Well as many developers already know: security is a concept, not a product! You can’t just throw “some security” at a piece of software. Security considerations must be part of the original design and development of software. The Pwn2Own hacking contest shows –once again– that there is too little security awareness in current software design. Look at these embarrassing results: all major browsers took a fall: Internet Explorer, Firefox and Safari. Most browser are compromised by popular plugins like acrobat reader
These OS’s took a fall: Windows 7, Windows XP, Mac OS X snow leopard. The only OS that is still standing is Linux. Because Linux is indefinitely more secure? Well maybe but there’s also something else: Linux is an open source OS where highly skilled developers are coding. Changes are reviewed by others before they are merged into the main kernel tree. In other words: security is part of Linux. Another thing is that people who run linux are people who are aware of abuse. These are –in general– not the people who would click on the ‘cute-kitten-movie.exe‘ attachment. So Linux is just not that interesting to Black Hat Hackers. True: Mac OS X is build on an open source OS as well: FreeBSD but the presentation layer and Safari is proprietary code from Apple (except for the WebKit on which it is build).
Microsoft currently runs the Security Development Lifecycle (SDL) model. This should make security an integral part of the development lifecycle. Well to be honest when budgets are getting tight and deadlines are running out: documentation and code quality are the first areas that take the fall. So really I don’t expect much from SDL. Especially since MS is trying to develop a ‘catch all’ (silver bullet) security measure inside the kernel… I’m not saying these measures aren’t worthwhile, they are (Linux has them for ages now), it’s just not enough.
The phrase ‘security is a concept, not a product‘ proves its point when you look at the measures current OS’s are implementing to prevent ‘arbitrary code execution’. Windows XP, Windows Vista (still in use?) and Windows 7 has DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). Both ‘techniques’ should prevent (or make it harder) to execute arbitrary code… but they don’t. Dutch security researcher Peter Vreugdenhil showed an impressive circumvention of DEP and ASLR in windows 7. See: security is not a product…
The good thing is that the hackers are not just updating the vendors on the leaks they found. Instead they tell the vendors how to find the leaks themselves in an attempt to raise awareness.
I’ve blogged about World of Goo before on this site. It’s a great game that will entertain you for many hours. I got a tip yesterday from Sander (thanks mate!) about the World of Goo birthday sale. In short: you can determine your own price for the game. Watch it… this will only last until october 19!
You will get all downloadable versions… so one for Windows (why would I want that?) & one for Mac OS X & even the versions for Linux. I’ve donated $1.00 for the game and it makes me feel like a cheap ass but I think that’s the whole meaning of the birthday sale. I think you can donate as less as $0.01 to get the game but I didn’t try it out myself.
Not to long ago I wrote a small entry about how sometimes a game stands out against the rest. These games are not mere imitations or improvements of other games but are genuinly original. Today I came across another such game and it is called “World of goo”. Recently the native Linux version of the game has been released (Mac and Windows was already available).
The idea is that you pick up blobs of goo and position them to create constructions. However it is all goo and flexible. The other blobs of goo will freely move along the trails of the construction. Well it’s hard to explain. Just watch the video below.
I used to be a hardcore Linux user before I got my Mac. Being a Linux / Unix user you are used to scratching our own itch. When I moved to the Mac I sort of got used to having everything integrated and well configurable. Well that is until I installed Java 6. After installing Java 6 the current version (Java 5) remained the active version.
So to scratch my own itch I just set some environment variables and put a few links here and there and I was done. However a collegue of mine ran into the same problem on his wife’s Mac. Since I didn’t want them to go through the same mess I went through I tried another search on how to properly activate Java 6. And I found it right here. Isn’t that brilliant? You gotta love your Mac.
Some days ago Apple introduced the new MacBookPro, you can read a nice report on engadget. is available from apple. People expected a little more from the new MacBookPro and there’s hope. See the introduction of the revolutionary keyboard-less notebook from Apple:
Microsoft announced that it has already started working on “Windows 7″ as a successor to the less than satisfying Windows Vista. Microsoft promises a whole new desktop experience albeit based on the same kernel as Vista’s.
The first screenshots from Windows 7 start to appear on the net. Mac OS X users will recognize a whole lot of OS X in the Windows 7 screenshots. It is almost as if Microsoft is admitting that OS X offers a way better user experience than windows since Windows 7 seems to copy every single feature from OS X. Take a look at the screenshots. I still prefer running a Unix operating system but for those who prefer inferior OS technology this might give ‘m at least a decent user experience. I don’t think Windows 7 will be the actual name of the retail product. They should give it a name that is more up to par with copying OS X. Apple uses names like Puma, Jaguar, Panther, Leopard. So I think Windows 7 should be called “Windows Siamese twin cat” or just “Windows Copycat”.
I’m very happy with my Mac, no doubt about it, but like in any computer system things can go wrong. In this case something was wrong with my primary filesystem (root filesystem). Whenever I rebooted (and you don’t have to do that often with a Mac) I got ‘recovered files’ in my trashcan. These were typical small files (like 8k) so this led me to believe that diskblocks were not properly allocated to files. Although I make backups regularly (Time-Machine works great) I don’t want to run my system with an inconsistent filesystem.
Fortunately OS X comes with a tool called ‘Disk Utility’. I started the Disk Utility and did a ‘verify disk’. The check fails when inspecting the catalog file. This may be due to the fact the filesystem is currently mounted since the corrupt filesystem is the root filesystem. I better boot OS X from DVD and retry the disk check. Booting from the OS X install DVD starts the installer that has a menu entry ‘Utilities’ where you can find the ‘Disk Utility’.
Update: you always find the best information after you’re done: hfsdebug.
Er zijn altijd mensen die, als ze iets nieuws hebben, willen weten hoe het in elkaar zit. Dus ook met de nieuwe MacBook’s van Apple. In deze prachtige reportage wordt de hele laptop uit elkaar geschroefd. Let vooral eens op dat über-sexy moederbord, custom engineering for the world!
Eerlijk gezegd viel de introductie van de nieuwe MacBook’s me een beetje tegen. Natuurlijk zijn de beeldschermen een stuk verbeterd maar daar blijft het eigenlijk wel bij. Wat dat betreft is er geen enkele reden om je oude MacBook Pro weg te doen en een nieuwe te halen. Voor mensen met een 17″ MBP valt er sowieso niets te upgraden. De 17″ heeft geen opvolger en het ‘oude’ model blijft gewoon in de verkoop.
Oeh er is een nieuwe update voor Apple’s Mac OS X besturingssyteem. De update brengt je OS naar versie 10.5.4. Voornamelijk security updates en een aantal feature enhancements en bug fixes. So is iCal grondig aangepakt op gebied van meeting-requests, cancellations en delegations. Het is goed dat ze de release notes erbij doen want de gemiddelde gebruiker merkt weinig verschil: je gaat van een rock-solid OS naar een rock-solid OS…
There is some nice documentation released for all people who want to ‘harden’ their Mac OS X installation. Apple released its own document to make Leopard (Mac OS X 10.5) more secure. You can find the guide from Apple here. A few days earlier the center for internet security released its own guide. It contains detailed instructions for implementing the steps necessary for CIS Level-I & 2 security on Mac OS X 10.5 (Leopard). The guide from CIS can be downloaded through here (crappy registration required).
Here’s a remarkable report on a bug that has been living in BSD for over 25 years. At one time, BSD-hero, Kirk McKusick implemented the dir* library in BSD to prevent applications from having to implement the directory oriented functions themselves. Afterwards he changed 22 programs that were using direct directory handling to using the operating system functions. The bug could prolong itself for 25 years because it manifests itself in a particular (rare) case:
This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third.
Even OSX has the same problem since it has BSD under the hood. The good news is that BSD now even got better and a small consolation for all coders out there: even Kirk McKusick slips one in every now and then. Happy coding.
I have a fairly strict power management and security settings on my Mac. This will cause the screen to dim when the laptop is not used for a few moments. Furthermore the screensaver will kick-in after a couple of minutes and requires my password to unlock. Now this can be annoying when you are watching a movie on YouTube or something that don’t require interactivity with your Mac. The screen will dim and after a few minutes the screensaver will hide the movie. Sure, you can change your power management and security settings but that is also annoying. So just put your Mac on caffeine. It puts a tiny icon in your menu bar and allows you to (temporarily) disable the screen dimmer and the screensaver. You can even trigger it on a timeout so you will never forget to ‘restore’ the settings. After the specified timeout Cafeine will turn on the dimmer and the screensaver again.
There’s a new version of VMware Fusion for your Mac released. Version 1.1.2 (87978). I have a license for verion 1.1.1 and the updater accepted that license and installed version 1.1.2 under the same license. So updating is free. There are some issues resolved. One of the issues was a bug that prevented running virtual machines being backed up using TimeMachine. This was fixed in Mac OS X 10.5.2 and TimeMachine backups are now enabled in VMware Fusion. Update now!
Now this is nice. IBM piloted using Macs in the IBM office. Currently IBM uses Microsoft Windows. The users are very positive (no surprise here). Not all users were that happy. One of the Mac pilot users visited customers offsite. His remark: “When presenting at customer or external meetings, I have been greeted with the ‘wow factor.’ ‘Where’s the ThinkPad, IBM uses Apples now?’”. Most pilot users (19 out of 22) wanted to keep the Mac for their daily business. This was despite some software that they needed but didn’t work on their Macs:
IBM’s own DB2 database and Websphere application server
IBM’s Rational Application Developer IDE for J2EE apps
IBM’s WebSphere Integration Developer SOA development tool
support for IBM’s InfoPrint workgroup laser printers
Microsoft Visio diagraming software and NetMeeting video conferencing tool
This article has some nice quotes from the pilot users. Way to go IBM! Give it a positive swing: “Mac OS X the best alternative for OS/2″.
I’ve blogged about 
I’m very happy with my Mac, no doubt about it, but like in any computer system things can go wrong. In this case something was wrong with my primary filesystem (root filesystem). Whenever I rebooted (and you don’t have to do that often with a Mac) I got ‘recovered files’ in my trashcan. These were typical small files (like 8k) so this led me to believe that diskblocks were not properly allocated to files. Although I make backups regularly (Time-Machine works great) I don’t want to run my system with an inconsistent filesystem.
Now this is nice. IBM piloted using Macs in the IBM office. Currently IBM uses Microsoft Windows. The users are very positive (no surprise here). Not all users were that happy. One of the Mac pilot users visited customers offsite. His remark: “When presenting at customer or external meetings, I have been greeted with the ‘wow factor.’ ‘Where’s the ThinkPad, IBM uses Apples now?’”. Most pilot users (19 out of 22) wanted to keep the Mac for their daily business. This was despite some software that they needed but didn’t work on their Macs: