Author: John Moltz

Security Bitch Watch – Day 1.

On George Ou’s blog post mentioned in the story below, he noted that David Maynor (aka the sensitive pink pony of hackers, who was needlessly subjected to the vicious ridicule of Mac users spurred on by a rabid Steve Jobs screaming “Fly, my monkeys! Fly!”) would be “bringin’ it on” (not a direct quote) and that he would provide “the bitch slap Apple so badly needs” (also not a direct quote) and that “sisters would be doin’ it for themselves” (that, oddly, is a direct quote).

Ou indicated on Sunday morning that SecureWorks’ totally bitching response of doom to the scurrilous Apple’s scurrilous press release of scurrility would be revealed “in the next couple of days.”

The Oxford American Dictionaries as accessed through Dashboard define “couple” as “two” or “an indefinite small number”, but I think we can start the watch as of this morning.

If Ou is right, we shouldn’t have long to wait.

Which is good because the suspense is killing us. This is the John Mark Karr case of the Mac world, you know.

Let’s review the players here and see who’s down for what.

SecureWorks’ George Maynor and Jon “Johnny Cache” (get it?! Puns rock!) Ellch – They hacked a MacBook using a third party wireless card and driver and – according to Brian Krebs – claimed they could do the same thing with a stock Airport card and driver. Krebs also said they claimed they totally told Apple about this and got hit over the head with a sock full of nickels by Steve Jobs who said they’d better not tell anyone or he’d finish the job.

Oh, and I’m sure this isn’t in any way relevant, but they also want to stab Mac users in the eye with a lit cigarette.

Ha-ha! Oh, you guys!

The Washington Post’s Brian Krebs – Krebs wrote that Maynor and Ellch claimed the Apple-supplied Airport card and drivers could be hacked the same way the third party ones could. Then said they didn’t.

Then said he stood by his reporting.

I may have some of that out of order, but that’s essentially it.

ZDNet’s George Ou – Ou is outraged – OUTRAGED! – that Mac users don’t want to have lit cigarettes stuck in their eyes! The nerve! Listen, Mac punks, if a respected security professional wants to stick a lit cigarette in your eye, you just ask him which one! GOT IT?!

Anyway, Ou says Maynor and Johnny Cache never claimed the exploit worked on Apple Airport hardware and drivers, even though he himself linked to Krebs’ post which says they did. And he says they actually demonstrated the hack against Apple hardware and software, which I guess they must have done while just raising their eyebrows a lot and pointing in silence as Ou says they never said they could do that.

He also had the temerity to claim

…Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users.

Oh, that’s so sweet of him. See, he’s just looking out for us. What a nice guy. We should send him a fruit basket or some…

WATCH OUT FOR THAT CIGARETTE! SSSSSSSSSSSSSST! AAAAAAAAAGH! MY EYE! MY EYE!!! OH, MY BEAUTIFUL EYE!!!

Yeah, whatever, dude.

Apple Computer – Apple essentially said:

We haven’t seen anything from SecureWorks except a grainy video of an exploit of a third party card and driver.

Did we mention we don’t make or resell that card and driver?

‘Cause we don’t.

Oh, and we’d really appreciate it if you fuckers would stop using a MacBook in your demo.

Hugs and kisses,
Apple.

Here’s what we at Crazy Apple Rumors Site think may have happened. Our opinion is, of course, worth exactly dick.

Maynor and Johnny Cache wanted to demonstrate an exploit they had researched. They also wanted to take a jab at the security of the Mac operating system – a metaphorical jab much like the actual jab with a lit cigarette they’d like to take into the eyes of Mac users everywhere (have you heard this part?). Not really knowing much about Macs (a point I’ll prove at the end), they decided to use a third party wireless card they already knew was exploitable, not realizing it was highly unlikely any Mac user would have a need for a third party card.

Krebs then over-hyped the Mac vulnerability, possibly misinterpreting Maynor’s comments about the exploitability of the stock Airport card and driver. It’s also possible Maynor knew there was a flaw in BSD and assumed it was also exploitable in OS X.

It’s apparently not.

So all this happened and Apple said “Wha-huh?” and Artie MacStrawman threatened Maynor’s life and then Ou freaked out.

That’s just our theory. We’ll gladly eat crow if we’re wrong. [UPDATE, ONE YEAR LATER: I came back to read this and was surprised at how much is actually right. Much, however, is wrong and since I’m all about accuracy… While we STILL haven’t seen the whole exploit, it now looks like they probably did have one on Apple’s native card. But what they sent Apple was not code for an OS X exploit. And then they acted all squirrelly instead of manning up and just releasing the damn thing. Why these few drama queens couldn’t behave like any other security professional who finds a Mac bug is beyond me.]

Except for Ugluk who doesn’t eat crows because he considers them sacred.

He’ll have crowfurkey.

Wait, that’s not right. It’d be… “crowfu”, I guess. Crowfurkey’d be some mutant hybrid of a crow and a turkey.

That’s not right either. It’d be a crow and a tofurkey.

What?

Oh.

Ugluk says that is what he’ll have. The mutant hybrid of a crow and a tofurkey. That’s apparently OK. Um… I’m not sure where we’re going to get that.

And he’d like a Sprite.

OK, look, I’m not really ready to take orders yet…

I’m not even sure if the place we normally go to get crow is open right now.

Anyway, we’re just about done with Day 1 of Security Bitch Watch and so far the silence…

…has been a little deafening.

Brian Krebs’ blog – where the whole thing started – hasn’t been updated since Friday and Ou’s blog (warning: annoying self-starting audio of Maynor’s presentation) hasn’t mentioned the controversy since the aforementioned post. SecureWorks’ web site hasn’t been updated since they added verbiage pointing out the hack took place with third party hardware and drivers.

But there is one other telling thing you need to know about this controversy:

Maynor – in the video of his presentation of the exploit – repeatedly calls the MacBook he’s using “this Apple.” As in “This Apple will connect back to the attacker.”

I don’t know about you, but that tells me a lot.

I’m just sayin’ Maynor or Krebs might want to think about what wines go with crow.

Mac Web Universe Shrinking.

Over the past several years, Crazy Apple Rumors Site has been monitoring a frightening trend, one that impacts almost every member of the Mac community.

According the research conducted by the Crazy Apple Rumors Site Labs in conjunction with the Massachusetts Institute of Technology, the Mac web universe is shrinking, losing an average of one web site a year.

According to MIT’s Dr. Ranjit Vij, the Mac web universe may be trapped in a collapsing warp bubble that is forcing it to inexorably shrink in size.

Many trace the start of this trend to the disappearance of Bite.org – an “in your face”/”use your toothbrush” Mac rumors site – that went defunct back in late 2001.

More recently it was PerversionTracker in 2004, As the Apple Turns in 2005 and now, in 2006, Drunken Batman has gone silent.

A silence which we here find ominous.

Which site will be next? Daring Fireball? The Unofficial Apple Weblog?

Or Crazy Apple Rumors?

And why is it always the good ones that die too soon? Why not MacOSRumors or PowerPage?

I just…

It’s just that…

Oh, god, I DON’T WANT TO DIE! I DON’T WANT TO DIE! I DON’T WANT TO…

Sorry.

It’s just… very scary, you know?

I mean, no one even remembers the spectacular Mac rumor site done by Dr. Dalen Quaice anymore.

I don’t want to go out that way.

But there is a disturbing portent to this phenomenon.

Go to Apple’s new Leopard page and you’ll see an X fly in with a snow leopard print background. But hover your cursor over the X and move your scroll wheel and you’ll see the X fly away leaving nothing but a black emptiness.

Is it message?

Or more meaningless eye candy?

Or is it a message wrapped in meaningless eye candy?

Keep watching the web.

Live WWDC Coverage!

10:00 AM – Coverage begins NOW! Hot and saucy, just the way you likes it! This post will be in reverse order [Editor: since reversed to make it readable.] to keep you up-to-date on how many bottles of that Apple-branded water Jobs has consumed.

Forget the stock options. How much is Apple spending to keep Jobs in fancy water?

Please note that earlier plans to provide coverage entirely in pig latin have been CANCELED.

Canceled.

Anceled-cay.

Not gonna do it.

10:03 AM – BREAKING!

CARS is confirming MacNN‘s breaking news that

Attendees are being asked to shift to the center of the seating rows.

That is CONFIRMED.

Attendees are also being asked to arrange themselves so the tall ones are in the back and the short ones are in front.

10:15 AM – Jobs is talking about the conference stats. 1000 Apple engineers are here. One for every 4 attendess.

More startling, however, is the 1 to 1 booth babe ratio.

And, without further ado… SCHILLERMANIA!!!

10:20 AM – Schiller’s introducing the Mac Pro. It’s an all dual-core unit that will give you a woodie.

What did he say?

Oh. “Woodcrest.”

Yeah, I don’t know what that is.

Holds up to 4 internal drives FOR ALL THE PORN IN THE WORLD!

OK, not really, but a lot of porn.

Case design is relatively the same, but the inside is all-new.

Strangely, he adds “The outside is also all-new.” Then he pauses, looks at the audience and raises his eyebrows several times.

But… it’s kinda not.

No one’s sure what he’s getting at there.

10:25 AM – Ooooh, 3.0 GHz.

FINALLY.

Sheesh.

Uh… “Yay”?

Whatever, Apple.

Says the Intel transition took 210 days to complete, “faster than anybody else.”

What?

Who else was there? Are we talking alternate universe Apples here?

10:30 AM – New Xserves. 5x faster than previous models. 1 billion times faster than “doing it by hand.”

Oookay. Well, I hope they don’t do a bake-off of that. I’ve got a flight back home in a couple of days.

OK, Steve’s back to talk about software.

Oh, Bertrand Serlet is puttin’ the BEAT DOWN on Vista! Oh, Steve Ballmer, I do believe that French bitch just used your toothbrush!

BOO-YAH!

10:35 AM – Leopard

64-bit app support for apps.
128-bit support for widgets.

Huh. That’s weird.

Time Machine – integrated backup facility. Jobs says “So you little sissies don’t have to go whining to your mommas when you loose your pwecious data-ums.”

Man, that guy really has an attitude, doesn’t he?

The bad thing is, Time Machine only backs up to floppies, so you need to go out and buy a whole shitload of floppies, like, right now.

10:45 AM – And, of course, Time Machine features a whole bunch of cycle-sucking eye candy that you KNOW you gots to get yourself some of! You know you want it, baby! You want it bad!

You’re just an eye-candy whore! Admit it! You’d do anything for the eye candy!

You’re addicted! Like some cheap prostitute on crack who keeps crawling back to your sugar daddy, Steve Jobs!

You disgust me.

Speaking of eye candy, Steve’s now talking about Spaces, a new virtual desktop environment that will put all the other virtual desktop environments out of business.

Kinda surprised Arlo Rose wasn’t working on one.

Eh, for all I know, maybe he was.

10:55 AM – Spotlight can search other machines now. VP of platform experience Scott Forstall says “We want it to be a great app launcher.”

He says he also wanted it to be a magical pony that would come when he called it and would always be his bestest friend forever and ever, but Apple engineers told him that wasn’t possible.

He says they told him that ponies grow up to be horses and then they get old and sick and they have to be shot between the eyes by a sweaty ranch hand out back behind the barn when the kids are at the fair.

Now he’s crying.

Boy, this is really uncomfortable.

Schiller’s trying to console him.

Jeez… I…

Wait…

Ponies don’t grow up to be horses.

Colts grow up to be horses. Ponies are just ponies.

What the fuck?

11:05 AM – OK, Steve’s back. He’s talking about Core Animation.

He says “Your graphics card just went obsolete.”

Oh, great.

Leopard does braille support and closed captions for QuickTime.

And there’s nothing funny to be said about that.

OK?

So just shut up, Rudy.

Mail to feature big enhancements.

“For all you ass clowns who switched to fucking Ubuntu because we made you have to use an export utility to move your mailbox to another application – like your mail is sooooooo important, Cory Doctorow – well, you douche bags can just kiss my…”

Well…

He’s just kind of going on like that.

11:15 AM – Apple’s delivering Dashcode – an IDE for developing widgets.

Oh, for chrissake, who needs an IDE to develop a widget? That is so lame.

I made one with construction paper, some blunt scissors and Elmer’s glue.

And some glitter.

It’s… really cool.

It um… counts down the days until “Snakes On A Plane” is released.

OK, I have to change the numbers by hand, but…

11:25 AM – iChat demo.

Hey, wait a minute… Steve’s chatting with Schiller.

Schiller was just on stage…

Now he’s in Times Square. They say it’s just an effect, but…

OH, MY GOD! PHIL SCHILLER IS THE MASTER OF SPACE, TIME AND DIMENSION!

But you already knew that.

There’s a rollercoaster background and Steve says “Life at Apple is a rollercoaster”!

Ha-ha!

Yes, one day your little music device is bringing you boatloads of cash and the next they’re investigating your stock options!

WHOOOOOO!!!

WHEEEEEE!!!

AHHHHHHH!!!

Just give us the Leopard wrap-up, rollercoaster boy.

11:30 AM – That’s it!

Leopard to be released in the spring, when the flowers are blooming and love is on a young man’s mind.

And in his pants.

CARS Editor Switches to Linux.

Joining the increasing throngs of uber-geeks who have switched from the Mac OS to Linux, I regret to announce that I have come to the conclusion that I can no longer justify my use of Apple’s proprietary data formats.

For too long Apple has attempted to lock its users in to its closed platform and closed applications.

For this reason, I have reformatted my Performa 6400 and installed Yellow Dog Linux.

Yes, I know this will come as a shock to many of you, but I am eschewing Mac OS 9.2 for a more modern, stable operating system.

And, I must say, it’s going swimmingly so far. Installation was a breeze and I’m now enjoying the benefits of a fully cooperative operating system with protected memory and a host of robust applications with open data formats.

All…

Um…

All at a 640 X 480 resolution.

You know, I don’t know if you’ve ever tried to use an operating system release that’s come out since 1999 at 640 X 480 but it’s practically impossible. Modal windows don’t have scroll bars and when you can’t see the buttons because they’re off the screen, it makes computing kind of a crap shoot.

I tried picking my particular monitor – an Apple Multiscan 15-inch – in the display configuration and, well, things pretty much just went to shit. The colors all went to five different shades of orange and the display space was just half the vertical area of the screen.

Not easily dissuaded from my goal to ditch OS 9.2 and enjoy the wondrous, magical fairyland of openness that is Linux, I sought the professional help of a Linux geek in an online forum.

Here’s how the conversation went:

ME: I can’t seem to get the screen resolution right. I’m picking the exact monitor and video card I have from the list, but it gets all goofed up.

LINUX GEEK: You need to add a video argument to BootX, such as “video=atyfb:vmode:17,cmode:24”. Boot into Linux and run Xconfigurator and setup your video as desired. Then exit and run startx. It’s easy!

ME: Uhhh… OK. Gosh, there are a lot of parameters in your argument there. Not to mention all the colons. Maybe you can walk me through that a bit. Mine’s a 15-inch monitor. Should I change the 17 to a 15? What does the rest of it mean?

LINUX GEEK: Open your display.temp.config.pants file, set line 974 to “stun” and then reboot in gigantic robot mode.

ME: “Gigantic robot mode”?

LINUX GEEK: Just before the donkey appears, press command-option-shift-umlaut-fire and bark like a crazed hyena. Now dump your trash on your head and wave your genitals in the air in a circular motion with arms akimbo.

ME: OK, now you’re just talking gibberish.

LINUX GEEK: Aboogee agga! Muwasi matoombo! AI-AI-AI-AI-AI-AI-AI!

Well.

At least I’m still running OS X on all my other hardware.

Why You Will Get No Love Today and Tomorrow.

Nothing today and tomorrow, Apple-istas. Please accept any or all of the following excuses:

  • A tear in the space/rumors continuum has sent all Apple rumors spewing into another dimension.
  • Today is Ryan Meader appreciation day. Oh, who am I kidding?! Every day is Ryan Meader appreciation day!
  • Wait, did I say “spewing”? I meant “splooging”.
  • Your arms are too short to box with Steve Jobs.
  • We’re just not feeling it today. I’m sorry, we’re just not. Is it you? Well, not per se. Is it your “technique”? Since when do you have a “technique”? I wouldn’t call just yanking on it a “technique.” I’m not a Model T, Gloria. You can’t just turn me on by… Oh, no, no, no, no. No, you don’t. Do not try to turn this into a thing about your clitoris. This is not about your clitoris. I’m not lis-ten-ing, Gloria! LA-LA-LA-LA-LA-LA!
  • You stole Fizzy Lifting Drinks so you get nothing! NOTHING!
  • Got a better offer, man. There are going to be more babes at Scott’s party. Plus, he’s springing for a keg. Sorry.
  • Only the bagel has the correct aspect ratio.

Or, if you don’t like any of these reasons, feel free to add your own in the comments.

Frankly, you can do whatever you want in there. We don’t really care.