About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch


Let freedom ring! The freedom feels unfamiliar - but it's very very good.

Get It

Try It

RTP (Rixstep) — Rixstep proudly announce 'Seahaven technology' for their CandS application for Apple's desktop 'macOS'. Seahaven gives users the ability to be rid of 'cruft' created and slapped onto downloads for their file systems already before they access their files. This 'cruft' locks users in a 'walled garden'.

The Days of Tiger

It was with the release of OS X version 10.4 (Tiger) in 2005 that Apple finally dispensed with the perplexing 'resource fork', replacing it with a somewhat standardised extended attribute or 'XA'. Special formatting exemptions remained for the resource fork, but XAs were otherwise only a pair of name and associated data stream, in any format (most popular: the XML-based property list).

It didn't take long, however, before the XA facility was roundly abused - mostly by Apple.

Apple products of today routinely drop XAs in all the strangest places, for indefensible reasons, such as on temporary directories generated by product builds.

The breaking point came with recent OS version 10.14 'Mojave' when users suddenly found all their files - each and every file - contaminated with a new 'last used' XA as soon as they were opened.


Unsurprisingly, no explanation or documentation was made available by Apple.

Rixstep's 'XA' Utilities

Rixstep have had a number of Cocoa utilities dating back to 2005 to deal with extended attributes, and, as the complexities (and improbabilities) of successive OS versions grew, specific utilities to deal with the situations.

  • Xattr was the first utility to deal with the extended attributes API from a graphical user interface.
  • CandS ('Clean and Seal') was created to deal with the new 'last used' extended attribute on Mojave.
  • XaBatch, which has its command-line counterpart xabatch, is a script-based system administration utility for changing extended attributes in bulk.

But the advent of version 10.15 'Catalina' takes things one step further - a step too far.

Apple's 'Walled Garden'

Apple's ultimate goal with the all-important independent software market is to get creators to pay the debilitating 'Apple tax', something that Paul Graham and others have warned about for over ten years.

Locking down desktop systems like their mobile systems seems too risky - they feared a backlash. So now they've added 'notarisation' to their bag of tricks where they already have their dodgy 'code-signing'.

Suddenly Apple's 'Rock Solid Foundation' ain't looking too rock solid anymore.

It's amusing - how Apple can think people are going to be able to use their systems once all these measures are in place - having to, in essence, follow the famous 'Mac vs PC' parody of 'Cancel or Allow' to get access to their own home directories - to their own files.

As files are downloaded - not from all locations, just from the locations Apple can control - they're slapped with a special 'quarantine' extended attribute which is picked up by the launch services (by the 'Gatekeeper'). Once the files in question are logged by Gatekeeper, the user is effectively in Apple's 'walled garden', and the collection of Apple's draconic rules starts to apply.

Run for the Command Line

Yet all a user need do, to be rid of this menace, is proceed to the command line (Terminal.app) and type:

% xattr -csrv ~/Downloads

And, magically, just like that, the cruft - the walled garden - is gone.

(The new 'last used' XA can still be applied, but the download is 'liberated'.)

And one would think, with a solution so eminently accessible, that users would be intelligent enough to find their way out of this walled garden. But no - that would most likely be wrong, unbelievably enough.


Apple faced a similar situation - again coupled to significant financial consequences - when they introduced their iPod and tried to get contractual cooperation from the big record companies.

Apple's ability to 'deliver' to the record companies hinged on users not - mostly not - attempting to 'share' their music. While it was easy to get music on the iPod, it wasn't easy to get off. iPod_Control blocked user access to one's own purchases by other means, evidently enough to please the record companies.

All it took was to get onto the iPod with something other than Apple's Finder. iPod_Control was tinged by Apple with a special flag so it didn't show up in Finder. Other file managers, such as this one, had no problem finding iPod_Control. The command line in Terminal.app didn't have a problem either.

Yet Apple and the record companies were satisfied. And it's most likely going the same way here again.


Seahaven is a technology from Rixstep to automatically 'nuke' all extended attributes as they come in - as they arrive on your system, arrive on your Mac. Seahaven in CandS: it doesn't poll, but is wakened when things of interest pop up in ~/Downloads - it strips all extended attributes from the new arrivals.

Seahaven reacts to system notifications and events. And as notice of these events can be broadcast slightly before the events actually take place, Seahaven processes the information with a slight delay (less than one second). Should something slip through, one need only 'refresh' Seahaven to catch it next time around.


Seahaven is currently available only as a feature of CandS and Lightman. Other implementations are on the drawing boards and may enter the ACP update pipeline soon.

See Also
Hacking Code Sign
XaBatch Nighttime
Apple Locking Down 10.15?
Lightman (Jennifer will tell her friends)
appleclean (No in-between)
Locked in the Garden (Here comes the WWDC)
Developers Workshop: The Hoax
More on Codesign
That Gatekeeper Vulnerability
The Mouse and the Labyrinth
Downloaded to Seahaven Island
Cleaning Seahaven Island
Code-Signing Safari
Apple and Open Systems
Socially Engineering macOS Catalina
The Burbank Diet
Your Morning Marmalade
Seahaven Technology

Apple's Truman Show

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.