Universe’s Tech Blog

A computer researcher has reportedly ‘unlocked’ the protected binaries deep inside the core of Mac OS X that prevent the OS from running on non-Apple PCs, Fox News reports.

The ‘encrypted binaries’ are the key to keeping OS X exclusive to Mac hardware. They prevent OS X both from being pirated and can it near-impossible to run OS X on any Intel hardware.

One researcher said that to circumvent OS X’s protection was not trivial, but it was possible to do so and run the OS on non-Mac hardware.

The binaries exist at root level and calls to the binaries result in a kernel check which then executes an ‘unprotect’ code. Decrypting is done at kernel level. On non-Apple hardware, this won’t work – at least not without some hacking.

What’s new about this is that researchers are beginning to let this knowledge loose in the wild. In theory, a hack could be written that allows OS X installation on any PC.

Even if Apple resorted to hardware-based ROM in its Macs, this could conceivably be circumvented as well with ROM copying. Years ago, hackers developed ROM-copying programs that could duplicate the hardware ROM of early 68000 Macs so that faster 68040 Macs could emulate a classic Mac and run old applications and games.

See here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=10cc340b-f857-4a14-83f5-25634c3bf043&DisplayLang=en

See here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=10cc340b-f857-4a14-83f5-25634c3bf043&DisplayLang=en

Want to be able to access your machine anytime, anywhere? Can’t be bothered purchasing a domain name and configuring Dynamic DNS? Microsoft has a solution: the “Windows Internet Computer Name” — a unique domain name for your computer.

There is one small catch though: you have to be using the next-generation networking protocol IPv6 which, although thoroughly integrated into Windows Vista, isn’t supported by most home routers yet.

The Windows Internet Computer Name is an advancement on the Peer Name Resolution Protocol (PNRP), which is a name registration and resolution protocol initially developed for Windows XP.

Unlike traditional DNS, where domain name servers are used essentially to store a list of domain names and their corresponding numeric IP addresses, PNRP does all the domain name resolution peer-to-peer. Put another way, users of Windows Vista provide PNRP domain name resolution services for other Windows Vista users.

If you are still trying to wrap your head around how exactly this can work efficiently, rest assured you’re not alone. However, a Wikipedia article on the topic makes it sound suitably clever (speed of the system is ‘logarithmic to the size of the cloud’, for example.)

On a basic level, here’s how PNRP works: your PC has an IPv6 address — a much longer string of numbers than the typical xxx.xxx.xxx.xxx IPv4 address. IPv6 addresses are, by design, accessible to everyone on the public internet, because there’s a practically unlimited number of them available (unlike IPv4). You specify a name for your PC, and PNRP makes that available to other PCs on the internet, allowing them to connect directly to you.

Yep, you’re going to need a very solid firewall to ensure your PC is kept secure when running PNRP.

To get PNRP up and running on your Vista machine, you need to decide whether to use a secure or non-secure address. Non-secure addresses are easier to remember, but are easily spoofed. Secure addresses are well, secure actually, but are a nightmare to remember (in fact they’re impossible) as they are the product of 128-bit hash encryption. On the plus side, they won’t be spoofed.

Either way – first you need to open a command window with admin rights.

If you haven’t disabled UAC like everyone else using Vista, go to Start, All Programs, Accessories, right-click Command Prompt and select “Run as Administrator”. Type in the following commands and press Enter after each one: netsh, p2p, pnrp, peer.

If you want a non-secure address, now type in: set machinename name=”(peername)” publish=start autopublish=”enable”. (peername) is the name you want to use – Microsoft actually recommends using an email address without the dots or ampersand, to try and guarantee the uniqueness of the name. For example – jamesbannan@email.com would make a computer name of jamesbannanemailcom.

For a secure name, instead of the above line type in: set machinename publish=start autopublish=”enable”. So you’re just leaving out the manual naming bit. Vista will auto-generate the name.

To view the name you’ve just set, from the netsh/p2p/pnrp/peer command line, type in: show machinename. Press Enter.

Take a look in the Services list (Start, Run, services.msc) and you’ll see that the Peer Name Resolution Protocol, Peer Networking Identity Manager and PNRP Machine Name Publication services are up and running.

This machine is now accessible publicly by another other machine running IPv6. You can PING, FTP, serve web pages via IIS and set up Windows Meeting sessions through the Windows Internet Name, as well as any other sort of peer-to-peer application, like game servers.

WICN and PNRP are certainly very cool services. At the moment though, it does place the onus of security solidly on the client system. IPv6 does have quite a bit of in-built security, certainly more than IPv4, but we need to see some secure and practical implementations of IPv6 in the home before recommending that you go out and enable it.

The product manager for PNRP at Microsoft, Noah Horton, has a good blog that explains more about it.

The tech community has breathed a collective sigh of relief this week as Microsoft announced it was backflipping on a nasty clause in its EULA that prevented users from reinstalling Vista more than once on a new or modified PC.

However don’t settle down for a bedtime story just yet: Microsoft hasn’t done the full circus trick. The relaxed rules around transferring Vista to new PCs only apply if you purchase the expensive full retail edition of Vista — which, frankly, few people will.

Sure, if you do bite the bullet and buy the boxed version at Harvey Norman, you’ll be free to upgrade your machine or install Vista on another machine as many times as you like.

You won’t be forced to plead with some out-sourced help-desk jockey to convince them that you just upgraded your CPU and video card.

Unfortunately OEM copies won’t get the same liberties. These installations of Vista will still be restricted to only one transferal or one major upgrade to your machine.

This marks the death of the popular once-off ‘I’ll take one hard drive and an OEM copy of Windows with that, thanks’ flavour of OS-sundae.

Microsoft has also tightened up the specific rules around what hardware an OEM copy of Windows can be sold with.

Straight from the horse’s mouth — “spokesperson” at Microsoft Australia:

“OEM versions of Windows Vista must be distributed to end-users with a fully assembled computer system and must be pre-installed.”

Dang!

To make the matter even more complex, Microsoft says that even with a “transfer to a new PC as many times as you like” retail edition, you will only be allowed to transfer your licence for Vista to someone else once.

Whether Microsoft can handle this on a technical level remains to be seen.

Unless Microsoft uses privacy-invading details like passport IDs being used on a Windows installation to detect piracy, it’s hard to see how it could tell if you’ve installed Vista on someone else’s machine rather than a new one of your own.
Speed benchmarks: top secret

Also landing in the EULA spotlight is the discovery that benchmark results under Vista have, essentially, been lined up for a firing squad.

More specifically, the license demands any benchmarks that involve performance results from the .NET 3.0 Framework must adhere to standards set by Microsoft before being disclosed.

What is most disturbing here is that Microsoft has pointed to a webpage in the EULA, here, to define exactly what these standards are. Microsoft can effectively change this to whatever it pleases, whenever. Feel the joy of the independent media being manipulated by lawyers and their grubby licences!

At the time of writing, this popular clause had an average rating of 1.57 out of 9.

Of course, all of the above is possibly moot. Whether an EULA is worth more than half a grain of salt in Australia is questionable.