Hahah. I and my friend actually once got banned on an exhibition when we continuously played DoA Xtreme Beach Volleyball. The staff though somebody else should have the opportunity to try the game. Then once we had been driven away, the staff of the exhibition took over the gaming. That was pretty funny.
Not quite so, I'm afraid. The directory has write permissions for admins, meaning a rogue admin user could simply overwrite, rename or delete the file. This could be prevented by changing all directories with admin group write permission into sticky mode. Once in sticky mode, overwrite, rename and deleting files are only allowed by the file owner. I'm not sure, but it may break applications when used by other admin users, if they rely on that the files can be overwritten without authentication. System Preferences should still work though, but Software Update could break.
Anyway, I do not consider this any major vulnerability. I could get root access right away without authentication using an admin account, but an administrator account is not a normal user account! It should be considered as a personal root account with protection against screwing up the system (e.g. no write access to/System,/bin,/usr etc.). It is not protecting you from rogue users! Keep that in mind.
Isn't it funny how everytime a new patent application is filled in, Slashdoters are desperately trying to find prior art for it. Sometimes it's quite reasonable, but not always. This time the application looks quite unique. If you don't really know any prior art, don't pretend like you would.
Still, the code is nowadays a fraction of all the work involved in a game
You do make a good point here. Games are not as simple as they used to be. Maybe you could do a couple of things yourself like programming and graphics, but doing everything is quite impossible. You have a great lack of time, and most likely lack at least some of the required skills. But there are very talented people in all the areas that could do amazing stuff if they worked together. Just think about those people making high quality mods for commercial games . There is definately potential.
Major players are indeed very cautious moving onto Mac and Linux. There is the fear that the revenues from the new supported platforms will not compensate the money used in new investments like hardware and training. Especially when the competition in the market becomes harder and harder, a misstep can be fatal for smaller companies. It will most likely require a big success by one company before the others will follow.
But there is one player that still waits for its big success; open source games. There are lots of great projects out there that still needs to be finished. A success here could wake up companies as well. The reason why a open source game could trigger investments on new platforms rather than commercial games is that open source developers doesn't maybe care about the current userbase as much. A great deal of the open source projects don't have any userbase at all, to be honest, but still people work on it. But there will always be some breakthroughs. Maybe not in this contest, but still.
I find the absence of comments rather odd on this article. Some people would say don't need these small games, but bigger titles. I disagree. Mac OS X has already quite many bigger titles. But small, simple and free games are a part of a gaming experience as well. When you install Windows (or Linux) you get some simple games to play with. This is not the case in Mac OS X. When you buy a new Mac you may get some game like Tony Hawk Pro Skater to play with, but I don't think this compensates the lack of small games.
Why do I then think these little games are so important? Because they can be played by everyone. Just think about Windows Solitaire. It is being played by members of both sexes in all ages. Can you say the same about Unreal Tournament? No. You can't.
It is possible that you could have seen a documentary about this. I read about this more than over a year a ago. This is definitely not news, just a reminder for the people! What worries me is that governments still haven't responded to the threat. Why? Because we consider some kind of a natural catastrophe often as a very unlikely and local phenomena. I have never seen, and don't know anyone who would have seen a natural catastrophe. Have you? The ever lasting problem remains; people won't believe you until it happens. Remember 9/11? It is a pity.
I don't know all the details, but if and because this is a reverse-enginered hack, there is a great chance it could stop working when on the next generation iPods and when the current ones get their next firmware update. The reason why this most likely bothers Apple this is that if the music then stops working on the iPod, people will not blame on Real, but Apple. People are going to shout "Apple, fix my broken iPod", not "Real, fix my hacked music".
You see, if Apple would accept this, it kind of forces them to support the hacked format in the future too. It is not an option. If Real wants to provide music to the iPod, they could have used plain AAC, mp3 or some other non-DRMed format or they should have made some agreement with Apple to sub-license FairPlay or something. Non-DRMed music would not go trough the music-labels, and as far as I know, Apple was unwilling to cooperate with Real on the sub-licensing. Real is in a bad situation, but it still doesn't justify them to take the law in to their own hands (if it proves to be illegal). How hard did Real try to come to an agreement on the sub-licensing of FairPlay with Apple anyway?
Too expensive? In America? Uh, right. Here where I live, CD's have the normal price of about 20 euros, which is about 24 US dollars. Discount price is about 16 euros (20 dollars). Considering the average income rate in the US compared to the ones in Europe, I really don't see any reason for you to complain.
To be honest, I think the prices iTunes Music Store has are the most fair for everyone. You can't expect to get everything for free in your life.
You talk about the importance about protecting/Applications from malware, while in fact what most users really want to protect is the contents of/Users. Applications can easily be re-installed. OS X can easily be re-installed. But if some of your private things are sent to the Internet from/Users it cannot simply be undone. What I'm saying is that the real goal (emphasis on goal) is not to save/Applications from malware, but to protect the integrity of the accounts. Strict permissions on/Applications help us in isolating malware between users, but it isn't the main goal itself.
I must still disagree with you when it comes to single user systems; the security of/Applications does not play any big part in these systems. Even when such system has two accounts, one admin and one regular, don't you think the malware already accomplishes it's goal when it gets the control of the regular account (the only one used for non-admin tasks)? At that time the malware already has access to all your private data and your "external accounts". Even though you would manage to keep/Applications clean by using separate accounts, you would already have failed in protecting your personal files - what really matters. Thus I do not consider the using of a admin account as the main account to have such a significant impact on overall security on single user systems.
On multi-user systems there is a potential problem, if there is an administrator account being used as regular account. Changing the permissions of the.app:s and application directories to 755 could be considered by Apple. It has not been realistic before the new Finder authentication feature in Panther. This would protect the default apps and most them that are installed trough.pkg, but the ones installed with dragging are still exposed to malware from the same account as the installer (unless there is a change in the behavior of who owns the trough authentication copied files).
As you said some guidance in security would be good, but it should not be required that every computer owner is an expert in computer security. You don't also want to give too many security instructions, because that would make your operating system look insecure in the eyes of the public. I think the best and easiest way is to make sure people understand that a OS X admin account is comparable to a root account i.e. not to use to surf the web and read the e-mail.
What comes to the repairing of the permissions in OS X, it isn't a OS X security model issue, but a Installer.app issue. Installer.app changes permissions according to the permissions in the package. This means that if the package puts something in/bin and the permission for/bin in the package is for some weird reason 777, will the mode of/bin be changed to world writable. Stupid? Yes. Dangerous? Yes. Insecure? Yes. Don't ask me why it hasn't been changed. It should be.
Anyway, it's getting late. It has been nice to hear your thoughts.
I see your point. OS X installation should more clearly state that the account it creates is in fact an administrator account. I admit I was fooled to create my own account as administrator the first time I installed OS X. It was however no problem for me to create a second admin account, delete the first one, and recreate my own account as ordinary user. I did so right the way.
I consider the problem however somewhat exaggerated. If the system is a multi-user system, it is likely that the administrator will notice the problem as I did. If it is a single-user system, does it really matter? The malware would propably have the same impact on you, as if you were an ordinary user.
The real problem are multi-user systems with an ordinary user using admin account. But it's more of an bad admin problem, than bad security in OS X. But as I said, the installation should be more clear about the matter.
I use the same "hack" myself. Unfortunately, it doesn't always work and it is not always appropriate to switch the type of the users to admin. It often leaves playing around in the registry and filesystem as your only choice, and there are times when you just can't get it work. It is not supposed to be like that.
I'm not really bashing Microsoft here, but the developers that create these apps. Some of them are still living in the world of Windows 95.
No, it hasn't. I have avoided Windows for some time now, but occasionally I have to use it. The big difference I've seen between Mac OS X and Windows is that your programs run fine in OS X with minimum privileges, while most of the applications on Windows require administrator privileges to run. A non-admin account is practically unusable for anything else than reading e-mail and web browsing.
PS. Show me one OS, whose default user is NOT an administrator. How could you do anything, if there is NO user with administrator rights, eh?
By default,/Applications is only writable by administrators (and root). If you wish for it to ask for password when you drag the files, you could always change the permissions to 755 (this works only on Panther). But the question remains; why do you run as admin? Administrator account is meant for administrative tasks and not for web browsing. You should treat the OS X administrator account as a root account with a extra security check.
You don't get it, do you? Take a look at the iMac. Would you chop the monitor, save some money and buy a cheap'n'crappy monitor instead?
Personally I think the current iMac is the most beautiful computer ever created. It is a design item that matches the furnishing of the room it is in. A true gem. If there should be a headless Mac, it should not be the iMac.
Ummm. This is Slashdot. No self-respecting geek doesn't know of Firefox. It is the rest of the people that need to be educated. How does posting advertisements on Slashdot change their opinions? It doesn't. You need to bring out your message to a wider audience than Slashdot!
Yes. I realized it was stupid of me. My point was just that the logo reminded me of some "Big Brother" watching my every move. Not a big deal, but I just felt like posting on this story.
Is it just me, but the binoculars (logo) and the black box makes me think of some kind of suspicious and/or illegal activity (spying, voyeurism, intrusion of private rights). A white box would have been better, because it is associated with goodness and cleanness while black is all that dirty stuff. Not a very good choice, huh?
Oh, well. That aside, Apple Remote Desktop is maybe the coolest administration program I've seen. Very impressive. Nobody should stop from buying it because of the box it is packaged in.
There have been non-English music on iTunes since it's launch. Then why would it be a problem now? They will most likely do the same thing they are doing now; they append " (Spanish Version)" or Italian or whatever to the song name.
If you want to search for Spanish songs by some artist, do a simple "Artist name Spanish" search, and you should get all the Spanish songs by the artist.
Does anyone seriously think FreeBSD is dead? Then why was this story posted to "prove" than FreeBSD is alive? I don't see any reason why to try prove to the trolls than the *BSDs are alive. The main thing afterall is that YOU think it is a good operating system - not somebody else.
The Italian parliament yesterday voted in favour of imposing jail sentences of up to three years on anyone caught uploading or downloading unauthorised copyright material to and from the Net.
In my eyes it looks like you get to prison by using Google cache or similar. Am I wrong?
Besides, how do you know if the copyrightholder have allowed you to download the content? Hell. It would even be dangerous to download "terms of service", because it is copyrighted.
It seems to be a common problem. I have witnessed something like that myself, even though it wasn't any computer I would be responsible for.
I noticed one day that a server was down and inquired about it's status when I met one of the guys who administer it. What I heard was that someone, apparently the cleaning staff, had unplugged the power cable from the Linux server running Apache and some other smaller services. As it was a educational server there were no financial losses, but I don't think that fscking all the drives is that nice either.:-)
Slashdot Mirror
Hahah. I and my friend actually once got banned on an exhibition when we continuously played DoA Xtreme Beach Volleyball. The staff though somebody else should have the opportunity to try the game. Then once we had been driven away, the staff of the exhibition took over the gaming. That was pretty funny.
Not quite so, I'm afraid. The directory has write permissions for admins, meaning a rogue admin user could simply overwrite, rename or delete the file. This could be prevented by changing all directories with admin group write permission into sticky mode. Once in sticky mode, overwrite, rename and deleting files are only allowed by the file owner. I'm not sure, but it may break applications when used by other admin users, if they rely on that the files can be overwritten without authentication. System Preferences should still work though, but Software Update could break.
Anyway, I do not consider this any major vulnerability. I could get root access right away without authentication using an admin account, but an administrator account is not a normal user account! It should be considered as a personal root account with protection against screwing up the system (e.g. no write access to /System, /bin, /usr etc.). It is not protecting you from rogue users! Keep that in mind.
Isn't it funny how everytime a new patent application is filled in, Slashdoters are desperately trying to find prior art for it. Sometimes it's quite reasonable, but not always. This time the application looks quite unique. If you don't really know any prior art, don't pretend like you would.
You do make a good point here. Games are not as simple as they used to be. Maybe you could do a couple of things yourself like programming and graphics, but doing everything is quite impossible. You have a great lack of time, and most likely lack at least some of the required skills. But there are very talented people in all the areas that could do amazing stuff if they worked together. Just think about those people making high quality mods for commercial games . There is definately potential.
Major players are indeed very cautious moving onto Mac and Linux. There is the fear that the revenues from the new supported platforms will not compensate the money used in new investments like hardware and training. Especially when the competition in the market becomes harder and harder, a misstep can be fatal for smaller companies. It will most likely require a big success by one company before the others will follow.
But there is one player that still waits for its big success; open source games. There are lots of great projects out there that still needs to be finished. A success here could wake up companies as well. The reason why a open source game could trigger investments on new platforms rather than commercial games is that open source developers doesn't maybe care about the current userbase as much. A great deal of the open source projects don't have any userbase at all, to be honest, but still people work on it. But there will always be some breakthroughs. Maybe not in this contest, but still.
I find the absence of comments rather odd on this article. Some people would say don't need these small games, but bigger titles. I disagree. Mac OS X has already quite many bigger titles. But small, simple and free games are a part of a gaming experience as well. When you install Windows (or Linux) you get some simple games to play with. This is not the case in Mac OS X. When you buy a new Mac you may get some game like Tony Hawk Pro Skater to play with, but I don't think this compensates the lack of small games.
Why do I then think these little games are so important? Because they can be played by everyone. Just think about Windows Solitaire. It is being played by members of both sexes in all ages. Can you say the same about Unreal Tournament? No. You can't.
These games fill a void.
It is possible that you could have seen a documentary about this. I read about this more than over a year a ago. This is definitely not news, just a reminder for the people! What worries me is that governments still haven't responded to the threat. Why? Because we consider some kind of a natural catastrophe often as a very unlikely and local phenomena. I have never seen, and don't know anyone who would have seen a natural catastrophe. Have you? The ever lasting problem remains; people won't believe you until it happens. Remember 9/11? It is a pity.
I don't know all the details, but if and because this is a reverse-enginered hack, there is a great chance it could stop working when on the next generation iPods and when the current ones get their next firmware update. The reason why this most likely bothers Apple this is that if the music then stops working on the iPod, people will not blame on Real, but Apple. People are going to shout "Apple, fix my broken iPod", not "Real, fix my hacked music".
You see, if Apple would accept this, it kind of forces them to support the hacked format in the future too. It is not an option. If Real wants to provide music to the iPod, they could have used plain AAC, mp3 or some other non-DRMed format or they should have made some agreement with Apple to sub-license FairPlay or something. Non-DRMed music would not go trough the music-labels, and as far as I know, Apple was unwilling to cooperate with Real on the sub-licensing. Real is in a bad situation, but it still doesn't justify them to take the law in to their own hands (if it proves to be illegal). How hard did Real try to come to an agreement on the sub-licensing of FairPlay with Apple anyway?
Too expensive? In America? Uh, right. Here where I live, CD's have the normal price of about 20 euros, which is about 24 US dollars. Discount price is about 16 euros (20 dollars). Considering the average income rate in the US compared to the ones in Europe, I really don't see any reason for you to complain.
To be honest, I think the prices iTunes Music Store has are the most fair for everyone. You can't expect to get everything for free in your life.
You talk about the importance about protecting /Applications from malware, while in fact what most users really want to protect is the contents of /Users. Applications can easily be re-installed. OS X can easily be re-installed. But if some of your private things are sent to the Internet from /Users it cannot simply be undone. What I'm saying is that the real goal (emphasis on goal) is not to save /Applications from malware, but to protect the integrity of the accounts. Strict permissions on /Applications help us in isolating malware between users, but it isn't the main goal itself.
I must still disagree with you when it comes to single user systems; the security of /Applications does not play any big part in these systems. Even when such system has two accounts, one admin and one regular, don't you think the malware already accomplishes it's goal when it gets the control of the regular account (the only one used for non-admin tasks)? At that time the malware already has access to all your private data and your "external accounts". Even though you would manage to keep /Applications clean by using separate accounts, you would already have failed in protecting your personal files - what really matters. Thus I do not consider the using of a admin account as the main account to have such a significant impact on overall security on single user systems.
On multi-user systems there is a potential problem, if there is an administrator account being used as regular account. Changing the permissions of the .app:s and application directories to 755 could be considered by Apple. It has not been realistic before the new Finder authentication feature in Panther. This would protect the default apps and most them that are installed trough .pkg, but the ones installed with dragging are still exposed to malware from the same account as the installer (unless there is a change in the behavior of who owns the trough authentication copied files).
As you said some guidance in security would be good, but it should not be required that every computer owner is an expert in computer security. You don't also want to give too many security instructions, because that would make your operating system look insecure in the eyes of the public. I think the best and easiest way is to make sure people understand that a OS X admin account is comparable to a root account i.e. not to use to surf the web and read the e-mail.
What comes to the repairing of the permissions in OS X, it isn't a OS X security model issue, but a Installer.app issue. Installer.app changes permissions according to the permissions in the package. This means that if the package puts something in /bin and the permission for /bin in the package is for some weird reason 777, will the mode of /bin be changed to world writable. Stupid? Yes. Dangerous? Yes. Insecure? Yes. Don't ask me why it hasn't been changed. It should be.
Anyway, it's getting late. It has been nice to hear your thoughts.
I see your point. OS X installation should more clearly state that the account it creates is in fact an administrator account. I admit I was fooled to create my own account as administrator the first time I installed OS X. It was however no problem for me to create a second admin account, delete the first one, and recreate my own account as ordinary user. I did so right the way.
I consider the problem however somewhat exaggerated. If the system is a multi-user system, it is likely that the administrator will notice the problem as I did. If it is a single-user system, does it really matter? The malware would propably have the same impact on you, as if you were an ordinary user.
The real problem are multi-user systems with an ordinary user using admin account. But it's more of an bad admin problem, than bad security in OS X. But as I said, the installation should be more clear about the matter.
I use the same "hack" myself. Unfortunately, it doesn't always work and it is not always appropriate to switch the type of the users to admin. It often leaves playing around in the registry and filesystem as your only choice, and there are times when you just can't get it work. It is not supposed to be like that.
I'm not really bashing Microsoft here, but the developers that create these apps. Some of them are still living in the world of Windows 95.
No, it hasn't. I have avoided Windows for some time now, but occasionally I have to use it. The big difference I've seen between Mac OS X and Windows is that your programs run fine in OS X with minimum privileges, while most of the applications on Windows require administrator privileges to run. A non-admin account is practically unusable for anything else than reading e-mail and web browsing.
PS. Show me one OS, whose default user is NOT an administrator. How could you do anything, if there is NO user with administrator rights, eh?
By default, /Applications is only writable by administrators (and root). If you wish for it to ask for password when you drag the files, you could always change the permissions to 755 (this works only on Panther). But the question remains; why do you run as admin? Administrator account is meant for administrative tasks and not for web browsing. You should treat the OS X administrator account as a root account with a extra security check.
You can also save Apple Scripts as Mach-O executables in script editor.
But that wasn't the point here...
PS. You can still run your scripts like sh /path/to/script, even though the mounted drive is noexec. Uh. Just like with Apple Scripts. :-)
You don't get it, do you? Take a look at the iMac. Would you chop the monitor, save some money and buy a cheap'n'crappy monitor instead?
Personally I think the current iMac is the most beautiful computer ever created. It is a design item that matches the furnishing of the room it is in. A true gem. If there should be a headless Mac, it should not be the iMac.
Ummm. This is Slashdot. No self-respecting geek doesn't know of Firefox. It is the rest of the people that need to be educated. How does posting advertisements on Slashdot change their opinions? It doesn't. You need to bring out your message to a wider audience than Slashdot!
Yes. I realized it was stupid of me. My point was just that the logo reminded me of some "Big Brother" watching my every move. Not a big deal, but I just felt like posting on this story.
Is it just me, but the binoculars (logo) and the black box makes me think of some kind of suspicious and/or illegal activity (spying, voyeurism, intrusion of private rights). A white box would have been better, because it is associated with goodness and cleanness while black is all that dirty stuff. Not a very good choice, huh?
Oh, well. That aside, Apple Remote Desktop is maybe the coolest administration program I've seen. Very impressive. Nobody should stop from buying it because of the box it is packaged in.
There have been non-English music on iTunes since it's launch. Then why would it be a problem now? They will most likely do the same thing they are doing now; they append " (Spanish Version)" or Italian or whatever to the song name.
If you want to search for Spanish songs by some artist, do a simple "Artist name Spanish" search, and you should get all the Spanish songs by the artist.
What was the problem, again?
Does anyone seriously think FreeBSD is dead? Then why was this story posted to "prove" than FreeBSD is alive? I don't see any reason why to try prove to the trolls than the *BSDs are alive. The main thing afterall is that YOU think it is a good operating system - not somebody else.
Next story, please.
...is something you should probably read. Link here.
Interesting project, but quite useless for us that prefer portability.
The article states earlier:
In my eyes it looks like you get to prison by using Google cache or similar. Am I wrong?
Besides, how do you know if the copyrightholder have allowed you to download the content? Hell. It would even be dangerous to download "terms of service", because it is copyrighted.
This thing is not going to work out very well.
It seems to be a common problem. I have witnessed something like that myself, even though it wasn't any computer I would be responsible for.
I noticed one day that a server was down and inquired about it's status when I met one of the guys who administer it. What I heard was that someone, apparently the cleaning staff, had unplugged the power cable from the Linux server running Apache and some other smaller services. As it was a educational server there were no financial losses, but I don't think that fscking all the drives is that nice either. :-)
The cleaning lady needed electricity to her vacuum cleaner.
Poor sysadmins.