Slashdot Mirror
Apple Crippled Its DTrace Port
Linnen writes in to note that one of developers of Sun's open source system tracing tool, DTrace, has discovered that Apple crippled its port of the tool so that software like iTunes could not be traced. From Adam Leventhal's blog: "I let it run for a while, made iTunes do some work, and the result when I stopped the script? Nothing. The expensive DTrace invocation clearly caused iTunes to do a lot more work, but DTrace was giving me no output. Which started me thinking... did they? Surely not. They wouldn't disable DTrace for certain applications. But that's exactly what Apple's done with their DTrace implementation. The notion of true systemic tracing was a bit too egalitarian for their classist sensibilities..."
As quickly as the issue is reported, a hack comes out to resolve it. Gotta love how quickly the community can respond to these things.
Could this to help prevent circumvention of DRM?
Apple is as much the DRM laden threat to open computing as Microsoft is. We may have circumvented this issue this time, but what about the time after that? and after that? Its a cat and mouse game Apple is going to play.
This will be a big help for me in my quest for a legion of Mac zombies
I don't care if it's 90,000 hectares. That lake was not my doing.
Of course if it was MS you would have you pitchfork and torch ready. I forget Jobs can do no wrong.
~
From the DTrace source (in an #IFDEF APPLE):
/*
* If the thread on which this probe has fired belongs to a process marked P_LNOATTACH
* then this enabling is not permitted to observe it. Move along, nothing to see here.
*/
Luckily no malicious programmer will mark their malware's process with this flag!
You of all people should know that you give up your freedom to use your software and hardware as you wish when you use proprietary software. Apple's continuous attempt to stop people from changing software on their home computers is a good example of how they feel about freedom. They only side with freedom when it is immediately beneficial.
Is "egalitarian" the Slashdot word of the day today?
Fuck me, it's like a Student Union bar in here. What next, comrades, do we storm the Winter Palace or just go and sell some copies of Socialist Worker?
If you haven't made a developer cry, you've wasted a day.
Are you kidding?
This is Slashdot where "paper or plastic" is an epic struggle directly and immediately affecting the fates of billions!
BILLIONS, I tell you! BILLIONS!
The article says, "To say that Apple has crippled DTrace on Mac OS X would be a bit alarmist..." So what is the Slashdot headline? "Apple Crippled Its DTrace Port"
Nice...
Basically profile and tick are useless since they will not fire if a thread with PT_DENY_ATTACH is on proc. Perfectly good DTrace scripts simply will not work correctly on OS X.
The struggle against corporations may be an important part of the defense of humanity, but some would argue that seemingly innocuous things are often just small, innocuous things, and that to go ape shit about them and blow them out of proportion is characteristic of small minds and spirits.
Some would also argue that getting hung up on the small things and seeing battles to be won therein is a good way to ensure that people never take on any large and not so seemingly innocuous issues, that they self indulgently imagine themselves to be revolutionaries fighting the good fight and propagating righteous and enlightened rhetoric.
And even if these people are totally wrong, it still doesn't excuse the ideologically loaded "classist sensibilities" bullshit. But I'm sure the original poser, err poster, feels good about his awesomeness.
(Note: IANA DTrace user or developer.)
The real effects seem to be that while a process which sets this flag has control of the system, any DTrace events that fire off during this time will not be detected, as if they never occurred, regardless of whether what is being traced has anything to do with that process. It seems to break a few important(?) idioms used by DTrace users, so that the results returned are not what they should be.
The furor seems to be that this subtle breakage has gone undocumented; and although only iTunes currently uses it, that does not stop other software (including software that should not be there) from using it. That a DTrace developer discovered this, combined with that this is in all likelihood being done for no reason other than that of DRM, is what makes this notable. If I were working on DTrace, I'd probably be pissed too.
Together with careful use of the Evil Bit by malicious coders, we will have complete security in Apple system software.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
The /. summary and most of the /. posters seem to be missing the point of the article. (To be fair, the author wasn't too clear himself. He's done some clarification in the comments section of his article.)
Sure, it's annoying that DTrace can't "see" iTunes. But that's more of a DRM issue. Whether you agree with DRM and Apple's implementation of it or not, this DTrace feature is merely a logical extension of that issue.
The real problem though is that this feature actually does break iTunes. If DTrace probes while the iTunes application happens to be the application currently running on the CPU, the DTrace probe won't run. (It's technically a thread of iTunes' at that moment.) So not only will DTrace not show iTunes, it won't show ANY information until it happens to fire off when iTunes isn't the app running on the CPU.
It is fair to say that Apple has made a change to DTrace that has introduced a bug that they need to fix. It is possible for them to fix that bug while continuing to block using DTrace on iTunes.
It's nice that Dtrace works again. But I'm betting a lot more people use After Effects or Premiere. The QT 7.4 update which enables movie rentals from iTunes breaks any render that takes longer than 10 minutes. Thank god DRM is here to protect me from the work I need to do. Wasn't apple supposed to me the machine for media professionals?
http://blogs.adobe.com/keyframes/2008/01/dont_update_to_quicktime_74.html
I just don't see what the big deal with all of this is. Smart people don't touch ITunes, because it's just going to help feed the beast. People seem to have forgotten how Jobs ran Apple the last time he was in charge. He's merely a lot more charismatic than Gates. But they are both equally self-serving.
Thankfully there are options which involve neither company.
Completely disagree.
"Apple's just being a company" = "Class struggle"
The fact that there are two classes of legally recognized entities, with competing rights allocated to each, is sort of the definition of a class struggle.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Yes, it's annoying - every time we examine the system we are now looking at everything except for iTunes (and possibly Spy-WaR3 ;-). But this issue is about more than just that.
I've introduced DTrace to many companies. While most people love it, some developers of closed source software are concerned about people DTracing their code. DTrace allows customers to gather proof of bugs that are embarrassing, hard to fix, or that the developers have deny existed. I've been asked many times if DTrace can be disabled for an application, usually to avoid negative publicity from the bugs that DTrace will expose. The answer has always been no. It's been great to see developers accept this reality and escelate bug fixing.
This is expected - DTrace visibility should improve overall code quality in IT. Hopefully it will also encourage employers to hire better programmers - since if customers don't use DTrace to point out embarassing bugs, then competitors may. It also erodes reasons to stay closed source - customers can use DTrace to see the code anyway.
Giving developers another option, to disable DTrace visibility, is allowing a backwards step from the future.
It's a real shame that you can't trace iTunes. I was all set to reverse engineer it and use the code to make my own total fucking abortion of a media player. Now I'll have to settle for grafting a horrible GUI onto Mplayer, removing most of the supported formats and making it sleep without releasing the CPU 90% of the time. If I can work out some way to reliably fuck up the contents of the user's iPod, then I doubt anyone will notice the difference.
It will be tricky to make the Windows port twice as horrible though. Maybe I can get it to punch the user in the face every ten minutes?
For now, yes... But apple has been in the process of creating cryptographically secure signing and verification of system applications. The next step for them will be to have system tools like this be executed ONLY if they are the unmodified, signed applications that apple originally released.
When that happens, it wouldn't matter if you recompile dtrace - your modified version would just not run.
for info on the current code signing specification from apple (which is pretty much benign for now), see:
--jeffk++
ipv6 is my vpn
Friend, a corporation is a miniature society. It's an organization of people that divides labor for the purpose of maximizing the welfare of all, subject to an agreed-upon heirarchical distribution scheme. (That is, the wealth it creates is not usually distributed equally.) Society is merely the largest possible corporation, in which we are all, whether we like it nor not, employed.
What you are saying is that the smaller organization we may voluntarily join (e.g. the corporations that employ us) should be policed by and subject to the larger organizations that we are a member of whether we like it or not (e.g. the country in which we are born).
Yeah, well, not by me. I prefer to choose with whom I associate, and to whom I listen. I most definitely do not like the idea of the largest possible organization of which I'm a member, like it or not, enforcing the ultimate rules of my life. I'm much happier if the rules are defined by a smaller organization that I voluntarily join, and which I can voluntarily leave if I don't like the rules.
In a free society, where the largest powerful organizations are much smaller than the entire country, I can find the corner of it that plays by the rules I like. I have choices. I can be mostly who I want to be. In your "social" society, I have no more choices. I have to be what the majority thinks I should be, act accordingly to their morality and expectations.
No thanks! I know my average fellow man too well to think it would be fun to allow him to dictate the terms of my life.
Then, they came for gettytab, but I did not speak out, because I was happy with Apple's default terminal configuration.
Then, they came for snort, but I was not worried about intrusion detection so I did not speak up.
Next, they came for mkdep, but I did not speak out, because the maid does all my compiling.
Sadly, when it came time for them to use killall, there was nobody left to speak up for me!
We never ever criticize our heroes ever.
The difference you seem to be missing here is that Steve Jobs only occasionally does a boneheaded thing like this against his fan base. Bill Gates only occasionally doesn't.
Weaselmancer
rediculous.
Apple boxes don't use the same kind of BIOS as a non-Apple box. If you somehow got a retail OS-X DVD to install on your Compaq, it wouldn't boot.
Now, it's not too hard to get around this (install Darwin), but there actually is something "technical that prevents it from running on any modern PC".
I call BULLSHIT.
If they're selectively telling this app NOT to log "certain types of traffic", and give no notification of such, or allow the functionality to be restored, then it's CRIPPLED.
I'm so sick of apologists telling me that stuff that's broken is broken for a good reason and that I should be glad someone deigned to allow me to hack it back to some semblance of functionality without getting sued into oblivion!
Chas - The one, the only.
THANK GOD!!!
Actually, Leopard's DTrace is broken, and that was the point of the blog post. Here's the issue: DTrace programs that would normally work and collect valid data will fail if a process is running with Apple's trace-me-not bit set. Forget tracing iTunes or other applications that don't want to be traced. It's that probes that should fire don't as an unintended side-effect of Apple's hack to obscure certain applications.
A much smarter approach would have been for Apple to deny visibility into such a process, but still allow a user to monitor system-level events (e.g. timers and system calls). This would have allowed for the (questionably motivated, and highly circumventable) protection while not damaging DTrace and correctly phrased queries.
Maybe everyone knows what dtrace is. I didn't. Then I watched this: link and now I do.
http://ed.markovich.googlepages.com
"As I understand it, a DTrace user has experimented with the program, determined it to be specifically crippled, and given an educated guess about why it is crippled in that way"
No, the frickin' **author** of DTrace has found the specific code used by Apple to cripple it.
Sure I read the post, I just don't agree with the conclusions.
DTrace works on processes it's supposed to, and doesn't work on those it's not. I'm happy to agree the implementation of the latter is buggy, but I don't think it's the end of the world or a conspiracy theory. Maybe later the providers can be adapted to more intelligently deal with these closed-off processes to give more consistent results.
Apple decided to put in some measures to keep some software locked-down. The correctness of doing so isn't a technical issue, that's a philosophical one.
DTrace is a wonderful tool: one that's saved me *months* off my PhD work, and I love it. And you have my deepest respect for it. But, I don't take dtrace as a philosophy -- I gave up on software religion a long time ago. Everyone's got their own requirements (e.g. locking down iTunes to keep FairPlay from being cracked -- to keep record producers from leaving iTunes) and they've gotta get them done however they can. Call it mercenary ethics if you want, but we don't all work at Sun with CEOs who get it.
Care about electronic freedom? Consider donating to the EFF!
You've (like many) completely misunderstood the point of Apple's code signing efforts. It's not to stop unauthorized code from running--Apple is not Microsoft, no matter how you cut it; they don't even have activation, nor any protections on their software besides serial numbers. The real point of code signing is so that when you have a piece of software that claims to be from Company X, you can be sure it's actually from Company X. It's a tool to reduce malware pretending to be legitimate software, not a means for Apple to lock down your computer.
In the beginning the universe was created. This made a lot of people very angry and is widely considered as a bad move.
Back in 2000, if you installed MacsBug on a Mac you couldn't play DVDs. When you opened the DVD Player you got an error message telling you a debugger was installed. In these pre-memory protection days, MacsBug was the only debugger low-level enough to catch a whole mess of problems. Unfortunately, MacsBug was loaded when the system booted, so the only way to play a DVD was to remove MacsBug and restart your machine.
Long time Mac developer ally Bare Bones Software (they have a great text editor) created a patch that "fixed" this limitation. AFAIK, Apple never said anything about their patch and just quietly let it exist. http://www.macobserver.com/news/00/april/000418/dvdplayerhelper.shtml
This whole message mess came about because Macrovision didn't want people disabling their protection on video-output (there were Macs you could literally plug into VCRs then), and I suspect it was also to guard the CSS "encryption."
When Blu-ray movies finally show up in Macs, this kind of thing is probably going to get a lot worse than patches to D-Trace.