Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Home » Industry Watch

CLIX: Cheap and No Strings

From academia to jet propulsion laboratories and around the globe...


Get It

Try It

CLIX is how you access Unix on your Mac.

Unix is what drives your Mac. Under the hood. All your applications ultimately interface with something called Unix. And your Mac also has hundreds upon hundreds of command line tools that interface with your Mac - with Unix - in much the same way.

CLIX is available for all versions of the Mac OS from 10.6 Leopard and on to today's latest - one version fits all. And it's free.

Background



Someone gave us a year's subscription to eWeek way back when we were in Chapel Hill. We never found who. We're reasonably certain it wasn't a fluke: someone actually paid for it. But we never found out who.

And what better way to spend an evening under the stars of North Carolina than to sit out on the stairs of our postgrad building and read eWeek?

The idea for CLIX came through one of those evening sessions. The idea matured over time. For with the Mac just as with Windows years earlier, the carpetbaggers had found their way to the platform.

Carpetbaggers: semi-educated programmers with some knowledge of Unix and access to its source code. Take some fancy Unix function, dress it up in a flowery frock, and sell it for serious cash. Even though the guts of the thing was open source and probably already there on your hard drive.

This happened a lot on Windows and it started happening to the Mac. Not good.

But how to defeat the scam? What were the scammers trying to sell? Mostly it was system configuration settings. Being able to modify them. So they'd package some cool settings in a graphical user interface, use Unix command line tools behind the curtains of Oz, and then charge you money. Better still, some of them told you their product was free, they came with a few updates, also free, kept at this until they had enough users, then announced a new update without telling you it wasn't free, so you downloaded the new version, overwrote the old free one, and suddenly you were stuck. Not nice.

But beyond that: there's an inherent limitation in a GUI that lays out everything for you. You get only what you see. You can't add to it. You might also find a lot of the offerings lame at best. The key was to find a way to make such an app infinitely extensible. It took a lot of thought under the stars with eWeek.

Gradually the kernel of the idea took form. Use the basic mechanism of our database utility, but hot-wire one of the fields on the edit sheet so the app would run the command line there. Getting the command line to run in a background process was only a matter of creating a separate 'task' and 'piping' input/output through to that task.

Our CFO was asked if this was OK. It's going to be a free app, we said. Why does it have to be free, the CFO asked. Because this is about education, and information, and information should always be free, we said. OK, so how long will it take, asked the CFO. One working day tops, we promised. We got the green light.

That one working day was fourteen hours long, but the first version was completed in a single day. Some details were still a bit scratchy, especially output, but all else was in place. We submitted it to MacUpdate as 'CLI', then thought better of it and renamed it 'CLIX', but MacUpdate never caught on. VersionTracker got it right. We also submitted it to an Apple newsletter, unaware that a lot of journos subscribed to the newsletters, and that's when it took off.

Some people didn't like the idea we were putting carpetbaggers out of work, but that comes with the territory.

CLIX & Code-Signing



CLIX can't be code-signed. Apple's code-signing can easily be defeated anyway. Want to know how? Just go into the executable and wipe away the entry in the header for the code-signing. Note that this only works on the Mac, and not on iPhone, where the code-signing section is required. The section cannot be mandatory on the Mac, for several reasons.

CLIX uses its own type of code-signing. Apple's type and the CLIX type are incompatible, but more than that: the Apple type can be defeated but the CLIX type cannot.

How does one devise a 'sealing' mechanism that can't be defeated? That was the challenge. And it took half a year to come up with the solution. We pictured it like Harry Houdini locked away. In some container. With chains and locks on the outside. Except for CLIX you couldn't have the container locked from the outside. It had to be locked from the inside. Which sounds impossible. But we never say 'impossible'. You can try any trick in the book. But if a single byte of CLIX code is altered, the app will shut down and all sensitive data will disappear all over the place. Just like that.

CLIX is White

CLIX will always be 'white', will never go into 'Dark Mode', because there is only one version of CLIX, and it runs on all versions of the OS, from 10.6 and forward to the present day.

Further Security Concerns

Any app that's going to toy with your admin password has to be protected. The popular 'sudo' is a case in point. All 'sudo' does is use its own on-disk ownership and 'set ID' settings to escalate you. The rest of the program is there to stop people from messing around. An air-tight, logically robust, system is needed.

Making sure of who is invoking the background process is a big issue. CLIX climbs the process hierarchy tree to make sure the call is coming from the same foreground process.

Denying access to physical passers-by is also an important issue. CLIX wipes all vestiges of your admin password, be they in the on-screen interface or be they in computer memory, as soon as your Mac goes to sleep.

Corrupting your $PATH variable is another trick used by interlopers. You may find that some of your commands don't use their full paths. This is a mistake the experienced admin will never make. Nevertheless: CLIX ignores the version of $PATH made available at user level and only respects the version found in read-only OS kernel memory.

Online Help

It's right there in the lower left of your command sheet all the time. Just click in that area. Or double-click a keyword in the command field with the appropriate 'shift' key to invoke it. This is the system's own 'manpage' functionality piped through to you. You can see either the actual manual page for a command keyword or its so-called 'apropos' listing. You never have to go outside CLIX to access documentation.

How to Use CLIX



CLIX is a standard 'document-oriented application'. Meaning it's not a so-called 'singleton'. Meaning it operates on its own document files. To do something with CLIX, you need to have the app and a 'document'.

You can always create a new 'document' just as you would with any other Mac application. All those items - New, Open, Close, Save, and so forth - are on the 'File' menu. As they would be with any other Mac application.

CLIX documents are organised as listings of 'records' in what Microsoft and Linux would call 'list views', what Apple would call 'table views'. These records have four (4) fields: Title, Category, Description, and Command Line. The first three fields are for your convenience: you can name your command anything you like. Likewise, you can put it in any category you like. (You can make up your category names arbitrarily - this is solely for your convenience.) Likewise again, the Description field is only for your convenience: you can use the field to 'describe' your command any way you like, or add notes and/or reminders you find useful.

It's the Command Line field that's pivotal: here is where you write in your command line. This is almost always exactly the same as what you would type from the command line (from Terminal). The one exception is when you invoke the command 'sudo': you must append '-S' to 'sudo' when invoking from anywhere other than the standard command line (from Terminal).

You double-click (Edit-Edit on the menu) a command to bring down the command sheet for that command, and it's here that you will invoke the command as well (by clicking 'Run' at the bottom of the command sheet). (It's Edit-Add to add a new command.)

You can name your CLIX files anything you want. Use the extension 'clix' so you can double-click to open the files.

Response

Response to CLIX was overwhelming. Part of this is due to so many journos seeing the announcement on Apple mailing lists. The word spread from there. In a word, CLIX is just 'handy' - handy to have around. It takes no disk space to speak of and it's eminently useful.

Word spread from academia to jet propulsion laboratories to CENTCOM in Baghdad. It spread around the globe. Things that are useful, cheap, and 'no strings' have a tendency to do so. We hope you find it useful too.

See Also
CLIX: Learn to Fish

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

CONTACT INFO:
John Cattelin
Media Contact
contact@rixstep.com
PURCHASE INFO:
ACP/Xfile licences
User/Family/Business
http://rixstep.com/buy
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.