I love that months after leaving Apple they published a KB article I wrote several months prior to leaving.

Mac OS X, Mac OS X Server: How to mount a volume as read-only

While I’m taking note, here’s some others I forced through during my tenure:

• Mac OS X Server: NetBoot Clients Cannot Start Up From Server (NetBoot Troubleshooting)
• Mac OS X Server: About Inherit Permissions
• Mac OS X Server 10.2 and later: How to change default file permissions for the FTP service
• QuickTime Streaming Server and Darwin Streaming Server: iTunes Store Files Cannot Be Added to a Playlist
• Mac OS X Server 10.3: /var/spool/cups/tmp folder contains thousands of files
• Mac OS X Server 10.2: AFP is required to start Mac OS 9 NetBoot clients

Why does this admin authorization which is not root authorization let the installer run scripts as root, as Adam proved by a test package? Isn’t that a serious bug and security hole, as he claims?
Well, yes and no. The answer lies in a file called /etc/authorization. This is an XML file in property list format which defines the various rights a process can ask for when using the Authorization Framework, and defines a set of rules that are applied when this happens.
“Rainer Brockerhoff”:http://brockerhoff.net/bb/viewtopic.php?p=1973

Well, yes, but there’s a problem with that. As I noted in the article, I altered the /etc/authorization file to try and change the behavior and it did not change it. In fact, the authorization file says the user should be prompted and the user still isn’t. Installer is doing something inside itself to get around that, and that’s the problem. Apple actively went against their own security practices to make the product easier on novices at the expense of security, a very Microsoftian practice.

Translating this into a slightly less geeky form, this is the autorization right requested by the AuthorizationExecuteWithPrivileges() call, which is the one used by the Installer. It can be granted to users of the “admin” group, is granted automatically to the root user, and times out in 5 minutes. AuthorizationExecuteWithPrivileges(), in turn, is the system call to run a script as root; which is allowed for administrators, as we’ve seen.
“Rainer Brockerhoff”:http://brockerhoff.net/bb/viewtopic.php?p=1973

I don’t believe they’re even calling that function to gain root, honestly, because it follows the authorization file. It can’t not. They’re doing something else and I believe that’s a red herring here. There’s no way to call that function and have it not consult the database, so they’re doing something internal to get around it. Be that a SUID program somewhere or some private call, they’re getting around the clause in authorization that says the user needs a password.

More crap hanging out around the shuttle causes a delay in the landing.

I’m sorry, but no one’s launching a 78’ Corolla into space, why do we think the shuttles are fit for it? Scrap it, now. Get something a bit more modern up there. No, not flashy sci-fi craft running on Pentiums, but something at least from the early 90s would be a lot better than something that’s far, far outlived its time.

After spending some more time with iTunes 7.0, I’m of the feeling that this is what I’ve wanted iTunes to be all along. The new group view is easily now my favorite way to browse my media, especially my podcasts (which I can now download without killing the program, yay!).

Sadly, you can’t use the grouped art or Coverflow views from within the Podcast management section, nor can you do shuffle or repeat or anything else. There’s an easy solution: create a smart playlist where “Podcast is true” and then call it Podcasts. That’s your new iTunes-like podcast list, supporting groups and Coverflow and repeat/shuffle, etc. Much better.

While I balk at the use of the new interface elements and the flawed reasoning behind it, I must say that the interface redesign works well and I love it.

If you’re not iTunes 7-enabled, you need to get this one.

Apple’s finally created an iTunes that really embodies Apple’s media efforts with iTunes 7. Sometimes, as I poke through it, I see things that have been done that were on the back of my mind forever as flaws in iTunes. Then there are other times that I see a feature and just stare at how well it was done. Then, of course, it crashes.

The Good

Real Queued Downloads

This is the big one for me because podcasts were useless the way they were implemented previously. Before it just cycled the download in the HUD and that was … less than perfect. Pair that with the program locking up both an iBook G4 and a dual-core MacBook Pro with just downloading three or four items and you quickly start to look for another solution for getting your podcasts.

Now, however, there’s a full download manager in iTunes that handles podcasts, iTMS purchases, and even iPod software updates. Pretty much any time the program needs to get a file, it’s going to push it on the download queue and off it goes. It’s great, and it really shows that iTunes is becoming more of a complete media center than just a music player.

In fact, a lot of the things in iTunes 7 really promote the program from being a music player with crap tacked onto it at the last minute to being a complete media player that respects that it works with differing types of media.

iPod Management

Which brings me to the iPod management. The addition of the iPod preference pane in iTunes 6 was fairly welcome, but after using it for a while it became apparent that it was a solution to the problem in the strictest sense. It was clear that the actual implementation of the feature wasn’t the subject of endless meetings, but more that some manager said, “It’s a preference? Make it a preference pane. Shoo.”

So now when you pick an iPod, the main view switches to a new view that lets you configure everything about the iPod, including performing software updates for the iPod from within iTunes (finally).

Coverflow

Apple bought Coverflow and integrated it into iTunes 7. Not much to say outside of the fact that while I thought it was a cool idea, I was of the opinion that I would pretty much only use it if it was integrated into iTunes. Well, yeah. I love it.

Backup

Proper backup is built into iTunes now. It’s in the File menu as “Back Up to Disc…” and it creates a CD/DVD set out of your media (either everything or just purchased media). The really thoughtful part is that it allows for incremental backups, copying only media that was added or changed since the last backup. Nice.

Which is to say that Apple solved two problems with this:

• They will issue less freebies to idiots that didn’t backup because now iTunes does it for them.
• They have an unpaid backup solution for iTS media, rather than recommending .Mac Backup to everyone that wants such a feature.

Bravo.

The Bad

The interface for iTunes 7 will surely be the hot topic for many of the anal GUI reviewers out there. Personally, it’s a love-hate affair for me. I do like how it looks as a finished product, but it doesn’t make me feel like I’m using a Mac at all. It looks like the new iTunes Store does, right down to the scroll bars and buttons.

The only reason for this that I can put forth is that they needed one unified interface for both Mac, Windows, and the iTS and we thus have this new concept. It’s interesting, and it’s not entirely unusable, but it’s kind of annoying to have this iconic Mac application turned into a bastion of wishy-washy cross-platform interface design, from a place of pure principle.

So far I’ve run into the dark blue and gray versions of the following elements:

• Buttons
• Scroll bars
• Table headers
• Table views
• Pop-up menus
• Checkboxes
• Radios
• Sliders
• Tabs

It gets a little worse, however. Not only does Apple change these basic and fundamental interface elements in the main window, but it’s not consistant. None of the modal dialogs use any of these elements; they use the standard system widgets. The preferences dialog is completely lacking the new elements. Then there are the little ones, like how in the iPod settings there’s an overridden pop-up menu, but in the equalizer it’s an Aqua pop-up.

If you’re going to break a UI rule, break it consistantly. If you’re going to follow it, follow it all the time. Kind of a basic concept that they’ve missed out on just to look cool. Kind of sad.

Today, for $2,000, I can get a new computer with the following:

• 24” LCD screen
• Two 64-bit CPUs
• 1 GB RAM
• 250 GB SATA hard drive
• Dual-layer-burning DVD-ROM
• Wireless ethernet and Bluetooth.

In 1996, for $2,000, I could get:

• 2 GB hard drive

It’s really just not fair in some fashion, and, yet, completely cool.

Oh, yeah, there’s some new iMacs out. Suddenly a lot of the focus on 64-bit at WWDC (as evidenced in the public keynote…) makes sense now. With 64-bit units in granny’s hands, it makes a lot of sense to really ensure that code will run well on it.

I just got back to the hotel from the Stump the Experts “contest” at WWDC. Apple monkeys on stage, attendees on the floor, and each trying to stump the other with complicated questions. It was really quite entertaining. On the one hand you have the audience crying for fairness and on the stage you have a group of Apple employees, one of which is cutting the tails off ADB mice and tossing the body at winners (a “wireless ADB mouse”).

So I had a question I wanted to submit, but the session was drawing to a close and I didn’t get a chance to do it. Instead, I’m going to pose this question here as a contest for a free license to Notae to the first 25 people that answer it correctly.

What is the name of the pin on the back of the LCIII that was not enabled on the LCII?

The answer will be an initialism in all capital letters, no matter how you found it. That answer is the coupon code you use on the Notae order page to get your discount. Please be nice to the store’s servers and only try when you have an answer, ok?

I’m at the Moscone Center, sitting on the floor in a sea of geeks. It’s kind of like a developer refugee camp out here now. And I think I’ve seen five women and three hundred men. That’s another topic, though.

We are also about six feet from the Omni crew. That’s kind of cool. I’ll say hi in a bit.

Vista is quite obviously Tiger’s competition. The surprise comes when you realize that Leopard is coming out at the same time as Vista will be. Vista simply doesn’t stand a chance.

There was a lot of noise over Time Machine when it came out, and it deserves it if it behaves even half as well as demo seemed to indicate it would. Backup is a sore spot for Apple and it’s good to see that Apple’s coming out with something a little more than .Mac Backup or similar. The functionality, at first glace, seems to be on par with the ZFS rumors earlier this year, but the need for an additional hard drive or other storage medium would seem to put that to rest. No, it looks like they’re using kernel events and tracking filesystem changes and just copying the new file into the backup in the proper place. Still, it’s a very good use of the technology and I’m very happy that they’ve done it. The great part about it, really, is that they’ve made it accessible. Give the user the option of saying that this is the backup drive and then just leave them along with it and take over. That’s how to handle a Mac user, really. Sadly.

Well, I’m finally going to WWDC this year. After so many years of trying to land a full-time Mac programming job, it’s finally happened and now I have cause and means to get out there and see it all.

I’ll be at the various get-togethers as well, so if you see a waddling fat guy wearing a brown Duff Beer hat, say hi.

The sessions look great this year, and I have it on authority that there are some very amazing little announcements coming out at WWDC, but, of course, the person could not be specific (nor would I ask that, having worked there). But we’ll all know Monday anyway, so there’s no sense in caring right now when we can just sit tight, eh?