Category MWJ

Cult-like behavior?

The June 2007 New York magazine piece calling Steve Jobs “iGod,” combined with iPhone hype, brings back charges of a “cult” of Apple and its followers. However, The Weekly Attitudinal, MWJ‘s right-by-definition opinion feature, took on this canard nearly a decade earlier. The Attitudinal examined actual scholarly definitions of “cult-like” behavior, and found that not only is there no “cult of Macintosh,” but also that you could argue equally well that there was a “cult of Wintel.” This is from 1998—no Mac OS X, no iPod, no iPhone, no Intel transition, so some of the references are a bit dated, but it’s a good way to let you see where the Attitudinal has been on this issue all along.

We don’t update the online samples as much as we should, and sometimes it shows. For example, this month, we put MWJ 2003.05.25 into the subscribers-only MDJ and MWJ RSS feeds because that issue includes MacCyclopedia’s primer on the HFS and HFS Plus file systems – a fine companion to the Attitudinal’s exposition and takedown of ZFS as a “default” Mac OS X file system this month. What we forgot was that the issue was already available as a free sample of MWJ, in both PDF and setext formats. So everyone can enjoy it, while we work on the definitive answer on empirical vs. deterministic upgrade information. And stay out of the rain. We swear, every bit of rain that California’s missing, we’ve found.

The installer *probably* doesn’t overwrite newer files with older ones

If the business news and security news and press watch is not your style, check out this MacFixIt page. The site has often recommended re-installing “Combo” updates to repair mysterious Mac OS X problems, but MDJ and MWJ have responded by pointing out that this could undo later updates – for example, replacing files from a recent Security Update with older, insecure ones.

On Friday, MacFixIt insisted without sourcing that this was not the case. MDJ‘s publisher asked for sources, so the site’s Ben Wilson tested it and found it to be true.

That led to another technical diversion through a document that explains the situation, but for some reason is marked as “legacy” even though it seems to be perfectly true. We’ll expand on it and clean it up for a future issue of MDJ, but if you want a little technical interlude and the answer to a long-standing question, check it out. There are a couple of other situations not mentioned there where the installer might replace a newer file with an older one, but the good news it that it probably works the way you want it to work.

Does your MWJ RSS feed seem stuck?

We have now received multiple reports from MWJ subscribers who have been checking the secure, subscribers-only MWJ RSS feed but haven’t seen any updates since January. That’s bad news – we’re not done rebooting yet, but we’ve had several issues since then, including one last week, and they’ll all vanish when MWJ’s Book of Security is done (we see the light at the end of the tunnel, we swear we do).

The culprit seems to be Safari RSS – even after emptying the cache and refreshing the feed, we’re getting reports that it just doesn’t update. We don’t know why – when we try it, it works for us – but we can’t fix Safari bugs anyway.

Your MWJ RSS feed should have five issues of MWJ and eight issues of MWJ, ending (as of this posting) with MDJ 2007.04.04. If your RSS reader doesn’t show you all of them, we recommend one that will – NetNewsWire or the free NetNewsWire Lite. Every time we’ve advised someone to switch to NNW from Safari, they’ve reported back that all of the issues show up immediately. Other readers may work as well, but we know NetNewsWire does, so if your reader doesn’t show you everything NetNewsWire does, try again.

We believed that Safari RSS and Firefox fully supported password-protected (secure, HTTPS authenticated) RSS feeds, but according to 37signals’ FAQ for BaseCamp, they do not. They’ve apparently seen the same problems we have with Safari RSS appearing to work but not updating properly, and they also advise trying NetNewsWire (or NewsGator’s Windows product, FeedDemon, if you’re communicating on that platform).

We apologize for any inconvenience in the software that we didn’t write, but we’re simply following well-established Internet standards, and it’s a mystery to us why big programs like Safari and Firefox won’t support them correctly. There’s a free alternative, though, and we heartily advocate for it. Sadly, E-mail is so broken that we’re going to have to rely more and more on RSS to provide you with information. Read last August’s story for more details. There’s nothing we can do when a huge number of mail servers simply drop messages and never tell us, but they can’t stop you from reading the RSS feeds we provide you as part of your subscription!

Writing is easy.

All you do is stare a blank sheet of paper until drops of blood form on your forehead. —Gene Fowler

Repeating that this hasn’t been easy doesn’t make it any easier on you or on us, but we implore you for just a bit more patience. We’re essentially rebooting the entire operation and we’re almost to the login screen. We’ll make it a better metaphor within the week.

A reminder to MWJ readers – issues await you NOW!

We’re well aware that the previous issue of MWJ was in early November 2006, and we’re not trying to pull anything over on you. We’ve made no secret that the security topics we wished to tackle throughout the last half of 2006 kicked the crap out of us, and only in December did we start getting a handle on them and cranking through the topics.

What we want to remind MWJ subscribers today is that, by policy, while MWJ is delayed, you get free issues of MDJ in MWJ’s stead. If you want to read them, they’re in the secure MWJ RSS feed to which we distributed usernames and passwords either on 2006.07.02, or if you subscribed after that, when you signed up. (Sorry, free trial subscribers – RSS access is only available with full subscriptions.)

Just use the username and password we shared with you in Safari or NetNewsWire (or any RSS reader that supports both enclosures and secure pages) and you’ll find every issue of MDJ since the last issue of MWJ was published. (The issues are only available to MDJ subscribers for the first 48 hours after publication, but as soon as we rebuild the feeds after that, they’re added automatically to the MWJ RSS feed if the last issue of MWJ was published more than a week earlier.)

Right now there are 26 pages of MDJ waiting for you, mostly on security but with a few other topics. MDJ 2007.01.09, just published, has another 11 pages of current news and product announcements for Macworld Expo week, and that’ll be available in the MWJ RSS feed by Wednesday Thursday morning if MWJ hasn’t been published by that time.

We’re really doing our best through the difficulties to provide you with as much information as we can, but we simply feel it’s inappropriate to distribute issue of MDJ to you in E-mail because, well, many of you don’t want that much E-mail. RSS allows us to make those issues available to you now, just a click or two away if you want them now. Please feel free, as the scripted text in the RSS feed says, to “download, decompress, and enjoy!”

Updated: Thursday morning. Tuesday + two days = Thursday. We knew that. We think. It’s very busy this week. (Does the iPhone have a calendar?)

An RSS Update

Of course, a Security Update arrived while we were trying to write about Security Updates. That’s just how that works.

As of tonight, we believe we’ve fixed the MDJ and MWJ secure RSS feed generators to fix two problems:

  1. We’re now using ditto to create the “.zip” archives, so they should unzip correctly on just about any Mac OS X system you care to try, and

  2. If the previous issue of MWJ was published more than week ago (when the feeds are built), it should automatically include all issues of MDJ published since that issue of MWJ (except those in the last 48 hours, as we originally noted back when we formulated this policy). When the next issue of MWJ arrives, the MDJ issues will vanish from the feed.

With any luck, now that this code is completed, it won’t run again for weeks or months. We could live with that version of “that’s just how that works.”

A quick 2006.12.18 update

MDJ 2006.12.18 is now in distribution – and we’ve verified that the “.zip” file in the secure RSS feed both downloads and decompresses properly. The setext version has a proper digital signature, too.

If MWJ is not out by Tuesday night, MDJ 2006.12.18 will appear in the secure MWJ RSS feed. We still have to do that by hand, but after last week, we think we remember all the steps. After that, MWJ should return to a normal weekend schedule through the end of February, with one weekend off (though we don’t know which one yet).

MWJ update read by some

We’ve had our heads buried in the upcoming issue for a while and forgot to post an update until a few of you reminded us – sorry. MDJ 2006.12.06 is now in the MWJ RSS feed to help tide you over.

Long-time MWJ readers may remember May 2003, when MWJ seemed to vanish for a couple of weeks back before any health problems had come to the fore. The reason? MacCyclopedia was taking a complete look at HFS and HFS Plus, something we believed was necessary at a time when non-developer explanations of the Mac file system simply were not available. It took a long time, and not everyone agreed with that decision, but we were comfortable with the editorial decision. We’ve built on those concepts many times in the past 3.5 years, and will do so again this month with coverage of Alsoft’s DiskWarrior 4.

Right after WWDC 2006, we knew that the Macintosh story of 2006 was going to be security. We’ve covered the topic on and off in MWJ, including a few explanations of terms like buffer overflow, but it was time to take a much broader look at the issue. We set out to answer some of the obvious questions:

  • How do you know if a “vulnerability” is serious or not?

  • What was the deal with the “MacBook wireless hack?”

  • How can data, like movies or JPEG files, be a security problem?

  • When should I apply security updates?

  • What’s wrong with Safari’s “Open ‘safe’ files after downloading” preference?

And, of course, the big one:

  • Is Mac OS X more secure than Windows?

This is what we started assembling in August, even as the publisher’s “flu” got worse and worse until it turned out not to be the flu at all, and that became the primary focus for a couple of months. That’s how that had to be, and we all know that, though we still grump about it (especially him).

But both before and after the major health problems, this security story has been kicking the crap out of us, and we’re not too shy to admit it. It’s not just that security reports change by the day – that’s confusing, but we’re used to changing situations. It’s that our repeated attempts to put a narrative structure around these concepts failed, and failed, and failed again.

Some of the above questions have only unsatisfying answers, as you’ll see in our coverage. You can’t always know certain details about security problems, and you must make the best you can with what’s available to you. Discussing that process has taken more than we ever imagined, because every explanation tries very hard to slip into the Land of Jargon. You can find explanations like “the exposure for the vulnerability is predicated upon privilege escalation and user participation in adversarial activities,” but it’s a lot harder to find “You’re relatively safe from this problem if you don’t click on the URL or download the program. If you do, it could run with the same privileges as your user account. If you’re running as ‘root’ and let this thing have control, you’re totally screwed.”

Jargon is safe and comforting – passive voice, concept nouns, linking verbs. Jargon has no action – bad things “could result” from vulnerabilities that “allow” tasks “to happen.” It’s like the gag a few years ago in The Simpsons where Lisa tips off a local newspaper reporter that her brother and his friends are doing good in the community. The reporter says he has the perfect headline for it: “ACTIVITY PARTICIPATED IN BY SOME.”

It’s not that we have to “translate” this, for we understand the concepts. It’s that we fall into jargon as well because it’s so familiar when describing security issues, even though jargon obscures the facts. It turns into page after page of deathless, impenetrable babble, and no one knows any more after reading it than they did before. You expect better from us, and we expect to provide it.

We just didn’t expect it to kick the crap out of us for so long. Some of the sections in MDJ 2006.12.06 (and upcoming in MWJ) have, literally and without exaggeration, been rewritten 15 times since August to cut out the cruft. The newer material hasn’t had such extensive review, but we’re looking at it very carefully. As Strunk & White say, “Omit needless words. Vigorous writing is concise.” Zinnser adds, “There’s not much to be said about the period except that most writers don’t reach it soon enough.”

Sound like any security writing you’ve read?

A heap buffer overflow may be triggered when the Finder is used to browse a directory containing a corrupt “.DS_Store” file.

An integer overflow exists in Perl’s format string functionality. This integer overflow may lead to arbitrary code execution in Perl applications which use format strings unsafely.

It is possible to create an X.509 certificate containing a public key that could consume a significant amount of system resources during signature verification. An attacker may cause a system to process such a certificate, leading to a denial of service.

Sure, there are some subjects and direct objects, but not many. It’s so familiar we don’t even notice the writer passing the buck. Try these replacements:

  • The Finder may overflow a buffer in its heap if it reads a corrupt “.DS_Store” file.

  • A bug in Perl’s “format string” functions overflows an integer variable when Perl code uses the functions unsafely, either accidentally or deliberately to exploit the problem and execute attack code on your system.

  • Mac OS X’s X.509 certificate verification code has a bug – it can get stuck forever during signature verification if the certificate contains a public key crafted to exploit this bug. A malicious Web site or other Internet resource could present such a certificate to the system, locking up the program that tried to verify the certificate, a “denial of service” problem.

What may overflow a buffer? Finder (or, just as likely, the private “Desktop Services” framework that provides the Finder’s back-end). In Apple’s description, you can’t know – the problem “may be triggered” when the Finder does something. Does the X.509 code have a bug? Apple only wants to say that “it is possible” for an unnamed someone “to create” a certificate “that could consume” system resources. But certificates don’t consume resources. The code that verifies certificates consumes resources. That’s where the problem lies – and that’s what Apple (and every other company with security problems) conceals with the passive voice.

It’s not just about vigorous writing – passive voice hides the facts by leaving out subjects and objects. We want facts like “Pre-Teen Braves Restore Local Field,” but we get “Activity Participated In By Some.

We’re trying not to fall into that trap, and it’s taking time. Read the first part from your secure MWJ RSS feed and tell us how we’re doing. This is MWJ’s Book on Security, and we want it to settle as much as it possibly can.

The reality about Steve Jobs and stock options

We’re not going to spend more space right now in MDJ or MWJ refuting items that were obviously false months ago, but it is disappointing to see Dave Winer appear to endorse a story about Apple’s backdated stock-option controversy, quoting a passage that says “Apple will end up being a model case of how NOT to handle such affairs, and Intellectual Dishonesty will have cost the company more than dishonesty itself.”

The actual story, from Mark Anderson of the “Strategic News Service,” claims that Steve Jobs did benefit from backdated stock options because he later traded in all of his options for shares of restricted stock, and they wouldn’t have been worth as much if they hadn’t been backdated.

This isn’t “intellectual dishonesty” from SNS as much as it is “intellectual laziness.” First, as noted in MWJ 2003.04.14, not long after Jobs traded in his options for shares, all of Jobs’ options were underwater at the time. Even the ones that hadn’t vested were still underwater. Jobs exchanged 27,500,000 options that were almost all vested but seriously underwater for less than 20% as many shares – 5,000,000 – that he would not be able to sell or vote or do anything with for three more years.

To argue now, three and a half years later, that Jobs benefited because these options were underwater by US$30 per share instead of US$32 per share doesn’t pass the laugh test. In fact, as of the day Jobs made the switch (2003.03.19), it would have been a net loss for him if Apple’s stock didn’t pass US$44.85 per share by the time the shares vested in March 2006. As of the day of the options-for-future-shares exchange, Apple’s stock closed at US$14.95 per share. If Apple’s stock didn’t at least triple in a three-year period, Jobs would lose money on the exchange. This is the transaction that SNS now says “benefitted” Jobs because his never-exercised, heavily-underwater options could have been two or three bucks more underwater per share.

Second, all this presumes that Jobs is interested in selling Apple stock or exercising Apple’s options. There is not one piece of evidence to support that idea – not a single one. For this, we quote from MWJ 2006.08.05:

Early reports seemed to zoom in on Jobs’ 2000 stock option grant, the one that was for 20,000,000 shares by the time he exchanged it for restricted shares in 2003, thanks to the February 2000 2-for-1 stock split. The famous grant captured media and analyst attention after Apple’s announcement, even though no one could explain why it might be irregular. In fact, it doesn’t look bad at all: Apple granted the options to Jobs on 2000.01.12, and announced it just one week later, on 2000.01.19. Unless the company was scanning a much larger period but chose to backdate the options by only one week, there’s not much “there” there.

Observers looking for some hint of backdating seem to have forgotten about Jobs’ second grant – 7,500,000 options with a striking price of US$18.30 per share (or US$9.15 per share in today’s split-adjusted pricing), awarded on 2001.10.19 because all of the previous 10,000,000 (pre-split) options were underwater. The potential problem? Apple didn’t reveal the grant until an SEC filing in March 2002.

Using prices in today’s shares (after 2-for-1 splits in both 2000 and 2005), an examination of Apple’s stock prices finds that during the window between 2001.10.19 and 2002.03.22, Apple’s stock closed between US$8.78 and US$12.73 per share. For example, on 2002.03.04, Apple’s stock closed at US$12.15 per share, a full US$3 per share higher than Jobs’ option striking price of US$9.15 per share. If Apple’s board actually awarded the options in early March 2002, but backdated them to 2001.10.19, it would have made Jobs’ grant worth US$45 million more than had they been awarded on 2001.10.19.

Before you shout “j’accuse!” at this revelation, you should realize there are plenty of problems with this theory. First, if Apple’s board tried to backdate options to give Jobs more money, then why didn’t the directors pick one of the four other dates in that same window when the closing price was lower than US$9.15 per share: 2001.10.23 (US$9.07), 2001.10.29 (US$8.81), 2001.10.30 (US$8.80), or 2001.10.31 (US$8.78)? Two trading days before the grant date, Apple’s stock closed at US$8.49 per share (2001.10.17); two weeks before that, the stock closed at US$7.49 per split-adjusted share (2001.10.03). If the directors were willing to backdate six months to give Jobs an additional US$45 million, why not an additional three weeks when that would have added another US$24.9 million to the same grant?

Second, you must consider that Jobs has not exercised a single option or sold a single share of his Apple stock since returning to the company, except in March 2006. We explained that at the time on the MacJournals-Talk mailing list, currently on hiatus. Jobs sold almost half of his shares of Apple stock, starting on 2006.03.19 (yes, a Sunday), at US$64.66 per share.

As of that week, Jobs completely owned 10,000,004 shares of Apple stock. Jobs received 1,500,000 shares of Apple stock in late 1996 for selling NeXT to Apple Computer, and according to former CEO Gil Amelio’s book On the Firing Line, Jobs promised not to sell the shares for six months to avoid undermining public confidence in Apple. Amelio says that Jobs professed to understand how important it was to hold that stock longer than six months.

Instead, just as he had sold all but one share of Apple stock after being evicted from the company in 1986, Jobs turned around in 1997 and sold all but one of his new shares as soon as the six-month period had elapsed. The sale, at near record-low prices for Apple stock, hurt investor confidence in Apple and helped usher Amelio out the door nine years ago (MWJ 1998.04.06). That one share turned into four shares with 2-for-1 stock splits in 2000 and 2005.

That was all of the stock Jobs owned until March 2006, when his restricted grant of 10,000,000 shares (not options, and doubled from 5,000,000 thanks to the 2005 split) vested in full. Once they vested, though, they became his personal property. As far as the IRS is concerned, a gain of 10,000,000 shares at US$64.66 per share is income of US$646,600,000. That makes for a hefty tax bill that has to be paid in cash, not in shares of stock.

The SEC recognizes that this happens. Company insiders (executives and directors) are required to notify the SEC and the public when they sell shares of stock so that there’s no secret insider trading. Every year, around the time of Apple’s annual meeting, another round of executive stock options vests, and there’s a slew of SEC Form 4 filings as Apple’s executives turn those restricted options into actual Mercedes-buying cash.

Jobs had never done this, and his own filing showed that his sale wasn’t the usual kind. Form 4 has a “transaction code” in section 3 of Table I, and it’s almost always either “P” (purchase) or “S” (sell). For Jobs’ transaction, the code was “F”: “Payment of exercise price or tax liability by delivering or withholding securities incident to the receipt, exercise or vesting of a security issued in accordance with Rule 16b-3.” That rule lists exemptions to filing notice of insider trading; Apple’s grant of shares to Jobs qualifies because Apple’s board of directors approved it. It means that Jobs didn’t have to file Form 4 when he gained ownership of the shares.

In short, Jobs sold 46% of his new Apple shares to pay the taxes on the 54% that he kept. Even if Jobs had US$295 million in cash lying around, he probably didn’t want to spend it on taxes just to preserve shares that he hasn’t shown any interest in exploiting for nine years. Other than this tax obligation, Jobs has neither sold shares nor exercised options on Apple stock [since taking over as interim CEO in July 1997], not on a single share, even though they were worth hundreds of millions of dollars.

Jobs’ history with Apple shares strongly suggests that he views [options and shares] not as liquid assets, but as recognition of success and as power chits. Jobs doesn’t seek compensation from the companies where he works, and recently made news by refusing compensation for his service on the board of directors of The Walt Disney Company. (Disney’s board had to modify the director compensation policy to accommodate Jobs – the existing plan had no provision for a director declining to be paid. The SEC filing about the change tipped off the media.)

Jobs holds on to the stock of companies where he works, and sells it only in dramatic gestures when he’s not in charge and things aren’t going his way. It wouldn’t surprise us for Jobs to sell all but one share of his Disney stock if he perceives management as fouling up his Pixar legacy. Given all this, it just doesn’t make much sense to believe that Apple’s board would go to such lengths to backdate options for a man who obviously didn’t care to exercise them anyway. As long as Jobs is in charge of Apple Computer, he has no interest in selling stock or options.

Given these facts, what does Mark Anderson of SNS say about it?

Here is my conclusion: I think (and I have no direct evidence for this, other than the behaviors and quotes from those involved) that Steve Jobs was aware of the practice, did personally benefit, and had some role in the granting and dating of those options.

So, Anderson says if certain things had happened that didn’t, and if Jobs had done something that he didn’t do, then the statements that Apple made about what really happened would be false and Steve Jobs is in legal trouble.

We were talking about “intellectual dishonesty?”

Something you can do to help

[Note: This item was originally posted on September 28, but for some reason, it keeps vanishing. Restoring it occasionally bumps it to the top of the home page, but unless you see an “Update:” at the top or bottom, there’s nothing new for those who’ve already read it. Sorry for any inconvenience.]

We’re all extremely grateful for the E-mails and other things that have poured in since Matt first discussed his diagnosis of heart failure, and the new batch that came in today after it was disclosed in MDJ 2006.09.28. Many people have asked if they can do anything, no matter how small, and after reading today’s E-mail, there is one thing everyone can do that would help us tremendously.

Stop using StuffIt 7 or 8. Seriously.

We’ve distributed the PDF versions of MDJ and MWJ as binhexed StuffIt archives for over ten years, because until the days of Mac OS X, that was the best way to save bandwidth while preserving the "PDF " file type and "CARO" creator type necessary to allow double-clicking the issue files. In the past couple of years, readers have requested a switch to Zip archives because they’re easier to decode on other platforms. We would have preferred switching to StuffIt X because, frankly, it makes smaller files, and we’re all about saving bandwidth – but the free StuffIt Expander for Linux can’t decode these files, and a few people do process their E-mail on Linux boxes, so we’ve resisted the temptation.

But for some reason we don’t really understand, a lot of people seem to have stopped paying attention to StuffIt when Apple stopped bundling it. StuffIt 7 was released over three and a half years ago, and a lot has changed on Mac OS X since then. That was pre-Safari, for pete’s sake. StuffIt 9 (released two full years ago, before Tiger) added important new decompression algorithms to keep up with the latest in Zip technology, as well as to support new StuffIt features.

We know that Aladdin/Allume/Smith Micro has not always made upgrading StuffIt easy, especially if you want a new Expander while keeping the functionality of an older paid version. Some versions of Expander installed a “replacement” StuffIt framework that made older paid versions stop working. Even today, Smith Micro requires you to provide your E-mail address to get a link to the StuffIt Expander download page, and notes that by doing so and clicking the links, you are signing up for an opt-out mailing list about new products. We’re glad that you’re no longer forced to download the entire “StuffIt Standard” product and install it for evaluation just to get Expander at all. Even so, this is the kind of behavior that has dropped Expander from a “must-have” to “must-tolerate” product.

Nonetheless, if you use StuffIt Expander, you are well advised to use a current version. If you’re unwilling to try the brand new Expander 11.0, the same download page offers Expander 10.0.2. If you have multiple versions already, we advise that no one use any version of StuffIt Expander older than version 9.0.2. Version 9.0.1 and earlier simply cannot expand all modern StuffIt and Zip archives. If you’re not using at least version 9.0.2, you need to update, or alternately, accept that there are archives in the wild that you cannot decompress – and some of them may come from us.

Paying for StuffIt is no longer a no-brainer (we hope to take a full look at version 11 in an upcoming issue of MDJ and MWJ), but that doesn’t obviate the need to stay up-to-date if you do use the free StuffIt Expander. We try to stay up-to-date on lots of tools to get the smallest files possible, and we simply cannot guarantee that we can create files that old utilities know how to decompress. It’s more of a pain than it should be, but one of the best ways you can help us deliver issues to you is to have a current (i.e., 9.0.2 or later) version of StuffIt Expander.

We hope to make Zip archives that either the command-line or the Finder can decompress, but even that may require current versions of those programs (i.e., Tiger or later). The best way to make sure you can decompress anything that anyone creates is to use StuffIt Expander 9.0.2 or later. Just that simple change would probably drop our support E-mail by 25% per month, believe it or not.

Oh, and if you’re unhappy with current StuffIt offerings or practices, tell Smith Micro. Be specific about what you don’t like and what you’d like to see instead. We know they want to hear from you.