Grey Matters

Speaking today about the next version of Mac OS X (10.5, code named ‘Leopard’) Steve Jobs said, “We’ve got a basic version, which is going to cost $129. We’ve got a Premium version, which is gonna cost $129. We’ve got a business version, $129. We’ve got an enterprise version, $129. And we’ve got the ultimate version, we’re throwing everything into it, it’s $129. We think most people will buy the ultimate version.“

You’ve probably seen the hoopla regarding MacLockPick — a USB device used for extracting passwords and such from a Mac running OS X. You can google MacLockPick or simply go to <http://www.subrosasoft.com/> to read about it.

Couple of notes:

To work, the software on MacLockPick must be run. That means someone has to gain physical access to your computer, insert the device then access and run the software on the device. If they have physical access to your computer in your absence, your security is already pretty much compromised anyway, especially if your account is logged in. Also the MacLockPick software must be run by a user with Admin privileges. Logged in.

This device is defeated by the simple expedient of locking your screen with a password; either a password to wake from the screen saver or by switching to the login screen when you are away from your Mac.

It helps too if your account is not an Admin account. If it’s not, even logged in, this tool is worthless at extracting anything.

So, as security conscious users of OS X have been saying from Day One,

1. Turn off auto log-in (so someone cannot simply pull the plug on your Mac then plug it back in to become logged in as you);
2. Do not use an admin enabled account for day-to-day activities. Set up a separate admin account to which you log in only when doing things which require admin permissions. Use a Non-admin for routine Mac use;
3. Either log out, lock your screen with a screen saver password or switch to the login screen when you leave your Mac unattended.

Now the following is supposition on my part…

Isn’t this device in violation of the DMCA? The Digital Millennium Copyright Act makes it illegal to even possess the means for bypassing content protected by digital encryption.

My keychain file contents, which I ‘authored,’ are, by law, automatically copyrighted by me as soon as I wrote it. There is no need to register a work to have it copyrighted, though enforcement of copyright is easier if the copyrighted work is registered.

Point is, everything I have authored, including everything on my computer, right down to its passwords, is protected by copyright law. My keychain, in particular, is protected using encryption. Content protected from unauthorized access by encryption is protected by the DMCA.

As Wikipedia says, the DMCA “… criminalizes production and dissemination of technology, devices, or services that are used to circumvent measures that control access to copyrighted works … and criminalizes the act of circumventing an access control, even when there is no infringement of copyright itself. ”

What is the proper federal agency to which we should report SubRosa (the manufacturer of MacLockPick)? As Mac users, we should be able to (for once) make the onerous DMCA work FOR us instead of against us.

Those of you who know me as a fan of Apple’s Mac computer know that I have been saying for years that Windows is fundamentally flawed. Its design, its architecture is fundamentally insecure. (Mac OS X, by contrast, was built on a base of BSD Unix which has decades of security engineering behind it.)

“Microsoft cannot fix the ‘bugs’ that lead to security problems because they are not bugs, they are design choices. … The fact remains that Microsoft’s entire infrastructure is based on fundamentally flawed designs, not buggy code. These designs can’t be changed. To change them, Microsoft would have to … break compatibility with everything up till now.”
<http://www.theinquirer.net/default.aspx?article=13350>

Apparently the fact that Windows becomes less secure each year, instead of more secure, is getting a reaction from big, corporate users of MS products, and it’s costing MS real money as MS users jump ship for better, cheaper, more secure alternatives.

Though the article linked above lists (free) Linux as the primary alternative to MS Windows, I’m confident that OS X is attracting new users as well.

Offered without comment:

<http://www.ornery.org/essays/warwatch/2007-03-04-1.html>

“Here’s a story you haven’t heard, and you should have.”

“The first thing a man will do for his ideals is lie.” — Joseph Schumpeter

There’s a poll at <http://abcnews.go.com/US/BeSeenBeHeard/popup?id=3046132> which asks:
“There are at least 32 confirmed dead in the shooting at Virginia Tech University, making it the worst campus shooting in American history. Law enforcement officials believe the gunman was firing at least one 9mm semi-automatic pistol.

Do you think this incident is a reason to pass stricter gun control legislation?”

The answers from which voters select are:

“Yes. This shows the violence that can occur when someone has access to handguns.”

“No. Violent shootings are isolated incidents and it’s irresponsible to link them to gun control.”

“I’m not sure. I need more information.”

Actually, the “No” answer makes an incorrect statement — that “… it’s irresponsible to link [such shootings] to gun control.” Such shootings should MOST DEFINITELY be “linked” to gun control — as a causative factor. The fact is that large-scale shootings like the VA Tech one would be far less likely if “gun control” laws did not prevent people from defending themselves.

The logic of “Gun Control” advocates is that each of us is a budding Cho Seung-Hui waiting to happen, thus we cannot be trusted with guns. They don’t clamor for gun control to protect you — they wish to be protected FROM you. They are, of course, completely trustworthy (and many of them have gun permits) but you and I are highly suspect.

To be able to protect one’s own life is the most basic of human rights. To deny people the means to an effective self-defense is unconscionable. Gun Control is an affront to the most basic right we have.

The single best defense against mass shooting sprees like the VA Tech one is to simply let would-be victims shoot back. An interesting note: There have been several mentions in the news lately of the University of Texas clock tower shooter who killed 15 people and wounded 31 others back in 1966. Seldom noted is that fact that ‘civilian’ — non-law-enforcement personnel — retrieved their own rifles and pinned down the shooter, Charles Whitman, until law enforcement personnel arrived. There were no further casualties that day once the sniper was pinned down by ordinary citizens returning fire.

I wish the same could be said for VA Tech, where several of the professors had weapons in their vehicles but, in accordance with policy, did not bring them onto campus. As noted earlier, a recent legislative effort to allow persons with state-issued concealed weapon permits to carry on VA campuses was defeated. Nice work, folks.

Like many shootings before it, this one did not have to be a mass-killing. It could have been nipped in the bud if just one potential victim had been armed. And, of course, it’s not just mass killings that could be prevented. Many isolated violent crimes could be prevented and lives saved were it not for ‘gun control’ preventing ordinary, good, honest citizens from exercising the most basic human right.

Today the threat of mass shootings is mainly from unstable individuals like Cho Seung-Hui. But tomorrow may see large-scale, well-organized terrorist assaults on areas with lots of civilians, Do we really prefer that all these potential victims be unarmed and unable to defend themselves?

Are we so damned ‘civilized’ that we prefer to see innocents slaughtered by the score rather than use violence in defense of life and civility itself? I pose the question because it reveals another notion beloved of the ‘gun control’ community — that “All violence is bad.” Many people view defensive violence and offensive violence as equally bad. Someone attacks you, you defend yourself, well, you’re just as bad as your attacker. Really. These are the people that rail against ‘gun violence’ and include in their statistics self-defense shootings in which the shooter was fully justified in the use of deadly force. All equally bad, in their book.

Their logic is skewed. They revere life so highly that they … won’t allow you to protect it?!?

There is most certainly a link between gun control and mass shootings and it’s one of cause and effect.Hey, here’s a poll for ABC news to try:

Imagine you’re in a classroom where a man has just entered with two guns and an I-don’t-care-because-I’m-going-to-die-today attitude. Would you be wishing for:

a) More numerous and tougher laws against what’s about to happen to you?
or
b) A big bore semi-auto with a large capacity magazine?

Bonus question: Which of these do you think your legislators will give you?

“Among the many misdeeds of the British rule in India, history will look upon the Act, depriving a whole nation of Arms, as the blackest.” — Mohandas Gandhi, “An Autobiography”, page 446