About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Apple's Enola Gay

Total control. It's in their DNA.

Get It

Try It

I was getting tired of those dinky little arrow keys anyway.

In case you missed it: Apple finally went FUBAR ('fucked up beyond all recognition') last week.

Right when most of the conscious world were still wondering who won the elections in the US and exactly what the F's been going on over there in the Land of the Free and the Unlimited Opportunities™, Apple Inc quietly dropped an Enola Gay on their unsuspecting fanboy community - propitiously before the ominous Friday 13 that followed, but it didn't seem to help.

Tom Claburn has a great summary of it here. And great title too, Tom.

Apple drops macOS Big Sur on the world - and it arrives with a thud, sound of breaking glass, sirens in the distance...

Tom doesn't get much one-on-one time with Apple people these days, in case you didn't know...

The uppermost ramification is about the 'lag' noticed as people tried to update their operating system, but that's only the uppermost part. The suck-up fanboys were of course already soiling their Pampers at this point.


Panic in a panic.

Note what Cabel says. 'FYI, seems to be something going on with super sluggish app launching right now.'

App launching. Why should Cabel, sitting in his scenic office in downtown Portland, be harmed by something that Apple fuck with so many miles away?

Precisely. And the answer? Oh just something Rixstep have been going on about for over ten fucking years now.

Get this, you pathetic pieces of fanboy dag-tag. Every time you launch an Apple application that's been code-signed, your Apple computer - your lovely Mac, slurp slurp slurp - has to phone home.

It has to contact Apple and make sure that Apple's root-level cryptographic seal on your software is intact and correct. It has to phone home.

Every time.

Recently Rixstep speculated in how Apple's 'shop of horrors' Xcode requires over five hundred thousand message digest calculations, all before you see the ugly thing on screen.

Five hundred thousand. Then Xcode phones home to make sure the seal is genuine. Just to launch the miserable POS.

Rixstep saw the clouds coming way over ten years ago. They weren't hostile towards Apple back then - just critical, as everyone should be. The hostility was all Apple's.

The Letter

Rixstep got a letter.

This might be something that's hard for Apple fanboys to swallow, but there are many Apple employees who swear by Rixstep software. The ACM like them too, as do NASA, as do universities. And so forth. This Apple licensee wrote to Rixstep, and hoped they'd keep him in mind, and at hand.

Rixstep checked the mail headers. Sure enough, the message came through Apple's own internal mail system.

The followup letter didn't come from Apple's internal mail system. It came from a private ISP, not in California either, completely sovereign and separate from the Apple network. The gent - was it a gent? The 'hackers' weren't always gents - asked Rixstep to recall his previous letter, which he quoted in detail.

So authentication was complete, in other words. And, at this point, the gent moved to secure encrypted private messaging.

This gent might be called a whistleblower, although he didn't have documents to share, as whistleblowers usually do. He had apprehensions - concerns, warnings. Rixstep had become known as the 'anti-fanboy' Apple site. The creators of the two most damning attacks on the Apple platform had namely turned to Rixstep precisely for this reason. The authors of the Month of Apple Bugs, that Bill Gates discussed with Jon Stewart on The Daily Show, had done the same thing.

The whistleblower was upset. Worried. Concerned. What he'd heard inside and around the Cupertino campus frightened him. Basically scared him to the core. And he wasn't the only one. He talked about how many of his colleagues felt the same way. How they speculated together about Apple management's scary long-term plans. Real diabolical.

Code-signing was the key. Code-signing was on its way. Apple got off to a shaky start with iPhone. Their security image got shot to shit already in the first half-year. So now they were trying to backtrack and compensate by moving in the opposite direction, and they'd now be using this new code-signing idea to push matters even further - to clamp down, so to speak, first on their iPhone and then on their Mac.

The surveyors were setting up the boundaries of the walled garden. Only software distributed through Apple would run on the Mac - that, at least, was the goal. Whether that goal was realistic, or attainable in practice, was another matter. That's where they were headed. That's what they wanted. All the whistleblower's colleagues were mostly in agreement: it was all about total control. The system itself was adequately secure. All marketing had to do was convince the fanboys that it wasn't secure after all. Apple marketing could do that in a single afternoon.

That was the idea. Total control. It's in Apple's DNA. No matter what Tim 'Mother Theresa' Cook says.

To get your software in Apple's App Store - the ideal location, as fanboys all have the App Store icon on their Finder desktop - you'd have to submit your software to Apple, at which point all bets are off, as Apple can do fuck-all to hack it, to mess with it, and you can't stop them. And if Apple don't find anything threatening or embarrassing - Apple marketing get embarrassed easily - they then slap on their root certificate and put it in their App Store in a not-too-prominent location where it gets lost in the rubble, underneath the high-end apps from the major players that Apple collaborate with.

The end of innovation, the end of freedom.

The Steve Gambit

Rixstep set up the 'Steve Gambit'. (Click here to read it.)

Quite simply, they trolled the 'Chicken Little' Mac community. As Rixstep were feared and hated by the fanboys, triggering them was child's play.

The article they published could have come out of the Mac-friendly media. It was intentionally so. There was nary a word or even a hint of scepticism or critical reflection. The piece reads like 'good things to come, don't you agree'. It was meant to read like that. Rixstep just placed it out there, like a land mine, and sat back and waited for the triggered fanboys to step on it.

The fanboys stepped on it.

Rixstep's gambit was to create such a panic that Apple and/or Steve Jobs himself would have to react and go public with a statement of denial. The gambit worked. Almost too easily, actually. But that Steve Jobs himself would get wrapped up in it - that Steve himself would be fooled - that was almost too much to hope for.

Yet that's what happened.

It may not be easy to fool Steve Jobs, but Rixstep could do it.

The idea was simple. There was no way Apple would change their sinister plans simply because people were suddenly onto them, but people would at least have them on the record, at their word, denying what Rixstep knew they were doing.

The upshot of code-signing - the ultimate Mother of All Hangovers, as Rixstep wrote only a few weeks ago - is that code-signing is even bad for your computer's health. All executables - binaries - with the code-signing section in their headers are picked up by the Gatekeeper monster, which in turn then contacts Apple. The Apple root certificate resides in Apple's Death Star under many a lock and key. Your Apple gadget needs to do a bit of chinwag with the Palpatine bastard before your wonderful app is permitted to actually launch.

[This doesn't apply to software that's not code-signed, something else the Rixstep people got right over ten years ago, another reason their software is faster and more reliable.]

[Apple can't see when Rixstep apps launch. There are no cryptographic seals from Apple on Rixstep software. Rixstep software is not held in quarantine by Apple's Gatekeeper. Apple and Gatekeeper can't see Rixstep software.]

There are so many things wrong with Apple's diabolical code-sign picture that it'd take a month to enumerate them all. Apple's fanboys have been too scared to even mention them.

Rixstep weren't the only ones who lit the flares back then, but the great majority of Apple's zombie fanboys ignored the warnings, as they always do. They marched, in their standard mindless obeisance, closer and closer to the edge. To their inevitable Ättestupa.

Pathetic. Disgusting.

The Great White Hope?

Apple used to be the 'Great White Hope'. Virginia Tech bought a colony of Apple computers, pushing Apple briefly into the 'top five' list of the world's most powerful supercomputers. Apple became the unexpected and unlikely new member of the free-and-open-source (FOSS) community, the influential group intent on making the Internet a safe neighbourhood again. Apple employee Rob Braun was tasked with starting 'Open Darwin', the project to make Apple's OS kernel source open and freely available to the world.

It was all a marketing ploy, as Rob Braun was to discover.

No company has ever been so anal-retentive as Apple. Apple destroyed the careers and lives of David Maynor and John Ellch, who accidentally discovered a fatal flaw in an Apple notebook component, and they destroyed the mainstream Washington Post reporter who'd covered it.

Apple's fanboys conducted a disgusting campaign against Brian Krebs who'd been the first to report. They even set up the fake website 'Brian Krebs Watch'.

(Slime ball John Gruber of course covered it. You knew he would.)

Apple fanboys are computer users, don't forget, but they're not ordinary computer users. They're sick people. And Apple's ruthless marketing department know how to manipulate people like that - they used their accomplices at Macworld to help out, and of course it was easy to get Grand Vizier Idiotus Maximus John Gruber onboard. Gruber wrote a bizarre piece about 'frogs in pockets'. Gruber was subsequently slammed to smithereens by none other than HD Moore, but at that point the fanboys were gone, past their bed and happy that they had John's frog under their pillows, intellectually incapable of understanding anything more.

So many good websites have been driven offline and underground by Apple marketing. Not Rixstep. No one else dares stand up to Apple. And to think that Rixstep were once Apple's biggest fans. Good for them.

As Apple readied the release of Lion (yes it's that far back in time) Rixstep unleashed the 'Steve Gambit' and got more than anyone could have hoped for: a blank denial from Steven P Jobs himself.

Now, so many years later, we're at the inevitable breaking point. The impossibility - the sheer insanity - of Apple's diabolical idea is finally undeniable even for Panic Cabel and Mustard Boy in scenic Portland. Your computer must be connected to the Internet, and it must seek and get Apple's approval to run anything. Think about it.

And, when you're finished thinking about that - and do take your time - then think about this.

As Apple have their slimy claws in you for every application you launch, knowing they have their claws deep into you already, knowing they can hack themselves into your system to bypass fundamental security controls: what's to stop them from culling all the data they want on you? Your crash report mechanism explicitly states that 'some' sensitive information can be sent to them. How do you know they can't and don't send more?

You don't. You can't. You have no protection. None. Your greatest threat when using an Apple product is Apple itself.

You have no protection.

The writing on the wall is now etched in stone. You don't have control over your Mac, over your iPhone.

Apple could have been the Great White Hope. Instead they embraced the Dark Side. That's how they'll be remembered.

- BCB Oyster Bay November 2020


Apple can't phone home on launches of Rixstep software. You can get a free version of Rixstep's core utilities here. Try it out - there are no strings. Think about migrating your computer and mobile use over time. Rixstep have more robust versions for use over time (licence required).

See Also
Rixstep: The Catalina files

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.