|Home » Learning Curve » Developers Workshop
It is our belief that Apple have been perpetrating a giant hoax since 2007, the ultimate purpose of which is to control the software market on all their platforms.
Controlling the market for mobile software has been easier: there were no precedents. Controlling the desktop/laptop markets is more problematic, as precedents exist. Most pundits and pros see an obstacle to hegemony, as these platforms already exist. The overall goal of Apple in such case is to get as close to full control as possible, a type of 'virtual control'.
The hoax begins by instilling in users a belief - a paranoia. some would call it - that their desktop and laptop systems are susceptible to attack, that users are not safe, and that only Apple can protect them.
Apple protect their users on desktop/laptop systems by 'virtually' requiring all software be 'signed' (sealed) by Apple, when in reality, as Apple systems derive from Unix and are not Windows, the dangers are very small.
But by 'virtually' requiring that all software pass through Apple for inspection, Apple in effect control the market there as well.
The one thing Apple won't approach is the hard requirement that all software be approved by them. We've all seen what this 'hard' requirement has done to their mobile platforms. Apple can seemingly not achieve the same level of total control over their desktop/laptop systems, but a near-total control, a 'virtual control', will accomplish almost the same thing.
Apple's ultimate goal for their desktop/laptop systems is to channel a near-complete distribution of software through their App Store, where they exact an unprecedented 30% commission on all sales revenues. Most payment processors, since the inception of online software sales, have taken a 10% cut. Apple's chunk is therefore three times that, and can net the company billions in a never-ending stream.
That is the goal of the hoax.
The early months of the iPhone were chaotic. Much software, including Apple native software, was still crashing regularly. Crash logs, posted online by various users, showed that Apple, unbelievably enough, were running all application software off the root (superuser) account. A further revelation was that the iPhone depended on two not-so-secret passwords: 'alpine' and 'dottie'. Unix experts, aware that a mobile device running on a Unix operating system would necessarily be much more secure than a comparable device running on Microsoft Windows, were understandably sceptical when they found that Apple had not been applying standard security practices.
Things changed suddenly with the fourth point update to Apple's iPhone operating system, and the practice of 'code-signing' began shortly thereafter.
'The codesign command first appeared in Mac OS 10.5.0 (Leopard) which was first released 26 October 2007, the same year as the introduction of iPhone.' - Wikipedia
'codesign has several operations and options that are purposely left undocumented in this manual page because they are either experimental (and subject to change at any time), or unadvised to the unwary. The interminably curious are referred to the published source code.' - man page for codesign 2011-05-07
Technical details irrelevant
The exact method of code-signing is not relevant. What is relevant is that software that has been code-signed but has subsequently been tampered with will not run.
But as the code-signing on desktop/laptop systems has not been mandatory (required by the kernel) then the lack of code-signing in the software has not raised an eyebrow. The addition of the cryptographic seal, with a 'root certificate' from Apple, in the software binary is indicated in the image headers.
Should the pertinent header section be removed along with the cryptographic seal, then the software will run without incident. It is only on the mobile platforms, where kernel code can demand the presence of the pertinent header section, that the software can be prevented from running.
This gives Apple a monopoly position for mobile software in their Apple Store. No mobile software can run if it is not sealed by Apple. Apple's App Store is by far the best place to expose software. And Apple will take 30% of the revenues for sales of the software.
Apple in effect control the entire software market for their mobile devices. This is nearly unprecedented in the computer industry, the only accessible parallel being IBM mainframe systems where use of third-party products could be prohibited and could result in the client's forfeiture of necessary system maintenance by IBM. That Apple should be turning the clock back at this point in time is an unfortunate development.
What to do
As Apple's current policies are an encroachment on software integrity, not to speak of a monopolistic or near-monopolistic control of the Apple desktop/laptop software market, these practices must not be encouraged.
Apple's current desktop/laptop systems, based as they are in Unix, are more than adequate to defeat intrusion by malware in all common situations. User discretion is of course advised, but the alternative - to 'dance' along with Apple and give Apple total ('virtually total') control of even this software market - is of course unacceptable, and violates all the core principles which have been the essence of the greater Unix community since the beginning.
Rixstep software for Apple systems - the 'ACP' and 'Xfile' - shall remain 'unsigned' and shall defy all attempts to be quartered. In the event this becomes impossible, Rixstep shall unequivocally withdraw all support.
It's better to die on your feet than live on your knees.
Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.
Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.
All Content and Software Copyright © Rixstep. All Rights Reserved.