Apple Responds to Exploit 351
Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.
Quick fix, just not easy for Mac users.. (Score:2, Funny)
Yes that should be obvious to Mac users
Re:Quick fix, just not easy for Mac users.. (Score:5, Informative)
Important wrinkle (Score:3, Informative)
What is not fully documented is that if you have multiple network locations, you have to deselect this checkbox for each location. Fortunately, this is straightforward since there is a network location pull down menu right above the checkbox.
Note that this means you can leave it checked for trusted networks but uncheck it for untrusted networks.
Re:No, that's not so bad (Score:5, Insightful)
Re:Quick fix, just not easy for Mac users.. (Score:4, Funny)
Yes, perhaps they'll eventually come out with an advisory for the people who are lagging two generations behind on their OS version and who are on untrusted networks. Not too surprising that they dealt with the bulk of current users first.
Re:Quick fix, just not easy for Mac users.. (Score:4, Interesting)
That said, the Technote on this will likely have instructions for pre-Jaguar versions of OS X.
Re:Quick fix, just not easy for Mac users.. (Score:2)
Keep your story related grudges within the story
Re:Quick fix, just not easy for Mac users.. (Score:2)
Although to be honest, most of the nasty stuff I've theorized about Microsoft's plans at various points they've done, tried to do, or are moving toward now. I'm rather impresed with their ability to anticipate and come up with more and more underhanded and shady business schemes everyday.
I've found that the best w
Re:Quick fix, just not easy for Mac users.. (Score:3, Insightful)
Typical liberal.
It's an old argument (Score:5, Insightful)
Apple choose ease-of-use, and get criticised for leaving an open security "hole". Microsoft choose the same, and get criticised for (well, just about everything except wonderful marketing), and Linux chooses the other, and is criticised for poor ease-of-use.
That's not to say it's impossible, but it needs more than the current level of effort that goes into multi-node design. Apple is taking the first steps, and they've been somewhat burnt. Let's hope that doesn't discourage them from carrying on down the path... Unix as a genre can only learn from a successful easy-to-use and secure implementation of multi-machine computing. The thing is that you only learn by trying....
Simon.
Re: (Score:2)
Re:It's an old argument (Score:3, Funny)
Uh, you mean Red Hat Linux, where every service and it's 3rd cousin is running?
Try OpenBSD, which has just about nothing running default.
Re:It's an old argument (Score:5, Insightful)
For example, the messenger service isn't used by anyone by spam senders, e-mail scripting was never a useful device to anyone, and a fragile, naked file system doesn't lend itself to easy usage anyway. A web browser that can be told to run arbitrary code due to a buffer overflow is not vulnerable because it is easy to use, but because it is poorly written. The autodetection of hardware and updating of drivers is very easy to use, and has (as far as I know) never been the source of an exploit.
You can both have security and ease-of-use... Just design a closed system with very limited purposes. A Hub, for example, is extremely easy to use, and has few possible points of security vulnerability. Routers, on the other hand, are frequently a bit archaic in their setup and get hacked all of the time.
That's not to say that your point is invalid, but that there are other factors involved... Flexibility, control, effort, etc.
I guess the point of this is that if I have to re-install windows or edit the registry again before Christmas I'm buying myself an iMac.
Re:It's an old argument (Score:5, Funny)
Re:It's an old argument (Score:5, Funny)
Re:It's an old argument (Score:3, Insightful)
A linux box here with an ISDN card sends Windows popups with "who is calling whom" info to the Windows boxes on the net. It occasionally annoys the children when they are playing a game, but we find it useful.
In a company, the users seem to like the popup announcing them they have new mail. I intend to replace their Exchange server with a Linux box, so I guess I'll also have to script some gadget talking to messenger to keep them happy.
Re:It's an old argument (Score:3, Interesting)
Exposing the Outlook object model to
Re:It's an old argument (Score:5, Funny)
Re:It's an old argument (Score:5, Informative)
System administators have used it for years. It's only recently that the spammers have decided to use it. That's why Microsoft is disabling the service by default in XPSP2.
"fragile, naked file system"
I don't honestly know what you are talking about. NTFS is a journaling filesystem with some very strong features. Metadata for every file, unlimited alternate data streams (Microsoft's version of the HFS data/resource forks, but you can have as many as you want), strong security permissions that even the OS obeys that can be applied on a per-user basis with inheritance and an allow/don't allow/deny system. NTFS one of the strongest attributes of Windows. Now, the permissions aren't set strict enough out of the box (and most users make their account part of the Administrators group - just like running as root all of the time).
Imagine how a Linux system would hold up under the following situation:
- User always running as root, even when they don't have to
- User downloading and executing unknown code from random locations (screensavers, shareware, warez)
- User installing software that is bundled with programs that spy on them / mess up their system
- User never patching their system, even though the OS can do it automatically
- User not using a password on their system in many cases
- User downloading and executing unknown code (in email attachments) even though system warns of extreme security risk
- User not using firewall even though it is built into the OS
Now, Microsoft could do more:
- No mail client should even be able to execute attachments. Even with a security warning. I do believe that Outlook Express now prevents you from executing attachments at all unless you uncheck a box hidden in some configuration dialog.
- The firewall should be on by default. XP SP2 fixes this.
- Users shouldn't run as root all of the time. Perhaps a warning when they log on would be helpful. The setup wizard already creates non-root users, but most people don't use them. I don't think users are adequtely informed of the security risks of running as root.
- Windows should come with an antivirus solution. Something integrated and transparent. Sometimes, you need to run untrusted code, and an good antivirus program can help reduce the threat.
- Windows should have more restrictive permissions by default. Currently, non-root users can write to "program files" and potentially destroy software (although not the OS).
Finally, some things that are good:
- As I said before, the permissions system is very good
- Windows File Protection is good for those stupid installers that try to overwrite system libraries
- Systm Restore is nice for those people who are too cheap or lazy to have a real backup solution
- Automatic updates are nice - if only people would use them
- Driver rollback is nice for nuking "crap rev" drivers
"I guess the point of this is that if I have to re-install windows or edit the registry again before Christmas"
If you do the following things, you won't have to:
- Don't run as root (administrator) unless you absolutely must
- Don't download and execute unknown code unless you have scanned it with an antivirus. Don't run it as root unless you absolutely must (many programs will install as nonroot)
- Turn on the XP firewall
- Run a spyware detection tool such as ad-aware or spybot to get rid of the crap
- Install the latest patches and service packs
Basically, use common sense. If Windows users would realize that, no, your computer *is not* a toaster and it *does* require a bit of work to keep it secure, there would be many fewer viruses and worms.
Second, if you *ever* have to edit the registry, you're doing something very wrong. That's like saying that you should dismantle your entire car because one of your headlights is out.
Re:It's an old argument (Score:5, Insightful)
First of all by "file system," I had meant the organizational file heiarchy in Windows, the portion that the OS sees. You can still break all of the links to a program by, for example, re-naming a folder. Many programs fail to work if installed on something other than the C: drive... Many of these are Microsoft's programs. The Windows folder is a hodgepodge of thousands of items, some of which are protected and some of which aren't, but few of which are intelligently laid out for either the user or the programmer. I agree that NTFS is a much better file system than Fat32 was (though the fact that Windows XP doesn't support 160 GB drives out of the box is pretty shameful), but what the OS does with it is shabby.
Second, if you *ever* have to edit the registry, you're doing something very wrong. That's like saying that you should dismantle your entire car because one of your headlights is out.
Actually, some programs treat registry settings like they were a preferences dialog. Zone Alarm, for example, like thousands of other pieces of software has an annoying splash screen that appears every time your computer boots, and the only place the preference exists is in the registry. Program registrations need to be backed up from and occasionally restored to the registry... It's just a bad idea to keep your copy restriction authentication and your preferences in the same structure, but that's exactly what Microsoft designed.
As a game developer, and an out-of-work one at that, Windows does need to be reinstalled every 6 months or so... If the constant flow of test games doesn't get you, the constant flow of uninstallers will. Rolling back to restore points is useful, but A: it doesn't always work and B: it doesn't address the cumulative damage of accrued extensions.
As an addition to your suggestions, the user needs to check what icons are in the bottom-right hand corner of their screen, and shut off what isn't needed. Many people I have spoken too don't realize that those are applications and not just quick-launch shortcuts.
Re:It's an old argument (Score:3, Informative)
That is simply so wrong. There are so many applications that require the user to edit their registry. Not by design of course but because of software bugs.
Some simple cases to illustrate my point.
Exact Globe 2000 (administration software) suddenly won't properly print anymore. Call helpdesk. Remove some keys and voila print
Re:It's an old argument (Score:3, Insightful)
Application Bundles. Ths means that the only dynamic libraries going into the System directories are actually part of the core OS. All an applications dynamic libraries are contained in the bundle. It's a bit wasteful space-wise, but HDD space is cheap. And it solves much of the problem of Users needing to install their own software, but needing to be Admin to do so. This is much like installing software in your home directory as an unpriviledged user in other
Re:It's an old argument (Score:4, Insightful)
In UNIX, I could set the permissions to 750 and not have to worry about it anymore.
Now, I like the link idea. Having the same file in multiple locations on your directory tree can be very useful. Also, the metadata and data streams are nice. However, NTFS doesn't have "strong security permissions" by any stretch of the imagination.
I have to edit the registry all the time. Programs like to set themselves up to autorun by putting themselves in HKLM/Software/Microsoft/Windows/Current Version/Run. Most of these are programs that I don't like such as Microsoft Messenger. I go into the Microsoft Messenger preferences and uncheck "Run this program when Windows starts", but it doesn't remove the registry entry.
Oh give it a rest (Score:2, Insightful)
Get off it, when you provide services to the world, you open yourself to the poiibility of getting hacked. Look at Linux. Consider the holes in OpenSSH. Is it essential
Re:Oh give it a rest (Score:3, Flamebait)
You asinine troll. Windows is quite simply broken. Want proof? If something is f*cked up on your Windows system, and you reboot it, it frequently fixes the problem. Try that with another operating system. A reboot shouldn't fix anything, it's a symptom of the operating system breaking itself.
I've been using NT since 3.51, I've bee
Re:It's an old argument (Score:2)
Re:It's an old argument (Score:2)
I could also say that easily distributable digital music and artists getting paid are mutually exclusive concepts, but I would be dead wrong, as this
Re:It's an old argument (Score:3, Insightful)
Yes, there are real, physical (derived from natural laws) conflicts between ease and security.
An easier version of SSH wouldn't force the user to memorize passwords, which is a fundamental conflict with security. An automobile would be easier to use if you didn't need to carry around an ignition key.
However, the post you were responding to didn't say that. It said "Hitherto it has been impossible
Who will watch the watchers? (Score:5, Insightful)
What is the world coming to?
Do I need to manually verify every single setting supplied to me by my DHCP server because I don't trust it?
These days, the internet is not a safe place, we all need to be more than just a little paranoid - but are you paranoid enough?
Re:Who will watch the watchers? (Score:5, Insightful)
in a way, yes. an evil machine on your network may answer your dhcp request with, say, itself as your default route. wham, you have yourself a machine routing all your internet bound packets through itself, doing whatever it is evil people do (nice little man-in-the-middle eh?)
it's back down to ease of use: dhcp, or have the network admin identify himself with DNA samples and personally configure each box on the network.
Re:Who will watch the watchers? (Score:2)
Physical access is the number 1 security hole.
Re:Who will watch the watchers? (Score:4, Insightful)
The argument I make in the "philosophical details" section of the advisory is that realistically you should not trust a network for user authentication information without at least *some* user interaction so the user is aware of what is going on. To do otherwise is irresponsible and puts end users at risk.
Re:Who will watch the watchers? (Score:5, Interesting)
Still, i strongly disapprove the way you went about releasing your exploit.
You should know damn well that the solution to this problem is far from being a simple patch to a piece of C code to plug a stupid buffer overflow vulnerability. People who expect, and, like you did, demand a solution to this problem within days or weeks, are people who blindly refuse to acknowledge the challenges surrounding the development of an appropriate and comprehensive solution. We are talking here about removing functionality from the DHCP protocol that had been taken for granted for years. Or significantly patching it to add a slew of warning dialog boxes, which are all usability enhancements. A short-term fix might need to be evaluated vs a longer-term fix. You don't develop this in days. it takes time.
if you had any clue about processes surrounding software development, especially intricacies behind design and development of user interface updates, there is just no way in hell you would have published your advisory, much less with a working exploit. A December time frame would have been perfectly reasonable and you fucking know it.
Now thanks to your dumbass move, chances are you've just cornered Apple into releasing an update that only solves problems partially.
The Panther code base and user interface had been locked-down and tested way before your advisory. This would have required a major change in the code, delayed testing certification, and subsequently launch, for a security issue that is, after all, not even close to be remotely as bad as other issues found earlier. more on that later. Shortly after Apple had to address more urgent security issues in 10.2.8. You can't hold against them the fact that they didn't just "include this fix" with either 10.2.8 or Panther, why? Simple: AGAIN, the solution to this problem is NOT, and i fucking repeat NOT a simple code patch, unlike most security issues which usually revolve arround buffer-overflow security exploits.
Why is this problem "not so bad after all"? Simple. While many people refer to it as a "remote exploit", i'd would like to strongly qualify this term and get people to understand that this exploit will not, absolutely NOT, allow just about anyone on the internet to "own your box". You can only get infected if you happen to plug your computer on a LOCAL AREA NETWORK with one or more "evil hosts", that could subsequently try to own you. But think, my friend, think hard: WHAT ARE THE FUCKING ODDS of this happening? Even if it does, it's not like some evil internet worm could sneak around and wreak havoc the whole internet. Each infection can only max out at hundreds of machines at a time, and always be localized to a fairly specific, restricted geographical location, and in most cases the source of the exploit could be located and terminated.
The point i'm trying to make here is that YES, Apple did miss their original november release date but fairly promply gave you a new december release date. You should fucking know by now that the fix to this problem is not trivial and could have waited another 30 days from the day you released your advisory.
Finally... (Score:2, Funny)
It's about damn time they found an explot for an Apple computer!
Re:Finally... (Score:5, Funny)
I feel like Steve Jobs just bought me a drink and explained the problem, then gave me a hug when it was time to go home.
I'll miss him.
It's still an exploit (Score:5, Insightful)
Still, I don't think that this exploit is really that easy to take advantage of... the circumstances which would lead to it are fairly limited for now (until WiFi is as pervasive as air, anyway).
Re:It's still an exploit (Score:3, Informative)
Which is why we don't use it at my company.
Yikes! (Score:5, Funny)
Oh, wait... once the new machine gets owned by some script kiddies, then the IT guy gets called... okay... phew... nearly thought that a job was eliminated... nevermind... as you were...
Re:Yikes! Who configures after connecting ethernet (Score:3, Insightful)
No professional I know connects a server to the network BEFORE they configure security and network settings.
Shame on you if you do
New bugs, ease breaking havoc on your LAN (Score:2, Interesting)
I was recently bit by their hijacking of the
(and when you call their support to ask why the Mac cannot see the local mail server called x.y.local, they have no idea and tell you to go around asking in web forums!)
So whatever they do and sell you as "making things easier", I would be very afraid to have it on my network.
Re:New bugs, ease breaking havoc on your LAN (Score:4, Informative)
Use what you know... (Score:4, Interesting)
I expect retail software geared to the home user will continue to keep the tendancy of shipping flawed, because development often does not take place in a home environment. This goes for everything from Quake servers (remember ID's backdoor?) to all of the $40 photo-editing tools that are sold at Wal-Mart with marketing emphasis on the end user, with interfaces so all-encompasing, wizard-heavy, and dumbed-down that even I don't attempt to tech my low-tech friends how to use them.
Home vs. Work (Score:5, Insightful)
In this case, the software is actually more vulnerable in a work environment, because it requires a compromised DHCP server on the local subnet. Most home users would probably notice if you plugged in another computer in their house. It's less likely to be noticed in a corporate environment, at least for long enough to compromise a few servers.
Besides, if it's possible for someone to sneak a compromised DHCP server on your network, you're basically screwed anyway.
Re:Home vs. Work (Score:5, Insightful)
The janitors in my bank building could probably do this on multiple networks on multiple floors with ease. Heck, just drop a decently modded dreamcast under a secretary's desk or anywhere you can find a ethernet drop and weak switching.
Re:Home vs. Work (Score:3, Funny)
Re:Home vs. Work (Score:5, Informative)
I have mod points, but I had to respond.
This is so true. Many organizations beyond a few (10-20 or so) computers do not have good physical security. Anyone can easily place a rogue node on a network and wreak havoc.
This happened recently at my school. Someone setup a DHCP server that responded faster than the school's Netware systems could. This seemed to be accidental because the configuration was all over the place, and didn't work at all. The techs have been investigating this for a few weeks and I'm not sure if they have found it yet.
While my above example didn't cause any harm, imagine if someone was to setup a DHCP system and also took advantage of IE's "autodetect proxy settings" feature. They could be almost undetectable, yet be able to log all Internet traffic by redirecting the proxy and default gateway through their box.
Re:Home vs. Work (Score:2)
to get the drop (assuming areasonably intelligent switch):
(on dhcp client)
ping [IP of dhcp server] (to ensure arp entry is active)
arp -a [IP of dhcp server] (to get mac address)
(on switch - this is cisco catalyst syntax, but any managed switch should have this feature)
show cam [mac addr of dhcp server] (to get port on switch)
a few weeks? should be a few minutes with a 1/2 decent network config...
Re:Home vs. Work (Score:2)
As for noticing - I wouldn't notice someone sitting outside my house and hooking onto my wireless network. I rarely pull up the DHCP clients list on my wireless access point. I imagine it's the same for most people. I rarely pull up network browsers, too - I just go to the m
Re:Use what you know... (Score:5, Insightful)
It's not about the exploit... (Score:5, Interesting)
All software is, and will continue to be for the forseeable future, vulnerable. The question for the users and security people is, "How will company x handle themselves when a vunlerability is discovered in their product?"
This question, and its answer, is the most important issue when deciding who you trust with your data.
much ado about nothing (Score:5, Interesting)
Re:much ado about nothing (Score:2, Insightful)
Keep in mind "your subnet" could be the WLAN at the coffee house (I must have seen 6 macs down there today - near the Castro in SF, in case anyone's interested), or a cable modem connection. This also means that if you can own one box on the network, you automatically get root on the all the others.
Re:much ado about nothing (Score:2)
Re:much ado about nothing (Score:2)
That way it's almost certain to do the right thing when you unpack it at home (or work, whatever) and will be less vulnerable to being attacked in Starbucks. After all, surely no-one boots up for the first time in a coffee shop?
Re:much ado about nothing (Score:2)
Re:much ado about nothing (Score:2)
Re:much ado about nothing (Score:2)
Don't say it never happens (Score:2)
Security is not simple, and the balance between security and usability is even more complex.
Wireless attacks on local networks (Score:5, Insightful)
Re:Wireless attacks on local networks (Score:2, Informative)
First, if someone can jack into my ethernet with a machine and place it on my same subnet... they deserve to h4x0r my boxen.
Now... if they get on my wireless network, what are the chances that my wireless machine will leave an already established lease to jump ship and run to another dhcp server especially if my base station is also my wireless dhcp server. And lets not forget the whole problem of "ssh" is not on by default. I
Re:Wireless attacks on local networks (Score:2)
The chances are that if you read the original advisory the main vulnerability identified required a reboot. At reboot, your Mac will associate with the first DHCP server it hears from. This may or may not be a malicious one. The chances are, of course, not 100%, but they are above zero, and thus something for people to know about, so they can protect themselves.
A
Re:Wireless attacks on local networks (Score:2)
No worse than DHCP itself (Score:5, Insightful)
There may be something I missing, but this does not seem to be a problem with Mac OS X as much as it is with DHCP. DHCP in its simplest form is not secure. Using DHCP on a subnet requires trust. As with any other kind of security you will have to trust something, whether it is your computer or your home network.
I hope people do not blow this bug out of proportion too much.
Re:No worse than DHCP itself (Score:4, Insightful)
That fine, but THIS hole (and it is a hole, not a bloody feature, IMHO), grants anyone on your subnet r00t access on your MAC.
This is a different attack completely.
AFAIK, no other OS offers root access to any little kiddy acting like a dhcp server.
Comment removed (Score:5, Informative)
Re:No worse than DHCP itself (Score:2)
IF you are running with DHCP.
And if you are on a network doing this? Trap out any unauthorized DHCP servers on your switches. You probably are already doing this to prevent headaches from people plugging in private 802.11 devices and screwing things up. Or you could just have an explicit allow list of MAC's (the standard accepted meaning of MAC, not your CaPsEd Mac.) Both are a sta
Re:No worse than DHCP itself (Score:2)
Look, if I can physically compromise your network and slip in a trojan server, I can almost certainly root any machine you've got in the same time anyway.
And don't talk about wireless without RTFA, Airport is not affected.
Re:No worse than DHCP itself (Score:2)
Re:No worse than DHCP itself (Score:2)
DHCP is not secure, it was never intended to be a secure or trusted mechanism. That'
As Scotty once said..... (Score:3)
The more they overthink the plumbing, the easier it is to stop up the drain.
Speaking of Apple bugs... (Score:5, Interesting)
Not SO bad, but could be bad, and it's considerably more dangerous for known Unix nerds.
Mod Parent Up (Score:2)
Re:Mod Parent Up (Score:3, Interesting)
The keystrokes are transmitted to the front application behind the screen saver only if you are fast. They get transmitted during the load time of the prompt window and during the activation time of the screen saver (between the moment it is started and the moment it starts drawing).
Re:Speaking of Apple bugs... (Score:2, Informative)
Re:Speaking of Apple bugs... (Score:2)
I don't think that's the real problem. If I leave my laptop unattended, I fully expect it to get "owned", literally and figuratively.
I sometimes do presentations with my powerbook (not powerpoint, thank you very much, but software demonstrations). I type very fast and can type most of my password in the time interval it takes to fade out the screensaver. If I had to wake my laptop from a screensaver in front of an audience -
Re: (Score:2, Insightful)
Oh... (Score:5, Funny)
This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.
Slashdotter A: "Are we being sarcastic?"
Slashdotter B: "I can't even tell anymore."
What's the difference? (Score:3, Informative)
That is a root vulnerability. You could perhaps trust LANs 20 years ago, you absolutely cannot trust them today, and any vendor that ships software that, by default, trusts the LAN is shipping software with severe security problems.
Re:What's the difference? (Score:2)
again, maybe i am missing something.
Services on by default? (Score:2, Troll)
UPnP anyone? (Score:2)
Reminds me of a user who left the Windows 2000 Professional CD-ROM in his CD-ROM drive, booted from it, and reinstalled Windows. Though, he did have to "answer a few questions" (i.e. Press R to reinstall Windows).
I'd say it's one more nail in Microsoft's coffin. Apple once again comes through wi
speaking of default insecure issues (Score:2)
Apple is making a huge mistake (Score:3, Interesting)
(And for the zealots, I'm posting this from a G4 PB so STFU thanks.)
Re:Apple is making a huge mistake (Score:5, Insightful)
Not Just Apple! (Score:5, Insightful)
and those run Linux...
A solution... (Score:5, Insightful)
sandbox? (Score:3, Interesting)
Plug new PC in, a daemon listens/pings for DHCP, LDAP, whatever... and if it finds it, politely asks the user if he/she would like to enable the service. If you have admin privileges you get to authenticate and proceed to register with the service or if in an untrustworthy environment you can choose to leave them disabled. If a new server is found at any time the process is repeated... though you could set a preference to ignore new servers as well.
See, sandbox. Requests are let in automatically but service must be opted into manually.
Re:Honestly.. (Score:4, Interesting)
I am not an artist. I'm bad at music, too. But I'm not much of a programmer, either. However, I know two people who are good examples.
First is my father. He has a doctorate in E.E., focusing on bottlenecks in computer systems, programmed assembly for TI in the 70s, and has been a professor in E.E. since long before I was born. He only uses Macs. We have one machine in the house that is not a Mac, this one, running Slack 7. He used Macs back in the "old days" for research because, for the money, they were the fastest things he could get his hands on. Now he uses them for work and at home because a) he's used to them and b) they are the best compromise between usability (he can still go into the terminal and screw around, but he can also use the very nice GUI when he doens't feel like typing everything or he's in a meeting with the Dean or the President of the university) and security/stability (it doesn't crash everyday and it has yet to get a virus). I use them for the same reason. And because I can't afford a computer of my own so I use what we have.
The other person is my music teacher. He's a professional musician as well. He's backed up Lionel Ritchie in concert before and plays bass in his own band. He also does some composing. On a Mac, only. He uses Macs because, back when he started, the best if not only composing software was for Macs. Since then, he's been sorta stuck with them. Not that he'd change, though, as my school has given him a PC and he hasn't found a program that works as well on it as his program for Mac (I wish I could remember the name, but alas, I can't. It's one of the major 2, though, I remember). Yes, he has been a "struggling musician" before. And yes, he stuck with his Mac through it because his Mac worked. Well.
Those are a couple of reasons why us "fruits" become blind zealots. It's sort of like being a Darwinian Evolution zealot. We get attacked by ignorant nay-sayers all the time, but we never lose sight of what we know works. Tell me, why are you such an ignorant bigot? Maybe you should get out of the house more...
Re:Honestly.. (Score:5, Funny)
I'm a tech support (24+ years) who will have nothing but Macs in my house. Why? Because they work, don't crash, and my wife and son can't fuck them up.
After spending all day fixing other people's computer problems, the last thing I want to do at home is fix my own.
I'll stick with Macs.
I concur (Score:5, Interesting)
Re:I concur (Score:3, Interesting)
Re:I concur (Score:2)
I first programmed a simple little gizmo with a few lights and switches my older cousin had whipped up in his dads workshop. Then he got a Trash80 and I used it. First computer I owned myself was a Timex-Sinclair.
Same here.
OK, I won't go that far. I've got a windows (98lite) box for games, and a headless linux box, and they both have their functions. Fa
Re:In other words... (Score:5, Interesting)
Re:In other words... (Score:2)
While I haven't tested this, I don't think that most base stations capture broadcast packets that look like DHCP requests and filter them out of the packet stream that they are sharing with the rest of the network. If this i
Re:In other words... (Score:2)
In the end, people are just making excuses about why the attack might be kind of hard to pull off.
Re:In other words... (Score:2)
but mac notebooks are used regularly at public wlans as well(resteurants, hotels, some guys network that just happens to work from the bus station & etc)..
Re:In other words... (Score:3, Informative)
This isn't a new "exploit" - all previous versions of MacOS X and NeXTStep had this with NetInfo by design - thats for nearly 15 years. However, it requires specific non-default configuration to work ( the network directory does not have precedence over the local directory by default - what is claimed in the original web page announcing the exploit is wrong )
F
Re:Google (Score:2)
Re:zerg (Score:4, Insightful)
Who cares that an exploit can create a new user, if ssh and remote login is turned off anyway? The Answer: well, not many people. this is somewhat of a bug/potential hole, that should be fixed, but NOT panicked about.
shadow passwords (Score:3, Informative)