“With the advent of Intel-based Macintosh computers, Apple was faced with a new requirement: to make it non-trivial to run Mac OS X on non-Apple hardware. The ‘solution’ to this ‘problem’ is multifaceted. One important aspect of the solution involves the use of encrypted executables for a few key applications like the Finder and the Dock. Apple calls such executables apple-protected binaries. In this document, we will see how Apple-protected binaries work in Mac OS X.”
Unfortunately, this article does not explain how exactly the encryption helps to protect Mac OS X. I assume that the dsmos kernel extension checks if the computer is a genuine Mac and doesn’t implement the page_transform() function if it isn’t – and so protected applications won’t run anymore because they cannot be decrypted.
But how is this more effective than having the kernel do the same check at boot time and refusing to boot if the computer isn’t a Mac? Why is it harder to hack the check out of the dmos kernel extension than to hack it out of another part of the kernel?
I’m not saying I don’t believe that it makes sense to implement a system like that – I just don’t see the advantages (because I’m no expert) and this article doesn’t really say what they are.
I am not expert either, but could it be because Apple Open Sources the low level stuff i.e. Darwin. Therefore if they did it at boot time they would either have to keep some low level stuff closed and therefore cutom OS X kernels could not be built or move the protection into the layers which are not open source.
But like I said I am no authority.
Something that only runs at boot is trivial to circumvent. Something which perpetually runs (e.g. Finder, Dock) and is theoretically necessary to continued operation of the OS is a much more robust mechanism.
The underlying question here is what does dsmos do that could not be replaced by a more permissive kext. I suspect dsmos does not do the decryption itself but rather passes the work along to a chip on the Intel mobo which returns the decrypted pages.
If the chip is missing, the kext fails and Finder cannot run. The downside to this approach is that eventually what the decoder chip does in hardware, a replacement kext could do in software.
You’ll note that Apple has left XPostFacto out in the cold, and I would not be surprised if most of this decision had to do with source-closing key aspects of the OS X installer’s sanity/hardware checks. XPostFacto worked by slipstreaming replacement kexts into the OS X installer that overrode the installer’s hardware checks (which is how I got Jaguar running on a G4 7500).
As late as Tiger, it was possible to remaster a PPC installer DVD with a replacement ‘acceptable hardware’ list on it: if I were a betting man, I’d guess that the new installer discs run checksums on directories to prevent this sort of thing.
Gotta love MS and Apple.
Instead of fixing Windows issues MS spends time and money revamping WGA and activation.
Instead of fixing the finder Apple spends resources encrypting portions of the OS to make sure you run it on their hardware only.
It kinda sucks to think that a portion of the money you spend on these two operating systems goes directly to limiting what you can do with it!
They are making sure that they have money to spend on real development. I don’t think that a lot of work went into this protection, sooner or later it will be broken. Casual users won’t try to install OSX on regular PCs and that’s the point.
Instead of fixing Windows issues MS spends time and money revamping WGA and activation.
No offense, but you’re either woefully ignorant about what MS is doing in Vista (http://en.wikipedia.org/wiki/Features_new_to_Windows_Vista) or you’re trolling. Which is it? Either way, it ain’t pretty.
Sure your reply is a good and valid one, but you do have to bear in mind that what is being delivered in Vista is much less than what was promised.
So from that point of view it is fair to say that Microsoft really didn’t deliver as much as they said they would – and we the end-user are going to notice only a few of the changes, the visual ones and the ones which will cause us problems such as the activation/validation checks.
WGA has nothing to do with cutting other features. They are handled by totally seperate teams. The features that were cut failed to ship because they just weren’t ready, couldn’t meet the ship date because the were dependent on constantly changing infrastructure underneeath or were dependent on the standardization of other technologies, or required architectual changes based on feedback or the need to support new scenarios.
Last, a number of the technologies people think were cut are still present in Vista. Others are still in development and will ship before Vista or in the Vista timeframe. In neither case was WGA the cause of schedule changes for that code.
Definitely agreed. Finite resources, etc.
However the point stands that the featureset will have been chosen by the project managers on the Windows team.
At some point it became obvious that a feature was going to be too hard, too unstable, or not useful enough and will have been canned.
Adding in WGA, etc, will have taken developers from elsewhere…
I’m sure there are a lot of valid business concerns which resulted in the particular choices made. However the end result is that lots of promised/expected features were cut and things that did get added were not necessarily things that home-users and small business owners would appreciate.
Anyway I dont have a particular axe to grind so I’ll stop here. I just though that the OP did have an interesting point.
No offense, but you’re either woefully ignorant about what MS is doing in Vista (http://en.wikipedia.org/wiki/Features_new_to_Windows_Vista) or you’re trolling. Which is it? Either way, it ain’t pretty.
Oh I’ve seen the list and heck I’ve been running the betas, even got a good friend I grew up with who is currently at MS working on the vista team. I’m well aware of what they are doing.
MS has revamped WGA and activation, thats a fact.
Apple plays their own little lock in game(s)
Its not trolling to point this out and yes it annoys me to think that development dollars are spent on it.
MS has revamped WGA and activation, thats a fact.
Duh. But your implication that WGA and activation are the only features MS is adding in Vista is a load of bull.
Its not trolling to point this out and yes it annoys me to think that development dollars are spent on it.
WGA and activation don’t prevent you from choosing a Mac. Or Linux. If you still want to run Windows on those platforms, you can run VMWare or WINE.
I’ll stick with tiger and linux on my Dual G5.
I don’t need to run crippleware.
I suppose you mean ‘simple solution, DON”T RUN LEOPARD!’ instead of ‘simple solution, DON”T RUN PANTHER!’…
10.0 = Cheetah
10.1 = Puma
10.2 = Jaguar
10.3 = Panther
10.4 = Tiger
10.5 = Leopard
What did you just mean?
Tiger was released after Panther; this mechanism has been implemented in Tiger.
This is not crippleware, stop whinning.
This is not crippleware, stop whinning.
How was that whining? How is it not crippleware? That was not spelt properly, use a spellchecker.
How was that whining? How is it not crippleware? That was not spelt properly, use a spellchecker
Very simple, it is not crippleware because of the old same story. Apple makes its OS to be run on its hardware. If you don’t like it: go somewhere else. Reasons for this: it is the way it is and it won’t change in the near future, not matter how much you cry.
Crippleware: software distributed with reduced functionality with a view to attracting payment for a fully functional version.
How does Apple force you to buy a fully functional version? My Jaguar, Panther and Tiger copies were/are fully functional on my Macintosh computers; I can’t see a “full or pro” version on Apple’s website.
Stay on topic, a typo is just a typo, don’t try to add unneeded and undesired elements to the thread. Go flame somewhere else, please.
Hmm, I don’t think you’re in a position to tell others to stop flaming.
Hmm, I don’t think you’re in a position to tell others to stop flaming.
Except yes.
But I couldn’t care less about what you have to say; you only seem to be interested in writting about things that have got nothing to do with the topic at hand. Go run whatever you want in your G5 box and since Leopard will be crippled, run Linux.
When will some Free Operating System users will understand that your “freedom” ends where the Business/Profit starts for the company in question? That is the way it works, but if you don’t like it, you can always go back to your OS of choice.
Don’t worry, be happy.
P.S.: I didn’t mod you down, in case you were wondering who did it.
Hmm, I don’t think you’re in a position to tell others to stop flaming.
Except yes.
Or no.
But I couldn’t care less about what you have to say;
I would never have guessed. You hide it so well.
you only seem to be interested in writting about things that have got nothing to do with the topic at hand.
Such as?
Go run whatever you want in your G5 box and since Leopard will be crippled, run Linux.
Ah, so now you admit it’ll be crippled? And I don’t have a G5.
When will some Free Operating System users will understand that your “freedom” ends where the Business/Profit starts for the company in question?
When will some – I don’t quite know what the right term is, though “greedy bastards” will do for the moment – understand that free software is not about price or being against making a profit? Or that “freedom” does NOT stop when “profit” starts. YOU may be interested in creating (or rather maintaining) a world which is run for the benefit of businesses; I’M interested in creating a world where people cannot be exploited.
————-Very simple, it is not crippleware because of the old same story. Apple makes its OS to be run on its hardware. If you don’t like it: go somewhere else. Reasons for this: it is the way it is and it won’t change in the near future, not matter how much you cry.———–
That’s why I run linux. I get to have my cake and eat it too. Apple doesn’t want me, so I don’t want them.
———Crippleware: software distributed with reduced functionality with a view to attracting payment for a fully functional version. ————
Technically you’ve proven him right. It’s crippled in order to attract payment, although it’s not for fully functional software, it’s goal is to attract payment for a fully functional Mac.
jerryn you are a dumbass
It’s crippleware if you try to run it on a non-Mac.
You have a G5, so I don’t see why you’re whining.
I personally believe that Apple had no other choice. With the popularity of the Intel based Macs, there needed to be some sort of authenticating between the hardware and software. In theory, someone could make OS X work on a standard PC.
In theory, someone could make OS X work on a standard PC.
And as far as we have seen, in practice too, albeit not without difficulties and less functionality.
I couldn’t care less about the EULA and stuff like that, but really haven’t tried it; I don’t have the time to experiment (nor a non-Mac box to “play with”). All non-Macs are “busy”.
😉
People has been using mac os X on normal PC’s since the beta, and now even tiger works, and afaik it keeps working.
No one has managed to run the current kernel on a PC yet. All patches are based on a modified older version of the Tiger kernel. Currently, this doesn’t matter much, but if Leopard is to run normal PCs, the hackers have to overcome that – Leopard certainly won’t run with a 10.4.4 kernel.
Right, it’s an old developer release that was compromised.
Apple are a hardware company, not a charity. It’s not necessary for them to make their software available to people unwilling to buy the necessary hardware.
If you want to see the show, you pay for the ticket, you don’t sneak in the back door.
Apple are a hardware company, not a charity. It’s not necessary for them to make their software available to people unwilling to buy the necessary hardware.
Agreed, but what does that have to do with making sure that only apple-approved binaries can be run/installed on a system? If *I* buy Apple software and hardware, (or any other), it’s mine; I don’t and shouldn’t need Apple’s permission to run anything on it. Sure, if I use Adobe Illustrator on it to draw up plans for bombs, I should be penalized for drawing up plans for bombs, but NOT for running Adobe Illustrator.
“and now even tiger works”
Another piece of news about Leopard is its reliance on TrustedBSD and even more code signing. While it may not be unbreakable, the point is that the trend is clear: signing and authentication are going to be kernel-level operations happening nearly continuously while your Mac is on, and disabling all of these functions is going to be a headache.
No one is legally obligated to make their OS run on your hardware just because you want it to run there. Most of Windows’ troubles come from two places: unknown hardware and poor security models. Apple nips that first one in the bud here.
No one is legally obligated to make their OS run on your hardware just because you want it to run there.
No, but perhaps in some jurisdictions they may be obligated not to *prevent* you running your OS on any reasonably compatible hardware they didn’t make. It’s called, “competition”.
No, but perhaps in some jurisdictions they may be obligated not to *prevent* you running your OS on any reasonably compatible hardware they didn’t make. It’s called, “competition”.
And five minutes into your imaginary court case, when an engineer explains that much of Windows’ problems stem directly from third-party hardware causing BSODs, the judge calls a mistrial and you go home DENIED.
It ain’t illegal, that dog don’t hunt, give it up.
The feeling of resigned disgust many of us feel on reading the details of this comes from a simple observation.
The box that is approved has only one difference from all the other X86 boxes out there: it has an Apple sticker on it. So from any technical point of view, all this stuff has no purpose at all. It is strictly an addon to restrict your ability to do what you might, note might, want to do with an OS you have bought.
It is exactly as if MS were to put a checker in to see if W3.1 or W95 were running over a non-MS version of DOS – DRDOS for instance – and then refuse to run, even though technically it makes no difference.
I realize that for many of the faithful when Apple does this stuff, they feel its different. But its not, its equally disgusting.
Guys, they don’t like you. Nor are they trying to make the best things they can for you. They are just trying to run you for their benefit. You are a crop to them, that’s all, and when you read this stuff, you can see it if you have your eyes open.
Except that I want you to find me another EFI-based x86 PC that is intuitively designed inside as the Mac Pro.
Listen, not everyone is a Freedom Fighter like you. Some of us simply like OS X. 🙂
If Microsoft only delivered a tenth of what they initially outlined, it would still put Vista far ahead of the shitty alternatives. Those toy operating systems haven’t caught up to Windows 95 in performance or usability even a decade later.
http://www.medi-vet.com/CosequinSmallAnimal.html
Title Cosequin and Cosequin DS for Dogs and Cats – Medi-Vet
Description Cosequin is a patented, scientifically researched nutritional supplement designed to help dogs and cats maintain healthy joints. Medi-Vet.com carries Cosequin and Cosequin DS available for purchase online today!
Keywords Cosequin, Cosequin DS
http://www.medi-vet.com/interceptor.html
Title Interceptor (Sentinel Flavor Tabs) for Dogs – Interceptor Heartworm Medicine from Medi-Vet
Description Interceptor Flavor Tabs are chewable tablets that are used to prevent heartworm disease in your dog. Shop Medi-Vet for great prices on Interceptor for your pet.
Keywords interceptor, interceptor for dogs, interceptor heartworm
http://www.medi-vet.com/Capstar.html
Title Capstar Flea Control for Dogs and Cats – Buy Capstar at Medi-Vet
Description Capstar is a safe and effective way to kill fleas on your dog or cat. Browse our selection of Capstar flea control today!
Keywords capstar, capstar flea control
http://www.medi-vet.com/AdvantageFleaControl.html
Title Advantage Flea Control Treatment – Advantage for Dogs and Cats from Medi-Vet
Description Get Advantage Flea Control medicine online from Medi-Vet at great prices.
Keywords advantage flea control, advantage, advantage flea, advantage flea treatment, advantage flea medicine
http://www.medi-vet.com/FrontlineFleaControl.html
Title Frontline Plus Flea Control – Frontline Spray Flea and Tick Control from Medi-Vet.com
Description Frontline provides your dog with the most complete spot-on treatment for fast-acting, long-lasting control of fleas, ticks and chewing lice. We carry Frontline, Frontline Top Spot and Frontline Spray, all available online for immediate purchase.
Keywords frontline, frontline plus, frontline spray, frontline flea and tick
http://www.medi-vet.com/HeartgardPlusHeartwormPrevention.html
Title Heartguard Plus for Dogs – Heartgard and Heartguard Plus from Medi-Vet.com
Description HEARTGARD Plus is highly effective in preventing heartworm disease. Get your next package of Heartgard Plus online from Medi-Vet.
Keywords heartgard, heartgard plus, heartgard plus for dogs, heartguard, heartguard plus, heartguard for dogs
http://www.medi-vet.com/K9AdvantixFleaTickMosquitoControl.html
Title K-9 Advantix Flea and Tick Control – Advantix Flea Control – K9 Flea Collars
Description K-9 Advantix is a topical solution for the prevention and treatment of ticks, fleas and mosquitoes. Purchase your next package of K-9 Advantix online from Medi-Vet, an online leader for pet medications.
Keywords advantix, k-9 advantix, advantix flea and tick control, advantix flea and tick products, advantix flea control
http://www.medi-vet.com/Program.html
Title Program Flea Control (Lufenuron) – Program Flea Control for Dogs and Cats
Description Program is once-a-month Flavor Tabs for the prevention and control of flea populations in dogs and for the control of flea populations in cats. Medi-Vet has a large selection of Program Flea Control for any size pet.
Keywords lufenuron, program flea control for dog, program flea control for dogs, program flea control dogs, program flea control cat, program flea control for cats, program dog flea
http://www.medi-vet.com/revolution.html
Title Revolution for Dogs and Cat (Selamectin) – Revolution Flea Control Medicine
Description Revolution (selamectin) is a topical medication used on dogs, puppies, cats, and kittens as a combination drug, fighting heartworm, fleas and ticks. Purchase Revolution for your dog or cat online at Medi-Vet today!
Keywords revolution for dogs, revolution for cats, selamectin, cat revolution flea and tick, revolution flea control for cats, revolution dog medicine, revolution dog , flea and tick, dog revolution flea medication, revolution dog fleas, revolution cat treatment, revolution dogs
http://www.medi-vet.com/Sentinelflavortabsfordogs.html
Title Sentinel for Dogs – Sentinel Flea Control Medicine for Dogs – Flea Treatment
Description Sentinel is an oral heartworm preventative, broad-spectrum anthelmintic and flea control product for dogs. Medi-Vet carries an assorment of Sentinel products for any size dog, all at great prices!
Keywords sentinel for dogs, sentinel dog, flea control for dogs sentinel, sentinel for dog, sentinel dog medicine, sentinel dog flea treatment
http://www.medi-vet.com/UrinaryIncontinence.html
Title Urinary Incontinence in Dogs – Information about Dog Urinary Infections
Description Information on urinary incontinence and urinary infections in dogs, including diagnosis and treatment options.
Keywords urinary incontinence in dog, dog incontinence, dog urinary tract infection
http://www.medi-vet.com/CosequinEquine.html
Title Cosequin Equine – Cosequin for Horses – Horse Supplements from Medi-Vet
Description Equine Cosequin Concentrated Powder is a patented, scientifically researched nutritional supplement from Nutramax Labs designed to help horses maintain optimal joint function.
Keywords “cosequin equine, cosequin for horses
”
http://www.medi-vet.com/GenesisTopicalSpray.html
Title Genesis Topical Spray – Allergy Spray for Dogs
Description Genesis Topical Spray has been clinically shown to reduce clinical signs of allergic dermatitis.
Keywords allergy spray for dogs, dog allergy spray
http://www.medi-vet.com/Ringworm.html
Title Ringworm in Dogs and Cats – Ringworm Symptoms and Treatment Information
Description Ringworm is not a worm but a fungal disease that infects skin, hair, and claws by one of the three types of fungus (dermatophytes)” Epidermophyton, Microsporum, and Trichophyton.
Keywords ringworm dogs, cat ringworm, ringworm symptoms, ringworm treatment