Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > The official Leopard thread

The official Leopard thread (Page 27)
Thread Tools
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Aug 27, 2007, 03:05 AM
 
How did we live with those crazy bevels in iTunes for so long? Ick...

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Aug 27, 2007, 03:21 AM
 
Originally Posted by moonmonkey View Post
Safari 3.0 (5522.11) the one that comes with 9A500n offers to restore all tabs automatically after a crash.
Not 3.0.3 (5523.1) as far as I can tell.

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Aug 27, 2007, 03:25 AM
 
- Quartz Composer based iTunes visualizers are now in the build and should be tested. You can create your own Quartz Composer developer application and install it in ~/Library Compositions.
Tested. Verdict: Lame

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
Super Mario
Registered User
Join Date: Dec 2004
Status: Offline
Aug 27, 2007, 05:56 AM
 
Sounds like there's lots of builds to go.

Widgets look screwy.
iLife is crashy.
Interface still not consistent.
Resolution independence is screwing up some of the GUI.
Boot Camp isn't finished.
CoreImage transparency effects cause window movement and resize lag on some PowerBooks and MacBooks.

I think it will go gold around 9A600 in 7-8 weeks time.
     
moonmonkey
Professional Poster
Join Date: Jan 2001
Location: Australia
Status: Offline
Aug 27, 2007, 08:16 AM
 
Originally Posted by - - e r i k - - View Post
Tested. Verdict: Lame
cookie for a screenshot?
     
sushiism
Grizzled Veteran
Join Date: Jun 2002
Location: UK
Status: Offline
Aug 27, 2007, 09:01 AM
 
Originally Posted by - - e r i k - - View Post
Tested. Verdict: Lame
How could this possibly be lame?
     
Kevin
Baninated
Join Date: Oct 2002
Location: In yer threads
Status: Offline
Aug 27, 2007, 09:47 AM
 
Originally Posted by Chuckit View Post
2. Is it me, or have the controls gone almost full circle and now look like Platinum again?
Hope so. Usability over "ooh pretty"

I doubt the Aqua buttons get used in the final. Same goes with the scroll bars.

If Apple has both Aqua, and those plain looking ones in the same OS I will shake my fist at them a lot.

Consistency !
( Last edited by Kevin; Aug 27, 2007 at 09:53 AM. )
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Aug 27, 2007, 11:13 AM
 
Originally Posted by sushiism View Post
How could this possibly be lame?
The fact that everyone can make their own iTunes visualiser with Quartz Composer is cool. They just demonstrated it with some incredibly dull ones.

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 27, 2007, 01:29 PM
 
Originally Posted by - - e r i k - - View Post
Sadly not everything. The removal of the InputManager feature has left Mail and Safari severely crippled
The ability to hack other applications via fake input managers was never a "feature." It was a security hole.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
iGrouch
Fresh-Faced Recruit
Join Date: Jun 2007
Location: trash can
Status: Offline
Aug 27, 2007, 04:18 PM
 
Originally Posted by Super Mario View Post
Any unsanity haxies still work?
I generally thought that Unsanity haxies were coming to an end and to bolster this there seems to be be no news on their site about compatibility. But, as coincidence has it I banged off a mail to them today asking if they were going to be around for Leopard. They got back to me and apparently they will be having a go at shaping their stuff soon to work on Leopard.

Can't live without my windowshade and sounds.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 27, 2007, 04:25 PM
 
Good to know that Unsanity will still be hard at work ferreting out security holes for Apple to patch with security updates.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 27, 2007, 05:25 PM
 
Originally Posted by - - e r i k - - View Post
No. I don't see how that would work either.
It would be good if you could just right click and select something like "choose icon" for anything on the dock. That way the ugly utilities could still be allowed to grace my desktop.
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Aug 27, 2007, 05:30 PM
 
What about the Applications folder? Alphabetically first in mine is Adobe Golive 6.0 and I definitely don't want the icon of that folder in my Dock.


I guess the designated Downloads folder will make this less of a problem, but anyway: When the rightmost column of icons on the Desktop is full, are new icons still created under the Dock (this is so annoying in Tiger) or is the Finder finally Dock aware in this regard?
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 27, 2007, 05:32 PM
 
Exactly. Which is why, at least for stacks (ESPECIALLY the downloads folder - They need to make the download icon pretty if they won't let me take it off the dock) they need to make a change icon feature.
     
mdc
Addicted to MacNN
Join Date: Feb 2003
Location: NY²
Status: Offline
Aug 27, 2007, 06:49 PM
 
Originally Posted by adamfishercox View Post
It would be good if you could just right click and select something like "choose icon" for anything on the dock. That way the ugly utilities could still be allowed to grace my desktop.
I don't know if I'm following you, but to change an app's icon you can get info (command+i) on an app.
Find an icon you want as the image and get info that.
Then when you get the get info window you can copy the icon in the top left corner and paste it into the get info window of your ugly app.
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 27, 2007, 06:58 PM
 
I know that, I'm talking about stacks with a changing icon. I don't want the dmg icon sitting on my dock. ANd most downloads are DMGs.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Aug 27, 2007, 08:19 PM
 
Originally Posted by adamfishercox View Post
Exactly. Which is why, at least for stacks (ESPECIALLY the downloads folder - They need to make the download icon pretty if they won't let me take it off the dock) they need to make a change icon feature.
If they don't allow any such customizability of Stacks, I'll be one angry dude.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 27, 2007, 08:49 PM
 
Originally Posted by CharlesS View Post
Good to know that Unsanity will still be hard at work ferreting out security holes for Apple to patch with security updates.
Oh, Apple has known about GDB for a long time. In fact, they include this filthy hack with their developer tools!
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 27, 2007, 10:57 PM
 
Originally Posted by Chuckit View Post
Oh, Apple has known about GDB for a long time. In fact, they include this filthy hack with their developer tools!
You know damn well that what Unsanity does is not the intended purpose of the debugger APIs.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 28, 2007, 01:55 AM
 
Originally Posted by CharlesS View Post
You know damn well that what Unsanity does is not the intended purpose of the debugger APIs.
No, it isn't. Similarly, installer files aren't meant for Pacifist, but it nonetheless puts them to good use. Quite frankly, I'd prefer it if Apple introduced a more dedicated and thought-out API for creating "haxie"-type apps, but until then, people will have to make creative use of what we have.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 28, 2007, 02:22 AM
 
Originally Posted by Chuckit View Post
No, it isn't. Similarly, installer files aren't meant for Pacifist, but it nonetheless puts them to good use.
Nice analogy.

Pacifist doesn't hack other applications' code to try to get them to behave out of spec.
Quite frankly, I'd prefer it if Apple introduced a more dedicated and thought-out API for creating "haxie"-type apps, but until then, people will have to make creative use of what we have.
They used to have such an API in OS 9. It caused the system to be so unstable that its crashiness was ridiculed even by users of Windows 98.

Code patching is also a massive security hole. Apple ignored it in the past, but since it featured quite prominently in the Month of Apple Bugs, I think that is about to change, and while I don't have any insider information, I wouldn't be surprised at all if anything Unsanity comes up with to get their code patching to work gets squashed by a security update.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Aug 28, 2007, 04:07 AM
 
Originally Posted by moonmonkey View Post
cookie for a screenshot?
Not that screenshots will give you much of visualiser action:


Lathe


Jelly


Stix

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
Super Mario
Registered User
Join Date: Dec 2004
Status: Offline
Aug 28, 2007, 05:05 AM
 
Niiiicee. Can I get Stix for iTunes on Tiger?
     
moonmonkey
Professional Poster
Join Date: Jan 2001
Location: Australia
Status: Offline
Aug 28, 2007, 05:23 AM
 
Thanks Eric, cookie in the post.

Stix looks interesting, i'm sure some better ones will come out when the stoners start installing dev tools.
     
lookmark
Mac Elite
Join Date: May 2001
Location: NYC
Status: Offline
Aug 29, 2007, 02:39 PM
 
I'm sure most people have seen it by now, but just for the record: a nice gallery from Think Secret here.

Couple of Qs for 9A527 users:

- so Tiger's odd (and not very useful, IMO) Spotlight results window been completely replaced by a standard Finder window?
- still no GUI for Boolean searches via Spotlight?
- does dragging a folder into the Dock turn it into a stack?
- any updates to Chess, dammit?
     
moonmonkey
Professional Poster
Join Date: Jan 2001
Location: Australia
Status: Offline
Aug 29, 2007, 07:06 PM
 
Originally Posted by lookmark View Post
I'm sure most people have seen it by now, but just for the record: a nice gallery from Think Secret here.

Couple of Qs for 9A527 users:


- does dragging a folder into the Dock turn it into a stack?
- any updates to Chess, dammit?
Yes, it does turn any normal folder into a stack
Chess has a new icon!
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 29, 2007, 07:23 PM
 
No it doesn't...



Same ol' thing.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Aug 29, 2007, 07:23 PM
 
It's really odd to me why a site like ThinkSecret would risk Apple legal and put their neck out on line to show pictures of the new Network Utility icon and the most boring crap imaginable.
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 29, 2007, 07:25 PM
 
I know... there's NOTHING new here except crappier window widgets and a new "selected tab" look.

Does PhotoBooth still do animated GIFs, like in the WWDC 2005 version?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Aug 29, 2007, 07:34 PM
 
Originally Posted by adamfishercox View Post
I know... there's NOTHING new here except crappier window widgets and a new "selected tab" look.

Does PhotoBooth still do animated GIFs, like in the WWDC 2005 version?
Well, looking through some of the other screen shots I do see a few new subtle changes, but at least half of the shots are devoted to icons and other aesthetics.
     
moonmonkey
Professional Poster
Join Date: Jan 2001
Location: Australia
Status: Offline
Aug 29, 2007, 07:45 PM
 
Originally Posted by adamfishercox View Post
No it doesn't...

Same ol' thing.
But in a different size?
     
sushiism
Grizzled Veteran
Join Date: Jun 2002
Location: UK
Status: Offline
Aug 29, 2007, 07:53 PM
 
Originally Posted by moonmonkey View Post
But in a different size?
and a lot more detail
its probably been redone like Address Book
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 29, 2007, 09:56 PM
 
Originally Posted by CharlesS View Post
Nice analogy.

Pacifist doesn't hack other applications' code to try to get them to behave out of spec.
No, it but it does use system files that were not meant for it. Just because Apple didn't specifically roll out the red carpet for Pacifist doesn't mean it's not a great app, though. My point is that there is demand for what APE enables — it benefits users. Much like Pacifist fills in the gaps from Apple's weaksauce installer, APE fills in other gaps (such as the lack of theming support in the OS) in a way that is relatively harmless. I much prefer APE to, say, on-disk code patching or runtime patching with a hacky kernel extension. What APE does is more or less the sort of thing the GDB hooks are intended to do.

Originally Posted by CharlesS View Post
They used to have such an API in OS 9. It caused the system to be so unstable that its crashiness was ridiculed even by users of Windows 98.
Yeah, and OS 9's memory management was **** as well. Just because something was implemented poorly in OS 9 doesn't mean we should throw it out altogether.

Originally Posted by CharlesS View Post
Code patching is also a massive security hole. Apple ignored it in the past, but since it featured quite prominently in the Month of Apple Bugs, I think that is about to change, and while I don't have any insider information, I wouldn't be surprised at all if anything Unsanity comes up with to get their code patching to work gets squashed by a security update.
Code patching is not necessarily a security hole any more than any code execution is. Unrestrained code patching is a security hole, yes — much the same as if Apple allowed programs to autoexecute with any privileges they wanted. This is why I say Apple needs to have a good API that will allow users' demands to be met without unnecesary risks. For instance, only allowing executables in the proc_mod group to do runtime patching is a good first step.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 30, 2007, 12:53 AM
 
Originally Posted by Chuckit View Post
No, it but it does use system files that were not meant for it.
No, it doesn't.

Just because Apple didn't specifically roll out the red carpet for Pacifist doesn't mean it's not a great app, though.
I try to make Pacifist a good citizen. I don't mess with other apps or try to find ways to exploit the OS to make it do things it's not supposed to be able to do.

What Pacifist does is open files. And most of those files are in open formats such as .tar.gz or .cpio.gz or .zip. For closed formats such as .bom and .dmg, I use tools supplied by Apple specifically to read those files. I don't do hackery anymore - I learned from DockDisks and BootCD that it's a bad idea.

For you to compare Pacifist to APE is, frankly, insulting.
My point is that there is demand for what APE enables — it benefits users. Much like Pacifist fills in the gaps from Apple's weaksauce installer, APE fills in other gaps (such as the lack of theming support in the OS) in a way that is relatively harmless.
As long as you define "relatively harmless" as "making potentially disastrous changes to code you know nothing about and randomly causing all sorts of really weird problems."

I much prefer APE to, say, on-disk code patching or runtime patching with a hacky kernel extension.
I, on the other hand, much prefer no code patching at all to APE or any other type of patching.

What APE does is more or less the sort of thing the GDB hooks are intended to do.
Um, no, it's really not. It is not even in the same ballpark.

Yeah, and OS 9's memory management was **** as well. Just because something was implemented poorly in OS 9 doesn't mean we should throw it out altogether.
The patching in OS 9 wasn't particularly badly implemented. It was just a fundamentally flawed idea to begin with. Unless either the patch creators know everything about the code to every application they could be patching or the application developers know everything that every possible patch could do to their code, you're going to have weird side-effects. And of course when two patches try to patch the same code, all hell breaks loose.

Code patching is not necessarily a security hole any more than any code execution is. Unrestrained code patching is a security hole, yes — much the same as if Apple allowed programs to autoexecute with any privileges they wanted. This is why I say Apple needs to have a good API that will allow users' demands to be met without unnecesary risks. For instance, only allowing executables in the proc_mod group to do runtime patching is a good first step.
Boy, are you going to be disappointed.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Aug 30, 2007, 01:04 AM
 
Originally Posted by Chuckit View Post
What APE does is more or less the sort of thing the GDB hooks are intended to do.
Yes, let's compare patching to something that you definitely wouldn't want plugged in to every application you run. Great idea.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 30, 2007, 01:10 AM
 
Originally Posted by CharlesS View Post
As long as you define "relatively harmless" as "making potentially disastrous changes to code you know nothing about and randomly causing all sorts of really weird problems."
Relative to other ways of accomplishing the same goal (that is, adding desired functionality to a system), haxies are a fairly harmless way of doing things. Can you refute this?

Originally Posted by CharlesS View Post
I, on the other hand, much prefer no code patching at all to APE or any other type of patching.
And you are free to not patch your system. I don't run haxies myself because the benefits just aren't enough to offset the cost for me. Other people are different, though, and I respect that. Some people even use OpenOffice. I'm not going to advocate that Apple close off X11 just because I find it unpleasant.

Originally Posted by CharlesS View Post
Um, no, it's really not. It is not even in the same ballpark.
GDB: Allows runtime inspection and control of an executable image.
APE: Allows runtime inspection and control of an executable image.
Uh…huge difference?

Originally Posted by CharlesS View Post
The patching in OS 9 wasn't particularly badly implemented.
It suffered largely from the same problems as OS 9's memory management — it was primitive and didn't offer much in the way of a net.

Originally Posted by CharlesS View Post
Unless either the patch creators know everything about the code to every application they could be patching or the application developers know everything that every possible patch could do to their code, you're going to have weird side-effects.
Yeah, if you run lots of systemwide hacks, it probably will have weird side effects somewhere. Editing a plist can have weird side effects too. If that's your biggest objection, I can't see how you honestly tell yourself it's significant enough to want to force your preferences onto others.

Originally Posted by CharlesS View Post
Boy, are you going to be disappointed.
Not really. Of the apps I use, the only one that uses runtime patching is F-Script Anywhere. I'll be sorry to lose that, but I think I'll be able to sleep at night.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Aug 30, 2007, 01:39 AM
 
Originally Posted by Chuckit View Post
GDB: Allows runtime inspection and control of an executable image.
APE: Allows runtime inspection and control of an executable image.
This analogy isn't really correct. Patching a program actually rewrites a program in memory. One wrong move and the program is going to crash. Not to mention there are inherent issues with doing this on a Rosetta program that GDB doesn't really have to deal with.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 30, 2007, 02:02 AM
 
Originally Posted by Chuckit View Post
Relative to other ways of accomplishing the same goal (that is, adding desired functionality to a system), haxies are a fairly harmless way of doing things. Can you refute this?
Sheesh, talk about spinning. "Adding desired functionality to a system" when what you mean is patching.

And you are free to not patch your system. I don't run haxies myself because the benefits just aren't enough to offset the cost for me. Other people are different, though, and I respect that. Some people even use OpenOffice. I'm not going to advocate that Apple close off X11 just because I find it unpleasant.
Are you on something? How on earth can you possibly equate patching to the use of X11? My objections to patching are not that I find it "unpleasant."

GDB: Allows runtime inspection and control of an executable image.
APE: Allows runtime inspection and control of an executable image.
Uh…huge difference?
GDB: something that you only run on a single app that you're developing, when you're trying to debug it. Not when you're trying to use it. And definitely not something you are going to run on every app on your entire system.

Not so hard to figure out, is it really?
It suffered largely from the same problems as OS 9's memory management — it was primitive and didn't offer much in the way of a net.
Please explain how any patching system could possibly work any better than OS 9's.

Yeah, if you run lots of systemwide hacks, it probably will have weird side effects somewhere. Editing a plist can have weird side effects too. If that's your biggest objection, I can't see how you honestly tell yourself it's significant enough to want to force your preferences onto others.
It's quite simple - because patching is a security hole.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 30, 2007, 02:48 AM
 
Originally Posted by CharlesS View Post
Sheesh, talk about spinning. "Adding desired functionality to a system" when what you mean is patching.
Not exactly. Nobody thinks, "Gee, I really want to patch my system." The idea is more like, "I find Aqua hard on my eyes. I wish I could have something a little more pleasing." Or maybe, "Man, windowshading was really useful to me. It's a shame I can't do that anymore." I'm talking about making things better for the user. In this case, the only means I can think of involve code patching. If you can think of a way to achieve the same thing that's more agreeable to you, I'm all ears.

Originally Posted by CharlesS View Post
Please explain how any patching system could possibly work any better than OS 9's.
Think of a problem in OS 9's implementation. Now imagine an implementation without that problem. That's how. For example, conflicts are not a necessary evil — there's no obligation for a patching API to allow several clients to alter the same piece of memory. Similarly, OS 9's patching was systemwide, whereas a sensible patching interface could sandbox patches and make sure they don't affect programs the user doesn't have permission to modify. APE already allows targeted patching so you can only affect a particular app or exclude apps that don't mesh well with a haxie.

Originally Posted by CharlesS View Post
It's quite simple - because patching is a security hole.
You keep making this assertion, but it doesn't become more true the more times you say it. Can you explain how patching — as a concept, not in implementation — is more of a security hole than any execution of arbitrary code?
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 30, 2007, 03:07 AM
 
Originally Posted by Chuckit View Post
Not exactly. Nobody thinks, "Gee, I really want to patch my system." The idea is more like, "I find Aqua hard on my eyes. I wish I could have something a little more pleasing." Or maybe, "Man, windowshading was really useful to me. It's a shame I can't do that anymore." I'm talking about making things better for the user. In this case, the only means I can think of involve code patching. If you can think of a way to achieve the same thing that's more agreeable to you, I'm all ears.
The answer is to let those things go.

You keep making this assertion, but it doesn't become more true the more times you say it. Can you explain how patching — as a concept, not in implementation — is more of a security hole than any execution of arbitrary code?
Oh, I could discuss things, but unfortunately I'd be violating NDA if I did. Suffice to say, you'll find out.
( Last edited by CharlesS; Aug 30, 2007 at 05:10 AM. )

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Aug 30, 2007, 03:48 AM
 
Originally Posted by CharlesS View Post
I'm afraid you'll have to let those things go, because it's not just me that patching is not "agreeable" to.
This is the sort of thing that might be covered under NDA.

Originally Posted by CharlesS View Post
Oh, I could discuss things, but unfortunately I'd be violating NDA if I did. Suffice to say, you'll find out.
The theory of whether patching is necessarily more dangerous than arbitrary code execution is not.

Here's what I know: Before APE, patches were done by replacing files on the hard disk. This was extremely ****ing dangerous and ****ed up many a system. APE came along and made the process relatively safe and easily reversible. They made it possible to actually have the kind of user experience you want. If they can't make it work, you should be mourning our return to the bad old days, not gloating like some comic book supervillain. You sound like those people who cheered when Apple decided not to port Classic.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 30, 2007, 04:28 AM
 
Originally Posted by Chuckit View Post
This is the sort of thing that might be covered under NDA.
Not really - I'm pretty sure that the disabling of /Library/InputManagers was already mentioned in this thread, and was kind of what I originally responded to. I'm merely expanding on what others have said in this regard (especially since that's how I learned of these hacks being disabled in the first place - I don't use such things and thus would not have discovered their disabling first-hand).

The theory of whether patching is necessarily more dangerous than arbitrary code execution is not.
Well, aside from some NDA stuff that I won't talk about, it's not really difficult to imagine ways that malware can take advantage of patching.

1. Suppose you have an app that needs to do stuff with root privileges. Rather than have the whole app running as root, the app runs under the current user, and does its root things by communicating with a separate process which is running as root. If patching is allowed, a piece of malware can patch this app and send its own communication to the tool that's running as root. Possible root exploit.

2. One need not even be as tricky as in #1 to create an exploit - one could simply write a patch that asks for one's admin password, and use it to patch a trusted application - say the Finder, Firefox, or Delicious Library. A lot of users, if they receive a password request from an application they know is legit, are prone to grant it. However, if a hacker were clever - and patient - he could fool most anyone. One example that comes to mind is Software Update - it's going to pop up sooner or later, and with a patch that popped its password dialog up at just the right time, a piece of malware could trick even the most experienced of users.

3. And of course, patching is just a great way to distribute malware in general. Put a piece of malware in a patch, and all of a sudden it is running inside the code of every application on the system, all of which can be manipulated to do the malware's bidding.

4. Patching can also allow programs to read anything that ends up in your various apps' RAM. Passwords, credit card numbers, you name it - if it goes through an app, it could be intercepted by a patch.

And that's only a few things. Patching also featured prominently in the Month of Apple Bugs:

MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability

Those are just security exploits, of course. This ignores the fact that patching tends to make the system a complete buggy unstable mess.
Here's what I know: Before APE, patches were done by replacing files on the hard disk. This was extremely ****ing dangerous and ****ed up many a system. APE came along and made the process relatively safe and easily reversible.
Let me make it quite simple how I feel about that:

Replacing files on the hard drive: bad.
Patching application code: also bad.

The dangers of one do not negate the dangers of the other.
They made it possible to actually have the kind of user experience you want. If they can't make it work, you should be mourning our return to the bad old days, not gloating like some comic book supervillain.
Now that's ironic, since patching is what essentially brings us back to the bad old days. The removal of Extensions going from OS 9 to OS X was a feature. It was part of what made OS X so much better and so much more stable than OS 9. The abuse of the Input Manager system and the debugger APIs to reimplement patching was what was a return to the bad old days.

Patching is a thing that runs counter to the OS X way of doing things.
You sound like those people who cheered when Apple decided not to port Classic.
Again with the terrible analogies...
( Last edited by CharlesS; Aug 30, 2007 at 05:18 AM. )

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
analogika
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status: Offline
Aug 30, 2007, 09:52 AM
 
Originally Posted by Chuckit View Post
Here's what I know: Before APE, patches were done by replacing files on the hard disk. This was extremely ****ing dangerous and ****ed up many a system. APE came along and made the process relatively safe and easily reversible.
My understanding is that a whole lot of patches in Classic days were INITs and cdevs.

And I remember *very* well the nightmare those became over the years.

I also read these forums regularly, and I find that an awful lot of the trouble people have with regular system or software upgrades is miraculously eliminated once any "Haxies" are removed - either because their installed version was outdated or because unsupported software HACKS have a nasty habit of inevitably breaking things in unpredictable ways eventually.
     
lookmark
Mac Elite
Join Date: May 2001
Location: NYC
Status: Offline
Aug 30, 2007, 11:26 AM
 
I'm all for Apple removing InputManagers if it's proved too much of a security risk... but they need to offer a way for developers to add plug-ins for Safari. People want and need plug-ins for their browser; it's one reason Firefox remains popular and has managed to steal away an astonishing 10-15% marketshare from IE.

As for haxies and various systemwide UI hacks -- again, if Apple really wants to discourage things like APE they need to offer an API for developers to customize the OS X UI. Unless they do, someone will *always* find some way to patch the system and offer users what they want.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Aug 30, 2007, 11:40 AM
 
Originally Posted by lookmark View Post
I'm all for Apple removing InputManagers if it's proved too much of a security risk... but they need to offer a way for developers to add plug-ins for Safari. People want and need plug-ins for their browser; it's one reason Firefox remains popular and has managed to steal away an astonishing 10-15% marketshare from IE.
If you need plug-ins, then use Firefox. It supports all the plug-ins you could want.

As for haxies and various systemwide UI hacks -- again, if Apple really wants to discourage things like APE they need to offer an API for developers to customize the OS X UI. Unless they do, someone will *always* find some way to patch the system and offer users what they want.
Once again, they had such an API in OS 9, and I wouldn't hold my breath for them ever to go back there. I'm sure that Unsanity et al. will find ways around the disabling of the methods they use, but if my hunch is correct and Apple starts getting serious about this, then they might find their hacks getting broken by each security update.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
lookmark
Mac Elite
Join Date: May 2001
Location: NYC
Status: Offline
Aug 30, 2007, 12:01 PM
 
Originally Posted by CharlesS View Post
If you need plug-ins, then use Firefox. It supports all the plug-ins you could want.
Well, there's a balance that has to be struck between openness, flexibility, and security.

On OS X, Apple can do whatever they want. If they want Safari to be a popular cross-platform browser, on the other hand, they're going to need to make it much more open to third-party expansion. Otherwise its marketshare will remain small.

Once again, they had such an API in OS 9, and I wouldn't hold my breath for them ever to go back there. I'm sure that Unsanity et al. will find ways around the disabling of the methods they use, but if my hunch is correct and Apple starts getting serious about this, then they might find their hacks getting broken by each security update.
I wouldn't either.
     
Kerrigan
Addicted to MacNN
Join Date: Apr 2005
Status: Offline
Aug 30, 2007, 03:48 PM
 
The only people I know who use third party toolbars are people who have accidentally installed them onto their computer. For instance, people who didn't think to uncheck "install toolbar" when downloading AIM or Yahoo messenger. Some of them seem impossible to remove. I'd rather not have them on Safari.
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 30, 2007, 04:38 PM
 
Yahoo! was sued because their Yahoo Toolbar was virtually un-installable unless you went deep into the system.
     
analogika
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status: Offline
Aug 30, 2007, 05:43 PM
 
You mean "un-uninstallable".
     
0157988944
Professional Poster
Join Date: May 2007
Status: Offline
Aug 30, 2007, 06:13 PM
 
yes. yes i do.
     
 
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:53 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,