It seems to have become trendy again to hate Apple no matter what, but this is getting ridiculous. Why is it that Apple is expected to be the only platform vendor that has to maintain their own version of the JVM for free? Jobs is quite correct in saying that Java under OS X has long lagged behind the latest official Sun release. I wish it was more common for Apple to leave more components to third parties now that they've got more market share. Another example would be graphics drivers, which lag tremendously in both performance and features. I don't understand why on Earth any Java dev would want to be stuck indefinitely with Apple's outdated implementation that by definition would never be a major priority rather then get a version from the main organization behind it. For that matter I blame Sun's longstanding ambivalence toasted FOSS. If we had a fully open GPL edition of the JVM that was best of class like we should have gotten years ago, this never would have been an issue in the first place. It's yet another tech Sun's BS has screwed us on, with their insistance to out ZFS under the CDDL rather then Apache/BSD/LGPL being another major example. Anyone still have that old sun strategy wheel, from before 'acquisition' became their final exit?

Or the converse, I suppose (hardware solutions can add another layer to this). This looks like some very interesting work, and may have more applicability in general beyond this one scenario. I'm certainly looking forward to following their implementation as it comes along. But with that said, if this attack was a serious concern for a given entity there seem to be some obvious potential hardware solutions. The attack essentially depends on being able to shutdown the computer but keep the memory cold enough that the randomization time is slowed down tremendously, giving enough time to perform a dump of the contents onto another system for further analysis. Therefore, it can be prevented by, for example, having electric heater units surrounding the memory connected to a dedicated capacitor bank and temperature sensor, as well as a sensor to detect if someone tries for force open the machine (intrusion alarm). Then the system can perform a scram shutdown (or if it is just shutdown normally), and the heaters can assure that the memory is kept hot for a couple of seconds afterwards even in the face of attempted cooling. It only needs to manage it very briefly and then all the contents are scrambled. Other similar methods (maybe a really micro EMP inside a shield memory space) would be possible to, but basically they just need to deny an attacker for a very short amount of time or ensure entropy in the RAM and then the attack is useless.

Ultimately a dedicated hardware secure key store would be better and easier to integrate across all systems, and this more software solution of course has the massive advantage of being able to run for free on existing hardware. But the above could at least be retrofitted on nearly anything, and while it is more esoteric, then again so is the attack since it requires physical access.

Contrary the the statement there, I don't the even pretty wild interpretations of an EULA would apply at all. If they wished to pursue that angle Apple would need to go after individual users. From Apple's POV, I believe the only true point of contention would be if Open Tech uses any of their trademarks in its advertising or general web. They can't just plaster Apple OS X images all over the place for example.

No, the real potential source of suits isn't even necessarily from Apple. Rather, Open Tech will have to be very careful in their wording when it comes to promotion. From what I've seen an early draft of their PR used phrases like "Mac Compatible." What exactly does that mean, legally? What happens when a software update breaks the OS? If a customer sees "Mac Compatible" and nothing else, and then buys based on that, I could see grounds for a false advertising suit.

Of course, that can be avoided quite neatly I think with some very careful wording, and by making the limitations and lack of support from Apple very explicit. "Capable of running OS X", with a big fat bold "Not supported by Apple, future updates may not be compatible" warning might work just fine. This just seems like the area where, if these guys are amateur or don't think about it much, they could get tripped up.