Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Peeking Inside the Chocolate Tunnel

Oompa Loompa hits a stunned Apple user base.


Get It

Try It

Get this straight from the beginning: Oomp-A is real. Oomp-A works. Oomp-A spreads. It's a successful trojan, virus, and worm all rolled into one.

Now get this straight too: Oomp-A wouldn't be possible without Apple's flawed file system.


The Oomp-A exploit will not work on NeXTSTEP. It will not work on Unix. It will only work on OS X when using the rather peculiar HFS+ file system.

If Apple had released the NeXTSTEP they acquired in 1997, this would never have happened. But because Apple have taken a nigh-on perfect product and over a period of nearly ten years almost totally destroyed it, things like Oomp-A are possible and will continue to be possible.

There are no means of defence whatsoever.

Social Engineering

Oomp-A relies on social engineering, but very little as compared for example to the Love Bug worm six years ago. The Love Bug displayed an icon as well - but it was the wrong icon, and alert users could have seen something was wrong.

But the OS X file system HFS+ lets anyone disguise a file with a custom icon - something Windows, notorious for its security breaches, simply can't accomplish.

On OS X a hacker can disguise any file as something entirely else - it's a 'feature'.

Technologically Dependent

But Oomp-A needs OS X for more than its icons and social engineering capabilities. Without Apple's inexcusable file system HFS, Oomp-A would not be able to carry out its appointed tasks. Data is transfered from data forks into resource forks and executable code is run right out of resource forks. Oomp-A is, thanks to OS X, several executables in a single file.

NeXTSTEP has one weakness in this context, something discussed elsewhere on this site, something at the bottom of the admonition to never root-enable Cocoa applications: input managers.

Input managers are admirably easy to inject into a system and run in the context (the process address space) of their clients - and thus assume all rights and privileges afforded their clients.

Oomp-A installs an input manager. This input manager is automatically loaded by the system on behalf of applications and coordinates the work of Oomp-A in propagating and finding the actual application executable code it hides out of the way.

But this is a minor drawback in a much bigger picture. None of this would be possible without the indefensible HFS+ resource fork scheme. It's been noted many times before how this scheme can be used to dupe users. Yet Apple have done nothing.

Where It Comes From

Apple's file system HFS+ (properly called 'HFS Extended') is an upgrade of the originally released Macintosh file system. It is not compatible with Unix. NeXTSTEP did not run HFS+.

HFS+ has been kept because of all the legacy 'beige box' applications running on 'MacOS' in the past that were dependent on it. These applications were supposed to be phased out; it's been almost ten years now and they're still around.

HFS+ isn't POSIX compliant - it's been demonstrated ad nauseam at this site for years. The NeXTSTEP Steve Jobs brought from Redwood City was POSIX compliant. But then began the battle to keep the beige box alive - and in partly winning that battle, the diehards in and around Cupertino have only managed to destroy all they were given.

Apple's OS X is increasingly incompatible with Unix. OS X users experience greater and greater difficulties sending and receiving files with others who run Unix. And as of OS X 10.4 Tiger, Apple have begun committing the ultimate crime - namely corrupting open source FreeBSD Unix code to accommodate their resource forks.

Switchers from Unix were initially optimistic: NeXTSTEP represented the single most powerful challenger to Windows, the system that had to go 'no matter what' for the benefit of the entire web. Signs and hints that things were going 'the beige box way' were dismissed as being only 'temporary' - Apple's all-wise Human Interface Group, originally tasked to 'dumb down' the sophisticated NeXTSTEP to accommodate 'the rest of us', would soon reverse the trend and restore NeXTSTEP and Unix to their former glory.

Tiger with its unforgivable attack on open source Unix should have been the writing on the wall academia were waiting for; with Oomp-A, that writing becomes a direct insult.

In The Nile

Of course the beige box diehards - to this day not really sure they're running Unix and not some mysterious update to their precious 'MacOS' - are dismissing the news of Oomp-A. Never renowned for their technical expertise or good manners, these 'beige savants' are carrying on as always, being their usual annoying selves.

For example, Mac Daily News has a thread on Oomp-A that's a classic, going even so far as to call reports and studies of Oomp-A as 'incorrect' [sic]. They must run their own FlavorAid franchise.

It's this kind of foolishness that got Windows users in trouble six years ago. Unless Apple change their ways and honour their commitment to user safety, the same kind of foolishness is going to get people in trouble again.

See Also
Industry Watch: The Chocolate Tunnel
Industry Watch: The Legend of Oompa Loompa

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.