I suppose I should follow up, as someone will inevitably respond saying "But Mac OS X Server *is* Mac OS X, just with the extra server pieces!@!@"
Yes, I'm aware of that, thanks. It's also NOT "Mac OS X'. Further, it's still a ridiculous argument, because even Mac OS X Server 10.4.7 (Universal) (10-client) is $499 ($249 edu/govt), or needs be be obtained via Apple Developer Programs at a cost of at least $500/year.
And regardless, Apple Developer Programs are NOT a solution for anywhere near a "large number of cases". They're suitable for people who are already paying $500 or $3000 a year to be a part of them, and the operating systems offer via the programs are to be used only for development and testing, not permanent use on a hacked Apple TV.
But all that aside, this is just another version of the sophistry used in the "Mac OS X on non-Macs" argument.
The point is that, even now, in order to use Mac OS X 10.4.x (Intel) on an Apple TV, it still MUST be pirated. The only argument that is REMOTELY applicable is the case of potentially re-using an unused license from another Intel-based Mac that is no longer running Mac OS X.
So yes, basically everyone who has done this hack has pirated Mac OS X, either in spirit (e.g., using it under a Mac OS X 10.4.x (PowerPC) license or family pack license and thinking that it's therefore "okay"), or in fact (just outright pirating it).
The only legal scenario I can see on the horizon (other than Mac OS X Server 10.4.x (Universal)) is buying a standalone retail copy of Leopard. You've bought it, and it appears to not violate the EULA, which states that it must be run on an "Apple-labeled computer". But even then there is still the consideration of whether Apple would consider Apple TV a "computer"...and push may come to shove if someone like TechRestore (which is already selling Apple TVs with upgraded hard drives and their own 1-year warranty, since Apple's is void at that point) starts selling Apple TVs preinstalled with Leopard alongside a Leopard license.
Let me point out that *I don't care* what kind of arguments can be made for or against this, legal or otherwise. The point is that if Apple decides the behavior is not allowable under the EULA, etc., the activity WILL be relegated to the hobbyist/experimenter/hacker crowd, and will NEVER be a mainstream solution.
I'd imagine all of the people who want to do this, and are pirating Mac OS X anyway, are fine with this.
Your correction wasn't correct then, and isn't now:
There is not at present, and never has been, a standalone, installable version of Mac OS X 10.4.x (Intel) available via Apple Developer Programs.
The only version that is available is Mac OS X Server 10.4.x (Universal), but that is Mac OS X Server, not Mac OS X.
So the statements to this effect I have made in my post are correct:
There is no legal way to get Mac OS X 10.4.x (Intel) separately. It only ships with CPUs.
Further, even if Mac OS X 10.4.x (Intel) were available via the Apple Developer Programs, the cost would be a minimum of $500/year for a Select membership, or $3000/year for a Premier membership (the only kinds that come with software seed keys, required for access to operating systems).
Mac OS X 10.5.x (Leopard), which will be Universal, will, of course, be available via Apple Developer Programs. But it will also be available for $129 ($69 edu/govt), so the Developer Programs argument doesn't make sense in the vast, vast majority of those potential cases, either.
From three previous comments of mine, that address pretty much all the issues here:
-----
People have jumped through a lot of hoops to attempt to justify to themselves running the hacked Mac OS X on non-Apple systems, coming up with ridiculous sophistries like "What if I have an Intel iMac, but want to only run Linux on it, and then want to use that same OS X license on my Gateway laptop???"...
AppleTV is an interesting case, because it is an "Apple-labeled" product, which is what the Mac OS X license agreement stipulates. And that's the key.
The license agreement specifies that Mac OS X can only be run on an Apple-labeled computer. And that is Apple's right. Now, you can ignore it, or ignore legal frameworks that may (or may not) enforce license agreements within certain countries/jurisdictions, and so on, but that's why running Mac OS X on non-Apple hardware is "illegal". There are NO prohibitions to doing things like hacking the kernel, etc. It's open source, and you can do with it what you wish regardless.
But there are still some interesting considerations:
- There is no way to legally get a standalone, retail copy of Mac OS X (Intel) for AppleTV, unless you make arguments about transferring an abandoned license from another Intel-based Mac. (And no, there is no conventional Mac OS X license that comes with AppleTV, either explicitly or implicitly.)
- Technically, you could purchase and run Mac OS X Server 10.4.x (Universal) and legally run it on AppleTV - there would be no prohibitions to this.
- Mac OS X 10.5.x (Leopard) will be the first version of Mac OS X to have a legally purchasable standalone retail Intel version (actually, Leopard will be Universal).
But there are some other things to think about:
- Even when Leopard ships, at retail pricing, it's still $299 + $129 for AppleTV + Mac OS X. It's $171 more for a much more capable Mac mini. However, $171 may be enough to get people to consider this.
- This will really be interesting if Leopard can run unmodified on AppleTV (i.e., without a hacked kernel).
- This will still be relegated to the hobbyist/experimenter/hacker crowd, as you need to disassemble AppleTV in order to do this, image drives, have another Mac handy, and so on, not to mention that the warranty is likely void while OS X is installed on the machine (which of course is reversible, etc.)
So while this is all very interesting, please consider the fact that there are no legal ways to get Mac OS X for it currently.
This post is obviously not for people who think EULAs are BS, or that since it's an Apple product "it's okay", or that since it has some stripped down OS X on it already, "it's okay" to also install OS X from their friend's iMac, etc.
I'm simply raising the legitimate concerns surrounding licensing on AppleTV, some of which get interesting with Leopard since it is, indeed, and Apple-labeled computer, and Leopard will be available standalone.
There are also no prohibitions on using a modified kernel, but one very interesting question might be, does Apple consider AppleTV a "computer", since that is what the Mac OS X license agreement explicitly states?
-----
The point is that right now, there is NO way to buy Mac OS X (Intel) separately at all, license agreement or not.
If people want to make ridiculous arguments like "what if I just dropped four grand on a Mac Pro, but now suddenly only want to run Windows Vista on it, but I still want to use the OS X license on my Sony Vaio," more power to them. They can make their own moral/ethical determinations. If they want to ask if it's "legal", the answer in many jurisdictions is still, "probably not", because of what the EULA says.
The other consideration is that Apple is a hardware company and prices Mac OS X accordingly. They're also the ones who put hundreds of thousands of manhours and billions of dollars, collectively, into R
Unfortunately, you can't buy a copy of Mac OS X (Intel) anywhere. Mac OS X (PowerPC) is a different product. Even in the UK.
And all of these "hacked" instances of Mac OS X 10.4.x running on non-Apple hardware are using a hacked kernel from Mac OS X 10.4.3 (!) from the development systems that shipped with BIOS - nearly all of the work was done for them.
Once Leopard ships, it will require a *significant* amount of work would be required to get Leopard running on non-Apple hardware, much less hardware with BIOS (including VMs). Even if someone does get Leopard running on non-Apple hardware, it will very likely require particular brands of motherboards, etc...meaning people have to go out and buy something anyway.
None of the hacks from 10.4.x, especially the critical kernel, will be able to be reused on 10.5.x. Even now, no one has successfully used a newer 10.4.x kernel on non-Apple hardware - it's all still the old 10.4.3 development kernel that was never released that supported BIOS. Ugly, ugly hack.
So no...there's no legal way for you to get Mac OS X for Intel, even in the UK. Unless you use sophistry to build ridiculous arguments about reusing the license from the Intel iMac that you "no longer want to run Mac OS X on" anymore, etc.
Oh, and don't get me wrong...I appreciate the compliment within your post.
But various IT components (in fact, many components) of the University don't have specific start and end times for work hours, as some clerical and administrative positions may.
You are expected to do your work, be available in the office and for meetings and other duties as dictated by your job, fulfill your job responsibilities, report your hours accurately, and so on. But that doesn't mean non-work-related or quasi-work-related activities can't occur intermittently within what are normally considered to be business hours any more than it means that University work isn't routinely done outside of such hours (as it indeed is).
I suppose your issue is with the ruling of the 9th Circuit Court of Appeals then, not myself, since it indicated numerous times that part of the reasoning for being exempted from Fourth Amendment requirements under the special needs doctrine was that the University official was not acting as an agent of law enforcement or for law enforcement purposes.
Nope, because all of that logic is fallacious, and further, wouldn't be held as allowable and appropriate responses to the situations you describe by a court.
This, however, was.
Your beef isn't with me. It's with the 9th Circuit Court of Appeals, which routinely upholds personal rights and privacy, and often sides against government interest. And yet, it still found this action appropriate.
Extremely poor use of car analogies, by the way.;-(
The ruling already spoke to this. (Has anyone read it?)
Just as requiring a warrant to investigate potential student drug use would disrupt operation of a high school, see T.L.O., 469 U.S. at 352- 53 (Blackmun, J., concurring in the judgment), requiring a warrant to investigate potential misuse of the university's computer network would disrupt the operation of the university and the network that it relies upon in order to function.
[...]
The district court was entirely correct in holding that the special needs exception applied.
[...]
Once a court determines that the special needs doctrine applies to a search, it must "assess the constitutionality of the search by balancing the need to search against the intrusiveness of the search." Henderson, 305 F.3d at 1059 (citing Ferguson, 532 U.S. at 78). The factors considered are the subject of the search's privacy interest, the government's interests in performing the search, and the scope of the intrusion. See id. at 1059-60.
[...] although Heckenkamp had a subjectively real and objectively reasonable expectation of privacy in his computer, the university's interest in maintaining the security of its network provided a compelling government interest in determining the source of the unauthorized intrusion into sensitive files. The remote search of the computer was remarkably limited given the circumstances. Savoy did not view, delete, or modify any of the actual files on the computer; he was only logged into the computer for 15 minutes; and he sought only to verify that the same computer that had been connected at the 117 IP address was now connected at the 120 IP address. Here, as in Henderson, "the government interest served[ ] and the relative unobtrusiveness of the search" lead to a conclusion that the remote search was not unconstitutional. Id. at 1061. The district court did not err in denying the motion to suppress the evidence obtained through the remote search of the computer.
[...]
The district court also did not err in denying the motion to suppress evidence obtained during the searches of Heckenkamp's room. Assuming, without deciding, that Savoy and the university police violated Heckenkamp's Fourth Amendment rights when they entered his dormitory room for nonlaw- enforcement purposes, the evidence obtained through the search was nonetheless admissible under the independent source exception to the exclusionary rule.
Under the independent source exception, " 'information which is received through an illegal source is considered to be cleanly obtained when it arrives through an independent source.' " Murray v. United States, 487 U.S. 533, 538-39, (1988) (quoting United States v. Silvestri, 787 F.2d 736, 739 (1st Cir. 1986)). Therefore, we have held that " '[t]he mere inclusion of tainted evidence in an affidavit does not, by itself, taint the warrant or the evidence seized pursuant to the warrant.' " United States v. Reed, 15 F.3d 928, 933 (9th Cir. 1994) (quoting United States v. Vasey, 834 F.2d 782, 788 (9th Cir. 1987)). In order to determine whether evidence obtained through a tainted warrant is admissible, "[a] reviewing court should excise the tainted evidence and determine whether the remaining untainted evidence would provide a neutral magistrate with probable cause to issue a warrant." Id. (quoting Vasey, 834 F.2d at 788).
Here, even without the evidence gathered through the allegedly improper search, there is sufficient information in the affidavit to establish probable cause. The affidavit recited evidence that the server intrusion had been tracked "to a campus dormitory room computer belonging to Jerome T. Heckenkamp"; that "[t]he computer is in Room 107, Noyes House, Adams Hall on the University of Wisconsin-Madison"; and that "Heckenkamp previously had a disciplinary action in the past for unauthorized computer access to a University of Wisconsin system." This
The issue is that this ruling doesn't speak to the legality of the action itself; only that the action was legal insofar as it applied to the case at hand. This, of course, means that a court would likely consider the action allowable and appropriate on its own, as well, but that's why this doesn't speak to anything else other than this specific act. In other words, this doesn't really set a precedent for such activity to begin taking place wholesale, or to target systems off campus, etc. This just happened to be a fairly unique situation, and the fact that the attack originated from a University network on University property made it unique.
Was it a reflexive response to a presumption (potentially a good one) that Slashdotters would jump to the predictable and wrong-headed conclusion that Heckencamp's rights were violated or was it something else?
No, that was pretty much it.;-)
But in seriousness, this ruling does determine that Heckencamps "rights" (in this case, the right to privacy, such as it is) was "violated", but that, on balance, the University action was still appropriate considering the circumstances. Under lesser circumstances, it may not have been considered appropriate, and may have even been in itself "illegal". But that's why we have doctrines for things like self-defense and other exigent circumstances: sometimes, society (in the form of courts, laws, and legal processes) can collectively consider an act allowable that would otherwise be illegal or questionable.
If you are a system administrator responsible for securing a network that serves 65000 people on a public research campus with a $2.1 billion annual budget, and you take actions to defend it from active a malicious attack that originating from the facility's own property and network by a person who is affiliated with your facility in violation of numerous policies of said facility, and this were nearly a decade ago and other suitable avenues for denying the attacker access weren't immediately available, then your emergency actions, too, may be considered appropriate by a court.
I think part of the issue is one that you mention: the fact that it is our own house.
Students and everyone else using University network and computing resources agree to abide by the University's policies on appropriate use of these resources.
While one might argue that if the RIAA believes its interests critically need to be protected, why wouldn't they be able to use the same tactics? But the RIAA has no standing with the University or its students in that manner. They have a general legal standing to protect the content under their purview, and can apply ordinary legal means to protect that content. I also highly doubt that special needs exemptions to the Fourth Amendment would apply to the RIAA in such an argument.
But in the case of the University, students, staff, and faculty have a direct relationship with the University, and there is a mutual understanding on appropriate usage of University resources. There is a level of expectation that persons and devices on the network will comply with these guidelines. And in an emergency situation such as this, it really came down to all resources being brought to bear to secure critical infrastructure under active attack.
This is also a unique situation because the attack originates from a University building on University property by a University-affiliated person. This would be different if it were, as you say, someone on Mifflin Street in a private residence on a cable modem connection (University-affiliated or not), or someone coming in from Duke University, etc.
Today we have tools that would have allowed for much easier blocking and mitigation, instead of a cat-and-mouse game of someone continually (and foolishly) regaining network access to continue known-malicious activities. But at this point, and in a rapidly evolving situation, it wouldn't have been practical or possible to immediately disable this person's network access. The immediacy and potential impact of the situation demanded that reasonable steps be taken to protect University assets and services.
While the 9th Circuit ruling only speaks to the conviction and the admissibility of evidence in that case, it does fairly clearly decide that while Heckencamp did indeed have an expectation of privacy, the special needs outweighed Heckencamp's right or expectation to privacy. It's likely that a court viewing that event alone would also reach the same conclusion that the 9th Circuit and the original ruling court did. Namely, that the steps taken by the University to protect itself - including taking direct action to verify and mitigate the immediate actions of the attacking host - were appropriate, on balance.
This isn't at all a blank check for "vigilantism" by administrators, nor did I say it was; rather, it is recognition of the fact that exigent circumstances, that are clearly identifiable as such, may sometimes call for an unorthodox response, and that such a response can be legal when taken from a protective posture with a broad scope. And by that definition and in the context of such recognition by the 9th Circuit, this wasn't really "vigilantism" at all.
This was. And the 9th Circuit agrees. It probably wouldn't have agreed that murder was an appropriate response, whereas this intrusion for protective purposes was, on balance.
This was 7 years ago, and all network resources (access, authentication, topology), among many other things, were not centrally managed.
There were a limited amount of things that could be done centrally. One of them was blackholing IPs. Physically disabling the port was also not possible in a timely manner.
After a 5-year, $50 million network upgrade, a lot of these things people are suggesting from their armchairs are now possible. But they weren't then. This was an IMMEDIATE situation that required emergency action.
This isn't as easy as it seems on a decentralized campus with 18000 staff, 45000 students, and 850 buildings, with the dorms run by a complete distinct university department (including, at the time and still today to an extent, the network), and so on.
I think we essentially agree on the basic points here.
I understand that this ruling is only speaking to the conviction that is unrelated to the University efforts with regard to ensuring this computer remained off the network.
However, since special needs only applies to the explicit and direct action the University took, while this ruling is speaking specifically to the appeal of the conviction, it is still reasonable to believe that the action itself would be viewed legal upon consideration of that action alone. In other words, if that action is legal and allowable under special needs in this context, it's intrinsically legal and allowable on its own for the purpose it was intended to serve, namely, the protection of the University network and computing resources. At least, that is, in the view of the 9th Circuit - and I understand the 9th Circuit has no standing to comment on that issue alone, but I trust you see that this as a reasonable conclusion.
I do agree with your other observations, but I'm not even sure that any prosecutorial entity could be persuaded to bring changes, especially in the light of the 9th Circuit ruling, even if it is tangential.
I don't get that from the ruling. While speaking to the admissibility of evidence in the criminal proceedings, the underlying act itself was specifically exempted under special needs. This puts it on solid legal ground as far as the 9th Circuit and the original ruling court are concerned.
He did have an expectation of privacy, and the court held that.
It also held that the emergency search fell under the doctrine of the "special needs" exemption to the Fourth Amendment.
These two principles were balanced, and special needs won out.
I really wish people would read the ruling, as it speaks in great detail about the principles of privacy, expectations thereof, why the search was acceptable in these circumstances, and so on.
Except that two courts, including the 9th Circuit Court of Appeals, which has a very strong track record on upholding individual rights when warranted and ruling against the interests of the government, already clearly decided that no search warrant was required, and that the "special needs" exemption applied to the situation, and thus no warrant was required.
Cutting off his network access wouldn't have been able to happen immediately. The central IT organization does not operate or have physical access to the Housing network. The only option, at the time this occurred, was blackholing the IP and ensuring insofar as was possible that the same computer not reappear on the network and continue malicious activities.
Today, after a 5-year, $50 million network upgrade, there are numerous options for blocking MACs, remotely disabling network ports, and so on. None of these options were available at that time. So in an emergency situation, everything was done to ensure that intrusions into critical systems and infrastructure, possibly broader than were even known at that time, would be stopped as soon as possible, which included actively ensuring that the same computer not reappear on the network. At that time, there wouldn't have even been an easy way to see the MAC on the Housing network, so verifying that it was indeed the same computer and then taking mitigating steps was the best immediate emergency option.
Also, at the time that this incident occurred, there wasn't an integrated capability to block MACs on the Housing network by the central IT organization, for various reasons. The most immediately available option was blackholing the IP, which was done, at which point the user simply manually assigned himself an unused IP on the DHCP network and continued malicious activity. The central IT organization does not operate the Housing network, and also didn't have immediate capability to physically disable ports in dorm rooms.
Today, we have all of those capabilities. Then, the only option for dealing with a very critical situation was taking all steps to actively ensure and verify that this computer did not come back on the network during the evolving emergency situation occurring over a very short period of time.
Its track record is clear, exactly as stated, and no matter how "liberal" it is or isn't, the 9th Circuit has a consistent record of always erring on the side of individual rights, liberties, and freedoms, and against the interests of the government, sometimes to ridiculous degrees.
And since there's an entire huge section in Wikipedia and over 1 million hits on google for "9th circuit liberal", regardless of "how much" it's true, there is no denying that, among all appeals circuits, the 9th is the "most" liberal.
But in this case, it's so clear cut that the University acted properly, it wasn't difficult for the court to rule on the side of the University's actions.
The point is, the court most likely to overturn the conviction didn't. And therefore, it's reasonable to believe this is how it will remain.
You missed one critical point. The exigent circumstances allowed the University to take legally take necessary actions to protect its computing and network resources and infrastructure, and the court upheld this.
The University was clearly correct in taking steps to ensure that the network access of the offending computer, in violation of numerous University policies and actively putting critical systems and services in jeopardy to unknown scope, was terminated and remained terminated in an emergent situation.
It's that simple. And even the 9th Circuit agrees with the University's actions.
The reason the 9th Circuit gets overturned is because it's a very liberal court that is often seen as out of step with prevailing views.
It also is very protective of personal and individual rights, liberty, and privacy, and does not err on the side of law enforcement or the state. It is probably statistically the most likely court to rule against the interests of the government and for the interests of the individual.
Slashdot Mirror
I suppose I should follow up, as someone will inevitably respond saying "But Mac OS X Server *is* Mac OS X, just with the extra server pieces!@!@"
Yes, I'm aware of that, thanks. It's also NOT "Mac OS X'. Further, it's still a ridiculous argument, because even Mac OS X Server 10.4.7 (Universal) (10-client) is $499 ($249 edu/govt), or needs be be obtained via Apple Developer Programs at a cost of at least $500/year.
And regardless, Apple Developer Programs are NOT a solution for anywhere near a "large number of cases". They're suitable for people who are already paying $500 or $3000 a year to be a part of them, and the operating systems offer via the programs are to be used only for development and testing, not permanent use on a hacked Apple TV.
But all that aside, this is just another version of the sophistry used in the "Mac OS X on non-Macs" argument.
The point is that, even now, in order to use Mac OS X 10.4.x (Intel) on an Apple TV, it still MUST be pirated. The only argument that is REMOTELY applicable is the case of potentially re-using an unused license from another Intel-based Mac that is no longer running Mac OS X.
So yes, basically everyone who has done this hack has pirated Mac OS X, either in spirit (e.g., using it under a Mac OS X 10.4.x (PowerPC) license or family pack license and thinking that it's therefore "okay"), or in fact (just outright pirating it).
The only legal scenario I can see on the horizon (other than Mac OS X Server 10.4.x (Universal)) is buying a standalone retail copy of Leopard. You've bought it, and it appears to not violate the EULA, which states that it must be run on an "Apple-labeled computer". But even then there is still the consideration of whether Apple would consider Apple TV a "computer"...and push may come to shove if someone like TechRestore (which is already selling Apple TVs with upgraded hard drives and their own 1-year warranty, since Apple's is void at that point) starts selling Apple TVs preinstalled with Leopard alongside a Leopard license.
Let me point out that *I don't care* what kind of arguments can be made for or against this, legal or otherwise. The point is that if Apple decides the behavior is not allowable under the EULA, etc., the activity WILL be relegated to the hobbyist/experimenter/hacker crowd, and will NEVER be a mainstream solution.
I'd imagine all of the people who want to do this, and are pirating Mac OS X anyway, are fine with this.
Your correction wasn't correct then, and isn't now:
There is not at present, and never has been, a standalone, installable version of Mac OS X 10.4.x (Intel) available via Apple Developer Programs.
The only version that is available is Mac OS X Server 10.4.x (Universal), but that is Mac OS X Server, not Mac OS X.
So the statements to this effect I have made in my post are correct:
There is no legal way to get Mac OS X 10.4.x (Intel) separately. It only ships with CPUs.
Further, even if Mac OS X 10.4.x (Intel) were available via the Apple Developer Programs, the cost would be a minimum of $500/year for a Select membership, or $3000/year for a Premier membership (the only kinds that come with software seed keys, required for access to operating systems).
Mac OS X 10.5.x (Leopard), which will be Universal, will, of course, be available via Apple Developer Programs. But it will also be available for $129 ($69 edu/govt), so the Developer Programs argument doesn't make sense in the vast, vast majority of those potential cases, either.
From three previous comments of mine, that address pretty much all the issues here:
...
-----
People have jumped through a lot of hoops to attempt to justify to themselves running the hacked Mac OS X on non-Apple systems, coming up with ridiculous sophistries like "What if I have an Intel iMac, but want to only run Linux on it, and then want to use that same OS X license on my Gateway laptop???"
AppleTV is an interesting case, because it is an "Apple-labeled" product, which is what the Mac OS X license agreement stipulates. And that's the key.
The license agreement specifies that Mac OS X can only be run on an Apple-labeled computer. And that is Apple's right. Now, you can ignore it, or ignore legal frameworks that may (or may not) enforce license agreements within certain countries/jurisdictions, and so on, but that's why running Mac OS X on non-Apple hardware is "illegal". There are NO prohibitions to doing things like hacking the kernel, etc. It's open source, and you can do with it what you wish regardless.
But there are still some interesting considerations:
- There is no way to legally get a standalone, retail copy of Mac OS X (Intel) for AppleTV, unless you make arguments about transferring an abandoned license from another Intel-based Mac. (And no, there is no conventional Mac OS X license that comes with AppleTV, either explicitly or implicitly.)
- Technically, you could purchase and run Mac OS X Server 10.4.x (Universal) and legally run it on AppleTV - there would be no prohibitions to this.
- Mac OS X 10.5.x (Leopard) will be the first version of Mac OS X to have a legally purchasable standalone retail Intel version (actually, Leopard will be Universal).
But there are some other things to think about:
- Even when Leopard ships, at retail pricing, it's still $299 + $129 for AppleTV + Mac OS X. It's $171 more for a much more capable Mac mini. However, $171 may be enough to get people to consider this.
- This will really be interesting if Leopard can run unmodified on AppleTV (i.e., without a hacked kernel).
- This will still be relegated to the hobbyist/experimenter/hacker crowd, as you need to disassemble AppleTV in order to do this, image drives, have another Mac handy, and so on, not to mention that the warranty is likely void while OS X is installed on the machine (which of course is reversible, etc.)
So while this is all very interesting, please consider the fact that there are no legal ways to get Mac OS X for it currently.
This post is obviously not for people who think EULAs are BS, or that since it's an Apple product "it's okay", or that since it has some stripped down OS X on it already, "it's okay" to also install OS X from their friend's iMac, etc.
I'm simply raising the legitimate concerns surrounding licensing on AppleTV, some of which get interesting with Leopard since it is, indeed, and Apple-labeled computer, and Leopard will be available standalone.
There are also no prohibitions on using a modified kernel, but one very interesting question might be, does Apple consider AppleTV a "computer", since that is what the Mac OS X license agreement explicitly states?
-----
The point is that right now, there is NO way to buy Mac OS X (Intel) separately at all, license agreement or not.
If people want to make ridiculous arguments like "what if I just dropped four grand on a Mac Pro, but now suddenly only want to run Windows Vista on it, but I still want to use the OS X license on my Sony Vaio," more power to them. They can make their own moral/ethical determinations. If they want to ask if it's "legal", the answer in many jurisdictions is still, "probably not", because of what the EULA says.
The other consideration is that Apple is a hardware company and prices Mac OS X accordingly. They're also the ones who put hundreds of thousands of manhours and billions of dollars, collectively, into R
Unfortunately, you can't buy a copy of Mac OS X (Intel) anywhere. Mac OS X (PowerPC) is a different product. Even in the UK.
And all of these "hacked" instances of Mac OS X 10.4.x running on non-Apple hardware are using a hacked kernel from Mac OS X 10.4.3 (!) from the development systems that shipped with BIOS - nearly all of the work was done for them.
Once Leopard ships, it will require a *significant* amount of work would be required to get Leopard running on non-Apple hardware, much less hardware with BIOS (including VMs). Even if someone does get Leopard running on non-Apple hardware, it will very likely require particular brands of motherboards, etc...meaning people have to go out and buy something anyway.
None of the hacks from 10.4.x, especially the critical kernel, will be able to be reused on 10.5.x. Even now, no one has successfully used a newer 10.4.x kernel on non-Apple hardware - it's all still the old 10.4.3 development kernel that was never released that supported BIOS. Ugly, ugly hack.
So no...there's no legal way for you to get Mac OS X for Intel, even in the UK. Unless you use sophistry to build ridiculous arguments about reusing the license from the Intel iMac that you "no longer want to run Mac OS X on" anymore, etc.
Oh, and don't get me wrong...I appreciate the compliment within your post.
But various IT components (in fact, many components) of the University don't have specific start and end times for work hours, as some clerical and administrative positions may.
You are expected to do your work, be available in the office and for meetings and other duties as dictated by your job, fulfill your job responsibilities, report your hours accurately, and so on. But that doesn't mean non-work-related or quasi-work-related activities can't occur intermittently within what are normally considered to be business hours any more than it means that University work isn't routinely done outside of such hours (as it indeed is).
I suppose your issue is with the ruling of the 9th Circuit Court of Appeals then, not myself, since it indicated numerous times that part of the reasoning for being exempted from Fourth Amendment requirements under the special needs doctrine was that the University official was not acting as an agent of law enforcement or for law enforcement purposes.
So?
;-)
I'm also not at work from 9:00:00AM to 5:00:00PM every day, either.
Yet, somehow I manage to work more than 40 hours a week.
You'd be surprised at how quickly I can craft and fire off responses. And I doubt that, collectively, these added up to half of my lunch hour. ;-)
This is pretty much the only article I've paid any attention to...
Nope, because all of that logic is fallacious, and further, wouldn't be held as allowable and appropriate responses to the situations you describe by a court.
;-(
This, however, was.
Your beef isn't with me. It's with the 9th Circuit Court of Appeals, which routinely upholds personal rights and privacy, and often sides against government interest. And yet, it still found this action appropriate.
Extremely poor use of car analogies, by the way.
The ruling already spoke to this. (Has anyone read it?)
Just as requiring a warrant to investigate potential student drug use would disrupt operation of a high school, see T.L.O., 469 U.S. at 352- 53 (Blackmun, J., concurring in the judgment), requiring a warrant to investigate potential misuse of the university's computer network would disrupt the operation of the university and the network that it relies upon in order to function.
[...]
The district court was entirely correct in holding that the special needs exception applied.
[...]
Once a court determines that the special needs doctrine applies to a search, it must "assess the constitutionality of the search by balancing the need to search against the intrusiveness of the search." Henderson, 305 F.3d at 1059 (citing Ferguson, 532 U.S. at 78). The factors considered are the subject of the search's privacy interest, the government's interests in performing the search, and the scope of the intrusion. See id. at 1059-60.
[...] although Heckenkamp had a subjectively real and objectively reasonable expectation of privacy in his computer, the university's interest in maintaining the security of its network provided a compelling government interest in determining the source of the unauthorized intrusion into sensitive files. The remote search of the computer was remarkably limited given the circumstances. Savoy did not view, delete, or modify any of the actual files on the computer; he was only logged into the computer for 15 minutes; and he sought only to verify that the same computer that had been connected at the 117 IP address was now connected at the 120 IP address. Here, as in Henderson, "the government interest served[ ] and the relative unobtrusiveness of the search" lead to a conclusion that the remote search was not unconstitutional. Id. at 1061. The district court did not err in denying the motion to suppress the evidence obtained through the remote search of the computer.
[...]
The district court also did not err in denying the motion to suppress evidence obtained during the searches of Heckenkamp's room. Assuming, without deciding, that Savoy and the university police violated Heckenkamp's Fourth Amendment rights when they entered his dormitory room for nonlaw- enforcement purposes, the evidence obtained through the search was nonetheless admissible under the independent source exception to the exclusionary rule.
Under the independent source exception, " 'information which is received through an illegal source is considered to be cleanly obtained when it arrives through an independent source.' " Murray v. United States, 487 U.S. 533, 538-39, (1988) (quoting United States v. Silvestri, 787 F.2d 736, 739 (1st Cir. 1986)). Therefore, we have held that " '[t]he mere inclusion of tainted evidence in an affidavit does not, by itself, taint the warrant or the evidence seized pursuant to the warrant.' " United States v. Reed, 15 F.3d 928, 933 (9th Cir. 1994) (quoting United States v. Vasey, 834 F.2d 782, 788 (9th Cir. 1987)). In order to determine whether evidence obtained through a tainted warrant is admissible, "[a] reviewing court should excise the tainted evidence and determine whether the remaining untainted evidence would provide a neutral magistrate with probable cause to issue a warrant." Id. (quoting Vasey, 834 F.2d at 788).
Here, even without the evidence gathered through the allegedly improper search, there is sufficient information in the affidavit to establish probable cause. The affidavit recited evidence that the server intrusion had been tracked "to a campus dormitory room computer belonging to Jerome T. Heckenkamp"; that "[t]he computer is in Room 107, Noyes House, Adams Hall on the University of Wisconsin-Madison"; and that "Heckenkamp previously had a disciplinary action in the past for unauthorized computer access to a University of Wisconsin system." This
The issue is that this ruling doesn't speak to the legality of the action itself; only that the action was legal insofar as it applied to the case at hand. This, of course, means that a court would likely consider the action allowable and appropriate on its own, as well, but that's why this doesn't speak to anything else other than this specific act. In other words, this doesn't really set a precedent for such activity to begin taking place wholesale, or to target systems off campus, etc. This just happened to be a fairly unique situation, and the fact that the attack originated from a University network on University property made it unique.
;-)
Was it a reflexive response to a presumption (potentially a good one) that Slashdotters would jump to the predictable and wrong-headed conclusion that Heckencamp's rights were violated or was it something else?
No, that was pretty much it.
But in seriousness, this ruling does determine that Heckencamps "rights" (in this case, the right to privacy, such as it is) was "violated", but that, on balance, the University action was still appropriate considering the circumstances. Under lesser circumstances, it may not have been considered appropriate, and may have even been in itself "illegal". But that's why we have doctrines for things like self-defense and other exigent circumstances: sometimes, society (in the form of courts, laws, and legal processes) can collectively consider an act allowable that would otherwise be illegal or questionable.
Such is the case here.
If you are a system administrator responsible for securing a network that serves 65000 people on a public research campus with a $2.1 billion annual budget, and you take actions to defend it from active a malicious attack that originating from the facility's own property and network by a person who is affiliated with your facility in violation of numerous policies of said facility, and this were nearly a decade ago and other suitable avenues for denying the attacker access weren't immediately available, then your emergency actions, too, may be considered appropriate by a court.
Does that help to answer your question?
Too right.
I should have said (and, believe it or not, actually intended to say) "some slashdotters", not "slashdotters".
I think part of the issue is one that you mention: the fact that it is our own house.
Students and everyone else using University network and computing resources agree to abide by the University's policies on appropriate use of these resources.
While one might argue that if the RIAA believes its interests critically need to be protected, why wouldn't they be able to use the same tactics? But the RIAA has no standing with the University or its students in that manner. They have a general legal standing to protect the content under their purview, and can apply ordinary legal means to protect that content. I also highly doubt that special needs exemptions to the Fourth Amendment would apply to the RIAA in such an argument.
But in the case of the University, students, staff, and faculty have a direct relationship with the University, and there is a mutual understanding on appropriate usage of University resources. There is a level of expectation that persons and devices on the network will comply with these guidelines. And in an emergency situation such as this, it really came down to all resources being brought to bear to secure critical infrastructure under active attack.
This is also a unique situation because the attack originates from a University building on University property by a University-affiliated person. This would be different if it were, as you say, someone on Mifflin Street in a private residence on a cable modem connection (University-affiliated or not), or someone coming in from Duke University, etc.
Today we have tools that would have allowed for much easier blocking and mitigation, instead of a cat-and-mouse game of someone continually (and foolishly) regaining network access to continue known-malicious activities. But at this point, and in a rapidly evolving situation, it wouldn't have been practical or possible to immediately disable this person's network access. The immediacy and potential impact of the situation demanded that reasonable steps be taken to protect University assets and services.
While the 9th Circuit ruling only speaks to the conviction and the admissibility of evidence in that case, it does fairly clearly decide that while Heckencamp did indeed have an expectation of privacy, the special needs outweighed Heckencamp's right or expectation to privacy. It's likely that a court viewing that event alone would also reach the same conclusion that the 9th Circuit and the original ruling court did. Namely, that the steps taken by the University to protect itself - including taking direct action to verify and mitigate the immediate actions of the attacking host - were appropriate, on balance.
This isn't at all a blank check for "vigilantism" by administrators, nor did I say it was; rather, it is recognition of the fact that exigent circumstances, that are clearly identifiable as such, may sometimes call for an unorthodox response, and that such a response can be legal when taken from a protective posture with a broad scope. And by that definition and in the context of such recognition by the 9th Circuit, this wasn't really "vigilantism" at all.
Because that would not have been appropriate.
This was. And the 9th Circuit agrees. It probably wouldn't have agreed that murder was an appropriate response, whereas this intrusion for protective purposes was, on balance.
Read the ruling. It's pretty informative.
This was 7 years ago, and all network resources (access, authentication, topology), among many other things, were not centrally managed.
There were a limited amount of things that could be done centrally. One of them was blackholing IPs. Physically disabling the port was also not possible in a timely manner.
After a 5-year, $50 million network upgrade, a lot of these things people are suggesting from their armchairs are now possible. But they weren't then. This was an IMMEDIATE situation that required emergency action.
This isn't as easy as it seems on a decentralized campus with 18000 staff, 45000 students, and 850 buildings, with the dorms run by a complete distinct university department (including, at the time and still today to an extent, the network), and so on.
I think we essentially agree on the basic points here.
I understand that this ruling is only speaking to the conviction that is unrelated to the University efforts with regard to ensuring this computer remained off the network.
However, since special needs only applies to the explicit and direct action the University took, while this ruling is speaking specifically to the appeal of the conviction, it is still reasonable to believe that the action itself would be viewed legal upon consideration of that action alone. In other words, if that action is legal and allowable under special needs in this context, it's intrinsically legal and allowable on its own for the purpose it was intended to serve, namely, the protection of the University network and computing resources. At least, that is, in the view of the 9th Circuit - and I understand the 9th Circuit has no standing to comment on that issue alone, but I trust you see that this as a reasonable conclusion.
I do agree with your other observations, but I'm not even sure that any prosecutorial entity could be persuaded to bring changes, especially in the light of the 9th Circuit ruling, even if it is tangential.
I don't get that from the ruling. While speaking to the admissibility of evidence in the criminal proceedings, the underlying act itself was specifically exempted under special needs. This puts it on solid legal ground as far as the 9th Circuit and the original ruling court are concerned.
He did have an expectation of privacy, and the court held that.
It also held that the emergency search fell under the doctrine of the "special needs" exemption to the Fourth Amendment.
These two principles were balanced, and special needs won out.
I really wish people would read the ruling, as it speaks in great detail about the principles of privacy, expectations thereof, why the search was acceptable in these circumstances, and so on.
Except that two courts, including the 9th Circuit Court of Appeals, which has a very strong track record on upholding individual rights when warranted and ruling against the interests of the government, already clearly decided that no search warrant was required, and that the "special needs" exemption applied to the situation, and thus no warrant was required.
The ruling answers all of your concerns.
Yes.
Cutting off his network access wouldn't have been able to happen immediately. The central IT organization does not operate or have physical access to the Housing network. The only option, at the time this occurred, was blackholing the IP and ensuring insofar as was possible that the same computer not reappear on the network and continue malicious activities.
Today, after a 5-year, $50 million network upgrade, there are numerous options for blocking MACs, remotely disabling network ports, and so on. None of these options were available at that time. So in an emergency situation, everything was done to ensure that intrusions into critical systems and infrastructure, possibly broader than were even known at that time, would be stopped as soon as possible, which included actively ensuring that the same computer not reappear on the network. At that time, there wouldn't have even been an easy way to see the MAC on the Housing network, so verifying that it was indeed the same computer and then taking mitigating steps was the best immediate emergency option.
You forgot the whole part about how even without the allegedly improperly obtained information, there was still sufficient evidence for a search warrant.
Also, at the time that this incident occurred, there wasn't an integrated capability to block MACs on the Housing network by the central IT organization, for various reasons. The most immediately available option was blackholing the IP, which was done, at which point the user simply manually assigned himself an unused IP on the DHCP network and continued malicious activity. The central IT organization does not operate the Housing network, and also didn't have immediate capability to physically disable ports in dorm rooms.
Today, we have all of those capabilities. Then, the only option for dealing with a very critical situation was taking all steps to actively ensure and verify that this computer did not come back on the network during the evolving emergency situation occurring over a very short period of time.
Its track record is clear, exactly as stated, and no matter how "liberal" it is or isn't, the 9th Circuit has a consistent record of always erring on the side of individual rights, liberties, and freedoms, and against the interests of the government, sometimes to ridiculous degrees.
And since there's an entire huge section in Wikipedia and over 1 million hits on google for "9th circuit liberal", regardless of "how much" it's true, there is no denying that, among all appeals circuits, the 9th is the "most" liberal.
But in this case, it's so clear cut that the University acted properly, it wasn't difficult for the court to rule on the side of the University's actions.
The point is, the court most likely to overturn the conviction didn't. And therefore, it's reasonable to believe this is how it will remain.
You missed one critical point. The exigent circumstances allowed the University to take legally take necessary actions to protect its computing and network resources and infrastructure, and the court upheld this.
The University was clearly correct in taking steps to ensure that the network access of the offending computer, in violation of numerous University policies and actively putting critical systems and services in jeopardy to unknown scope, was terminated and remained terminated in an emergent situation.
It's that simple. And even the 9th Circuit agrees with the University's actions.
The reason the 9th Circuit gets overturned is because it's a very liberal court that is often seen as out of step with prevailing views.
It also is very protective of personal and individual rights, liberty, and privacy, and does not err on the side of law enforcement or the state. It is probably statistically the most likely court to rule against the interests of the government and for the interests of the individual.
This one's not going to be overturned.
Also, you should really, really read the ruling.