Submitted by “Apple Inc. has pulled its security engineering team out of a planned public discussion on the company’s security practices, which had been set for next week’s Black Hat security conference in Las Vegas.”
“Apple Inc. has pulled its security engineering team out of a planned public discussion on the company’s security practices, which had been set for next week’s Black Hat security conference in Las Vegas.”
Forgive the baseball analogies non-North-American readers, but Apple is really batting .000 in the security department lately.
They are last at bat in the DNS patching game, and when they manage to hit the DNS bug the patch is an easy out. They make FileVault a shut-out for the hacking team thanks to their censorship, also they send their security engineers back to the bench rather than let them play for the crowd. At Apple, is nobody on at the bottom of the Ninth?
Secrecy is great for an iPod launch, it makes no sense for security. Somebody needs to teach Apple good sportsmanship before the enterprise takes their ball, and goes home.
Edited 2008-08-03 17:47 UTC
I’m north american, and kinda get the baseball analogies, but you could just come out and say it.
If you’re going to slam Apple….hit ’em. Don’t screw around “gripping your bat”.
Sorry, couldn’t think of anything batter to say. 😉
Seriously, when you’re an Apple user, sometimes humor is the only response that’s appropriate to the atrocious way they handle security.
Meh, I’ll do a translation. Apple maybe a great spin bowler on a good day, but when things go bad, its almost a certainty that they’ll be hit for a six. They should counting themselves lucky that there are less men on the cricket ground, and the fact that the batter has his mind else where given the game is so low brow.
I think I need a translation of your translation ;^)
I don’t mean to nitpick (far be it from me!) but since in your analogy Apple is bowling then more men on the field would be an advantage, not a disadvantage. With enough extra men on the ground you could crowd the bat and ring the boundary as well. Might make it hard to hit even the dodgiest delivery for six…
“They are last at bat in the DNS patching game, and when they manage to hit the DNS bug the patch is an easy out.”
Apple uses BIND for its DNS server, and a patch for BIND was indeed available but it was buggy. A performance issue was discovered on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second. So yes the official patch for BIND was and is still buggy.
I don’t think that Apple would ship a buggy patch for systems in production (open source guys does yes, but well that’s their decision…), even if the security threat is high. Shipping buggy code even to fill a security issue is not acceptable.
Sometimes you got to weigh whether the previous version, which had a serious bug, outweighs the bug in the new version, which has a less serious bug. If you wait to get rid of bugs by waiting for bug-free software, you may wait for a long time…
Also, when Apple did patch it, and they did, with the aforementioned buggy patch, they didn’t even patch it properly on the client OS, which is less likely to encounter such a scenario. That in spite of documenting that they *had* patched it, like they had, belatedly, for OS X Server.
Edited 2008-08-04 06:21 UTC
It’s just another stripe on the tiger’s fur. And then my apple-loving friends come tell me how Macs are just great and GNU/Linux sucks big time. 😀
Venezeuela has a perfect analogy this time. 🙂 Macs *are* great, but Linux will eat Apple’s lunch if they don’t watch it.
Keep dreaming. If you think Linux has an easier time of converting people to Linux over OS X you truly are dreaming.
Focus on making Linux as consistent and user friendly as OS X and you’ll accelerate more Windows people to Linux just as they are moving to OS X. They won’t switch from OS X to Linux as they already have the GUI paradigm and they also have familiar applications under that paradigm.
Linux will never be the big player for Desktop as long as Desktops require a GUI and a consistent user experience.
Linux has made huge inroads in the server space against traditional big iron companies because these companies have dumped billions into helping it mature.
If Linux Community lost the funding/support from IBM, Novell, Google and Sun you’d see advancement of the OS go from a tidal wave to a stream.
“Linux will never be the big player for Desktop as long as Desktops require a GUI and a consistent user experience.”
Never say never 😉
Seriously: What you describe presents the current state of the art. But this industry is a very rapidly evolving one. Sometimes it helps to look at the past to see the possible future. If you compare current Linux installs with them five years ago, you will see a huge amount of progress being made in regards of desktop usability. And there are no signs of this progress to be declining, quite the opposite is happening these years.
And btw, I find my Linux-based graphical environment to be far more consistent compared to the Windows machine I have to work with lately. I see lots of potential — for the future.
You don’t know what happens in another five years. If Desktops (including OS X) will still work the same as today, that would be a sad story. Wouldn’t it?
Edit: I have to add something. Your perception of the past is not right, it’s quite the opposite. It’s the big iron companies who jumped on the train after they watched GNU/Linux eating their market. Exactly the same can happen with the Desktop or not. Microsoft is very good at missing out opportunities to keep their position strong lately. Time will tell.
Edited 2008-08-03 21:42 UTC
meh, converting mac users would be pointless. hell, converting any users will be pointless.
if they are interested, they come. if not, its their choice.
Well, you don’t have to sell a kidney for a Linux experience….
Edited 2008-08-03 22:41 UTC
Well I never sold any body parts to buy my Mac, I just bought refurbished and was content with a G4 in an Intel world. The reason I’m headed away from OS X in the near future has nothing to do with cost, and everything to do with security and usability. Not that I have any government-clearance level stuff on my computer, but I’d rather not have my box even more prone to black hats than a Windows machine. Combine that with some nagging issues with the OS itself, and SELinux or OpenBSD is definitely in my future.
As far as usability goes, OS X trounces Linux, much less BSD. Security is only a weak point because Apple has been tardy on upgrades and secretive, the overall OS design is rather secure. It has all of the memory and stack-smashing prevention of a security-oriented Linux distro. It even has encrypted swap as an option, like OpenBSD.
If Apple would stop focusing on getting a new version of iTunes out and focus on pressing security updates, it would be quite a secure operating system. Besides, most of the more infamous exploits are in Safari and Quicktime; there are alternatives to Safari such as Firefox. Quicktime has alternatives such as VLC and also has been, to Apple’s credit, hardened a lot by Apple recently. Quite effectively I might add, after the hardening there’s been little to no exploits of it on OS X when previously it was part of the “exploit of the month” club on all platforms.
Someone needs to fix the quoting mechanism here. I’ll try to quote with italics.
Keep dreaming. If you think Linux has an easier time of converting people to Linux over OS X you truly are dreaming.
Focus on making Linux as consistent and user friendly as OS X and you’ll accelerate more Windows people to Linux just as they are moving to OS X. They won’t switch from OS X to Linux as they already have the GUI paradigm and they also have familiar applications under that paradigm.
Linux will never be the big player for Desktop as long as Desktops require a GUI and a consistent user experience.
Linux has made huge inroads in the server space against traditional big iron companies because these companies have dumped billions into helping it mature.
If Linux Community lost the funding/support from IBM, Novell, Google and Sun you’d see advancement of the OS go from a tidal wave to a stream.
Oh, I know they won’t convert many OS X users, but I suspect they’ll get to the point where the GUI in Linux is Good Enough, on the level of say Windows with some of the eye-candy of OS X. It’s never going to be as elegant as OS X probably, simply because open source development resists that level of consistency and the Linux desktop is too fractured with multiple desktop environments and toolkits, much less applications that adhere to interface guidelines. Many users, however, are used to some inconsistency already.
If Linux can get to the point where it doesn’t need much command line intervention, and gets included in more OEM systems, then it will make progress. There is already a large market of people who would get a computer running Linux in a user-friendly fashion at a low price, netbooks are filling some of that market – ASUS’s EEPC is a large percentage of new notebook sales now. Remember what the largest selling computer in history is? Not anything from Apple or the PC. The Commodore 64. When computers are available at blue-color prices again, there will be a shift.
As for corporate funding, it helps, but a lot of the progress has been made by Ubuntu and others on the desktop, though with some help from Novell, IBM, Google, and a “consortium” of other companies that have a grudge against Microsoft. 😉
Incidentally, I don’t say this as an Apple-hater. I use a Mac, but am very disappointed at what they’re doing with security and secrecy. I still recommend Macintosh to people, but if this keeps up Apple is asking for trouble. What happens to their image of being less virus-ridden than Windows when the first malware outbreak comes? Security-through-obscurity isn’t enough. I believe OS X is the best for my needs, else I wouldn’t be running it, but they really need to work on this – especially if they intend to crack the enterprise market they need to be more professional about security.
Edited 2008-08-03 22:45 UTC
Not likely. Linux lacks several things that OS X has:
* A consistent ABI
* consistent driver model
* a consistent user interface
What does linux have? On the ABI front, every distro has a different version of glibc, gcc, and the other base tools (half the time with additional “distro-supplied” patches applied that cause unforseen bugs). On the UI level, we have a lot of different DEs/WMs to choose from, none of which really look or feel like any others. Even if we choose a DE and not a WM, the apps in that DE are hardly consistent–worse, IMHO, than even some of the inconsistent windows apps. Finally, we have the Linux driver model which, for in-kernel drivers or other open source drivers, is fine. But it falls short when dealing with the possibilities of vendor-supplied drivers. One of the major issues is, of course, that the drivers have to be linked to a certain kernel version. Now, before you Linux zealots go after me, yes I know there are ways to work around that (usually making the kernel-specific stuff open source and putting the rest in a binary blob)–nVidia, OSS, and Smartlink are evidence of this fact, but it doesn’t change the underlying issue that every time you receive a kernel update, any vendor-supplied drivers need to be reinstalled. To the end user, this is worse than annoying. Yes, I know that if someone’s voluntarily updating their kernel they are aware of what will need to be done in regards to their drivers. But, for the average users, their distro gives them a kernel update that they don’t pay attention to. They click on software update, the distro updates itself, then tells them they need to reboot. So they do… only to find that some of their hardware isn’t working anymore.
All of these things mean that Linux is not a consistent target for vendors to supply drivers and applications for. Each distro is slightly different, has a different kernel, a different DE or version of said DE, etc. So, which one do they target?
This is contrasted to OS X and Windows, where you know exactly what is part of the base OS and what is not, and the ABIs and APIs are done in a way that updating the OS, and even the kernel, doesn’t break drivers and apps. OS X has a better handle on this than Windows does at the moment, especially with Windows Vista.
I’m not an OS zealot, I happen to prefer OS X, as it gives me the power of BSD with a consistent and functional GUI. My point is simply to illustrate that Linux has some major hurdles to overcome before it can ever “eat Apple’s lunch.” Unfortunately, it seems that providing a consistent target is the last thing on the mind of the OSS devs which is understandable, given their development process.
I’ve been getting more and more frustrated with Apple lately. I love that OS X is a great interface to a BSD-based OS, but it has its share of problems that all go back to Apple’s proprietary nature. Granted it’s nothing compared to Microsoft’s DRM and activation riddled Vista OS, but it’s still very annoying.
On the mobile front, the 2.0 firmware for the iPhone has really pissed me off. Sure, it’s nice to be able to install 3rd party software without voiding my warranty, but the SDK is so limited that there are no “Wow!” apps like some of the ones for jailbroken phones. Add to that corrupted backups that you don’t find out are corrupted until your phone freezes and you have to restore. I lost almost all my photos and did lose all my notes. It wasn’t an earth-shattering situation, but it still stings to have lost things of minor personal value to something that should have been fixed before rolling out the door.
I’m seriously considering going back to Linux or possibly BSD for a main OS. The only thing I’ll lose is a few games, and to be honest they’re just time wasters anyway. On the phone side of things, a good Symbian phone will probably do everything I need with the bonus of not having to convert videos to iPod format just to watch them on the go.
Oh My God, please, put the cool-aid down and walk away from the computer. OS X is just as riddled with DRM as Windows, how else could you play BR disks? New DVDs? itunes music? Apple even uses a form of DRM to try to keep you from running OS X on non Apple hardware.
Apple can avoid activation by tying the OS to specific hardware, so they don’t really need it, but they will sue to keep you from running OS X on generic hardware. I’ll put up with clicking “activate now” in Windows, waiting 30 seconds and then getting on with my life. Activation is not such a big deal, especially if you actually have EXPERIENCE with the process.
Well, I don’t buy music from iTunes, just rip my own CDs to MP3 format. Said MP3 format is DRM-free. Try that in WMP without the DRM, it doesn’t happen. I don’t have a BD player in my eMac, and I wouldn’t put one in if it were supported. A 17-inch CRT is not sufficient to watch said content. As for DVDs, at least Apple actually includes DVD playback without a separate software purchase. And DRM has nothing to do with running OS X on generic x86 hardware; it’s called EFI firmware and it’s less than trivial to bypass it.
Speaking of OSx86, they won’t sue me, the consumer; they’ll sue the people selling hardware with OS X preinstalled. Nice try though.
I’ll put up with clicking “activate now” in Windows, waiting 30 seconds and then getting on with my life. Activation is not such a big deal, especially if you actually have EXPERIENCE with the process.
Oh believe me, I’ve got experience with it, starting with Windows XP deauthenticating every time I upgraded my video card or added a second hard drive. After about the tenth phone call to Redmond in two years’ time just so I could f–king log in to my computer, I said no thanks. I won’t be assumed to be a thief just because I want to upgrade my computer. If I wanted to be guilty until proven innocent I’d move to China.
Sorry to ruin your little fantasy, but I’m not a zealot or fanboy of any OS or software/hardware company. I use what works for me. Windows has never really worked well or efficiently so I stopped using it long ago. Linux worked fairly well in the past and still does. OS X works very well but various little things annoy me making me want to switch back to Linux for most needs. When Haiku is mature it will probably meet all my computing needs.
Now please, take your own Microsoft-worship to someone who actually cares to hear it.
*slides over to wife’s Vista laptop that is fairly stock*
WMP play can rip as WMA with various codec options, MP3, and wave. The later two big totally DRM free.
I find it interesting that you pick to side-step the DRM issue by avoiding it’s path, but yet you claim in Vista you can’t do the same thing.
My main machine is a non-Mac that has a EFI firmware based system with the option to load various EFI images that emulate legacy BIOS environments for Windows and some other old operating systems[read OS/2]. But I use the EFI boot environment to bootstrap without them, and just use elilo to actually boot my system.
All that said, I can not run MacOSX on this system without hacking it, because they do specific checks to see if the system is an Apple branded machine. If I wanted to hack my EFI firmware image and other things to make it appear Apple branded, then yes it would boot. While not a public/private key form of DRM, it is restriction imposed to prevent usage. Thus in most technical people’s eyes, it is a crude form of DRM.
I keep hoping as well. Maybe one day an OS will capture my attention the way BeOS did back in the day.
Regarding activation. Blah, I hate it in every OS that requires it.
whats machine are you using that uses EFI?
/curious
Right-click, “Tools” > “Options,” “Rip Music” tab, un-check “Copy protect music.”
That only applies if you use WMA as the encoding format; the “Copy protect…” option isn’t available if you select MP3 as the format.
Changing your video card wouldn’t force you to reactivate.
Xp probes 10 pieces of hardware, if 7 out of 10 are the same as when activated it passes.
This is the wrong place to spread FUD people are generally kinda clued up around here
it would be wise to bare that in mind in future.
Read my post again. That example I gave was changing my video card and adding a hard drive. That did indeed force a reactivation, prompting me to call Microsoft. I’ve also had it reactivate on changing motherboards (which, btw, changes several components at once) as well as just cloning to a new hard drive on the same system for a storage upgrade. You’re not going to convince me that my experiences didn’t happen just because they didn’t happen to everyone out there.
As for your snarky comments, people around here also don’t take well to being called liars. You might wish to bear that in mind yourself.
you are re-enforcing your point by introducing new facts. that’s cheating!
Further to your point about a mainboard counting as more than one component, the current MS licensing regards a mainboard change as a new computer, although it’s possible this is for OEM copies only i’m not sure TBH.
“Further to your point about a mainboard counting as more than one component, the current MS licensing regards a mainboard change as a new computer, although it’s possible this is for OEM copies only i’m not sure TBH.”
You are correct. Changing the motherboard constitutes a new computer, and would require activation again by calling MS. The OP mentioned 10 times in 2 years, so I am guessing they upgrade a whole lot, and in fact I actually recommend more research before upgrading, as there is never a cause to upgrade that much in that period of time. Unless of course they are a hardware tester, which of course is possible.
OP here. To answer your question about the upgrades, that was during my heavy gaming and musician phase. I changed video cards three times in those two years, and motherboards twice, just to support my gaming habit. I did make a little money back on all the old components though, so I didn’t spend nearly as much money as most chronic upgraders of that era.
Not all were actually upgrades either. I did have a couple of components fail in those two years, and since I was having to buy new parts anyway, I chose to get the next better model. I was also upping my storage to make room for full .wav files of my music. You’d be surprised how many gigabytes you can eat up when recording acoustic instruments at 96KHz sample rates.
Oh, and for the record: It was XP Home Retail. As far as I know that allowed for unlimited upgrades, unlike the OEM version that is designed for one “complete” system. I didn’t want to stoop to pirating XP Pro Corporate just to avoid activation, and I was done with my gaming fix, so I went Mac. I guess I should have clarified all that before but I didn’t realize I’d have to defend my good word here.
Re: acdtivation, I bet you were using an OEM copy of Windows. Read the licensing agreement – you get 4 (that’s FOUR) changes of major hardware. A graphics card is considered a major change, as is the CPU, RAM. So, after 4 times, you technically need to get either another OEM copy or a retail copy. And yes, it technically means you are a thief, since you are in breach of the terms and conditions of the license.
Vista has a built in DVD player (part of WMP now). Granted, it was an oversight on Microsoft’s part that earlier versions of Windows didn’t have this capability, but then the EEC would have probably sued them for including a DVD player…Microsoft is damned if it does, and damned if it doesn’t…of course, no one has a go at Apple for these very same issues…
Blue ray is an issue on ANY platform.
I’ve also got a sneaking suspicion that iTunes rips the files to MP3 with the AICC encryption. It doesn’t make life nice nor easy.
My experiences with Linux (reasonably vast) are not encouraging. It is awkward to configure, awkward to administrate. I’m talking from your average end user here, not someone who is reasonably computer literate. They are not the average person. I used Linux as my sole operating system for nearly five and a bit of years (2001 to the beginning of 2006) and have now moved back to Windows and would not move back to Linux. Sorry, been there, done that, flogged that dead horse!
Dave
Care to elaborate on that? Because in my experience, aside from the copies of the OS that come with computers (laptops actually, I haven’t tried with the desktop installation disks, but I assume the case is the same) for which there is a check for the “model string” in the firmware, Apple doesn’t even ask you for a license key upon installing OS X, let alone checking whether you’re installing and/or running the OS on “genuine” hardware, let alone implementing DRM.
As for the rest of the DRM, Apple are implementing as much as it is necessary. To my knowledge, the DRM stops at the Quicktime importers level, and there most certainly is no DRM module in the kernel of the OS (unlike an operating system, you seem to be so fond of).
Oh, and before you dismiss me as being a zealot (which I probably am), I’ll just say that there is plenty to bitch about Apple, like the lack of transparency in their security policies and procedures – you know, the stuff the article is talking about. You don’t have to make up shit to diss Apple.
I don’t even think OSX can play Blu-ray movies yet. With Vista, you don’t have to play them if you don’t want to, but at least you have the option, and you can even crack the DRM using AnyDVD HD.
I’m sure it will be supported in OSX eventually (if it isn’t already), at which time OSX will support the same HDCP DRM that Windows does. I don’t know if Linux will ever support it, which I’m sure will make building a Linux HTPC with a Blu-ray player kind of a pain in the ass
Edited 2008-08-03 21:26 UTC
When you president is running the economy into the ground, I guess one is forced to having to use Linux given the limited funds available.
Look Kawai,
IMO, you are being a bit of a troll, lately. I like you. And we have things in common. But I have also noted that you used to be a Linux fan. Linux could do no wrong. Then you left it, claiming “too many broken promises” (something about your wireless card) and moved to OpenSolaris, saying that it liked your wireless card and was so much better. Linux could do no right and (yeah, I watched your blog) OpenSolaris could do no wrong. And then you decided that OpenSolaris had “too many broken promises” for you.
Now you are an Apple freak.
I absolutely respect our friends who happen to prefer Apple Macs. Please do not take this as an attack upon people who happen to prefer them. There is much good to be said about Apple Macs, today.
But please make up your mind, Kaiwai. It’s bad enough that people like me are consistently Linux zealots^Wadvocates. But when a person keeps shifting around…
And, yeah, I do try to stay on the “advocate” side of the fence, and avoid the “zealot” side. So should we all.
Edited 2008-08-03 23:34 UTC
I find Jeff Atwood to have tackled this issue better then anyone else I have ever read. This is one of those posts that really shook how I look at the world.
This is an ongoing theme on Jeffs blog. We all suck at this, it is just a matter of degree. All we can really do is strive to suck less every year. This knowledge is the difference between an amateur and a profession in this industry.
When I read that for the first time, something fundamental clicked inside of me. As I have been maturing as a person, I have been scratching at the edges of this idea, but have never put it that succinctly. Having weak opinions is useless, and shows a lack of both passion and knowledge, but strong opinions must be balanced with humility (the realization that you suck), and must be weakly held. A strong opinion, weakly held is an invitation to a stimulating discussion on a topic you are passionate about. A strong opinion held strongly without humility is a call to jihad.
Anyways, I love Jeff’s writing (even when I don’t agree with him) The post I pulled that stuff from is here, I would highly encourage anyone who gets enjoys posting in a place like this (osnews is pretty much the ‘nam of tech forums) to read it a few times, as it will probably do you some good.
http://www.codinghorror.com/blog/archives/001124.html
I’m going to refrain from making a joke involving sheep and intimacy.
Yeah, making that joke would be baaad…