10.4.4 Security Broken

Damn. With all the activity and interests surrounding 10.4.4, we REALLY need a locked thread that posts current project status and progress. Navigating through a sea of threads is annoying, and those that don't bother to look will just post useless or already answered questions over and over again.

Does the MacBook Pro use ipw2200? Or are they supported in 10.4.4 anyways?

Important progress within last 10 minutes:

patches now 0.2. look on maxxuss page.

GUI started, no welcom app.

You must be the most naive person on Earth. Saying 10.5 will be "unhackable" is like stating the Earth is flat.

If something can be done, there is a way to undo it.

Seems like you are the one who can't read. I say "unhackable" wich means as much as what you're trying to say.

Damn it's hard to read...

With all the activity and interests surrounding 10.4.4, we REALLY need a locked thread that posts current project status and progress. Navigating through a sea of threads is annoying, and those that don't bother to look will just post useless or already answered questions over and over again.

Well, I'm not sure that a locked thread would do much good, since people couldn't actually post to it. However, at the moment we just have two threads for simplicity's sake: this one for news discussion and another for technical work/ideas/thoughts.

Pretty easy.

I can not copy mach_kernel to root I get the message mach_kernel cannot be replaced because it is invisable

You must be the most naive person on Earth. Saying 10.5 will be "unhackable" is like stating the Earth is flat.

If something can be done, there is a way to undo it.

Naive, huh? You're the naive one.

Tell that to the DirecTV scene.

what? i have the hack, you didnt get it?

Well I'll attempt to install 10.4.4, as I am pretty good with finding ways....there goes the week

What exactly is supposed to be illegal here?

I make my money as an attorney, so please let me toss in a few lawyerly thoughts.

Things are not as black and white as either side is making out. Certainly all of us know people who are doing illegal things with software--ahem--like downloading hacked stuff from Buccaneer's Inlet, nudge nudge wink wink. It's certainly against the law to use an unauthorized copy of OS X on a PC box. But it's not any more illegal than using one legal install disk to put the PPC OS X on a laptop as well as a desktop. Reading the contract strictly, everyone is obligated to buy a fresh copy of each OS upgrade for each machine. Anyone you know do that? Apple offers a 5-license family pack, but I wonder how many of those get sold.

The real issue is not illegal copying. It's the separate issue of the seller's ability to limit the uses to which you put install legally-obtained software. Let's say I buy the family pack. I put Tiger on three PPC Macs and a brand-new Intel Mac. Why can't I use the licensed fifth copy to install on a machine tricked out with Maxxuss's patches? It's my software license and my machine, and Maxxuss gave me the patchs free.

From a legal point of view this isn't the same thing as DeCSS. There's only one reason to patch a DVD, and that's to make copies. There's a legally-protected interest there; you're said to be stealing sales of the software itself. The same can't be said about my Intel-X installation.

I don't think the courts would step in to stop software that does nothing more than permit me to put my legal OS X on a machine that was't designed for it. There's a limit to what the law will do to restrict the activities of an end user. Imagine if Maxuss's patches were programmed into an EEPROM and put in an expansion board, so to the OS X installer on a plain-vanilla Install DVD the machine looked like a Mac. Assuming that there was no infringement in the code itself, what Maxxuss would have accomplished would probably pass muster. It wouldn't be that different from installing a legal OS X system in a PPC emulator, and we know that that's legal..

Courts might rule otherwise, of course. But I'm not aware of any binding precedent holding that third-party software that enables legally-purchased software to be used on different machines from the ones for which it was designed violates any copyright. Nor would the fine-print contract you supposedly accept when you open the package. This is called a contract of adhesion--a contract that you don't get to negotiate. They're not highly favored.

In any event, my free advice--worth what you paid for it, of course--is that writing software that in effect allows a garden variety x86 machine to emulate a Macintosh x86 machine does not seem to violate any laws, and I doubt that the fact that it may patch the kernel makes any difference. That's certainly how I would argue the case if Maxxuss hired me....

How to change OSInstall.dist file. I made a writable DMG, but I always see that this file is read only and I can't edit it.

Important progress within last 10 minutes:

 

patches now 0.2. look on maxxuss page.

 

GUI started, no welcom app.

maxxuss page is down ?

I take issue with the article's title

"OSx86 10.4.4 Security Broken. (Guess Who Done It?)"

because it suggests that MacOSX is now less secure.

The fact that Apple's measures to prevent execution of OSX on non-Apple hardware

are in the process of being circumvented, has nothing to do with security.

I do understand what is meant, but the public at large, analysts, MS heads, etc. will

only chuckle at the thought of OSX "being not so secure after all".

As usual they will be mistaken.

Maybe you have some vested interests in AAPL stock going south for a while

(maybe with the intention to acquire some more AAPL stock:)

(BTW, distributing a patch to an OS CAN compromise it security, but that in itself is no security threat,

because OSX users are not supposed to patch Apple's distribution --but this is beside my point)

Please be aware that these web pages will remain indexed in all the search engines for years.

I can not copy mach_kernel to root I get the message mach_kernel cannot be replaced because it is invisable

in the terminal:

defaults write com.apple.finder AppleShowAllFiles ON

killall Finder

then try

Hmm so are we going to retract this story as it isn't true? The "security" has not been broken fully. There is still a significant amount of work to be done.

I take issue with the article's title

"OSx86 10.4.4 Security Broken. (Guess Who Done It?)"

because it suggests that MacOSX is now less secure.

The fact that Apple's measures to prevent execution of OSX on non-Apple hardware

are in the process of being circumvented, has nothing to do with security.

I do understand what is meant, but the public at large, analysts, MS heads, etc. will

only chuckle at the thought of OSX "being not so secure after all".

As usual they will be mistaken.

Maybe you have some vested interests in AAPL stock going south for a while

(maybe with the intention to acquire some more AAPL stock:)

 

(BTW, distributing a patch to an OS CAN compromise it security, but that in itself is no security threat,

because OSX users are not supposed to patch Apple's distribution --but this is beside my point)

 

Please be aware that these web pages will remain indexed in all the search engines for years.

Hey thanks for the tip, if it plummets I'll buy some... you don't work for apple do you?

+0.18 (0.26%) 15 Feb at 6:05PM ET

What exactly is supposed to be illegal here?

 

In any event, my free advice--worth what you paid for it, of course--is that writing software that in effect allows a garden variety x86 machine to emulate a Macintosh x86 machine does not seem to violate any laws, and I doubt that the fact that it may patch the kernel makes any difference. That's certainly how I would argue the case if Maxxuss hired me....

All he did was offer a hack for free, like XPostFacto does. If he offered the software and included a free install of the Mac OS, then yeah, there'd be a huge problem. By just offering the software to do it (without the software itself), there isn't an issue.

For the ones saying "Apple's security is DOOMED," I call shenanigans. I think every software maker knows there is a way to hack it and they also know there will be a dedicated group that will do it. Apple, as well as any other software maker, will make it as hard as they can for an average user (regardless of platform) to run the software. A developer at least should recognize that even the best security possible won't stop someone like our dedicated hackers here from cracking it. So long as Apple keeps the OS off of the other 95% of Windows PC's, the security of OS X would be a success for them.

mlstein -

Thanks for the legal opinion. Makes for interesting reading. Any other lawyers in the house?

vanfruniken-

Sorry if you feel the title is misleading - I explain later on down in the article, and there's only so much room in the heading to explain things. Good point, though - next time I'll try to be more specific.

pianoman- It's broken in that it enables you to do things that Apple wouldn't like. Of course it's not done, but the fact that it's partially done pushes it over the threshold of brokenness. No retraction needed.

here's my 5 cents: If Maxxus or any other hacker make 10.4.4 fully functional AND upgradable, I'll go to an Apple Store and buy the original.

here's my 5 cents: If Maxxus or any other hacker make 10.4.4 fully functional AND upgradable, I'll go to an Apple Store and buy the original.

Here's my 2.1 thousand: You won't.

Great post by mlstein! Really interesting to hear a qualified legal opinion, and it makes sense. I think the problem is that this is largely uncharted territory for the courts; would the first court to see a case like this really understand the issues and provide a sound ruling? I think not.

I'm reminded of an old TV sketch - a cop is recounting the criminal's misdeeds to an elderly judge:

Cop - "And the defendant stole a video recorder..."

Judge - "A video recorder? What's that?"

Cop - "It's a machine which records television pictures, Your Honour. Then he stole a cellphone..."

Judge - "A cellphone? I've never heard of such a thing! What is that?"

Cop - "It's a telephone which doesn't need wires, Your Honour."

Judge - "I see. This is all new to me. What did he do next?"

Cop - "Then he stole an inflatable woman"

Judge - "Ah! Was it the sort with the real hair and batteries?"

I don't think many law enforcement officers or circuit judges have much idea about what is neither overt software piracy nor theft; I also don't think the grey area of shrink-wrap EULAs is really in their domain. Whether Apple feel it's worth making an example of someone to end up going through several levels of justice with no guarantee of success remains to be seen. Just my

Cop - "And the defendant stole a video recorder..."

Judge - "A video recorder? What's that?"

Cop - "It's a machine which records television pictures, Your Honour. Then he stole a cellphone..."

Judge - "A cellphone? I've never heard of such a thing! What is that?"

Cop - "It's a telephone which doesn't need wires, Your Honour."

Judge - "I see. This is all new to me. What did he do next?"

Cop - "Then he stole an inflatable woman"

Judge - "Ah! Was it the sort with the real hair and batteries?"

Not the 9 O' Clock News!!

0.3 is out, but no updates from anyone. The other forum has been down like all day.

0.3 boots the GUI successfully on Intel processors only.

apparently one of the protections they've put in is to periodically check for 'GenuineIntel' in the CPUID string.

methinks they're clutching at straws here...

EDIT: win2osx and maxxuss site are both back up now.

And both UP again

In the mean time Jas and a couple of others have also booted into the GUI and tested some apps...

Two things mlstein.

There are more legal uses for DeCSS than those you listed, for example playing your DVD on your linux only pc.

And also, the only thing that makes OSX86 "illegal" is that its stated in the EULA that you cant install it on a non-apple computer. But those kind of EULA`s arent neccesarrily legal since they impose restrictions after you have bought a product you cant return.

There may also be a problem with the DMCA but that i dont know (non-us citicen)