OS X Security Defaults WTF



  • So I just got a new MacBook Air. To lay the foundation here, I was a long-time Apple user up until version 10.4 (I think...) at which point the annoyance at the direction Apple was taking things, combined with my super-expensive PPC hardware being quickly made obsolete by the Intel switch, I bought a Windows laptop, put my PPC box in the closet and went to Windows full-time. Recently, I got a hold of a decent discount on Apple hardware at the same time I was looking at a new laptop, and since Apple stuff can run Windows now (and, to be fair, their hardware is really damned nice), I figured there's little to lose.

    I'm setting up it, and I go through the motions of putting in my name, account name, email and password for Apple support, etc. It finishes, boots into the OS and I'm relieved to see they didn't load up the SSD with stupid crap like Garageband or whatever they're shilling now. But after rebooting it the first time, I realized that the thing didn't ask my password! It just booted right into my account.

    WTF 1: OS X defaults to "auto-login"

    I go to the Control Panel to find and change this setting. Foolishly believing it to be in Security, I notice that there's a checkbox for asking a password when the computer wakes from sleep/screensaver-- and it's off. This makes sense, since auto-login is on. So I check the box, set the timer to 5 seconds (it's kind of nice that you can select the 'lax time' before it asks you), and try rebooting again... still no login screen. Now, however, when the laptop goes into sleep mode, it *does* ask me to supply a password to wake it back up.

    In this crazy configuration, if a goon steals my MacBook he can do whatever he wants to my user account-- as long as he never lets it go into sleep mode! But thankfully if he accidentally lets it go into sleep mode, all he has to do is reboot it and he has full access again. It makes... no sense at all, why is this configuration even possible?

    WTF 2: Turning on "ask password on wake" doesn't also turn off "auto-login"

    So I go into the Security control panel again and start clicking around trying to figure out how the blazes to turn off "auto-login". The third tab is Firewall, which defaults to... off! I talked to my Mac-loving friend (who actually works for Apple) and he told me that it's off by default because it can "cause issues." That's possibly the weakest excuse I've ever heard.

    WTF 3: OS X ships with the firewall off by default

    My friend also pointed me to the correct place to turn off "auto-login", it's actually in the Accounts control panel.

    And now the petty usability WTF:

    WTF 4: The bright arrow indicator that an app is running is now a nearly-invisible tiny glint of blue

    That wasted about 5 minutes of my time trying to figure out why the holy crap I couldn't remove Safari from the taskbar. You can't remove applications from the taskbar while they're running, but there's no indication of that when you're dragging the icon-- the little cloud icon still appears (and isn't X-ed out or anything), and there's nothing to indicate *why* you can't remove the item. I'm pretty sure this was a problem in 10.4 also, but at least 10.4 made it blatantly obvious which applications were running and which were just pinned. One of the reasons I left OS X is because the taskbar ("Dock" to use Apple-speak) was so badly-designed and unusuable... good to see that hasn't changed. ūüėě



  • ¬†@blakeyrat said:

    That wasted about 5 minutes of my time trying to figure out why the holy crap I couldn't remove Safari from the taskbar.


    Yeah i've had that one too.  I also find the iTunes default setting that actually copies music from my NAS to local storage without asking me to be a very poor effort too.

    I used OSX for a couple of weeks here at work(my first time since 10.4 as well) and was kind of surprised by how often it crashed and how poor a lot of the UI and UX is.  

    I'm not sure where the reputation for 'just working' and nice interfaces comes from, I'm not saying it's bad, it's just that the way people talk about it i was expecting it to be awesome, easy and bug free.  I find Ubuntu runs great on an iMac so that's probably the way to go if you get sick of OSX.



  • @JesusChrist said:

    I'm not sure where the reputation for 'just working' and nice interfaces comes from, I'm not saying it's bad, it's just that the way people talk about it i was expecting it to be awesome, easy and bug free.  I find Ubuntu runs great on an iMac so that's probably the way to go if you get sick of OSX.

    I have a Windows 7 license sitting around and I understand (from possibly-unreliable Apple-loving friends) that it'll install and work just fine on it, so if I get sick of OS X I'll be going that route. Thanks though.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    I have a Windows 7 license sitting around and I understand (from possibly-unreliable Apple-loving friends) that it'll install and work just fine on it, so if I get sick of OS X I'll be going that route. Thanks though.
    It will, but only alongside OSX unless you want to do some rather severe customization (Install Windows the "approved" way, and then obliterate the OSX partition's contents, resize it WAY down, and expand the Windows partition to fill) - and the Apple-supplied tools to partition the drive will only do a maximum split of 50/50 (forcing the bigger partition to be the OSX one) - meaning your tiny SSD just got even fucking tinier.



  • @JesusChrist said:

    I'm not sure where the reputation for 'just working' and nice interfaces comes from, I'm not saying it's bad, it's just that the way people talk about it i was expecting it to be awesome, easy and bug free.

    Wait, are you saying that they might not have made Qucktime for Windows a steaming pile of shit on purpose?



  • @blakeyrat

    Not for nothing, you're a pretty good writer, dude.



  • @blakeyrat said:

    WTF 1: OS X defaults to "auto-login"
     

    Is this not how Vista and 7 operate as well? It's how XP operates by default, in any case.So, I think this is a case of making the observation but not the point. You mean to say that this bad in the absolute sense or bad compared to Windows?

    @blakeyrat said:

    WTF 4: The bright arrow indicator that an app is running is now a nearly-invisible tiny glint of blue

    I can has screenshot? I'd like to see what is considered tiny. I found the tiny black arrow to be a WTF as well, in my experience -- which is something no more recent than Tiger or something.



  • @dhromed said:

    @blakeyrat said:

    WTF 1: OS X defaults to "auto-login"
     

    Is this not how Vista and 7 operate as well? It's how XP operates by default, in any case.So, I think this is a case of making the observation but not the point. You mean to say that this bad in the absolute sense or bad compared to Windows?

    @blakeyrat said:

    WTF 4: The bright arrow indicator that an app is running is now a nearly-invisible tiny glint of blue

    I can has screenshot? I'd like to see what is considered tiny. I found the tiny black arrow to be a WTF as well, in my experience -- which is something no more recent than Tiger or something.

    In my experience with it, it only defaulted to "auto-login" if there was only one user account created at setup, and no password was assigned to that account.



  • @dhromed said:

    Is this not how Vista and 7 operate as well? It's how XP operates by default, in any case.

    XP came out in 2001. Vista and Windows 7 require login by default. If this version of OS X came out in 2001, I might... might... give it a pass. But it didn't and I ain't. (Also I'm pretty sure XP SP2 requires a login by default, but I'd have to check to be sure.)

    @dhromed said:

    You mean to say that this bad in the absolute sense or bad compared to Windows?

    Both?

    Think about it-- is this how you want your computer to work? Is this how you want your computer-ignorant friend's computer, the one he keeps all his most important photos and business files on, the one you support when he has problems with it, to work?

    @dhromed said:

    I can has screenshot? I'd like to see what is considered tiny.

    Ok.

    WTF 5: Finder can connect to FTP servers, but only in read-only mode

    So I hope you appreciate the amount of effort I had to go through just now to get a fucking screenshot on my web server. Also, it looks huge on the screenshot, which kind of makes me look like an idiot, but trust me... on the laptop itself, surrounded with aluminum and inside that goofy reflective effect, it's really hard to make out. But oh well, here:

    While we're talking about "things Windows did a decade ago that OS X can't", how about this one: OS X has no native notification system. You know, the thing Microsoft perfected in Windows 98? Doesn't exist in OS X. Instead, all apps that require notifications install a *third-party* notification system called "Growl".

    WTF 5: Growl



  • @DescentJS said:

    In my experience with it, it only defaulted to "auto-login" if there was only one user account created at setup, and no password was assigned to that account.

    Two points:

    1) It's obvious I created a password for the account, because I turned on "ask for password when waking from sleep" and it worked. So that doesn't apply here.

    2) It's possible that MacBook Air's use a different setup process than other Apple computers. For example, my setup didn't give me an option to create more than one account, and your comment implies that some do.



  • @blakeyrat said:

    @DescentJS said:
    In my experience with it, it only defaulted to "auto-login" if there was only one user account created at setup, and no password was assigned to that account.

    Two points:

    1) It's obvious I created a password for the account, because I turned on "ask for password when waking from sleep" and it worked. So that doesn't apply here.

    2) It's possible that MacBook Air's use a different setup process than other Apple computers. For example, my setup didn't give me an option to create more than one account, and your comment implies that some do.

    Just FYI, he was talking about Windows 7/Vista, not OS X.



  • @blakeyrat said:

    WTF 5: Finder can connect to FTP servers, but only in read-only mode
    That's cos they want you to pay for a proper program. Remember that this is how Apple works - constantly trying to drive business towards developers who write programs for their platform. FWIW, you can upload using the command line FTP client;
    applications - utilities - terminal
    ftp -n foo.bar.com (think I got the switches right...)

    use "cd" and "lcd" to change remote and local directories, then "put foo.jpg" to upload. Long way around, I know, but it is there by default. Or you can just grab a free program like Filezilla.



  • @DescentJS said:

    @dhromed said:

    @blakeyrat said:

    WTF 1: OS X defaults to "auto-login"
     

    Is this not how Vista and 7 operate as well? It's how XP operates by default, in any case.So, I think this is a case of making the observation but not the point. You mean to say that this bad in the absolute sense or bad compared to Windows?

    In my experience with it, it only defaulted to "auto-login" if there was only one user account created at setup, and no password was assigned to that account.

    Yes, Windows doesn't ask for a password when a user account doesn't have a password set (well, obviously). And if there is only one user available, it will automatically log in that user (saving you a meaningless click). If you have several accounts, you have to choose your user, but if they don't have passwords then it's not really more secure than auto-login.

    But wait, there's more! Even if you have a password set you can still make Windows use auto-login by running netplwiz.exe. Why would you have a password set and then not use it for logging in? Well, Windows network sharing works so much better if you have passwords set. There might be other reasons too but this is the way I have my home desktop computer set up. My laptop, on the other hand, does not use auto-login because it's more likely to be stolen (I also use it much less often).



  • I've been a Mac OSX user for a couple of months now and actually very happy with it. Yes, of course, it needed some configuration and I, too, disabled the auto login. But all those "WTF"s don't make much sense in my opinion.

    @blakeyrat said:

    In this crazy configuration, if a goon steals my MacBook he can do whatever he wants to my user account-- as long as he never lets it go into sleep mode! But thankfully if he accidentally lets it go into sleep mode, all he has to do is reboot it and he has full access again. It makes... no sense at all, why is this configuration even possible?

    I'm not bothered to reply to everything, but let me at least reply to this. A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it. True, not anyone can do that, you'd need some knowledge on computers, but it's not really rocket science either. Well, of course it does improve security somewhat to get a password: as long as you're near your computer people won't be able to just boot it up for fun when you're off to the loo.

    Now why would you want a password on the screensaver but not on login? For securing your current session, of course! All the programs you have open in memory will be gone when the person reboots your computer to get into your account. Your truecrypt session? Gone! No way for them to access the truecrypt session again! No way to see that you were looking at gay porn at the time (assuming you used private browsing and there's no bug in there)! Okay, you'll get my point.

    So the files that are actually safe - in memory only - remain safe. I even believe Mac OSx uses encryption for the swap space. I'm not sure about the algorithms and how this works, but I assume that it makes it impossible for someone to read the old memory after shutting down the computer at all. I wonder if other systems do the same thing? Do Windows and Linux encrypt their swap?

    But if you stop to think bout it, it does make sense to have a password on your screensaver but not on logon.



  • @dhromed said:

    Is this not how Vista and 7 operate as well? It's how XP operates by default, in any case.
    Only if you don't set the password. The XP OOBE wizard doesn't ask you for one, but if you set it through the User accounts control panel, it'll require one to log on (Vista and 7 ask you for password just after you choose an account name for yourself, though you can leave it blank).



  • @blakeyrat said:

    ...

    WTF 0: You bought an Apple product expecting it to be something other than overpriced shit.

    That makes TRWTF you.



  • @TarquinWJ said:

    @blakeyrat said:
    WTF 5: Finder can connect to FTP servers, but only in read-only mode
    That's cos they want you to pay for a proper program. Remember that this is how Apple works - constantly trying to drive business towards developers who write programs for their platform. FWIW, you can upload using the command line FTP client;
    applications - utilities - terminal
    ftp -n foo.bar.com (think I got the switches right...)

    use "cd" and "lcd" to change remote and local directories, then "put foo.jpg" to upload. Long way around, I know, but it is there by default. Or you can just grab a free program like Filezilla.

     Or Cyberduck, which is a very sleek OS X-native open source FTP app.

    When did they stop enabling the firewall by default, though?  That was one of OS X's selling points for me a few years back -- especially for malware-prone computer-novice relatives.



  • Ohohoho, you haven't seen that you can reset any OS X machine's user account passwords without knowing them merely by owning an installation disc.



  • @nexekho said:

    Ohohoho, you haven't seen that you can reset any OS X machine's user account passwords without knowing them merely by owning an installation disc.

    An admin user can be easily created on xp machine with a bootable device, such as the xp installation cd and a bit of know how.  This user will then be able to see anything not encrypted so...

     



  • Mega-post!

    @Shondoit said:

    FYI, he was talking about Windows 7/Vista, not OS X.

    Oops, sorry.

    @TarquinWJ said:

    That's cos they want you to pay for a proper program. Remember that this is how Apple works - constantly trying to drive business towards developers who write programs for their platform.

    I'm sure you're right, but... how pathetic! I'd love to see an article on MacRumors or some other big Apple fan site that just has a down-to-Earth feature grid comparison, instead of gushing over shiny stuff.

    OS X isn't that bad, what's annoying to me is that I left the platform half a decade ago. I come back and everything's the exact same! It's still missing the same features, it still has the same crappy taskbar and Finder... the biggest difference is that now it's not competing with the (relatively) shitty XP, it's competing with the (really stellar) Windows 7.

    @SlyEcho said:

    Yes, Windows doesn't ask for a password when a user account doesn't have a password set (well, obviously). And if there is only one user available, it will automatically log in that user (saving you a meaningless click). If you have several accounts, you have to choose your user, but if they don't have passwords then it's not really more secure than auto-login.

    The difference is that OS X will auto-login even if I do set a password. In fact, it basically behaves as if the only reason I set the password was to authorize system changes using their version of Run As/Sudo/UAC/whatever. Other than that, it never asked me for my password for anything.

    @SlyEcho said:

    I'm not bothered to reply to everything, but let me at least reply to this. A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it. True, not anyone can do that, you'd need some knowledge on computers, but it's not really rocket science either. Well, of course it does improve security somewhat to get a password: as long as you're near your computer people won't be able to just boot it up for fun when you're off to the loo.
    Now why would you want a password on the screensaver but not on login? For securing your current session, of course! All the programs you have open in memory will be gone when the person reboots your computer to get into your account. Your truecrypt session? Gone! No way for them to access the truecrypt session again! No way to see that you were looking at gay porn at the time (assuming you used private browsing and there's no bug in there)! Okay, you'll get my point.
    So the files that are actually safe - in memory only - remain safe. I even believe Mac OSx uses encryption for the swap space. I'm not sure about the algorithms and how this works, but I assume that it makes it impossible for someone to read the old memory after shutting down the computer at all. I wonder if other systems do the same thing? Do Windows and Linux encrypt their swap?

    Ok kiddies, it's Blakeyrant time.

    There are two types of security:
    1) Filthy thug at bus station security (FTBSS)
    2) Black helicopter NSA paranoia security (BHNPS)

    All the stuff you're saying to me right there in that quote filled with terms like "encrypted swap" and "truecrypt session?" That only helps in the BHNPS scenario. Which I don't care about, because I'm not some kind of high-powered international arms dealer, or a mad scientist trying to irradiate the US' gold supply using a midget with a bowler hat, or a Linux user. This is not a scenario I'm worried about, and I'd wager that approximately 99% of the population is in the same boat.

    Now, as far as FTBSS goes, there's where I'm concerned. Here's how the filthy junkie exploits your stolen computer:
    1) If it has a browser, he checks whether he can use it to buy crack online
    2) If anything on the computer tries to hold him up in any way (password dialog, lack of Internet connection), he trades it for crack directly

    None of your crazy science fiction scenarios helps against the filthy thug. He's not going to have a fucking OS X boot disk in his shopping card full of cans. He's not going to 1337 hax0r into the HD to recover the password and log in, and even if he did he wouldn't know what to do with anything except looking for a stored CC# in my browser. "Encrypted swap" doesn't fucking help me if it doesn't prevent the thug from ordering tons of crack online at Amajunkie.com. Now this is the scenario that 99% of the population is worried about, or should be.

    Of course the OS X defaults on my MacBook Air don't help in *either* scenario. But... my point is? Requiring a password alone is good enough, even if the NSA or James Bond could crack it.

    @SlyEcho said:

    But if you stop to think bout it, it does make sense to have a password on your screensaver but not on logon.

    No it fucking doesn't. One of the few things the filthy thug knows how to do with computers is reboot it, and look that just totally defeated your password protection. Time for bestcrackbuy.com!

    @The_Assimilator said:

    WTF 0: You bought an Apple product expecting it to be something other than overpriced shit.

    That makes TRWTF you.

    Yeah, pretty much. I still have trouble with the idea that the good Apple, where paying the premium for their product actually got you a better product, is dead and buried. But the hardware's good, and at least I knew what I was getting into this time.

    @sprained said:

    When did they stop enabling the firewall by default, though? That was one of OS X's selling points for me a few years back -- especially for malware-prone computer-novice relatives.

    My Mac-using friend told me that the last release had the firewall on by default, but they changed it because too many people were complaining about breaking apps. He also suggested that one of the apps on Apple's "never break compatibility with this" list (which I can't imagine is large) was having troubles with the firewall.

    I found out the reason for this, though. Unlike Windows (and every other sane OS), OS X's firewall doesn't have a UI to ask the user permission when it detects a rule violation. So if you ran ProgramThatListens on Windows, you get a dialog saying "this program is trying to listen to a port, allow?" On OS X, it just gets silently blocked. Given that, it's no surprise they were having compatibility issues. (Although why they'd turn off the firewall instead of writing a UI for it boggles the mind.)

    @nexekho said:

    Ohohoho, you haven't seen that you can reset any OS X machine's user account passwords without knowing them merely by owning an installation disc.

    Not an issue, since the greasy bus station thug doesn't own one, and the NSA doesn't need one. Sorry in advance, I'm going to do it, but the comic is too fitting to leave out:

    You may now berate me.



  • @blakeyrat said:

    [quote user="SlyEcho Evo"]I'm not bothered to reply to everything, but let me at least reply to this. A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it. True, not anyone can do that, you'd need some knowledge on computers, but it's not really rocket science either. Well, of course it does improve security somewhat to get a password: as long as you're near your computer people won't be able to just boot it up for fun when you're off to the loo.
    Now why would you want a password on the screensaver but not on login? For securing your current session, of course! All the programs you have open in memory will be gone when the person reboots your computer to get into your account. Your truecrypt session? Gone! No way for them to access the truecrypt session again! No way to see that you were looking at gay porn at the time (assuming you used private browsing and there's no bug in there)! Okay, you'll get my point.
    So the files that are actually safe - in memory only - remain safe. I even believe Mac OSx uses encryption for the swap space. I'm not sure about the algorithms and how this works, but I assume that it makes it impossible for someone to read the old memory after shutting down the computer at all. I wonder if other systems do the same thing? Do Windows and Linux encrypt their swap?

    Ok kiddies, it's Blakeyrant time.[/quote]

    FTFY

    I am mainly concerned with privacy when I use passwords. If the CIA really wanted to get something from me, I'm sure a simple password wouldn't stop them.



  • @blakeyrat said:

    blakeyrant

    I'm not sure why, but you just found your way onto my 'favorite person' list.  I think it has something to do with me not having done my job for the 10 minutes it's taken to read all that, and not feeling like the time was wasted.

     brb, buying wrench.



  • @Evo said:

    A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it.
    Well, on Windows, you can set the encryption flag on files. Reading the disk in another machine or with a boot disk won't get you anything. If you reset the password, then the encryption key is lost.



  • @SlyEcho said:

    FTFY

    Oops! Sorry. This forum software doesn't make it easy to reply to more than one message at once. (Natch; it doesn't make anything easy.) I wasn't trying to misrepresent you.

    @HighlyPaidContractor said:

    I'm not sure why, but you just found your way onto my 'favorite person' list. I think it has something to do with me not having done my job for the 10 minutes it's taken to read all that, and not feeling like the time was wasted.

    Is there a monetary reward?



  • @Evo said:

    Do Windows and Linux encrypt their swap?
    Not by default. There's a registry setting on Windows to enable swap encryption, and for Linux there's about 5 different ways of encrypting your swap, though none are enabled by default (and some may need additional software).



  • @blakeyrat said:

    Is there a monetary reward?



  • @blakeyrat said:

    I'm not some kind of high-powered international arms dealer, or a mad scientist trying to irradiate the US' gold supply using a midget with a bowler hat, or a Linux user.
     

    Most Linux software never gets out of the alpha stage. Since alpha radiation would not penetrate gold well, trying to irradiate the US gold supply using a Linux user would be ineffectual at best. I guess it's fortunate you're not in charge of such things.



  • @Zecc said:

    @blakeyrat said:

    Is there a monetary reward?

    I get the impression you're making fun of me.



  • @blakeyrat said:

    @Zecc said:

    @blakeyrat said:

    Is there a monetary reward?

    I get the impression you're making fun of me.
    \

    Considering the art movement this painting belong to there is little doubt, but well played



  • <sarcasam>

    But, it's Apple! It's perfect!

    WTF 1: OS X defaults to "auto-login"

    Windows makes me jump through a stupid login screen. Stupid Windows.

    WTF 2: Turning on "ask password on wake" doesn't also turn off "auto-login"

    My Macbook wakes right up, not like that dumb Windows that makes me enter a password. Stupid Windows.

    WTF 3: OS X ships with the firewall off by default

    My Macbook runs this applicaiton just fine, but my Windows laptop always gives me some dumb error message. Windows is broken! Stupid Windows.

    WTF 4: The bright arrow indicator that an app is running is now a nearly-invisible tiny glint of blue

    (I was going to make a quip about Apple users not knowing the difference between a closed and a minimized application and not ever waning to change the dock's contents themselves, but I couldn't figure out how to phrase it.) Stupid Windows.



  • @blakeyrat said:

    Also, it looks huge on the screenshot, which kind of makes me look like an idiot, but trust me... on the laptop itself, surrounded with aluminum and inside that goofy reflective effect, it's really hard to make out.
    Don't worry, it took me a few seconds to realize what you were talking about even if the screenshot is big.



  • @Evo said:

    A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it

    @Evo said:

    Your truecrypt session? Gone! No way for them to access the truecrypt session again!

    You almost answered the question. File encryption keys and stored website passwords are usually encrypted with the account password. If one can boot to a logged-on session, the passwords and encrypted files can be retrieved. But they can't be retrieved by physical access to the system disk. This is why a password on login is useful.



  • @blakeyrat said:

    WTF 5: Finder can connect to FTP servers, but only in read-only mode

    Also on other news: IE doesn't support gopher: anymore. WTF? How do I connect to the tubes?



  • Incidentally, there's a setting you can use to turn off the "3-dimensional icons sitting on a table" effect, which might make the little fuzzy purple dot a little easier to see.

     But yeah, I liked the plain black triangles better too.

    I did a lot of nodding in agreement as I read this thread. I dumped Windows and jumped over to Mac OS in 2003 (back when the latest-and-greatest was 10.3 Panther). Still using OS X at home, on a MacBook Pro, I own an iPad (but not an iPhone), I love it, BUT, I do see the points you are making and I too am growing a bit concerned at Apple's attitude.  Which seems to be "sit down, shut up, do it our way and, dammit, you're going to like it.  Also, give us your credit card."

    Don't get me wrong, I love the machine and I love the things I can do with it (mostly using apps like iDVD, Pages, etc.)  But when my Mac eventually retires, and I need to buy another computer, at this point I have no idea if it will be another Mac or if I'll jump back to PCs.  We shall see...

    BTW - I don't know about FTP (other than using the command line terminal, which is how I'd normally do it) but Finder can definitely read/write to WebDAV shares.  Nowadays, though, I use Dropbox.



  • @WhiskeyJack said:

    Incidentally, there's a setting you can use to turn off the "3-dimensional icons sitting on a table" effect, which might make the little fuzzy purple dot a little easier to see.

     But yeah, I liked the plain black triangles better too.

     

    Here you go: http://www.silvermac.com/2007/leopard-dock-with-black-triangle/

    I have a mac (originally bought it for iDevice programming, don't use it much) and I turned off the table effect early on. Not using the black triangles, but I couldn't find the article that shows how to turn off the table so I decided just to post this one.

     EDIT: Although just for reference, simply turning off the 3d table effect does a *LOT* to help dock readability. It puts a white dot (IIRC) above running applications, and nothing above nonrunning applications. (And the background is black, so it shows up really nicely.)



  • @alegr said:

    @blakeyrat said:

    WTF 5: Finder can connect to FTP servers, but only in read-only mode

    Also on other news: IE doesn't support gopher: anymore. WTF? How do I connect to the tubes?

    Oh, I'm sorry, what sort of futuristic sci-fi technology should I be using to upload files to my web server? It supports FTP and SFTP, and OS X couldn't do either of those, so I look forward to your recommendation. (Note: that was sarcasm; I actually think you're an idiot.)

    @WhiskeyJack said:

    BTW - I don't know about FTP (other than using the command line terminal, which is how I'd normally do it) but Finder can definitely read/write to WebDAV shares. Nowadays, though, I use Dropbox.

    I have Dropbox on it (that's what installed WTF 6), but I don't see how that helps me get files onto my web server. Which (in case it wasn't obvious) isn't running a copy of Dropbox.

    @Durnus said:

    Here you go: http://www.silvermac.com/2007/leopard-dock-with-black-triangle/

    I have a mac (originally bought it for iDevice programming, don't use it much) and I turned off the table effect early on. Not using the black triangles, but I couldn't find the article that shows how to turn off the table so I decided just to post this one.

    EDIT: Although just for reference, simply turning off the 3d table effect does a LOT to help dock readability. It puts a white dot (IIRC) above running applications, and nothing above nonrunning applications. (And the background is black, so it shows up really nicely.)

    I try to make a habit of judging things based on how they ship, obviously you can hack around and make things better. Now that I've written this post, I'll probably "fix" the taskbar like I did when I used OS X 5 years ago: move it to the left-hand side of the screen (the dots are more visible there), pin it to the top, and lower the icon size to 32-pixels or so. Pinning it to the top required a manual config file entry before, it probably still does. But that configuration works pretty well for me, and doesn't waste as much space. (Windows can overlap a vertical taskbar, they can't overlap a horizontal one for some reason.)



  • @serguey123 said:

    Considering the art movement this painting belong to there is little doubt

    Hey, Ringo: that was the joke!



  • @WhiskeyJack said:

    Incidentally, there's a setting you can use to turn off the "3-dimensional icons sitting on a table" effect, which might make the little fuzzy purple dot a little easier to see.

     But yeah, I liked the plain black triangles better too.

    I did a lot of nodding in agreement as I read this thread. I dumped Windows and jumped over to Mac OS in 2003 (back when the latest-and-greatest was 10.3 Panther). Still using OS X at home, on a MacBook Pro, I own an iPad (but not an iPhone), I love it, BUT, I do see the points you are making and I too am growing a bit concerned at Apple's attitude.  Which seems to be "sit down, shut up, do it our way and, dammit, you're going to like it.  Also, give us your credit card."

    Don't get me wrong, I love the machine and I love the things I can do with it (mostly using apps like iDVD, Pages, etc.)  But when my Mac eventually retires, and I need to buy another computer, at this point I have no idea if it will be another Mac or if I'll jump back to PCs.  We shall see...

     well said.



  • @blakeyrat said:

    I have Dropbox on it (that's what installed WTF 6), but I don't see how that helps me get files onto my web server. Which (in case it wasn't obvious) isn't running a copy of Dropbox.

    I update web sites from my Mac via FTP too. I always just fire up Terminal and do it the old fashioned way.

    My web host also allows ssh access, so sometimes I just ssh over to the remote host and do the editing right on the remote files.

     



  • @alegr said:

    @Evo said:

    A password on login is pretty fucking useless. If you get access to the hardware, you can read the harddisk, you can reset the password, thus bypassing it

    You almost answered the question. File encryption keys and stored website passwords are usually encrypted with the account password. If one can boot to a logged-on session, the passwords and encrypted files can be retrieved. But they can't be retrieved by physical access to the system disk. This is why a password on login is useful.

    You can set a keychain password that is different from your login password as well as set a firmware password so that you can't do the whole insert boot disc and reset password things. Lifehacker had a recent post on breaking into OSX with a few recs on how to prevent it. You may also want to get a copy of Onyx to deal with tweaking hidden system settings (like dock position and style) from a GUI if you don't like/want to do it from Terminal. There's a few apps out there to tweak the Dock's UI. I use Candybar, but there are many free one's (hit up iusethis and look around).

    To compensate for FInder's lack of FTP: check out either transmit or Forklift. Transmit 4 and the Forklift 2 beta give you the ability to mount (S)FTP shares (and other protocols) as drives accessible via the Finder (as will a standalone app called ExpanDrive).

    Also, depending on the editing you're doing you may want to check out TextMate, Coda or Pacu.

    OSX does have its WTFs; hopefully you'll find some of this helps make it a little more secure and usable.



  • @blakeyrat said:

    if a goon steals my MacBook he can do whatever he wants to my user account-- as long as he never lets it go into sleep mode! But thankfully if he accidentally lets it go into sleep mode, all he has to do is reboot it and he has full access again.
     

    If I was a goon who stole your MacBook, couldn't I just remove the hard drive, put it into an external harddrive case ($8.99 at NewEgg) and plug it into another computer as an external drive?  Assuming that the files aren't encrypted (I'm betting that most people's files aren't) I now have full access to all your files. 



  • @El_Heffe said:

    @blakeyrat said:

    if a goon steals my MacBook he can do whatever he wants to my user account-- as long as he never lets it go into sleep mode! But thankfully if he accidentally lets it go into sleep mode, all he has to do is reboot it and he has full access again.
     

    If I was a goon who stole your MacBook, couldn't I just remove the hard drive, put it into an external harddrive case ($8.99 at NewEgg) and plug it into another computer as an external drive?  Assuming that the files aren't encrypted (I'm betting that most people's files aren't) I now have full access to all your files. 

    Yes, because obviously the greasy bus station crackhead goon has a set of jewelry screwdrivers, an enclosure for a micro-SSD (are those even in standard sizes?), and the technological skill and inclination to go through your outlined process.

    Or gee maybe they'd just give it to their dealer in exchange for crack.

    Somehow I feel that you missed the Entire. Fucking. Point. of my blakeyrant, but look who it is! No big surprise there.



  • @blakeyrat said:

    @El_Heffe said:

    @blakeyrat said:

    if a goon steals my MacBook he can do whatever he wants to my user account-- as long as he never lets it go into sleep mode! But thankfully if he accidentally lets it go into sleep mode, all he has to do is reboot it and he has full access again.
     

    If I was a goon who stole your MacBook, couldn't I just remove the hard drive, put it into an external harddrive case ($8.99 at NewEgg) and plug it into another computer as an external drive?  Assuming that the files aren't encrypted (I'm betting that most people's files aren't) I now have full access to all your files. 

    Yes, because obviously the greasy bus station crackhead goon has a set of jewelry screwdrivers, an enclosure for a micro-SSD (are those even in standard sizes?), and the technological skill and inclination to go through your outlined process.

    Or gee maybe they'd just give it to their dealer in exchange for crack.

    Somehow I feel that you missed the Entire. Fucking. Point. of my blakeyrant, but look who it is! No big surprise there.

    Depends on the bus station really. 



  • ¬†As my security instructor once said, most of Mac's inherent security lies in two large piles:

    1) The stuff leftover from it's *nix roots (Which Apple spends a LOT of time trying to wreck for usability)

    2) The fact that Mac's take up a sizeably smaller portion of the market, and thusly are not as big of targets as their PC brethren.

    Unfortunately, with thei rising popularity, and the fact that most Mac users are college students who are both a; niave and b; covered in good credit, Apple may not be able to rely on that second one very much longer.  Hacking a Mac, as I found out firsthand, is trivially simple (actually, very similar to hacking a CentOS box, which we did first.)  when you have physical access to the machine.  In fact, nothing short of full disk encryption will save you once a hacker has physical access to the machine in question, regardless of OS or hardware, it's simply a matter of finding the right software and hardware to make it work, and of course the knowhow.

     



  • @Master Chief said:

    1) The stuff leftover from it's *nix roots (Which Apple spends a LOT of time trying to wreck for usability)

     Well, it all depends on how you look at it.  The whole reason OS X appeals to me is that it's essentially a Unix box that's easy to use.  I think that's a real good thing.  Setting it up -- to a usable state for your average user -- is trivially simple (and yes, I have regularly set up RHEL, Ubuntu, and CentOS boxes at work, so I do have lots of comparison points).  No, your average user might not want their account password protected, or their files stored in an encrypted volume.  And there's nothing wrong with that.  You or I might not like that because we may want those security features in case of the bus stop thugs, but not everyone wants it or needs it.  Most of my personal files are stored on my NAS anyway.  Mine's a D-Link DNS-323.  Trivially easy to crack open.



  • @WhiskeyJack said:

    @Master Chief said:

    1) The stuff leftover from it's *nix roots (Which Apple spends a LOT of time trying to wreck for usability)

     Well, it all depends on how you look at it.  The whole reason OS X appeals to me is that it's essentially a Unix box that's easy to use.  I think that's a real good thing.  Setting it up -- to a usable state for your average user -- is trivially simple (and yes, I have regularly set up RHEL, Ubuntu, and CentOS boxes at work, so I do have lots of comparison points).  No, your average user might not want their account password protected, or their files stored in an encrypted volume.  And there's nothing wrong with that.  You or I might not like that because we may want those security features in case of the bus stop thugs, but not everyone wants it or needs it.  Most of my personal files are stored on my NAS anyway.  Mine's a D-Link DNS-323.  Trivially easy to crack open.

    I've never been able to figure out what makes Unix so inherently secure anyway over Windows NT-based OSes. (Single-user OSes, like Windows 98 and Mac Classic-- duh, but NT?) Unix doesn't seem to do anything that NT doesn't, except it has a less precise permissions model. The only real difference is that NT is hugely popular for home users, and Unix-like OSes aren't.



  • ¬†@blakeyrat said:

    I've never been able to figure out what makes Unix so inherently secure anyway over Windows NT-based OSes. (Single-user OSes, like Windows 98 and Mac Classic-- duh, but NT?) Unix doesn't seem to do anything that NT doesn't, except it has a less precise permissions model. The only real difference is that NT is hugely popular for home users, and Unix-like OSes aren't.

    Lots of things, mostly small nitpicky stuff that Microsoft just refuses to address.  The way Windows stores its passwords, for instance, is downright awful (essentially the same since Win2K).  CentOS uses salted MD5 hashes, which are excessively hard to reverse.



  • @Master Chief said:

    Lots of things, mostly small nitpicky stuff that Microsoft just refuses to address.  The way Windows stores its passwords, for instance, is downright awful (essentially the same since Win2K).

    Well, ok, but that's not "The Unix Design," that's "some particular Linux distros have improved this aspect".



  • @blakeyrat said:

    @Master Chief said:
    Lots of things, mostly small nitpicky stuff that Microsoft just refuses to address.  The way Windows stores its passwords, for instance, is downright awful (essentially the same since Win2K).

    Well, ok, but that's not "The Unix Design," that's "some particular Linux distros have improved this aspect".

     

    Well yes, but the universal point is that they did address it, both in open source and in enterprise linux.  Not sure about OSX. Microsoft has not.



  • @Master Chief said:

    @blakeyrat said:

    @Master Chief said:
    Lots of things, mostly small nitpicky stuff that Microsoft just refuses to address.  The way Windows stores its passwords, for instance, is downright awful (essentially the same since Win2K).
    Well, ok, but that's not "The Unix Design," that's "some particular Linux distros have improved this aspect".
     

    Well yes, but the universal point is that they did address it, both in open source and in enterprise linux.  Not sure about OSX. Microsoft has not.

    Probably because there's some apps somewhere that would fail if they changed it.  Just like with almost all the other insecure things in windows, it's a backward compatibility issue.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.