IF Apple could have gotten Leopard out six months sooner it would have been a coup, but it's better that they miss that target than they release the system in the state that beta-testers were reporting it would likely be in if they released on time.
Instead, Leopard wasn't set to be released right near the time of Vista's release, and Apple wasn't going to hurry the process along more than they had to. In fact, we're all now waiting for Leopard's release in October, and this is largely due in part to the need for key members of the OS X team to finish up work on the iPhone so that it could hit store shelves on June 29th.
That's what Apple said, but people who were on the beta were saying that Leopard wasn't likely to be ready on time already, that it was way less stable and mature than Tiger and Panther had been at a similar point. And Apple has been known to dissemble, perhaps not outright fibbing but certainly exaggerating minor issues and not even mentioning major ones... so I still think this explanation should be taken with a pinch of salt.
Antitrust rarely applies in cases like this, even for monopolies, unless the competitor is big enough to create a new monopoly. A company can buy up and shelve competitors for years without that becoming an issue.
The palm-sized PC UI was a typical Windows 9x-derived 3d-style UI.
Pocket PC rejected all that and went back to a flat 2d Windows-3 style for all the gadgets and window details, and it looked way more attractive and professional than the 3d look in any version of Windows or Windows CE.
I don't know if the 3d look is the problem, but the Windows UI needs a lot of simplification. And I don't mean getting rid of menus or replacing control panel applets with "wizards" (which is what they seem to think 'simplification' means), I mean removing pure eye-candy UI elements.
Does this mean that they are going back to the microkernal design they inched away from to get added reliability?
First mistake: the NT kernel was never a microkernel. It has some features in common with one, but it's even less microkernel-like than Mach.
Second mistake: the biggest reliability hit Windows NT had was when they moved GDI into the kernel in NT4. They didn't do that to improve reliability, they did it to reduce latency and improve performance, and it hurt reliability.
Since they've decided that performance isn't that important any more (encrypting internal communication paths? Give me a break!) they could well be going towards a limited kernel and maybe even an actual microkernel design.
Realplayer, maybe, because it uses Microsoft's HTML control like Windows Media Player does. Makes them really nice portable trojan-horse front ends on Windows.
Quicktime doesn't support that security "feature".
Nobody can write even close to perfect software. It just isn't going to happen.
I'm not demanding anyone write perfect software.
I'm demanding that APIs be designed so it is in principle possible to use them securely, so that flaws in the API are bugs that can be fixed... not legacy features that have to be patched case by case.
Aha, light dawns. This is not what I thought it was then. I withdraw that part of my complaint.
I still argue that no warning dialog should be treated as an actual security feature. They don't work... Apple is going down the road towards UAC, and they're attacking the wrong end of the problem.
Seriously? This is one of your 'real' security holes?
Yes. The problem is that there is no such thing as a "safe" file. There are "secure applications", and if there is a deliberately secured application available to display an untrusted file then it can always be used, and if there isn't then the user should never be asked... the option to open a potentially dangerous file in an application with an unknown security stance at the time of downloading shouldn't be available: you should only open it in an application that explicitly advertises itself as being prepared to handle untrusted files, or by explicitly opening it from a download manager. Original comments here and in subsequent articles.
This one comes turned off by default
One of the ways that files are treated as safe has been, since I posted the original article, been turned off by default. The same pool of a mixture of sandbox and open applications (LaunchServices) is still used for opening URIs, unpacking archives, and so on... and this has been involved in more reported vulnerabilities in OS X than just about any other single cause.
The fix that Apple has used is the same one that Microsoft has used, and it's one that has failed to solve the problem no matter how Microsoft has tweaked it in the past 10 years, or Apple in the past 3. It's a bad solution, and the real problem needs to be addressed.
These are bandaids because they're like "morning after" pills...
The first line of defense is being BADLY neglected.
Get rid of the dangerous APIs (such as the single set of bindings in LaunchServices) and browser features (who the hell thinks automatically opening 'safe' files after downloading is a good idea?) first.
Systrace has itself had holes discovered in it, and been the source of privilege escalation vulnerabilities.
Address space randomization makes a lot of legitimate techniques harder.
BOTH add overhead.
And there's no indication that Apple has fixed the real security holes in OSX - the single set of LaunchServices bindings for both local and remote objects, and the appalling 'Open "safe" files after downloading' feature in Safari.
Instead, they're adding more Microsoft-like bandaids and unnecessary security dialogs.
Security is like sex - once you're penetrated you're ****ed. How about doing something about the obvious avenues for penetration first?
Sandboxing Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they're intended to do. It restricts an application's file access, network access, and ability to launch other applications. Many Leopard applications -- such as Bonjour, Quick Look, and the Spotlight indexer -- are sandboxed so hackers can't exploit them.
Bleh.
BTW, I'm pretty sure that a lot of the stuff I'm seeing people claim are copied from Vista originated in FreeBSD, OpenBSD, and VMS.
There are not "serious virus problems" in mobile phones, and given the fact that Darwin includes scripting languages that I can not imagine being restricted by signatures I don't believe any signing regimen will significantly restrict virus propogation.
I suspect the reason for these restrictions are:
* to avoid having to classify the iPhone as a software controlled radio. * to avoid Real or some other DRM pusher from making the iPhone and iPod Touch support their DRM. * to allow the iPhone to be locked.
Seller: And do you want a free 6 months of the MSN online service? Buyer: Uhhh... what's that? S: They offer news, games, and [insert other things they offer, albeit other places offer similar things for cheaper, that's not what they advertise]. *You can always cancel it before then and you don't get charged anything.* B: Umm... ok...
Seller: buncha other questions... Buyer: buncha "OK..." Seller: And do you want to activate the free 6 month MSN CD included in the box? Buyer: OK...
You say they're going to fire dishonest workers. Is that guy being dishonest?
What do they actually require they disclose?
Do you read all the paperwork when you're standing in line at the register?
What do the people behind you think about that?
or realize things at a store aren't free, durr
Some things are included in the purchase price, and are described as "free". Some things are promotional, and really free. Some things are subscriptions with a free initial period, and are described as "free". In virtually every case where I've run into the third category you actually need to use the service before you're really signed up... even the infamous AOL CDs.
If someone hasn't run into the third category yet, then it's not at all reasonable for them to miss this. Especially when there are plenty of cases where online content really IS in the first two categories... even when you get it from a store like the music card I got from Starbucks the other day (yes, I checked, there's no strings attached). There's even free online services that sound just like the service they're apparently offering.
The Yao paper doesn't actually appear to include any counterexamples in favor of strong patents, nor does it seem to address the social good of strong patents.
* The closest thing to a counterexample is the case of the blue LED, and I am not clear on how it applies to patents at all. How would a strong patent system similar to the current system in the US protect an employee under a strong work-for-hire contract?
* The arguments in the paper are very focussed on the potential value of the patent to the patent holder. The assumption that making patents valuable to the patent holder provides a social good doesn't seem strongly (if at all) examined.
In fact, the conclusions in the paper include "Our analysis suggests that very weak property rights does not, by itself, mean that innovation incentives are fully undermined. Thus, attempts to adjust the property right system based on the idea that weak property rights implies little incentive for innovation would underestimate actual innovation incentives and might lead to policies that provide excessive incentives to innovate." which is not at all an argument in favor of strong patents, even if it does encapsulate the assumption that the value of patents actually provides a net incentive to innovation (which is, of course, the assumption challenged in the Maskin paper mentioned in the original article).
If this is considered a "pro patent" study, then the case for the current strong patent regime is even weaker than I had thought.
OK, but making 3rd party software Vista-compatible doesn't mean you'll need to upgrade to Vista to use it, so upgrading from Vista to XP now isn't going to lock you out of this stuff.
As for OpenGL vs DirectX, I'm hoping the raytracing acceleration going into the next generation of video cards (according to email I got from Philipp Slusallek at Saarland University) means we'll get OpenRT and can leave traditional rasterizing behind. If a university can get 7 million rays per second (25 FPS in a quake3 benchmark) out of a 66 MHZ FPGA with 6 million gates, what do you think ATI or nVidia could do with a 400 MHz GPU with over 600 million (680M transistors in the nVidia 8800, no figures on how many gates per transistor)?
IF Apple could have gotten Leopard out six months sooner it would have been a coup, but it's better that they miss that target than they release the system in the state that beta-testers were reporting it would likely be in if they released on time.
Instead, Leopard wasn't set to be released right near the time of Vista's release, and Apple wasn't going to hurry the process along more than they had to. In fact, we're all now waiting for Leopard's release in October, and this is largely due in part to the need for key members of the OS X team to finish up work on the iPhone so that it could hit store shelves on June 29th.
That's what Apple said, but people who were on the beta were saying that Leopard wasn't likely to be ready on time already, that it was way less stable and mature than Tiger and Panther had been at a similar point. And Apple has been known to dissemble, perhaps not outright fibbing but certainly exaggerating minor issues and not even mentioning major ones... so I still think this explanation should be taken with a pinch of salt.
Antitrust rarely applies in cases like this, even for monopolies, unless the competitor is big enough to create a new monopoly. A company can buy up and shelve competitors for years without that becoming an issue.
Been there, done that, got the pink slip.
It's pretty sad when 250 MB is considered a small install.
Used to be that you could fit the OS on a floppy. Yes, including the GUI.
The palm-sized PC UI was a typical Windows 9x-derived 3d-style UI.
Pocket PC rejected all that and went back to a flat 2d Windows-3 style for all the gadgets and window details, and it looked way more attractive and professional than the 3d look in any version of Windows or Windows CE.
I don't know if the 3d look is the problem, but the Windows UI needs a lot of simplification. And I don't mean getting rid of menus or replacing control panel applets with "wizards" (which is what they seem to think 'simplification' means), I mean removing pure eye-candy UI elements.
Does this mean that they are going back to the microkernal design they inched away from to get added reliability?
First mistake: the NT kernel was never a microkernel. It has some features in common with one, but it's even less microkernel-like than Mach.
Second mistake: the biggest reliability hit Windows NT had was when they moved GDI into the kernel in NT4. They didn't do that to improve reliability, they did it to reduce latency and improve performance, and it hurt reliability.
Since they've decided that performance isn't that important any more (encrypting internal communication paths? Give me a break!) they could well be going towards a limited kernel and maybe even an actual microkernel design.
Realplayer, maybe, because it uses Microsoft's HTML control like Windows Media Player does. Makes them really nice portable trojan-horse front ends on Windows.
Quicktime doesn't support that security "feature".
What do you suppose normally happens when a company buys a competitor?
I doubt very much Photoshop will be any different to how it is now, but it will be delivered via the Web.
You mean like Gimp is? Like Adobe Acrobat is? Like every open source app and half the new proprietary apps out there are?
If they were just talking about online DELIVERY they could do it now. They wouldn't HAVE to wait ten years or even five.
Nobody can write even close to perfect software. It just isn't going to happen.
I'm not demanding anyone write perfect software.
I'm demanding that APIs be designed so it is in principle possible to use them securely, so that flaws in the API are bugs that can be fixed... not legacy features that have to be patched case by case.
Mac OS X has always has prebinding.
Aha, light dawns. This is not what I thought it was then. I withdraw that part of my complaint.
I still argue that no warning dialog should be treated as an actual security feature. They don't work... Apple is going down the road towards UAC, and they're attacking the wrong end of the problem.
Seriously? This is one of your 'real' security holes?
Yes. The problem is that there is no such thing as a "safe" file. There are "secure applications", and if there is a deliberately secured application available to display an untrusted file then it can always be used, and if there isn't then the user should never be asked... the option to open a potentially dangerous file in an application with an unknown security stance at the time of downloading shouldn't be available: you should only open it in an application that explicitly advertises itself as being prepared to handle untrusted files, or by explicitly opening it from a download manager. Original comments here and in subsequent articles.
This one comes turned off by default
One of the ways that files are treated as safe has been, since I posted the original article, been turned off by default. The same pool of a mixture of sandbox and open applications (LaunchServices) is still used for opening URIs, unpacking archives, and so on... and this has been involved in more reported vulnerabilities in OS X than just about any other single cause.
The fix that Apple has used is the same one that Microsoft has used, and it's one that has failed to solve the problem no matter how Microsoft has tweaked it in the past 10 years, or Apple in the past 3. It's a bad solution, and the real problem needs to be addressed.
Warning dialogs are not a security feature.
Name one.
Dynamically patching executables.
they're just adding more info to the existing dialog you get when launching a downloaded app for the first time.
THAT is already an unnecessary security dialog.
How does this make a Mac safer?
It doesn't. It's really to make it easier to track whether different versions of an application are different versions of the same application.
How does it prevent malicious software developers from signing their software and making it look nice and pretty?
It doesn't. Any more than it does on Windows.
These are bandaids because they're like "morning after" pills...
The first line of defense is being BADLY neglected.
Get rid of the dangerous APIs (such as the single set of bindings in LaunchServices) and browser features (who the hell thinks automatically opening 'safe' files after downloading is a good idea?) first.
I hope that there's a way to turn this stuff off.
Systrace has itself had holes discovered in it, and been the source of privilege escalation vulnerabilities.
Address space randomization makes a lot of legitimate techniques harder.
BOTH add overhead.
And there's no indication that Apple has fixed the real security holes in OSX - the single set of LaunchServices bindings for both local and remote objects, and the appalling 'Open "safe" files after downloading' feature in Safari.
Instead, they're adding more Microsoft-like bandaids and unnecessary security dialogs.
Security is like sex - once you're penetrated you're ****ed. How about doing something about the obvious avenues for penetration first?
I believe you're quoting from the Maskin paper, not the Yao paper I'm referring to.
http://www.nber.org/~confer/2005/IPEs05/yao.pdf
Bleh.
BTW, I'm pretty sure that a lot of the stuff I'm seeing people claim are copied from Vista originated in FreeBSD, OpenBSD, and VMS.
What do they mean by "sandboxing"?
They finally picking up FreeBSD jails?
Or are they talking about something like Microsoft's halfhearted attempt in Vista?
There are not "serious virus problems" in mobile phones, and given the fact that Darwin includes scripting languages that I can not imagine being restricted by signatures I don't believe any signing regimen will significantly restrict virus propogation.
I suspect the reason for these restrictions are:
* to avoid having to classify the iPhone as a software controlled radio.
* to avoid Real or some other DRM pusher from making the iPhone and iPod Touch support their DRM.
* to allow the iPhone to be locked.
Seller: And do you want a free 6 months of the MSN online service?
Buyer: Uhhh... what's that?
S: They offer news, games, and [insert other things they offer, albeit other places offer similar things for cheaper, that's not what they advertise]. *You can always cancel it before then and you don't get charged anything.*
B: Umm... ok...
Seller: buncha other questions...
Buyer: buncha "OK..."
Seller: And do you want to activate the free 6 month MSN CD included in the box?
Buyer: OK...
You say they're going to fire dishonest workers. Is that guy being dishonest?
What do they actually require they disclose?
Do you read all the paperwork when you're standing in line at the register?
What do the people behind you think about that?
or realize things at a store aren't free, durr
Some things are included in the purchase price, and are described as "free". Some things are promotional, and really free. Some things are subscriptions with a free initial period, and are described as "free". In virtually every case where I've run into the third category you actually need to use the service before you're really signed up... even the infamous AOL CDs.
If someone hasn't run into the third category yet, then it's not at all reasonable for them to miss this. Especially when there are plenty of cases where online content really IS in the first two categories... even when you get it from a store like the music card I got from Starbucks the other day (yes, I checked, there's no strings attached). There's even free online services that sound just like the service they're apparently offering.
I can easily envisage a scenario where Linux is driven out of America by a patent troll for instance.
You think they're gonna send them furrin operating systems back to where they came from?
The Yao paper doesn't actually appear to include any counterexamples in favor of strong patents, nor does it seem to address the social good of strong patents.
* The closest thing to a counterexample is the case of the blue LED, and I am not clear on how it applies to patents at all. How would a strong patent system similar to the current system in the US protect an employee under a strong work-for-hire contract?
* The arguments in the paper are very focussed on the potential value of the patent to the patent holder. The assumption that making patents valuable to the patent holder provides a social good doesn't seem strongly (if at all) examined.
In fact, the conclusions in the paper include "Our analysis suggests that very weak property rights does not, by itself, mean that innovation incentives are fully undermined. Thus, attempts to adjust the property right system based on the idea that weak property rights implies little incentive for innovation would underestimate actual innovation incentives and might lead to policies that provide excessive incentives to innovate." which is not at all an argument in favor of strong patents, even if it does encapsulate the assumption that the value of patents actually provides a net incentive to innovation (which is, of course, the assumption challenged in the Maskin paper mentioned in the original article).
If this is considered a "pro patent" study, then the case for the current strong patent regime is even weaker than I had thought.
OK, but making 3rd party software Vista-compatible doesn't mean you'll need to upgrade to Vista to use it, so upgrading from Vista to XP now isn't going to lock you out of this stuff.
As for OpenGL vs DirectX, I'm hoping the raytracing acceleration going into the next generation of video cards (according to email I got from Philipp Slusallek at Saarland University) means we'll get OpenRT and can leave traditional rasterizing behind. If a university can get 7 million rays per second (25 FPS in a quake3 benchmark) out of a 66 MHZ FPGA with 6 million gates, what do you think ATI or nVidia could do with a 400 MHz GPU with over 600 million (680M transistors in the nVidia 8800, no figures on how many gates per transistor)?
The 'ultimate edition' bit is Jobs jab at Microsoft's Heinz-57-varieties-of-Vista. $129.00 is how much Apple always charges for OS X.