Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bitcoin Apple

Apple Has Included Bitcoin Whitepaper in Every Version of macOS Since 2018 (macrumors.com) 65

In every copy of macOS that has shipped since 2018, Apple has included the original Bitcoin whitepaper by Satoshi Nakamoto, and no-one seems to know why. From a report: The baffling discovery (or rediscovery - see below) was recently made by developer and waxy.org writer Andy Baio, who stumbled upon the PDF document while trying to fix a problem with his printer. Anyone with a Mac running macOS Mojave or later can see the PDF for themselves by typing the following command into Terminal:

open /System/Library/Image\ Capture/Devices/VirtualScanner.app/Contents/Resources/simpledoc.pdf

If you're running macOS 10.14 or later, the 184 KB Bitcoin PDF should immediately open in Preview. The document can also be located via Finder: Navigate to Macintosh HD -> System -> Library -> Image Capture -> Devices, then open the Contents -> Resources folder. The whitepaper titled "simpledoc.pdf" should be in there.

This discussion has been archived. No new comments can be posted.

Apple Has Included Bitcoin Whitepaper in Every Version of macOS Since 2018

Comments Filter:
  • At least it's not a PDF on how to spank your monkey.

  • Says a lot (Score:5, Interesting)

    by DarkOx ( 621550 ) on Thursday April 06, 2023 @10:37AM (#63430400) Journal

    It says a lot of the various agencies, third party security firms, and incident response people that something like this went unnoticed until now.

    Industry and Government need to accept that all of these platforms are far to large and complex for anyone to ever be able to offer security assurance. Critical infrastructure and management there of probably needs to get off Win/Mac/Gnu\Linux and on to platforms small enough to meaningfully audit.

    • by King_TJ ( 85913 )

      I mean yeah... that's one way to look at it. But where's the security risk in a standard 182K PDF Bitcoin whitepaper? I get the impression any security audit done on Mac OS would have ignored such a document, especially given where it resides in the folder structure. Looks like a sample/test document for the Image Capture utility, possibly left behind after it was used for development testing?

      I agree in a general sense, though. Cybersecurity is proving to be a high paid position where you're just responsib

      • EULAs almost always limit liability. If you get hacked because of Mac OS bugs or Windows or Android or whatever and someone recovers your passwords, logs into your bank, and wires all the money to kingdom come, they are not liable for your damages.
      • by DarkOx ( 621550 )

        Looking at it from ta monitoring and detection perspective I see it this way.

        Crypto Currency has been basically the epicenter of all things fraud and abuse for years now. Security incidents where someone installs a crypto miner be it someone running a malware botnet or an operator without authorization to do so are probably pretty high up on the list of common incident types right now. If anyone started doing IR or post incident forensics 'bitcoin' should have been a watch string..

        Same thing for any kind

        • by mysidia ( 191772 )

          f anyone started doing IR or post incident forensics 'bitcoin' should have been a watch string..

          Nearly anything "just watching for the string" would not find the string; as the raw string is Not there to be found in the file. You would need a dedicated tool for parsing the vector graphics and bitmaps found in a PDF, or that can decompress a PDF to try and reconstruct text. Thus it hardly matters whether someone is sending an uncompressed disk image or not.

          "$ grep -cai bitcoin /System/Library/Image

          • This is only true for this particular document, but not in general for PDF.
            Here for some reason they have encoded the content in a series of "objects", which look compressed to me. Seems it is one "object" per page.
            Open it in vi and you see ...

      • by dougmc ( 70836 )

        For the longest time, the package "ghostscript" came with a cool picture of a tiger [wikipedia.org].

        Given that Postscript is actually an executable language, I guess there's a security risk there, though it *should* be tiny in most cases as it's a heavily sandboxed language.

        Still, I'm not aware of this ever being considered a security vulnerability, though we certainly noticed the file, and it was often used as a sample thing to print and such.

        It also doesn't seem to be included anymore :/

    • Re:Says a lot (Score:5, Informative)

      by mysidia ( 191772 ) on Thursday April 06, 2023 @01:14PM (#63430834)

      It says a lot of the various agencies, third party security firms, and incident response people that something like this went unnoticed until now.

      Do you believe human eyes should have been set to scrutinize every single document that exists in a MacOS install? Doesn't seem like a smart use of security professionals' limited time, anyway, but.

      How do you know it "went unnoticed", rather than people who saw it simply disregarding it or not publishing anything about it, because the file is of no consequence, and isn't a risk or concern anyways?

      The file is uninteresting from a security standpoint. It is a document file that poses no risk to the system, And it's located in a place where end users are unlikely to ever even open it. It's essentially a waste of disk space.

      • The more useless bloat there is, the harder it is to audit the important stuff.

        Besides, today's OSes are effectively swiss cheese in terms of security. I remember when "PDF exploits" were all over the web, and were being actively exploited by "legitimate" advertising companies.

    • It says a lot of the various agencies, third party security firms, and incident response people that something like this went unnoticed until now.

      Why do you think it went unnoticed? If I'd been doing a deep security audit of Mac OS I'd probably have found the file, opened it, though "heh, that's cute", and moved on.

      There's nothing threatening with a whitepaper, especially if it's a widely distributed PDF so you can do a checksum and confirm no one has snuck anything weird inside.

      Industry and Government need to accept that all of these platforms are far to large and complex for anyone to ever be able to offer security assurance. Critical infrastructure and management there of probably needs to get off Win/Mac/Gnu\Linux and on to platforms small enough to meaningfully audit.

      Well one difference between Windows & Mac and Linux is that Linux is Open Source so you can confirm were all the various bits came from.

      And with Linux in particular you c

    • It says a lot of the various agencies, third party security firms, and incident response people that something like this went unnoticed until now.
      No idea what you want to say with that.
      It is a PDF for testing purpose of the scanning system on a Mac. Could be any PDF. However the developers/guys who package the system, used this one. As a kind fo joke.

      What is next, you complain because they use page 13 of the novel "Catcher in the Rey" but did not consider to use page 17 of "One Flew Over the Cuckoo's Nest"

  • by backslashdot ( 95548 ) on Thursday April 06, 2023 @10:38AM (#63430406)

    Steve Jobs was Satoshi Nakamoto. Or maybe Wozniak but Steve gets the credit.

    Check the timeline, it matches up.

    • At least this would explain why no one has stepped forward to either claim credit, or cash-in the OG hoard! Who alive wouldn't try to cash in on a $1+B bitcoin hoard?
      • by aitikin ( 909209 )

        Who alive wouldn't try to cash in on a $1+B bitcoin hoard?

        Someone who truly believes in bitcoin, obviously!

        All joking aside, I sincerely believe whoever Satoshi Nakamoto actually was has passed away, probably before bitcoin boomed. I just wonder what happens when someone will find a way to hack that wallet...

    • Neat thought, but both Jobs and Woz have a distinct way of communicating, and Satoshi wasn't them

  • by xack ( 5304745 ) on Thursday April 06, 2023 @10:39AM (#63430408)
    Is who trusts the bricks of the wall. Someone at Apple will probably get fired over this. Microsoft has had a deliberate no easter egg policy since XP.
    • I doubt it's an Easter egg. My guess is it was a test filed being used for something that got left in by mistake
    • Why? What exactly was done wrong here? It's just an example PDF not malware.

      • by xack ( 5304745 )
        The topic of the example pdf is the controversy here. Apple has previously used the "Here's to the crazy ones" advert in example files in MacOS, but to put the white paper for Bitcoin, the starting of a technology which is been responsible for lots of economic changes including climate change and ransomware is highly controversial. If there was instead some politician's speech included as an example file then Apple could be in deep water.
    • by tlhIngan ( 30335 )

      Is who trusts the bricks of the wall. Someone at Apple will probably get fired over this. Microsoft has had a deliberate no easter egg policy since XP.

      Except macOS is not a walled garden. It has some controls that allow you to erect walls, if you want to, but by default it's not a walled garden. You can write code that Apple doesn't have to approve, or even see - Apple sells you a $99 signing certificate that lets you sign your application without going through any review process at all. (Hint: Firefox has

    • How is this some grand Easter egg? It is a pdf which the OS has probably lots of them in a base release. Also bear in mind, core components of macOS is released as open source Darwin. Was this file also released as part of Darwin? If so, did anyone in the open source community notice?
  • by zenlessyank ( 748553 ) on Thursday April 06, 2023 @10:49AM (#63430434)

    Slow News Day, eh?

  • They should inscribe the paper into the side of mount Everest as a warning to future generations
    • Re: (Score:2, Funny)

      Perhaps the inscription should read "You're more likely to successfully summit Mount Everest without oxygen than make money off of Crypto"

  • I went looking for it, like it says on the MacRumors site, and I couldn't find it. What am I doing wrong or is this hub-bub not quite right?
    • by edis ( 266347 )

      I copy/pasted in terminal, and got Preview with the document. Mojave.

    • It's there on my mac. Type "open /System/Library/Image\ Capture/Devices/VirtualScanner.app/Contents/Resources/simpledoc.pdf" without the quotes into a terminal window and it opens right up. Or in Finder, go to Macintosh HD -> System -> Library -> Image Capture -> Devices, then right click on the Virtual Scanner and select "Show Package Contents", then continue navigating through the folders Contents -> Resources and you'll see the file.

    • by aitikin ( 909209 )

      Finder hides the Library directories by default in newer versions of Mac OS (X). If you don't see it, you can use the, "Go," and use, "Go to folder..." to navigate there.

      • For something called "Finder", it sure hides a lot of things. My favorite is the .DS_STORE directories present in any package produced by an apple developer. If you are going to develop software, use a proper file manager that can show you ALL the files.
  • by PPH ( 736903 ) on Thursday April 06, 2023 @11:03AM (#63430470)

    ... just an example document that some dev put there to demonstrate the PDF reader. Like the audio clips they usually include to demonstrate the multimedia apps.

    Why it wasn't something like Lorem Ipsum (no meaning so inoffensive) is a good question.

    • by dfm3 ( 830843 )
      I'd bet it's exactly this. The Image Capture app is used for importing images and such from other devices, so it would make sense for there to be a few files for testing purposes. In the same location there's also a "cover.jpg" which is a photo of a blue wall with a security system sticker and some badly peeling paint; I wonder if they weren't used as either sample documents or perhaps some sort of fallback where instead of throwing an error under some condition where a file is not found, you use a document
  • by 93 Escort Wagon ( 326346 ) on Thursday April 06, 2023 @11:06AM (#63430486)

    They wanted a test PDF document handy, and some staffer thought it'd be funny. Same reason I keep a few simple PDFs around "test application", "test CV", etc. from people like Ima Goodlady. I use them when I'm working on various systems.

  • by bubblyceiling ( 7940768 ) on Thursday April 06, 2023 @11:07AM (#63430498)
    This one of my pet peeves. Most software and code bases have become so bloated. One of the reasons being the inordinate use of dependencies and external packages.

    So now even a simple app will have like thousands of files. NPM is one of worst at this and even a simple test project is just littered with files.

    What is useful or not? How the hell are people supposed to know out of the Million plus files?
  • In all likelihood, someone downloaded the file into a directory that was linked to source control, and then accidentally checked it in as part of their changeset. It either didn't get reviewed or the reviewer(s) were preoccupied that fateful day back in 2018.
    • by DarkOx ( 621550 )

      I would say most likely explanation is its some sort of file test file or something and someone used less than stellar judgement and went with the bitcoin whitepaper rather than a "lorem ipsum" its probably there to enable some unit test or something and was not supposed to make it through to the release package.

      This though is a good example of why you should not do anything less then professional in anything related to the product or the customer. My guess Apple brass is probably not thrilled about someth

      • by mysidia ( 191772 )

        My guess Apple brass is probably not thrilled about something being done which could be some be construed

        As Copyright infringement. Several different competing "Satoshis" already made or tried making copyright registrations on the white paper. That means Apple has unknown exposure to a possible copyright claim against every version of MacOS shipped in the past 5 years.

        Who can really say how much that risk actually is, and how much Apple could end up being forced to pay? That is potential millions of

  • by euxneks ( 516538 ) on Thursday April 06, 2023 @11:50AM (#63430646)
    There is no security risk in a document that sits in your computer unused and unopened. It is not nefarious just because it is the Bitcoin whitepaper. It would similarly not be nefarious if instead it were a simple "Hello World".

    People are saying this is an example of how you can't trust "walled gardens", and like.. Yeah, you cannot trust walled gardens but this is not an example of why.

    Stop your pearl clutching and go find actual nefarious things
    • Stop your pearl clutching and go find actual nefarious things

      We did, by indicting Trump - but then the RWM put this out as some sort of diversion.

    • There is no security risk in a document that sits in your computer unused and unopened.

      This is true, but it is concerning that something that didn't belong in the application was packaged and delivered for five years before anyone noticed. It's a blemish on their code review process and it makes you wonder how many other things got into the software that shouldn't be there. This isn't some anti-Apple rant - I'd be concerned about the security of any application or project that included things that clearl

  • I'm running OS 13.2.1 and the file is not there...

    Just sayin'

  • So MacOS is ad-ware?

  • All I can say about this is Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...