Posts by Ian Joyner

Re: No, you didn't tell us

>>It is a live court case, thus publications must be very careful not to be prejudicial.<<

That is a good point, but Reg didn't explain what the accusations are in the same way the other sites have made clear.

Re: Apple excels in iterative technical improvements, and marketing

>>You are correct in that Apple is a technical marketing company more than a technical innovator.<<

That statement is completely wrong. Rest of what you say doesn't make much sense either. Fingerprint reader on the back - but Apple forces it to be on the front (where it makes more sense) - I don't think so.

Re: Apple excels in iterative technical improvements, and marketing

Yes, Apple do iterative improvements really well. But they have also done the great leaps forward as well. These are - by nature - further in between. This is not just marketing - in fact, the ultimate marketing is to build excellence in products and then sell them. Most others just go into marketing mode to sell shoddy products. Samsung has become the ultimate case in point. Recently in Asia, I noted Samsung banners hung all over airports and just about every street corner. Apple subtly have a few Apple logos.

Apple have quite often picked up on what others have done, but made it useful - like WiFi (invented where I work). Xerox PARC stuff - well Apple were also doing similar, but actually got what PARC was doing while others - including Xerox management - missed it. If it weren't for Apple, we'd all still be doing CLI and MS-DOS - ugh!

Re: Bah!

>>Of course they'll need to able to drive - I guess it will be years before self-driving cars become trully autonomous<<

Well, in future I'm going to ask any one I give a lift to whether they can drive or not. 'Can't drive - you're out of luck, can't come in my car'.

>>You must be having a laugh now. The one thing we know is that bugs exist<<

No laugh at all. Yes bugs exist - they can be exploited, but when we find an exploit, we patch to close that hole. That is reactive security.

I've already posted this link for someone else, but please go and read and digest and thoroughly understand the axiomatic approach to system design and programming:

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

Proactive security says we put security into the system to begin with. We think about it and build systems accordingly.

What you are suggesting is to give up altogether and just resort to reactive security. Both approaches are needed.

Many attacks use well-known mechanisms - the main one is a typical C and low-level machine defect - allowing writes beyond an end of buffer. This can also be used to subvert the stack. We can design machines where this is just not allowed and a whole large category of attacks goes away. Thus we should check that a process or data structure only reads and writes into the memory that it was allocated - bounds checking.

Most people who consider themselves software designers and programmers have a hard time understanding this. They think it is just the natural order of things. Well, it's not. In networked systems and systems with many interacting processes being in security a priori is essential, otherwise we are continuing to react to things.

So if computer people find this hard to understand - how can we expect end users to be this sophisticated. Although, it is often true that explaining such things is easier to someone with no knowledge than to those who think they have knowledge.

Software verification (against bugs and defects) is closely related to security. Having machines with bounds checking, and checks for other breaches benefits both software correctness and security.

Re: Bah!

Chemist: "You miss the point. Any group of people using a particular technology need some in-depth knowledge to use it safely. I did, by the way, include driving a car which is a near ubiquitous 'skill' which in most places requires examination."

No, I don't miss the point at all. The point was wrong. Now we are close to having self-driving cars. What you are saying is that passengers in such a car should not only know how to drive that car, but be experts in mechanics as well.

Chemist:" I don't expect the average user to be a security expert just to have an awareness of the basics od on-line safety. You certainly can't expect the technology to cope with all the diversity of attacks from the sophisticated to the banal."

That is exactly what I expect the technology to do. We can program computers to do anything - why not stop security attacks - or better still, make the systems strong in the first place. Hacks are very, very sophisticated. We must design systems that protect the user. How do you expect the user "to cope with all the diversity of attacks from the sophisticated to the banal." It is much better to expect the technology to do that.

Chemist: "On the other hand if you want to do something more unusual, but still reasonable, like give yourself access to your home network from outside then you do need to understand what you're doing or take advice."

OK, that almost makes sense. But at the right level of abstraction. Users need to know to set passwords, etc. But maybe other authentication factors are required, like fingerprints, etc that the system prompts them for. This must be built into the technology.

Re: Bah!

Richard Plinston: "Then you don't understand what is meant by the term 'general purpose computer'. You want to have systems that are rigidly 'special purpose' and anything not specifically allowed by the 'designer' should be considered 'incorrect' and thus not allowed."

I certainly understand what is meant by 'general-purpose computer' and Universal Turning Machine. Yes, something without constraints you can do anything with - but it is exactly that power that makes them completely useless. To put other useful machines on top, you define the constraints that make them into those other machines. I suggest you read Roy Fielding's thesis which starts with the null architecture - no constraints and introduces constraints until we arrive at a useful paradigm.

https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf

Also read Tony Hoare's writings on axiomatic programming. Here's one:

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

I'll repeat - what is correct and incorrect is decided by the system designer - that is the whole basis of computer systems design.

Re: Bah!

Chemist: "The point is that it is necessary however much you'd like it not to be. I don't think I'd be too happy with an unskilled bus/car/train driver."

Altogether different. Passengers on the train don't need to train as a train driver in order to catch the train. So why should computer end users be required to be trained in computer science, or programming, or unix systems admin in order to use a computer. They don't.

That is abstraction - you don't need to know the details of lower layers.

Of course all users need some kind of knowledge, they do need to know some basic security practices. But even us 'experts' in security know it is much to big a subject to know everything. It is negligent on the part of systems vendors to not build security into their systems but to say the user must know what they are doing. That attitude should soon be seen as criminally negligent.

Re: Bah!

Chemist: "Computers are now widely abused because we don't demand that end users need education to run systems correctly."

Well, either computers can be used by everyone or reserved for some high priesthood with special powers.

How much education should end users need? I do my bit for educating computer scientists, but the whole point is they learn abstraction - that is don't pass on the details to upper levels.

While I encourage people to understand all levels of computing, it should not be necessary - and if it is, we have not done our jobs properly.

Yes, we can educate users to some level - do backups, etc. But we should not depend on that, or them to do it, and then go 'oh, it was the user's fault'. That is blaming the victim.

Re: Bah!

Richard Plinston: "Who is it that defines what is 'incorrect' ?"

What is correct and incorrect is decided by the system designer. Is is related to GIGO - Garbage In, Garbage Out - except we'd rather trap the garbage in and not do the computation.

This a very very important design step in any system. Define the constraints and the axioms (rules) by which the system works. It is essential documentation for understanding the system. Most programmers know of such axioms for correctness as preconditions and postconditions or assertions.

This is fundamental to software correctness and well designed systems.

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

If you haven't decided what is incorrect and conversely correct, you don't really have a system design.

Re: Bah!

"End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

What's this about Apple "testing all the apps" hmm? Just 3 of a huge many rather untrustworthy places that have software for Macs"

Yes, you are right - my comments were about iOS, not about Macs. I was replying a bit out of context on that count. I don't know if I'd support MacOS going to the same strict controls as iOS.

Re: Bah!

"Wot, like Macs having default admin:password login for the shell (maybe even no password, just ssh root@ip being enough, ICBRIW), having NOTHING in the GUI to change that, having SSH open by default (so all one needed was the IP and ability to use ssh)*"

Sounds like you have not tested it since 2008. At one point there was no root UC. I have not heard that they brought it back.

"Er, I'm pretty sure you can download and install OSX (anyversion) for free"

Yes, but the cost of the system is the software. That software does not come for free. It is built into to cost of the box you buy. So while you might get the software installed originally for free, and get free upgrades, that has little to do with the actual cost.

Re: Bah!

'Linux distro makers test the 'apps' for them and puts these in the repository - so really, end users are doubly protected.'

Not sure what you mean here. Linux distributions test Linux and apps in the base release, but I don't think apps in general.

Re: Bah!

"Are you really suggesting that using a Pi properly is in any way riskier than anything else *?"

Yes. The Pi is meant for playing around or research into future systems. It is a good and cheap platform for that, but don't expect too much of it.

"No computer is likely to be 'safe' when used incorrectly."

That is why well-designed systems come with built in checks to make sure you don't use them incorrectly. So yes, you can attempt to do incorrect things and be stopped. The quicker you are stopped the better.

"Connecting your system to the internet requires some knowledge - education is necessary to discourage naive users from doing so."

That is the wrong approach. Computers are now widely used because we don't demand that end users need education to run systems correctly. Why should 'naive' users not use the Internet? That is exactly what they should do - the onus is on the system providers to make sure their systems are safe - at least as safe as possible.

On the other hand, I think it is the naivety of the software community that we should be wary of in their 'trust the programmer' attitudes. No you can't trust programmers - that is naive.

Re: Bah!

>>"There are technical reasons why the Unix used on Mac is more secure than Linux."

Care to enumerate ?<<

Yes, Linux trades off security for speed. IPC is the critical factor in security. For speed, Linux allows processes to communicate directly. In MacOS, based on Darwin with the Mach Kernel, all IPC is by default brokered through Mach and checked. Apple has some exceptions for speed. But they are the exceptions - in Linux they are the norm.

Now that is not a bad thing, but in Linux you must manage and ensure your system is protected. That is alright for servers where professionals run them and are carefully about what gets installed. End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

You did not ask about why I should say "There are quality reasons why Mac is more secure than Windows" - I guess that one is obvious!

Re: Bah!

There are technical reasons why the Unix used on Mac is more secure than Linux.

There are quality reasons why Mac is more secure than Windows.

There are enough people with malicious intent toward Apple and its users to mount attacks - but they go for the low-hanging fruit. Apple's response to any breach would be quick.

Now playing around with Pi is great for hobbyists and nice a cheap. You can load Linux on it. But keep it off the net and don't use it for serious work where you need security.

The cost of a computer system is not the hardware - it is the software. People think they can get that for free, but won't get the protection. You get what you pay for. Software and end-user requirements should be the drivers of the industry - not hardware and prices.

Re: Whatever the reason given - it's bollocks

>>And just where did you get this information that that's what they did (altering blocks in free space) from?

I've not seen that anywhere and afaik you are just speculating out your ***

It almost sounds like you work for Apple and just want to cover their butt<<

Now which Anonymous Coward is writing? Look at:

http://www.zdnet.com/article/wwdc-2017-what-we-learned-about-apples-new-file-system-on-macos/

under cloning.

Also:

https://en.wikipedia.org/wiki/Apple_File_System

Re: Where did it put all the data?

>>No, I've just re-read it and it doesn't mention anything about user data just that the file system was updated and rolled back twice then updated.

Maybe it was done on the fly but that would be quite dangerous in my opinion.<<

Well, your opinion doesn't count for much. This was obviously not just someone at Apple waking up one morning and saying "I think we'll change the file system today". No it has obviously been a very carefully thought out process.

Had they not done that final dry-run test, you would have been saying they did a dangerous file system upgrade without sufficient testing.

Re: I value my data, my phone, and my time

>>Yeah, that's the problem right there: "As far as I know". The issue is that you do not know, and neither does Apple. You NEVER assume people have made a backup,<<

Well, you are again showing your ignorance of how this works. I said as far as I know because the default working is you connect your iPhone to your Mac (just come into its proximity), iTunes starts up backups and syncs for you. You seem to assume the user must do the backup.

My hesitancy in saying this always happens is that iPhones can be bought in Windows environments and I have not researched all the different ways of doing that.

Anyway, this all happened way back in March. Register and its cult-following knockers here like you are just making a non point anyway.

Re: Why are they changing the FS anyway?

>>Why are they changing the FS anyway?

Is it because the current FS doesn't have enough backdoors to allow the NSA quick enough access to data on a perp's phone?

I think we should be told....<<

I can't give you a straight answer to the second question. But let's consider that Apple stood up to the FBI to protect user data. APFS is being introduced with encryption baked in, not put on top of as in previous FS. So I think this is more about removing backdoors.

As to the first question, a bit of history. Originally there as Apple DOS on the Apple II. On Macintosh (I don't remember what it was on Lisa, perhaps that can be research for others), Apple introduced HFS - Hierarchichal File System. They also dumped the old 5.25" floppies in favour of the 3.5" hard cover floppies. Howls of outcry from the anti-Apple people about that - "those 3.5" disks are not real disks", even though they were in all ways superior - hard cover, much more difficult to finger surface, more storage capacity.

Then when disks became larger and internal hard drives, so HFS+ was introduced (I could look up dates, but around 25 years ago). People became more sensitive about data on disks, since even once junked data could be read - so file encryption was introduced on top of HFS+. This is now called FileVault.

Now its time for a change - not a gratuitous change but changes for the good reason that security is now much more important (logical reasons) and disks have gone from 20 MB to several terabytes (physical reasons). Then there is flash and hybrid storage. Time to address these new factors. In fact, it was time for a change around ten years ago. It looked like Apple was going to adopt ZFS, but for reasons which I don't know that didn't work out.

https://en.wikipedia.org/wiki/ZFS

https://arstechnica.com/apple/2016/06/zfs-the-other-new-apple-file-system-that-almost-was-until-it-wasnt/

So ZFS didn't happen.

I'll mention a computing fundamental here, since it came up in my comment about hybrid (fusion) flash (solid state) and spinning disk (moving) drives. That is as far as programmers and users see their is just one level of storage. It is the job of the system (and system programmers) to provide this abstraction of single level of storage. The key to hardware speed is to keep data as close to the processor as possible, but the fetching should not be seen by higher-level programmers. This is the principle of a Turing machine. Any memory storage levels are implementation detail and add nothing to the power or computability of a system. We see Apple moving towards this in several levels. As mentioned, the hybrid drives where the system will automatically get data from a fast flash drive or from a slower hard disk. But not only that - have you ever thought where the "save" menu went in iOS?

That is Apple changing to the paradigm of the user just works on a document - safe storage is done, including writing up to iCloud for backup and sharing. So there are some other factors - HFS was not developed for cloud storage and backup. Bake those in and make file handling much faster. Now I'll admit, iCloud drives me crazy sometimes - partly because I don't believe it is perfected yet, but partly because as an old timer, I feel like I should be manually doing this.

Enter APFS. Again Apple ends up doing things for themselves after attempting to get others to participate (Adobe Flash comes to mind). So why not address a whole bunch of issues at once, bake in security at the lowest levels (where it should be according to Rik Ferguson). Here is a whole lot of reading on this subject:

https://medium.learningbyshipping.com/wwdc-2017-some-thoughts-3ff3230cdd58

http://www.cultofmac.com/435718/apfs-new-apple-file-system/

https://en.wikipedia.org/wiki/Apple_File_System

http://www.zdnet.com/article/wwdc-2017-what-we-learned-about-apples-new-file-system-on-macos/

https://www.theverge.com/2017/3/27/15076244/apple-file-system-apfs-ios-10-3-features

I'll also note that since the upgrade to APFS was already done in March for iOS 10.3, this is rather old news. It is done, complete, and it worked. As I said in another thread, Apple have pulled off an amazing engineering feat. Register is well behind the times on this.

Re: Most incredible feat of software development - ever

>>"Thus when Apple eventually releases APFS as an initial release, it will still be a test. The previous testing must be to show there is as little possibility as possible. That is exactly what Apple have done. They have now tested the installation and update process."

I'm really glad there is as little possibility as possible.

Does that also mean that there is as little probability as probable?

What if I want possibility though?<<

Possibility of what? That there are unforeseen problems? No, testing is to remove as many problems as possible. Apple's testing in this has been amazing.

It seems you Anonymous Cowards do not know the fundamental tenet of testing. Here it is as stated by Edsger Dijkstra:

"Program testing can be used to show the presence of bugs, but never to show their absence!"

https://en.wikiquote.org/wiki/Edsger_W._Dijkstra

But that is not saying don't do testing. No do it very thoroughly. That is exactly what Apple has done, and I'm sure along with the many other software verification techniques of Dijkstra, Hoare, Jean-Raymond Abrial, Bertrand Meyer, which sadly most of the software development community ignores.

Re: @TonyJ

>>Apple's shoinky practices out for what they are.<<

No - go and read my other posts - this is the complete opposite of shonky practices.

Scamscum - lack of testing, rushing product to market. Exploding washing machines, Note 7, failure to reregister a domain exposing many to hacks.

Where do you think Scamscum and Google got what you claim is a more intuitive interface from - Apple.

Re: I say "Well done Apple."

>>No, you don't understand testing. This was to protect people's data. It is quite the reverse of what you make out. Apple's testing here is minimising the risk. That's what testing does.

I hope that's sarcasm.

The way to do testing is to do it with your own equipment and data first, before risking any customer data.<<

No it's not sarcasm at all. What makes you think Apple would not have tested the hell out of this first before trying their live test. The fact they did this live test shows how deep and careful their testing has been at all levels. Yes, there are beta testers for APFS. Testing the update live would have been the last step in a very long testing process.

That is brilliant. So to all you Anonymous Cowards out there (and I never know which particular individual I am replying to, so can't see the thought processes in your logic - I should say faulty logic), stop being blinded by your own negativity towards Apple.

Had they not done this test, you would probably be criticising them for not doing it - except you would have known nothing about it.

Re: I say "Well done Apple."

"apparent disregard for peoples' data put at risk by this masterful piece of hubris on Apple's part."

No, you don't understand testing. This was to protect people's data. It is quite the reverse of what you make out. Apple's testing here is minimising the risk. That's what testing does.

Re: no no no no no no no, Apple

"I rather despise most of Apple's business practices but this isn't one of them."

What do you despise and why?

Re: Most incredible feat of software development - ever

"it's some sort of bizarre religion that must be defended (that's just weird)"

Please don't make silly comments about 'bizarre religion'. This is a technical discussion and I made technical points.

"but I'm not happy with users being used as test platform without their knowledge. That's not right in my book."

Any software release is using users as a test platform. Testing never proves the absence of bugs. Anyone who has worked in software development knows that there is still the possibility of really obscure conditions.

Thus when Apple eventually releases APFS as an initial release, it will still be a test. The previous testing must be to show there is as little possibility as possible. That is exactly what Apple have done. They have now tested the installation and update process.

It is a good thing that Apple have attempted such a test. As far as I know it is novel. Expect much more of this kind of testing in the future.

"I'm terribly sorry that we doubted your God, oh wise user. Now go and grow a clue"

Did you actually bother to read what I said - or even to find out who I was by doing some web searches? No, so don't make stupid comments and think about what is going on here.

Note I don't post as "anonymous coward" as you do, so people can find out what I have said elsewhere.

Re: I value my data, my phone, and my time

"The problem is that a bug could have left you with a need to restore the phone from backup, and not all people have a backup to start with. It was IMHO a big risk to take without the user's knowledge - I'd restrict that to people who have willingly signed up to be beta testers."

This was not a beta test. Beta testing is to check that a system works with your software or in your environment. Users were not being asked to do this. As far as I know all iPxxxs are backed up to iTunes. All devices were restored to a non-APFS file system. Apple would have carefully tested this and evaluated the risks beforehand. There seem to have been no complaints.

Re: Other than it taking a bit longer to update

"Was it right for Apple to use users as a guinea pig? No. I think that should at best have been restricted to beta test users who have at least knowingly opted for the risk and would have been a bit more bug-tolerant"

But they weren't asking the users to be beta testers since they restored all systems to not be using APFS. They are not using people as guinea pigs - rather the opposite. They are reducing the risk that things might go wrong when APFS goes live.

Re: When have a billion filesystems ever been upgraded without permission before?

>>Using people as filesystem guinea pigs is the worst thing you can do in terms of data integrity<<

At some stage they need to update to the new file system. The worst thing they can do is just install it and then find a whole lot of the user base has something strange that stops it working. That is the worst thing they can do is not test it.

This is probably the best thing they can do and must be the biggest test in the history of the industry.

Instead of the Register's spin and criticism here, Apple should be commended for doing such an extensive test.

Re: @SuccessCase

>>In fact, can anyone think of a company they appear to actually like?<<

With all the problems Scamscum have had, very rarely do Reg post a critical article, let alone an article at all. Reg always loving refers to Scamscum as "Sammy", but usually to Apple in derisive terms.

>>Security is one issue.

Another is modifying previously reviewed Apps to do something different than expected<<

Security and correctness are very closely related topics.