Slashdot Mirror
Mac OS X Sandbox Security Hole Uncovered
Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."
Apple recently announced they were pushing back the requirement for sandboxing, originally the requirement was November. Maybe this is why.
"I use a Mac because I'm just better than you are."
This is a fake story about a fake hole. The "vulnerability" is that some sandbox profile, called "no-network", which isn't part of App Sandbox (a totally different sandbox technology, that will be required for apps on March 2012), but rather part of the legacy sandbox technology that was unused by 3rd party developers, only prevents network access. Yes, the no-network profile only prevents network access.
It's sad what's happened to Core Security in the past year or so.
Sandboxing is a really good idea, and doesn't introduce much overhead (although communication with devices might be problematic!). Kudos to Apple.
http://www.lowendmac.com/newsrev/11mnr/1111.html#1
http://www.cultofmac.com/113977/os-x-lion-sandboxing-is-a-killjoy-destined-to-ruin-our-mac-experience/
Why make it so you can't the ability to save changes to files that you do not own? Why have it ask for admin rights when doing so?
under the sandbox adobe CS apps will not be able to work with each other and even then it will be a hard fit into the app store.
The top of the line pack is US$ 2,599 way over the apps store max price of $999 and even then that is like $780 for apples cut now I think it costs way less then that to sell it on your own per copy.
also adobe has upgrade pricing as well. Will the app store system let you have up gate prices? even from older vers not in the app store.
Ever since JavaScript, iOS, and Android became widely hyped, we've heard a lot of fools screaming on about how sandboxing is somehow the solution to all of computing's ills. They claim it'll provide perfect security, and processes will be totally isolated from one another, and performance won't suffer, and a whole host of other claims that are utter bullshit.
This incident is so important just because it blows a hole in everything these sandbox-loving idiots are claiming. This is important because it's reality putting their silly theoretical beliefs in the spotlight, where everyone can see just how full of shit the "sandboxing is the answer!" crowd is.
Those of us who have pointed out that all sandboxes are imperfect, and are merely another tool in our toolbox, have been proven right once again. After all, we've been dealing with these sandboxing techniques since they were first implemented on mainframe systems, and then later in most commercial UNIX systems and the BSDs, and then by the JVM and .NET.
Sandboxing has its place. Like I said, it's one tool among many. But it's not the savior that so many have claimed it to be, especially as of late. I suppose that we shouldn't be surprised that these fools are so wrong. After all, many of these "programmers" only know JavaScript. Hell, some of them were born after 1990, a good 20 years after we realized what the problems were with sandboxing after it had been implemented on mainframes back in the 1960s and 1970s.
Huh? That should be the norm. I don't want any doofus or luser to modify my files.
Using sudo/su in these circumstances is proper Unix practice. (Mac OS X _is_ in fact a certified Unix system)
I think everyone argues that sandboxing limits the resources applications can access and makes it more difficult for malware to compromise systems. Well, at least for a fully functional application sandbox.
But your app can't even ask for rights so that makes it hard to edit some.
and next is a app can't even open other app's files or even see the full file system.
after that games can't have mods or user maps or use a map editor that is not part of the main game app file.
Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.
> Yes, the no-network profile only prevents network access.
1. no-network profile does *not* prevent network access see PoC [1]
2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless. As a result network access is available to sanboxed applications.
[1] http://www.coresecurity.com/content/apple-osx-sandbox-bypass
This will not happen. I see this bullshit paranoia all the time. The mac will NOT be app-store only. However, if you CHOOSE to run app store only apps, you get sandboxed, vetted apps from a trusted vendor. Windows 8 is going the same way.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You're absolutely right. This is always the path taken with sandboxing. Once people realize that the sandbox is preventing them from getting real work done, the next hyped "feature" is usually some way to bypass the sandbox.
This is exactly what IPC was on UNIX systems, for instance. It allowed unrelated and isolated processes to communicate with one another. For a while it was one of the big selling points of certain commercial UNIX variants.
Apple and Microsoft (with Windows 8) are merely 30 years behind those who were the true leaders. But instead of learning from history, they'll spend the next few years causing numerous problems thanks to sandboxing, and then sometime around 2015 or 2016 we'll see support for bypassing the sandbox start getting hyped as a competitive advantage.
I think some will be app-store only.
I would not be surprised if iMacs or entry-level Macs become app-store only.
It appears to me that's the direction Apple is going. If they continue to build non hand-held computers at all, that is. That doesn't seem to be their focus any more, sadly.
You are welcome on my lawn.
That's ok, we absolutely don't want to have every app bought from the app store and run in a sandbox. That makes it too easy for Apple to lock down their entire OS, at which point I have to trash my Mac.
"First they came for the slanderers and i said nothing."
What has not yet been lifted in this thread is that OSX and IOS are starting to look a lot more like each other, or OSX is looking a lot more like IOS since Lion upgrade, i think we will see more and more aspects of the mac being locked in. I am seriously looking at going back to Debian for my desktop.
Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.
...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.
Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.
OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
>I would not be surprised if iMacs or entry-level Macs become app-store only.
Then you clearly don't understand Apple as well as you think you do. Tablets, etc. can be limited, but customers are used to tweaking their desktops or laptops. Apple knows this.
Windows 8 is not going app store only and but even then MS is more open to in app user maps and addons.
But steam is big on windows so I don't see that being locked out and there way to many old apps out there as well.
flash forward, year 2014: major retailers are announcing they'll no longer sell computer or game software in their stores, yet they'll sell passcodes which will allow you to download the software from the major online app stores, this passcode will give you a retailer defined discount. Hint..{apply for your patent now!}
From: we hate microsoft, apple, intel, dell, and hp.
RMS for president!
With all the recent discussion about software version numbering.. and how it is now redundant .. can someone from the 'I don't think version numbers are needed at all' side of the fence comment regarding how they would have referred to "Mac OS X 10.7x, 10.6x and 10.5x" in the context of this story?
I recently had a problem with Chrome 9. Took me ages to determine that it was chrome 9 that was the problem, given that it is not an issue on Chrome 11. Just glad my issue wasn't security related (some of the google pages would not render and were iteratively reloading content).
Why can't everything be run in its own sandbox? Isn't this where IT security is heading?
You have a sick, twisted mind. Please subscribe me to your newsletter.
business use will drive UEFI with lot's on xp / 7. At least windows 7 will have to be able to boot that UEFI mode and Linux is used by business for stuff as well alot of the web severs so that is a big area that the OEM will not want to be locked out of.
. . . until a Windows virus will run.
That's ok, we absolutely don't want to have every app bought from the app store and run in a sandbox. That makes it too easy for Apple to lock down their entire OS, at which point I have to trash my Mac.
We don't. Take note of the definition of "we" in this context.
"We" does not include Apple.
flash forward, year 2014: major retailers are announcing they'll no longer sell computer or game software in their stores, yet they'll sell passcodes which will allow you to download the software from the major online app stores, this passcode will give you a retailer defined discount. Hint..{apply for your patent now!}
From: we hate microsoft, apple, intel, dell, and hp.
RMS for president!
satellite FAP kills it.
4g caps to low.
Cable ok but caps need to go up and some systems may need more nodes splits to fit the load in.
DSL needs to move up faster speeds with more Adsl2 / other newer techs, some people max out at 1.5 due to being far from the CO or RT.
Besides, Adobe has figured out an even better way to screw their users - they're going to put their heads in the cloud and their fingers in our wallets by switching to a subscription service.
How do you like them Apples, Charly?
Faster! Faster! Faster would be better!
No. You don't have to trash your Mac. OS X 10.5.8, Leopard, has the following useful characteristics:
1) it allows 64-bit data, so apps written for it can process massive data sets when used with 64-bit capable processors;
2) it comes on optical media, and is both easily installed and duplicated;
3) it is beginning to receive support from the user community (as opposed to Apple) for the bugs Apple left in it; (console messages in error with cron operations, anyone? -- not anymore)
4) it supports a wider range of available drivers than either Snow Leopard or Lion (or presumably, any of their successors);
5) it supports PPC emulation, consequently doesn't obsolete all those years of software, as does Lion;
6) Apple updates for Leopard that don't implement the problems of Snow Leopard and Lion are available as files;
7) Most responsible developers still support Leopard (it's still used by ~30% of the installed base)
8) The more people use Leopard, the healthier the OS X software community will be
9) No sandboxing -- straight up access according to user permissions. Terrific resistance to non-privileged exploits; the usual vulnerabilities if you're gullible enough to install malware and give it access.
10) Available for PPC, so entire spectrum of Macs for many years are usable and available as a market. If it ain't broke... don't stop supporting it.
Speaking as a developer, my company is aiming straight at, and developing under, Leopard; though we do test under Snow Leopard and Lion. It's a shame to have to give up some of the API's we could otherwise use (no one here is interested in implementing features that only work under later OS versions), but clearly it's the right thing to do: unlike Apple, we're not inclined to leave users behind, which is the philosophy that clearly underlies 10.6 and later.
Leopard is kind of like Apple's version of XP, except without the built-in obsolescence of "activation." It'll work natively for many, many years yet and with the advent of VMs, probably decades after that. It is easily "Hackintoshable." And in the meantime, if enough people drag their feet, maybe even Apple can be made to "get the message" that it isn't OS X that needs to move in the direction of IOS... it's IOS that needs to move in the direction of OS X. You know, things like nested folders, apps that can work filesystem-wide, etc.
I've fallen off your lawn, and I can't get up.
"The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
"For I desired mercy, and not sacrifice" -- God
Buddy, Apple does what it wants -- they are *famous* for doing "teh stupid"
Yup, if there's one thing Apple is famous for, it's their inept decision making. That's why they are doing so poorly and their products are so unpopular.
I don't care if it's 90,000 hectares. That lake was not my doing.
Apple built their business on good decision making, no question. But also no question, they've made grave errors recently. Why do you think Lion has such a low adoption? Why do you think the Apple fora are full of complaints? Why do you think so many IOS apps are crashing, and why the advertised features of IOS5 don't work? Why is it that Apple isn't doing sufficient testing prior to release? Why is it that they are leaving so many existing, recent customers out in the cold? Why is it that they are dumbing down OS X applications? They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.
As the financial dweebs say: past history is no guarantee of future performance. But past history is what gets a company to wherever they are, today.
As soon as you learn to distinguish these two concepts, you'll begin to understand what is happening.
I've fallen off your lawn, and I can't get up.
App-store only:
1. Would breach EU laws on monopolies, market abuses etc
2. I get my scanner drivers from the manufacturer, don't see the problem.
Windows 8 is not going app store only and but even then MS is more open to in app user maps and addons.
I thought Metrosexual apps were going to be app-store only?
It's going to be hard for any OS developer to turn down the idea of getting 30% of every piece of software installed on a sysem.
Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.
That's a third party problem, they need to support their own devices.
Customers were used to being able to run the PPC apps they had spent many dollars on... Apple took that away in Lion.
After they licensed very expensive software (Rosetta) to give you years to ween yourself of off PPC. I find it hard to imagine another OS vendor expending that much effort to do a seamless transition, even Bill Gates was impressed they pulled the intel switch off as seamlessly as Apple did. Ungrateful much ?
Customers have been used to apps (oh, I dunno, like Photoshop?) that were part of a system of apps that worked with their data, and Apple's taking that away within the bounds of the app store... and you think it's unlikely that this policy will spread outside the store?
Yes, they're not going to piss off a sizeable part of their customer base by making it impossible to run Photoshop or other Pro apps.
Buddy, Apple does what it wants -- they are *famous* for doing "teh stupidz" -- folders that don't nest under IOS, "wifi sync" that doesn't work under Leopard, a 4-year old native OS, while it does under XP, a ten year old non-native OS, they break the living hell out of IOS apps with just about every "upgrade", forcing developers to put up Yet Another Version of their app to correct for the incompatibilities...
Nested folders are a bad idea. People don't get nested hierarchies, spend some time watching non-geeks use computers and you'll see.
Leopard is down to 22% market share, XP only just dipped below 50% this summer. There's a vast amount of XP machines out there, so unfortunately Apple should expend the effort to support them.
iOS is a platform that's developing at an enormous pace because mobile is so competitive and fast evolving. Change or get left behind is the name of the game, accumulating backwards compatibility cruft à la Windows would be deadly. That said I have not heard many complaints about breakages.
When your reasoning depends upon Apple doing things because customers have expectations, your reasoning is no better than a random guess. Apple makes roadmaps, has "visions", and then aims at them. Up until Leopard and IOS4, they were doing pretty well at hitting the target, though of course everyone wanted more. 10.6 and later, IOS5... these are huge bags of fail from several perspectives, most especially from the one you're using to make your assertion: Apple doesn't aim at keeping customers expectations static.
You obviously don't like iOS5 and Lion. There are a lot of us who would beg to differ.
If all else fails, immortality can always be assured by spectacular error.
Then you clearly don't understand Apple as well as you think you do.
No, I think it is you who doesn't understand Apple.
No, it is YOU, my friend, who doesn't understand Apple! I don't understand your beef. the software works well and respects my limited time. what do I mean by this? I don't have time to waste on defrag, chasing problems down, etc etc barf barf barf. I have a girlfriend. Thank you, apple, for giving me time for other things.
-- Flame me and I will happily flame you back. Bring it!
"Watch me not care."
BOOM
anittrust will get in the way of this app store only stuff and lunix will pick up.
Why do you think Lion has such a low adoption?
[[citation needed]]
Why do you think the Apple fora are full of complaints?
[[citation needed]]
Why do you think so many IOS apps are crashing, and why the advertised features of IOS5 don't work?
[[citation needed]]
Why is it that Apple isn't doing sufficient testing prior to release?
[[citation needed]]
Why is it that they are leaving so many existing, recent customers out in the cold?
[[citation needed]]
They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.
[[citation needed]]
-- Flame me and I will happily flame you back. Bring it!
Lion's 16% installed base is NOT bad after only 4 months. The Apple fora have always been full of complaints. All the rest is just opinions and conjecture on your part, how about some figures ?
If all else fails, immortality can always be assured by spectacular error.
Unfortunately you're clearly too dense to even use google so you obviously don't have the intellectual capacity to comprehend citations for the claims anyway.
Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.
Why? Just because SecureBoot is available doesn't mean it has to be turned on.
Google Lion Adoption
Google Apple fora complaints
IOS5 feature not working
IOS app crashing
if apps are crashing and drivers don't work and features don't work and data is being lost and batteries are being consumed too fast at release time... they're not doing enough testing. Or is that too complex an idea for you to wrap your head around? Go read the apple support forums, for FSM's sake. Your profound ignorance is annoying.
Seriously? Ok, starting with Snow Leopard, there's a huge list. With Lion, I'm just going to point at them dropping the PPC emulator and see if you get it (keeping mind that there are many additional issues similar to those at the above Snow Leopard incompatibility monitor. But, you know, Google it.)
Oh, Jeez, low-hanging fruit. I'm sorry (well, not very): [says nothing, points finger straight at you]
PS: Nothing I said was in the least an exaggeration or hyperbole: I'm an active Mac and IOS user and an OS X developer, and in these matters, I am reasonably well informed.
I've fallen off your lawn, and I can't get up.
No? $29.95 for all your machines? Sounds like a bloody bargain to me -- seriously, it does. Saving a measly $29.95 as compared to 250 new features for your Mac? Some of which, like resizing windows from every edge, and improved gestures, and better networking, to name just a few, are highly desirable. Also, you don't even need media -- you can just download the thing. Instant access, amazingly low price, extremely generous licensing, lots of new features. Sounds awesome. So why not upgrade?
How about because.... Lion breaks a whole lotta stuff (like, every PPC app and driver anyone ever owned) on top of what Snow Leopard broke ? Oh yeah. That would be why. :o)
Also, that's why there are nearly twice as many people still using Leopard (10.5.8), at about 30%. Because Lion is a lousy release on top of another lousy release: Snow Leopard. This is true even though if they upgraded today, they'd get those 250 Lion features plus the Snow Leopard features.
Look, both Snow Leopard and Lion are fine: if you're a new user and you will only buy new, compatible software. And that, no particular surprise, is the demographic that will make Apple the most money. But if you've been with them for a while, as I have, then you may have quite an investment in software. And that can change the picture quite a bit.
Not so. see above for figures for the Google-impaired.
I've fallen off your lawn, and I can't get up.
It would? How come they let Apple sell IOS apps only from the app store, then? In other words, I can't make an IOS app myself, and sell it to you myself. I have to use the app store. And the EU clearly allows this. How does that fit in with your assertion?
And if the scanner manufacturer made your driver a while back, and it worked fine, but won't under Lion or Snow Leopard... and there is no update for it (and why should there be? It was working fine, and can continue to work fine as long as you don't install Apple's broken OS)... What then?
I've fallen off your lawn, and I can't get up.
Peak for president! (It's 1.414 times better!)
(cough) sorry.
I've fallen off your lawn, and I can't get up.
VM's FTW. :)
I've fallen off your lawn, and I can't get up.
So that's all it took? An iPhone and a Macbook and bam! you get a girlfriend? Those are some great products.
There are plenty of lonely-looking Apple users sitting in the coffee shop at 10:30am who are still waiting, it appears. Maybe as usual Apple didn't have enough inventory at roll-out.
You are welcome on my lawn.
Cork?
"I've got more toys than Teruhisa Kitahara."
How about because.... Lion breaks a whole lotta stuff (like, every PPC app and driver anyone ever owned) on top of what Snow Leopard broke [wikidot.com] ? Oh yeah. That would be why. :o)
We have one computer at work that runs Leopard and still has an ancient PPC version of an early Photoshop CS. But really, for most mac users, is this even remotely relevant?
Also, that's why there are nearly twice as many people still using Leopard (10.5.8), at about 30%. Because Lion is a lousy release on top of another lousy release: Snow Leopard. This is true even though if they upgraded today, they'd get those 250 Lion features plus the Snow Leopard features. [wikipedia.org]
Again, do most Mac users (beyond the power users) ever upgrade their OS? Heck, according to one of your links, 6% of all Mac users are still running 6+ year old system software! At my office we don't upgrade windows computers to new major versions, and we VERY RARELY upgrade macs to new major versions. We've got a tiger system and a win2k system still going. FWIW, I started using a Mac with 10.3 and I have always upgraded my OS pretty soon after release. I have opted not to buy Lion, mostly because I don't care for the download, but also none of the features are particularly compelling to me.
Really, the only fitting comparison would be to compare Leopard upgrade numbers to Snow Leopard upgrade numbers to Lion numbers. I don't know how that would like. Snow Leopard over Leopard is probably my favorite OSX upgrade.
Google Lion Adoption [lmgtfy.com]
even if adoption were leveling off, as your link suggests, you can't make your point without comparing that to adoption of prior versions. so, [[citation needed]]
Google Apple fora complaints [lmgtfy.com]
you imply that there's a new problem with "fora" (stupid word) being full of complaints. 1) in order to show that it is a new problem, you need to compare to the volume of complaints in "fora" in previous years. 2) how can a forum be full of complaints?
IOS5 feature not working [lmgtfy.com]
don't be a douche. just say, "the wifi sync has problems." not my job to read your mind. Save your snark for your boss, when you get fired.
IOS app crashing [lmgtfy.com]
shit crashes, what do you want me to say? your OP implies that shit is crashing more with iOS5 than with prior versions. [[citation needed]]
They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.
citation still outstanding on description of historical mac customer base. No rush. whenever you're ready.
-- Flame me and I will happily flame you back. Bring it!
it's not my job to google your bullshit. say something informed or shut your flap.
-- Flame me and I will happily flame you back. Bring it!
Why do you think Lion has such a low adoption?
I don't believe for one moment that is does have low adoption. A couple of days ago an ad company called Chitka put out a press release saying Lion adoption was slowing. But everything other than that, including from sources that are well known, indicate that Lion has had the fastest adoption of any OSX version up to now.
iOS5 and Lion certainly have had some teething problems. But only the kind of things one would expect to get fixed in point releases. I see from another post of yours that you are sticking with Leopard. Which is odd, because Snow Leopard was a great OS, an improvement over Leopard in every way bar one - it dropped Power PC support. Is perhaps your reason for not advancing because you still have an old Power PC Mac?
It's relevant for those Mac users who have PPC apps they want to keep using, and particularly so for those than have no upgrade path. And then there's this question: Why drop the PPC emulation at all? Wasn't broke. Didn't need fixing. But now it's gone. And your "ancient PPC version of an early Photoshop" just went from useful to zero if you upgrade. As does Mame, Appleworks, etc.
I've fallen off your lawn, and I can't get up.
Many people are not upgrading because there's no need to, and because application support is lagging. It has been only fairly recently (last year or so) that some macports started working correctly on snow leopard. There are still ports that do not work when compiled for 64 bits, so I still compile macports for 32 bits. The reason to update to 10.6, for me, was speed and stability. Those were killer features. Lion doesn't have anything that would be a killer feature, not for me at least.
A successful API design takes a mixture of software design and pedagogy.
The fundamental approach is flawed. They chose to use a special "launchd" app to control this rather than adding the extra security to the OS kernel fork/exec. Hence, the security flaw that these researchers found.
In typical Apple fashion, after being notified, they're trying to sweep it under the rug by revising the developer documentation.
In the context Apple is using the term "sandboxing" here, this is a description of "fine grained" privileges. Linux has had fine grained privileges for years. Under Linux, they're called "capabilities". And it is the Linux kernel that does the enforcement, so that the type of "end around" that is the security flaw wouldn't work. Also, Linux already has selinux in the non-MLS mode that does much the same thing [and more].
Even if the Linux kernel developers had decided to use the "launchd" approach, they would have [in all probability] carried over the privilege list from the original sender of the message with the message itself and made it available to launchd so that launchd would not allow escalation of privilege level.
So, Apple ... Bad architecture and bad implementation of the architecture.
And, the literature on this has been around for decades.
Like a good neighbor, fsck is there
OS X is not a mission critical OS. Even Apple says so. Makes one wonder just how seriously Apple takes OS security.
The mac will NOT be app-store only. However, if you CHOOSE to run app store only apps, you get sandboxed, vetted apps from a trusted vendor. Windows 8 is going the same way
Metro applications in Windows 8 will only be available through whatever they call the Windows App Store.
Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.
That's a third party problem, they need to support their own devices.
Yeah, which is why ypu should shut up about Linux not having a stable ABI. Wait... what OS are we talking about?
newsflash: users don't care about who's responsibility it is, they blame whoever changed the system. I have a client who is upset that their 8 year old office printer isn't fully functional under Windows 7, and they can't be convinced that that isn't Microsoft's fault.
Steve Jobs got his security hole exploited last month, and now apple fanboys are getting it too.
Looks like it's a ringer: http://www.macupdate.com/app/mac/15930/macnessus Warmest regards.
I don't think you appreciate how much more profit Apple makes off their non-PC products these days compared to their Macbooks and desktops. You may still think of Apple as primarily a PC company, but THEY don't. I think they accepted the fact that they would never be dominant in the PC market years ago, but they CAN be dominant in the MP3-player/cellphone/tablet/etc. markets. So guess what they're going to focus on?
Not only would it not surprise me if Apple made their PC's app-store only, but it wouldn't even surprise me if they got out of the PC business altogether (or broke that part off into a new company). The open-garden PC market is old news as far as they're concerned.
SJW: Someone who has run out of real oppression, and has to fake it.
It's relevant for those Mac users who have PPC apps they want to keep using, and particularly so for those than have no upgrade path
What I'm saying is, before making a huge deal out of this, it would be useful or informative to actually quantify the issues. For instance, I would hazard a guess that 99% of current Intel mac users never use PPC emulation/rosetta. I don't know if that's true or not, but like I said, I would bet that for most users, it's a non-issue.
Photoshop CS is nearly 9 years old. Yeah, I'm sad it won't run on the latest computers, but it still runs just fine on my G4 Powerbook, our G5 Powermac, our Intel Mac Pros, and my Mbp. If you rely on ancident software, don't upgrade to the latest and greatest hardware. Just doesn't seem like that big a deal! Incidentally, I recently bought Pixelmator for $30 and it's a HUGE upgrade over Photoshop CS.
Why drop the PPC emulation at all? Wasn't broke. Didn't need fixing
It was broken for me. The one real "legacy" application (a server application) we have at my office doesn't run under Rosetta and needs a $4000 upgrade to support OSX/Intel. So we've kept several old G4/G5 computers around as spares and for parts. My guess is that there were several reasons for dropping Rosetta: 64-bit mode issues, limited usage in the wild, and the cost to continue testing and maintaining it. Same goes for classic mode. Same goes for dropping 68k support back in the day.
In a way it kind of goes back to an issue faced by OS/2. Not sure if you're familiar with OS/2 or not, but back in the day it was a really fine operating system. Excellent performance. I remember with my computer at the time I could run 7th Guest in DOS very choppily. In OS/2 it ran smoothly! I assume it had to do with caching, but I'm not sure. Anyway, with OS/2 Warp you could literally use your win3.1 install disks to have full win3.1 support in OS/2. Retrospectively, a lot of people think that this ended up hurting OS/2 by stifling the native ecosystem. People just relied on windows applications, so developers didn't want to develop just for OS/2. The end result being -- dead OS/2.
And what about Mame? it exists.. http://sdlmame.parodius.com/
But Apple intentionally made it easy, and desirable, to upgrade to the Intel hardware... they did it by making sure you could run your PPC software, and bring it forward. So there was little reason not to upgrade (barring incompatible apps as the one you mention... hadn't heard of anything that failed to run, previously.) On the contrary, PPC apps kept working and that was *great*, as it meant you *could* upgrade.
But that door has been closed with Lion. And, like you say -- if it matters to you, you're better off not to upgrade any longer. And that's precisely why I'll be staying with Leopard. That, and driver issues that Snow Leopard brought into scope.
Speaking as a developer, knowing that some Apple users will need to stay with Leopard, and not particularly interested in limiting who I can sell my software to, I'll be using Leopard as the target OS in terms of APIs, while testing to make sure those APIs still work under later OSs. I definitely won't be using APIs from 10.6 or .7
I've fallen off your lawn, and I can't get up.
Yeah, I've only seen the one program that won't run on Intel, but I've only ever TRIED two programs. This one (http://www.kytek.com/) and Photoshop. If you need PPC, you can always virtualize Leopard and run PPC apps on there (ironic, no?). I'm not saying it's not unfortunate that PPC support is gone, what I'm saying is that for the vast majority of mac users (myself included), it just really doesn't matter. Apple hasn't sold PPC macs in over 5 years. They made it extremely easy for developers to develop for both platforms. The kind of tradeoffs you are talking about are made by developers all the time. You're absolutely right that as a developer you're wise to not forget about Leopard -- that's still nearly 20% of Mac users. Like Apple, you'll eventually have to make the decision about how long to support old versions of hardware/software. At what point will it no longer be useful for you to ignore newer APIs and stick with just 10.5? 10% of users? 5% of users? (after all, you're ignoring the 6% of users who are still on Tiger or before.)
7) Most responsible developers still support Leopard (it's still used by ~30% of the installed base)
Citation needed.
Personally, I see about 22% using Leopard, and dropping steadily, based on analytics data from my employer's website. (Which is skewed to a higher-income, higher-educated, but non-technical population.)
And in the meantime, if enough people drag their feet, maybe even Apple can be made to "get the message" that it isn't OS X that needs to move in the direction of IOS... it's IOS that needs to move in the direction of OS X.
I sympathize with your feelings about Lion, but every metric I van see shows explosive (relatively speaking) growth in Mac sales and Mac usage among the public. The more new Macs, which only run Lion, are sold, the smaller the fraction using Leopard becomes even if Leopard and Snow Leopard users don't upgrade. Too many incoming Windows refugees continue to validate Apple's strategy.
Lion's 16% installed base is NOT bad after only 4 months.
And that's assuming it isn't actually 26%.
http://www.mactrast.com/2011/11/os-x-lion-adoption-still-swiftly-increasing/
Note that it has already passed Leopard, which was itself long ago passed by Snow Leopard. Lion is doing fine.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.