Thursday, June 30, 2005

IBM to Apple: Watt Me Worry?

No comments:
When they announced Intel-based Macs a few weeks ago, Steve Jobs said that IBM was unable to supply PowerPC chips at sufficient speed and power consumption. More specifically, he referred to an abstract performance-per-watt ratio and showed a chart where Intel's future chips did much better than IBM's.

Now, IBM says "we can make all the chips Apple needs".

Maybe. But this doesn't mean they actually will. Remember, two years ago, IBM told Apple that a 3GHz PowerPC 970 would be no big deal. Jobs promised a Mac based on that chip. Two years ago, the chip still doesn't exist.

IBM's word, at least when it comes to future chip production, isn't worth very much in Cupertino these days.

Apple, and Mac users, have been demanding 3GHz PowerMacs and G5-based laptops for over a year. IBM would have to be both blind and stupid to not see the demand for the chips that these products require. So why haven't they shipped them? Either they can't, or they don't want to.

Jobs said they can't. If IBM is now saying they can, it means that the other conclusion is the truth. Now why would Apple try to maintain their relationship with IBM if IBM doesn't want to develop the chips they need?

Wednesday, June 29, 2005

Fujitsu is developing new HD technology

No comments:
Fujitsu is working in some new tech that, when fully developed, promises bit-densities on the order of 1Tb per square inch.

According to the article, current high-end drives have densities at around 120-140Gb per square inch. This would make the new tech about 7-8 times as dense.

If we assume that a modern 400G drive has platters at the 120-140Gb density (a reasonable assumption, although I don't know for sure), then this new tech would produce a 2.8-3.3TB drive.

And if we want to be silly about it, an XServe RAID chassis loaded with these hypothetical drives would have a 40-46TB capacity. Of course, that's just silly-talk. For now.

For centuries, man has yearned to destroy the sun

No comments:
This has got to be one of the dumbest ideas ever imagined.

Although the scientific community has no consensus over whether global warming exists, if it was caused by humans, or even if it's a bad thing, one group here is proposing that we create a permanent structure in orbit to block sunlight and cool the planet down.

Of course, if the warming trend we're believed to be in is part of a natural cycle, this ring will ensure that the next natural cooling-cycle (meaning ice age) will end up being much more severe, because we won't have all that sunlight anymore. And without this light, we might not be able to emerge from this ice age.

You think it's a natural disaster when we have a few hot summers in a row? How about when most of the planet dies off due to a few hundred years of freezing?

And all this disaster can be yours for only $200 trillion of your tax dollars.

Tuesday, June 28, 2005

Internet crashes in Pakistan

No comments:
Wow! This piece of news really surprises me.

Not that an undersea network cable failed. That does happen from time to time.

What surprises me is that Pakistan doesn't seem to have any other connectivity to the rest of the world. At least no other connectivity with sufficient bandwidth to cover the loss. (The article does say that they have satellite backup, but it doesn't appear to have enough bandwidth.) No other undersea cables, no satellite uplinks of sufficient capacity, and no land-lines to other countries (like India).

I realize that this region of the world is far from safe, and that Pakistan has security problems with all of its neighbors, but I would have thought that the telecommunications companies involved (even if they are government-owned) would have found a way to cut through the politics and run the cables necessary to prevent this kind of problem from occurring.

I obviously assumed incorrectly.

Apple Merges iPod & iPod photo Lines

No comments:
I was wondering when this was going to happen.

Apple has finally brought color screens (and photo capabilities) to all of their full-sized iPods, including the U2 edition.

Pricing is now 20G for $300, and 60G for $400. The 20G U2 edition is $330.

Now all we need is an 80G model to assume the now-empty $500 price point.

Monday, June 27, 2005

The Supreme Court's ruling against P2P

No comments:
Superbrief summary of a recent Supreme Court ruling:

Peer-to-peer companies such as Grokster and Morpheus parent StreamCast Networks can be sued and held legally liable for the copyright infringement of the people using their software, if the companies actively encourage that infringement.

Some are saying that this may kill peer-to-peer file sharing technologies.

Personally, I disagree.

While it is true that some of these programs (like the original Napster) were designed for the specific purpose of trading music (most of which was distributed in violation of copyright), it is also true that most of the modern programs (like Bit Torrent and various Gnutella clients) are promoted as general purpose file-sharing utilities, not simply music-swapping facilities.

When combined with the fact that these are often used for non-infringing purposes (e.g. several Linux distributions are released via Bit Torrent), I don't think the courts will be able to conclude that the companies actively encourage copyright infringement.

Friday, June 24, 2005

Inside Apple's Intel-based Dev Transition Kit

No comments:
AppleInsider has posted the specs for Apple's Intel-based developer transition kit. This is a prototype Intel-based Macintosh system, Intel version of Mac OS X 10.4, developer tools and documentation. (The tools and documentation are also available as a free download.)

I won't repeat the article's description of the specs, but it is worth noting that this system looks and feels very much like a generic PC.

This should come as no surprise, however. Jobs had already said that Apple was developing Intel versions of Mac OS X for five years. They were obviously doing it on generic PC hardware, since it would be prohibitively expensive to design (and keep current) new systems that never get sold to the public.

This, however, does not mean that the Intel Macs that will be sold next year will be generic PC's. As a matter of fact, I would expect that they will not be. At least the ROM code will be different enough to fool non-engineers. Over the past 5 years, Apple has introduced many features in their Macs that Mac users have come to expect, including:

  • Target disk mode
  • FireWire (400-speed on all systems, 000-speed on high-end systems)
  • The ability to boot the system from FireWire (and USB) drives
  • SuperDrives available on all systems, standard on some
  • AirPort (WiFi) available on all systems, standard on some
  • BlueTooth available on all systems, standard on some
  • Unique cooling systems that are (usually) very quiet
Apple will have to provide all of these on any new Macs, whether Intel or PPC based. The fact that the developer transition kit systems do not have many of these features is a clear sign that these systems will not be what is eventually sold to customers.

Now, it is certainly possible to provide all these features using more-or-less generic PC motherboards, but I suspect that Apple will prefer to use a completely custom board, instead of a generic board that they tweak to add necessary features.

A custom motherboard also makes it easier to prevent Mac OS from booting on generic PC's. Apple can include a unique chip (maybe an I/O controller for the FireWire/AirPort/BlueTooth devices, or a specialized DRM chip) that the OS requires in order to run. This is a lot better than looking for ID strings in the ROM (which can be faked) or specific board configurations (which would require a tweak to MacOS every time a new system is introduced or updated.)

Tuesday, June 21, 2005

Future of DVD mired in confusion - but does it matter?

No comments:
This is definitely bad news for people waiting for high definition DVD movies. After all, Hollywood is not going to start selling many movies until they're certain that there will be enough customers with compatible drives.

On the other hand, it may not matter. Regardless of whether HD-DVD or Blu-Ray becomes the dominant standard, it has already been decided that both will use H.264 as their high-definition CODEC. So the encoding work (the biggest change from existing DVD production) will be the same for both. Given this, and the fact that mass-production of the physical media will probably be very inexpensive, there is no technical reason why studios couldn't ship movies in both formats until a clear winner is decided.

Remember back to the days when VCRs were the new toys on the block. There was a huge standards war going on between VHS and Beta. VHS ultimately won, but the studios didn't wait for a winner before releasing movies. They issued movies in both formats

One could probably argue that the cost of manufacturing video tape in two formats is equal to, if not more than, the cost of manufacturing video discs in two formats. Especially when both formats are using the same H.264 CODEC for the video content.

But it's not just about movies

All that being said, there is more to these high-capacity DVD standards than just selling movies. Both are going to be sold for use as data storage devices.

Right now, the theoretical maximum capacity for an HD-DVD disc is 45GB (using a 3-layer disc) and the theoretical maximum capacity for a Blu-Ray disc is 100GB (using a 4-layer disc.) Either one of these is much higher than the maximum capacity for recordable DVD media (about 9G for a 2-layer disc.)

For me, a 4-layer Blu-Ray drive makes the ideal backup device.

Currently, people who want to make full system backups have no good choice for the output medium. They can use tape drives, which are very expensive if you get one large enough to be useful (I paid $800 for a VXA-1 drive, which can record 33GB on tapes that cost about $60 each. Higher capacity drives can cost much more than this.) Or they can back-up to other hard drives, which cost less, but have other problems. (Like taking damage when dropped on the floor.) Any other backup solution (like DVDs) suffers from the problem that the media is much smaller than hard drive sizes, so you have to insert new media several times during the backup - making it so inconvenient that most people won't bother making backups at all.

Blu-Ray (or to a lesser extent, HD-DVD) solves this problem. The media capacities rival those of tape drives, and the prices will probably be much lower. Although nobody today is talking about pricing for these new DVD standards, I think we can expect them to follow the same trend that recordable DVD drives took - high prices at first, following by much lower prices in a few years. My prediction is that we should see the drives selling for around $300 after two years, and under $100 after five years. I think we can expect blank media to cost $20-40 at first, $5-15 after two years, and $2-6 after five years. Even at its most expensive point, I think this format will still cost less than what tape systems of comparable capacity cost right now.

Friday, June 17, 2005

Microsoft's "Blue Hat" security conference

No comments:
Microsoft recently ran their "Blue Hat" security conference, where hackers and MS employees were able to meet and discuss security issues.

During the conference, some of the guests successfully hacked some of Microsoft's demo computers, much to MS's embarrassment.

But to MS's credit, they appear to be willing to work with the security experts to get these problems fixed.

If we're lucky, this event will be the kick in the pants Microsoft needs to start really securing their software.

Wednesday, June 15, 2005

My take on Apple's decision to use Intel processors

There's an old saying. Opinions are like behinds - everybody has one. (OK, that's not the exact quote, but I am trying to keep it clean.) And the recent news about Apple using Intel processors in new Macs is no exception. Some are saying "What took you so long?" and some are saying it is the end of the world (or at least the end of Apple.)

And like all the rest, I've got my own set of opinions here. Everything here is speculation, but I like to think it has a good chance of being correct, given what I know about Apple and their history of doing business.

  • This is going to hurt Apple's sales in the short term

    Any time you announce a major change well in advance of that change, it hurts sales. Nobody wants to buy a computer that they think will become obsolete in short order. The fact that it won't really be obsolete (see below) won't change people's perceptions. But this is a short-term problem. People tend to delay, not cancel their purchases over this. So when the new systems ship in 2006, most of these customers will start purchasing new Macs again.

  • Existing Macs have not suddenly become obsolete

    At least for any reasonable definition of the word. A computer becomes obsolete when you can no longer perform useful work with it, when it can not run your software (which is really the same thing) or when the manufacturer drops support for it. None of these have happened yet - heck, the new Intel-based Macs won't even be available for at least a year!

    When the new Macs do ship, will your current software stop running on PowerPC-based Macs? Of course not. Will software vendors stop shipping PowerPC versions in favor of Intel versions? Eventually, yes, but not immediately. There are millions of Mac users with PowerPC based systems, it is going to take many years before the majority of them replace those systems with Intel boxes. Any software vendor that stops producing PowerPC software before their customers have Intel hardware will be signing its own death sentence, and they all know it.

    And will Apple stop supporting the PowerPC hardware? Eventually, but my prediction is that this won't happen any sooner than when they've dropped support for other systems. There are plenty of PowerPC-based Macs (based on the 601, 603 and 604 chips) that can't boot OS X, and some more recent G3-based models that can't boot Mac OS 10.4. Apple supported these systems for a long time before dropping them. I don't think they'll do anything different for today's G4 and G5 systems.

  • You will have to upgrade your apps when you buy an Intel Mac

    Well, you won't have to for most apps, but you will want to. Apple is providing a translation layer (Rosetta) which will allow PPC-based OS X application to run on Intel Macs, but there is a performance hit. Some informal tests show performance levels at around 25% of "full speed". This is actually very good, given the extreme challenge of emulating a high-end processor on another platform. But you will notice.

    For some applications (like word processors), you probably won't care. After all, these apps spend most of their time waiting for user input. But for some applications (like Photoshop, Final Cut or DVD Studio), you will definitely notice.

    Some vendors may offer free "upgrades" to an Intel port of the same version you have. But I suspect most will not. They will tell you that the next version will be compatible with both platforms and that you should upgrade to it when they release it. If you planned on upgrading anyway, this won't be a big deal. If you didn't, this will be an extra expense.

    One workaround to this is to not buy an Intel Mac when it is first released. Instead, wait for your apps to be upgraded to "universal binaries" (Apple's name for programs that will run on both PPC and Intel). Upgrade then while you're using your existing PPC Macs. Once you've got all the important apps upgraded, then you can buy the Intel Mac and not have to worry about the performance hit of Rosetta.

  • Mac OS is not going to run on your Dell

    It is fairly certain that Mac OS can run on ordinary PC's. After all, Apple has had a working Intel version of Mac OS X for over five years and they wouldn't be developing new hardware boxes for purely internal development purposes. But this doesn't mean it will remain this way.

    Apple has publicly stated that they will not permit non-Apple computers to boot Mac OS X. We don't know how they plan on accomplishing this, but it will probably be more substantial than simply looking for a copyright string in the ROM chips. (This has been attempted by other systems in the past, and it is easily defeated.) The best way to do this is to make Macs with some feature (however minor it may be) and make sure that a key part of the OS relies on this feature. Some form of DRM, with decryption keys hidden in the ROM is also a possibility.

  • We don't know what kind of Intel chip these Macs will have

    I think we can be certain that the chips will be x86-compatible. After all, that's what the prototype Intel-Mac systems are. It would be counterproductive to give an x86-based system to developers and then tell them that the commercial systems aren't going to be compatible with it. But this still leaves a lot of options.

    My prediction is that the 32-bit Macs (those that currently use G4 processors) will be transitioned to 32-bit x86 chips, like the Pentium-4 and maybe Celeron chips. The 64-bit Macs (those that currently use G5 processors) will be transitioned to 64-bit x86 chips, like the new Pentium-D and other chips on Intel's roadmap.

    As much as I might like to see a pure 64-bit chip (like some of the chips on the Itanium roadmap), it's not going to happen unless Intel makes a version that supports the 32-bit x86 instruction set.

    That being said, such a chip might eventually be made. Unlike PC makers, Apple doesn't require any support for any pre-Pentium (or even pre-P4) operating mode, like 8088, 286, 386 or 486. Which means Intel can ditch these legacy features in any chip they sell to Apple. Of course, the fact that they can do this doesn't mean they will, so this is mostly speculation and wishful thinking on my part.

  • You are not going to be able to just boot a Windows CD on an Intel Mac

    Apple has said that they won't take steps to prevent Windows from being run on a Mac. Some have interpreted this to mean "we're getting dual-boot Windows/Mac computers". This is quite a stretch, and, IMO, unlikely. It is quite likely that Apple will design their Macs with different (or at least customized) chipsets on the motherboard. At the very least, special device drivers are going to be required to get Windows to run. It might require much more.

    Sure, Microsoft may decide to release a Mac compatible version of Windows, but that will be in the future. I don't think existing Windows XP install CDs will do anything useful on a Mac.

  • Macs are not going to become overrun with virusses

    It is well known that Windows is overrun with virusses, and most Windows systems run on Intel (or Intel-compatible) processors. But people must remember that Virus-compatibility depends as much on the operating system as it does the processor. And in the case of script-based virusses, it depends entirely on the OS and nothing on the processor. Mac OS will still have all of its security features, even when running on an Intel chip.

    An Intel processor running Mac OS will not be vulnerable to Windows virusses any more than an Intel processor running Linux is - meaning not at all.

  • Lack of AltiVec is not the end of the world

    Apple has touted the AltiVec (vector math) unit of the PowerPC G4 and G5 as the one thing that make PowerPC boxes superior to everything else. And in many ways, they are right. AltiVec is a great subsystem. But PowerPC isn't the only platform to support vector math. Intel's chips have had it for years in the form of MMX (integer-only, introduced in the Pentium), SSE (introduced in the Pentium-3) and SSE2 (introduced in the Pentium-4). SSE3 is also in the workd (to be introduced in the Yonah chip).

    While SSE and SSE2 (don't know about SSE3) may not perform as well as AltiVec, they do provide similar functionality and perform good enough for most purposes. Software written for AltiVec should be portable to SSE. Apple has even provided sample code to help out those developers that need to be shown how. I am certain that the parts of MacOS that use AltiVec on the PowerPC have already been ported over to SSE on Intel.

    Furthermore, a lot of what AltiVec has traditionally been used for (3D graphics) has been offloaded into video cards these days. Apple's CoreImage facility offloads tons of high-end graphics functionality onto the GPU of a high-end video card. Since Intel Macs will use the same (ATI and NVidia) GPUs as PPC Macs, it is safe to assume that this kind of performance will not change much.

  • Your favorite product-level features are not going to go away

    Things like target-disk mode, booting from FireWire drives, pressing "C" to force a CD-ROM boot, etc. Although PC's don't generally support these, and the prototype Intel Macs may not support them all, I think the production Intel Macs will. Apple has spent too much time teaching their customers about these great features to just throw them away now.

    Mind you, this doesn't mean Open Firmware will be what boots these Macs. Product level features can be grafted on to anything (even legacy PC BIOS ROMs). We don't know what kind of ROM Apple will use in the Intel Macs, and I'm not going to speculate on that, but I am confident that the key features that today's users depend on will be present in the new ROM, whatever it is.

  • Your HFS-formatted disks will still be readable

    Although Apple has said that you shouldn't assume anything about the disk partition scheme, I am confident that Mac OS on Intel will be able to mount and use disks that were formatted on PowerPC-based Macs, even if it does not give you the ability to boot from disks using the legacy partitioning scheme. To do anything else would break compatibility in a way that would hurt the entire customer base (just think of all those portable hard drives, including iPods, that will be used to transport files between Intel Macs and PowerPC Macs).

    This will, IMO, be similar to how the HFS+ disk format was rolled out. It was introduced in Mac OS version 8. 68K-based Macs running system 8 (and 8.1 - the last 68K-compatible version) could read, write and format HFS+ volumes, but they could only boot off of HFS volumes, due limitations of the boot ROMs. It is possible that the Intel Macs will be able to boot from the legacy disk partitioning scheme, but even if it can't, Mac OS will be able to use the disks after the system has finished booting.

Securing Mac OS from the sudo command

No comments:
This article, from Security Focus talks about a potential security hole in Mac OS that is easily fixed.

Like most UNIX systems, MacOS includes the sudo command. This command is used to execute a single program with root-level privileges. It is generally considered safer than other mechanisms (such as logging on as root or using the su command to temporarily become root.)

Sometimes, you have to execute several commands in a row as root. In order to not have to type in your password for every command, typical installations of sudo implement a 5-minute grace period, during which you do not have to re-enter your password. And as an additional convenience, this grace period applies to every session you are logged in to. (Note that every terminal window you have open is a separate login session as far as the system is concerned.)

By itself, this forms a minor security hole. Ordinarily, malicious programs on UNIX systems (including Mac OS) can't do much damage. Because of system security, the worst they can do is trash the user's files, but they can't touch the system files. But, if this program issues a sudo command during the five-minute grace period after a legitimate sudo call, it can get root-level access without needing a password.

Ordinarily, this would be a minor problem - after all, the program would have to know when to issue the sudo command. It can't just keep on calling sudo, because it would hang, waiting for you to type in a password if it did.

Unfortunately, on Mac OS, it can find out when to do this. With the default installation of Mac OS, the system log is readable by everyone. And the sudo command logs each usage in the system log. So a malicious program has to simply monitor the system log, wait for a successful execution of sudo, and then issue a sudo command of its own.

The fix, fortunately, is simple. Just turn off the 5-minute delay by adding the following line to the "Defaults" section of the /etc/sudoers config file:

Defaults:ALL timestamp_timeout=0
That's all it takes. You can also change sudo's log messages to go to a non-public log file (like /var/log/secure.log) or restrict the grace period to a single log-in session, but these steps are unnecessary if you simply disable the grace period altogether.

This does mean that you will have to enter your password for each and every sudo command you issue (including those that are issued implicitly by software installers), but I think this is a small price to pay and it eliminates a very real security hole that could be exploited in the future.