Mac App Store Apps Already Hacked

Stoobalou writes "The Mac App Store has only been open for 24 hours but methods for circumventing Apple's DRM are already hitting the Web."

Sweet

[KiwiCanuck]

it's about time hackers switched to apple. Leave use PC guys alone.

Re:Sweet

Not PC guys, windows users. Linux and BSD users are quite happy with their PCs.

Re:Sweet

Euhm piracy also exists on the mac platform (even on IOS) so this kind of play isn't new.

Re:Sweet

[betterunixthanunix]

...because Apple doesn't make personal computers? Or did you mean, "us Windows users?"

Re:Sweet

[beelsebob]

Don't worry, the article just has an inflamatory headline. It's not not apple's security that's been broken, it's the security of apps that haven't followed apple's documented method of verifying that they're installed in a valid way.

Re:Sweet

[Goaway]

Providing a service to sell applications and games in a convenient way?

Re:Sweet

Exactly, Apple does not make 'personal' computers. The machines are actually owned by Steve Jobs for all eternity, along with your soul if you ever decide to buy one. :P

Re:Sweet

[C0vardeAn0nim0]

we dont have "linux PCs", you insentive clod. we have a linux BOXES.

Re:Sweet

[MightyYar]

...because Apple doesn't make personal computers?

Blame Apple marketing... "I'm a PC"

Re:Sweet

[Shikaku]

AHEM.

We call them Linux boxen because that's what it's akin to hurding!

Re:Sweet

I thought we called them boxen to prevent the spread of virii

Re:Sweet

[Dexy]

Inflammatory headlines? In my /. ?

It's more likely than you think.

Re:Sweet

[The+MAZZTer]

So it's like early third-party Steam apps that didn't integrate with the Steam DRM so you could copy the game folder right out of the SteamApps\common dir and it would still work.

Re:Sweet

[emaname]

Think about giving credit for the quote you use in your sig to the ever-famous Alfred E. Neuman of MAD Magazine fame. MAD had been my go-to source for commentary re politics and culture (go figure) for quite a while.

He's also been known to be a write-in candidate for various political offices.

Re:Sweet

[N0Man74]

Pfft, you use Personal Computers?

I prefer impersonal computers. My computer won't allow me to even use my name as a logon. I have to use user names like "Guy" or "Bloke", and themes are disabled.

Re:Sweet

I know I'm off topic, but hearing technical proficient people referring to non apple hardware as pcs worries me.

Re:Sweet

[BrokenHalo]

Then what the fuck apple is doing?

Apple is apparently trying to flog the same sort of crapware that telcos tend to load up on our phones. I have a (free second-hand) MacBook that I inherited from my wife when she upgraded her machine. Since I'm an ancient Unix hacker, I can coexist perfectly well with the hardware, but really hate Apple's business model. So, with the exception of the software that comes out of the box, I run OSS apps pretty much exclusively.

The briefest glance at the "App Store" offerings was enough to convince me that there was nothing to see there, so I quickly removed that launcher from my dock.

I have allowed Apple into my life because their computers (emphasis on that last word: iPads don't count) are essentially *nix boxes with a proprietary GUI. I am (more or less) willing to overlook the latter for the convenience of the former, but my complaisance is wearing thin with every petty, nasty-minded attack on personal liberty that Apple perpetrates. Come the time when I have to (actually pay money to) replace this laptop, my wallet will be voting in favour of another Linux box.

Re:Sweet

Tell me, is it hard to praise apple while steve's big fat cock is lodged firmly in your throat?

oh let me guess, they have an app for that.

Re:Sweet

whoooooooosh......

Re:Sweet

[E+IS+mC(Square)]

Troll, really?? So, those with modpoints think that my remark that Apple is taking control of the application and then failing to secure them in any way is a troll?

Seems macboys got few mod points today.

Re:Sweet

[KiwiCanuck]

I said what I meant. Last time I checked Apple sold computers.

Re:Sweet

Providing a service to sell applications and games in a convenient way?

Clearly you've never tried submitting to the App Store as a developer.

Re:Sweet

[Americano]

Maybe the apps aren't your thing, but a hand-waving "they're all crap" simply shows that you didn't spend even a second looking at what's available.

Among the top 30 purchased apps so far, there are plenty of games; there's also all kinds of "useless crapware" like:
#3 - iPhoto
#5 - Aperture
#8 - iMovie
#9 - Pixelmator
#10 - Pages
#12 - iHomework (students' tool for tracking homework, assignments, etc.)
#13 - Sketchbook Pro
#15 - Garage Band
#16 - Compartments (a home inventory application)
#20 - Courier (a utility for uploading photos, video, etc. to various online services & FTP sites)
#21 - Keynote
#22 - YummySoup (recipe sharing/organization)
#26 - Numbers
#30 - Rapidweaver (web site creation)

Maybe to you, a fun night at home is spent inspecting Apache logs and rewriting binutils in Haskell, who knows. But these apps are solid, professional-quality applications which certainly don't fit the description of "crapware". Will a lot of useless crap be available on the store? Sure. A lot of useless crap is available all over the internet, I see no reason why the Mac App Store should be particularly exempt. But dismissing a 2-day old service as nothing but crap based on your "briefest glance" shows that you probably didn't even take a "brief glance."

Re:Sweet

[steve_bryan]

Troll? Nah, uninformed and bombastic. If you knew what you were talking about you would know that this kerfuffle is about developers who did not bother to use the security measures provided by Apple. In the widely noted case Angry Birds just checked for a valid receipt without checking to see if it was a receipt for their app. It isn't just a matter of having an opinion, it helps to actually know something when you decide to comment.

Re:Sweet

[E+IS+mC(Square)]

And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen. If they are not doing it(as you are claiming), then the only thing I can think of is they are just controlling what kind of apps go in there - and hence enforcing their moral judgement onto their users - similar to what they have done so many times on the iphone app store. Hence my original remarks (about keeping porn out).

Hope this gets to you.

Re:Sweet

[Desler]

Apple is responsible too to make sure this does not happen.

How so? They published specifically the manner that app developers should be handling the licensing of their apps. How is it Apple's fault if a developer disregards that for their own broken homebrewed approach? Are you claiming that Apple is supposed to handcheck these apps to make sure they are doing things right?

Re:Sweet

[E+IS+mC(Square)]

Oh.. so, if they are not doing that, they are just making sure no porn app goes in there, right? Now that we have completed the loop (go back to my original post), I think we are done for that day?

Re:Sweet

[Yaztromo]

And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen.

Wrong, if only because you've ignored the case where a developer may specifically want to permit users to copy their apps to multiple systems (that belong to them or not). If you're releasing a free app, why on earth would you care whether or not the receipt is valid? Wouldn't you want as many people to be able to easily share and run it as possible, thus making checking the registration status moot?

If anything, Apple is doing the opposite of what you're accusing them of. They appear to be taking a hands-off approach to DRM here: if you want it, they've provided a mechanism for it. But if you don't want it, they don't enforce it, and if you do it wrong (as in the Angry Birds case), well, that's the developers fault, and not Apple's. Rovio should have done better QA on this aspect of their app if it was something they were worried about.

Yaz.

Re:Sweet

[CheerfulMacFanboy]

Among the top 30 purchased apps so far, there are plenty of games; there's also all kinds of "useless crapware" like:

Ahh, but non of these programs are available for ancient Unix, so they must be crap.

Re:Sweet

[CheerfulMacFanboy]

And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen.

Exactly! How else can we claim that Apple is forcing developers to use their evil DRM!

Re:Sweet

[steve_bryan]

Two items for for the slower learners. First, developers are not required to use Apple's DRM. Apple tests for buggy software, use of private API's, etc. Second, the webkit browser gives you access to all the porn you could desire. Sorry if your favorite site is flash based, but that would be an issue of efficiency rather than morality.

Re:Sweet

[Goaway]

And neither have you.

Re:Sweet

[E+IS+mC(Square)]

>> Sorry if your favorite site is flash based, but that would be an issue of efficiency

Then probably Apple needs to figure it out with Adobe, because for 90% of the world, it's not a problem at all.

Re:Sweet

[CheerfulMacFanboy]

>> Sorry if your favorite site is flash based, but that would be an issue of efficiency

Then probably Apple needs to figure it out with Adobe, because for 90% of the world, it's not a problem at all.

They told them they would considere it if they delivered something usable. 5 years on Apple is still waiting for Adobe. Want to blame them for not being more threatening?

Re:Sweet

something usable? That something is usable on 99% of devices for long time. If it does not work well on apple product, then it sucks to be apple consumer.

Re:Sweet

[BrokenHalo]

But dismissing a 2-day old service as nothing but crap based on your "briefest glance" shows that you probably didn't even take a "brief glance."

As it happens, you're completely wrong. I did indeed take more than a cursory glance, and as your list indicates, most of the pages that come up are exactly the sort of redundant stuff you mention.

Garage Band, iPhoto and Aperture, for instance, are available on Apple's install DVDs. Are they really hoping that some mug will pay to download them again? (Who knows, maybe they're right.) Apart from those, I believe all of the other apps you mention are well catered for by quality F/OSS alternative offerings, easily found by Google.

If you insist on characterising my reaction (however inaccurately) as a "hand-wave", I draw your attention to Apple's installation of their App store launcher into my dock without so much as a by-your-leave. Given that they had already drawn my attention to its existence in the release notes, I regard this as otiose and intrusive.

Re:Sweet

Would that be why it is only recently available on Android devices in beta form? It's been available on Mac's for years. The whole argument is stupid.

slightly better article

Hate to link to the reg but their article is actually a bit more detailed:
http://www.theregister.co.uk/2011/01/07/app_store_receipt_fail/
Note that this only works if developers ignored Apple's recommendations on validating receipts.

Re:slightly better article

[drosboro]

Exactly. Partly, I'm sure, that's because Apple's recommendations involve writing decidely non-Cocoa-ish code that's a little hard to understand if you've never done any crypto before, and they don't (for obvious reasons of security) provide sample "here it's all done for you, just copy and paste" code but describe the process and tell you to do it yourself in your own unique way. My guess, having looked at the quality of some of the apps on there, that a bunch of these apps were either a) written in a hurry to get submitted before the deadline or b) written by someone who simply couldn't implement Apple's guidelines due to their own capabilities (or lack thereof).

On the flip side, they probably wouldn't have written any better DRM if they were distributing it through any other channel, anyways.

Re:slightly better article

[drinkypoo]

Partly, I'm sure, that's because Apple's recommendations involve writing decidely non-Cocoa-ish code that's a little hard to understand if you've never done any crypto before, and they don't (for obvious reasons of security) provide sample "here it's all done for you, just copy and paste" code

You mean, the obvious reason that they believe that obscurity adds significantly to security in spite of the massive evidence to the contrary?

Re:slightly better article

[am+2k]

You mean, the obvious reason that they believe that obscurity adds significantly to security in spite of the massive evidence to the contrary?

Since it's a form of DRM, doing it "right" doesn't work, since there is no right way.

btw, I'm someone who actually has implemented the recommended way of verifying those receipts. It took only four days and probably chopped off a few years until my first heart attack, so I can't really blame the devs who chose to skip the work.

They DARE defy Father Steve?!?!?

[elrous0]

Surely they're aware that they're jeopardizing their souls (and certainly their lives) by such a blatant act of Apple rebellion??

If you build it...

the hackerz will come!

This Is Completely Misleading

[pyite]

The Mac App Store wasn't hacked. Developers aren't properly checking licenses when the app is run, so of course using any arbitrary license file will work. Complete FUD.

Re:This Is Completely Misleading

[Stoobalou]

It doesn't say 'Mac App Store Hacked'... it says 'Mac App Store *APPS* Hacked', which is quite clear in my book.

Re:This Is Completely Misleading

[getNewNickName]

But it implies that all apps can be hacked, which is clearly misleading. Saying "Some Mac App Store Apps Already Hacked" would be more accurate, but much less sensational.

Re:This Is Completely Misleading

[pyite]

It doesn't say 'Mac App Store Hacked'... it says 'Mac App Store *APPS* Hacked', which is quite clear in my book.

They're not even hacked! Since when does not implementing something count as being hacked?

Re:This Is Completely Misleading

[stewbacca]

But the summary says Apple's DRM has been circumvented.

DRM isn't mentioned in the article, and it is clear from reading TFA that this has nothing to do with Apple's DRM scheme (that is not mentioned in the article), but a way to trick the Rovio app.

Complete waste-of-time non-issue FUD.

Re:This Is Completely Misleading

[smart_ass]

To be fair .... the headline isn't "All Mac App Store Apps Already Hacked"

You were the one who assumed a totality. Which rarely exists [ notice I didn't say never ;-) ]

Re:This Is Completely Misleading

[Tarlus]

The terms "hacking" and "hacker" have been carelessly misused for a very long time. When something as blatantly simple as manipulating a file in a package is considered to be an act of hacking, it makes me twitch, too. Kind of like the way that all the script kiddies in the world are referred to and feared as "hackers."

Re:This Is Completely Misleading

[Glendale2x]

They must have forgotten that a real Mac is a general purpose computer and not a walled garden like the iThings are.

Re:This Is Completely Misleading

[KyleJacobson]

But it implies that all apps can be hacked, which is clearly misleading. Saying "Some Mac App Store Apps Already Hacked" would be more accurate, but much less sensational.

The way you are reading it, it should say "All Mac App Store Apps Already Hacked" but they never said all. The way it is written only implies that Mac apps in the store have been hacked, which is correct.

Re:This Is Completely Misleading

[insertwackynamehere]

This reminds of a few days ago I saw on Sourceforge that stupid DDOS script kiddy program made for and by channers and half the comments were about 0wnz1ng people and the other half were people saying "it has a virus!" because mommys computer's Norton install started to freak out when it checked the signature of a known hacker utility

Re:This Is Completely Misleading

How to cook forty humans

Re:This Is Completely Misleading

[ChunderDownunder]

Not for long. The iOS app store is a runaway success and has now been adapted for the desktop.

It would surprise me Apple staff were not beavering away to retrofit most of the OS X APIs to their iOS counterparts, supplementing the new platform where necessary. Any obscure 'legacy' NeXTSTEP/OSX API will become deprecated. One API, one platform for iPod, iPhone, iPad, iMac.

Want to run apps outside the walled garden? Install iOS Professional through their developer program or volume license iOS Enterprise.

Details on how app devs can update their binaries

[seanalltogether]

Developers need to change their validation routine to better check that the receipt really belongs to them. http://www.craftymind.com/2011/01/06/mac-app-store-hacked-how-developers-can-better-protect-themselves/

Fix for mac developers

[Rikiji7]

This article is more suited to the slashdot crowd: http://www.craftymind.com/2011/01/06/mac-app-store-hacked-how-developers-can-better-protect-themselves/

Re:Fix for mac developers

[hsmith]

No it isn't. 90% of /. thinks all software should be free and piracy is awesome - but they themselves get paid outstanding salaries.

Re:Fix for mac developers

[bazmail]

90%? Outstanding salaries? All slashdotters are hypocritical developers? Where did you get this information?

Re:Fix for mac developers

No it isn't. 90% of /. thinks all software should be free and piracy is awesome - but they themselves get paid outstanding salaries.

Given the crushing ignorance of how computers work displayed by most Slashdot comments, I very much doubt most of the comment authors have jobs.

Re:Fix for mac developers

I'm unemployed you insensitive clod!

Have been for a few months now, and likely to be for several more.

Re:Fix for mac developers

[BrokenHalo]

For the record, as a long-term Slashdot reader, my income for the last 3 years has been $0.00. And I'm not even dodging tax: I have to earn something to do that. I'm living off debt.

BSD? PC?

[mschaffer]

Well, The Mac is just an expensive PCs and OS X is based on BSD. So, what's your point?

Chill

And just by using Macs, they are daring to defy both Overlord Bill and Master Linus.

Don't be so conceited: computer users all bow to someone. It is only a matter of changing the names and the nuances of the bow.

(Our answer to the great question is the right one! Praise Science!)

Re:Chill

[Yvan256]

It may be the right one, but I still don't understand how "42" is supposed to help me.

Re:Chill

[Lundse]

And just by using Macs, they are daring to defy both Overlord Bill and Master Linus.

Don't be so conceited: computer users all bow to someone.

I have a hard time identifying who I am bowing to, when I use Free Software... Not Linus, nor Stallman, is telling me what to do with my machine.

But you are right that we cannot blame Apple for non-documented usage that leads to problems. Unless of course there is a good reason ('refusing to bow' if you will) for non-compliance (I have no clue whether this is the case, but I could think of some possible ones) - in that case, they are suffering problems for which Apple is to blame. Any comparable harm on a Free Software system is from negligence, not malice (either you did not follow documentation out of negligence, or the documentation was somehow suboptimal).

Re:Chill

It may be the right one, but I still don't understand how "42" is supposed to help me.

Easy. What do you get when you multiply six by nine?

Re:Chill

[Yvan256]

I always thought something was fundamentally wrong with the universe.

Re:Chill

It may be the right one, but I still don't understand how "42" is supposed to help me.

Easy. What do you get when you multiply six by nine?

54?

Re:Chill

[lavacano201014]

Don't be so conceited: computer users all bow to someone. It is only a matter of changing the names and the nuances of the bow.

The bow (before it became associated with totalitarian/monarchial government) is shown as a sign of respect. And I only bow in that context - if someone does something I respect, I bow. In that vein, if someone makes a program (or even an OS) I like, I bow.

So stop trying to change the definition to "On one's knees, moving their torso towards the ground and back with hands straight up repeatedly."

Re:Chill

[Steve+Max]

Funny, I got an AC who doesn't know where his towel is.

Re:Chill

[Toe,+The]

Apparently everyone missed the boat. The op is a South Park reference.
http://en.wikipedia.org/wiki/Go_God_Go

horrible title

[I8TheWorm]

Did the poster read the article? Angry Birds can be copied freely by switching out a file used for Twitter because Angry Birds didn't use Apple's recommended security.

I love to take jabs at Apple and the Cult of Steve, but this is a completely inappropriately titled article.

Re:horrible title

[nomadic]

"Did the poster read the article? Angry Birds can be copied freely by switching out a file used for Twitter because Angry Birds didn't use Apple's recommended security." Angry Birds is an app. It was hacked. What's inappropriate about the title?

Re:horrible title

[jo_ham]

If that is what's passing for hacking these days, oh how far we have fallen.

More accurate, but less sensational, would be "developers ignore security suggestion from Apple and are bitten by weak receipt checking". It's less catchy too, as a title.

Re:horrible title

[jedidiah]

It's entirely possible that the revelant developers simply don't care that much.

DRM is an end user annoyance that ultimately doesn't stop piracy. Perhaps someone decided it would be good to be less annoying.

Or perhaps they just aren't that fixated.

Re:horrible title

Why should the developer have to worry about receipt checking? Isn't that generally the stores problem to worry about? Why should a developer selling an application through a store worry about the receipt at all? What other store works this way?

Re:horrible title

[larry+bagina]

The Mac App Store provides recipts/DRM, but there is no automatic checking. The developer needs to add a couple lines of code to check that 1. the receipt exists and 2. it's my receipt. Both steps are optional (yes, you can distribute DRM-free apps) so if they didn't care, they wouldn't do either. They did step 1 which looks a lot more like a bug or misreading of the DRM validation guidelines.

Re:horrible title

[jo_ham]

Quite possibly - Rovio are already probably annoyed from all the paper cuts on their tongues from using forks made of money, so losing a little revenue to people copying the desktop version of Angry Birds is unlikely to worry them unduly. They're probably more focused with fixing the crash bug. The app is crashing on launch for a non-trivial number of users, resulting in a flurry of 1 star posts in their review section. Their priority will be to fix that.

In general serial numbers and licences on the Mac platform have always been pretty token - the OS X install CD itself simply has a text file that says "don't copy me" and has no serial numbers or online activation or anything, so you can install it on any number of Macs with no issue (other than your own ethics over purchasing licences).

I have no doubt the licence system is not all that draconian - much as Fairplay wasn't (and had a big gaping designed-in-from-the-start hole). The goal being "make it convenient and reasonable enough in cost and people will buy" rather than forcing to end run around you (like Windows Genuine Advantage, or Ubisoft's brainless game 'protection', or SecuROM etc)

Re:horrible title

[jo_ham]

Steam works this way too. Any store with a centralised system that handles the user accounts and requires third parties to access them if they want to have a serial number. The store happens to work that way, and selling an app through it doesn't necessarily require a licence check (eg, free apps) but if you want to sell your app, the method for linking a licence key to an iTunes account is documented.

Re:horrible title

I was at my friend's house the other day, and I noticed that he left his Facebook account sitting wide open, so I posted a fake status update! Hacked!

I'll be presenting the details at Black Hat this year.

The scary part is, that right there is exactly how the vast majority of people get hacked: simply not using the security that's already there and working properly.

Case in point. Five or six years ago, I discovered that one of my "computer savvy" users (in quotes for a reason) was using the password "Password1". Note that this actually meets the default complex password requirements in Windows. It's more than eight characters, and it has both uppercase and lowercase letters as well as numbers.

Re:horrible title

[delinear]

Since when was taking advantage of gaping exploits in software not hacking, regardless of how sloppy the programmers were? Now if it had suggested the App Store was hacked I'd be with you, but saying that merely the app was hacked is entirely accurate, and if people jump from one conclusion to the other that's their misreading of the situation.

Re:horrible title

[I8TheWorm]

Read the title again...

"Mac App Store Apps Already Hacked"

So far, only one has. But the title suggests many, and as if it were a Mac App Store problem.

Re:horrible title

[jo_ham]

I think it's a trivially accessed exploit rather than actual hacking. I'm not trying to downplay the error, just accurately categorise it.

I'm sure it's the first thing that the actual hacker tried - what happens when you drop a certificate from a free app into a paid one and try to hit the server for a licence key.

Everyone else doing it is hardly hacking though.

It would be hacking if they reverse engineered the certificate algorithm and made a certificate generator, but that's not what they did - they just took advantage of a sloppy check by the Angry Birds app.

I think it's more like realising that a pound coin on a string can make the pool table work, and is recoverable rather than tricking the mechanism with a more elaborate scheme that involves taking it apart.

Re:horrible title

[delinear]

Indeed, in the origins of the popularity of the term hacking (cracking as it was originally) in sources such as Neuromancer, there was often some aspect of gaining physical access/entrance to a computer system in order to make changes that would give you some kind of control (naturally so, since the idea of a global network of computers back then was alien to a lot of people). A cracker in the original meaning could equally be someone who uses a remote exploit to take control of a system in another country or a guy who breaks into the house next door to install a trojan. The original meaning of hacker was more technical and its perhaps only because the two have blended over the years that there's this concept that hacking is all about cleverly circumventing cyber security with coded solutions.

Re:horrible title

[gnasher719]

DRM is an end user annoyance that ultimately doesn't stop piracy. Perhaps someone decided it would be good to be less annoying.

Here's what Apple does: If you download app X onto Macintosh Y then it comes with an unforgeable receipt that says "app X is allowed to run on Macintosh Y". Free apps do nothing if they don't care about being copied. If you care, you check: 1. Is there a receipt. 2. Is it a valid receipt. 3. Is it a valid receipt for this Macintosh. 4. Is it a valid receipt for this application. If one of these four steps fails then the app should exit.

If an app ignores step 3. then obviously the app with the receipt can be freely copied. If an app ignores step 4. then the hack is possible: Download an app with a valid receipt, put the app you want to copy together with the receipt. That step has to be repeated for every Macintosh.

To put this into perspective, the iTunes store sells about 10 million songs or so without copy protection. So maybe we should trust users to be honest. Plus I think what the non-purchaser of the app has to do is enough (1) to make it very clear that they are doing something illegal, (2) to make sure that lots of people would never manage to do it, and (3) turn this from plain copyright infringement into a DMCA violation with much harsher penalties.

Re:horrible title

[99BottlesOfBeerInMyF]

Since when was taking advantage of gaping exploits in software not hacking...

Since when is not implementing strict DRM an exploit? Quick OS X has a huge exploit and doesn't check for a valid serial number! Quick OpenOffice has a huge exploit, you can copy it without paying anyone!

The level of DRM a developer wants to implement is up to them. If they decide not to check or to check only for any valid account, that's up to them. They might make such a decision because they want to get to market faster and don't want to code and test it or because they actually don't mind people copying as they think that will promote more sales in the long run. Calling it an "exploit" seems a bit hyperbolic.

Re:horrible title

[Toe,+The]

Did the poster read the article?

What website do you think you're on? :)

Movies

[WilyCoder]

Apps cracked and yet there is still no way to remove the DRM from iTunes Movies....

Re:Movies

[bazmail]

Only a clueless moron would buy DRM encumbered music or movies from iTunes. The fresh fruit is free, the rotten fruit is pay.

Re:Movies

[E+IS+mC(Square)]

Only clueless moron would buy ANYTHING from itunes. The fresh fruit is free (of the hardware and software), the rotten fruit is to bind yourself to one manufacturer.

Re:Movies

a) post a link to a non-DRM encumbered version of the movie I want to buy: Transformers

b) name a song currently sold through iTunes that is DRM encumbered.

Re:Movies

iTMS music is DRM-free 256k AACs -- higher quality than MP3, playable almost everywhere.

Re:Movies

Only a clueless moron would buy DRM encumbered music or movies from iTunes.

Actually, it'd take some serious effort to find DRM encumbered music on iTunes. If you can do that, I'll give you half an internets!

Re:Movies

[Gorbag]

Only clueless moron would buy ANYTHING from itunes. The fresh fruit is free (of the hardware and software), the rotten fruit is to bind yourself to one manufacturer.

Parse that for me will you? Isn't fruit (and brains for that matter) hardware? Isn't the software your mind? the notion "fresh fruit" is already bound to both hardware and software. Suggest you work on your metaphors and your case isn't helped by the ad hominim.

Re:Movies

[MightyYar]

Only clueless moron would buy ANYTHING from itunes.

Meh... the DRM-free music is not bad and quite quick, especially when not in front of your computer. The $0.99 games for my kid won't kill me, either. Really it is no different than buying a game for any other platform... And renting a movie for $0.99 is no different than checking one out on a RedBox, except that you don't have to move your large ass over to the grocery store.

Why one would PURCHASE a movie on iTunes, I cannot say.

Re:Movies

[bazmail]

MP3 320kbps is higher quality than AAC 256kbps. Just sayin. iTunes AAC also embeds your personal details into each and every track you buy, to catch you if you share (Google). Ever get tired of being slapped in the face by Apple?

Re:Movies

[BrokenHalo]

Higher quality than MP3-what? Almost anything is better than 128-kbps MP3 (which is fine for a voice-only podcast), but MP3 at the better end of the quality spectrum offers fine competition to AAC.

Who is surprised?

[mitchell_pgh]

I don't think the goal of the App Store was to provide an impervious DRM store solution. We have known for years (and many vendors will tell you) that is an unrealistic expectation. Apple simply wants a revenue stream where people can easily purchase and install licensed versions of software. As a store, they should try to disrupt all illegal sharing to the best of their ability. Don't be surprised if the 1.1 version of all the software requires a license check. I'm of the opinion that they are going to use the same "we'll annoy them to death" method they have used for the iTunes store which has proven to be a good business model. Sure, you can usually find cracked free stuff, but you must be willing to hack your system or jump through hoops to make it work normally... but it's always one update away from not working.

The older I get, the less I like to jump.

Re:Who is surprised?

[jo_ham]

They already do - and the developers who have been burned by this simply didn't follow Apple's recommendation to have more rigorous checking in place.

Re:Who is surprised?

[Headw1nd]

The older I get, the less I like to jump.

Sadly, I've found this true IRL as well.

Re:Who is surprised?

[99BottlesOfBeerInMyF]

Apple simply wants a revenue stream where people can easily purchase and install licensed versions of software.

Like iTunes and the iPhone App Store, I suspect this is about selling hardware. Taking a 30% cut of app sales while providing the hosting and the credit card processing and while taking on the burden of hosting the lion's share of all the freeware in existence is unlikely to be a significant money maker. It certainly has not been on the IPhone. Rather, this is a way to make more people think Macs are easy to use by making getting apps easier, reducing crashes, and slightly mitigating security risks. The store is about selling hardware, just like their other stores.

Deary!

[bazmail]

Hey hackers, leave steve ALONE!

Re:Deary!

Another App in the Store
(sung to The Wall, by Pink Floyd)

We don't need no
Licence checking
We don't need no
Copy control

No DRM or
App store purchase
Did you leave those Apps alone?

HEY! HACKER! Leave Steve Jobs alone!

All in all it's just another App in the Store.

(thanks, bazmail, for the inspiration)

Re:Deary!

And yes, I know that "copy control" doesn't quite fit rhythmically, but it was off the top of my head, and it matches the original lyrics.

Marketing trick

[michelcolman]

Maybe this was intentional: first loads of people who don't normally buy games, will jump on this opportunity to get a free game. Then there will be a software update and when they unwittingly click "OK", the game will update and not work anymore. "But I love playing that game, and now it does not work anymore! Where's my credit card?"

Re:Marketing trick

[delinear]

Or the fact that they're working on Angry Birds 2 (someone behind the game was on the radio talking about it recently), the world and his dog who were interested in Angry Birds 1 already bought it, and as you say this is a great way to get the game out to people who wouldn't have bought it and to get everyone talking about Angry Birds just at the time the studio wants them talking about it. Of course, they could have given it away for free but that might eat some of their potential Birds 2 customers - as you say, this way they can give everyone a free taster, make it the hot topic again just as people were getting bored with it, then release the sequel (and patch the hole in the original).

It's all relative

[jwietelmann]

This headline is stellar by Slashdot standards. Count your blessings.

Re:It's all relative

[getNewNickName]

I come to Slashdot to debunk sensational headlines. I value any comments that bring clarity to the issue, not those that just parrot the sensationalism.

Mac App Store reports back all your applications?

There are reports from various forums implying that the Mac App Store collects info on all the applications that reside in your computer and reports them back to apple. So, if you applied the 10.6.6 update, chances are apple knows all the applications you used to run till today and has them associated with your itunes id.

This can be such a massive privacy breach that I can't even fathom the implications. But one thing is certain, many many many mac users simply would not tolerate it.

This is not sarcasm, even Windows would be preferable to this stupidity.
 

Stupid Summary

[stewbacca]

DRM isn't mentioned in the article, nor is it even inferred.

But hey, what better way to get a bunch of hyper-sensitive DRM haters to click a link!?

Re:Stupid Summary

[delinear]

DRM isn't mentioned in the article, nor is it even inferred.

But hey, what better way to get a bunch of hyper-sensitive DRM haters to click a link!?

Line one of the article, in case you missed it (easy to do, it's in 15px and bold):

The Mac App Store has only been open for 24 hours but methods for circumventing Apple's DRM are already hitting the Web.

I agree this actually has nothing to do with DRM amd DRM is not mentioned in the original tutorial, but it's definitely mentioned in the article linked from the summary.

Re:Stupid Summary

[stewbacca]

Oh yes, indeed, there it is. Proof that, in making everything BOLD, nothing stands out (page layout 101).

Then it's not a bad slashdot summary, it's a bad article summary.

Re:Stupid Summary

[dzfoo]

To click on a link? No, not in Slashdot.

      -dZ.

Protection not worth the effort

[michelcolman]

Apple's recommended piracy checks consist of calling certain system routines to check the validity of the receipt. How hard do you think it's going to be to intercept those calls? I can see an automated cracking application appearing in three... two... one...
That's why I personally did not even bother trying for my own brick game Colibricks. I just hope enough honest people are going to download it. If they can dig into an application bundle to replace a file, they will certainly be able to download the latest automated app cracking application which I'm actually surprised hasn't arrived yet.

Re:Protection not worth the effort

[michelcolman]

Yep, as someone just pointed out, Gizmodo has a story about "Kickback", an application that allows you to pirate any app in the app store, with or without protective system calls. It hasn't been released yet, for some reason they're waiting until February 20. I'm sure someone else will come along and release something similar well before then. (Three... two... one...)

Pirate software, much?

[AC-x]

Is this really any different from any other way of obtaining pirate commercial software? Sure there are extra steps app store developers could take to make it more difficult but there's plenty of commercial software that installs quite happily with just a serial number, and at any rate you can use all the DRM and copy protection in the world but all it takes is one hacker to post a cracked version on bittorrent and anyone can get hold of it just as easily.

Re:BSD? PC?

[icebraining]

How is this flamebait? How are current Intel Macs any different from other PCs? And OS X is based on BSD.

The real story: App Store DMR cracked

Gizmodo has the real story: http://gizmodo.com/5727080/mac-app-store-cracked-for-piracy

"... by installing a software called Kickback, you will be able to pirate any applications in the store."

Re:The real story: App Store DRM cracked

Gizmodo has the real story: http://gizmodo.com/5727080/mac-app-store-cracked-for-piracy

"... by installing a software called Kickback, you will be able to pirate any applications in the store."

The slashdot story is not worth mentioning, but this is something different. They are the same people who cracked the iOS DRM and they don't want to release the tool until the App Store "has a lot of crap in it". Funny guys...

Apps Don't Use DRM - Everyone Panic!

[99BottlesOfBeerInMyF]

Seriously, the whole story is that some apps aren't checking to see if the Mac in question has a receipt for that app. Most apps on OS X don't bother checking registration now. Heck, OS X doesn't even check to see if the user has a valid key. First, how is this news? Second, why the hell is apps not using DRM being spun on Slashdot as a BAD thing? Seriously, when did Slashdot become pro-DRM? Oh no apps are freely copyable and users can share them without DRM getting in the way, if the app developer made them that way! Seriously people?

Re:Apps Don't Use DRM - Everyone Panic!

[Swift2001]

The became pro-DRM when Apple dropped it, of course.

Re:Mac App Store reports back all your application

There are reports from various forums implying that the Mac App Store collects info on all the applications that reside in your computer and reports them back to apple. So, if you applied the 10.6.6 update, chances are apple knows all the applications you used to run till today and has them associated with your itunes id.

FUD. Let's state your bolded text more accurately: "apple knows all the applications you bought on the App Store and has them associated with your itunes id." Any store that has any sense keeps track of customer purchases. Even retail stores do that.... ever been to a Radio Shack recently? How they ask for your phone number? I give them a fake one. Not sure that does any good, but at least they can't call me.

And as for Microsoft...... You don't think they track anything with Windows Genuine (dis)Advantage? It's already been caught phoning home, and as far as I know, it still does.

Re:BSD? PC?

[NotQuiteInsane]

How are they different?

On a hardware level: the Embedded Controller chip which stores the OSX encryption keys.

On a software level: the pretty GUI, covered in chrome :)

But seriously, I borrowed one (via VNC) the other day, and I'm starting to want a Mac.. and I'm a dyed-in-the-wool PC user (Linux, thankfully).

Re:BSD? PC?

[aristotle-dude]

How is this flamebait? How are current Intel Macs any different from other PCs? And OS X is based on BSD.

They have a proprietary power management system which allows you to schedule power on and off, audio out ports which support both analog and digital optical do not turn on the optical output unless if you plug something into the port. Macs use EFI for everything. There are also some performance tweaks on the motherboard and that is one of the reasons why macs were a bit faster running windows than an equivalent spec PC. The other reason for the speed increase was that the video bios is emulated by the bios compatibility model so any code that access the video bios will be faster accessing the in memory bios rather than bios on the gfx card.

Finally, OS X is not based on BSD alone. It has a XNU kernel which is a hybrid of Mach microkernel code and some BSD kernel code. It also has some BSD userland, GNU userland, System V Unix and proprietary stuff written in house.

Apple has open sourced the core OS including some stuff developed in house.

Re:Mac App Store reports back all your application

No, first time you run the mac app store, applications installed via other means (installer,copy,whatever) are detected and marked as already installed. There are reports that applications are detected even when copied to other volumes. Until there is evidence to the contrary or apple explicitly denies it, assume that your apple id is associated with whatever you had in your hard drive.

Re:BSD? PC?

[zach_the_lizard]

EFI is not a Mac only technology. You can get PCs with that. Aside from that, there's no fundamental difference between a PC and a Mac. There's no difference in processor architecture, so I can run what I want on a Mac and, with some hacks defeating the DRM, I can run OS X on a PC.

Re:BSD? PC?

[icebraining]

On a hardware level: the Embedded Controller chip which stores the OSX encryption keys.

So it's a laptop with a TPM chip? That's not really Mac specific, is it?

On a software level: the pretty GUI, covered in chrome :)

That doesn't change that fact that it's a PC, that happens to come with a specific OS. Technically, you could install it on any other PC.

Re:BSD? PC?

How are current Intel Macs any different from other PCs?

True about the flamebait complaint. However, if they were "not any different" we'd be running legal OS X on our home Intel PC's. We can't, so they aren't.

There's a loophole in the one-way installability one OS on the other, where Windows is fine fine on Macs. Mac = Intel PC + mac stuff, and thanks that "stuff" the OS X CD refuses to let me pirate my way into MacOS X, which is way cheaper than most current Windows copies.

Re:BSD? PC?

[icebraining]

They have a proprietary power management system which allows you to schedule power on and off

My BIOS can do that.

Macs use EFI for everything.

Macs weren't the first to use it. The HP Itanium 2 could boot Windows and Linux in 2002, before Mac OS X. It may be much less common, but it's not Mac exclusive by any means.

There are also some performance tweaks on the motherboard and that is one of the reasons why macs were a bit faster running windows than an equivalent spec PC. The other reason for the speed increase was that the video bios is emulated by the bios compatibility model so any code that access the video bios will be faster accessing the in memory bios rather than bios on the gfx card.

It has some tweaks and a bios emulated code. So do some other PCs. Doesn't mean they're not PCs.

Finally, OS X is not based on BSD alone. It has a XNU kernel which is a hybrid of Mach microkernel code and some BSD kernel code. It also has some BSD userland, GNU userland, System V Unix and proprietary stuff written in house.

Yeah, alright, it's based on other stuff too. How does that make it flamebait?

Engadget has the real story: App Store DRM cracked

Don't worry, the article just has an inflamatory headline. It's not not apple's security that's been broken, it's the security of apps that haven't followed apple's documented method of verifying that they're installed in a valid way.

No, see:
http://gizmodo.com/5727080/mac-app-store-cracked-for-piracy

"... by installing a software called Kickback, you will be able to pirate any applications in the store."

The slashdot story is not worth mentioning, but this is something different. These are the same people who cracked the iOS DRM and they don't want to release the tool until the App Store "has a lot of crap in it". Funny guys...

Re:Engadget has the real story: App Store DRM crac

[beelsebob]

Until I actually see their supposed crack, I don't believe it at all ;)

Re:BSD? PC?

[Late+Adopter]

How are current Intel Macs any different from other PCs?

Traditionally, "PC" is short for IBM PC compatible, meaning not just x86, but also BIOS.

Granted nowadays PC is used as a colloquialism for "Windows computer", so maybe as EFI becomes more popular the original definition will cease to be true.

Re:BSD? PC?

[TheDarkPassenger]

How are they different?

On a hardware level: the Embedded Controller chip which stores the OSX encryption keys.

On a software level: the pretty GUI, covered in chrome :)

But seriously, I borrowed one (via VNC) the other day, and I'm starting to want a Mac.. and I'm a dyed-in-the-wool PC user (Linux, thankfully).

I did the very same thing a week ago. Used my brothers mac for 30 mins enjoyed it and so wanted one I even started browsing the Apple site with a view to a purchase. Then I skinned Ubuntu with Macbuntu, got the urge out of my system in 2 days, switched back to Ubuntu with gnome desktop and saved myself in the region of £1000!!! Try it; and send me half of your savings ;-)

Apparently, it's the developers

[Swift2001]

There is no DRM per se on programs sold on the Mac App Store. But Apple does advise developers to authenticate the receipts with the bundle IDs. Many programmers, like Rovio, apparently, either didn't bother or did it wrong. You can put in phony receipts, with the wrong numbers, and it works. Undoubtedly, there is a way to fake even real receipts, and that will be discovered in the future. Piracy is rather trivial on the Mac, in fact. A simple serial and a copy of Little Snitch will get you just about anything. And the OS isn't locked down at all, like some other OSes I might mention.

Re:BSD? PC?

[NotQuiteInsane]

LOL!

Actually, I'm looking into buying a basic Mac Mini for development work -- someone asked me to port a bit of my code to OSX, which I can't really do without a Mac of some description...

Re:Mac App Store reports back all your application

[99BottlesOfBeerInMyF]

No, first time you run the mac app store, applications installed via other means (installer,copy,whatever) are detected and marked as already installed.

Marked installed? What does that mean? How is Apple identifying apps they've never even seen?

There are reports that applications are detected even when copied to other volumes.

What reports and how are people claiming to know this? Citation?

Until there is evidence to the contrary or apple explicitly denies it, assume that your apple id is associated with whatever you had in your hard drive.

Now that would be quite a trick since the App Store app doesn't autodetect your AppleID from iTunes and asks you to enter one. So how are they associating the ID with the apps on the first run, when the application doing the detecting does not yet know the ID?

All I've seen so far is some fairly spurious guessing on your part. Perhaps you're confused because the app does look for some Apple created apps for purposes of keeping those updated (since Apple ditched the other update mechinsms for them). I suppose we can test your hypothesis with a couple of Macs to see how the data transferred changes (in volume if nothing else) between a Mac with a lot of apps and one with none, but rather than make an assumption either way, maybe it's better to gather some actual facts?

Re:BSD? PC?

[ChunderDownunder]

How are current Intel Macs any different from other PCs?

Reality Distortion Field. Duh.

Re:BSD? PC?

[CheerfulMacFanboy]

Macs use EFI for everything.

Macs weren't the first to use it. The HP Itanium 2 could boot Windows and Linux in 2002, before Mac OS X. It may be much less common, but it's not Mac exclusive by any means.

I'm not sure what your point is. An Itanium is not a PC, unless PPC Macs are also PCs.

Re:BSD? PC?

So it's a laptop with a TPM chip? That's not really Mac specific, is it?

A few Mac models at the very beginning of the Intel transition shipped with TPMs, but Apple never used them to do anything, so they ended up removing it. Ever since, no TPM.

What they do have is a custom chip called the SMC (System Management Controller) whose primary functions are things like power and thermal management. However, it's also used to store a decryption key needed to decrypt a couple of key operating system binaries. That's how MacOS X ties itself to real Apple hardware: it expects to be able to read the decryption key from a SMC chip during boot, and if it can't, it won't be able to decrypt and run the encrypted binaries.

The decryption key is quite easily read out by software. They didn't try to obfuscate the mechanism for reading it at all, it's just a couple registers. Thus, in practice it was barely a roadbump in the way of those who wanted to hack OS X to run on non-Apple hardware. They haven't ever tried to improve on that mechanism. The best guess is that it's just a plausible antipiracy mechanism which must be circumvented, which allows them to invoke the DMCA if they go after anyone.

Re:BSD? PC?

[nobodie]

Ditto that. I work around kids whose expensive international school requires them to buy a mac. They have the money, and frankly, letting kids like this loose with a virus vacuum like W7 would be suicidal for everyone involved.

How do I know? the kids at the university where I teach all have WinXP, Veesta and 7. I have to use a portable apps copy of clamav to check the Kaspersky installed to make sure that the classroom computers (used only for class presentations and teacher stuff) stay clean. Kaspersky slows the box down so much that it can take 2 or 3 minutes to mount a USB drive.

Still, just two weeks ago there was a classroom box that had such a nasty one that it shut down Kaspersky, crippled my clamav and installed in the USB drive. I called IT and they are still trying to kill the sucker. Do we really want teenagers without a clue to be carrying this stuff around? Give them all macs and then tell them that "when they grow up" they can have linux. This will solve a whole lot of problems both now and the future and assure the final "year of the Linux" desktop in a decade or so.

Re:BSD? PC?

[deroby]

Although I agree there is quite a bit of windows-based nastiness around, do you honestly think that no such thing exists on Mac ? Or will you switch to a new "niche" OS each time the amount of viruses has reached a certain threshold ?

(and please don't give me the "OS-X" is safe by design line; the little time needed to own "locked down" OS-X machines in public contests is simply testimony that there is plenty of "options" for the bad guys to use, they simply can't be bothered and/or haven't been caught yet).

Re:BSD? PC?

[nobodie]

no, i'm not going to argue that, but here in China (where the hackers can get into almost anything they chose to attack whenever they want to) the viruses, trojans and other malware (in this i am afraid i have to include legitimate banking software as well) are all windows based because of the low-hanging fruit principle. Why bother messing with a mac when there are 10,000 windows PCs for every mac?. And linux, same same only very different.

Don't get me wrong, i run linux at home (4 PCs) and work (my office box) but i also don't assume the inability to get malware: i use avast, rkhunter, and firefox security plugins on all the browsers. And still assume risks

But the kids, man the kids are sooooo clueless.

Re:BSD? PC?

[badkarmadayaccount]

It's also easily found on amd64 systems.