Slashback: Unstranding, Xecurity, Spurning

Slashback tonight with words on the real-life security level of Mac OS X, the fate of stranded polar adventurer Jon Johanson, poetry for JenniCam, more on the Wright brothers & Co, and more. Read on for the details.

Multi-player markets are a good thing. Indiana University seems to be one of the first big fish to publicly announce a license agreement with Progeny's Transition Service. This service provides updates for RedHat 7.2, 7.3, and 8.0 beyond January 1st 2004, and RedHat 9 after May 1, 2004. According to the press release, this will allow for 'a flexible migration path as the University considers various options regarding Linux distributions during the coming year.'"

But I thought MPlayer ... Simon Bysshe writes "In response to some complaints about the WMV encoding of the recent pro-gaming film 'Intel Extreme Edition Challenge' (featured here on Slashdot). Intel have requested that the film also be encoded as a DIVX file especially for Slashdot. This divx file can now be downloaded here."

More on (At Least) 100 Years Of Powered Human Flight relbs was one of many to submit word (as reported by MIT News) of a replica of the Wright brothers' Flyer perched above the Great Dome early yesterday morning, and relbs adds a link to additional photos, too.

They had better luck getting off the ground than did those trying to actually fly a Wright flyer: CrazyTalk writes "As a follow-on to the earlier story, the much-ballyhooed attempt to recreate the first flight of the Wright's literally fell flat."

Maltese Falcon writes with another candidate for First Powered Flight. "Or was it Gustave Weiskopf (aka Gustave Whitehead)? There are many claims that he flew up to 2 yrs before the Wright Bros. NPR's report yesterday seemed to imply almost paranoia as far as a conspiracy to why the NASM only recognizes the Wrights, but this link provides more info on why this could be true. Look here for another article."

Speaking of audacious pilots, jcenters writes "An earlier Slashdot story reported that Australian adventurer Jon Johanson was trapped in Antarctica, and scientists stationed there refused to sell him fuel. Reuters is reporting that Johanson has now obtained fuel from a British rival, but weather conditions are preventing his departure. Johanson hopes to leave by the end of the weekend."

BlameFate writes that "British adventurer, Polly Vacher has allowed Johanson to use her pre-stored fuel at the base after her expedition was forced to be cancelled. Fox News has the scoop. Choice quote from the head of NZ's Antarctic Research dept: 'Polly's trip was well organized and properly planned,' he said. 'It is ironic that she is now assisting a stranded pilot who embarked upon an ill-prepared and secret flight over the South Pole.'"

If something happens in Berkeley, does it count as a "real world" experience? codythefreak writes to deflect certain barbs lately directed at the security level of Mac OS X: "Working as a sysadmin at UC Berkeley's Residential Computing, since we serve more than 6,000 clients living in the dorms, we tend to know the major computing trends. There are 5,120 registered Windows XP machines in our system, and our staff have logged 2,452 duty logs to assist them (about one in two). On the other hand, there are 341 Mac OS X machines, and only 56 duty logs (about one in six). If we restrict these to virus and security related duty logs: Windows XP has 491 (about one in ten) and OS X has 2 (less than one in a hundred)!"

(See also this well-reasoned response to the recent OS X criticism.)

Was it the tail? Really, is the pointy tail a deal-breaker? Mister.de points out this Seattle Post-Intelligencer story which says "VMware Inc., a business-software maker that is being acquired by EMC Corp. for $635 million, turned down an offer last year from Microsoft Corp.

'"We were unable to come to terms, so they bought out our distant competitor, Connectix" Corp., said Diane Greene, VMware's chief executive officer and co-founder.'"

Alas, we hardly knew ye. dlc3007 writes "The Register has published the results of the JenniCam Poetry Competition. There is little funnier in the world than creative geeks pouring their hearts and souls into 'a haiku or limerick lamenting the demise of JenniCam.'" I can think of some things ...

Battlestar Galactica 2003: Series Highly Likely, Say Recent Rumors Cliff writes: "Syfy Portal reports that officials for the Sci-Fi channel are likely to announce that the new Battlestar Galactica will become a series, most likely to air as early as Summer of 2004. No official announcement has yet been made, but since the 'mini-series' is Sci-Fi channel's third highest rated program, it is assumed that such an announcement will be made before the end of 2003, if they are going to keep options on the major actors. Personally, I'm looking forward to the show, as long as they stay away from monkeys in robot-dog suits!"

DIVX != MPEG4

[MobyDisk]

Can we stop calling all MPEG4 video "DIVX?" It is quite annoying. It would be like calling all operating systems "Windows." I am downloading the file now, and it may indeed be compressed with DIVX, but it should be called an MPEG-4 video since that is the final output format, regardless of the AVI FOURCC marker. Maybe we should call "HTML" "MicroSoft Web Content" if I use Microsoft Notepad to generate it, but "Emacs Markup-language" if I use Emacs.

Sorry, pet peeve, I'm done now.

Dodgy data

[m00nun1t]

They are using the number of support calls to determine the security of an OS? Maybe the fact that they are using OSX immediately indicates that in many cases they are a more technical user and so are less likely to need support.

The unwashed masses don't make a choice, and thus get WinXP by default - of course they will need more support.

Must be some new definition of "well-reasoned..."

[mellon]

So the well-reasoned article explaining why Apple's way of doing things is okay basically says "they're following RFC2131, so they're okay." But it is a well-known and much-lamented fact that DHCP provides no security. So if you depend on DHCP to be secure, you are not secure. At all. That's not well-reasoned, at least in my book.

I'm sorry, but saying "but the RFC doesn't provide security, so it's not our fault that our setup isn't secure" is no good. The mistake Apple is making is precisely that if you try to build a secure system whose security depends on a non-secure protocol, you can't possibly wind up with a system that's secure.

This has nothing to do with Microsoft, and everything to do with bad system design. It'd be fine if Apple was using DHCP to get the address of the LDAP server, and then verifying the identity of the LDAP server, but they aren't currently doing this. This is what's missing. It is really, honest to god, a problem that Apple is shipping systems wide open like this. It is easy for me to get root on your laptop if you haven't disabled LDAP passwords (which are enabled by default) and you bring it onto an open network.

I agree with the general idea that the PC guy who wrote the article was out of line, but that doesn't mean we should turn a blind eye to an actual security problem just because it's on MacOS X and not on Windows. If we do that often enough, we'll be fulfilling this guy's prophecy.

And I'm sorry, but I don't care if leaving this security hole makes Macs a tiny bit easier to administer. Get over it. The first time someone compromises all the Macs on your network by setting up a fake LDAP/DHCP service, you'll be wishing you'd had the opportunity to spend a minute longer setting up each shiny new Mac in exchange for spending an hour less rebuilding each compromised Mac.

Re:Dodgy data

[Night Goat]

Since when are Mac OS X users assumed to be more technical? You don't need to know shit about computers to use OS X. Sure, you CAN do some pretty technical stuff with it, but your average college student is going to be writing papers and, if they're art students, doing some Photoshop or using some other specialized programs. They're not going to be any more technically inclined than their Windows-using classmates.
OS X is as easy to use (in my opinion) as the previous Mac OSes were. There's just a lot more going on behind the scenes in OS X.

Spare us the lecture

[festers]

the head of NZ's Antarctic Research dept: 'Polly's trip was well organized and properly planned,' he said. 'It is ironic that she is now assisting a stranded pilot who embarked upon an ill-prepared and secret flight over the South Pole.'"

First of all, DAD, that's not ironic. I guess English skills are suffering down in the NZ research department? Second, she did the moral thing while the rest of you stood around with an over-inflated parent complex. Even Polly admitted that Jon's trip was not any worse planned than hers, but that crap happens and you have to deal with it. It's not like he was asking for a free handout. Next time, save your lectures for your kids.

Re:Saddam?

[Anonymous Coward]

what were they supposed to say?

"Sadam still in custody. US still violating human rights by making a spectacle of him." ?

Re:Must be some new definition of "well-reasoned..

[Lars T.]

Yeah, why does Apple use open standards, when everybody knows they are not secure. In case you've missed the point of the article, it was "DHCP is known to be insecure".

Re:Berkeley and "real world" experience

[Anonymous Coward]

1. The attitude of Windows users was less snobbish (i.e., they viewed their computer as a tool, not a fashion accessory)

Yeah, there's no such thing as a computer user who actually thinks that the Mac is a *better tool*, most of them just buy the mac and then don't even plug it in or anything.

2. There were less Macs, resulting in less assistance tickets for that platform, but the amount of time we spent dealing with each Mac issue was far greater than the amount of time. This was usually due to the fact that Apple had made some change, rendering recent hardware (~2 years) useless.

Well, I've seen the opposite with incoming freshmen: they mostly bought *new* computers, so your issue didn't apply.. and the Apple kids had far fewer problems.

OS X is *more* secure than windows. period.

[valmont]

emphasis on more. No computer system is ever secure in absolute terms.

while security surrounding DHCP has been and will continue to be a non-trivial issue, that one DHCP/directory issue that'd allow a malicious user on a LOCAL network to root a few boxes are still not the kind of vulnerabilities that'd allow worms to wreac wild havoc on the internet. In the case of this vulnerability, an exploit could spread to a local network and stop right there. There is just no way some worm could be written to spread outside of that local network. And worst, the exploit still needs to rely on the victim's machine actually DOING SOMETHING to be potentially vulnerable, in this case, rebooting, or renewing a DHCP lease, which are actions that seldom happen, especially on a network full of idling desktop boxes.

that exploit was interesting, needs to be addressed, requires more than a mere patch to a piece of C code and will require Apple and many Darwin/BSD developers to come-up with a complex solution that could involve user-interface updates or the development of certificates mechansisms which have been in discussion since 2001 in some rfc.

but this is hardly grounds for a windows user to gloat. and if the above didn't make sense, here are concepts that are simpler to understand:

Ever since OS X came out in its 10.1 version in late 2001, has any worm managed to spread thru OS X machines?

answer: no. Regardless of potential security holes found here and there, all OS X boxes ship by default with ALL NETWORK SERVICES TURNED OFF. Run nmap against a freshly installed OS X system, and guess what you get: NOTHING. NOT A SINGLE PORT OPENED. Hi there. Security 101 anyone? Even if OS X was the #1-used operating system in the world by millions and millions of people connected thru always-on broadband internet, any infection would stem from marginal power-users enabing certain remote services, at which point an infection or worm still wouldn't manage to reach the rest of the populace.

This is a far cry from windows boxes who have shipped for many years with services turned-on by default such as IIS and SMB, which allowed silly worms such as CodeRed and Nimda to make their initial way in, while further exploiting many exotic windoz system-level vulnerabilities surrounding Outlook and Internet Explorer, whereby previewing an e-mail or stumbling upon a malicious web page after pasting a URL found in an IRC chat room could get your computer thoroughly owned by inferior lifeforms also known as script kiddies, as your computer would secretly become one among thousands of unwitting drones awaiting their commands from a hidden IRC chatroom to launch DDoS attacks against some web sites, while seriously congesting the Internet. Hey Ulanoff, kinda sounds like what has happened at your office? thought so. Go Windoz.

Since System Mac 7.6 aka harmony with Open Transport which actually made internet access via dial-up and DHCP actually practical and easy-to-use circa 1996, has any internet-connected mac user running the default operating system as it was first installed from the Apple CDs ever gotten infected by a worm from just sitting on an un-NAT'ed, unfirewalled internet connection?

NO. That's because prior to OS X, Apple stuck to doing what they were good at: building an out-of-the-box single user, narrowly focused operating system targetted at your average joe-user and graphic designer, that had the ability to be extended thru 3rd-party software or other system configuration to better interoperate within, say, a corporate network. "Dave Client" comes to mind.

On the other hand Microsoft thought it would be fun to create worthless pieces of ass-ware such as windoz 95, NT, 98, ME, 2000 which they'd sell to BOTH enterprises and average joe-users, and enable, out-of-the-box, by default, a slew of services and features most users would never ever need or use, just so regardless of who the customer was, the operating syste

Re:Pollys quote was a little different...

[evil_roy]

Why do people always swallow the "at considerable taxpayer expense" line that is thrown about whenever an adventurer is rescued at sea?

Naval vessels cost a lot to run whether they are at sea or not. Salaries are paid, maintenance is carried out. More often than not these rescues provide real life training for the crews that is not possible in simulations. Actual cost is nil, it means things are done (eg training) out of schedule - but they would be done anyway.

Re:Dodgy data

[russellh]

One could also make the statement that because Macs are marketed toward (and purportedly purchased by) those who know nothing about computers, they are less likely to go on wild adventures in their operating systems, unlike those who use Windows who may or may not be technically savvy.

It could be... but in my experience the average Windows user knows they are always one click away from disaster and really don't want to reinstall the OS again. Although XP sucks less, as the saying goes, non-newbies still have deep psychological wounds from previous versions of Windows.