Feeds

Apple cripples Sun's open source jewel

Hollywood love inspires DTrace bomb

3 Big data security analytics techniques

It was all hookers and balloons at Sun Microsystems when the company first found out that Apple would pick up its well-regarded DTrace analysis tool for use with Mac OS X. Now, however, one of the lead DTrace developers has expressed some regrets after Apple "broke" his software in an apparent bid to protect big media and ISVs.

Adam Leventhal went full and frontal this week with his assault on Apple and iTunes. The Sun software engineer lobbed a blog , accusing Apple of tweaking his precious DTrace to the point of destruction. Full of code snippets and talk of tick-1s probes, Leventhal's complaint lives in the land of the developer to be sure, although it would seem to have some broader implications about how far Apple will go to protect Hollywood chums.

Leventhal, along with a couple of co-workers/drinking buddies, developed DTrace for Sun's Solaris operating system. The software tool can dig into a running server to discover a very wide variety of performance characteristics. The tool proves so effective at fixing software issues that customers have opted to purchase Sun gear just to get their hands on the code, according to company legend.

These days anyone can pick up DTrace if they've got the courage and port the code to their operating system of choice, since Sun has open sourced Solaris in all its glory. Apple took Sun up on the offer with Leopard - grrrr - the latest version of Mac OS X.

Leventhal was so pleased by Apple's DTrace port that he started using the software "as often as I have the opportunity." But that heavy usage turned up a problem, as Leventhal noticed odd data being returned during certain DTrace system checks. Leventhal kept digging and discovered that Apple had crippled DTrace with some applications such as iTunes, preventing the software from returning system data.

Witness the anger of a coder scorned.

The notion of true systemic tracing was a bit too egalitarian for their classist sensibilities so they added this glob of lard into dtrace_probe() -- the heart of DTrace:

#if defined(__APPLE__) /* * If the thread on which this probe has fired belongs to a process marked P_LNOATTACH * then this enabling is not permitted to observe it. Move along, nothing to see here. */ if (ISSET(current_proc()->p_lflag, P_LNOATTACH)) { continue; } #endif /* __APPLE__ */

The bastards.

Exactly why Apple has banned DTrace from pulling on certain applications is anyone's guess. We lobbed out usual carrier pigeon in Cupertino's direction but don't expect any return message.

Ignoring Apple's usual "no comment", some posters on Leventhal's blog have speculated that Apple blocked DTrace access to iTunes to placate Jobs' friends in Hollywood.

Here's Rolf, who wrote:

Like it or not, content creators and patent owners *do* have certain legal rights, which they can and do enforce against Apple, or anyone else who wants to use their intellectual property. In order for Apple to legally license and use patented DVD playback technology they're contractually obliged to do all they possibly can to prevent direct access to the decoded images (eg. via a debugger). Likewise, in order to be allowed to distribute copyright-protected via iTunes they're contractually obliged to prevent access to the decoded audio.

Yes, you may be able to circumvent this, but in doing all they can to try and stop you (which includes disabling dtrace and gdb in iTunes) Apple have done their part, and if you persist and circumvent such mechanism to access copyrighted data you're not entitled to then you're committing a criminal offence (DMCA and similar).

In other words, Apple appears to think that crafty coders could use a sophisticated tool like DTrace to glean information about its DRM (digital rights management) technology and other protective schemes. That could upset media companies as well as ISVs, trying to protect their own jewels.

As far as Leventhal is concerned, Apple's actions prove most offensive because they've disfigured his baby.

"It's annoying that Apple decided to disallow tracing for applications that choose to opt out, and it's a fairly serious issue, but the bigger issue is that in doing so they've broken DTrace," Leventhal wrote.

"I'd argue that the right and noble way to fix this is to allow DTrace to examine all apps, but Apple could also fix DTrace's profile and tick probes without exposing what they deem to be sensitive information."

Apple? Noble? That costs $99.95, Adam. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.