More and more we're being treated to refreshing entertainment as MS in one way or another screws up. It makes life worth living again.
What I'd really like is an authentic story from the Seattle Post-Intelligencer that Bill Gates stepped in some dogshit and slipped and got really dirty.
And that at the same time it was raining.
And he was heard to curse loudly and rudely.
And that he insulted and pushed an old lady who tried to help.
And that his children disown him - even the one in a state correctional institution and the other in drug rehab and the third in Weight Watchers trying desperately to get back under the 300 lb mark - and his wife leaves him for a Puerto Rican Lesbian lover.
About then I'd be feeling good again.
All I'd really need after that was a new story about how Steve Ballmer was arrested in a gay club soliciting sex.
This reminds me of the debacle over AnalogX's Proxy Server - a product many anti-spam experts contend is one of the biggest sources of spam relays in the world.
The product ships 'wide open' and users don't bother RTFM and if over a third of all spam relays are due to this product - who's at fault then?
Security experts say AnalogX is, because he ships his product wide open. Security experts have also been hounding Microsoft for years for shipping net tools that leave a user again 'wide open'.
Sorry, but merely giving a user an option to corrupt a local machine and then blaming the user for using this option is not a way out of the corner.
Actually this post does not need a reply, as it is its own best counter-argument. But let's take a few choice examples.
it provides means by which to inject code into programs that were launched after the code injector became present
Meaning it's by definition a type of trojan.
but that's not a unique ability
Oh no? Then tell us what other programs do this so we can rid our systems of them.
any daemon can inject code into a program as it is being launched
Even if this were true, it's a case of trust: we bought the operating system because it had a proven record and we trusted it. An APE is NOT part of the operating system (thankfully).
not doing anything more than calling existing (but undocumented) APIs
This basically says all. Programmers who hack at undocumented APIs should get a slap on the wrists.
APE modules cannot poke around into any program they wish
But you just said they can get into anything - make up your mind.
they may only poke around in the applications in which they have been told to reside
Why do we feel no comfort in these assurances?
They may not touch any other program.
'Bullshit!' - Tom 'Iceman' Kazanski
you can call APE a bad idea
Thank you for your permission.
yes it can crash applications or spy on the user
Thanks again - this time for admitting our point.
not more than any other piece of malware
And a final thanks for categorising it where it belongs.
'I've got no time now! I'm working on my 38-page paper on prime numbers!'
Yes, that would be very silly. Isaac would never say that. Not in a million light years.
There's namely only one way to do the standing on the shoulders of Giants thing: you've got to find the right Giants, and you've got to have a more down-to-earth footing.
And Giants don't like prime numbers. They hate 'em - with a passion. You can't eat 'em, you can't put 'em in the bank, you can't even bash humans on the head with 'em. Useless, bloody useless they are, like French Citroens with the steering wheel on the wrong side.
I'll take the apples any day. At least they lead to something constructive, to build on. Or correct me if I am wrong: what possible benefit can this prime-ordial nonsense bring?
Besides: Newton didn't get a grant to sit under a tree and let moldy fruit bounce off his noggin.
I believe you, and I can't believe Apple would let this happen. We have - or are supposed to have - totally secure 32-bit virtual memory systems here. The actual memory addresses used by one application are supposed to be irrelevant to any other - and most importantly: only the kernel is to be able to execute privileged operations which allow you to get to either physical memory or the system itself.
Knowing Unix as we do, we know this is impossible unless:
1. The application has installed something in system territory; and
2. The installer has had root access, even through being a member of the 'admininstrators' group.
If you can 'root' a Unix box, you can get at anything. But I suspect most APE users are not really sensitised to what they're giving away when they install an APE. They've basically opened the front door and thrown away the key.
Now on the other side of the camp is the RCDefaultApp and More internet crowd, which schooled people to turn off/reassign the URL handlers themselves with a very easy to use program.
RCDefaultApp can't turn off a thing. The use of the string '' within this program is very unfortunate.
RCDefaultApp 'redirects' things. When you want a protocol 'disabled', it actually redirects to another app hidden within its own application package. A package in turn called 'Do Nothing'.
This method might work in a pinch, but it is not a clean solution. The clean idea is to disable the protocols completely. Damage your plist file where RCDefaultApp proclaims its ownership of your protocols, or remove RCDefaultApp because you think you're finished with it, and you may become vulnerable again.
RCDefaultApp does not turn anything off - it redirects. Big diff.
critics are right to point out that it is a security nightmare, and it will destabilize all apps on the system by design
This is correct. Some people know the Mac, but few people know Unix. Ken Thompson, one of the fathers of Unix, said emphatically:
Keep your hands off the drivers.
The whole idea of Unix is not only security but respect - a respect that enhances security.
The very thought that code in a 32-bit protected mode system would be able to do things like this - correct me if I am wrong, but APEs require your administrator password, right? That means that even though they are 3rd party code they want to go where they have no right going.
APEs and everything like them depend on 'hacks' as their name implies. They're going to break easily as what they're doing is not officially supported by the operating system, and yes they are dangerous.
I would also like to cite a few pieces of the Unsanity article.
It is installed in/Library/Frameworks/ like a good framework should be.
This is patently not true. Good frameworks should be installed in ~/Library/Frameworks, your own directory. The directory Unsanity chooses automatically affects all users on the same machine.
Another directory exploited is/Library/Application Enhancers - again, this is an area which affects all users on the same machine. The fact that Unsanity use daemons also points to all users being affected by what one user wishes to do, and preferably in user mode.
One of my favourites is:
Since Apple does not provide a way (other than with kernel extensions) to change the behaviour of different applications, we had to engineer one on our own.
Oh wow. Perhaps - just perhaps - Apple did not provide this for security reasons? And comparing an APE with gdb is just silly: gdb is meant to be used in testing, not on secure stable end user machines.
I also note the following:
They do not break down the barriers of protected memory.
Ah - let me just say that without a more technically substantial run-through, most of us are going to remain unconvinced. And it's fairly obvious, at any rate, that barriers somewhere are being broken down.
Finally, I don't think APEs are spyware, but I get what the complainers are going on about: they feel uneasy because they know there's something 'illicit' going on in their systems.
Remember what Ken Thompson said. Unix didn't get so far and do so well because Bell Labs specialised in application enhancers. Keep your hands off the drivers, and keep your hands off software that won't keep its hands to itself.
If the software isn't coming from Apple and still wants your administrator password, reject it. That software has no business going into areas of your disk where it doesn't belong. That is your security involved.
A good example of what can happen is Interarchy. It wants your adminstrator password and then leaves about 1.5 MB of junk in areas even you can't ordinarily get to, and all without telling you. That's what these freaks find tantamount to 'spyware': 'illicit' things going on in your machine, without your express approval.
If you can't make the operating system work better, write to the vendor (Apple). Don't do anything yourself. If you want apps on top of the operating system, fine - just play by the rules.
I suspect the Unsanity programmers are very good at what they do, but what they're doing is definitely not Unix. Not even close.
I'm surprised how many of you haven't done your homework. TP Jackson's writings, whether they represented the study of his associates or were his own insights, are remarkable. They are the basis for the DOJ court ruling against Microsoft.
The browser was never the issue, and I am surprised there are any people who still after all these years don't get it. The materials were freely available at the DOJ website for all to read.
Microsoft were against anyone intruding on their territory. Both Netscape and Sun threatened to do so with their technologies. Microsoft deliberately sabotaged the Sun Java standard (no other company signing the agreement ever did) and they did all they could to prevent Netscape from entering the PC marketplace.
The danger with both technologies is cross-platform compatibility. Applications written for Netscape or with Java could easily be ported to other platforms. This would destroy Microsoft's dominance in the PC market.
Gates tried to reason with Netscape, but they weren't interested. Gates' message to them was simple. He invited them to Redmond, and then told them point blank they should not enter the PC market. Netscape chose to disregard Bill Gates.
The entire thing with Internet Explorer was only to destroy Netscape, but not to destroy the product - to destroy the company. They used pressure on OEMs, pressure on ISPs, pressure on everyone to not only get people to opt for the free Internet Explorer, but to make it increasingly difficult for people to even find download links for the Netscape browser. OEMs who showed too many downloads of Netscape - including IBM - risked losing their benefits contra Microsoft and had to make the download links to Netscape more obscure so as to not incur the wrath of WHG.
Microsoft lost the trial but they won the battle. Netscape is no more, and Microsoft have already paid for Sun's funeral. The Internet Explorer browser is not interesting anymore, and it doesn't matter Mozilla is out there with a good product. Microsoft invested an estimated US$5 billion in its development without a thought ever of getting any of it back - it was for defensive purposes only.
Today it's all DRM - browsers and the threats to the MS marketplace are in the rear view mirror. The browser is not essential.
Some of you ought to go back to school before you begin speculating about what's going on.
I was driving through Nye County a few years back. Met a girl at a petrol station (they're expensive out there, if you didn't know). She'd just closed her brothel because she'd been DoSed by a competitor. Really broken up about it she was - and cute too. Was going to drive home to New Jersey to be with her grandma. I felt sorry for her.
'Who's your provider? Where's your site located?' I asked. 'I ran it right off a rickety old Gateway back at the house', she said. 'I can take a look at it', I said. She was afraid to go back, but I convinced her it was no big deal.
So today the girl is open for business again. And I drove out of Nye County with a smile on my face and a chanson in my coeur. And she was so impressed she told all her friends and today I have more business than I know what to do with.
But the worst part is keeping up my stamina to take payment for services rendered.
Paranoid Android is for 10.3 only. Xcode comes with the ability to 'back-compile' to 10.1.5 and 10.2.7. Offering the other images, or one image that works on all, should be no bother. Offering only 10.3 is weak - very weak.
One thing people rarely talk about is how fast HFS+ is. Or perhaps how slow UFS on the Mac with OS X is. But the difference is more than dramatic: a clean install of OS X using HFS+ can take less than half an hour - including the developers tools. The same procedure using UFS seems to never end.
It might be the way they've 'frobbed' UFS for use with OS Server, but UFS really gives high priority to disk ops with GUI ops taking the back seat, and yet HFS+ is in comparison blazingly fast.
I believe in a good clean machine like anyone, and I do see the probability DiskWarrior will be needed now and again, but the speed alone is quite a pedigree for HFS+ IMHO.
This is the biggest non-event of the year, and it's only compounded by the fact that Episnoozes 1 and 2 were already so bad. A journalist online suggested facetiously that Ed Wood be called out of the grave to save the screenplay, and he has a point. Lucas can't write for shit, and as long as he keeps trying to make 11yos laugh he's going to be a turkey.
We have beer parties. Everyone gets a bag of popcorn. Then everybody puts money on a colour. We had one dork picked purple. We split his money later and bought more beer. I usually pick blue and somehow almost always win. But waiting until 4 AM to pick up the pot is a bit frustrating.
Slashdot Mirror
It's not like the old days of open relays
As long as AnalogX's Proxy is around, those old days will still be here.
Black holes are known to multiply - especially in spring, which is probably why we're seeing them now.
More and more we're being treated to refreshing entertainment as MS in one way or another screws up. It makes life worth living again.
What I'd really like is an authentic story from the Seattle Post-Intelligencer that Bill Gates stepped in some dogshit and slipped and got really dirty.
And that at the same time it was raining.
And he was heard to curse loudly and rudely.
And that he insulted and pushed an old lady who tried to help.
And that his children disown him - even the one in a state correctional institution and the other in drug rehab and the third in Weight Watchers trying desperately to get back under the 300 lb mark - and his wife leaves him for a Puerto Rican Lesbian lover.
About then I'd be feeling good again.
All I'd really need after that was a new story about how Steve Ballmer was arrested in a gay club soliciting sex.
This reminds me of the debacle over AnalogX's Proxy Server - a product many anti-spam experts contend is one of the biggest sources of spam relays in the world.
The product ships 'wide open' and users don't bother RTFM and if over a third of all spam relays are due to this product - who's at fault then?
Security experts say AnalogX is, because he ships his product wide open. Security experts have also been hounding Microsoft for years for shipping net tools that leave a user again 'wide open'.
Sorry, but merely giving a user an option to corrupt a local machine and then blaming the user for using this option is not a way out of the corner.
Actually this post does not need a reply, as it is its own best counter-argument. But let's take a few choice examples.
it provides means by which to inject code into programs that were launched after the code injector became present
Meaning it's by definition a type of trojan.
but that's not a unique ability
Oh no? Then tell us what other programs do this so we can rid our systems of them.
any daemon can inject code into a program as it is being launched
Even if this were true, it's a case of trust: we bought the operating system because it had a proven record and we trusted it. An APE is NOT part of the operating system (thankfully).
not doing anything more than calling existing (but undocumented) APIs
This basically says all. Programmers who hack at undocumented APIs should get a slap on the wrists.
APE modules cannot poke around into any program they wish
But you just said they can get into anything - make up your mind.
they may only poke around in the applications in which they have been told to reside
Why do we feel no comfort in these assurances?
They may not touch any other program.
'Bullshit!' - Tom 'Iceman' Kazanski
you can call APE a bad idea
Thank you for your permission.
yes it can crash applications or spy on the user
Thanks again - this time for admitting our point.
not more than any other piece of malware
And a final thanks for categorising it where it belongs.
... is numbers. They're cheap. Dirt cheap. And no mathematician should be able to fool you into thinking otherwise.
Sorry: this is like trying to prove that for every number n there will always be an n + 1 (or n + 2, or...).
I've got better things to do with my time, and I wish other people had better things to do with tax money.
Just imagine if Isaac Newton was sitting there under the tree in Cambridge and the apple fell and good old Isaac said:
'I've got no time now! I'm working on my 38-page paper on prime numbers!'
Yes, that would be very silly. Isaac would never say that. Not in a million light years.
There's namely only one way to do the standing on the shoulders of Giants thing: you've got to find the right Giants, and you've got to have a more down-to-earth footing.
And Giants don't like prime numbers. They hate 'em - with a passion. You can't eat 'em, you can't put 'em in the bank, you can't even bash humans on the head with 'em. Useless, bloody useless they are, like French Citroens with the steering wheel on the wrong side.
I'll take the apples any day. At least they lead to something constructive, to build on. Or correct me if I am wrong: what possible benefit can this prime-ordial nonsense bring?
Besides: Newton didn't get a grant to sit under a tree and let moldy fruit bounce off his noggin.
Because the APE module attaches to every running application, if it is itself unstable, it can make all your applications unstable.
I'm glad Ken Thompson is still alive, because if he wasn't, he'd roll over in his grave if he heard that.
I believe you, and I can't believe Apple would let this happen. We have - or are supposed to have - totally secure 32-bit virtual memory systems here. The actual memory addresses used by one application are supposed to be irrelevant to any other - and most importantly: only the kernel is to be able to execute privileged operations which allow you to get to either physical memory or the system itself.
Knowing Unix as we do, we know this is impossible unless:
1. The application has installed something in system territory; and
2. The installer has had root access, even through being a member of the 'admininstrators' group.
If you can 'root' a Unix box, you can get at anything. But I suspect most APE users are not really sensitised to what they're giving away when they install an APE. They've basically opened the front door and thrown away the key.
Now on the other side of the camp is the RCDefaultApp and More internet crowd, which schooled people to turn off/reassign the URL handlers themselves with a very easy to use program.
RCDefaultApp can't turn off a thing. The use of the string '' within this program is very unfortunate.
RCDefaultApp 'redirects' things. When you want a protocol 'disabled', it actually redirects to another app hidden within its own application package. A package in turn called 'Do Nothing'.
This method might work in a pinch, but it is not a clean solution. The clean idea is to disable the protocols completely. Damage your plist file where RCDefaultApp proclaims its ownership of your protocols, or remove RCDefaultApp because you think you're finished with it, and you may become vulnerable again.
RCDefaultApp does not turn anything off - it redirects. Big diff.
critics are right to point out that it is a security nightmare, and it will destabilize all apps on the system by design
/Library/Frameworks/ like a good framework should be.
/Library/Application Enhancers - again, this is an area which affects all users on the same machine. The fact that Unsanity use daemons also points to all users being affected by what one user wishes to do, and preferably in user mode.
This is correct. Some people know the Mac, but few people know Unix. Ken Thompson, one of the fathers of Unix, said emphatically:
Keep your hands off the drivers.
The whole idea of Unix is not only security but respect - a respect that enhances security.
The very thought that code in a 32-bit protected mode system would be able to do things like this - correct me if I am wrong, but APEs require your administrator password, right? That means that even though they are 3rd party code they want to go where they have no right going.
APEs and everything like them depend on 'hacks' as their name implies. They're going to break easily as what they're doing is not officially supported by the operating system, and yes they are dangerous.
I would also like to cite a few pieces of the Unsanity article.
It is installed in
This is patently not true. Good frameworks should be installed in ~/Library/Frameworks, your own directory. The directory Unsanity chooses automatically affects all users on the same machine.
Another directory exploited is
One of my favourites is:
Since Apple does not provide a way (other than with kernel extensions) to change the behaviour of different applications, we had to engineer one on our own.
Oh wow. Perhaps - just perhaps - Apple did not provide this for security reasons? And comparing an APE with gdb is just silly: gdb is meant to be used in testing, not on secure stable end user machines.
I also note the following:
They do not break down the barriers of protected memory.
Ah - let me just say that without a more technically substantial run-through, most of us are going to remain unconvinced. And it's fairly obvious, at any rate, that barriers somewhere are being broken down.
Finally, I don't think APEs are spyware, but I get what the complainers are going on about: they feel uneasy because they know there's something 'illicit' going on in their systems.
Remember what Ken Thompson said. Unix didn't get so far and do so well because Bell Labs specialised in application enhancers. Keep your hands off the drivers, and keep your hands off software that won't keep its hands to itself.
If the software isn't coming from Apple and still wants your administrator password, reject it. That software has no business going into areas of your disk where it doesn't belong. That is your security involved.
A good example of what can happen is Interarchy. It wants your adminstrator password and then leaves about 1.5 MB of junk in areas even you can't ordinarily get to, and all without telling you. That's what these freaks find tantamount to 'spyware': 'illicit' things going on in your machine, without your express approval.
If you can't make the operating system work better, write to the vendor (Apple). Don't do anything yourself. If you want apps on top of the operating system, fine - just play by the rules.
I suspect the Unsanity programmers are very good at what they do, but what they're doing is definitely not Unix. Not even close.
Yeah, like it's rocket science or something. To write an add-on might be, but in the browser code it's less than a triviality.
Which makes you wonder. I suspect Bill Gates and Jack Valenti belong to the same book club.
I'm surprised how many of you haven't done your homework. TP Jackson's writings, whether they represented the study of his associates or were his own insights, are remarkable. They are the basis for the DOJ court ruling against Microsoft.
The browser was never the issue, and I am surprised there are any people who still after all these years don't get it. The materials were freely available at the DOJ website for all to read.
Microsoft were against anyone intruding on their territory. Both Netscape and Sun threatened to do so with their technologies. Microsoft deliberately sabotaged the Sun Java standard (no other company signing the agreement ever did) and they did all they could to prevent Netscape from entering the PC marketplace.
The danger with both technologies is cross-platform compatibility. Applications written for Netscape or with Java could easily be ported to other platforms. This would destroy Microsoft's dominance in the PC market.
Gates tried to reason with Netscape, but they weren't interested. Gates' message to them was simple. He invited them to Redmond, and then told them point blank they should not enter the PC market. Netscape chose to disregard Bill Gates.
The entire thing with Internet Explorer was only to destroy Netscape, but not to destroy the product - to destroy the company. They used pressure on OEMs, pressure on ISPs, pressure on everyone to not only get people to opt for the free Internet Explorer, but to make it increasingly difficult for people to even find download links for the Netscape browser. OEMs who showed too many downloads of Netscape - including IBM - risked losing their benefits contra Microsoft and had to make the download links to Netscape more obscure so as to not incur the wrath of WHG.
Microsoft lost the trial but they won the battle. Netscape is no more, and Microsoft have already paid for Sun's funeral. The Internet Explorer browser is not interesting anymore, and it doesn't matter Mozilla is out there with a good product. Microsoft invested an estimated US$5 billion in its development without a thought ever of getting any of it back - it was for defensive purposes only.
Today it's all DRM - browsers and the threats to the MS marketplace are in the rear view mirror. The browser is not essential.
Some of you ought to go back to school before you begin speculating about what's going on.
This is really too much - a representative of Microsoft claiming something else is a waste of money.
Most of you steal your software.
- Bill Gates
What is this TownHall shite?
Who is this Brent Bozo anyway?
Why are Slashdot publishing this crap?
Shame.
I was driving through Nye County a few years back. Met a girl at a petrol station (they're expensive out there, if you didn't know). She'd just closed her brothel because she'd been DoSed by a competitor. Really broken up about it she was - and cute too. Was going to drive home to New Jersey to be with her grandma. I felt sorry for her.
'Who's your provider? Where's your site located?' I asked. 'I ran it right off a rickety old Gateway back at the house', she said. 'I can take a look at it', I said. She was afraid to go back, but I convinced her it was no big deal.
So today the girl is open for business again. And I drove out of Nye County with a smile on my face and a chanson in my coeur. And she was so impressed she told all her friends and today I have more business than I know what to do with.
But the worst part is keeping up my stamina to take payment for services rendered.
Levenez is very cool. He's the only person online with a substantial history of NeXT and NeXTSTEP, for example.
http://www.levenez.com/NeXTSTEP/
Can't this one escalate even further?
Can't trojans that get onto Macs turn into bona-fide worms, distributing themselves via Address Book and HTML e-mail that does the 'disk://' download?
Paranoid Android is for 10.3 only. Xcode comes with the ability to 'back-compile' to 10.1.5 and 10.2.7. Offering the other images, or one image that works on all, should be no bother. Offering only 10.3 is weak - very weak.
Jon Rubenstein is the old head of hardware at NeXT, is he not?
What's he doing with the iPod, away from computer hardware?
It's easy to read too much into this one, but superficially you can't make it sound good.
If next we hear Avie's running customer support, then it's serious!
One thing people rarely talk about is how fast HFS+ is. Or perhaps how slow UFS on the Mac with OS X is. But the difference is more than dramatic: a clean install of OS X using HFS+ can take less than half an hour - including the developers tools. The same procedure using UFS seems to never end.
It might be the way they've 'frobbed' UFS for use with OS Server, but UFS really gives high priority to disk ops with GUI ops taking the back seat, and yet HFS+ is in comparison blazingly fast.
I believe in a good clean machine like anyone, and I do see the probability DiskWarrior will be needed now and again, but the speed alone is quite a pedigree for HFS+ IMHO.
This is the biggest non-event of the year, and it's only compounded by the fact that Episnoozes 1 and 2 were already so bad. A journalist online suggested facetiously that Ed Wood be called out of the grave to save the screenplay, and he has a point. Lucas can't write for shit, and as long as he keeps trying to make 11yos laugh he's going to be a turkey.
Very cool, very cool hack.
Damn, that was my next project...
We have beer parties. Everyone gets a bag of popcorn. Then everybody puts money on a colour. We had one dork picked purple. We split his money later and bought more beer. I usually pick blue and somehow almost always win. But waiting until 4 AM to pick up the pot is a bit frustrating.
Hey that's phabulously phantastically phunny.
SION believes that its new Lithium-Sulfur (Li-S) batteries are the answer to the power hungry devices on the market today.
Really?
They're an answer to Bill Gates, Steve Ballmer, and Microsoft?