“One of the problems of computer security in practice is providing an easy mechanism for the user of a system to take advantage of the security features present in an operating system. A system may have significant security features, but absent an interface that allows the user to easily make use of those features the effective security of the system may be low.” Read the PDF paper here. Elsewhere, BBC writes about Panther: “Apple, fed up with playing second string to Windows, has been taking its operating system from strength to strength.“
Mac OS X: User Friendlier Security for Unix
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Nice PDF, but looks, and sounds like it was written by a high school’er for a research project. Has some interesting views, overall was an alright review. This user definatly needs to try Panther though, as his views were based on 10.2
From the article:
“Panther’s dock for example resembles the Microsoft Windows Taskbar, but Apple’s version is more stylish and fun.”
Is it me or does it seem like the GUI resembles more CDE or XFace? Is that a bad thing? Of course not, I like CDE/XFace. Just an observation, just wondering if anyone else sees it that way?
Choices by mis-spelling ?
one more idiot
1. OS X needs less tinkering with hardware – because OS X supports 1% of hadrware plus all of it is pretty standard for all OS X installs?
2. FBSD can be installed without any port opened. Learn OS that you are talking about.
3. about crating accounts: default OS X user has more priviledges than first user on FreeBSD as nobody is using root.
4. fink is far from flexibility and power of ports
5. firewall on OS X is no comparison to ipfw2 or pf. Get real
6. and so on
In general it is funny paper. Indicating that author never used FBSD.
Off topic (Kinda):
Well I went off looking.
The pdf comes from somewhere called SANS:
“SANS is the most trusted and by far the largest source for information security training and certification in the world.” – http://www.sans.org/
The mentioned GSEC is:
“GIAC Security Essentials Certification (GSEC)
Level: Foundational” – http://www.giac.org/subject_certs.php
Tracking a little further reveals that the paper is actually the work of a student studying for this certification (This means little, it could be anyone from a 16 year old with cash to an experienced sys-admin looking to pad their cv), however it IS coursework (On a brighter note the guy passed :>).
I’ve never been totally sure about the whole linking as opposed to copying thing, but they do mention this at the SANS site the paper comes from:
“All papers are copyrighted. No re-posting of them or distribution of them is permitted.” *shrugs*
****
On Topic:
I can’t believe the guy makes it through the whole paper without mentioning the a simple security rule. Namely that if security is increased then user friendliness will be decreased. There’s just no getting around that one.
MacOS X’s sister OS *is* FreeBSD. I believe the latest incarnation of OS X essentially corresponds to FreeBSD 5.0, although with a few exceptions.
So for example, you say:
“5. firewall on OS X is no comparison to ipfw. Get Real.”
Well, actually firewall on OS X *is* ipfw. So I’d say the comparison is remarkably similar… identical even.
Cheers.
“MacOS X’s sister OS *is* FreeBSD. I believe the latest incarnation of OS X essentially corresponds to FreeBSD 5.0, although with a few exceptions.”
No, correct me if I’m wrong but the OS is Mach. BSD is just a thin compatability layer.
If security increases, user friendliness decreases. While this is generally true, I do think it’s possible to make for instance packet filtering firewalls more user friendly without compromising security. This has to do with people’s ability to think in abstract patterns.
I can create very intricate rules for packet filtering using vi, but I have to keep a mental model of the packet flow inside my head at all times. This puts quite a strain on my brain, and I’m sure many people have trouble keeping such abstract structures in their heads.
Graphically representing packet flow could in this case make a huge difference. If you can actually see in a visual representation where your packets go and the effect your rules have, many mistakes can be prevented. Often a firewall seems to work properly, except for a small exception the admin didn’t think about at the time he wrote the ruleset.
Please do keep in mind that I’m definately NOT a proponent of a panel with buttons saying “firewall: on or off”, but a visual model of packet flow should be feasible. Something like a river with pipes leading to and from it that have different valves on them, just to mention the first metaphor that springs to my mind. You could draw out your network on such a schematic and more or less intuitively direct packet flow and shape traffic. I’d love to have such a program to debug my rulesets, maybe it’s something Apple should try its hand at. ;o)
No, correct me if I’m wrong but the OS is Mach. BSD is just a thin compatability layer.
Depends on how you want to define OS. The kernel is a mach derivative, the low level system is a BSD personality on mach, commandline userspace is BSD and the GUI and accompanying API are new.
MacOS X’s sister OS *is* FreeBSD. I believe the latest incarnation of OS X essentially corresponds to FreeBSD 5.0, although with a few exceptions.
Not quite, it’s BSD layer is just MODELED after FreeBSD, and actually I think it’s 4.5 now not 5.0 they’re modeling from.
MacOS X’s sister OS *is* FreeBSD. I believe the latest incarnation of OS X essentially corresponds to FreeBSD 5.0, although with a few exceptions.
Not quite, it’s BSD layer is just MODELED after FreeBSD, and actually I think it’s 4.5 now not 5.0 they’re modeling from.
The latest re-encarnation of MacOS X is primary based on FreeBSD 4.9, however, there are some technologies back ported from 5.0.
When MacOS 10.4 is released, it will most likely be based on FreeBSD 5.3 and hopefully some of those parts can be ported across.
The best way of describing the layers is like Windows. Windows NT has the NT kernel and so forth, what makes NT Windows is the win32 api. The win32 api can be replaced with something else.
The mach kernel has the BSD user land API along with various cross pollination, IIRC, FreeBSD uses the Mach VM. I am sure Bascule will be able to point out the various other examples of cross pollination.
XNU, the kernel of Darwin/OS X, is primarily a Mach kernel. However, as Mach is a microkernel architecture, it typically depends on “servers” running in userspace for large portions of its functionality, such as accessing filesystems and networking. Apple has eliminated these Mach servers, and replaced them with code from FreeBSD. Because FreeBSD’s VMM is originally based off Mach’s, Apple was able to graft the Unified Buffer Cache (UBC) from FreeBSD onto the Mach VMM (and supposedly improve the performance of the VMM with several of the changes FreeBSD has made). The UBC is where the FreeBSD VFS attaches to the VMM within the kernel, so after the UBC was ported the VFS could be incorporated outright. The networking Mach server was also replaced with the network stack from FreeBSD.
The original Mach userspace, which is essentially the userspace from 4.3BSD, has been replaced with FreeBSD’s. So these three components, the userspace, the VFS, and the network stack, all come from FreeBSD. The rest of the code is essentially Mach.
But Apple is not shy about using good ideas from other sources.
Panther’s dock for example resembles the Microsoft Windows Taskbar, but Apple’s version is more stylish and fun.
Apply may not be shy about using good ideas from other sources, but their dock comes from Next’s dock, which predates Microsoft’s Taskbar.
“Apply may not be shy about using good ideas from other sources, but their dock comes from Next’s dock, which predates Microsoft’s Taskbar.”
Apple also has a few followers with misconceptions about what was/was-not invented by Apple/Steve Jobs.
Go to:
http://toastytech.com/guis/guitimeline3.html
Note that, in 1985, a taskbar/dock is clearly visible on the first release of Windows. This is evidently the first appearance of the taskbar/dock, and it predates Next OS by many years.
Apple also has a few followers with misconceptions about what was/was-not invented by Apple/Steve Jobs.
Go to:
http://toastytech.com/guis/guitimeline3.html
Note that, in 1985, a taskbar/dock is clearly visible on the first release of Windows. This is evidently the first appearance of the taskbar/dock, and it predates Next OS by many years.
This is as silly as your equating of window tiling and Expose. Yes, in some very basic concepts both the Taskbar and the Dock resemble the first version of Windows, but both of them greatly expand on both capabilities and execution. Some differences that spring instantly to mind:
* The Taskbar and Dock show windows, not applications.
* The Dock is used to start applications (so can the Taskbar, if you consider Quicklaunch part of it).
* The Taskbar and Dock list all running applications, the icon bar you refer to only lists iconified applications (conceptually, this is a significant difference).
“Note that, in 1985, a taskbar/dock is clearly visible on the first release of Windows …”
Give me a break. The task bar is simply un upside down menu!
WOW!
Dan
drsmithy wrote:
> * The Taskbar and Dock show windows, not applications.
Well, actually it is the opposite. Both of them show applications, not windows. Or rather, application instances (in the TaskBar, IE shows once per window, but Photoshop shows once no matter how many windows/documents open it has; in the Dock windows are only listed as drop down menus of application icons).
Well, actually it is the opposite. Both of them show applications, not windows. Or rather, application instances (in the TaskBar, IE shows once per window, but Photoshop shows once no matter how many windows/documents open it has; in the Dock windows are only listed as drop down menus of application icons).
Actually, we’re both wrong. I was a bit hasty in my initial response.
The Dock indicates running applications and minimised windows. Other document windows are also accessible from a right click. Expose has largely made its window switching ability (which was poor to begin with) redundant.
The Taskbar shows (or is supposed to show) “document windows” – note that not every document window is a new application instance.
There are still a lot of broken applications using the MDI interface paradigm (you identified Photoshop, Excel is another perpetrator) that capture individual document windows within a single application window. In this case, you just get an application button being shown. This is one of the big problems with Windows – it’s GUI is still stuck in transition from the old program-centric Windows 3.x GUI to the new document-centric Windows 9x GUI.
The Taskbar – as part of Win95’s “new” document-oriented UI – is supposed to show “documents”, not applications, that’s why new versions of Office that were released at the same time switched away from MDI (except for Excel (and maybe Access ?)).
In any event, the major conceptual difference I was trying to highlight is the iconified windows bar in that old screenshot only shows things that have been minimised, whereas the Taskbar shows all windows/applications all the time, regardless of whether the window is minimised, maximised, or something in between.
“This is as silly as your equating of window tiling and Expose.”
Well, I am not sure about your assertion, but at least we both seem to be interested in the same threads.
“Yes, in some very basic concepts both the Taskbar and the Dock resemble the first version of Windows, but both of them greatly expand on both capabilities and execution. Some differences that spring instantly to mind:
* The Taskbar and Dock show windows, not applications.”
You must be referring to the early Windows taskbar. It seems to show iconized applications.
“* The Dock is used to start applications (so can the Taskbar, if you consider Quicklaunch part of it).”
Wharf/docks/piers usually have icons that launch applications and sometimes have an “application swallowing” function. There are several types of taskbars. Not all contemporary taskbars are used to launch applications. In the wildly popular Fluxbox window manager, the default taskbar shows only iconized applications, or the focused application (it also gives date/time, current workspace, and a means for switching between workspaces). Try telling a Fluxbox freak that her taskbar is not a taskbar.
“* The Taskbar and Dock list all running applications, the icon bar you refer to only lists iconified applications (conceptually, this is a significant difference).”
Again, the Fluxbox taskbar shows only iconified applications or the focused application.
“The Taskbar – as part of Win95’s “new” document-oriented UI – is supposed to show “documents”, not applications, that’s why new versions of Office that were released at the same time switched away from MDI (except for Excel (and maybe Access ?)).”
I don’t know what the taskbar in Windows 95 is supposed to do, but in Windows 98, the taskbar shows loaded services, application launching icons, and running applications (and, of course, the start button and time).
“In any event, the major conceptual difference I was trying to highlight is the iconified windows bar in that old screenshot only shows things that have been minimised, whereas the Taskbar shows all windows/applications all the time, regardless of whether the window is minimised, maximised, or something in between.”
And again, the primary function of some taskbars is to hold ready iconified applications in a bar on the edge of the screen. The major point that I was trying to make is that the taskbar/dock was not invented by Apple/Steve Jobs. If you go back to the GUI timeline, you will see that Acorn had a taskbar with permanent buttons (the “Exit” button) one year before Next was released. It is likely that the other icons on the Acorn taskbar are there to launch applications, but since all the corresponding applications are opened, one can’t draw a conclusion from the screenshot. Even if the Acorn icons only show running applications, it is no great intellectual leap to realize that these icons could launch applications just like the exit button “launches” shutdown.
Like many other computer innovations, the taskbar/dock was already around before Apple/Jobs implemented it.
Lineages of the Windows task bar, NeXT Dock & OS X Dock…
As usual everyone has it wrong.
The silly claims that Windows originated the dock/task bar in 1985 are off the mark. Way back in the Stone Age, before Windows, before Macintosh, before NeXT Apple had the Lisa.
The Lisa predates all of this stuff and guess what? The Lisa had the first dock of all. That’s where NeXT got it (and where M$ got it’s 1985 copy)… as Jobs took the idea with him when Sculley ran a mutiny and shoved Jobs out of the door of Apple.
No matter how you cut it, the Dock and Task bar are ultimately derived from the Lisa’s dock. This means that Microsoft once again has copied an Apple innovation badly and the Wintel apologists are, as usual, trying to claim credit for someone else’s work.
So, what else is new?
“The silly claims that Windows originated the dock/task bar in 1985 are off the mark. Way back in the Stone Age, before Windows, before Macintosh, before NeXT Apple had the Lisa.”
You may want to visit the first page of the GUI timeline:
http://toastytech.com/guis/guitimeline2.html
As you can see, Lisa was released in 1983. The following year, MacIntosh, Visi On and Windows appeared.
However, Xerox premiered Alto in 1973, ten years before Lisa was released. Three Rivers put out Perq three years before Lisa and Xerox came back with Star two years before Lisa.
“The Lisa predates all of this stuff and guess what? The Lisa had the first dock of all.”
I don’t think so, my friend. Look at the screenshot of Lisa. Do you see a taskbar? I do see a row of icons near the bottom of the screen, but no taskbar. Rows of icons are also clearly visible in Star, two years prior to the release of Lisa.
In addition, do you see a taskbar on the MacIntosh screenshot? No way. I had an original MacIntosh in 1984 and 1985, and I never saw any taskbar.
“That’s where NeXT got it (and where M$ got it’s 1985 copy)… as Jobs took the idea with him when Sculley ran a mutiny and shoved Jobs out of the door of Apple.”
Jobs left in 1985, and Apple didn’t yet have a taskbar, but Windows did.
“No matter how you cut it, the Dock and Task bar are ultimately derived from the Lisa’s dock. This means that Microsoft once again has copied an Apple innovation badly and the Wintel apologists are, as usual, trying to claim credit for someone else’s work.”
Back to my original point: Some Apple followers cling to huge delusions on what was/was not invented by Apple/Jobs. By the way, did you know that Apple invented the color screen?
You must be referring to the early Windows taskbar. It seems to show iconized applications.
Given it was the subject of the comment I was replying to, that’s a reasonable assumption.
There are several types of taskbars.
I (quite obviously) wasn’t talking about “several types of taskbars”, I was talking about the Taskbar, which is part of the Windows GUI.
If it’s referred to as ‘the Taskbar”, it’s almost certainly the one in Windows. It’s just called ‘a taskbar’, it’s probably a generic use.
Not all contemporary taskbars are used to launch applications.
I never said they were. Indeed, I specifically pointed out the Taskbar only has this ability if you consider the Quicklaunch menu part of it.
In the wildly popular Fluxbox window manager, the default
“Wildly popular” ? By what definition of “popular” ?
taskbar shows only iconized applications, or the focused application (it also gives date/time, current workspace, and a means for switching between workspaces). Try telling a Fluxbox freak that her taskbar is not a taskbar.
I wouldn’t. I would, however, try and tell him it isn’t “the Taskbar”.
I don’t know what the taskbar in Windows 95 is supposed to do, but in Windows 98, the taskbar shows loaded services, application launching icons, and running applications (and, of course, the start button and time).
Not running applications, open application windows – there is a difference.
The major point that I was trying to make is that the taskbar/dock was not invented by Apple/Steve Jobs.
No one claimed it was.
Like many other computer innovations, the taskbar/dock was already around before Apple/Jobs implemented it.
You need to calm down and lay off your anti-Apple crusade. No-one said Apple invented the concept of a taskbar or a wharf/dock. All they said is that OS X’s Dock is derived from the one in NeXT, which is true (hardly surprising, since OS X is essentialy just the latest version of NeXT).
Realistically, OS X’s Dock and Windows’ Taskbar are alike only in very basic and simplistic terms (in the same way the Dock, Taskbar and a row of icons at the bottom of the screen in MacOS Classic might be considered alike). They act and are used in different ways.
“Rows of icons are also clearly visible in Star, two years prior to the release of Lisa.”
From someone who actually has seen a Star, and remembers it. Altough privitive, it had a task bar. ( and I was 13 when I saw it. )
LOOK AT AN ACTUAL SCREEN SHOT
http://www.digibarn.com/collections/systems/xerox-alto/
“””Apple, fed up with playing second string to Windows, has been taking its operating system from strength to strength.””
Dont call Quartz a strength. Its a PIG. The UI has glaring weaknesses, that even Andy Hertzfield, Macintosh creator has Criticized.
“Most detractors of the dock criticized the amount of space it occupied on the desktop, the way the dock could inadvertently obscure window controls (such as the window resize handle), and the way that it presented a “moving target”. Others claimed that it was trying to do too much when compared with the applications menu that it replaced. Another significant criticism was that icons in the dock could easily be confused, particularly when they were alike or even identical (as in the case of folders or drive icons or minimized windows).”
Is This a strength? According to Steven Jobs, its their greatest strength, according to UI experts and struggling users? Ask any novice.
Keepin it real.
Sniggles
Dont call Quartz a strength. Its a PIG. The UI has glaring weaknesses, that even Andy Hertzfield, Macintosh creator has Criticized.
Quartz is not the UI, it’s just the display system and while it is certainly not the zippiest thing in the world, considering what it does performance is tolerable.
“Most detractors of the dock criticized the amount of space it occupied on the desktop, the way the dock could inadvertently obscure window controls (such as the window resize handle), and the way that it presented a “moving target”. Others claimed that it was trying to do too much when compared with the applications menu that it replaced. Another significant criticism was that icons in the dock could easily be confused, particularly when they were alike or even identical (as in the case of folders or drive icons or minimized windows).”
Some of these issues have been fixed (or are user fixable). The user can resize the Dock (bigger is better for novices). Windows should never be “caught” behind the Dock unless the user has manually placed them there (and if he has done that, he can reverse the procedure).
The biggest problem, IMHO, is the “moving target” aspect – which can be mostly alleviated by anchoring the Dock to one corner (and is inherently inescapable in a dynamically changing UI object).
Similarly, the “everything looks the same” problem is difficult to get around and (every alternative I’ve seen has it), like OS X’s originally poor task switching paradigm built around the Dock, has been made largely irrelevant by Expose.
Personally I always considered the Taskbar functionally superior to the Dock. However, the development of Expose has made the things I found better with the Taskbar unimportant, because they are done better by Expose.