A Closer Look At Apple Leopard Security
Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."
....|=1R$7 P0$7!!!!!11111111111 Lameness filter encountered. Post aborted!? Fuck you slashdot.
Time machine is a security hole from hell. Just suppose you record some pr0n of yourself using the built in iSight, then think better of it and delete the files. Now anyone can casually sit at your desktop and retrieve all the compromising files.
I can not believe that in this day and age none of thousands of Apple's engineers thought to implement one way public key encryption of the backups, with decrypted private key not available until user needs to restore and enters a correct password. Haven't they seen any movies on security issues of time travel?
It's to bad that 10.5 is not coming out for all x86 hardware and apple should at lest have a mid-rage head less desktop with DESKTOP parts.
Microsoft has a ridiculous history of Embrace-Extend-Extinguish. Apple locks their software to particular hardware, and locks up their hardware (e.g. the iPhone) and bricks it if an end-user tries to modify it.
So while Microsoft and Apple have a ton of really REALLY smart engineers working for them, if I were to work with them on security I would be afraid that:
Now don't get me wrong -- Microsoft and Apple are just doing what they were designed to do: be companies in a free-market society, making as much profit as possible. But you have to understand that before sitting down with them to work on anything, be it security, interoperability, or even environmental responsibility.
So yes, everyone can benefit from increased security, but if Microsoft's products are less secure than Apple's, then Apple can use that as a selling point and make more money...
coding is life
If you look at Apple's description of the time machine functionality, it's not possible for it to work the way they claim. Suppose my backup drive has a capacity of 80 Gb, and so does my primary drive. I record 79 Gb of data onto my primary disk. I run out of space, delete all of that video, and then record 79 more Gb of video, filling the disk again. Then let's say I go through the cycle for a third time. They're claiming that I can then go back in time and get back my first or second video. No way. I don't have enough total disk space to store all three videos. So realistically, there are implementation limits, which they conveniently don't mention. Their description makes it sound as if everything Just Works, and will never fail to let you recover old files. In reality, it will Just Do Its Defaults, which may or may not be what you would have liked. Does it default to deleting the oldest files first? If so, then that's probably not what you would have liked in many cases, because you probably care more about preserving the 500 kb manuscript of your novel than about preserving the 70 Gb video of your kids' soccer games. Maybe it has some heuristics, so it tends to delete bigger files first, or files of a certain type first. Well, maybe that's what you wanted, but maybe it's not. Or maybe it asks you to make the decision whenever the backup drive fills up. Well, maybe that's what you want and maybe it's not, but it wouldn't be the same thing as the zero-work solution that Apple claims in their description.
In reality, I think you can have some, but not all, of the following:
Personally, what works for me is the unison file synchronizer (I use it on Linux, but it's cross-platform), plus monthly backups on CD or DVD. Using the network file synchronization takes care of two things: (1) I have an off-site backup that's always fairly up to date; (2) it makes it easy to undo mistakes like "oh no, I didn't want to delete that file." The CD backups let me (3) go back in time and get very old versions of files. I'm not saying that my solution is right for everyone. No solution is right for everyone. However, my OSS solution works much better for me than Apple's expensive, proprietary system would work for me.
Find free books.