A Closer Look At Apple Leopard Security

Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."

Security

[jcicora]

Why doesn't everyone (Apple, Microsoft, Linux/Unix people) work together on security? Its the one thing that everyone benefits from.

Re:Security

[jellomizer]

Well Linux and Apple people like seeing Microsoft with security holes. How many articles about microsoft security problems are tagged "HAHA". Windows People like seeing Apple and Linux security holes because then they don't feel as bad about choosing Windows. Linux people are not normally to happy to see Apple Security holes because it usually means Linux has a simular problem and vice versa.

It is basicly a case if one can say I am more secure then you then I win.

Re:Security

[NatasRevol]

It's simply http://en.wikipedia.org/wiki/Schadenfreude.

Re:Security

[Qubit]

Hey -- I'd work with Microsoft and Apple on just about anything, except that they're all about writing proprietary software, getting hardware patents and (ugh!) software patents, and basically leveraging the benefits of their software/hardware over the choices presented by other companies.

Microsoft has a ridiculous history of Embrace-Extend-Extinguish. Apple locks their software to particular hardware, and locks up their hardware (e.g. the iPhone) and bricks it if an end-user tries to modify it.

So while Microsoft and Apple have a ton of really REALLY smart engineers working for them, if I were to work with them on security I would be afraid that:

• My work would be sucked into some proprietary, patent-encumbered, closed-source hole.
  
• By working with them I'd have to sign NDAs or I would inadvertently be tainted by their stuff and unable to work on FOSS implementations.
  

Now don't get me wrong -- Microsoft and Apple are just doing what they were designed to do: be companies in a free-market society, making as much profit as possible. But you have to understand that before sitting down with them to work on anything, be it security, interoperability, or even environmental responsibility.

So yes, everyone can benefit from increased security, but if Microsoft's products are less secure than Apple's, then Apple can use that as a selling point and make more money...

Re:Security

[y86]

Just like a cure for AIDS?

Yeah it's pretty sick --- people tend to fight about IP even if it's in the best nature of society and the world.

Open source software is a great step to moving us ALL forward.

Re:Security

[Guy+Harris]

Apple locks their software to particular hardware, and locks up their hardware (e.g. the iPhone) and bricks it if an end-user tries to modify it.

...tries to unlock it. Have there been any cases where merely installing third-party software on a machine caused it to be bricked on an update (and, if so, was it demonstrated that the third-party apps were the cause, and were there any cases of an unmodified iPhone being bricked by an update)?

Unlocking and jailbreaking are not the same thing.

Re:Security

[samkass]

Apple's entire kernel and UNIX layer are open source. Go ahead and work with them on it without fear.

Re:Security

[nine-times]

I guess it depends on what you mean by "work together". They sort of do work together. They're constantly borrowing ideas from each other. Sometimes the Linux/Mac/Unix people are even using the same code. But do any of them want to hold up their own security improvements while they try to persuade everyone else to adopt the same security practices?

Re:Security

[krunk7]

Why doesn't everyone (Apple, Microsoft, Linux/Unix people) work together on security? Its the one thing that everyone benefits from.

Microsoft is free to use any and every security feature ever developed by the open source community. This includes virtually 100% of Linux/bsd's development and lion's share of OSX's security features as well.

The reason we can't say the same for a Microsoft->open source is because for a lot of security in windows...no one has access at all.

Re:Security

[Sloppy]

Why doesn't everyone (Apple, Microsoft, Linux/Unix people) work together on security?

Why doesn't everyone (Apple, Krusty the Klown, Linux/Unix people) work together on security? Because they have conflicting values and goals, that's why.

Re:Security

Why doesn't everyone (Apple, Microsoft, Linux/Unix people) work together on security?

Because they're competitors. DUH.
The venerability of my enemy is my friend.

Re:Security

[Neanderthal+Ninny]

You sound like Rodney King "Can we all get along". This sounds like a good idea but each company or platform has it own set of code which is unique but the ideas and methods of how to secure all of these OS aren't.

Re:Security

[tepples]

Apple's entire kernel and UNIX layer are open source. Go ahead and work with them on it without fear. Does this work only on the desktop form factor and laptop form factor machines, or also on the handheld form factor machines that also run a variant of Mac OS X (e.g. iPod Touch)?

Re:Security

[SethJohnson]

This is not an insightful post. It is a naive question. The post does not contribute any insight or information. Please mod appropriately.

To answer the parent question, security is a feature that business perceives as a competitive advantage. Not to mention the ridiculousness of people from one company taking recommendations from outside programmers on how they should do their jobs.

Seth

Re:Security

I just hope the memory randomization is implemented better than it was here: http://www.youtube.com/watch?v=Gksk0YNsHWA glitching the iPhone manually via SMS. It's pulling crap out of memory all over the place!

Re:Security

Buy me an iPod and I'll let you know.

Re:Security

[anagama]

The venerability of my enemy is my friend.

The "worthy of respect" of my enemy is my friend? Perhaps you meant "vulnerability".

Re:Security

[Qwerpafw]

Apple contributes a lot to the open source community. Safari/khtml is perhaps the best example of that, but they open source their kernel (darwin), quicktime streaming server (darwin streaming server), OpenDirectory, bonjour (mDNSresponder) and a number of other tools and software packages. Apple also owns CUPS, though they bought that and didn't develop it in house (it's GPL2).

On top of that Apple regularly credits security researchers and links to their websites in software updates when they report vulnerabilities to Apple. They work with the community, not against it.

You can work with Apple on these open source projects. The fact that you don't, and that you don't know about them in the first place probably means you aren't a programmer, and aren't really serious about contributing to open source. What you really like doing is feeling superior.

It's perhaps most telling that you use the iPhone as an example of why you're upset at Apple's lack of security. You have it all backwards. The issue with the iPhone was that there were security vulnerabilities. The iPhone was cracked with a buffer overflow exploit. Apple fixed the exploit, which broke hacked phones. They did not intentionally brick phones, and instead told people not to update if they had hacked phones. You're probably remembering the whole thing wrong because you were too smug to learn the facts. Hint: fixing buffer overflows is good security, not bad. Apple is under no obligation to preserve a buffer overflow on a product they ship. If you don't want a security hole patched, don't update the product.

Apple hasn't violated the terms of any open source license. They give back to the community. They maintain a number of open source products. You can be mad about the iPhone being locked, but that's a separate issue from security or open source.

Re:Security

[Fweeky]

Well, Apple contribute to and make use of the TrustedBSD project; e.g. OpenBSM is derived from code Apple released, and the MAC framework is found on both FreeBSD and OS X.

Re:Security

[mrsteveman1]

Programming is a best effort game, you can't write 100% secure code in a reasonable time frame, hence it will always be a problem for everyone. I agree that what you suggest is what needs to happen......

However, I don't think either company is ready to live in reality like you suggest, until recently Microsoft valued usability and a number of other things over security, Windows XP didn't even come with good default security until SP2, and Apple (and a vocal minority of idiots) is still trying to pretend OS X is and always will be the most secure OS on the planet. I've seen a number of Apple users go out of their way to avoid using a firewall because they feel superior using OS X.

Re:Security

Because they have different issues.

Apple does not have Windows core problem; Linux has the same issues as Apple, but are more resilient to actual problems due to the different business case.

They target different customer groups, and problems has to be solved based on user context.

All in all, real cooperation is not possible.

Even policy work and methologies differ, based on their different businesscases and customers. And this do not seem to change in the short term. It might in long term.

Re:Security

[DECS]

Uh, they do work together on security. Seriously, google around for security conferences.

AppleInsider has an interesting series of articles looking at the technology behind features in Mac OS X Leopard and ancestor systems that came before it, including the classic Mac OS , NeXT, Be, Amiga, DOS/Windows, and the development of Unix. Great for nostalgic nerds, and puts the new stuff into perspective against how tech has developed. Road to Mac OS X Leopard Server: Collaborative Info Sharing Services.

Re:Security

[samkass]

It's only released for the desktop and laptop. The handheld form factor machines are still locked (for now), but they do share the kernel and BSD layers, AFAIK, so would benefit from work done on the desktop and laptop.

Re:Security

[sehrgut]

Different OS vendors "working together" on security isn't feasible even in concept. There are relatively few advances in security pioneered by OS vendors. Rather, what is already known about security must be implemented. "Security" isn't a service offered by an OS, and so is impossible to fully abstract. While vendors can work together on things such as communications protocols and interoperability, security is a matter of putting locks on doors. The locks and doors are known (and as new doors in need of locking become known, information is generally freely-available): but there's nothing, short of writing Microsoft's code for them, that Apple can do to help with Windows security. And besides, Leopard kills Vista on more fronts than just security. Heck, Leopard eats Vista! http://www.flickr.com/photos/16424953@N04/1762035991/

Re:Security

[j.phenow]

Because then everyone lose money, there would be a monopoly, and the depletion of competition would hurt the customer experience in the long run you cock-faced, ignorant n00b

Significance

[Mikey-San]

"Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X -- perhaps in the history of Apple

Maybe in the history of Mac OS X, but definitely not the history of Apple itself. I'd say that would be, oh, the shift to Unix.

Re:Significance

[rucs_hack]

Maybe in the history of Mac OS X, but definitely not the history of Apple itself. I'd say that would be, oh, the shift to Unix.

Don't you mean iUnix?

Re:Significance

Actually, Leopard is UNIX. Really. Tiger and previous versions wasn't UNIX.

Re:Significance

[jellomizer]

Well a lot of people considered Moving from OS 9 to OS X a downgrade. It took until 10.2 for it to have features better then OS 9 before that there were a lot of internal things changed but it wasn't better it was just potentionally better. 10.5 may be the OS version with the most improvements to the system. Not the most changes to the code base.

Re:Significance

[noewun]

Well a lot of people considered Moving from OS 9 to OS X a downgrade.

It wasn't a lot of people. It was a vocal minority, the same minority which swore up and down that they'd never touch Apple again after the Intel switch and who spend hours debating the tiniest "flaws" in OS X's GUI. In other words, people for whom computers are an obsession or a fetish.

The the rest of us--people for whom computers are tools used to make money--OS X, and the features it brought, were long overdue. The switch was entirely worth it if only for the addition of a modern memory susbsyetem to an Apple OS. No more preemptive multitasking and having to specify how much memory each application got.

Re:Significance

[ChronoReverse]

I believe you mean no more cooperative multitasking. The modern desktop OS's are all preemptive IIRC.

Re:Significance

[aftk2]

Umm...not entirely. I really like the power OS X and am quite enthusiastic about the Intel switch. And yet, as an Apple fan from the mid 90s, I can completely recognize that 10.0 was pretty rough when moving from OS 9. Do you remember how slow that felt? OS 9 still feels faster to me than OS X, although I'd never, ever want to use it again.

I mean really...you think the people who even know about the term "preemptive multitasking" wasn't outnumbered by those who groused about how the new Mac upgrade ran at glacial speeds and lacked spring-loaded folders? OS X is great...and I'm excited about Leopard...but there was a reason that the classic Mac OS inspired diehard fans.

Re:Significance

[Guy+Harris]

Actually, Leopard is UNIX. Really. Tiger and previous versions wasn't UNIX.

OK, we'll say UN*X instead. For many purposes, being UN*X is good enough - for example, no Linux distribution I know of is UNIX, none having passed the SUS validation suite, but a lot of stuff written for UN*X Just Works.

Re:Significance

[Tom]

Then you're back at Leopard as well, because only Leopord is really "Unix" and not "*nix". :-)

Re:Significance

[soupdevil]

OSX was worthless to me (as an audio engineer/sound designer) until they added Core Audio, which made professional audio tools possible. But it took too long. By then, all the cool kids had given up on ProTools and MOTU, and were using SONAR, Gigastudio, and Nuendo on Windows.

Re:Significance

[Just+Some+Guy]

I can completely recognize that 10.0 was pretty rough when moving from OS 9.

Old Macs had a flaw (yes, I said it) where holding down the mouse button would freeze the rest of the computer.

Including the network stack.

We noticed this because when the rest of the office would play MP3s from our graphics guy's Mac's shared folder, everyone's audio would randomly and simultaneously drop out. We eventually realized that it happened when he was holding Photoshop's menus open for a long time while he pondered which filter to apply to some image.

People who found 10.0 to be rough were the ones who convinced themselves that pre-10 was the paragon of computing and The Way Things Were Meant To Be. To everyone else, OS 9 and earlier were just horrible.

Re:Significance

Then you're back at Leopard as well, because only Leopord is really "Unix" and not "*nix". :-)

and you're completely missing the point of the post, which has nothing to do with silly certifications that no one cares about, and everything to do with the massive shift in OS architecture.

seriously, no one really cares about *nix vs unix.

Re:Significance

[Mattintosh]

A nearly non-existent minority actually thought that MacOS 9 was better than Mac OS X at first. This minority survived until the release of Mac OS X 10.2.

A large majority of MacOS 9 users migrating to Mac OS X thought that, while pretty, the Aqua UI was slow, bloated, and annoyingly shiny. They also gave most of the organizational features of the Finder a complete fail as well. Gone were spring-loaded folders, pop-up-tray tabs on the desktop, hierarchic menus, the app-switcher menu, and a host of other things that made MacOS 9 seem like a good OS. These would've made Mac OS X a knockout hit. (It's already a good OS, and if OS9 could be made to seem like one, just think what OSX could be with those features!) But Apple cut them out in favor of the abomination we all know as The Dock. It moves, it magnifies, it even slides off the screen if you have too much stuff. It's an absolute UI nightmare. That's the real gripe that made people complain that "OS9 is better than OSX". It had nothing to do with the "unix-like underpinnings" or "preemptive multitasking" or any of the other functional stuff. The Mac, to many people, has always been about the "better UI". Mac OS X is just now catching up to MacOS 9 in that regard.

Re:Significance

[nine-times]

The switch was entirely worth it if only for the addition of a modern memory susbsyetem to an Apple OS. No more preemptive multitasking and having to specify how much memory each application got.

Yeah, that and security-- including real multi-user stuff. There were always some users who got stuck on the OS9 crap. They'd get their knickers in a twist because there was some missing feature like the color "labels". And then there were the OS9 power-users who had figured out how to do all the insane old MacOS things-- I got a lot of complaints that they couldn't figure out how to turn off the virtual memory in OSX, and I just couldn't convince them that you didn't need to.

Yes, it's true that OSX took a couple years to work out the kinks. During that time, it was understandable why people would stick with OS9, even though it was way behind the times. But around the time of the 10.2 release, there was no excuse anymore.

Re:Significance

[jddj]

As far as usability goes, any flavor of OS X is a definite downgrade over OS 9.

As far as stability goes, OS 9 is to laugh at.

Me, I needed a new Mac and unfortunately had to hold my nose on the usability front.

I have no problem with new technologies, no problem with shifting to the fastest, most power-efficient mobile processor available, but don't think it's being a crank to complain about losing the primary significant feature of the Macintosh: an extremely usable operating system and UI.

Re:Significance

I believe you mean "No more cooperative multitasking..." as OS X has pre-emptive mutlitasking.

Re:Significance

[jackpot777]

Looking at Apple's share price rise over the last few years, I'd say the most significant update in the history of Mac OS X wasn't anything to do with the OS at all.

Unless you're including the 'OS X' in the iPhone.

Re:Significance

[Apotsy]

Talk about a false dichotomy! Do you really think the two are at all related?

There were people who understood the flaws, but (correctly) thought that moving to OS X should not require giving up good performance (which took years to get back), or UI niceties like the way the classic Finder worked. As to the latter, unfortunately Steve apparently didn't like the old Finder and never allowed the OS X Finder to work the same way. Spatial mode is still broken to this day, the "Show Package Contents" feature is inferior to the one from OS 9, the 1-1 relationship between folders and windows is still not as well enforced as it was in OS 9, and as the previous poster mentioned, it took years to get spring loaded folders back (and even longer than that to get its behavior on par with the old implementation), just to name a few examples.

None of that has anything to do with multitasking or event loop handling and you know it. Or hell, maybe you don't, in which case you're pretty dumb.

Re:Significance

[soft_guy]

Bullshit. If you had to spend a year using 10.0.x or 9.0.x which would you pick? I'd pick 9.0.4 every time. And I like OS X. I evaluated every version of it from Developer Preview 1 up until 10.2. I switched to OS X for daily use when 10.2 shipped. Because for day in/day out use of an operating system I have to get work done, not just admire its microkernel or crash protection.

Re:Significance

[neoform]

Uhm, not to be nitpicking, but 10.5 is the first actual UNIX distribution of OSX..

Re:Significance

[noewun]

Indeed, you are right.

Re:Significance

[Just+Some+Guy]

Talk about a false dichotomy! Do you really think the two are at all related?

Definitely. The old OS model allowed certain shortcuts such as hacks that directly patched the code segments of other programs that were running to change their behavior. The new protected memory model flat-out makes that hackery impossible, so it was up to programs to add explicit support for message passing and other external control systems. There isn't a message passing system in the world that's as fast as just overwriting a destination application's buffers with new data.

That's just one example of why some things are inherently slower if done right. Sometimes it's just not avoidable. That doesn't mean that the new way is inefficient or bad, just different.

I was never into Macs back in the day so I can't comment on old vs. new Finder or spring loaded folders, etc., but I find it telling that the only people who seem to seriously dislike the new Finder are the ones who seriously loved the old one. To everyone else it's pretty spiffy and a reasonably good model of how such things are supposed to work. That is, I'm not at all convinced that the old Finder was actually superior; it's just that people liked it that way, darnit, and anything different is inferior by definition.

None of that has anything to do with multitasking or event loop handling and you know it.

You're right: it doesn't. I'm not sure why you even brought it up.

Re:Significance

In other words, people for whom computers are an obsession or a fetish.

In others words: Steve Jobs.......

Re:Significance

If you had to spend a year using 10.0.x or 9.0.x which would you pick?

Yawn. It was updated. Get over it.

Re:Significance

[Tom]

Dude, I didn't miss the point at all, OSX was my first Mac OS and it being (almost) Unix was one very convincing reason to this Linux/Solaris/etc. guy.

But, some people still care about Unix, POSIX, RFCs and aall this other "useless paperwork" or "silly certifications". Fortunately, many of them are developers of the core components your other stuff relies upon. You know The Open Group isn't a marketing firm, it's a standards consortium.

Re:Significance

[hawk]

Or maybe even the switch to System 7. (OK, I just dated myself . . .).

Prior to 7, Mac had viruses (though it was *much* easier to run antivirus software, as putting a disk in triggered a system event). System 7 broke them *all* (and many utilities).

hawk

Re:Significance

[uncleFester]

Maybe in the history of Mac OS X, but definitely not the history of Apple itself. I'd say that would be, oh, the shift to Unix.

myself, i would consider the shift in architechure a greater historical shakeup. it's still amazing to me apple has shifted their core processor/architechure setup twice, including an emulation layer (each time) to ease transition. i had (and still own) a Motorola Mac (SE/30, Moto 68030 CPU) and remember the titanic shift it was migrating to the PowerPC. And, more recently, shifting from the Power/RISC platform to Intel. I think Apple's continued demonstrated ability to shift its underpinnings with damn near nary a disruption is scary impressive. :)

-r

Re:Significance

[mfnickster]

Old Macs had a flaw (yes, I said it) where holding down the mouse button would freeze the rest of the computer.
Including the network stack.
We noticed this because when the rest of the office would play MP3s from our graphics guy's Mac's shared folder, everyone's audio would randomly and simultaneously drop out.

On the flip side, I can testify that when I used to play MP3s using SoundApp on Mac OS 8 - 9, I never ever once had the audio drop out on me, no matter what else I was doing at the time.

This is something I can't say for Mac OS X with QuickTime and iTunes.

Re:Significance

[abhi_beckert]

Did you intentionally chop off the last few words in your quote? The article actually says:

"Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X - perhaps in the history of Apple - from a security standpoint."

I think TFA is probably right, security has never been more than an afterthought for as long as I've been using mac os.

It looks like Apple has seen Microsoft's security struggle with XP, seen the strong-but-painful security in Vista, and is building up a security model that doesn't suffer from the same issues Microsoft is facing.

Re:Significance

[Indiana+Joe]

it's still amazing to me apple has shifted their core processor/architechure setup twice, including an emulation layer (each time) to ease transition.

No, it's the third time Apple has changed architectures. The first time was switching from the 6502 series that the original Apple ][ used to the 68k series in the Macintosh. The hardware was completely different, the software was incompatible, and it was hard even to share data because they used different floppies. They might as well have been made by two different companies.

Apple learned a lot from their mistakes, which is why more recent transitions have gone more smoothly.

Re:Significance

[drcagn]

It isn't almost Unix now, it is Unix.

http://arstechnica.com/journals/apple.ars/2007/08/01/mac-os-x-leopard-receives-unix-03-certification

Re:Significance

[novakreo]

"Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X -- perhaps in the history of Apple

Maybe in the history of Mac OS X, but definitely not the history of Apple itself. I'd say that would be, oh, the shift to Unix. I'm sure the same will be said of 10.6, too. It's a standard PR move.

Re:Significance

[jkoke]

There wasn't a transition between the Apple ][ and the Macintosh, because they were two completely different product lines. The Apple ][ continued on with new models for several years after the introduction of the Mac. My company had an Apple ][ CS and a Quadra 950 running at the same time.

Re:Significance

[that+this+is+not+und]

The Shift To Unix, meaning the release of A/UX ***, was essentially a subdued project that didn't go that far.

But you meant the shift to running a Macintosh emulation layer on NeXTStep, didn't you? Which isn't a 'Unix' any more than QNX is a Unix.

(*** Yes, Apple did at one point produce a variant of real Unix to run on the Macintosh hardware. It ran on machines like the Quadra 650.)

Re:Significance

[Tom]

Am I in the wrong movie? That's exactly what I was talking about three posts upwards.

Re:Significance

[that+this+is+not+und]

Well, one particular frozen binary is 'Unix' now, and will remain branded as such. Whether any further version will be is up to marketing to decide if it's worth spending the money. Windows 2000 is 'Unix' if you install a particular release of Interix on it, ya know. I don't know if they continued running the certification tests for SFU.

I have a metal license plate that is also 'Unix.' It's the metal license plate sold by The Open Group that sort of commemorates the old 'Unix License' plate, which was intended as a joke on the idea of a 'Unix License.' And since The Open Group owns the trademark, it's a 'Unix' license plate, not something someone spun up to sell on CafePress that isn't an officially licensed Open Group product.

Re:Significance

[Manuscript+Replica]

Actually, I don't agree with any part of that statement. Leopard seems like the least significant OS X update to me.

Security Conserns of Time Machiene?

[jellomizer]

Reading this made me wonder. What would happen if you had an important file you temprarly drop it in a public location then move it out. once the person downloaded it. Then someone goes and runs time machine on the public directory and picks up the file that you deleted.... Also will time machiene pick up different permissions set on a file at different time. You made it and tested it as 777 then after you assure it physically works you bring it down to 755 will it allow you to go back in time and get the permission 777 of the file...

While I do agree having good backups is important part of security... Perhaps just perhaps because it is so easy there is a security problem with it.

Re:Security Conserns of Time Machiene?

[99BottlesOfBeerInMyF]

What would happen if you had an important file you temprarly drop it in a public location then move it out. once the person downloaded it.

If it is an important file, why would you drop it in a public location in the first place, instead of just transferring it directly to that user or putting it in a password protected location or them? The scenario you envision is already a security problem because you're posting private data in public temporarily. I'd argue the right solution, is not to do that at all.

Re:Security Conserns of Time Machiene?

[jellomizer]

Sure you can argue the correct solution but, my way is the easier solution... Given most people they will go with the easy solution. Put it on a public location turn on file sharing tell them to go to this address, then turn it off after they got the file, delete the file from that dir and you are all set. For most cases it will take a while for a hacker or whatever to find the file and get it, durring the 10 minutes it is public. Of course there are more secure ways of doing this but the point it how far will they go on security. For most important files that you don't want other people to get it is not like in a spy movies where there are hundreds of theafs just waiting for the vault to open to rush in. It is more like if you leave the door unlocked for too long they will wonder in and take what they find interesting.

Re:Security Conserns of Time Machiene?

Apparently "I don't get the joke" is now "Offtopic"

Re:Security Conserns of Time Machiene?

Assuming Time Machine keeps track of the ~/Public folder... that the backup paradigm also tracks file movements without actual changes to the file... that someone was actually stupid enough to put Employee_SS_Numbers.xls in a publicly accessible place for no reason...

Sure, it looks like things are fucked up. I'm sure if you were actually trying to screw up security you could also put more holes in an OpenBSD installation than an unpatched XP box.

Re:Security Conserns of Time Machiene?

[noidentity]

Assuming anyone can roll time back (and not just the admin), this would be no different than putting said file in a public directory and having someone else make a copy of it and then post it publicly elsewhere.

BTW, I'm quite sure Leopard will have a spelling checker.

Re:Security Conserns of Time Machiene?

[jimicus]

You're assuming that time machine works over a shared network folder.

I very much doubt this will be the case. To my mind, Time Machine looks an awful lot like a pretty wrapper around a snapshot function, similar to that found in modern logical volume managers and SAN products. Sun's ZFS has such a function, and Apple have licensed ZFS for inclusion in Leopard.

Such a system generally works at the block level (with LVM), though with the filesystem integration ZFS gives it could probably operate more efficiently. In any case, the only way to get at earlier snapshots is to be able to run an application on the machine itself - and if you can do that, you can do more or less anything.

Re:Security Conserns of Time Machiene?

[NatasRevol]

Supposedly, ZFS is read only in 10.5.0.

Re:Security Conserns of Time Machiene?

[photon317]

On the "777" issue, I don't think the backup snapshots are writable in the general sense, so it wouldn't much matter if your backup of a file had writable perms. What you're probably more interested is a file you initially created as 755 and later changed to 700 (which is basically the same issue as your "accidental publication" concern). The answer is that Time Machine allows you to explicitly ask it to delete all historical copies of a given file, for precisely these kinds of reasons.

Re:Security Conserns of Time Machiene?

[daveywest]

I've been reading up on Time Machine.

In preferences, you have the option to designate folders that does not get stored in the backup. Developers also have the option to register files to not back up(eg. temporary caches).

It is really revolutionary to put this much back up power in the hands of every day users. I've used personal and workgroup editions of retrospect. The biggest problem with those systems it the unnecessary and redundant data that gets backed up.

Honestly, Time Machine is one of the major reason's I've pre-ordered 10.5. In the past, I've found the system updates to be somewhat fluffy and lacking in useful features. 10.5 has new features with real value that work every day with minimal interaction on my part.

Re:Security Conserns of Time Machiene?

[99BottlesOfBeerInMyF]

Sure you can argue the correct solution but, my way is the easier solution... Given most people they will go with the easy solution. Put it on a public location turn on file sharing tell them to go to this address, then turn it off after they got the file, delete the file from that dir and you are all set.

Or easier yet you can include it in an IM chat or e-mail, which is what most people do these days and which is no less secure than what you describe.

For most cases it will take a while for a hacker or whatever to find the file and get it, durring the 10 minutes it is public.

Sure, but you're advocating lousy security instead of real security. Do tell, how is your method "easier" than e-mail or chat file transfers?

Re:Security Conserns of Time Machiene?

[MSG]

Then someone goes and runs time machine on the public directory and picks up the file that you deleted.

Time machine isn't a feature that "someone" can run against your network drives. Time machine allows you, the operator, to use a second hard drive to maintain snapshots of the drives that you're using. Since the snapshots are on a separate drive, there's no risk that someone accessing your system remotely will have access to files that you've removed, or whose permissions you've changed.

Re:Security Conserns of Time Machiene?

Yes it will be nice to actually have some form of backup in OSX.

The stupid toy backup you get with .mac doesn't count. Firstly it should be included at standard, but secondly it is useless for any serious amount of data.

Re:Security Conserns of Time Machiene?

Are you suggesting the advanced user might need to learn how to properly use a feature in sensitive environments? Shocking!

Re:Security Conserns of Time Machiene?

[lindseyp]

Then you are totally missing the point. I often get this kind of response from "tech" guys and it pisses me off completely. Sure, it's easier to say "it shouldn't have been there in the first place" and lay blame at someone's feet without trying to actually *solve the problem*.

Assuming TimeMachine actually does allow such a functionality, which I doubt, but that's the premise here... There could be any number of reasons why a file which you do not want public *RIGHT NOW* was at some point in a public directory. Whether some idiot put it there forgetting it could be recovered later. Maybe they thought it would be OK because they gave it a cryptic name and nobody knew it was there. Maybe they put it there by accident "oops.. wrong file!", Maybe it was not deemed to be sensitive at the time but subsequent developments rendered the contents sensitive and worthy of retraction from public view. "what do you mean the ID was fake and she was only 17!?"

What if you forgot to lock your door, then remembered 20 yards down the street and came back to lock it. Only to have someone use "time machine" to go to the 30 second window you had left it unlocked and rob your house. Then you get some insurance dweeb coming to you with "well you shouldn't have left it open in the first place".

Exactly.. that's not the fucking point, is it.

Re:Security Conserns of Time Machiene?

[random0xff]

I'd argue the right solution, is not to do that at all. Yes, but he's already crossed that line, it was a mistake, it can happen, even to you. But not to worry, just move it to a secure location and he's done, right? But the question is, will time machine allow someone to still find this file in the public folder?

Re:Security Conserns of Time Machiene?

[Anarchitect_in_oz]

Well it would take testing if your concerned, but i understand you can specify files, folders and the like to be ignored by Time Machine.
So specify the public folder not to be backed up, and concern is gone.

Bravo!

[hypermanng]

The much-needed focus on availability is a real breath of fresh air. If one can recover a previous state (i.e. if it is available), it's a great deal easier to restore integrity. Confidentiality improvements are always welcome, of course, but they'll never be complete, and availability allows us to recover after the fact.

Also, Time Machine is a great forensic tool.

Overall, of course, I'm lauding the article more than 10.5, since I'm unaware of any of these features being truly new to the IT world.

Evil bit?

[grassy_knoll]

From tfa:

While Apple can't prevent people from downloading dangerous stuff, Leopard has a new feature to tag downloaded applications as coming off the Internet.

Wait... don't tell me they implemented RFC 3514 . ;-)

Re:Evil bit?

[jkabbe]

What would be really cool is if, before you run a program with the evil bit set, it would run Time Machine to make sure your backup is up to date:

Double-click program downloaded from the internet
Time machine begins to backup your computer
Floyd says, "oh boy, are we going to do something dangerous now?"

Re:Evil bit?

[El+Lobo]

It seems they invented another great thing. (No matter that this is implemented as a alternate file stream on XP SP2) They will market it as something innovative, of course.

Re:Evil bit?

[initialE]

I'm quite sure they do this in windows already. Doesn't prevent people from clicking "Yes" anyway.

Re:Evil bit?

[aristotle-dude]

It seems they invented another great thing. (No matter that this is implemented as a alternate file stream on XP SP2) They will market it as something innovative, of course. You might not be aware that NTFS alternate file streams were implemented in order to support the resource fork paradigm in Mac OS on windows file servers serving mac os client machines on a network back in NT 4.x IIRC. Even with XP SP2, multiple file streams in NTFS presents a serious potential security hole where an innocent looking 1K readme.txt file could house an ever growing alternate stream that exhausts all disk space or it could be used to house a trojan payload hidden from the filesystem.

Re:Lameness filter

[jcicora]

How did the parent make it past the lameness filter? Seriously

Apple can no longer hide behind small markets

And it sounds from many of these changes, that Apple can see a future where they would be suffering like Windows because of being a larger target.

App signing and stack randomization has already come to windows.

System restore and shadow copy exists in Windows, though it looks like Apple will be providing a better backup system out of the box.

And the sanboxing sounds a lot like UAC with the exception that you wont get a prompt. The sandboxed app will just be denied.

It sounds like Apple OS is not inherently more secure than Windows. It is now a larger target, so it needs these new protections.

Re:Apple can no longer hide behind small markets

[El+Lobo]

Wrong, the sandboxed application WILL get a prompt for elevation. You guessed it, exactly like in Vista.

Re:Apple can no longer hide behind small markets

[mattgreen]

Wait, but I thought it was bad that Vista did that? How is it that it is okay in OS X but not in Vista?

I'm sure the OS X implementation will be better. But it will be funny to watch the backpedaling that ensues, because it was always the idea itself that was inherently flawed, it was argued. Users don't know what exactly they just downloaded does.

Re:Apple can no longer hide behind small markets

[bombastinator]

Here's a fanboy test: which is better, Vista or XP?

Re:Apple can no longer hide behind small markets

[Mr.+McD]

Even more so, most people don't read the content behind a link in a Slashdot post :)

Re:Apple can no longer hide behind small markets

[El+Lobo]

Vista: absolutley with all it's many imperfections.

Re:Apple can no longer hide behind small markets

[bloodmusic]

Vista doesn't prompt for elevation; it only asks for confirmation. If Apple implemented the feature correctly -- as usual -- you'll have to enter an admin password, not just press the 'Run' button.

Re:Apple can no longer hide behind small markets

[ChronoReverse]

Depends. If you're an administrator, it'll give a continue prompt. If you're a normal user, it'll pop up the login prompt.

Re:Apple can no longer hide behind small markets

[El+Lobo]

Why do people speak without knowing? Hell, this is slashdot where everybody SEEMS to know that they know... Bash only because #you heard it", but never used it of course.

FYI, if you are running as an administrator, UAC will then prompt a confirmation (hell, you ARE an administrator). If you are a normal user, then UAC will prompt you for an ID and password.

And sorry, you must to be very naive or fanboi to think that Apple implemnts everything perfectly. There are a LOT of wrong things with OSX, as there are with any other OS out there.

Re:Apple can no longer hide behind small markets

[mattgreen]

It is sad that a site that bills itself as "news for nerds" is inhabited by people that enjoy being ill-informed when discussing these topics. If there's anyone that should read the articles, it'd be people here. Instead, everyone would rather contribute to the overall noise level and spout the same opinion thats been repeated fifty other times.

Re:Apple can no longer hide behind small markets

[Per+Wigren]

The difference is not so much in the OS itself but in the OS culture, the legacy applications.

A LOT of Windows programs are programmed with the assumption that the user is running with full or almost full privileges because that makes life easier for newbie programmers, and that's how things were designed back in the 9x days.

Most MacOS X programs are designed to run with low privileges and only prompt for privilege escalation when it's really really needed.

Because of this, my guess is that it will be a much more pleasant experience on the Mac.

Re:Apple can no longer hide behind small markets

[El+Lobo]

I still remember in the late 90s in the apple advocacy newsgroup people telling: "why do I need memory protection and preemptive multitasking"? We don't need that... The it was implemented "finally" on OSX and it was a great thing. Then I remember them telling me the greatness of non-intel processors and how great was that Apple never went Intel. Then they DID move to Intel and boy, what a great move this was :-)

So don't worry, you will get the same story here.

Re:Apple can no longer hide behind small markets

[Constantine+XVI]

The implementation is nearly the same, but it's all the run-as-admin-only baggage Vista has that makes it so much more annoying.

Re:Apple can no longer hide behind small markets

[Constantine+XVI]

Error: This question cannot be answered in it's current state ;)

Re:Apple can no longer hide behind small markets

[eldepeche]

In OS X, an administrator is prompted for a password when a program requests escalation of privileges. A normal user is prompted for an administrator username and password.

Re:Apple can no longer hide behind small markets

[bloodmusic]

And the point is that, if you are an administrator, unsafe practices will become automatic. You can argue that someone who runs with admin privileges is asking for it, but that's missing the point.

And of course Apple makes mistakes, and takes their own, sweet time in correcting them (Finder, anyone?); however, in most cases, their products set a standard of usability and elegance that Microsoft could never understand, much less achieve.

Finally, "fanboi"? Really? I'm really hoping that English is your second language.

Re:Apple can no longer hide behind small markets

[El+Lobo]

Hell, you keep making a fool of yourself... Could you please keep your little mouth closed?

Fanboi IS the correct pseudospelling.

Re:Apple can no longer hide behind small markets

[bombastinator]

Ah. A fanboy.

Re:Apple can no longer hide behind small markets

[El+Lobo]

Apples and Oranges. On Vista if you are already and admin, there is no need to logon (hell, you are already in). On MacOs you just double logon. Pros and Cons can be discussed, but there are more or less the same. The fact is: vista gets bashed for this. MacOS gets praised for **THE SAME THING**

Re:Apple can no longer hide behind small markets

[samkass]

There are tradeoffs to everything. Considering processor capabilities and RAM costs in those days, one could argue that the early 80's would have been too soon to put memory protection and pre-emption into a consumer OS. The Amiga did pre-emption by the mid-80's, but for all practical purposes the Mac MultiFinder worked pretty well. And no one did much protected memory in a consumer OS until the mid 90's (although MacOS had the no-execute bit set for data and the no-modify for code pretty early there.) Although Windows95 did it to a limited degree, it really wasn't until around 2000 with MacOS X and Windows 2000 that both protected memory and pre-emption really hit the mainstream consumer-land in a way that home users could run all their software and games on it.

And I'm actually really happy that the Mac never had IRQ's, ISA, or a BIOS, so yeah, it was great Apple wasn't Intel then and it is great that Apple's with Intel now.

Re:Apple can no longer hide behind small markets

[Serious+Callers+Only]

Vista gets bashed because they bombard the user with prompts to the extent that people turn off UAC. Similar prompts on OS X happen infrequently and thus function as a useful warning of possibly dangerous behaviour.

Fanboi IS the correct pseudospelling [whirlpool.net.au].

Using fanboy is bad enough, fanboi should be beyond the pale. It's usually a precursor to irrational rants based on an imagined foe (in this case the 'mac fanboi'). At this point I thought you'd lost all credibility.

A happy Windows user and developer, And PROUD of it!

Then I realised you had farther to fall.

Re:Apple can no longer hide behind small markets

[El+Lobo]

Excuse me???!! real multitasking and protected memory was implemented by ;S with NT 3.5!!! In 1992!!!

Re:Apple can no longer hide behind small markets

[samkass]

I didn't say it wasn't. But NT 3.5 ran almost no games of its day and DEFINITELY wasn't a consumer OS. Real multi-tasking and protected memory was implemented by UNIX a whole lot earlier than 1992 and I didn't include that one, either.

Re:Apple can no longer hide behind small markets

Absolutely - unfortunately a lot of those Windows apps are ruined by the simple act of trying to write into the system folder. I mean really - it is THAT HARD to use a different location?

Windows developers are cretins.

A specific example - Unreal Tournament 2004 - unless the running user has permission to the registry keys to make changes to the firewall, multiplayer will not work. This is even if you have explicitly allowed the ports a network game uses. It doesn't actually try to see if it works, if it can't write to the registry keys it throws an error.

Re:WTF???

[99BottlesOfBeerInMyF]

Time machine is a security hole from hell. Just suppose you record some pr0n of yourself using the built in iSight, then think better of it and delete the files. Now anyone can casually sit at your desktop and retrieve all the compromising files.

Apple just made it easier to recover deleted files, if you're using backups. If you're not using backups, there is no problem. OS X has also long had a "secure delete" option that not only deletes the file, but writes over it with random data multiple times, ala DoD requirements. I'd be willing to bet that also does the same on your time machine backups.

Re:It's to bad that 10.5 is not comeing out for al

That means then Apple would have to support unknown hardware..... won't happen. Thats the benefit to owning apple hardware and OS... I can point my finger at one company and expect to get it fixed right the first time.

Re:WTF???

[Llywelyn]

Another poster has addressed the core issues (secure delete, etc), but one other thing needs to be pointed out: At least anecdotally, I suffer data loss far more often than I have hackers breaking into my system (at least that I know of) or having to deal with the compromise of sensitive information from my hard drive.

There is a greater risk for many people in lack of backups vs. outside threats who have sufficient access to the machine to see data we've deleted without bothering to secure delete it or delete the backups.

There are jobs that demand that level of security, but there you are dealing with taking every hard drive that touches the system out and locking it in a safe at the end of the day. Backups, in and of themselves, are not the issue.

Backups as Security?

[rueger]

"With Time Machine making it easier to back up for all users, especially individuals not already protected by some corporate backup system, Apple is doing more to improve security than any upgrades to firewalls or Safari ever could."

Although I am a fan of backups, this is really silly. Even if we assume that users have Time Machine turned on, that they have external media on which to back up, that they manage to actually have everything turned on and hooked up to do the automated backup, there's still one hole in this argument.

In order for a backup to offer protection you need to know that there is something that needs to be restored from the backup. If most security attacks are by nature silent then you won't realize that you have been compromised and will not preserve a recent backup much less restore it.

Unless there is unlimited storage space for backups there will come a point when Good Data Set A will be replaced on your backup by Corrupted Data Set B. Time Machine likely has no way of knowing that the data it has just backed up is not your good current file, but one that has been damaged. All that it knows is that the file changed.

Re:Backups as Security?

Welcome to the idea of incremental backups.

Delete Instructions

[BoldAC]

Deleting from Time Machine is as easy as deleting from any other folder in finder.
Here are some step-by-step directions if you really need it: Leopard Time Machine: Delete Files or Folders from Backup

AC

Re:It's to bad that 10.5 is not comeing out for al

Yes, it's really too bad that it's not going to try to support all the cheap-shit, generic hardware that China can pump out. You do know that's why Windows has sucked so hard in terms of stability, right?

Mac OS X has the "it just works" reputation because of the limited number of hardware configurations on which it runs. They can take full advantage of what's there, because they know exactly what's there. Windows has to take the 'lowest common denominator' approach, to its detriment. Microsoft has tried and failed (though they have gotten better) for twenty years to get Windows to work with generic hardware as well as OS X works on Apple hardware. But when they decided to try to take over the game market, what did they do? They rolled their own hardware instead of just leveraging the existing Windows-on-generic-hardware market. That should tell you something.

I do agree with you on the second point though, Apple does indeed have a gaping hole in its product line where a midrange tower should be. If for no other reason than to make all the people who have been whining for one shut the hell up and buy the goddamn thing. Although, who am I kidding? If one was made, they'd just bitch about the price or specs or something and still not buy a Mac.

Re:WTF???

[wodgy7]

Just exclude your homemade porn folders from the Time Machine backup set. Easy. If you forget to do this, just delete the files on your Time Machine drive; it uses the standard .snapshot-style folder layout. No binary databases or big backup blobs that you can't parse and delete yourself. If you want public key encryption of the backups, set an encrypted DMG to be your Time Machine target. You can even use AES-256 in Leopard.

Leopard Screenshots and Tutorials

[Davak]

If you are looking for a rundown of all the new features, you can check out Apple's official listing of the 300 new features. Tech-Recipes has already started releasing screenshots and tutorials detailing many of these.

Apple has to do very little with security, honestly. Compared to a serial-killer, even the car thief looks good. Apple keeps their solid history of security and adds a nice backup platform. If anybody asks, all they have to say is that we are better than Microsoft.

Re:Leopard Screenshots and Tutorials

[NatasRevol]

Well, we are :-)

Re:Leopard Screenshots and Tutorials

[skinfitz]

--
OS X...because making UNIX friendly was easier than fixing Windows. Your sig makes no sense whatsoever. I think it should be something more along the lines of maybe 'OSX - because OS9 was a pile of crap and Apple needed a good solid foundation for a new OS.'

Your sig as it stands makes it sound like Apple would base an OS on Windows for some reason, which is obviously ridiculous, or that maybe there is a single entity producing operating systems rather than different companies with competing products.

Re:Leopard Screenshots and Tutorials

[NtroP]

Your sig as it stands makes it sound like Apple would base an OS on Windows for some reason, which is obviously ridiculous... Actually, when Apple was looking around for a replacement kernel for their new operating system they briefly considered the NT4 kernel before rejecting it and BeOS for NeXT.

Re:Leopard Screenshots and Tutorials

[blantonl]

Mod Parent -5 Significant, Absolute, Schadenfreude-wanabe flamebait

Re:Leopard Screenshots and Tutorials

[kogus]

The key though, is that they *did* reject it. Apple had the wisdom to recognize that the old System 7/8/9, for all of it's innovation, was architecturally limited, and they decided to start over with a Unix kernel.

Microsoft is justified in their claims of great backward-compatibility, but it comes at the cost of a fundamentally unsound security model that simply cannot compete with Linux and OS X.

Re:Leopard Screenshots and Tutorials

[that+this+is+not+und]

The thing is, they started over with a Mach kernel, and strapped on a Unix userland for good measure.

Re:Leopard Screenshots and Tutorials

[obirt]

Not really, they were originally trying to get MacOS to run on custom Alpha's with DEC's help, but the DEC engineers wouldn't do it. 64 bit, 200+ MHz CPU in the early 90's. Things would have been a lot different today if they weren't so pig headed. (Both Apple and DEC). I think this was even before Intel stole core logic from the Alpha for the Pentium II.

Code randomization a bad idea

[Animats]

"Code randomization" is a terrible idea. Virus writers will write something that searches around for the right place to patch. Developers will think buffer overflows are now OK, and write worse code. Worst of all, bugs become nonrepeatable and harder to debug. (Great for tech support. Much harder to pin blame on the vendor now.)

Re:Code randomization a bad idea

[Potatomasher]

"Virus writers will write something that searches around for the right place to patch"

No, they won't be able to do that. At that point, they haven't gained execution yet.
Buffer overflows require you to jump to code which is in a known place in memory (usually libraries), which in turn slingshots you back to the exploit code stored on the stack (or other). Without knowing where to jump to, your malicious code will just sit there in memory, not doing anything.

Re:Code randomization a bad idea

[bucky0]

ASLR works using the dynamic linker. For the vast majority of programs (I can't think of any counter examples off the top of my head), the dynamic linker works transparently to match up in-program function calls with their proper library addresses. If ASLR adds bugs to the implementation, it must be because of a faulty linker, which can be debugged out.

Virus writers will write something that searches around for the right place to patch
It's not quite that simple. Virus writers have a practical limit of how much code they can squish into a buffer overflow (which reduces the effectiveness of a NOP slide) Not only that, protected memory operating systems will bomb out if you start randomly poking at memory addresses. Since the addresses are randomized, you don't really know where to start looking which means it becomes a probability game of how many valid addresses the code your looking for could be at compared to the total address space.

Developers will think buffer overflows are now OK, and write worse code.
Developers have known about buffer overflows for years, and people still use sprintf over snprintf. I doubt anyone who is doing any serious coding will look at ASLR and say, "Hurray! We can forget about string validation!"

Re:Code randomization a bad idea

[Lally+Singh]

- Which class of bugs depends upon the memory layout of your libraries? E.g. what kinds of bugs happen or don't happen depending on that layout?

- Do you have any idea how less vulnerable you are to an attack when the attacker can't get you in 1 hit? A networked-based attack would essentially have to flood you to get the right address, and bandwidth limitations could prevent them from ever doing it (searching through a multi-gigabyte address range a few dozen bytes at a time takes a *long* while when you're doing at least one packet per try). Local attacks to local processes are only threats to suid programs, of which there are *very* few, and which can sound an alarm pretty easily if they were getting queried thousands of times/sec.

Re:Code randomization a bad idea

[lskovlund]

Do you happen to know how ASLR will work together with prebinding?

AFAICT, ASLR would render prebinding moot (Wikipedia says that it has
been deprecated since Tiger; nevertheless, I am still seeing noticeably
longer load times when first running an app after a system update - I
chalk that up to prebinding).

Re:Code randomization a bad idea

[PhrostyMcByte]

Developers have known about buffer overflows for years, and people still use sprintf over snprintf.

snprintf just trades off potentially writing past the end of the buffer with potentially reading past the end of the buffer. People should be resizing their buffers as needed - when is it ever OK to truncate data - and stop misusing the 'n' functions.

Re:Code randomization a bad idea

[Sloppy]

"Code randomization" is a terrible idea. Virus writers will write something that searches around for the right place to patch.

Brilliant solution. All they have to do, in order to run the code that "searches around," is run some code that searches around for the right place to patch. But to run that, they first have to run some code that searches around for the right place to patch. But in order to run that, they have to--
STACK OVERFLOW! User Sloppy DoSed.
Oops, I guess it worked, after all.

Re:Code randomization a bad idea

[bucky0]

From my understanding, ASLR is a per-boot randomization, so the OS could just re-prebind at boot (if it needed to). I'm just speculating though.

Re:Code randomization a bad idea

[bucky0]

I'll be honest and say that I'm pretty naive about good coding practices, but I use snprintf for things like: (terrible example)

char buf[1024];
snprintf(buf, "Logging started, argv[0] is %s", 1024, argv[0]);

and then later, I'll output it to a file or something. It's a bad example, but doesn't using the 'n' version of sprintf keep people from filling buf outside its bounds?

Re:Code randomization a bad idea

[puetzk]

I can't say for sure that Apple did this, but do note that randomizing it once per computer (e.g. ramdomize it *while* prebinding) is very nearly as effective as randomizing it every time. It still means someone can't write exploit shellcode that works on all (or even a significant fraction) of machines. This is the approach glibc's prelink uses.

Re:Code randomization a bad idea

[rudedog]

Developers will think buffer overflows are now OK, and write worse code.

I agree. I also think seatbelts are a terrible idea, because it just encourages drivers to crash their cars.

Re:Code randomization a bad idea

[PhrostyMcByte]

snprintf will always write 'n' bytes. it will not write a null terminator if it runs out of room, and it will pad with 0's if it doesn't. so you won't overflow your buffer, but you might not get a terminator. it's better to just resize your buffers or error out.

Re:Code randomization a bad idea

[Jeremi]

Virus writers will write something that searches around for the right place to patch.

Ah, but how will they get their search-around code to run on the target machine? They don't know where in the hacked-TIFF file to put it now, do they?

Developers will think buffer overflows are now OK, and write worse code.

I doubt it -- a random buffer overflow will still cause your program to crash (or corrupt data), and most programmers don't think either of those are acceptable. A more likely scenario is that programmers will continue as they always have: trying to write correct code, and occasionally screwing up and writing vulnerable/buggy code. The only difference is that the vulnerabilities will now be that much harder to exploit.

Re:Code randomization a bad idea

[bucky0]

That's ridiculous. I thought that:

a) It would stop writing if the format string runs out of characters
b) It would null terminate the string at character 'n'. Otherwise, it's not a valid c-string.

I guess I stand corrected.

Re:Code randomization a bad idea

[kybred]

I guess I stand corrected.

No, not really.

It's always a good idea to take programming advice from a random Slashdot poster; much easier than actually reading the documentation on a function.

Re:Code randomization a bad idea

[bucky0]

Hell, I _always_ take advice from slashdot posters. It seems like they know everything about..well, everything!

Re:Code randomization a bad idea

[StoatBringer]

No, as I understand it, the virus depends on a library being at a particular location in order to insert the code which allows the virus to be processed. There is no way for it to "search around". It's the act of patching the library through the buffer overrun which allows the virus to start up. If the library is not in the expected place the buffer overrun will not cause the processor to start executing the virus code.

Re:Code randomization a bad idea

[raddan]

You might be interested in the following tidbit from the printf(3) manpage on OpenBSD:

Because sprintf() and vsprintf() assume an infinitely long string,
callers must be careful not to overflow the actual space; this is often
impossible to assure. For safety, programmers should use the snprintf()
and asprintf() family of interfaces instead. Unfortunately, the
snprintf() interface is not available on older systems and the asprintf()
interface is not portable.

It is important never to pass a string with user-supplied data as a for-
mat without using `%s'. An attacker can put format specifiers in the
string to mangle the stack, leading to a possible security hole. This
holds true even if the string has been built ``by hand'' using a function
like snprintf(), as the resulting string may still contain user-supplied
conversion specifiers for later interpolation by printf().

Be sure to use the proper secure idiom:

snprintf(buffer, sizeof(buffer), "%s", string);

There is no way for printf() to know the size of each argument passed.
If positional arguments are used, care must be taken to ensure that all
parameters, up to the last positionally specified parameter, are used in
the format string. This allows for the format string to be parsed for
this information. Failure to do this will mean the code is non-portable
and liable to fail.

Re:Code randomization a bad idea

[bucky0]

Am I reading it right that somehting like this (syntax may be off)

const char buffer[1024];
const char str1[] = "%i";
snprintf( buffer, 1024, "%s", str1 )

would cause snprintf to double-interpolate the string and start looking for a %i off the end of the variadic arguments? I guess a different way to word it would be: If snprintf runs across a %s in the format string, would it also evaluate format specifiers within the spring that was passed to it?

Re:Code randomization a bad idea

[kybred]

... would cause snprintf to double-interpolate the string and start looking for a %i off the end of the variadic arguments? I guess a different way to word it would be: If snprintf runs across a %s in the format string, would it also evaluate format specifiers within the spring that was passed to it?

No, what it's saying is; don't do this:

const char buffer[1024];
const char str1[] = "%s";
...
printf( buffer, str1 );

The format string will have a %s in it, but has no params following it. (Assuming that str1 would actually be passed in from elsewhere).

The *printf functions will only evaluate the format string, not any specifiers that happen to appear in the params following:

printf ("this is a test: %s", "%s");

will print out:

this is a test: %s

Re:Code randomization a bad idea

[bucky0]

Gotcha, thanks for the clarification.

Re:It's to bad that 10.5 is not comeing out for al

[jellomizer]

They will complain about anything.
They want OS X to be realed for common hardware not realize that apple tried that (with their older OS) and it nearly killed them. And right now they are doing stellar, they way they are going now. Basicly they are just jelious that Linux isn't as good as OS X is.

What about the insecure default settings?

[bombastinator]

I am wondering if some even more basic holes have been filled here.

I have been given to understand that one of the problems with OSX is that in order to make some legacy software work such as applescript, apple had to make a few file settings more open than they should be.

The big example is the one which allows a USB drive with a correc tly set up copy of OSX on it to automatically become the boot drive with full root access to all drives on a restart. IIRC there's even a company that sells these things pre-configured for unnecessarily large sums money.

This is the stuff I most want to see fixed

Re:What about the insecure default settings?

[SuperKendall]

Trying to protect non-encrypted data from an attacker with physical access is a fools errand.

Re:What about the insecure default settings?

[MachineShedFred]

The USB thing can be fixed via an Open Firmware password (G5 and below, though I'm sure there's an equivalent for intel). If you have one in place, holding down the option key on boot will present you with a password screen before the Boot Manager.

The only other ways to boot from an external disk if there is an Open Firmware is to use the Startup Disk pane of System Preferences (requires admin password) or to use the bless command in the terminal (requires sudo / root access).

Oh, and for those of you that *really* want to secure it, make sure you have a padlock on the case so that they can't open it up, change RAM size, and then zap the PRAM on boot to clear the OF password.

Basic hole filled with solutions that have been available since Mac OS 9.

Re:What about the insecure default settings?

[JPRelph]

It is possible to boot a Mac from an external drive (USB or Firewire on Intel Macs, and Firewire drives on PPC Macs) but it is pretty easy to stop that from becoming a problem. Apple have a utility that stops people changing firmware settings including booting from a different drive http://docs.info.apple.com/article.html?artnum=106482

Re:What about the insecure default settings?

[bombastinator]

This is why I said "default settings". There are several more things like this. It's stuff that can be fixed by folks who know what they are doing. The whole point behind macs though is they should not require that level of system knowledge to make them work.

This is or has been a known problem on a few Linux distros as well. Still IMHO it should be fixed. There's a big difference between surreptitiously slipping a flash drive into a slot for a minute or two and taking the lid off a machine. Especially a laptop.

There appears to be at least one company who disagree with you on the password thing. http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/
Whether they are correct is another question of course.

Re:What about the insecure default settings?

[aedan]

I suspect they leave the defaults as they are for people who forget passwords. Lots of people forget them. It's useful if you can boot from the installer CD and reset them. If you have data which is important enough to warrant it then it is possible to lock it down and encrypt the data but for many people this would be the wrong option.

Re:What about the insecure default settings?

[bombastinator]

The same argument can be made for having any security at all. If there is nothing worth keeping on or off your computer then there is no reason to take any security measures.

If your computer is not fast enough to serve as a spambot, and you never buy things over the intrnet or do online banking you are probably ok.

If you do on the other hand then leaving a back door open is unwise.

Re:What about the insecure default settings?

[netsrek]

So this is why you:

a) Turn on encrypted swap, which encrypts your hibernate file from safe sleep.
b) Turn on FileVault, which provides an encrypted home directory.

Note too that FileVault in 10.5 employs a far more robust backing storage system than in 10.4. Apple have switched the format from sparseimages (which themselves were improved for reliability in 10.4) to sparsebundles, which are incredibly resistant to corruption.

Re:What about the insecure default settings?

[aedan]

It's not quite the same as no security. You need physical access to the machine. You need a boot device. You need time to do it. The user will know something has happened because the passwords will have changed.

It could be locked down but I still think that for most people there is no need for that. They would be more pissed if you told them their computer was bricked because they forgot their password.

If you want to explain that to my auntie then be my guest. I'd rather be able to reset it for her.

Re:What about the insecure default settings?

[MachineShedFred]

There appears to be at least one company who disagree with you on the password thing. http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/

I hadn't seen that product, but reading the description sounds like it's an application on a USB drive that just reads the logged in user's keychain file. This could likely be prevented by incorporating the screen lock functionality on the screensaver, and using a password that doesn't suck. For preventing the attack of the keychains of users that aren't logged in, well, that's what FileVault is for.

As far as the defaults go, Apple goes as secure as is merited for the average user. This means leaving unneeded services turned off, and locking file permissions on system and application folders to 755. The reason why they don't enable boot security by default is because if John Q. Homeuser blows up his system through some ill-advised file deletions and also numbskulls his Open Firmware password, he now has no way to reinstall the OS; since he wouldn't be able to boot from system CD either. This would result in massive support nightmares, and lambasting by the cynical tech public (as you see around here whenever Microsoft missteps).

impossible; other strategies

[bcrowell]

If you look at Apple's description of the time machine functionality, it's not possible for it to work the way they claim. Suppose my backup drive has a capacity of 80 Gb, and so does my primary drive. I record 79 Gb of data onto my primary disk. I run out of space, delete all of that video, and then record 79 more Gb of video, filling the disk again. Then let's say I go through the cycle for a third time. They're claiming that I can then go back in time and get back my first or second video. No way. I don't have enough total disk space to store all three videos. So realistically, there are implementation limits, which they conveniently don't mention. Their description makes it sound as if everything Just Works, and will never fail to let you recover old files. In reality, it will Just Do Its Defaults, which may or may not be what you would have liked. Does it default to deleting the oldest files first? If so, then that's probably not what you would have liked in many cases, because you probably care more about preserving the 500 kb manuscript of your novel than about preserving the 70 Gb video of your kids' soccer games. Maybe it has some heuristics, so it tends to delete bigger files first, or files of a certain type first. Well, maybe that's what you wanted, but maybe it's not. Or maybe it asks you to make the decision whenever the backup drive fills up. Well, maybe that's what you want and maybe it's not, but it wouldn't be the same thing as the zero-work solution that Apple claims in their description.

In reality, I think you can have some, but not all, of the following:

1. The system takes zero work to configure and maintain.
2. The system has minimal impact on performance.
3. The system has simple, highly predictable behavior (such as always deleting older versions first).
4. The system has behavior that is what you choose.
5. The system doesn't require buying an expensive external drive that takes up space on you desk.
6. The system automatically gives you an off-site backup in case your house burns down.

Personally, what works for me is the unison file synchronizer (I use it on Linux, but it's cross-platform), plus monthly backups on CD or DVD. Using the network file synchronization takes care of two things: (1) I have an off-site backup that's always fairly up to date; (2) it makes it easy to undo mistakes like "oh no, I didn't want to delete that file." The CD backups let me (3) go back in time and get very old versions of files. I'm not saying that my solution is right for everyone. No solution is right for everyone. However, my OSS solution works much better for me than Apple's expensive, proprietary system would work for me.

Re:impossible; other strategies

[fatrat]

I use unison on OS X. I sync my laptop to my desktop (Mail, Firefox, various working directories etc) and once I week I use unison to do a backup of the whole system to an external disk. This means a) I have two copies of everything and three of most important stuff and b) I can use my laptop or my desktop interchangably and know that they are in sync. Powerful and flexible but not that easy to set up for someone that isn't comfortable in *nix land.

Re:impossible; other strategies

[Yosho]

Their description makes it sound as if everything Just Works, and will never fail to let you recover old files.

Come on, at least read the whole page if you're going to start flaming Apple. I quote:

One day, no matter how large your backup drive is, it will run out of space. And Time Machine has an action plan. It alerts you that it will start deleting previous backups, oldest first. Before it deletes any backup, Time Machine copies files that might be needed to fully restore your disk for every remaining backup. (Moral of the story: The larger the drive, the farther back in time you can back up.)

Re:impossible; other strategies

[p0tat03]

Expensive proprietary system? o_O Sure, it's infinitely more expensive than your OSS solution (technically), but a $150 price tag for the entirety of Leopard seems like a reasonably good deal to me. I think this is more of a "it's better than what we've got" feature than a "this is a guaranteed fool-proof backup solution". Of course it will start losing files if you push your disk capacity to its limits - but that's true for ANY backup method. If you ran out of CDs and had no means to get more, you'd start "losing data" pretty quickly also.

IMHO this is clearly designed for people who currently have *no* backup solution in place, and is a method with a very low barrier to entry that will lend a lot more data protection than people currently enjoy. That's it in a nutshell, nothing more and nothing less.

Re:impossible; other strategies

[commodoresloat]

you probably care more about preserving the 500 kb manuscript of your novel than about preserving the 70 Gb video of your kids' soccer games. You clearly haven't read my novel.

Re:impossible; other strategies

[nine-times]

If you look at Apple's description [apple.com] of the time machine functionality, it's not possible for it to work the way they claim.

Could you please explain how you think Apple is claiming Time Machine works, and why you think it's not doing that? I ask because I'm not sure what you find objectionable about the page you linked to. In a simple answer to your question, you can use Time Machine to back up to either an external drive or a server. When space runs out, OSX will warn you, and you'll then be given the option of overwriting your old files. That's what Apple has said about running out of space. I would assume that you'd also have the option of adding additional storage (e.g. getting another external hard drive), and keeping your old backups.

It'll be a very sensible solution for 99% of users. (Yes, that statistic was pulled out of thin air. But it's very sensible.)

However, my OSS solution works much better for me than Apple's expensive, proprietary system would work for me.

Ok, that's great. Nobody is stopping you from using that solution, and Unison has been available on OSX for a while now. In fact, I don't see any reason to think you won't be able to use both Unison and Time Machine. So what's the problem?

Re:impossible; other strategies

[MSG]

Does it default to deleting the oldest files first? If so, then that's probably not what you would have liked in many cases, because you probably care more about preserving the 500 kb manuscript of your novel than about preserving the 70 Gb video of your kids' soccer games.

Actually, it deletes entire snapshots when it needs the room, so you'll still have your 500kb novel as well as the video.

Time Machine is very similar to rsnapshot, except that it can use spotlight to determine which files have changed, and can therefore update the current snapshot much more quickly than rsync.

Re:impossible; other strategies

[sincewhen]

you probably care more about preserving the 500 kb manuscript of your novel than about preserving the 70 Gb video of your kids' soccer games.

You clearly haven't read my novel.

You clearly haven't seen my kids playing soccer.

Re:It's to bad that 10.5 is not comeing out for al

[AntEater]

"Mac OS X has the "it just works" reputation because of the limited number of hardware configurations on which it runs."

I've heard this for years but I still haven't seen ANY hardware sample where Windows "just works". I'd put more value on the fact that Apple based the core of their OS on a unix-like system not the registry/spaghetti mess that has been windows for the past decade plus. I'm sure that eliminating poorly written drivers from the mix does help prevent some of the problems that plague windows but it's not the whole story by a long shot.

Besides, with that argument, Linux should be even more unstable because very few of it's hardware drivers are written by the device manufacturers - many are reverse engineered.

Re:WTF???

[jsz0]

You can exclude things from TimeMachine backups. Exclude your ~/Homemade_porn directory.

Re:WTF???

[Vokkyt]

I'm hoping that this is meant to be sarcastic, though I'm certainly stretching to find it.

Security hole from hell? Okay, if a person has that kind of access to your machine, your files are really already compromised; cause unless you frequently leave your Mac out in the open with the root password pasted to it, people will rarely get to the point where they can recover incriminating files. On top of that, you can control what time machine does and does not back up.

Re:WTF???

[NatasRevol]

I'd be willing to bet Time Machine doesn't delete old copies. Otherwise, what's the point of having Time Machine? It's *supposed* to recover deleted files.

Re:WTF???

[tayhimself]

OS X has also long had a "secure delete" option that not only deletes the file, but writes over it with random data multiple times, ala DoD requirements. I'd be willing to bet that also does the same on your time machine backups. This is just a wrapper around the shred utility in linux i would guess. Used with find shred is pretty cool.

Re:WTF???

and how does wear leveling affect writes over with random data?

Re:It's to bad that 10.5 is not comeing out for al

[Rational]

In the time people have been complaining about the lack of a mid-range Mac, those same people would easily have saved enough for a Mac Pro...

Moderators on crack

How the hell is that a flaimbait? Parent is right, the implementatios on the new MacOS and Vista are nearly identical. Of course what do you wait from a rabid macboi moderator.

Re:WTF???

[Llywelyn]

That's true for the normal delete, but I don't know about "secure delete." Secure delete could very well go back through your entire backup set and delete the file utterly.

We won't know for sure until it comes out and someone tests it.

TM has that option

[SuperKendall]

Watch the Apple leopard video. I believe in there, they talk briefly about how TM has the option to permanently remove all versions of a file. It should also be mentioned on the TM feature page Apple has on the web site... in any case it's possible.

It's such an obvious feature it's no surprise it's included. This is versioning 101 stuff.

Re:TM has that option

[goombah99]

Watch the Apple leopard video. I believe in there, they talk briefly about how TM has the option to permanently remove all versions of a file. It should also be mentioned on the TM feature page Apple has on the web site... in any case it's possible.

It's such an obvious feature it's no surprise it's included. This is versioning 101 stuff. How do it know? When is a file a version and not a new one? For example if I have a configuration file for some data processing program I use. I edit it in different ways for different runs. Is this a version or a different file. Or how about a generic reference letter I go in and change the names in for another use. version or different file? What if I move or copy a file. Are these versions?

Re:TM has that option

[99BottlesOfBeerInMyF]

How do it know? When is a file a version and not a new one?

That's easy. It tracks the changes to the files. If you create a new file by using "save as" that won't be deleted and neither will it's history, but that is obvious because the original file still exists. If you move a file, it is still the same file. If you copy a file, you've made a new file, based upon the old one.

Re:It's to bad that 10.5 is not comeing out for al

[olddotter]

Mod the parent up to 11 :-). Besides, with that argument, Linux should be even more unstable because very few of it's hardware drivers are written by the device manufacturers - many are reverse engineered. I couldn't say it better myself!!

Not Me

[el_munkie]

OS 9 was more responsive, yes. But, due to cooperative multitasking, if any program crashed, your entire computer did as well. I did some fairly memory intensive Photoshop work for a newspaper on an OS 9 Mac that was packed to the gills with RAM, and I'd have an average of two reboots a day. This can be maddening to the point where you'll want to throw the Mac out the window if you just lost an hour's painstaking work to the fucking bomb.

The OS X came about. Systemwide crashes are a rarity, and in my experience mostly due to hardware failure. If some beta version of Firefox crashes, it dies a lonely death while the other programs keep on chugging.

Re:WTF???

[Onan]

It's srm rather than shred, but yeah, same idea.

Troll much?

Its OK to truncate data lots of the time, I would go so far as to say most of the time. Do you gnutards really think its a good idea to try to allocate many MBs of RAM to a string storing a filename, when the operating system limits path lengths and filename lengths anyways? Or when you are grabbing data to put into a varchar(255) column in the database, you want to using snprintf to truncate the data and then use the return value to see that it was truncated, and give the user an error message.

How does code randomization help?

[argent]

What's to keep the virus from just using the underlying trap instruction for its system calls? This is a UNIX system, friends, you don't need to call printf(), you can call write().

Re:How does code randomization help?

[pammon]

> What's to keep the virus from just using the underlying trap instruction for its system calls? This is a UNIX system, friends, you don't need to call printf(), you can call write().

How do you execute a system call? You need to have the processor jump into a buffer of your instructions. The usual approach is to somehow get your instructions into memory and then overwrite the return address on the stack with a pointer to that buffer.

But if the buffer is in a different location every time, there is no way to know ahead of time what value to put into the return address. And remember that you have to overwrite the return address before you can execute any instructions, so you can't compute it at runtime either.

Re:How does code randomization help?

[argent]

But if the buffer is in a different location every time, there is no way to know ahead of time what value to put into the return address.

Aha, so all the discussion about finding the location of printf() and how much code you could fit into a buffer overflow to locate it was someone trying to very subtly confuse the issue? Or someone even more confused than I, perhaps.

Re:It's to bad that 10.5 is not comeing out for al

[nine-times]

I've heard this for years but I still haven't seen ANY hardware sample where Windows "just works".

It really depends on what you mean by "just works". The truth is that Windows does suffer from supporting a larger variety of hardware. Specifically, if you have a Windows XP computer that crashes on a regular basis, there's a very good chance that you either have some sort of malware installed or else have some really crappy drivers. Ignoring malware and crappy drivers, Windows XP is actually a pretty stable OS.

So when you talk about how things "just work", are you only speaking about stability? Because OSX makes it much easier to image machines and put that image on other (different) hardware, for example. OSX also doesn't go into "reduced functionality mode" when you install new hardware. OSX also keeps up to date with the most common hardware so that you don't have to hunt down drivers if you install new hardware. After using a Mac for a few years, I'd say that OSX does a lot of things more sensibly than Windows, and cuts out a lot of annoyances from day-to-day computer usage.

Also, as you mentioned, Linux does a number of things better than Windows these days. When I install Windows XP (or even Vista) on a machine, I usually have to spend an awful lot of time afterwards hunting down drivers. Then I have to install a bunch of different pieces of software, one at a time. I have to find the disks for that software and the serial numbers, and click "next" 50 times for each install. On the other hand, when I install Ubuntu on the same machine, it discovers all my hardware automatically and also automatically installs a bunch of common apps. I can then install additional apps very easily, and update all the software on my machine at the same time, using Synaptic. No user intervention is required during the install.

So are these things included in "just working"?

Many of these approaches have already failed

[argent]

Application signing, warning dialogs for downloaded files, and the like... these have been Microsoft's first line of defense against cross-zone exploits for a decade now and they have systematically failed. Now Microsoft is using Sandboxing, and that will also fail.

I wish that Apple would decide to photocopy good ideas from Microsoft rather than bad ones. The single set of application bindings for helper applications and URL handlers? That comes from Windows. The idea of giving users the opportunity to open potentially hostile files directly from mail and browser software? That comes from Windows. Open Safe Files? That comes from Windows. Popping up dialogs before automatically doing stupid things, instead of not automatically doing stupid things? That comes from Windows.

The last straw for me was when Safari on OSX warned me that I was downloading an EXE file because it's executable. Not that I was running it. Just that I was downloading it. Holy Mother of Turing!

*sigh*

At least they don't have anything like ActiveX yet.

Re:Many of these approaches have already failed

I hear you brother.

I have the same problem with Gnome asking me "this file appears to be type X but the extension indicates that it is type Y. please make sure things are secure." Just freaking give me a "don't show this dialog again" option, or "open anyway" or at least memorize that this file is opened with this app! but no Gnome is trying to be the Vista of OSS.

Note: I use Gnome and it's great, but this particular feature(bug?) is seriously freaking me out.

Re:Many of these approaches have already failed

[tepples]

The last straw for me was when Safari on OSX warned me that I was downloading an EXE file because it's executable. Not that I was running it. Just that I was downloading it. Holy Mother of Turing! Darwine?

Re:Many of these approaches have already failed

> The last straw for me was when Safari on OSX warned me that I was downloading an EXE file because it's executable. Not that I was running it. Just that I was downloading it. Holy Mother of Turing!

Yep, Apple knows that. This is something that has been fixed in Leopard - it will warn you the first time you launch an app, not download it. Compared to Tiger, Leopard's warning dialogs have gotten both smarter AND less intrusive!

Re:Many of these approaches have already failed

[argent]

This is something that has been fixed in Leopard - it will warn you the first time you launch an app, not download it.

It already DOES that, for applications launched from URIs, and it shouldn't do either.

You see, shortly after they implemented this Microsoftian scheme for the first time, I installed a "GO" screen saver. Unbeknownst to me, one of the options in this screen saver was to allow you to bring up the GO board being displayed and play on it. Unfortunately, the first time I tried it I happened to hit the key that brought up the GO program.

What happened next was obvious in hindsight.

BEHIND the screen saver, invisible and untouchable, it brought up the LaunchServices dialog asing if I really wanted to launch GNU Go. The screensaver froze, waiting for GNU Go to launch, and GNU Go never launched, because GNU Go couldn't run until I approved the dialog, which I couldn't do because it was behind the screensaver.

The thing is, the GO screen saver was already running in native code. The URI was encoded in the screen saver. LaunchServices was protecting me from a program that was already running with full local user permissions. The solution is not to annoy (or completely block) users with dialogs, which only serves to train people to approve dialogs, but to create a distinction between local and remote resources and local and remote handlers for resources.

http://www.scarydevil.com/~peter/io/osx-security.html and following pages go into more detail.

Apple's been bumbling around trying to make Microsoft's messed up design work for over 3 years now. Microsoft hasn't gotten it working in over 10 years. One definition of insanity is to repeat the same actions when they have proven not to work.

Re:Many of these approaches have already failed

[argent]

If they're crazy enough to register ".EXE" in LaunchServices I'm not crazy enough to even consider installing them.

hardlinks

[goombah99]

How do it know? When is a file a version and not a new one?

That's easy. It tracks the changes to the files. If you create a new file by using "save as" that won't be deleted and neither will it's history, but that is obvious because the original file still exists. If you move a file, it is still the same file. If you copy a file, you've made a new file, based upon the old one.

Okay try this one on for size. Make a hard link of a file. Now edit one of the hardlinks and save it (not save-as, just save). Now which one is the copy? From the file systems POV the edited one will be a copy. But from the users point of view it might be the original, especially if they had no way of knowing the hard link had been made.

For example, since I don't have Time Machine yet I currently snapshot my home directory by making a image of it populated by hardlinks. this happens in the background so I don't even know it is happening. Nor do the other users on the computer. You can't really say which is the link since it's a hard link not a softlink or alias. A hard link is an identical file system entry as the original and should be indistinguishable. The save will sever the link.

Re:hardlinks

[SuperKendall]

Okay try this one on for size. Make a hard link of a file. Now edit one of the hardlinks and save it (not save-as, just save). Now which one is the copy?

There are no "copies". You had one file that you modified. This would be reflected in Time Machine by simply re-creating the two hard links you had to the same file.

From the file systems POV the edited one will be a copy.

There are no copies, there is one file (from the filesystems point of view). Try it and look at BOTH hard links.

The save will sever the link.

Are you SURE you are using hardlinks? On what OS and filesystem? If you're on a mac and using Tiger (HFS+) you are not using hardlinks!

Leopard will support real hardlinks.

If you are using any other kind of link, and you create a new file that replaces a hardlink... then that is in fact a brand new file that would be backed up by TM.

Re:hardlinks

[NtroP]

Make a hard link of a file. Now edit one of the hardlinks and save it (not save-as, just save). Now which one is the copy? From the file systems POV the edited one will be a copy. But from the users point of view it might be the original, especially if they had no way of knowing the hard link had been made. Ummmm... If you edit a hard link *both* files change because they are the exact same file, just in two separate places. It's just duplicate address entry in the inode table. That's how hard links work.

Re:hardlinks

[VGPowerlord]

Okay try this one on for size. Make a hard link of a file. Now edit one of the hardlinks and save it (not save-as, just save). Now which one is the copy? From the file systems POV the edited one will be a copy. But from the users point of view it might be the original, especially if they had no way of knowing the hard link had been made.

From the file system's POV, both are just a name pointing to one disk location. In fact, you even said that in the following paragraph:

For example, since I don't have Time Machine yet I currently snapshot my home directory by making a image of it populated by hardlinks. this happens in the background so I don't even know it is happening. Nor do the other users on the computer. You can't really say which is the link since it's a hard link not a softlink or alias. A hard link is an identical file system entry as the original and should be indistinguishable. The save will sever the link.

Any sane API for tracking file changes would use the inode number rather than the file path. inodes are, by definition, unique to a file. Heck, they even keep count of how many hard links point to a file (and are deleted when that hits 0).

Re:hardlinks

[rudedog]

Are you SURE you are using hardlinks? On what OS and filesystem? If you're on a mac and using Tiger (HFS+) you are not using hardlinks!

What are you talking about?

$ uname -a
Darwin medusa 8.10.1 Darwin Kernel Version 8.10.1: Wed May 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386
$ cd /tmp
$ echo 'hey there' > link1
$ ln link1 link2
$ ls -li link*
3516841 -rw-r--r-- 2 dave wheel 10 Oct 23 15:16 link1
3516841 -rw-r--r-- 2 dave wheel 10 Oct 23 15:16 link2
$ echo buddy >> link2
$ ls -li link*
3516841 -rw-r--r-- 2 dave wheel 16 Oct 23 15:16 link1
3516841 -rw-r--r-- 2 dave wheel 16 Oct 23 15:16 link2
$ cat link2
hey there
buddy
$ cat link1
hey there
buddy
$

That sure looks like hard links to me, unless you have some other definition of hard links that I am unaware of. Yes, this is a HFS+ filesystem; I did not re-install Tiger when I got my Macbook, and Tiger is installed with HFS+

Re:hardlinks

[SuperKendall]

Sorry, I was under the impression that hard links were kind of half-implemented in Tiger so I have not really used them there. Also there are reports of enhanced hardlink support in Leopard (supports directories now) that reinforced that notion...

But as your text shows hardlinks behave as I described, appending to one link did not "break the link" and the single file simply grew as a result with both links reflecting this fact.

Re:hardlinks

[rudedog]

Sorry, I was under the impression that hard links were kind of half-implemented in Tiger so I have not really used them there. Also there are reports of enhanced hardlink support in Leopard (supports directories now) that reinforced that notion...

As far as I know, HFS+ is posix-compliant, so it has to support hard links.

It's my understanding that Time Machine actually works by creating an encrypted loopback volume on the target drive, and then building a hard-link farm in that volume, a la Dirvish. And, that includes hardlinks for directories, as you mentioned. However, I doubt that hardlinked directories outside of the Time Machine volume will be allowed because they are generally very bad things because of the danger of creating a cyclic directory tree.

On Linux, GNU ln requires superuser privs to hardlink to a directory, and even then it will still be disallowed by many filesystems, such as ext3.

Re:hardlinks

The problem could be that some programs don't save to the same file when you tell them to save. They create a new file, save to that one, delete the original, then rename the new file to have the same name as the original. This reduces the chances of losing data if something goes wrong during the save, and is normally a smart thing to do. But there is the unintended consequence that links will get broken when you do this.

Re:hardlinks

[goombah99]

Sorry but you are utterly and completely mistaken. If you modify a hardlinked file in Tiger, it copies the file and modifies the copy. Thus one does not have two links to the same modified file but two different files.

Re:hardlinks

[goombah99]

What you propose, inode tracking, would totally fail in the hardlink example for the reason I give in this other reply

Re:hardlinks

[goombah99]

What you are saying is mistaken for the reason I give in this other reply

Re:hardlinks

[rthille]

If the program you use edits (rewrites) the file directly, that's true, but some applications will write a new file and move it into place at the old name to provide protection against crashes. That would sever the hard link between the two names. Same with the other approach of moving aside the old file and writing the new version at the old name, then deleting the temporary backup. So, a lot of that depends on the application doing the "saving".

Re:It's to bad that 10.5 is not comeing out for al

[toQDuj]

Not only does it work together with the hardware, but the software works a little better with the software too. It's a little bit less frustrating than using software under windows. A little bit more stable, a little bit more intuitive, simple, and less maintenance. Hardware doesn't have to play a role here.

Re:It's to bad that 10.5 is not comeing out for al

[soft_guy]

No, Apple did NOT try that. The hardware that was released by PowerComputing, UMax, Motorola, Radius, etc. was not generic hardware. It was Apple designed motherboards. I think in some cases they were even manufacturered by Apple and placed in the other company's cases. Apple had deals with those guys that didn't make any damn sense (for Apple). Very different from trying to support "generic" hardware.

Re:WTF???

[iamacat]

The consequences of a privacy breach are incomparably more grave than that of data loss. You could be put in jail, face a divorce, get fired or have your reputation permanently tarnished by content leaked on Internet. Companies will face lawsuits based on intermediate versions of a memos that were never actually distributed.

Suppose you were writing a letter to an old friend and, in a moment of weakness, add a paragraph on how you still have a crush on her and would like to meet. Later you think better of it and send a version without untoward sentiments. What would your wife think if she stumbles upon an earlier draft while looking for your daughter's accidentally deleted school essay? Is the inconvenience of doing manual backups so great to risk suffering for "thought crimes" that were never carried out?

When people burn a letter, cut up a CD or flush something down the toilet, they trust that the stuff stays gone. Computers should follow the same metaphor accurately by default and only retain information on opt in basis. At the very least, they can ensure that archives are only accessed with your permission by asking for a password before showing old files.

GUIs are prone to errors ...

[AHumbleOpinion]

If it is an important file, why would you drop it in a public location in the first place ...

GUIs are prone to errors, just like consoles. All that has changed is how the error manifests. When your finger slips at the console you get a typo. When your finger slips during a drag you may inadvertantly issue a mouse up and drop the file being moved prematurely, in the wrong folder. It can be a PITA when you were dragging over a bunch of subfolders in a list view.

Re:WTF???

I'd be willing to bet that And here we have the old zealot comment - why not actually find out for a fact the behaviour first before posting what you 'bet' or 'feel' Apple will do?

Re:It's to bad that 10.5 is not comeing out for al

It has little to do with stability. Although it is less of a problem than before, one of the biggest hurdles to Linux adoption is drivers for hardware. Without support from the manufacturers, OSX would have the same problem.

Feature Now - Is there a hidden camera?

[TheNetAvenger]

From article submission: http://yro.slashdot.org/article.pl?sid=06/07/31/0044201

Re: Vista Previous Versions (Also in 2003 Server)
Some users will find the feature objectionable because it could give the bossman a new way to check up on employees, or perhaps it could be exploited in some nefarious way by some nefarious person. Previous versions of Windows were still susceptible to undelete utilities, of course, but this new functionality makes browsing quite, quite simple.

From today's article:
The writer argues that Apple's new Time Machine automatic backup should be considered a security feature.

- So the same feature that first appeared on Windows Server in 2003 and then on Vista is considered a security risk, especially because it is too 'easy' to use.

- And now the same freaking feature in OS X is considered a 'security feature', and they claim it is even 'easier' to use than Vista's version?

How can logical people even accept information like this? Can we officially rename SlashDot - Apple's new bitch?

Doesn't anyone else find things disingenuous when you can get modded down attacking OS X faster than if you attack FreeBSD or Linux on a OSS site? We now see the same 'coveted' features in Vista are bad, but good in OS X.

SlashDot, I miss the real tech news, OSS information, and honest debate...

Re:Feature Now - Is there a hidden camera?

Security is not just about confidentiality. In this case, Time Machine is a great feature for Integrity and Availability.

The comment before mine already pointed out the differences between Microsoft's and Apple's systems.

Re:Feature Now - Is there a hidden camera?

[TheNetAvenger]

The comment before mine already pointed out the differences between Microsoft's and Apple's systems.

Actually it didn't, it references a technology that has nothing to do with Microsoft's 'Previous Versions' which is the equivalent to OS X's Time Machine. Read the responses to the post before yours to clarify this for you.

Mod parent up

[VGPowerlord]

"It's Schadenfreude. Making me feel glad that I'm not you!" -- "Gary Coleman", Avenue Q

Re:It's to bad that 10.5 is not comeing out for al

Apple would have to support unknown hardware

So what? Microsoft, Linux, and BSD derived OSs already do this, and it works pretty well for them.

Hell, Apple, when importing BSD drivers (read: they don't have to write their own drivers since they benefit from other people's hard work) has even excluded perfectly working BSD drivers. And this doesn't just exclude people who want to run on non-Apple machines. Let's say I buy a stock off-the-shelf component and want to put it in a perfectly legit Mac. Let's use a PCMCIA bridge as an example, as I ran into this once. Even though the project that they took their PCMCIA code from supports the chipset, I can't use it because Apple won't let me. Meanwhile, MS, Linux, and BSD are supporting these without considerable wasted effort. In fact, since the interface to this PCMCIA bridge is nearly indentical to (if not 100% the same as) another one they support, they could make the change by just adjusting an array of integers representing PCI IDs. But they don't. Why is this a good thing?

getting root on an apple is easy

[BlackSnake112]

Get the apple, boot off of the OSX cd, use the password reset utility, now that you ARE root you can do what ever you want to that machine.

Having that kind of access with almost any OS means your data is no longer secure.

Re:getting root on an apple is easy

[Bill_the_Engineer]

Get the apple, boot off of the OSX cd, use the password reset utility, now that you ARE root you can do what ever you want to that machine.

Except for the secured file archives, created using Disk Image, that has its own password.

Re:It's to bad that 10.5 is not comeing out for al

So what? Microsoft, Linux, and BSD derived OSs already do this, and it works pretty well for them.

No it doesn't work pretty well for them. I can't claim an authoritative figure, but let's call it most Windows crashes are down to third party drivers. When this happens, you have the dodge-the-blame dance going on between the computer manufacturer (say, Dell), the OS manufacturer (MS) and the peripheral manufacturer (say, Logitech). With Apple, there's no such opportunity for blame avoidance, so they have to keep their shit together.

Linux (and to an even further extent BSD) sidesteps the problem by supporting far less products, and keeps the "no right to complain about free software" ace up its sleeve.

Re:It's to bad that 10.5 is not comeing out for al

Install linux without the network cord plugged in and with the wireless turned off. Then see what is missing. Windows doesn't connect online during the install process to check for drivers. Hell, even after the install process windows check for drivers. Most linux installs are network card drivers and maybe video card the rest is search online against a very large database of drivers. Microsoft are complete fools for not having a driver database that can be checked during the install process.

Mac OS X encouraged limited users earlier

[tepples]

The fact is: vista gets bashed for this. MacOS gets praised for **THE SAME THING** A lot of apps that run under Windows Vista were first developed during the Windows/DOS era (August 1995 through December 2001) when everybody was an administrator. On the Mac, apps from this time period ran in a separate virtual machine called Classic, and the pain of switching in and out of Classic was enough to get Mac app developers to port their apps to Carbon soon enough. Mac OS X also introduced limited users and some elevation prompts early on. Windows XP, on the other hand, did not have a corresponding clean break in the API. Many apps using 9xisms (e.g. writes to HKEY_LOCAL_MACHINE, \Windows, and \Program Files outside of the installer) continued to run seamlessly as administrator, and developers got away with it especially because all new users under XP were administrators until made limited. That's the key difference.

Re:Mac OS X encouraged limited users earlier

[El+Lobo]

Well, you are talking about the developers of 3rd party programs. As a developer, i have read MS recommendations for every NT system: and beginning with NT 4.0, the recommendation is: never write to HKEY_LOCAL_MACHINE, and beginning with 2000, "store your settings on the personal folder". Office, Encarta, MSN and other MS application have actually always run perfectly fine as a non-administrator. But you are right: not everybody followed those conventions, so they are getting bitten now when Vista closed the water and the light. Oh and now is Vista the one to blame, not those sloppy pårogrammers. Anyway, even THOSE bad programs can happily run in Vista on Virtaualization (wich is automatically ON for Vista). So i use daily both: Vista and MacOSX. And I rarely get an elevation on either of them. Apples and oranges. One gets blamed , the other praised.

Re:Mac OS X encouraged limited users earlier

[tepples]

Well, you are talking about the developers of 3rd party programs. Which Microsoft cannot enforce.

As a developer, i have read MS recommendations for every NT system Until January 2002, when Windows XP became available, which PC for home use ran NT?

Office, Encarta, MSN and other MS application have actually always run perfectly fine as a non-administrator. Including games published by Microsoft?

But you are right: not everybody followed those conventions, so they are getting bitten now when Vista closed the water and the light. True. My point is that had Microsoft made Windows XP grant "limited user" privileges to newly created accounts, the transition might have been easier.

Re:Mac OS X encouraged limited users earlier

[workdeville]

But you are right: not everybody followed those conventions, so they are getting bitten now when Vista closed the water and the light. Oh and now is Vista the one to blame, not those sloppy pårogrammers. Good, you can read. This doesn't invalidate the GP's point. Unfortunately for your point, Microsoft is getting bitten, not the developers. Consumers didn't have to deal with UAC before Vista. The operating system is what changed, and is what will be blamed. OS X never allowed writing to system directories without administrator access in the first place, so developers rarely write to them unless necessary. Apple gets praised because they used a UAC-like mechanism from the start. Microsoft gets blamed because they didn't.

Re:Mac OS X encouraged limited users earlier

[drsmithy]

Until January 2002, when Windows XP became available, which PC for home use ran NT?

I think you'll find a surprising number of "pro" users had been running some version of NT at home. I certainly have been since early 1996 (NT4 beta2).

However, even Windows 9x has had the necessary infrastructure to support per-user profiles and registry hives since ~1997. That's how long ago developers *should* have started modifying their applications to work in non-Administrator accounts.

Including games published by Microsoft

Well, Microsoft is a big company. Section A might not always follow the same guidelines of section B. Not to mention, "published" != "developed".

True. My point is that had Microsoft made Windows XP grant "limited user" privileges to newly created accounts, the transition might have been easier.

I have little doubt this issue was debated extensively before the decision was made. Ultimately, it was made to favour compatibility, probably because not doing so would have made migrating people off the stone-age Windows 9x codebase even more difficult than it already was.

Re:It's to bad that 10.5 is not comeing out for al

I can't claim an authoritative figure, but let's call it most Windows crashes are down to third party drivers.

I'm talking about the drivers that Microsoft includes with Windows, not third party drivers installed after a clean install.

Linux (and to an even further extent BSD) sidesteps the problem by supporting far less products, and keeps the "no right to complain about free software" ace up its sleeve.

I'm not so sure that's true, and the fact that you have stated it as such says that you haven't looked into it very deeply. With a few exceptions for a few types of devices (such as video cards), Linux and the various BSD projects each support a lot of hardware. If you were to only peruse the source trees of their kernels you would see this pretty trivially. Certainly they support more than Mac OS, and many case, they support hardware that you'd need a third party driver for on Windows. And as someone who's done numerous clean installs of Linux, Windows, and BSDs, I can tell you that I've had much less trouble with Linux and BSD than with Windows in terms of having things supported out of the box [that is, without third party drivers from some other source]. Simple example: I was setting up a Windows box whose only network connection was a Prism wireless card. Windows XP did not recognize it without third party drivers. Linux and BSD did.

Second, this bit about "and to an even further extent BSD" isn't necessarily fair. For example, OpenBSD has Linux beat as far as wireless support. (Although that might have changed, now that Linux developers have integrated some of their work into Linux)

Re:It's to bad that 10.5 is not comeing out for al

The software was still written for generic hardware, and very device-independent. That's what made it so damned easy to run MacOS 7.5 on my Amiga. The Mac emulators for the Amiga were essentially just device drivers.

Re:It's to bad that 10.5 is not comeing out for al

[SeaFox]

In the time people have been complaining about the lack of a mid-range Mac, those same people would easily have saved enough for a Mac Pro...

Some people complaining would really like a machine that that isn't as large as the Mac Pro. even if they could have saved up enough money to make up the price difference between the cost of the fictional "midrange Tower (or Desktop)" and the MacPro, is that any reason for them to spend the money on the computer when they don't need it? They could use the extra money on software to make their Mac more useful.

Re:WTF???

[amsr]

Or you can turn it off, or use another backup solution...?

Re:It's to bad that 10.5 is not comeing out for al

So what? Microsoft, Linux, and BSD derived OSs already do this, and it works pretty well for them.

Wrong.

It may appear that it works well (rI'm referring to only the big name corporations that create OS's), however to keep control and certification of all of the third party device companies, let alone their code changes is a very large task, which leads to mis-communication and eventually more unknown support issues.

Yes, I choose to pay more for Apple products, but when it comes to service I know (once again) I can go to one company to get my issues resolved - period.

Stick with what you know, support what you build, and if people don't like your products - go build something else.

Time Machine is not Volume Shadow Copy

[LionMage]

So the same feature that first appeared on Windows Server in 2003 and then on Vista is considered a security risk, especially because it is too 'easy' to use. [...] And now the same freaking feature in OS X is considered a 'security feature', and they claim it is even 'easier' to use than Vista's version?

Sure, I'll bite.

This has been rehashed over and over again, but... Time Machine is not Volume Shadow Copy. See also here and here. See also this comment in this article.

One of the big problems I have with System Restore is that only certain key files are "backed up," and they're backed up as versioned, hidden files on the same volume. Although VSC attempts to be more comprehensive, it has the similar flaw of storing everything on the same volume. (The VSC solution also has the ability to store deltas, as block level changes, to a normally hidden part of the file system -- the shadow copy storage area.) My understanding is that the Microsoft-branded technologies rely on snapshots taken at periodic intervals (roughly once a day), and if you need a particular version of a particular file that falls in between a couple different snapshot intervals, you could be screwed. Time Machine is way more granular, providing comprehensive versioning (i.e., every revision that gets written to the file system is tracked) for each file, and on another volume, typically another drive. While there's been much talk about using external hard drives for Time Machine, Mac Pro users will no doubt use one of their many extra drive bays internal to their machines -- perfect since installation and removal is a snap.

Tracking every single revision makes it easier to track down where in time a particular file may have gotten corrupted or maliciously modified. It also becomes easier to then find a "last known good" version of a specific file, without having to pore over sets of snapshots.

Note that I'm only touching on a few small details here. But a Google search would easily enlighten you... or you could start with the links I've provided above.

Incidentally, Microsoft has a good resource explaining How Volume Shadow Copy Service Works.

Re:Time Machine is not Volume Shadow Copy

[TheNetAvenger]

How freaking stupid can this get? The person that wrote the content at the link you provided knows NOTHING about what they are talking about, confusing terms, and not even 'getting' the context of what they are trying to argue. And you post links to technical articles you apparently don't even understand or you would realize how off track you were.

Here try this...
Instead of 'Volume Shadow Copy' introduced in WindowsXP/2K or 'System Restore' introduced in WinME and effectively in WindowsXP; Go look up 'Previous Versions', released in Windows 2003 Server and turned on by default on Windows Vista.

Previous Versions is NOT System Restore, and it is NOT Volume Shadow Copies.
http://technet2.microsoft.com/windowsserver/en/library/cfddaf10-24fa-4d6d-a34d-cfb84c5223781033.mspx?mfr=true

http://shellrevealed.com/photos/windows_vista/picture123.aspx

System Restore is an Application/OS restore tool, something OS X doesn't even offer.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
FTA: (System Restore does not affect your personal data files!)

Volume Shadow Copies are a way to copy or backup 'in use' files, in basic terms.
And then go re-read the Volume Copy Service link 'you' provided, as it is another tool that OS and developers use, and is NOTHING the user ever deals with...

This is freaking stupid that Mac users can't even discuss the proper terminology or see a Vista user right click on a folder or document and bring up a 'time-line' of the folder and files, just like freaking time-machine on OS X.

Additionally...
Previous Versions is 'transparent' to applications unlike OS X that needs applications to be aware if they use 'special data stores', requires NO setup, and is working from the moment Vista is installed or the PC is turned on.

Previous Versions can be accessed in every Folder or File/Open/Save dialog box for every application running on Vista, all the way back to programs from Windows 3.1, and it works equally well on all of them.

A user can go back in the Vista Timeline on any file, folder, data store, etc. and all folders and files can be opened to view previous times, be dragged and dropped to the current time-frame.

Vista Previous Version also uses advanced FS level file and differential points so data is NOT stored 'as redundantly' as it is on OS X.

If OS X could have pulled off adding ZFS, they could have made time machine MORE like Vista with FS level snapshots instead of having to backup the files and folders to achieve a similar function.

Sadly, OS X's FS does not have the capabilities of ZFS or NTFS to do this, so data has to be actually backed up for Time Machine to work.

On Vista, there is NO Overhead of backing up 'Previous Versions' since it does work at the FS level. (See Vista doesn't technically have to copy the data each time a change is made, due to the way NTFS works. Go read more on this and ZFS to see why it is the only other FS that supports these types of transactions.)

Now I admit the OS X Time Machine interface is far more cooler than the Vista 'list' interface, but it is less functional, adds system overhead to maintain the backups,and wastes far more drive space.

So the functionality DOES EXIST in Windows, first appeared in the Windows 2003 Server Beta back in 2002, and has been around doing what Apple is just now catching up to in a less efficient way 5 years later. (4 Years if you count the Release date of Windows 2003 and not the Beta previews in 2002.)

Now take this information back to your Mac forums, and tell them they gave you crappy information and they have no idea what the hell they are talking about when it comes to comparing OS X and Vista.

Re:Time Machine is not Volume Shadow Copy

"If OS X could have pulled off adding ZFS" ?

Last time I checked, they did add ZFS.
http://news.worldofapple.com/archives/2007/10/05/leopard-zfs-update-enables-writing-capabilities/

Re:Time Machine is not Volume Shadow Copy

[TheNetAvenger]

If OS X could have pulled off adding ZFS" - Last time I checked, they did add ZFS.


1) It is a developer preview release.
2) It will be read only in Leopard.
3) It is not the default or main OS File System.

OS X cannot use the advanced features of ZFS as a part of the basic operations of the Operating System, nor rely on ZFS technologies.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041178

Take Care...

Re:Time Machine is not Volume Shadow Copy

The problem is that Previous Versions is only a partial solution to Availability. If your hard drive dies, you're hosed. Meanwhile, if a Time Machine drive dies, all you lose are backups and if the internal drive dies, all you lose is the last hour of work. It would take two simultaneous failures to lose your data.

Re:Time Machine is not Volume Shadow Copy

[TheNetAvenger]

The problem is that Previous Versions is only a partial solution to Availability. If your hard drive dies, you're hosed. Meanwhile, if a Time Machine drive dies, all you lose are backups and if the internal drive dies, all you lose is the last hour of work. It would take two simultaneous failures to lose your data.


No... Ok, I know not everyone uses Vista and it isn't something people on SlashDot probably seek out to understand, so let me be a little more clear on the previous versions in contrast to OS X time machine.

The backup system in Vista works much like Time Machine, in that Vista continually backs up your data, and will even display backed up content in the previous versions in addition to the on volume 'secondary' copies that previous versions adds to the volume.

So you get all the features of Time Machine Plus multiple version copies on the volume itself even if your backup drive is unhooked.

So in the Previous Versions list it looks something like this if I was viewing my Resume to go back to a previous 'change/version':

My Resume 1:00pm 10/24/07 Shadow
My Resume 11:00am 10/24/07 Shadow
My Resume 10:00am 10/24/07 Shadow
My Resume 12:00am 10/20/07 Backup
My Resume 4:00pm 9/02/07 Backup
My Resume 2:15pm 4/02/07 Backup

The Shadows are kept on the Volume, as I described in the previous post, no overhead to create of maintain. The Backup versions are copied to an external hard drive during the backup processes. Both are presented in the Vista Previous Versions interface timeline.

Now this may seem strange to do both, but imagine you are editing a 4GB Video, and OS X is having to write changes out to the external backup for all your files and the 4GB Video every hour. Not only does this reduce your backup 'Time Machine' in how far back it goes really fast but it is also one heck of a resource hog just to process your files everytime to a separate backup.

Vista doesn't have to do this, as it makes shadow backups on the volume and then uses the regular backup system for long term backup timelines.

Understand?

Question on OS X Security

Yes, I use OS X. I'm planning to migrate to Leopard. I also use a Windows machine somewhat less often.

That being said, I've taken some basic precautions with security. More than anything, I've not put financial information on my computer instead of relying on 'encryption' to take care of it.

Computer security though is a really specialized field. You need to know alot about hardware, networking, software, specific OSes, patches, encryption, math, etc etc. At that, and at best, because this falls under so many domains, no one can ever really know about everything about computer security.

As I'm sure a lot of people here are as well aren't security experts, the question becomes how much do we rely on the "security provider" (for this thread say Apple with OS X or MS with Windows .... but extends to routers, firewall, software, encryption)? I suppose you could remove a computer from a networked environment, but then, that only provides adds a layer of security. Most of us either don't have more than one computer, don't have time to read up on *the* latest computer security, and rely on reviews of OSes, software, routers, from "experts" to say what is best. I've been reading manuals on 'securing OS X' from reliable sources, but I've no idea how much extra security this provides.

I'm not protecting Fort Knox here .... but what do I recommend family and friends to do when fixing their computers? I don't think 'Use OS X Leopard thats secure" cuts it as this issue to begin with is really complicated. Identity theft is a huge problem. Home computer security I'm sure plays a role in this. As I at least know quite a bit about computers, etc. as at least an average computer geek, I should at least be able to take extra precautions.

Time Machine & Spotlight....

[MacDork]

Reading this made me wonder. What would happen if you had an important file you temprarly drop it in a public location then move it out. once the person downloaded it. Then someone goes and runs time machine on the public directory and picks up the file that you deleted.... Reading about Leopard made me wonder the exact opposite. What extent are time machine and spotlight integrated? Spotlight is supposed to now work seamlessly with Safari's cache.... What if the government drops something on the web and later decides to make it classified. Can you go into time machine, click the spotlight search, and find what you read yesterday, last week, last month? Sounds like a killer app to me. All you need to remember is a phrase or a few keywords and you would be able to find anything you've EVER read online. That would be a pretty awesome feature.

The Classic interface

[Kadin2048]

I was never into Macs back in the day so I can't comment on old vs. new Finder or spring loaded folders, etc., but I find it telling that the only people who seem to seriously dislike the new Finder are the ones who seriously loved the old one. To everyone else it's pretty spiffy and a reasonably good model of how such things are supposed to work. That is, I'm not at all convinced that the old Finder was actually superior; it's just that people liked it that way, darnit, and anything different is inferior by definition. As someone who used the old (oops, "Classic") Mac OS from versions 6-9, while I do think there was a certain level of curmudgeonness among the people who swore they wouldn't switch, there were very legitimate concerns about the OS X Finder and GUI, which I'm not sure have really been resolved.

Don't get me wrong, I still think OS X is better overall, because of its underlying architecture and a functional CLI, but the Classic Mac GUI had been honed incrementally over almost two decades before Steve just decided to bin the whole thing and reinvent the wheel. It was that interface which made the crappiness of OS 9 worth dealing with, despite the fact that you could hang the whole system by holding down the mouse button, and had to manually allocate memory, and everything else. It was the Mac's saving grace -- perhaps its only saving grace -- throughout the 'lean years' of the platform. And that's why a lot of users just never got over its elimination; it was, for many people, the only reason why they'd stuck around for so long.

There was no real reason to change it when the old codebase was dropped for NeXT's: even if none of the code needed to be kept, the interface guidelines that had evolved as best practices, arrived at by painstaking trial-and-error by generations of Mac programmers, could have been retained. What I think happened is that Steve Jobs wanted more eye candy, and wanted to make the entire desktop reflect the OS's "newness." It was a sales tactic, and although I don't think there's any debate that it worked, it was a pretty huge cost.

OS 9 was an operating system with a great GUI and a terrible backend; OS X had a great backend, but a GUI that was almost unusable at first, and which has only very recently come back on par with the Classic OS circa System 7.5 or so. (They just recently snuck the option-click-to-close-all-Finder-windows trick back in, which I believe originated on the IIgs, and was definitely missing for a while in early OS X versions...)

(Incidentally, the interface scizophrenia isn't limited just to the Mac OS; you also see this behavior in some of the major Apple apps [e.g. iTunes] -- every time there's a whole-number version increase, some part of the interface gets changed, apparently for the sake of changing it. It's as if they realize that some people won't believe that anything is different unless the widgets change, so they scramble everything around periodically, just to keep everyone on their toes.)

Re:The Classic interface

[Senjaz]

I think you're right. The classic system UI was designed, refined *and properly user tested* then refined again. It was consistent, it worked. But the whole design philosophy I think came with different assumptions of the market than are true today. When the Mac was first released most people had never used a computer before, those that had would have never used a proper GUI before. Apple's UI was designed to be as intuitive as possible, so that once the initial moment, of scariness about using such a new thing subsided, and the user experimented in an attempt to do something that often it would work. Then the user would think, oh, that's it. That's how it's supposed to work. That's the magic of it, any old time Mac user will fondly remember their first time using that machine.

The market today is that almost every potential Mac user has used a GUI before, almost all of them will have gained that experience using Windows. For their entire computer using lives so far they have been conditioned to think in a different way to that which the Macintosh fostered. Windows users subconsciously ignore dialogue boxes. They are used too frequently, their messages are often confusing and don't help the user to make a decision. Windows users think that Wizards are a good idea. They expect the user interface to be very complex (it's a computer after all) and for there to be modal Wizards to make it simple for them. Why isn't simple the default? Windows users are taught by experience that experimentation on your computer is harmful. You will loose data, you will trash your system, you will mess something up. Windows users expect their machine to be hacked, infected, controlled, they also expect to have to reinstall their system every 6 to 12 months. The list is much longer than this slashdot comment will allow.

Apple isn't starting off with fresh new customers who will learn how to use a computer in a constructive environment. All it's new customers are Microsoft abuse victims and they need to be treated in an entirely different way. I think the best way to deal with them is to operate in some ways similarly to Windows, but with less abuse. So we have a file browser instead of the old Finder. We have context menus and right mouse buttons. And uhh... file extensions. New Mac users will find some things familiar, and where it is different, hopefully it's because it's much better than the alternative.

The only problem is for all the original Macintosh users. Now we're being treated as if we've known nothing but Windows.

Re:The Classic interface

[bahamat]

As someone who used the old (oops, "Classic") Mac OS from versions 6-9, while I do think there was a certain level of curmudgeonness among the people who swore they wouldn't switch, there were very legitimate concerns about the OS X Finder and GUI, which I'm not sure have really been resolved.

See, now I also used Mac OS 7.5-9.1, and I hated the old Finder. I turned off all of the spacial stuff and used single window "expandable triangle" folder view. I also think that the column view Finder is far superior to the classic Finder. I would be all for fixing the Finder, except that I can't find anything particularly wrong with it. You'll probably disagree with me because you like the spacial Finder. That's OK, but as the grandparent post said, it's not better, you just like it.

Re:The Classic interface

[n5vb]

(Incidentally, the interface scizophrenia isn't limited just to the Mac OS; you also see this behavior in some of the major Apple apps [e.g. iTunes] -- every time there's a whole-number version increase, some part of the interface gets changed, apparently for the sake of changing it. It's as if they realize that some people won't believe that anything is different unless the widgets change, so they scramble everything around periodically, just to keep everyone on their toes.)

I'm still not sure I like the changes that were made to iMovie to make it prettier .. the iMovie GUI actually appears to have dropped a feature I happened to find very useful, which was the "timeline" method of editing with keyframed audio level changes. The new GUI looks a lot spiffier, but I can't do keyframed audio fade ins and outs and I'm stuck with the canned transition audio effects. There are a lot of editing tricks that aren't possible after the change, and it kind of pisses me off that I'm probably going to need to move up to Final Cut Express to keep doing the NLE that I was doing in iMovie. Sometimes the "scrambling around" drops critical stuff, and even worse, hides what's dropped behind gee-whiz whistles and bells that look fancy so most people don't notice. And iMovie used to be a pretty good NLE suite, good enough that I didn't have to use Final Cut [Pro|Express] .. feh ..

No

[goombah99]

Sorry to tell you this but you are mistaken. In most application (but not all) that modify files the program unlinks the file before writing the new file. Try it. However there are also many cases where this is not the case, an example is "cat > filename" or pico or bbedit. Those will write to single file and both hardlinks are changed.

Now you might say, well yes that is true but that's just the application doing that not the hardlink. True, but re-read my original question. How does the user know (or the OS know what the user meant) when he asks it to erase all version of a file? In the example I gave the result would change depending if a hardlink existed or not. The alternate answer is that the system would not be able to backtrack versions for any application that did that (which would be basically all major apps).

Re:No

[SuperKendall]

I see where you are going but you are still dead wrong, just less stupid. In my case to test I used VI AND Textmate, obviously more involved than a shell bult-in.

if a program you are using chooses to unlink a link, that has zero (0) to do with either the OS or the filesystem (especially not the filesystem). Again I would note that a hard link is a hard link for a specific reason and unlinking the file is totally outside the realm of what makes a hardlink a hardlink.

Just because applications YOU use choose to blindly destroy what was done by the user does not mean it has anything to do with hard links.

Re:No

[The+One+and+Only]

Again, Apple probably made a design choice for those of us who don't understand hardlinks to write Cocoa and Carbon to break hardlinks. Create a text file, and call it link1.txt. Then

link link1.txt link2.txt

. Then

ls -i

and you'll see that link1.txt and link2.txt have the same inumber. Now, if you change link2.txt in pico, they are still hardlinked, but if you change it in TextEdit, they aren't. You can verify this though

ls -i

as well as through changing one and seeing the other not change.

Re:WTF???

[Jeremi]

Haven't they seen any movies on security issues of time travel?

Hmm... what movies did you have in mind? Primer, perhaps?

briefly considered

Data: I was tempted by the offer.
Jean-Luc Picard: How long a time?
Data: Zero point six eight seconds, sir.

Re:briefly considered

Data: She [the Borg Queen] brought me closer to humanity than I ever thought possible. And for a time, I was tempted by her offer.
Picard: How long a time?
Data: Zero point six-eight seconds, sir... For an android, that is nearly an eternity.
        -Star Trek: First Contact

Re:WTF???

[Jeremi]

Computers should follow the same metaphor accurately by default and only retain information on opt in basis.

Well, you're in luck... Time Machine is something you have to manually activate/configure before it will do anything.

Incorrect snprintf description

[kybred]

Hmm, so why does the man page for snprintf say this?

The snprintf() and vsnprintf() functions will write at most size-1 of the characters printed into the output string (the size'th character then gets the terminating `\0'); if the return value is greater than or equal to the size argument, the string was too short and some of the printed characters were discarded. The output is always null-terminated.

I think you're confusing snprintf() behavior with that of strncpy(), which does as you say.

I raise

You're bluffing. Citation please.

Re:It's to bad that 10.5 is not comeing out for al

But, see, most of the drivers in Mac OS X were not written by people at Apple, but were already written by the free software community. This includes, for example, the PCMCIA bus driver the poster was commenting on. Why don't they just include the full set of drivers from this project? They have nothing to lose, since they can say that only their own configurations are "supported" officially... But you'd be able to use more third party stuff without adding any drivers. And... In reality, these drivers are good quality. If they weren't, Apple wouldn't use them for their own purposes.

You seem to be living in some sort of dreamworld where Apple wrote these drivers. They didn't. They ripped most of them off of the efforts of free software volunteers. Yes, the idea with corporate backing is that if a driver starts malfunctioning, people can go to Apple to get support... But... Honestly, I doubt you can find me a case study of someone who did.

I've actually run into a fair share of kernel panics on Macs and I doubt Apple would care if I called them up and reported it. Does MS investigate every BSOD?

Are you serious?

[SuperKendall]

Sorry but you are utterly and completely mistaken. If you modify a hardlinked file in Tiger, it copies the file and modifies the copy.

You have to be a total idiot to post that after seeing from the other comment I replied to that is not the case!

Sitting right here in Tiger, if I edit a file, then create a hard link to that file, then edit the link - both files change, because there is ONE FILE!!!!

What would be the point of hard links if it were NOT a single file? You have zero clue what you are talking about. Try reading up on what a hard link even is before you spout nonsense. Or at least try it before embarrassing yourself so.

Sorry to be harsh, but you can't go around spreading complete fabrications about something so easy to test.

Re:Are you serious?

[The+One+and+Only]

I just tested it in Tiger. GUI apps do break hardlinks, although command-line apps do not.

Now I see where you went wrong

[SuperKendall]

Emacs exhibits the behavior you note - because by default, it renames the file you are editing (to filename~) and then saves out a whole new version. Of course only the old version is still linked...

Thus as I said, the behaviour you are talking about has Zero to do with what hardlinks do, and everything to do with how applications treat files they are about to modify. If they simply modify the file in place of course the link behaves as expected, if they move the file without telling the user then blam - the APPLICATION has destroyed the link.

So TIGER doesn't behave at all as you say, it's only some applications. Again you fail to understand the very clue the name "hardLINK" is giving you, that you get a link to a file. Once you read the linked data and start modifyng the name and/or existance of that link, all bets are off as far as the user knowing what iis going on.

Re:Now I see where you went wrong

[goombah99]

Most applications with a persistent (across sessions) undo behave like this because they can do all their unsaved changes in a temporary file then simply rename it when you do a save. Additionally many applications with a regular undo also behave this way. Some do not. bbedit being one example of one that does not. But most do.

So the point is, that on tiger, when you hard link an document then edit it, the hardlink gets split to two files. That's the behavior. As I said, its a property of a tiger app not the hardlink per se, but this is irrelevant to the greater point.

The greater issue is how does Time Machine know what to delete when the users asks it to delete all version of an file? Well the seemingly obvious logic would be to somehow track which file begat which file. But this logic seems to break down when considers copies, moves and hardlinks. Even if you invent a new rule to handle copies and moves, it would seem to break down at hardlinks. That was what the original post with the subject "hardlinks" was trying to describe.

Re:WTF???

[iamacat]

Care to send a screenshot with a clear, prominent warning of privacy implications inherent in enabling Time Machine?

Re:It's to bad that 10.5 is not comeing out for al

Pay for software? Are you mad?

The real point is that hard links are links

[SuperKendall]

So the point is, that on tiger, when you hard link an document then edit it, the hardlink gets split to two files.

Since it doesn't happen with all applications, that's not the point at all. That's simply wrong, or at least application dependent. And again it has nothing to do with hard links and how they work.

The greater issue is how does Time Machine know what to delete when the users asks it to delete all version of an file?

Since I know how hard links work, there's no question at all. TM removes the file with that name as far back as it finds it. In later versions if it's really duplicated contents of a link destroyed by the application, then the new file is removed. If it is a hard link throughout, you simply remove that link and whatever other link remain persist (because, once more, there is only one file with a hard link).

There's no mystery to how TM works at all.

Re:The real point is that hard links are links

[goombah99]

Let me give you an example.

File X which lives in path P goes through 8 revsions over time. x1,x2,x3....x7,x8, which time machine dutifully stores. Note that these revsions are new inodes so the only relationship between these is the filename is the same "X", and the path is the same "P".

At some point x8 is gets moved to path Q so it becomes Q/x8.

Next three hardlinks are made. Q/x8, R/X8, and one back in P/x8. And I also make a revision to R/x8 to make it R/x9, so it does not share an inode with Q/x8 or P/x8

If I tell it to delete all backed up versions of R/x9, what happens to x1..x8 in time machine? If it deletes those then Q/x8 and P/x8 have lost there entire backup history. If it chooses not to delete those then Unless I was aware that Q/x8 and P/x8 existed I'd be very puzzled. If it tries to warn me there are hardlinks then basically it becomes useless if there are any significant number of hardlinks. If you make a rule up, do I get the same behavior if I delete Q/x8 or P/x8?

So I'm curious about how it handles this. It's not an idle question for me since I actually have more hardlinks than actual files. (I use these as my own time machine for snapshoting).

Hard links simpler than you are thinking here.

[SuperKendall]

On this one, what I expect to happen is TM to copy the individual links as new files, which would break the link but also preserve backup status. I agree it would be a bit of a bummer not to have it handle hard links by re-creating them, it's just kind of what I expect from a first version. I may be surprised though.

But, even if TM does understand and honor hard links, removing R/x9 and all previous revisions (basically just R/x8 as well) has no impact on any of the other file links you have in P or Q, old or new. Remember that removing one link of a multipy hard-linked file does not remove the file.

There is some question over TM re-creating hard links or not, but I think you're overthinking the trickiness of what happens with hard links and different revisions. As links move they stay links. When links get removed files remain until the link count goes to zero.