Enterprise Mac | Tom Yager | TAG: Politics, strategy and culture

MORE ENTRIES

TAG: Politics, strategy and culture

May 10, 2008 | Comments: (0)

OS X Security: Diary of an OS X Leopard Server root exploit

Snapshot 2008-05-07 14-11-50
Check for updates daily! The "weekly" default got my Xserve cracked.

First things first: Go to each of your systems running Leopard Server, up through release 10.5.2, and make sure that Security Update 2008-002 is installed. Download it from http://www.apple.com/support and install it manually if you're not sure. There is no harm in attempting to install an Apple update twice. There is great potential danger in leaving a Leopard Server system on-line without it.

In mid-April, I was set upon by some 'nethole that I managed to flush out of my Xserve while he was still wriggling and, by luck, before he had made my server his own. Or so I thought. I documented this attack in some detail prior to investigating its cause, an investigation I recently found time to complete. The results afforded me some insight into the realization, life, death and resurrection of a potential exploit, and the effects that each stage brings with it.

The potential exploit at issue is listed in the US-CERT National Vulnerability Database as CVE-2007-4560. As reported by the person credited with its discovery, inbound e-mail received via a mail transfer agent (the MTA queues incoming e-mail for local delivery, relay or bounce) and filtered through the ClamAV anti-virus "milter" daemon could allow execution of arbitrary shell commands. To be vulnerable, ClamAV has to be operating in black hole mode, which attempts to discard undeliverable messages without scanning them or passing them down to your mail delivery agent. To achieve this, um, efficiency, ClamAV must run at the elevated privileges of your mail delivery agent (e.g. Sendmail) so that ClamAV can access mail files directly to judge deliverability.

ClamAV's black hole mode bypasses SMTP logs, making the tracing of the problem loads of fun.

Flipping black hole mode on wasn't my idea. ClamAV is one thing I trusted to the checkbox in Server Admin. I didn't really need ClamAV, which functions primarily to protect Windows users from mail-borne malware.

CERT rated this ClamAV exploit's risk at HIGH, while rating its complexity HIGH as well, meaning that it's a trick that only the brighter among delinquents can carry from potential to live exploit status. The dyslexic enuretics that commit most Internet felonies couldn't get a bowling ball through a doggie door without a gift-wrapped exploit script and a pack of IRC LOL-lies tutoring them on its use.

Here's the interesting bit. The CERT advisory for this potential exploit is dated August 27, 2007, by which time ClamAV had already issued its fix. Various affected Linux distributions swapped in the updated version of ClamAV that incorporated the fix, while more independent Linux-ens and BSD-ers downloaded and compiled the sources from clamav.org. It's a credit to these communities that notices are issued and hatches are welded shut so quickly.

Apple's fix for this ClamAV issue was made available via Software Update on March 18, 2008, almost eight months after the CERT advisory. Why the delay? Apple prefers to leave us guessing on matters such as this. Guessing can be enlightening as well as entertaining, so let's give it a go.

Remember those words "potential exploit?" That's security-speak for a flaw that's been identified, and usually demonstrated, but not seen in the wild. There are thousands of potential exploits on file. Some of them are so scary that after reading the list, you'd never want to turn on your computer. But being on constant alert for all potentially extreme dangers is a sorry way to live. Do you nervously anticipate disasters that rate 10 on a scale of 10 (or a scale of 5), like F5 tornadoes, someone's Lithium notebook battery pack exploding mid-flight, or the formation of the island of California? We rate potential threats on a likelihood scale.

My Xserve was boarded via the ClamAV exploit on March 21, 2008, three days after Apple issued its fix. I had my server set to check for updates weekly, and it hadn't pulled in the Security Update 2008-002 yet. It was during the interval between the fix's issuance and my Software Update client's polling for it that I got nailed. How could a cracker achieve such clever timing?

My bet: Apple's announcement of its fix for the ClamAV exploit was a signal that there remained a relatively small class of vulnerable servers in the wild. Learning that there were Leopard servers without the Security Update made it worth a fresh hunt.

I initially thought myself extraordinarily lucky that I foiled the attacker before he could plant a backdoor allowing him root access. Root access for the sake of it really wasn't what he was after. Read on.

Posted by Tom Yager on May 10, 2008 05:37 PM

April 16, 2008 | Comments: (0)

Ahead of the Curve: Back to the Mac

Several months ago, I determined that my years-long fondness required reexamination. I quietly took a break from the Mac to get some perspective, to check out Vista, AMD, and Longhorn (Windows Server 2008) untainted by Apple's PR and uninfluenced by other journalists and bloggers. I elected to take a break from reviews of new Mac hardware, the occasion of which always piques my interest in Apple's platform. There were times when I felt I'd chosen the worst possible time for this hiatus. I ended up passing on MacBook Air, Time Capsule, Harpertown Mac Pro, and most painful of all, the new MacBook Pro. It was difficult seeing InfoWorld pick up reviews of these from sister publications, but I take my responsibility to readers very seriously. I can't very well counsel you on technology choices if I consider the field limited to one worthwhile player, especially when that player projects the image that it competes only with the generation of systems that preceded what's presently sold.

I found enormous value in my time away from Mac. I made the kind of discoveries I used to make routinely before I took on the Mac as a specialty, and as I take up the Mac again -- which I am doing immediately -- it's clear that my appreciation for the platform is justified, and that the customary split of my effort and attention between Apple and AMD is justified.

The genuine, practical superiority of AMD's Barcelona server platform, and its Phenom desktop platforms that derived from Barcelona, came to light during the break I took from Mac. A one socket, quad core Spider (Phenom plus ATI CrossFire graphics) runs Vista so obscenely fast that even a diehard Mac user's head will turn. Privately, of course.

I found it extremely intriguing that systems built on Phenom platforms can tune themselves autonomously for the maximum possible CPU and GPU speed over a surprisingly broad range, based on a whole system approach that takes cooling, power supply capacity, and your preferences for noise and maximum power consumption into account. I found that I could speed bump an AMD Phenom desktop for free by moving it closer to the floor, where the cooler air prevails. What a grand idea that in itself shows genuine customer-focused insight.

I gained a fresh appreciation for the GNU compiler collection, which has taken remarkable strides since I last took a deep dive in it. I was unaware of the level of engagement from commercial partners, including Apple, AMD, and Novell. Each is undoubtedly pursuing its own agenda, but it does so within the framework and culture of one of the most tightly controlled and liberally licensed open source projects in existence. AMD has finally embarked on the long road to compiler parity with Intel with its contribution of Family 10 (Barcelona/Phenom) architecture-specific optimizations to GNU.

Apple has been busy on the gcc front as well. Objective-C 2.0, with its desperately needed garbage collection, has been a reality in the GNU toolchain since Xcode 3 was in non-disclosure beta. In release 4.2 of gcc, auto-parallelization joins auto-vectorization to adapt projects to multiprocessing and vector acceleration without developer intervention. Unless I'm mistaken, the public beta versions of the iPhone SDK, now at Beta 3, mark Apple's first swing at Microsoft-style free public distribution of pre-release dev tools. The privilege of early access has been reserved for paid members of Apple's Developer Connection programs. That iPhone SDK carries all of the latest GUI tools, documentation, and GNU command line compilers, including FORTRAN, into Apple's default distribution. Hit http://developer.apple.com/iphone and scroll to the bottom of the page for the download link. You do not need to pay the $99 fee to register as an iPhone developer to use the new tools, which compile applications for Leopard as well as iPhone.

Apple is getting ever more daring in its engagement with open source in other ways. WebKit, the fast HTML/CSS/SVG rendering and JavaScript engine used in Safari, has caught on like wildfire outside Apple, and why not? To get a commercial browser, loaded with current and emerging standards, free and open for incorporation in your software, is the stuff of fantasy, and Apple holds virtually nothing back. The WebKit project is not strictly Apple's. It enjoys broad community engagement, but it is worked as a priority by Apple's staff, even to the benefit of direct competitors. For example, the browser on Nokia's E-series phones is WebKit-based, and this is not the only example where Apple effectively put its staff and technology to work for the benefit of a competitor. The GNU toolchain's adaptability to multiple embedded platforms will see WebKit in everything from phones to toys, starting with iPhone and iPod touch. Now that WebKit has been accepted into Google's Summer of Code, I can't wait to see what innovation comes from that gathering. I plan to ply the most influential attendees with the libations of their choice and get their take on where development is headed.

Apple pushed the source code for the publicly exposed innards of OS X Leopard, known as Darwin 9, out for public download on MacOS Forge. Every time it does that, I imagine the move preceded by arguments inside the office about the effort and risks that such a program visits on Apple's platform business. The work of preparing a project of Darwin's size for public distribution is inestimable, and Apple deserves credit for putting it on the agenda of its top OS engineers and project leaders.

I love the conservative approach that Apple is taking with iPhone, especially with regard to multiprocessing. iPhone Applications need to launch and quit instantly, yet relaunch after the first execution having cached and persisted their closing state in detail. It's a freeze/thaw model of state persistence that I'd like to see extended to applications in general. Apple's Xcode has Instruments (prior: XRay), a tool that jams electrodes into your program's and the system's running environment. It records and charts statistical data at runtime along several axes for later examination. It's the most effective means of hand-tuning code for efficiency that I've ever used, and it shows the benefits of persistence quite plainly.

Taking a break from Mac hardware gave me a chance to drink more deeply of the software that Apple maintains off its beaten path. MacPorts and Apple's validated versions of open source projects are open source treasure troves stuffed with some 5,000 free applications tuned and packaged for Intel and PowerPC Macs. Digging through these repositories is so addicting that I had to issue myself an edict to get back to work, which I shall do, newly confident in my mission and purpose. I'm a Macophile for good reason.

Posted by Tom Yager on April 16, 2008 11:36 AM

March 10, 2008 | Comments: (0)

New iPhone enterprise developer program, $299; musings about iPhone app licensing

Companies and organizations that don't want to make their iPhone/iPod touch software publicly available through AppStore can now apply for a special $299 enterprise development license that entitles them to create and distribute custom software strictly for internal use. The application must be submitted by an individual empowered to make legal commitments on their employer's behalf.

This raises some questions in my mind. If you run a consulting shop that creates commercial iPhone software for clients' (say, government agencies') private use, does each client need an iPhone enterprise license? $299 is not prohibitively expensive, but some clients might balk at signing a contract with Apple as a condition of running the code you sold them. Commercial developers don't necessarily want to share their client lists with Apple.

I'll ask Apple how it works, but I'm hoping that the $299 program is the equivalent of an unlisted number. If the extra $200 buys the privilege of bypassing Apple's validation, distribution and customer registration systems, then it's the right approach.

You could argue that anyone who carries an iPhone is already registered with Apple when they activate their phone, so whatever secrets a user would wish to keep are already out. However, in enterprises, handsets are purchased and activated by the employer, not individual users (a purchase model which has, to this point, been denied iPhone buyers by AT&T). Once a phone is purchased as part of an enterprise deal, it should drop off the map where the handset manufacturer is concerned, and the wireless operator's role is limited to supplying the service and sending the bill. Which individual is using the phone, what for, where they work and what applications they're running should be nobody's business. Anything from personal security to trade secrets might be at stake. Once Apple picks up the enterprise baton, it has a lot to live up to.

iPod touch is a special case, and given my overall lack of enthusiasm for AT&T, my favorite case. touch can be used exclusively inside company, agency or a home's walls for any private use the purchaser has in mind. There is no carrier to protect. There is no requirement to sign up with iTunes or any other service in order to use iPod touch for applications. My first application for iPod touch will be to use it as a remote control for an iBootBar rack power controller. This has several network interfaces, but Telnet is the most versatile and will hide well under a GUI. This won't be a difficult first assignment. I'm more uncertain about licensing for personal applications than I am the SDK.

My read of Apple's signing and licensing requirements is that once you pay your $99 or $299 and are issued a certificate, you can start using iPhone/iPod touch units for development (prior to licensing, you can only use the emulator), permitting you to use real devices as develop and debug targets. I have a hunch that units are activated for development use individually (how and how many, I have no idea; perhaps an iTunes-like model) to prevent the use of the SDK as a means of distributing apps.

Where applications written for my sole use are concerned, do I have to sign my code, upload it to AppStore, wait for approval, and re-download it in order to use it? Do I have to re-sign and resubmit the app I wrote for myself every time I make a change (because the checksum changes)? So many questions.

Developer and user licensing will be the messiest aspects of iPhone custom development leading up to the public release in June. I'm going to try to snag a briefing with Apple prior to the release to go over iPhone/iPod touch certificates and licensing. I'll share those details with you.

Posted by Tom Yager on March 10, 2008 07:06 AM

March 06, 2008 | Comments: (0)

iPhone/iPod touch Q & A

Q: Why is Apple the exclusive distributor of third-party software for iPhone and iPod touch?
A: Somebody has to take full responsibility for customer security. Apple is taking responsibility for security by issuing developer certificates that irreversibly link every app a traceable, physical creator. Apple is a good groundskeeper, too; the site's always going to look splendid.

Q: Why do I have to pay $99 to write code for iPhone, and what's that buy me?
A: You can write code for iPhone for $0; download the tools from developer.apple.com. Mess around in the simulator to see if it piques your interest. If it does, then $99, plus answers to the validation questions that Apple will ask, gets you a certificate that will burn your name into your code. When you get that, you can start debugging with a physical iPhone or iPod touch. And you can upload your software to AppStore.

Q: What is AppStore, and how do I get in it?
A: The AppStore icon will be added to iPhone and iPod touch

Q: I meant, how can I get my software in it?
A: Sign up as an iPhone developer. They'll guide you through it.

Q: What kind of merchant account, PayPal, Kagi thing will I need to get my software sold?
A: This is much as you need to worry about money: a) Pay Apple $99 to be a developer; b) write something worth buying; c) decide what people should pay for it; d) upload it to Apple; e) rejoice as you're paid 70% of your monthly sales.

Q: Is anything about this program open source?
A: Steve Jobs says no. You will find references to ARM (the MCU used in iPhone and iPod touch) scattered around the Darwin source code.

Q: Do you think it's possible to completely overwrite the software on iPhone so I can do what I want?
A: For carrier unlocking: a) Buy iPod touch; b) Buy unlocked telephone

Posted by Tom Yager on March 6, 2008 04:31 PM

March 06, 2008 | Comments: (0)

Apple's iPhone software strategy moves me

A colleague scolded me for applauding during Apple's press conference to announce iPhone 2.0, next-generation firmware that will bring a host of enterprise features and support for a native software development kit (SDK) to iPhone and iPod touch. In my defense, I kept my pen and pad in my hands while the room went berserk over Apple's deal with Microsoft to bring an extraordinary array of Exchange Server connectivity to iPhone. I was moved, but not to clapping, by Apple's implementation of Cisco VPN compatibility, WPA2 security and other touches that IT administrators set as requirements for devices that connect to their networks. The enterprise half of Apple's new mobile strategy speaks to IT, and therefore to me as an IT journalist. iPhone 2.0 brings iPhone and iPod touch many steps closer to parity with the high-end BlackBerry, Windows Mobile and Nokia QWERTY and stylus handsets that are enterprise mainstays now. My journalist appreciates having a new contender in enterprise mobile, but does not applaud at press conferences presenting same. I nod and note.

[ Read my iPhone 2.0 Q&A. Read about the developers' reaction to the news. Read our special report, "IT's guide to the iPhone." Learn how to make the iPhone work at work. ]

But I am more than a journalist. I worked in engineering, consulting and technical management in the wireless industry before coming to InfoWorld. I've covered wireless, mobile and embedded technology during my entire tenure here simply by continuing to think and operate like a professional with skin in the mobile and embedded game. For over a decade, I've seen wireless carriers, hardware and component manufacturers and OS vendors come at custom software development from every imaginable angle but the right one. I've known for so many years that the barrier to a boom in mobile applications is a stable, simple, documented platform and a matched set of development tools. I've known that these things don't exist because no entity has found a way to make such an effort profitable. Apple has.

Lest I carry on too long in one post about a topic that will take many posts to cover, I'll clue you in on the points that provoked my applause.

Apple's native dev tools include live remote debugging and run-time profiling of USB-connected devices. During the demo, Apple showed Xcode's Instruments (formerly Xray, derived from Sun's DTrace) recording stack traces in real-time from software running on an iPhone. Developers of embedded software--and that's precisely what handset apps are--appreciate how difficult, expensive and tedious it is to design, code and debug with a tethered physical target, and what a big deal it is to have live debugging baked into an embedded platform and a free toolset. English translation: Applause.

Apple is hosting a catalog of third-party applications (AppStore), splitting the proceeds with developers 70/30, and paying developers for software sold on a monthly basis. AppStore will automatically notify iPhone and iPod touch customers when new releases of their purchased software is available. No desktop approach to shareware and small-volume licensing is adaptable to mobile. All a third-party developer needs to do is upload its software to Apple, hang on it the price tag of his choice, and it'll be added to the catalog. From there, the developer just waits for the checks. And, one hopes, responds to calls for support.

Apple will not charge developers or customers for free third-party software. Huzzah!! Developers will need their $99 certificate, but you can band together with your buds and code under an assumed name. Only the guy that actually has the phone needs the license. Everyone else can work for free, using free tools, with the free simulator.

Apple is opening the same APIs that it uses internally. OS X, BSD, TCP/IP, Sockets, security, power management, Keychain, Core Services (e.g. Address Book, Mail), Core Audio, OpenAL, audio recording, graphics (JPG PNG TIFF), PDF, Quartz 2D, OpenGL ES and H.264, to name a few. A new GUI API layer, Core Touch, has been added. A database layer, managed by SQLlite, is in there. Might could get something done with all that.

Apple will charge $99 per developer to issue a code signing certificate, and Apple will police the AppStore catalog for malware and the like. That's cheap, and in return, Apple's taking responsibility for security. Gutsy.

The iPhone SDK and documentation are entirely free of charge for use with the integrated iPhone simulator. You don't have to buy a certificate to write code. You don't even need an iPhone.

Interface Builder (the GUI designer in the Xcode toolset) is loaded with all standard iPhone and iPod touch interface elements and actions. No more AJAX hacks that look sorta like...

Safari WebView was only mentioned as a term, but if it gives me locally-hosted apps, written in JavaScript, with an HTML front end, I'm down. That might tide me over until Silverlight and Flash come around.

No, seriously, I won't wait. I must code.

After the break, a Q & A with our resident cynic.

Posted by Tom Yager on March 6, 2008 03:43 PM

January 14, 2008 | Comments: (0)

Thoughts on the iPhone/iPod touch SDK

[Late note to helpful commenters: I only write from my experience, observation and analysis. I don't read anyone else's work on topics I cover.]

If everything is still on track, Apple will roll out a software development kit (SDK) for iPhone and iPod touch, which share a platform, in February. I have been pondering some possibilities about that SDK. I don't have answers, but perhaps the questions will get you thinking.

Why do an SDK? Certainly not to make the world happy. If Apple spoke with me about iPhone, it would point out that I'm among a tiny handful of people campaigning for a native iPhone SDK. Casual developers would be overjoyed if Apple beefed up iPhone's Javascript to provide programmers with access to a protected subset of the filesystem and the ability to add icons to the home screen. If it were possible to browse "file://" in Safari, then local HTML apps with XML data stores could function as off-line applications.

A similar purpose would be served by a tiny HTTP server capable of performing data binding and mixing of local and on-line content.

In the long run, I think that the reason for doing a native iPhone SDK is to make iTunes Music Store a marketplace for downloadable mobile software. It's been done; Forum Nokia has catalogs of third-party software and hosts developers' applications. An icon on your phone takes you to the Nokia catalog, and software that you purchase from there gets tacked onto your phone bill. Developers get a check for their cut. Games and network tools are very popular.

Commercial developers (shareware and up) need to wire their code for time-limited trials and phone home activation, which is harder to work into non-native software. Nokia tags offerings in its catalog by programming language, and the vast majority are written in C.

If the iPhone SDK is genuinely native, that is, compilers can target the ARM CPU, then that openness will come with high-tensile strings attached that will prevent working around any of the restrictions that protect Apple and wireless operator revenue, and to protect non-savvy iPhone users (the majority). If the SDK permitted the opening of arbitrary TCP sockets, for instance, half of the world's iPhones would be running P2P file sharing clients 24/7, at wireless operators' expense. Trusting users would be downloading malware-stuffed Tetris clones that ship address books and mail folders to identity thieves. I don't see Apple opening itself to this.

Apple will provide as much cover for customers as it can. iPhone apps will be sandboxed so that system and iTunes files are invisible. The first custom app you run will see an empty file system from / on down. Further protection will be afforded by Apple just as Nokia has done it (and with great controversy): Vendor code signing. There is no getting around the fact that native mobile apps, except for those you write for yourself, must be signed, and that no developer can be equipped with the means to sign code that runs on another device. Code has to blessed by a single trustworthy authority. I can't imagine what the signing process would be, how long it would take or how much it would cost--I'd hate to see no potential for iPhone/iPod touch freeware--but I don't think that it's something Apple will farm out.

iTunes' adaptable infrastructure and digital rights management technology are already there. After receiving and signing an app on behalf of a developer, Apple need only add a workflow item to ship that material, price attached, to iTunes. The question in my mind is how developers will get paid. Is Apple going to cut hundreds of developers individual checks? Will Apple demand to be the only source through which signed applications can be acquired?

So many questions. That's what I love about this job.

Posted by Tom Yager on January 14, 2008 11:17 PM

January 14, 2008 | Comments: (0)

Macworld Conference and Expo: Why am I here?

I always look forward to Macworld Expo, but this year my expectations are especially high. It may be the bracing San Francisco weather that's got my blood moving, but it's my anticipation of the keynote and the exhibit floor that have me blogging in the shower.

Apple has scheduled two briefings with me this week. One is a keynote follow-up on Wednesday, and the other is a sit-down on Mac Pro and Xserve on Thursday. I've already got the skinny on Mac Pro and Xserve, both quite impressive, but both falling under the category of pre-show announcements that make room for something else. So will the Wednesday briefing be all about iPhone?

I am braced for that possibility. With 3G, a lower price, streaming media and an upcoming software development kit (SDK), I'm prepared to treat iPhone '08 as a new device. I have speculation related to the SDK that I'll relate under separate cover. Suffice it to say that I don't expect to be able to wipe iPhone's system software clean and replace it with Darwin. That would subvert the primary purpose of Apple's mobile platform: To be an iTunes terminal that fits in your pocket and sticks to your dashboard. The only need that I can see for an iPhone SDK is to allow Apple to market signed commercial software on iTunes Music Store. The only justification that I can see for native code is to support games, and to allow commercial code to enforce licenses.

Apple could surprise me. After all, there is no obvious revenue justification for publishing those portions of Darwin that are not covered by GPL, the GNU Public Licenses that require vendors to publish their adaptation of software covered by the license. I can imagine, and I'm sure that others can, too, iPhone and iPod touch being the world's most sought-after robotics controllers and de facto platforms for university courses in embedded systems. I don't expect iPhone/iPod touch to be opened to kernel hackers, but I think that in the long run, Darwin has good potential as an embedded OS.

I hear from my editors that there is still speculation about a Mac tablet. I'm bearish on that; PC tablets aren't hot commodities. With so much low-hanging fruit yet to harvest from the seasonal evolution of Mac, iPod, iPhone, iTunes, Leopard, Pro Apps and .Mac, I can't foresee any bold new lines of business for Apple right now. My attention this year is largely focused on third-party vendors. I am always hopeful for products that I didn't see coming, and I'd be delighted to hear Steve say something that nobody expects.

In any case, this'll be fun. I hope you'll come along.

Posted by Tom Yager on January 14, 2008 01:05 PM

December 05, 2007 | Comments: (0)

Wii News Channel report: German court re-locks iPhone, bad dad blogger baffled

The funny thing is, this happened (link to AP) before I filed my brilliant analysis on the subject of European court and law-imposed unlocking of iPhone. However, even though the German court, operating under my precisely tuned radar, pulled its injunction against iPhones locked to T-Mobile, German law still requires that iPhones be unlocked after the 2-year contract expires.

Anyways, my point remains.

You can't get this kind of up-to-the-yesterday news commentary at any price, my friend. It may also interest you to learn that I spotted the updated AP story on my trusty news ticker, the Nintendo Wii that I'm giving my kid for Christmas.

I see that despite the fact that I have tons of actual work to do, I'll have to explain why I had my son's gift out of its box. I had to pair it with my Airport Extreme, install the batteries in the remote and set the parental controls. And wouldn't it be a drag if it came out of the box on Christmas not working? Yes, I absent-mindedly left it out in my office, and it was sitting next a GameCube controller and Blockbuster rentals of Super Mario Galaxy and Sonic Heroes. He saw that whole pile, but in my office, they blend. When we're all gathered 'round the tree, he'll pretend to be surprised, and I'll pretend that I didn't check it out. Isn't that everybody's Christmas?

Stop judging me.

Posted by Tom Yager on December 5, 2007 01:35 PM

December 04, 2007 | Comments: (0)

France and Germany sell unlocked iPhones. What price freedom?

Apple assumed that it could extend the reach of its U.S. sales model for iPhone, which requires the purchase of a two-year service contract with AT&T, across the Atlantic. But in France and Germany, consumers are able to purchase unlocked iPhones over store counters, without shame and in broad daylight. It seems that "over there," governments take a dimmer view of companies telling consumers that this cake must be purchased with that icing. At least in two European countries, consumer freedom is a cost of doing business.

Does Apple face a danger that iPhone carrier choice may catch a favorable ocean breeze and drift to the States? Not likely. There are Americans who still assert that they have the right to use iPhone with any GSM carrier, but these protesters commiserate via iPhones on AT&T's network. The number of Americans torqued off at the exclusive AT&T deal roughly matches the number who march on Cupertino over Apple's refusal to let OS X run on PCs. Translation: Nobody with a life really cares about it. If someone wants an iPhone, AT&T won't be a show-stopper.

Perhaps it is noteworthy that Apple hasn't packed up its marbles and walked away from Germany and France for their refusal to bow to Apple's American model of carrier exclusivity. It potentially leaves Apple's chosen partners at a disadvantage: A customer with an unlocked iPhone can sign with another carrier that treats iPhone like any other phone, a carrier that doesn't pay dues to Apple and can therefore undercut Apple's official partners.

But Apple has a clever strategy to make freedom pay. It can make any of iPhone's canned applications work only on select networks. Imagine the letdown of bringing your unlocked iPhone home, sliding in the SIM card from your old phone, and getting a "this feature is not supported on your network" message when you tried to access Visual VoiceMail or YouTube. Sure, an unlocked iPhone will work on any network, but if that network doesn't have Apple's partner services, will an unlocked iPhone really be an iPhone, or an iPod Touch that makes phone calls?

I expect that it's difficult to light up the bars on an iPhone in a way that satisfies consumers' expectations without somehow giving Apple something off the top. Some consumers may find carrier freedom that comes at the cost of iPhone services unfulfilling.

Posted by Tom Yager on December 4, 2007 03:38 PM

November 22, 2007 | Comments: (0)

Cool facts about the Leopard kernel

Source code for the x86 and PowerPC OS X (Darwin) kernels have been merged in Leopard for the first time. Prior to Leopard, PPC and x86 source trees had to be downloaded and managed separately. Now instead of building the right tree for your system type, you identify your target architecture at build time.

The Darwin sources now self-build a bootable Darwin using only make. Previously, you had to download a separate set of build tools called Darwinbuild.

x86 and PowerPC aren't the only targets for the Darwin kernel. The build example in the xnu README attached to the Leopard kernel makes reference to a Freescale MX31ADS ARM9 eval board (link to PDF manual) build target. That bodes well for the reach of the iPhone/iPod Touch developer kit in February, eh?

Posted by Tom Yager on November 22, 2007 07:40 AM

November 22, 2007 | Comments: (0)

Leopard kernel source code published November 8

Happy Thanksgiving, everyone. Among countless other things, I'm thankful to have a weekday during which I can leave my BlackBerry powered down.

I have also chosen today to give overdue thanks to the Leopard project team. The Darwin kernel used in Leopard has been posted to Macosforge.org. This figured into my ten out of ten review score, but yelling about sources in a review targeted to users, admins and IT buyers is a little too gearheady. If Apple is popping any champagne corks over Leopard being InfoWorld's first ten out of ten review, then I bid them set aside a well-chilled bottle of the finest (or their preferred adult or hypercaffeinated beverage) for Kevin Van Vechten and his team.

If you watch for Darwin kernel releases, you might have bookmarked Apple's Darwin kernel (xnu) project page, which still shows Tiger 10.4.8 as the newest announced version of the Darwin kernel. Keeping the news page current for media snoops isn't as important as getting the real work done. I confess being glad for that, because not many can grasp the relevance of Apple's lock-step kernel source publishing policy.

The sure-fire URL to bookmark for up to the minute Darwin sources is http://www.opensource.apple.com/darwinsource/tarballs/apsl/, which is an HTML gateway into Apple's open source version control system. The pretty page URL, which also provides convenient pointers to tools, docs and related sources, is at http://www.opensource.apple.com/darwinsource/. I haven't watched that page closely enough to vouch that it is kept up to date, but the xnu (kernel) releases listed there do reflect the full list of downloadable tarballs.

By keeping the release of kernel sources in step with commercial OS X updates a priority, Apple's engineers, program and project managers have now put a universe's worth of distance between OS X and other commercial OSes. Readers should know that xnu, the Darwin kernel, is an "extra mile" project. Publication of the kernel sources is not mandated by a license lien on any of Darwin's open source components. The BSD license attached to much of the Darwin kernel requires attribution, not distribution. I've always admired that.

The Leopard project team's brilliance and vision doesn't end there. I've unearthed some exciting details that deserve a post headline of their own, to follow immediately.

Posted by Tom Yager on November 22, 2007 06:31 AM

October 26, 2007 | Comments: (0)

Leopard Hands-On: The Beginning

As a counterpoint to the crushing disappointment that was Vista, which emerged with only a fraction of its promise intact, Apple's OS X Leopard (10.5) is everything that Steve Jobs said it would become when Apple first placed that first unsteady cub in developers' hands. Leopard is also a thick catalog of inventions and improvements that Steve flat neglected to mention, so thick that Apple had to resort to running the equivalent of a software project change log on its site for marketing purposes. You can't possibly chew through that list. I've been testing and assembling my own list of relevant and remarkable changes in Leopard, a list that speaks to more professional and savvy Mac users as well as those who might switch (or are sure they'll never switch) from Windows and Linux.

I have to start the introduction to this series of hands-on Leopard stories with what I consider to be Leopard's most impressive quality. For its 300 changes since Tiger (OS X 10.4), the line item reading of which provokes a range of reactions from the head nod to the ear-to-ear grin, there is not one ounce of fat, no feature in Leopard that you'd opt to leave on the DVD the next time you install it. Instead, for all that's been added, Leopard remains trim enough to run on a PowerBook G4 with 512 MB of RAM. The very same OS is a robust, Open Group certified 64-bit UNIX when run on Intel Core 2 Duo and PowerPC G5 machines, with no need to buy a special edition. One of Apple's marketing lines says that everyone gets the ultimate edition of Leopard because that's the only edition there is. I'd argue that if Microsoft's Vista product tagging is the basis for comparison, then all Leopard buyers get the 64-bit enterprise edition.

Despite the fact that I'm far past this stage, the first hands-on experiences I can relate involve stability and installation.

If you're eyeing Leopard, one concern that you can cross off your list straight away is stability. I've spent several months working with Leopard as a developer and administrator. I began rolling Leopard into production on MacBook, MacBook Pro, Mac Pro and Xserve Xeon, against Apple's advice but not requiring its consent, at a point well prior to its release. I'd be testing the bounds of non-disclosure to tell you when I felt Leopard hit its stride. Instead, I'll just say that there is no need to obey the standard advice to wait for the first boatload of fixes before buying in. That's true of Windows, and true of Linux, but not Leopard. Leopard shed its training wheels a while ago.

Non-Mac users coming to Leopard will find a really simple, automated install experience, but it is more flexible than before. That's most notable in network configuration, where auto-detection of wired and wireless networks is more accurate. It's easier to enter the SSIDs of private Wi-Fi networks, and you can bypass network configuration entirely. OS X doesn't phone home for authorization, so you can install completely and permanently without exchanging registration info with Apple.

Existing Mac users thinking of taking the leap can safely take ease of upgrades and installation for granted, after they burn their most critical data to DVD or an external hard drive. Migration Assistant, which you can invoke at install time or at your whim later, transfers your user data and applications from Tiger to Leopard after what amounts to a clean install. The Leopard installer will let you do an overlay install, which updates the system software and tries to leave everything else alone. It is impossible to automate all possible cases, but I can't imagine any user who could make Migration Assistant fail. Do be patient, though. Take measures to ensure that Migration Assistant runs uninterrupted, and understand that Migration Assistant's estimated time to completion is a wild guess. In my experience, it finishes sooner than expected.

As a taste of what's to come, I'll spend a few words on what I found to be the most substantial user interface enhancement: Spaces. Spaces gives you multiple virtual desktops, and you can switch among them via the keyboard, Dock or menu bar icon. It isn't fast user switching--all desktops are the same user--but it's more lightweight, and there's no need to enter a password when you switch desktops. The unexpected killer here is that Spaces lets you target specific applications to selected desktops. So, for example, you can arrange things so that Mail always opens in Spaces' second desktop, or you can set up separate developer and productivity desktops.

I'll go on from here through the weekend and into next week. I'm holed up in a hotel doing nothing but Leoparding. To tide you over until my next hands-on dispatch, you'll find one Apple exec's selected Leopard high points in this interview, and my thoughts on Leopard from a technologist's perspective are in my Leopard: A Beautiful Upgrade column. Hang out. You're welcome to the pull-out sofa, and you get used to the noise from the Xserve.

Yes, there will be screens and video. Many, many visuals.

Posted by Tom Yager on October 26, 2007 05:40 PM

October 24, 2007 | Comments: (0)

Why Leopard matters, plus more ZFS details

I can't assume that subscribers and visitors to Enterprise Mac necessarily follow my Ahead of the Curve blog. Pointing you toward other Mac-related content I've created saves me the effort of paraphrasing it for use here.

My recent column, "OS X Leopard: A beautiful upgrade" highlights Leopard as a turning point for Apple, Mac users, UNIX and the market as a whole. It's worth a read even if you've already decided to pop for Leopard, and even worth reading if you're sure you'll never touch a Mac. Leopard is an exemplar of user-focused design that doesn't obscure the underlying power of the OS.

My last Ahead of the Curve is a higher-altitude look at ZFS, a "why ZFS?" counterpart to the two-minute ZFS primer I've already written in Enterprise Mac.

Posted by Tom Yager on October 24, 2007 12:51 PM

October 17, 2007 | Comments: (0)

From Steve Jobs: Third-party iPhone SDK in early '08

Steve Jobs just issued a letter in response to criticism of Apple's decision to keep iPhone closed to third-party developers. The full text of the letter can be found at Apple Hot News. What follows is my commentary on Jobs' text. I have not included his full letter, only the portions on which I chose to comment. Jobs' text is set off in italics.

Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February. We are excited about creating a vibrant third party developer community around the iPhone and enabling hundreds of new applications for our users.

iPhone crackers can quit gloating. This isn't their win. It's a response to customers and alignment of policy with the state of the mobile device market. iPhone can't reach consumers like me because show-stopper apps and functionality, like TeleNav turn-by-turn navigation and Java MIDP, will never work on the phone, but work on all other devices I'd carry.

It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc.

Agreed. Having an SDK without tight security is as inadvisable as having no SDK. I'm adamant on this point.

Mobile devices are constantly connected to the Internet, and like PC users, most wireless subscribers haven't the faintest idea how to respond to firewall pop-ups like "Grant application xxx access to the Internet?" All a hacker needs to do is give malware an important-sounding name like "cingular_update" to get 95 percent of phone users to let it run amok.

This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true.

Correct, but for balance's sake, let's say that cell phone users assume that the cellular network is safe and secure, and that operators cultivate that assumption because it's good for business.

Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer.

Requiring signed apps is cool with me as long as phone manufacturers don't turn software registration into a developer tax. Nokia grants free signatures to freeware authors, and developers can self-sign software for testing, but commercial signatures cost money.

Nokia also lets users disable application signature checking on their phones.

Prior to delivering an SDK, I'd be pleased if Apple initiated support for Java MIDP and Flash Lite, both of which are extremely secure environments for local applications.

P.S.: The SDK will also allow developers to create applications for iPod touch.

Very smart.

Thank you, Steve.

Posted by Tom Yager on October 17, 2007 04:10 PM

October 16, 2007 | Comments: (0)

News summary and interview: Apple to release Leopard in ten days

After a months-long delay that only seemed to provoke greater buzz and anticipation, Mac OS X Leopard and OS X Server Leopard will go on sale at 6:00 PM on October 26, 2007. Apple boasts 300 new features in its Leopard client OS, and 250 new features in its server operating environment. During a harried 15-minute briefing, Brian Croll, Senior Director of Product Marketing for Mac OS X, rattled off what he considers to be the high points in the client version of OS X Leopard:

A redesigned desktop with a consistent look across applications, and a semi-transparent menu bar to allow desktop backgrounds to show through.
A redesigned Dock, a row of icons for launching frequently-used applications, with a semi-transparent background and reflections under each icon.
Finder, OS X's counterpart to Windows' Explorer, has an updated Sidebar. The customizable collection of icons for frequently-accessed folders now locates and displays network files shared from PCs and Macs on the same LAN.
Finder has gotten an overall revamping to a more intuitive and modern look and feel. The new Finder borrows its appearance and behavior from iTunes, Apple's media player and content purchasing interface, including an iTunes feature called Cover Flow that lets you flip through images and other viewable content like pages in an album. "It's really fun and useful to browse content on the PCs and Macs on your network using Cover Flow," said Croll.
Most viewable content types, such as images and PDF and Word documents, can be viewed with Finder's integrated Quick Look without launching an additional application.
To-do lists synchronize with both Mail and iCal, OS X Leopard's bundled e-mail and calendar/scheduling clients. Croll said, "We've noticed that people send reminders to themselves in e-mail."
Leopard's Mail application implements Data Detectors, which scan e-mail messages for phone numbers, e-mail addresses and street addresses. These can be added to Leopard's Address Book, located in Google Maps or copied into iCal.
iChat, Apple's bundled instant messaging client, takes on a host of new features in Leopard, including special effects from OS X's Photo Booth Web cam snapshot app (iSight Web cameras are standard in Intel-based Mac client systems). Leopard's iChat also supports the live playback of images, audio and video during a live chat, and users can share their screens for remote viewing or remote control.
Croll also pointed to several new facilities for OS X Leopard Developers: Core Animation automates smooth 2-D animation with simulated 3-D paths and transforms; Xcode 3.0 is a rich integrated development environment for programs written in C, C++. Objective-C and other languages; Xray, adapted from Sun's DTrace, lets developers monitor and profile applications while they execute without the hassle of a debugger.

Croll described "reasonable system requirements" for Leopard that reach well into Apple's legacy PowerPC platforms. Any Macintosh with a 32-bit PowerPC G4 CPU running at 867 MHz or higher can run Leopard, as can all Macs with 64-bit PowerPC G5. All Intel Macs support Leopard, and Croll said that the minimum memory requirement for all architectures is 512 MB. An optical drive capable of reading DVD media is also required.

Croll laid out the plan for upgrading recent buyers of Mac systems from Apple's currently shipping operating system, OS X Tiger, to Leopard. Apple is giving Mac buyers, including those who purchased Apple's Xserve rack server, a free copy of Leopard (for a handling fee of $9.95) provided that they purchased their systems after October 1, 2007. Customers purchasing new Mac or Xserve systems after October 26 will receive Leopard either pre-installed on their systems or as a DVD inside the box.

Boxed copies of OS X Leopard client and Server will be priced at $129 and $999, respectively. A family pack with five client licenses of OS X Leopard will sell for $199. Apple's Web site for Leopard can be found at http://www.apple.com/macosx.

Posted by Tom Yager on October 16, 2007 07:21 AM

October 16, 2007 | Comments: (0)

LEOPARD SERVER SHIPS 10/26 (press release)

Apple Announces Mac OS X Server Leopard

CUPERTINO, Calif., Oct. 16 /PRNewswire-FirstCall/ -- Apple(R) today
announced that Mac OS(R) X Server version 10.5 Leopard will go on sale on
Friday, October 26, at the same time as Mac OS X Leopard. Leopard Server
extends Apple's legendary ease of use, making it even easier to take advantage
of the benefits of a server, and introduces Podcast Producer, the ideal way to
automatically publish podcasts to iTunes(R) or the web. Leopard Server packs
more than 250 new features including Wiki Server, allowing people to
collaboratively create and modify their shared web sites with just a few
clicks; and iCal(R) Server, the world's first commercial CalDAV standard-based
calendar server.
"Leopard Server is the best release of Mac OS X Server yet, bringing more
great innovations, like Podcast Producer, Wiki Server and iCal Server," said
Philip Schiller, Apple's senior vice president of Worldwide Product Marketing.
"With new setup features that have a server up and running within minutes and
no client access licenses, Leopard Server is the ideal alternative to
complicated and expensive server offerings for small and large businesses."
Leopard Server presents new features for effortless setup, management and
monitoring of systems on the network. Server Assistant configures server
applications, network settings such as IP addresses and DNS configurations and
user accounts with just a few clicks. Server Preferences simplifies management
of users, groups and key server applications, and a Server Status Dashboard
widget remotely monitors activity and usage. Leopard Server also eliminates
the need to manually set up Leopard clients by automatically configuring
client applications, including file sharing, Mail, iChat(R), iCal, Address
Book and VPN from user information stored on the server.
Podcast Producer is the easiest way for anyone to record content,
automatically upload it to the server and convert it into a podcast optimized
for playback on almost any device, including a High Definition TV, iPod(R),
Apple TV(TM) or multimedia-enabled cell phone.
With Wiki Server, anyone can easily create and edit collaborative web
pages, called wikis, with a few clicks of a mouse. Wiki Server has 20
Apple-designed web page themes and provides a complete revision history to
make it easy to restore previous entries and merge or compare different
versions. Wiki Server can automatically notify users whenever a change is
made, keeping them up-to-date on the latest information, and users can tag
keywords to find content quickly.
It's easy to share calendars, schedule meetings and coordinate events
within a workgroup, school, small business or large corporation using iCal
Server. iCal Server is the first open, standards-based calendar server that
works with popular calendar programs which support the new CalDAV standard and
does not require client access licenses, so businesses can add users freely as
they expand at no additional cost.
Leopard Server is fully UNIX compliant and its core services, including
Apache 2, MySQL 5, Postfix, Podcast Producer and QuickTime(R) Streaming
Server, are 64-bit, allowing users to work with larger data sets and take full
advantage of the performance and processing power of their 64-bit hardware.
Since Leopard Server is fully 32-bit compatible, users can run 32-bit and
64-bit applications natively side-by-side.

Pricing & Availability
Mac OS X Server version 10.5 Leopard will be available on October 26 at
Apple's retail stores and through Apple Authorized Resellers for a suggested
retail price of $499 (US) for a 10-client edition and $999 (US) for an
unlimited-client edition. An unlimited client license of Leopard Server is
included with Apple's powerful Xserve(R) rack-mount server hardware at no
extra charge. Online pre-orders can be made through the Apple Store(R)
(http://www.apple.com) starting today and current subscribers to the Apple
Maintenance Program will receive Leopard Server as part of their service
agreement. Volume and maintenance pricing is available from Apple. The
standard Mac OS Up-To-Date upgrade package is available to all customers who
purchased a qualifying new Xserve system from Apple or an Apple Authorized
Reseller on or after October 1, 2007 for a shipping and handling fee of $9.95
(US). Leopard Server can run on any Macintosh(R) computer with an Intel,
PowerPC G5, or G4 (867 Mhz or faster) processor, a minimum 1GB of RAM and at
least 20GB of available disk space.

Apple ignited the personal computer revolution in the 1970s with the Apple
II and reinvented the personal computer in the 1980s with the Macintosh.
Today, Apple continues to lead the industry in innovation with its
award-winning computers, OS X operating system and iLife and professional
applications. Apple is also spearheading the digital media revolution with its
iPod portable music and video players and iTunes online store, and has entered
the mobile phone market this year with its revolutionary iPhone.

Posted by Tom Yager on October 16, 2007 06:02 AM

October 16, 2007 | Comments: (0)

LEOPARD SHIPS 10/26 (press release)

Apple to Ship Mac OS X Leopard on October 26

CUPERTINO, California—October 16, 2007—Apple® today announced that Mac OS® X Leopard will go on sale Friday, October 26 at 6:00 p.m. at Apple’s retail stores and Apple Authorized Resellers, and that Apple’s online store is now accepting pre-orders. Leopard is packed with more than 300 new features and introduces a brand new desktop with Stacks, a new way to easily access files from the Dock; a redesigned Finder that lets users quickly browse and share files between multiple Macs; Quick Look, a new way to instantly see files without opening an application; Spaces, an intuitive new feature used to create groups of applications and instantly switch between them; and Time Machine, an effortless way to automatically back up everything on a Mac®.

“Leopard, the sixth major release of Mac OS X, is the best upgrade we’ve ever released,” said Steve Jobs, Apple’s CEO. “And everyone gets the ‘Ultimate’ version, packed with all the new innovative features, for just $129.”

Leopard’s new desktop includes the redesigned 3D Dock with Stacks, a new way to organize files for quick and easy access with just one click. Leopard automatically places web, email and other downloads in a Downloads stack to maintain a clutter-free desktop, and users can instantly fan the contents of this and other Stacks into an elegant arc right from the Dock. Users can also create their own Stacks for quick access to folders, documents or applications. Leopard’s gorgeous new look extends to all applications, with every window on the desktop offering a consistent design theme and active windows outlined by deeper shadows that make them stand out.

The updated Finder includes Cover Flow® and a new sidebar with a dramatically simplified way to search for, browse and copy content from any PC or Mac on a local network. Content on any computer on a local network can now be searched using Spotlight™, browsed using Cover Flow or copied across the network with a simple drag and drop. .Mac members can use the new Back to My Mac feature to browse and access files on their remote Macs over the Internet.

Quick Look is the fastest and easiest way for users to look inside files without launching them or even having the application that created them. With Quick Look, users can instantly view full-screen, high-resolution files of virtually anything, even media files, from any view in the Finder.

Spaces gives users a powerful new way to organize their work by creating customized desktops which can contain only those applications or documents needed for each project, with the ability to quickly switch between Spaces with the mouse or keyboard.

Time Machine lets users easily back up all of the data on their Mac, find lost files and even restore all of the software on their Mac. With just a one-click setup, Time Machine automatically keeps an up-to-date copy of everything on the Mac.* In the event a file is lost, users can search back through time to find deleted files, applications, photos and other digital media and then instantly restore the file. If it’s ever necessary, Leopard can also easily restore an entire system from the Time Machine data on an external drive.

Mail has been updated in Leopard and features more than 30 stationery designs and layouts that look great on a Windows PC or Mac so users can easily send stylish, personalized emails with beautiful graphics and photos. Notes and To Dos help users stay organized by acting just like emails that can be easily created, saved as drafts, synced across multiple Macs and stored in Smart Mailboxes. Data detectors automatically sense phone numbers, addresses and events so they can be added to Address Book or iCal® with just a few clicks, and users can keep up-to-date by getting the latest news and blog feeds delivered directly to the their mailboxes with a built-in RSS reader.

iChat®, the easiest-to-use video conferencing application on any personal computer, offers even richer video chats in Leopard with iChat Theater, which makes it easy to show photos, presentations, videos or files in a video conference; screen sharing which lets users remotely view and operate another Mac; and Photo Booth® effects for fun distortions and video backdrops that can instantly make users appear to be anywhere they choose.

Other new features in Leopard include:

improved Parental Controls, aiding parents in managing their kids’ online activities with automatic identification of unsuitable content before allowing website access, plus time limits and activity logs that can be accessed from any Mac on a home network;
the complete Boot Camp® release, previously available only as a beta, making it possible to run Windows natively on Intel-based Macs;**
Web Clip, bringing anything that a user wants from a web page to Dashboard as a live widget;
new Photo Booth features, helping users create animated iChat buddy icons or fun effects and backdrops with still or video images;
an enhanced Dictionary with Wikipedia built in, allowing users to access up to date information on virtually any subject in a snap;
a newly updated iCal with multi-user calendaring based on the new CalDAV standard; and
an updated version of Front Row, making it even easier to play music or watch movies, TV shows and photos on a Mac using the ultra-simple Apple Remote.

Pricing & Availability
Mac OS X version 10.5 Leopard will be available on October 26 at Apple’s retail stores and through Apple Authorized Resellers for a suggested retail price of $129 (US) for a single user license, and online pre-orders can be made through Apple's online store (www.apple.com) starting today. The Mac OS X Leopard Family Pack is a single-household, five-user license that will be available for a suggested retail price of $199 (US). Volume and maintenance pricing is available from Apple. The standard Mac OS Up-To-Date upgrade package is available to all customers who purchased a qualifying new Mac system from Apple or an Apple Authorized Reseller on or after October 1, 2007 for a shipping and handling fee of $9.95 (US). Leopard requires a minimum of 512MB of RAM and is designed to run on any Macintosh® computer with an Intel, PowerPC G5 or G4 (867 Mhz or faster) processor. Full system requirements can be found at www.apple.com/macosx/techspecs.

* Requires an additional hard drive sold separately.
** Copy of Windows XP or Vista required.

Apple ignited the personal computer revolution in the 1970s with the Apple II and reinvented the personal computer in the 1980s with the Macintosh. Today, Apple continues to lead the industry in innovation with its award-winning computers, OS X operating system and iLife and professional applications. Apple is also spearheading the digital media revolution with its iPod portable music and video players and iTunes online store, and has entered the mobile phone market this year with its revolutionary iPhone.

Posted by Tom Yager on October 16, 2007 05:52 AM

October 05, 2007 | Comments: (0)

Apple acknowledges iMac graphics glitch; my suggested workarounds

Lynn Fox, Apple's Director of Mac PR, rang yesterday to deliver the company's statement regarding a bug that is affecting some iMac users. According to Apple, a small number of iMac users have reported GUI lock-ups--the system keeps running, but the screen stops updating--that require rebooting the system. Apple isn't saying anything more about the cause than that it is related to graphics, and at present, it appears that rebooting is the only way to restore the iMac to a usable state. Apple apologizes to its customers for the inconvenience, and it will issue a fix as soon as possible, hopefully before the end of the month (this is meant to be reassuring? --TY). In the meantime, Apple is inviting customers that are affected by the bug to contact AppleCare for the latest status on workarounds and fixes.

That concludes what Ms. Fox shared with me, and it's all that Apple has to say on the matter until they issue another official statement. What follows are my personal thoughts on the subject.

If you're personally affected by the iMac bug, I empathize completely. "As soon as possible," much less "by the end of the month," is an eternity when you're waiting for a critical fix, but keep your perspective. This isn't the first time you've had to wait for something to get fixed. I have some suggestions to tide you over while you're waiting for Apple's definitive patch.

There are several techniques that I use to restart, or even operate headless Macs (Macs without monitors). These also work to do a clean shutdown when the MacBook Pro display fails to wake from sleep, so they should work if your iMac GUI freezes.

An ultra-clean reboot sequence, meaning one that doesn't lose any unsaved files, can usually be activated by tapping Power, then R, then Enter repeatedly, with a second or so between presses of Enter. This should cycle through open projects and documents and save them, giving them default names like "Untitled1" if they haven't already been saved at least once. You can usually locate files saved with default names by using File, Open Recent within the app.
Always leave Universal Access turned on (System Preferences, Universal Access). Command+F5 activates Voice Over, which guides you around applications. It's pretty amazing. With very little practice, you can literally drive the entire Mac interface with your eyes closed. Don't forget to turn your sound on.
Enable Remote Desktop (System Preferences, Sharing, check the "Apple Remote Desktop" box) on your iMac. You may be able to connect to your Mac GUI from another computer using Remote Desktop, Apple's commercial remote management tool, or a VNC client (like Chicken of the VNC on the Mac; there are many choices for Windows, UNIX and Linux). When you first check Apple Remote Desktop, you'll need to click the Access Privileges button, check the "VNC viewers may control screen with password" box, and enter a password. This one password will connect to your Mac no matter which user is logged in, or even when no user is logged in. Make sure you assign a password that's easy for you to remember but impossible for others to guess.

Universal Access and Remote Desktop need to be set up in advance. It's important to practice flying blind before you're actually forced to do it.

Posted by Tom Yager on October 5, 2007 07:29 AM

July 13, 2007 | Comments: (0)

Canceling AT&T service does not lock your iPhone

At the time I wrote the iPhone review, it was not clear to me (or anyone) how iPhone would behave if the device were activated, a process that requires a two-year commitment to AT&T Wireless, and the AT&T Wireless service were subsequently cancelled. I called AT&T yesterday to cancel my service, something that you can do without penalty within 14 days. My iPhone's only been one day without AT&T, but so far, all of the device features that don't rely on the cellular network--pretty much everything but Visual Voice Mail--work without issue. And if I had to call 9-1-1, I could.

The only sign that anything's amiss is "NO COVERAGE" where the carrier name, mobile net signal bars and EDGE data indicator appear.

The first and final AT&T bill for iPhone service comes to about $69. That covers activation and 12 days' worth of prorated service.

Is activate-and-cancel smarter than using the unbricking crack? Users who have applied a "crack-tivation" technique to unbrick (i.e. get past the "Activate with iTunes" lock screen) their iPhones have found that YouTube does not function, and that other applications that use the network complain about not being able to find an EDGE connection before they connect with Wi-Fi. I haven't had any of those problems, but I can't say what would happen if I did a hard reset on iPhone or wiped out the MacBook Pro that I used to activate it. I also don't know whether Apple's first iPhone software update will re-brick my iPhone.

It shouldn't. The SIM is valid. It's in the same state it would be in if I had missed a payment, or if I were out of wireless range and couldn't register with the network. Even so, I'll turn off the GSM/GPRS/EDGE radio to save a bit of battery.

AT&T was very quick and courteous. I was impressed with the professionalism of the AT&T reps that handled my cancellation. I only had to talk with two people, neither of whom gave me a hassle. My contribution to the "how can we keep your business?" exchange was an offer to stay on if AT&T would let me add data service for another device onto my account so that I could move iPhone's SIM between two handsets (one device on the mobile network at a time). The rep understood what I wanted: "You want to keep your existing phone but carry iPhone once in a while?" Exactly. "I can't do that." she said. "You can't use an iPhone rate plan with another phone, and you can't use another phone's rate plan on iPhone." I offered to pay them more money per month, but they turned me down. iPhone really is a game-changer.

As soon as you add iPhone data service to an existing rate plan, it wipes out any other data service you have on the account. I learned that on my own. An iPhone SIM only works for voice in another phone.

Posted by Tom Yager on July 13, 2007 11:59 AM

July 10, 2007 | Comments: (0)

The unofficial Apple TV SDK is a model for white hat iPhone hackers

iPhone crackers have their priorities mixed up. They're laboring to unlock iPhone to work on multiple wireless operators' networks. That's effort that AT&T and Apple will actively block because it interferes with revenue. Remember that Apple's exclusive deal with AT&T puts money in Apple's pocket every month for every iPhone subscriber that signs up. If you go taking money out of Apple's pocket, you should expect to have your effort rendered wasted by a future firmware update.

Crackers have discovered that iPhone's firmware bootloader is locked up tight and will only boot code that's encrypted against Apple's private key, and now they're picking away at an interface to iPhone's radio chip to work an unlock. I respect the desire for freedom, but I think that some of the guys who are pushing their way into iPhone should be focusing on work that's of more immediate benefit to iPhone owners and to potential developers. Access to iPhone's sandboxed file system and adding plug-ins to Safari are more productive goals. That effort would help sell iPhones, and I doubt that it would draw much fire from Apple.

There is a precedent for that belief. Apple rolled out Apple TV as a non-user-extensible platform. Apple released no SDK, no technical documentation and no development tools, and informed me in a briefing that Apple would not be supporting custom development on Apple TV. Bummer. Why, I wondered, weren't developers protesting about being shut out of Apple TV?

Mac developers spend no time complaining. When Apple says "no," they find a way to do it anyway. Apple expects that, and I believe it counts on it. Many outside Apple are as smart and resourceful as the engineers inside Apple, especially when they can work without answering to management and marketing.

I wasn't surprised when early Apple TV users uncovered traces of a mechanism used for enhancing Apple TV through downloadable plug-ins. I wasn't surprised by hacks, albeit ugly ones, that get Apple TV to boot full OS X (possible, but awfully silly since you end up with a Mac that has 256 MB of RAM). But I underestimated how seriously the Mac developer community would take the mission of opening Apple TV to developers, a goal that I consider worthwhile, and in a way that doesn't deny Apple any income.

There is an independently-authored Apple TV "Back Row" SDK, developed by Alan Quartermain, which comes complete with Xcode templates, sample code, an emulator and tutorials. And in the best Mac tradition, it's all free and open source. Some of the really useful plug-ins that were built against this SDK are listed on the Awkward TV site, and developers took the time to make them mesh with Apple TV's UI and its clean, commercial look and feel. I'm not interested in making my Apple TV a Mac, but extending it with additional video codecs and access to content beyond iTunes and YouTube make an investment in Apple TV more worthwhile. There aren't many who will be willing to go through the process required to get Back Row apps and plug-ins running--you still have to crack Apple TV's case--but it's turned out to be a fun device for harmless hacking, and non-hackers who can stomach the risks benefit from the effort.

"Harmless" is the operative word.

Posted by Tom Yager on July 10, 2007 11:41 AM

July 06, 2007 | Comments: (0)

iPhone unbrick (activate w/o AT&T service) hack works; single-step tool for Mac

Update: This page has a one-step downloadable tool for Mac users, and it includes the keys that make the directions in the following link easier for PC users to follow. The whole business in the PC technique about decompiling the .net assembly is to dig out encryption keys embedded in that code. The author of the original crack, Jon Johansen of DeCSS (the DVD copy protect crack) fame, didn't want to make it too easy.

You can now buy an iPhone and "unbrick" it (meaning, get past the globe and the activation nag) using a hack that's not a simple process, and a PC is required, but it is laid out step by step.

It comes down to this. You patch itunes.exe, set Apple's authorization host to 127.0.0.1, and run a mini-server that acts like Apple's activation server.

There are many reports of success and lots of confusion. Once you're unbricked, apparently you stay that way until the next major release. In other words, every time Apple issues a patch, it's very likely that it will undo prior cracks. iPhone may become a brick again if it's activated improperly.

Ideally, Apple would let the unbricking crack stick. It gives users the freedom to use iPhone as an iPod/PDA/WLAN browser without paying $60+/month to AT&T, and Apple maintains deniability because the crack wasn't its idea.

In the ideal ideal, Apple will just ship iPhone unbricked, which would have been the right thing all along. Paying $499 or $599 for a perfect media player, and then having to pay $36, plus committing to $60 x 24 months before you can play a song, is ludicrous.

Posted by Tom Yager on July 6, 2007 07:25 AM

July 04, 2007 | Comments: (0)

iPhone SIM works in any non-iPhone handset for calls, but not for data

As I expected, you can pull the SIM card from an activated iPhone and place it in any phone you wish. However, all you'll be able to do is make phone calls. Any Web or e-mail access you attempt with the other phone will be billed to you at $.01/kilobyte, or $10.24 per megabyte. Information Superhighway robbery.

I tried attaching a generic AT&T data plan ("MEdia Net") to the SIM. It seemed to work at first, but then AT&T's automated daily sweep of subscriber records removed it. The company's policy stipulates that if an iPhone Data Plan is active on an account, no other data plan is allowed.

This is probably no big deal for anyone else, but it's a show-stopper for me. I need to be able to swap that SIM between phones in order to do reviews. If I want to pay the extra $19.95/month for a non-iPhone data plan, AT&T ought to take my money, don't you think?

Posted by Tom Yager on July 4, 2007 08:37 PM

July 04, 2007 | Comments: (0)

The unofficial Apple TV SDK is a model for white hat iPhone hackers

"Harmless" is the operative word.

Posted by Tom Yager on July 4, 2007 08:08 AM

July 02, 2007 | Comments: (0)

Commentary on Jefferson Graham (USA Today) iPhone interview w/CEOs Jobs and Stephenson

Jefferson Graham's interview of Steve Jobs and AT&T CEO Randall Stephenson (USA Today, 6/30/07) is the only non-technical piece written on iPhone that's worth reading. So go read it. I intentionally pulled as little text as possible from the piece, so this is not a summary or "best of" cut of Graham's work. My thanks and kudos go out to USA Today and Jefferson Graham for an excellent interview.

Graham: The critics were effusive in praise for the iPhone, but had issues with the iPhone and the EDGE network, which they say is slower than others. How do you respond?

Stephenson: With a device like this, you need a broad based network that covers every nook and cranny of the country. That's EDGE. It does a nice job.

The AT&T 3G device I have here falls back to EDGE, so at least one 3G device qualifies for "...every nook and cranny."

Stephenson: (cont'd) It [iPhone] also has Wi-Fi, which is better than anything you'll find in any handset.

This is incorrect and unfair to other handset manufacturers. There are many handsets in iPhone's price range, some in AT&T's own catalog, that are equipped with Wi-Fi.

Jobs: [...] What we've found is that Edge is terrific for e-mail and basic Internet usage. When people need more speed, there's Wi-Fi. The nice thing about Wi-Fi is it's way faster than 3G. People are in areas with Wi-Fi much more than they think. I walk into work with the iPhone, and it instantly switches to a Wi-Fi network. If I'm walking down the street in downtown Palo Alto, the iPhone will switch from EDGE to Wi-Fi. It's very fluid.

I apologize to USA Today for pulling this long passage intact, but Graham's question drew Jobs into an answer that's his most relevant and telling statement on iPhone to date. Jobs' pitch that Wi-Fi is commonplace supports the use of iPhone as a handheld PC (like MS Windows Mobile Pocket PC Edition). A consumer who already has a phone would find iPhone well worth its cost in this capacity, but Apple has explicitly blocked that option. I believe that's bad business. I understand that its contract with AT&T makes it dicey to open iPhone to other carriers, but Apple can remove immediate AT&T activation as a requirement for making iPhone function as a handheld PC, and it must be pressured to do so.

Jobs also describes a usage scenario that positions iPhone as a mobile professional's handset, so it deserves to be judged against other devices in that category.

Graham: What about corporate e-mail? I understand that's an issue for many consumers, who may not be able to hook up to their company networks?

Great question!

Jobs: You'll be hearing more about this in the coming weeks. We have some pilots going with companies with names you'll recognize. This won't be a big issue.

Might this be the first of the third-party software developed with an unreleased software development kit? Perhaps that which will hit the fan is already in mid-flight.

Graham: When will the iPhone go on sale overseas?

Jobs: We have no announcement to make now.

I'm guessing that the deal with AT&T makes this dicey. For iPhone to be sold overseas, it has to be opened to multiple operators, including AT&T competitors that operate in the US and international operators that have roaming agreements with AT&T competitors. This would also create a gray market for re-imported iPhones.

Graham: So many analysts have suggested that with the expected success of the iPhone, Apple is about to be transformed into a different kind of company. What's your take?

Jobs: Working together with a partner like AT&T is a change for us. [...] By working together, we can come up with innovations that are exciting.

Stephenson: Voicemail is one of the least favorite products I sell. Now, w