perhaps users today would be smarter IT-wise! :-D
;-) ).
:-(
But I suspect that if Apple had had a 'clone war', there would be no Apple today: It's no secret that Apple is first and foremost a hardware vendor, and an OS vendor second (if that's their *second* priority, way to go MS
Let's say Compaq would have clean-room-copied an Apple ROM, and successfully marketed a clone. (I'm not even sure you could get the OS in a separate box in an Apple Centre back in the early days, but that's not my point.) My point is that if Apple had [been forced to] live off of OS sales instead of hardware sales, they would probably not have made enough money to survive -- and they would probably have had to resort to what I'll call unsportsmanlike behaviour such as protecting their drivers. Shock! Gasp! We'd have had DRM in the 80ies.
So the bottom line is, it can hurt the consumer. What if Apple had been couped, what if the entire Mac product line had gone the way of the Newton?
"Good news, everyone!"
...Not only that, but the components which are encrypted are technically not part of the OS itself, but are "enhancement applications" so to speak, bundled with the OS in order to provide enhanced functionality. You can boot OS X without all the encrypted Apple proprietary stuff, it's called Darwin.
Is it against the GPL for me to distribute a proprietary, closed-source binary for Linux? Absolutely not, as long as said binary does not contain GPL'd code. That's pretty much what Apple has done here.
CAn'T CompreHend SARcaSm?
So you're saying that a feature that 99% of the user base uses with out any problems should be yanked because the 1% of people that actually mount remote shares don't like how it works? Give me a break you fuck.
John Gruber is such a cock-gobbling fanboy that anything he says and anyone that listens will be ignored and should preferably die.
I agree with part of what you're saying, hence why I said, ok, so there won't be 5% the number of virii for mac as windows, maybe just 1%. Or even .1%. maybe even .01%. There's not though, and there's my point. Surely some hacker out there, motivated by nothing more than pride in his/her work and the desire to do something no-one else has managed to would have coded up a Mac OS X virus by now? Except that it's really really hard to do so. I'm sure at some point there will be one. But the security hole it exploits will be patched instantly by Apple. Even the proof-of-concept one that floated out about a year back wasn't that. It didn't work. It was a social engineering malware, sure, since it tricked (really really) stupid users into giving u their admin password to a dodgy app. But that's not what a virus, trojan or worm is. It's not self-replicating, and it can't self-execute.
The truth shall always be free: Boris Floricic is Tron.
Your choice of words (ie. "do as you wish with other people's IP") is revealing here. Software that you've (legally) acquired, running on your machine? Why shouldn't you be able to investigate and modify it as you like? Note that I said "modify", not "redistribute".
If you purchase a physical item, do you still think of it as the seller's property after you've paid for it and taken it home?
Fundamentally, the whole concept of "intellectual property" just doesn't work in the same way as physical property. I guess that's why many (most? all?) software vendors try to suggest that their software is "licensed", not "sold". Pity that most consumers don't see things quite the same way. :)
Anyway, your link between "fundamental" freedoms/rights is a little hazy. It doesn't have to be enshrined in the law for people to support it as a freedom (or indeed to consider it a right).
It's not something that has to apply to all software - the point is more that you can choose to only use software that guarantees those freedoms.
"Do Not Steal Mac OS X (DSMOS)"? Where's the "N"? Surely DSMOS actually stands for "Do Steal Mac OS"!
Please, it is _not_ "virii". There's nothing worse then someone trying to be clever and failing miserably. "virus" is not a latin word. And if it was a latin word, the plural would be "viri" and not "virii". "virii" would be the plural of "virius", and there is no such word.
Sorry QuantumG, but you are banned from my shop.
Please, it is _not_ "virii". There's nothing worse then someone trying to be clever and failing miserably. "virus" is not a latin word. And if it was a latin word, the plural would be "viri" and not "virii". "virii" would be the plural of "virius", and there is no such word.
Though I agree, in a sense. Any list of "fundamental" rights is going to be subjective. Mine includes the right to tinker, though.
And why on Earth would you distribute it? It cannot run on non-Macs and every Mac comes with a copy of the OS. So why would you go looking for a pirated OS when it's necessary to buy their hardware dongle anyway, and that dongle is conveniently packaged with the OS to boot?
Global warming is a cube.
The obvious answer to this is a that it's just not a part of the contract you agreed to by buying/using the software. If this doesn't suit you, you shouldn't be using it.
On the other hand, though, this is still reasonable reason to complain about it. If you make a decision not to use something, and you think it's justified, you might feel inclined to tell other people why you made that decision.
Imagine if Microsoft did this? You'd immediately get comments about how evil they were. But not Apple, they get a free pass. I have a feeling that if Steve Jobs took a gun and shot an Apple fanboi's mother in the face, the fanboi would tell Jobs what great marksman he is.
Windows XP running on Apple machines...
Encrypted binaries....
Gentoo Linux - another day, another USE flag.
I'm getting pretty fed up with Apple's hardware. I don't like it. I don't like my Macbook Pro much at all, and if there was a legal way to run OS X on a Thinkpad I'd jump to it. Well, after dealing with bank account issues.
How about buying a Thinkpad and a Mac mini Core Duo, destroying the mini, and running that licensed copy of OS X on the Thinkpad?
Probably still illegal, but should be on firm ethical ground. Apple got their money, and I'm not running the OS on two machines.
So when you run it on white box PC, our funding goes to some guy which runs OS which was not intended to run on that machine first place.
... support the projects trying to convince Apple to support OpenSTEP.
OK, I'll buy a Mac and a white box PC, and destroy the Mac so I can't run two copies of my one licensed copy of OS X even if I wanted to. Apple got their money.
Go support Linux and great overlooked window managers like WindowMaker
Or FreeBSD? I switched to Mac from FreeBSD/Windowmaker + Windows for the stuff that just doesn't exist for free UNIX. Support? I'm an early 386BSD patchkit-era developer, I did the patchkit that got "make world" to run to completion for the first time. I ran the Windowmaker website mirror back when Windowmaker was young. I use FreeBSD for servers... it still kicks OS X pasty butt there.
But on the desktop there are still only two options if you want to run commercial software: OS X and Windows. Every solution to this problem I've seen eventually comes down to supporting Windows one way or another... dual-booting, two machines with a KVM, VMWare, Wine, it's all sending money to companies that only support Windows by buying their software.
Meanwhile, OS X is a FreeBSD derivitive (don't get on my case about Mach, Mach isn't a complete OS and there's FreeBSD kernel and usermode code all through OS X, and the whole Mach/BSD relationship is incestuous anyway). Apple supports FreeBSD. OS X has the same core API as any other UNIX version. Any solution that lets you run OS X software supports the OS X ecosystem *and* the UNIX ecosystem far better than anything involving Windows executables.
URLs? And wouldn't supporting GNUstep be more useful? Oh, that's pretty much dead...
Every cracked OS X on White Box PC is a loss for Linux/FreeBSD desktop in fact.
Do you mean Gnome or KDE? They're dead ends, both of them. The closest thing you can get to a FreeBSD desktop today is OS X.
This concept was stolen from War Games "...new data encryption algorithms" and two teenagers almost started WW3.
If you purchase a physical item, do you still think of it as the seller's property after you've paid for it and taken it home?
When I purchase a car, the car is my property. Honda is not trampling on my liberties by not giving me all the CAD files and whatnot that were used to make my car.
You're infringing my Fundamental Freedom to visit a Slashdot site without any comments by you on it.
It doesn't have to be enshrined in law or recognized by anyone except me to be a Fundamental Freedom. It doesn't even have to make any sense. I say what's Fundamental. Neener.
Don't blame me; I'm never given mod points.
Turn off indexing on that drive?
It's called upgrades.
iFeed?
It's the great new Apple nutritional management program. Sure some people complain about the way they use DRM to prevent food sharing, but that's a minor quibble.
Clear, Dark Skies
1) CoreData is open source (well, maybe not what's in Tiger specifically, but EOF is, as are the storage backends).
2) CoreImage has no equivalent. Although I would argue CoreImage is an API and scene manager, not a specific technology. The technologies are Quartz and QuartzExtreme (and ultimately OpenGL). GEGL, libart and Compviz are implementing non-overlapping subsets of what CoreImage provides, each with different purposes.
3) CoreAudio? I think jack and lapsda on top of alsa pretty much cover that. What's missing is support for more plugin types demanding more complicated controls (UI framework is not covered), so you don't get nice looking VST interfaces or anything.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The way I read it, portions of the app are actually encrypted with AES; which is interesting because it implies the decryption key must be part of the kernel, which implies the key is fixed.
So, I'm not sure what this actually accomplishes - I mean, it prevents you from easily disassembling binary, but how does it prevent you from running on non-Apple hardware?
Maybe the key is physically burned on some chip in the hardware?
Clear, Dark Skies
Under copyright law, I have first buyer rights.
I will not enter into a contract negotiation, leaving just copyright. It's my copy. It is NO LONGER the vendors copy. They sold it to me.
Apple never refused to sell me OS X. Since I never entered into a contract with them, I am bound only by copyright.
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
I didn't say it should be yanked now. I said that it should be improved from what is essentially a beta product. And you're forgetting the business world: some of them would really like to be able to switch to OS X *and* have indexed/searchable network shares. Anything that increases Apple's business market share is ultimately good for Apple.
-b.
It's maybe illegal in the US (I'm not aware of a decision either way on whether their EULA is upholdable). On the other hand, I understand it would probably be legal in the EU - there are laws prohibiting post-sale restrictions there, so once you own a copy of the OS, any license that forbids certain uses of it is void.
I am not a lawyer, any attempt to take a slashdot posting as legal advice is highly silly
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
yes, but you can reverse engineer the car if you so wish (and if you have the funds) and change it to your liking and honda can't say shit about it, except for maybe voiding your warranty.
I agree. Being able to launch my apps with out reaching for my mouse makes me work so much faster.
An interpreter script is a text file that traditionally begins with the #! characters followed by a path to the interpreter. Files not containing the #! line are treated as shell scripts--not by the kernel, but by the execvP stub in the C library. If the stub gets an ENOEXEC error from the kernel when such a file's execution is attempted, it reattempts execution by using "/bin/sh" as the first argument to execve() and the file as the next argument.
/bin/sh is pretty forgiving. I'm pretty sure if you told it to execute a saved email or HTML file it would happily try every line in the file looking for valid commands. It's not hard to imagine this feature being one link in the chain which enables some exploit. After all, it's relatively easily to get shell commands into a users mailbox or web cache files. Making it possible for the system to natively execute a mailbox or HTML file just seems dangerous. Maybe that's just me.
I think Linux does the same thing, although I haven't checked. Somehow, this just feels wrong to me. If it's not a valid binary, and doesn't start with #!, why not just fail? Why keep trying?
Excellent answer. If the process of purchasing or otherwise licensing the software involved me viewing and signing my informed-and-competent-adult agreement to a legally binding contract, then that is perfectly reasonable.
This is where some of us start to mutter that lending any legal weight to sight-unseen shrinkwrap EULAs is just plain dumb, such things are ridiculous and (should be) unenforceable, and giving them anything approaching the status of actual contracts is cartwheeling into crazy land.
Well, at least that's what I'm muttering. Should I mutter louder? :)
Full-quoting because it was inappropriately downmodded (and it saved me having to think enough to type essentially the same thing).
anoncow:What he said. :)
I can do this with my computer, too.
It's worth pointing out that reverse engineering and disassembling/decompiling are not the same thing. The latter might be useful for helping with the former, but the law doesn't say that anybody is required to make sure reverse engineering will be easy. It just says that that you're allowed to do it for various reasons. Nor do I think anyone has an ethical responsibility to make reverse engineering easy. In fact, if you're looking to reverse engineer something it's probably in your best interests to not disassemble any Apple binaries, since you'll want to be staying on the safe side of copyright law. This is why the Wine folks down't want anybody who has seen the source code to Windows getting involved in their project. Similarly, both AMD and Intel would probably think twice before hiring somebody who has worked on the other company's chip designs.
Probably. The problem here is that, whether we like it or not, software is sold as a licence rather than as a product. I'd personally expect EULAs to stand up in court simply because there'd be legal and financial pressure upon them to do so; at the moment, they're just "expected" to be valid.
I don't think contracts are going to leave, though. If EULAs are found to be invalid, it'll just change the way that they are distributed to something that's more legally sound, and very little else.
Underhanded? Probably. But I suppose that this is where the whole "vote with your feet" thing should (in a perfect world!) come in.
"If your mind can imagine it, it can be made"
... and lo, Satan created software patents.
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
Your morals may tell you to take them, but then you would have the morals of a criminal. You have no "right" to take them. As a matter of law and common sense, it is you who would be cheating the shop keeper by taking his property without permission or compensation.
Keep in mind that, in a free market economy, there is no such thing as a "fair" price. There is only the asking price of many competing vendors. If you paid a $10 for your razor blades, and then later found a place on-line that sold them for $2, you did not get cheated. Assuming the razors are of quantity, you either paid a premium for quality, convenience, and service, or you were too lazy to get off your ass and shop around.
Taking this back to the OP, there are many competitors in the computer hardware and OS markets. If you feel Apple is charging a premium by selling razor and blades together, go buy Windows blades or Dell razors. The only reason you would give money to Apple is if you feel they offer greater quality, convenience, and service, or you're too lazy to get off your ass and research alternatives. Note that in none of these scenarios has anyone "cheated" you.
--
I think you have that backwards.
Just like Next executed a "reverse takeover" of Apple, Apple is in the process of taking over Intel.
We will know when the process is complete when Intel goes big-endian.
Have a nice rainy day.
Sincerely,
The Hawaiian Skiing Duck-Billed-Platypi Team.
By "copyright law", you are not referring to our traditional, historic copyright law but to the DMCA, which is anathema to the societal concept of "fair use". Many people and even aspiring politicians are finally coming to realize that the DMCA was a Bad Thing based more on greed than the well-being of Americans at large. It does more societal harm than good.
Our original and traditional copyright law allows things like "decompiling" without penalty... as it should. A program is not conceptually different in any way from a recipe book. It is nothing but a set of instructions. Obfuscating those instructions so that the average person can not read them does not convey to the author any right to make reading or analysis of the contents illegal.
Before you argue that programs are different because they can control machines, note that this very issue was decided by congress and the courts 100 years ago -- in 1906 -- in the context of player pianos. The rolls of paper they used were both "music", and "programs" that controlled machines. Gee... sound familiar? Modern hardware brings no new issues to the table. It is Deja Vu all over again...
The concept of "no decompiling or reverse-engineering" is in principle identical -- in every way: moral, ethical, and legal -- to telling people that it shall henceforth be illegal to study the contents or parse the sentences or analyze word frequencies in a book they have purchased. As a legal concept, the very idea is ludicrous.
What unholy purpose does randomly putting an apostrophe in a word serve?
I find that it's a damn good indicator of when the author is a complete moron.
Yes, (traditional, sane) copyright allows decompiling. No argument there. Technically, even the (newer, insane) DMCA allows decompiling. It just disallows the use/possession/creation of tools used to do it.
However you can still get into trouble with (traditional, sane) copyright by decompiling, and following the decompiled code too closely when creating your replacement/similar work. I think *that* is the danger he was referring to.
> Say Chevy offers Radiohead $1 Million to use one of their recordings in a stupid truck ad, and Radiohead refuses. By your logic, Chevy should then have the right to use the recording anyway, because since Radiohead refused to sell them the song they're not losing any money.
> You may think it's right, but hundreds of years of copyright law would disagree.
Maybe you should look up this crazy thing called "compulsory licensing" before you lecture us about hundreds of years of copyright law, because your example is wrong--Chevy does have (or rather, can buy) that right even without Radiohead's consent.
In any event, I honestly don't like any kind of "art" that tries to dictate to me how it may and may not be enjoyed. If they don't like that, screw 'em.
Unfortunately the article doesn't explain in any way the really interesting points. For instance:
- How is the decryption key protected ? If it is included in the kernel binary you can read it.
- How is the kernel protected? Can you write a modified kernel that use the kernel extension unmodified and allows you to look at the decrypted code ?
- Can you run the kernel on an emulator (on a mac) that relays the calls to the TC chip so that the kernel thinks it is on a Mac while making it possible for you to look at the decrypted code and package an unencrypted binary back ? If not, why ?
These are some of the things I'd be interested in knowing.
The sooner you fall behind, the more time you have to catch up.
We do have a fundamental right, just as chinese dissidents have a fundamental right to free speech. Just because our governments don't recognise our rights doesn't mean we shouldn't.
How we know is more important than what we know.
I use butler now and like it. Thank you. I'll check out Quicksilver.
yanked - no. given the OPTION to remove it - yes.
the way to "remove it" now is to muck with system files and rename the directory the executable live in, and maintain the hack on each OS upgrade.
The only indication that you are not from the U.S. is that you referred to your money as "notes", where an American would usually say "bills". Some Americans may call them "notes", however, either as an affectation, or because they are originally from a country which uses that term.
So, anyways, you're probably from Canada (dollars, called "notes", and Supreme Court), and have a chip on your shoulder about "U.S.-centrism" or whatever, but didn't bother to actually try to help the situation with a clarification, and then you get pissy when, in a thread about U.S. copyright law, other people assume that you are talking about U.S. law, when you actually aren't.
I'm afraid that you lose, sir, madam, or neuter.
Dude, send me the MacBook Pro!