There is a lot of confusion in the
Linux world about Mac OS X. I will now get rid of the confusion.
Confusion: Mac
OS X is open-source.
Fact: Mac OS X contains many, many
proprietary parts. In fact, most of it is completely closed-source.
Confusion: The
core of OS X is open-source.
Fact: The core of OS X is an operating
system called Darwin. Darwin consists of userland utilities, a
bootloader called BootX (not to be confused with the Old-world Mac
Linux bootloader), and the XNU kernel.
Darwin for PowerPC is open-source, and
earlier versions of Darwin for x86 are open-source. However, from
January 2006 to August 2006, Apple closed the source code of Darwin
for x86. Apple publicly said in May that they will not release it.
Proving Apple’s ability to change its mind, (latest version of
Hypercard, anyone?), in August they did release it. This wasn’t the
first time the source code was closed, and seeing how the Osx86
project is going, it probably won’t be the last time.
The derivative of Darwin which is an
actual part of OS X is not really open-source. It contains
proprietary drivers, and who knows what other proprietary bits?
Confusion: The
OS X kernel is based on FreeBSD.
Fact: Apple themselves have seemed a
little hazy on where their kernel has come from. Their website said
on a couple of occasions that the OS X kernel was based on NetBSD.
What they are saying now is that the kernel is based on
FreeBSD, with bits from NetBSD (probably the Bluetooth stack).
According to Apple, there are changes
that they made. Apple claims that the changes were pretty small, and
improved performance. I don’t believe those claims, but I haven’t
compared codebases to check. I suspect it’s more a NeXT kernel than
an actual BSD kernel.
(Incidentally, the kernel is called
XNU. One presumes that stands for “XNU is Not Unix” - an apt
name)
Confusion: Since
the OS X kernel is based on FreeBSD, I can run Mac programs on my
generic PC just by installing FreeBSD.
Fact: Nope. The Mac’s executable format
is not understandable by any free software OS’es, not even Darwin
(which isn’t really very free). Also, you’ve got to remember that a
program is not able to be run on a different operating system unless
the relevent libraries are available. Mac OS X programs use the
libraries that come with OS X, and these are proprietary and cannot
be installed on any free operating system. Not even FreeBSD, which in
reality only forms a miniscule part of the actual OS X system.
Confusion: Mac
OS X is Unix-based. Linux is a free implementation of Unix. Security
flaws in OS X are something that should concern all Linux users.
Fact: Not really. The security flaws in
widely-used parts of OS X (like PHP, Python etc) may be of concern to
Linux users, if the flaw is cross-OS. Of course, Apple modifies
cripples programs like Python on OS X, so there may well be
vulnerabilities introduced by Apple’s own hacking. But what about
vulnerabilities in the OS itself? See next question.
Confusion: Mac
OS X is Unix-based. Therefore, it is secure against attack.
Fact: Apple is trying to make inroads
with the home user and small business markets by saying that Mac OS X
is secure. It’s true that there are no OS X viruses in the wild at
the moment, and it’s true that OS X’s security model is better than
the one in Windows XP. But in comparison to a truly secure operating
system, is OS X as good?
Other dumb security flaws revealed over
the years include Safari’s assumption that it’s safe to run shell
scripts inside zip files that you download, and a way for a limited
user to get a root shell that many people accidentally discovered.
Safari is the Apple equivilant of
Internet Explorer 6 – comes with the operating system and provides
most of its security flaws. Both the Windows version and the
iPhone/iPod Touch versions of Safari have a particular security flaw
that will, without warning, download an executable to your desktop
from an untrusted IFRAME. This exact same flaw was present in
Internet Explorer 6, and it was fixed with XP Service Pack 1. That’s
right, Apple is making the same mistakes that Microsoft made years
ago.
While we’re on the subject of the
iPhone and Windows XP, Apple is about to release a firmware update
for the iPhone. Usually I wouldn’t take any notice of the
announcement, except that the new firmware is said to create a
limited user account for the user, and ending the practice of
absolutely everything running as root (administrator) on the iPhone.
Not even I would have believed that Apple would run the iPhone
entirely as root, but it seems that they did, changing the policy
only when it became a necessity to open the iPhone up to third-party
programs. Even on a supposedly “closed” platform like the iPhone,
it is still an insane idea to allow all preinstalled code, web
browser and untrusted wifi data, have access to root. Microsoft
stopped that practice a year ago with the release of Windows Vista,
after they realised that malicious websites could convince a web
browser (Firefox, IE, Opera, Safari etc) to run arbitrary code.
Until some time during August 2008, it was possible to get root from a local user account just by running one easy-to-write Applescript command, or a terminal command that runs the Applescript. This involves a setuid root program being able to be told to run shell scripts over Applescript. The flaw was present for years, and was a design issue, not an implementation issue. The problem was present at least since Mac OS 10.0 Public Beta, and Apple was warned about it in 2004 by one of their own staff members.
Does Apple care about security at all?
Probably not; if you try to update to Leopard and you have a long
(therefore strong) password, you could be locked out of your own
system… at least until you get into a terminal and fix it. What a
penalty for being security-minded! Does this mean that everyone at
Apple has a short password? Maybe they highlight their passwords in a
Webster’s Dictionary in case they forget them!
BTW: Mac wireless users, make sure your
name isn’t being broadcast to the world via your “computer name”
(e.g. Joe Blogg’s Computer). It’s not a bug, it’s a feature!
Confusion: Apple has a Yum-like
automatic software updater, so you can get security updates whenever
they become available.
Fact: True in theory. Partly true in
practice.
Yes, the software gets updated when
Apple makes the update available. When does Apple make the
update available? As soon as it has a bunch of updates for other
programs. Linux distributions package security updates and push them
to users within 24 hours; in the enterprise distros it can be within
an hour. Mac OS X pushes them to users in a week or so. If you’re
lucky. A study showed that the shortest patch time for recent Apple
security updates was 80 days, which surprised even me.
But shockingly, early last year, a bug
that sent e-mail passwords in cleartext over the Internet remained
unfixed in OS X for 4 months after it was fixed upstream (in the
relevent OSS project). Apple, if you’re wondering why no-one is
buying the Xserve, you might want to look at this.
Confusion: Linux is fast on my
machine. OS X is based on Unix, which means it should be fast.
Fact: Mac OS X is slow. Nobody quite
knows why. Personally, I suspect it’s a combination of these things:
-
Using a microkernel (these are
slower than monolithic kernels). No, fanboys; it’s a microkernel. -
Possible use of the Java Virtual
Machine for common tasks -
Use of Objective-C (a higher-level
language than C with many features of the popular interpreted
languages) in operating system and applications. Many people say
that an entire operating system coded in C++ would be too slow.
Objective C is slower than C++.
If the choice is between running
Windows XP Home and OS X, then OS X could be faster if you’re big on
multitasking. Then again, maybe it won’t unless you have a dual-core
or dual-processor machine. In a race between XP Pro and OS X, it’s a
forgone conclusion; OS X is so hopelessly inefficient.
Of course, in a race between OS X and
Linux on speed, the latter will win. Such races have been held. No
prizes for guessing who won. Admittedly, some functions may be faster
on OS X due to different kernel and library design; but most of the
time, the penguin is in the lead.
Confusion: OS X
is POSIX-compliant.
Fact: In reality, OS X does not satisfy
all requirements for POSIX-compliance. In POSIX-operating systems,
all files must only have one fork (“fork” is used here as a word
meaning “section”). The Macintosh, however, actively uses and
encourages files with two forks. POSIX systems and Windows only
recognise one fork (the data fork), and can not read the Mac’s other
fork (the resource fork).
Whereas Linux and Unix can both share
application source code freely, the code often needs modification
before it will compile and run on OS X. Some of this has to do with
OS X’s hiding of certain crucial system directories – something a
truly POSIX-compliant operating system would not do.
Confusion: But Mac OS X is a Certified UNIX!
Fact: Much like the Heart Foundation tick being awarded to McDonalds, the UNIX certification can be bought easily enough. If you install the program “UNIX Services for Windows”, available from Microsoft.com, you will be running a Certified UNIX. Hey… but it looks like Windows and it gets viruses like Windows, it even crashes like Windows!
I guess that whole “Certified UNIX” logo doesn’t mean a damn thing.
Confusion:
You’re a Mac hater!
Fact: My first, second, third, fourth,
fifth, sixth and seventh computers were all Macs running the Classic
Mac OS. I tried OS X, but it made me switch to Ubuntu. I’ve got an
x86 PC now running Ubuntu.
But I still occasionally use my sixth
Mac – the iMac which runs OS 9 and Ubuntu. In terms of hardware,
Apple is pretty good (NOTE: I wrote this article before the Macbook
Air came out). In terms of application software and eye-candy, Apple
is pretty good (I have to take points off for iTunes – even without
the DRM, spyware and horrible brushed-metal look it’s still a piece
of unusable bollocks). In terms of operating systems, Apple needs a
wake-up call. Just because NeXTStep is a fondly-remembered OS from
the 90s, doesn’t mean we want to run it on today’s computers. Apple
can potentially cut off Microsoft’s limbs, and I’d like for them to
do it; but they aren’t going to do it with an operating system
marginally better than Windows.
And next time, make a genuine effort
with the open-source community. For instance, why not try letting
your volunteer bug-fixers see your BUG TRACKER, for goodness sake? Or
hey, if some people want to help you make your operating system
better for free, give them some bloody support.
Entries (RSS)