December 2006 Archives

From the Apple 10-K, filed today:

Although the investigation found that CEO Steve Jobs was aware or recommended the selection of some favorable grant dates [emphasis mine], he did not receive or financially benefit from these grants or appreciate the accounting implications.

This sentence seems to get worse with each edit. Here’s how it was in Apple’s October press release on the stock option investigation:

In a few instances, Apple CEO Steve Jobs was aware that favorable grant dates had been selected, but he did not receive or otherwise benefit from these grants and was unaware of the accounting implications.

So, the part about Steve recommending backdating is new. Ouch.

Update: A MarketWatch story on this. (via Daniel Jalkut, who also entertains us with some Apple + Nintendo news today)

At the 23rd Chaos Communication Congress (23C3) in Berlin, Ralf-Philipp Weinmann and Jacob Appelbaum gave a talk on the innards of FileVault. Since Knox uses the same underlying encryption technology, this information is very interesting to all users of Knox as well.

The talk just ended a few minutes ago, but to summarize the findings presented, here are the key points (as I see them):

• In addition to the AES-128 algorithm, the system relies on the 3DES and, if you use a master password, the RSA-1024 algorithms. Triple-DES is effectively 112 bit, and the RSA-1024 is a rough equivalent to a 72-bit symmetric encryption (according to Lenstra-Verheul heuristics).
• So, from a vulnerability point of view, RSA-1024 seems to be the weakest link of the algoritms used. Note that current Knox versions don’t offer master key support, so this potential weakness applies to FileVault only.
• Safe Sleep needs to be disabled and virtual memory needs to be encrypted.
• A brute-force attack with an array of 15 FPGA chips could try 30 000 passphrases per second. You need to use very strong passphrases to mitigate the risk of a brute force attack.
• The Mac OS X’s pseudo-random number generator suffers from a weak source of entropy at boot time (when securityd hasn’t been started yet). Additionally, even non-root users can write to /dev/random to supply the system with non-random entropy data. This doesn’t present a practical attack vector, however — a testament to the quality of the Yarrow PRNG used.
• “Apple doesn’t have much to be ashamed of, cryptographically”

Additionally, the presenters talked about a Firewire DMA vulnerability that allows any Firewire device to read and write to any memory address. They also demonstrated a free implementation for decrypting a disk image (given the correct passphrase). The slides and source code are available for download.

Since the BaseTen competition has really gotten off the ground during the past few days, we’re thinking of extending the competition deadline by a month to February 28th. I think two months is an optimal amount of time for something like this, and that’s why we set the original date to January 31st. But most people are only getting started now, so I think an extension makes sense.

I realize that if some of you are ready ship a stunning app by the original deadline, a month’s extension might seem unfair. If that’s the case, please drop me a note before next Monday, which is when I plan to make the official rule change.

I don’t understand this disabling the RFID chip in your passport meme, at all. What does a passport with the cryptographically-signed data missing look like? A forgery, that’s what.

But the article goes on to state that “a nonworking RFID doesn’t invalidate the passport, so you can still use it”. What? It seems to me that these new security measures, ostensibly intended to make forgeries more difficult, can be less than successful if they’re, you know, optional.

Well, never mind me then, I guess — go on and smash your passports to pieces. Here in Finland, though, that’s not a solution. There’s no workaround for the absolute worst feature of the new biometric passports (pictured above): all the identifying text on them is set in all-caps Verdana Bold.

We’ve progressed to revision 66 of the open source BaseTen project since our launch at the start of this month. I’ve now redone the disk image for BaseTen (still calling it DP1, though) to reflect these changes.

• We have migrated to PostgreSQL 8.2, which is now also the minimum version.
• We have open sourced the IB palette and the BaseTen unit test suite.
• There are improvements in working with views (as opposed to physical tables)
• BaseTen Stickies works better and is a bit simpler to compile.
• Many small bug fixes.

Remember that we are giving out a brand new Core 2 Duo MacBook for the best open source BaseTen app submitted before the end of January. So, time to get into it!

Via Jesper:

Much of the industry has lived off the Macintosh for over ten years now, slowly copying the Mac’s revolutionary user interface. Now the time has come for new innovation, and where better than Apple for this to spring from? Who else has consistently led this industry—first with the Apple II, then the Macintosh and LaserWriter? With this merger, the advanced software from NeXT will be married with Apple’s very high-volume hardware platforms and marketing channels to create another breakthrough, leapfrogging existing platforms, and fueling Apple and the industry copy cats for the next ten years and beyond. I still have very deep feelings for Apple, and it gives me great joy to play a role in architecting Apple’s future.

— Steve Jobs on the NeXT acquisition, December 20, 1996

The Wii Number is 4092 3756 1486 5316. Let the Miis mingle!

I’ve seen the future, and it’s called DarwiinRemote + MacSaber. You guys hear me? I’m waiting with the Wiimote in hand. Update: Doh, WiiSaber’s here already!

Scott Knaster reminds us that Safe Sleep is a killer feature. If only it was more secure than the current implementation.

Mike Zornek put together Child’s Play Day, a charity event where a bunch of Mac developers have teamed up to donate all of their proceeds for one day to charity.

We at MK&C are happy to participate: tomorrow, on December 7th, all proceeds from Knox sales will go directly to Child’s Play, a charity started in 2003 by the guys at Penny Arcade. Child’s Play helps make the holidays a little nicer for sick kids staying in children’s hospitals by providing toys and games for them to enjoy.

Judging by the wish list of the Alder Hey Children’s Hospital in Liverpool — our donation recipient of choice — your Knox purchases will help pay for some Nintendo DS and Nintendogs goodness.

Come get it, we’ve got it.