RICHARD - Part One Mac OS

The Apple One free trial includes only services that you are not currently using through a free trial or a subscription. Plan automatically renews after trial until cancelled. Restrictions and other terms apply. $4.99/month after free trial. One subscription per Family Sharing group. Offer good for 3 months after eligible device activation.

Here at the Happy Macs Lab, we have a unique issue. In the lab, you will find vintage Power Macintosh models, running everything from Mac OS 7.5.3 up through Mac OS 9.1, a maxed out Power Mac G4 Cube running all of Mac OS 9.2.2, Mac OS X Tiger and Mac OS X Leopard, Power Mac G5s running Mac OS X Tiger and Mac OS X Leopard, multiple older PCs running various versions of Linux and even a sampling of older Windows machines, running Windows NT 4.0, Windows 95, Windows 98SE, Windows ME, Windows 2000 and finally Windows XP. It is quite the 'tower of babel' from a computing perspective, and getting all these machines to talk to each other is a real challenge.

Happily, there are multiple solutions that achieve the desired result, and this blog post is the first of a series where we will look at the best of them, one by one. Some of the solutions are point-to-point, connecting just one OS to one other OS (such as Mac OS to Windows), and some are all encompassing, connecting everything to everything.

1. Mac mini (Late 2009) Model Identifier: Macmini3,1 Part Numbers: MC238xx/A, MC239xx/A, MC408xx/A Newest compatible operating system: OS X El Capitan 10.11.6 Tech Specs: Mac mini (Late 2009) Mac mini (Early 2009) Model Identifier: Macmini3,1 Part Numbers: MB464xx/A, MB463xx/A Newest compatible operating system: OS X El Capitan 10.11.6.
2. This directory contains binaries for a base distribution and packages to run on Mac OS X (release 10.6 and above). Mac OS 8.6 to 9.2 (and Mac OS X 10.1) are no longer supported but you can find the last supported release of R for these systems (which is R 1.7.1) here.

In this first post of the series, we will look at the first of two 'traditional' point-to-point solutions for connecting Mac OS Classic and Windows, Thursby Software's Dave. In the second post of this series, we will examine the other classic solution to this problem, Connectix's DoubleTalk.

Throughout this series of networking posts, 'Mac OS Classic' is used to imply Mac OS 9.x and lower, and specifically excludes all versions of Mac OS X. Similarly, throughout this series of posts, 'Windows' implies Windows NT 4.0 and higher. For the purposes of this series, I used two principal Macs, a Power Macintosh 7500/100, upgraded with a NewerTech 366 MHz G3, and running Mac OS 8.6, and a fairly stock Power Macintosh 7300/200 running Mac OS 9.1. I used a 200 MHz dual CPU Pentium Pro PC running Windows NT 4.0 as the Windows representative in this networking duet.

Windows, Networking and SMB

OK, lets get going. A little background is in order first. Windows communicates with the networked world using the Server Management Block (SMB) protocol, renamed CIFS (Common Internet File System) in later versions of Windows. Pretty much all versions of Windows since Windows NT 3.x have incorporated both an SMB server and an SMB client, meaning that the OS can both read and write other SMB-based machines and can itself be read and written by those same other machines. I have seen, but not yet been able to confirm, that even the creaky Windows for Workgroups 3.11 included an SMB capability.

Since Windows speaks SMB, if a Mac wants to engage in file sharing with a Windows platform, it needs to speak SMB as well. Functionally speaking, this means that it needs to implement an SMB server and /or an SMB client. The two well-regarded third party applications mentioned above, Thursby Software's Dave and Connectix's DoubleTalk, do just this.

Thursby's Dave seems to be the preferred solution in this space, although both garner a recommendation on Apple's website.

Dave is preferred because it implements both an SMB server and an SMB client, while DoubleTalk only implements and SMB client. Having both an SMB server and an SMB client, a Dave-equipped Mac can seamlessly read and write files to and from a Windows machine and that Windows machine can seamlessly read and write files to and from the Mac.

Installing and Configuring Dave

I tested Dave and can attest that this is all true. I loaded Dave onto my Power Macintosh 7500, running Mac OS 8.6, and took it for a spin. The above mentioned 200 MHz Pentium Pro PC, running Windows NT 4.0, acted as its Windows counterpart in this testing.

Now before we go any further, there is a pink elephant in the room that we should all acknowledge. Astonishingly, not only is Thursby still a going commercial concern, Dave is still an active product at Thursby, and they want a staggering $119 for a current license for it! This will no doubt stop many folks from experimenting with it further.

Of course, the Dave software, and license numbers for it, are available from multiple 'abandonware' sites, but none of the licenses I could find this way worked – all were rejected by Dave as 'expired'. Thursby has protected their product well. Already having a valid Dave 4.0 license, I was able to proceed, but those of you not in this happy position will need to either pony up a big $119 to Thursby, or make your peace with trolling the web in search of non-expired licenses. I did this yesterday as a test, and successfully unearthed multiple apparently valid licenses. A little bit of persistence may serve you well in this area.

In an effort to save would be users of Dave from having to pay the hefty $119 fee for what is fundamentally an obsolete product, I queried Thursby's email support, asking if they would be willing to provide a free license, given the lack of remaining commercial trade in Mac OS 9.x and below. The answer back was a firm 'no', followed by an admonition that Dave should not be considered abandonware. The response concluded with a request to know where I had downloaded Dave from! Realizing that this line of inquiry was not likely to result in a free Dave license, I abandoned it and moved on.

I will leave the licensing issue in your capable hands. Moving on, I can report that Dave is an excellent product. It was simple to install and configure, easy to use, and 100% effective at doing what it said it would do.

Installation and setup was a snap.

Dave's setup runs you through a few simple questions, the most complex of which may be its query for your workgroup name. If you don't know the answer, just type in 'WORKGROUP', which is what most PCs default it to. Confirm this by visiting the Network control panel of the PC you are trying to connect to, and change the name on the PC side or the Mac side, if need be. Once the installation is done, you will need to restart your Mac and then you are ready to network with your PC friends.

Networking with Dave: Mac to PC

Networking with Dave from a Mac to a PC is quite intuitive, in a very Mac OS Classic sort of way – you go through Chooser, just like you would for the native form of Mac networking. In Chooser, you will now be greeted by a new connection type in the left hand pane, Dave Client.

When you click this, there will be a disconcerting pause, during which you will wonder whether Dave is working at all, and then the right hand pane will suddenly populate, hopefully showing you the PCs you want to share files with (and anything else on your network that has an SMB server – in my case, this included two Power Mac G5s and my current main Mac, a 2012 27' iMac).

Double click the entry for the PC of interest (in this case it was DualPro200 – so named because it is a dual CPU Pentium Pro 200 MHz) and you will get the expected password prompt. Enter the correct user name and password (this is the user name and password from the PC, or just select Guest instead) and Chooser will pop up a dialog showing the 'shares' on the selected PC that are available for you to choose from (a 'share' is SMB-speak for an available, shared folder).

You may just run into some trouble here – I did. Initially, the share list was blank! There is not a lot of latitude to share files when the list of possible sharing targets is empty! Happily, Dave provides an 'Add Share' button below the list, and I took advantage of this to add the shared folders on the PC to the dialog.

This point requires a brief moment of explanation. When you share a folder in Windows NT 4.0, you give it a 'Share Name'. This name should show up in the list of available shares that Dave presents you, but in my case, it did not. The share name did show up in the list of available shares when I connected to the PC from either of my Power Mac G5s, but did not from my older Power Macintosh 7300 or 7500 machines. The reason for this will be explained in a postscript at the end of this post.

For now, I was presented with a blank list of shares, but had the potential of adding shares through the Dave 'Add Share' dialog. Back at the Pentium Pro PC, I went to Control Panels -> Server, and clicked the Shares button. This presented me with the following list of the available shares:

As you can see there were a LOT of shares there, but most ended with the '$' sign, indicating that they were administrative shares, automatically created by and internal to Windows NT, and not generally advertised for external connection (although they can be connected to if you wish).

I took note of three shares of interest, C$, D$ and DP200SharedFolder, which corresponded to C:, D: and the folder I was actually trying to share, DP200SharedFolder. One by one, using Dave's Add Share button, I added these to the list, and they worked. When I double clicked any one of them, Dave promptly mounted the appropriate share on the Windows NT machine and at that point, I could drag and drop, read files, create folders, and in general, do all the things I could do with any local file folder.

I must apologize for the loss of continuity in the screen shot above. The share name mounted on the desktop is different from what is described – I no longer have the original screen shot.

Setting aside the cause of the blank list of shares for a moment, Dave's Add Share dialog allowed me to work around a potentially show stopping issue and arrive at networking success, at least in the Macintosh to PC direction. What about the other direction, PC to Macintosh?

Networking with Dave: PC to Mac

This was not such a happy story initially. The Power Macintosh 7500 simply did not show up at all in the Network Neighborhood of the PC, nor could I see it in the Network selection of the two G5s I have on the network (both running 10.4.11 Tiger). Guessing that Dave's SMB server was not enabled, I went hunting for a Dave Control Panel on the Macintosh. Nope, no such thing. There WAS a NetBIOS control panel with Dave labeling in it, so I hunted around in there, but there were no obvious selections to enable or disable visibility of the SMB Server.

My next stop was the Dave installation in the Macintosh's Applications folder. There was a single file there, a program named, appropriately enough, Dave. Following this obvious lead, I launched the program, selected Dave Sharing and was greeted with what amounts to a Dave control panel.

Of course I immediately noticed that File Sharing was off, which would imply that the Dave SMB Server was not running. I enabled this and then checked to see if Dave was sharing any folders. The list at the top of the window was empty suggesting that it was not. Using Finder, I dropped my AppleTalk shared folder, 'PowerMac7300SharedFolder' into the list. It 'took' and thereafter, Dave showed that it was sharing this folder. It did warn me that shares with names over 12 characters long might not share properly, but I ignored that for the moment.

Again I must offer my apologies for the discontinuity in the image above – the file share name is slightly different from what I have described – I seem to have misplaced the original screenshot.

Back at the Windows NT machine, success. The Power Macintosh 7500 now showed up in the Network Neighborhood. I double clicked the icon, full of confidence that I had solved the problem, and was greeted with … a blank window. The PC could see the Macintosh, but the Macintosh didn't appear to be sharing anything. I checked this with both of the G5s, and Tiger pretty much agreed – there was nothing being shared. Tiger's rather obscure way of indicating this to me was to tell me that it could not open the alias because the original item could not be found. Somewhat of a misleading error indication, but I got the message. Something was still definitely wrong at the Macintosh end.

I went back to the Dave application and removed the current folder I was sharing, suspecting that either you could not share a folder over both AppleTalk and SMB, and/or perhaps the file name really DID have to be 12 characters or less. I created a new folder called 'PMAC7500-SMB' (EXACTLY 12 characters) and dropped it into the Dave 'Shares' list. I specifically did not share this folder through the usual Mac OS way of doing this – it was only shared via Dave's SMB server.

This did the trick. The Network Neighborhood window that I got when I doubled clicked the icon for the Power Macintosh 7500 now presented one accessible folder, PMAC7500-SMB. This folder could be opened, read, written to… it was fully accessible. Success! PC to Macintosh networking was now up and running as well.

Networking with Dave – Summary

With both Mac to PC and PC to Mac networking up and running, I can now summarize the recipe for success with Dave:

• On the Macintosh side, make sure you have a unique share folder for Dave, and make sure that the name of that folder is less than 12 characters. Do not share this folder via the normal Mac OS Sharing mechanism. Share it only via Dave.
• On the PC side, make sure that you have one or more shared folders, and take note of the 'Share As' name you assign to each. Like the Macintosh side, keep the filename of each shared folder to 12 characters or less as well.
• Still on the PC side, if you CANNOT keep the share names to 12 characters or less (perhaps the machine is not under your control), compensate for this on the Macintosh side. On that side, when you use Chooser to select the PC, if you are greeted with a blank list of available shares, use Dave's Add Share button to manually add the shares whose names you took note of in the last step. You will only have to do this once. Dave remembers the names.
• That's it! Apply the above and you should be happily networking in both directions between a Macintosh running Dave and a PC running Windows NT 4.0.

Closing Thoughts

A final note on Dave. Dave will very considerately interrupt the Macintosh shutdown sequence to warn you if it is hosting any connected users, giving you a chance to warn them before their favorite Mac suddenly disappears from cyberspace. As I said above, Thursby has done a very nice job.

That's it for this post. In our next post on networking, we will look at doing the same sort of thing using the other classic application in this space, Connectix DoubleTalk. Until then, happy networking with Dave!

The Promised Postscript on The Empty Share List Problem

p.s.> A postscript to this story. As outlined above, the 'empty list of shares' problem is easily resolved. Reasoning that since Dave warned that Macintosh share names over 12 characters might not share correctly, I concluded that perhaps share names on the Windows NT side should ALSO be 12 characters or less. I went back to the Windows NT 4.0 machine and checked the length of the share name for the folder I was trying to share. Sure enough, it was MUCH longer than 12 characters. When I shortened it to 12 characters (8 characters actually, in this case), it showed up instantly in the Chooser selections of both Mac OS Classic machines. So, one final word to the wise – all share names should be 12 characters or less.

And as if that is not enough, Windows NT 4.0 gently reminds you that if you want the share to be visible to DOS and Windows 3.x class machines, its' name needs to be 8 characters or less! Just so you know…. 🙂

Richard - Part One Mac Os X

If you know of an example that ought to be in this page but isn'there, please writeto to inform us. Please include the URL of a trustworthy reference or twoto serve as specific substantiation.

Back Doors

• 2019-07

  Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps.

  The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

• 2016-07

  The Dropbox app for Macintosh takes control of user interface items after luring the user into entering an admin password.

• 2015-04

  Mac OS X had an intentional local back door for 4 years, which could be exploited by attackers to gain root privileges.

• 2010-11

  The iPhone has a back door for remote wipe. It's not always enabled, but users are led into enabling it without understanding.

• 2008-08

  The iPhone has a back door that allows Apple to remotely delete apps which Apple considers 'inappropriate'. Jobs said it's OK for Apple to have this power because of course we can trust Apple.

Censorship

Dave is preferred because it implements both an SMB server and an SMB client, while DoubleTalk only implements and SMB client. Having both an SMB server and an SMB client, a Dave-equipped Mac can seamlessly read and write files to and from a Windows machine and that Windows machine can seamlessly read and write files to and from the Mac.

Installing and Configuring Dave

I tested Dave and can attest that this is all true. I loaded Dave onto my Power Macintosh 7500, running Mac OS 8.6, and took it for a spin. The above mentioned 200 MHz Pentium Pro PC, running Windows NT 4.0, acted as its Windows counterpart in this testing.

Now before we go any further, there is a pink elephant in the room that we should all acknowledge. Astonishingly, not only is Thursby still a going commercial concern, Dave is still an active product at Thursby, and they want a staggering $119 for a current license for it! This will no doubt stop many folks from experimenting with it further.

Of course, the Dave software, and license numbers for it, are available from multiple 'abandonware' sites, but none of the licenses I could find this way worked – all were rejected by Dave as 'expired'. Thursby has protected their product well. Already having a valid Dave 4.0 license, I was able to proceed, but those of you not in this happy position will need to either pony up a big $119 to Thursby, or make your peace with trolling the web in search of non-expired licenses. I did this yesterday as a test, and successfully unearthed multiple apparently valid licenses. A little bit of persistence may serve you well in this area.

In an effort to save would be users of Dave from having to pay the hefty $119 fee for what is fundamentally an obsolete product, I queried Thursby's email support, asking if they would be willing to provide a free license, given the lack of remaining commercial trade in Mac OS 9.x and below. The answer back was a firm 'no', followed by an admonition that Dave should not be considered abandonware. The response concluded with a request to know where I had downloaded Dave from! Realizing that this line of inquiry was not likely to result in a free Dave license, I abandoned it and moved on.

I will leave the licensing issue in your capable hands. Moving on, I can report that Dave is an excellent product. It was simple to install and configure, easy to use, and 100% effective at doing what it said it would do.

Installation and setup was a snap.

Dave's setup runs you through a few simple questions, the most complex of which may be its query for your workgroup name. If you don't know the answer, just type in 'WORKGROUP', which is what most PCs default it to. Confirm this by visiting the Network control panel of the PC you are trying to connect to, and change the name on the PC side or the Mac side, if need be. Once the installation is done, you will need to restart your Mac and then you are ready to network with your PC friends.

Networking with Dave: Mac to PC

Networking with Dave from a Mac to a PC is quite intuitive, in a very Mac OS Classic sort of way – you go through Chooser, just like you would for the native form of Mac networking. In Chooser, you will now be greeted by a new connection type in the left hand pane, Dave Client.

When you click this, there will be a disconcerting pause, during which you will wonder whether Dave is working at all, and then the right hand pane will suddenly populate, hopefully showing you the PCs you want to share files with (and anything else on your network that has an SMB server – in my case, this included two Power Mac G5s and my current main Mac, a 2012 27' iMac).

Double click the entry for the PC of interest (in this case it was DualPro200 – so named because it is a dual CPU Pentium Pro 200 MHz) and you will get the expected password prompt. Enter the correct user name and password (this is the user name and password from the PC, or just select Guest instead) and Chooser will pop up a dialog showing the 'shares' on the selected PC that are available for you to choose from (a 'share' is SMB-speak for an available, shared folder).

You may just run into some trouble here – I did. Initially, the share list was blank! There is not a lot of latitude to share files when the list of possible sharing targets is empty! Happily, Dave provides an 'Add Share' button below the list, and I took advantage of this to add the shared folders on the PC to the dialog.

This point requires a brief moment of explanation. When you share a folder in Windows NT 4.0, you give it a 'Share Name'. This name should show up in the list of available shares that Dave presents you, but in my case, it did not. The share name did show up in the list of available shares when I connected to the PC from either of my Power Mac G5s, but did not from my older Power Macintosh 7300 or 7500 machines. The reason for this will be explained in a postscript at the end of this post.

For now, I was presented with a blank list of shares, but had the potential of adding shares through the Dave 'Add Share' dialog. Back at the Pentium Pro PC, I went to Control Panels -> Server, and clicked the Shares button. This presented me with the following list of the available shares:

As you can see there were a LOT of shares there, but most ended with the '$' sign, indicating that they were administrative shares, automatically created by and internal to Windows NT, and not generally advertised for external connection (although they can be connected to if you wish).

I took note of three shares of interest, C$, D$ and DP200SharedFolder, which corresponded to C:, D: and the folder I was actually trying to share, DP200SharedFolder. One by one, using Dave's Add Share button, I added these to the list, and they worked. When I double clicked any one of them, Dave promptly mounted the appropriate share on the Windows NT machine and at that point, I could drag and drop, read files, create folders, and in general, do all the things I could do with any local file folder.

I must apologize for the loss of continuity in the screen shot above. The share name mounted on the desktop is different from what is described – I no longer have the original screen shot.

Setting aside the cause of the blank list of shares for a moment, Dave's Add Share dialog allowed me to work around a potentially show stopping issue and arrive at networking success, at least in the Macintosh to PC direction. What about the other direction, PC to Macintosh?

Networking with Dave: PC to Mac

This was not such a happy story initially. The Power Macintosh 7500 simply did not show up at all in the Network Neighborhood of the PC, nor could I see it in the Network selection of the two G5s I have on the network (both running 10.4.11 Tiger). Guessing that Dave's SMB server was not enabled, I went hunting for a Dave Control Panel on the Macintosh. Nope, no such thing. There WAS a NetBIOS control panel with Dave labeling in it, so I hunted around in there, but there were no obvious selections to enable or disable visibility of the SMB Server.

My next stop was the Dave installation in the Macintosh's Applications folder. There was a single file there, a program named, appropriately enough, Dave. Following this obvious lead, I launched the program, selected Dave Sharing and was greeted with what amounts to a Dave control panel.

Of course I immediately noticed that File Sharing was off, which would imply that the Dave SMB Server was not running. I enabled this and then checked to see if Dave was sharing any folders. The list at the top of the window was empty suggesting that it was not. Using Finder, I dropped my AppleTalk shared folder, 'PowerMac7300SharedFolder' into the list. It 'took' and thereafter, Dave showed that it was sharing this folder. It did warn me that shares with names over 12 characters long might not share properly, but I ignored that for the moment.

Again I must offer my apologies for the discontinuity in the image above – the file share name is slightly different from what I have described – I seem to have misplaced the original screenshot.

Back at the Windows NT machine, success. The Power Macintosh 7500 now showed up in the Network Neighborhood. I double clicked the icon, full of confidence that I had solved the problem, and was greeted with … a blank window. The PC could see the Macintosh, but the Macintosh didn't appear to be sharing anything. I checked this with both of the G5s, and Tiger pretty much agreed – there was nothing being shared. Tiger's rather obscure way of indicating this to me was to tell me that it could not open the alias because the original item could not be found. Somewhat of a misleading error indication, but I got the message. Something was still definitely wrong at the Macintosh end.

I went back to the Dave application and removed the current folder I was sharing, suspecting that either you could not share a folder over both AppleTalk and SMB, and/or perhaps the file name really DID have to be 12 characters or less. I created a new folder called 'PMAC7500-SMB' (EXACTLY 12 characters) and dropped it into the Dave 'Shares' list. I specifically did not share this folder through the usual Mac OS way of doing this – it was only shared via Dave's SMB server.

This did the trick. The Network Neighborhood window that I got when I doubled clicked the icon for the Power Macintosh 7500 now presented one accessible folder, PMAC7500-SMB. This folder could be opened, read, written to… it was fully accessible. Success! PC to Macintosh networking was now up and running as well.

Networking with Dave – Summary

With both Mac to PC and PC to Mac networking up and running, I can now summarize the recipe for success with Dave:

• On the Macintosh side, make sure you have a unique share folder for Dave, and make sure that the name of that folder is less than 12 characters. Do not share this folder via the normal Mac OS Sharing mechanism. Share it only via Dave.
• On the PC side, make sure that you have one or more shared folders, and take note of the 'Share As' name you assign to each. Like the Macintosh side, keep the filename of each shared folder to 12 characters or less as well.
• Still on the PC side, if you CANNOT keep the share names to 12 characters or less (perhaps the machine is not under your control), compensate for this on the Macintosh side. On that side, when you use Chooser to select the PC, if you are greeted with a blank list of available shares, use Dave's Add Share button to manually add the shares whose names you took note of in the last step. You will only have to do this once. Dave remembers the names.
• That's it! Apply the above and you should be happily networking in both directions between a Macintosh running Dave and a PC running Windows NT 4.0.

Closing Thoughts

A final note on Dave. Dave will very considerately interrupt the Macintosh shutdown sequence to warn you if it is hosting any connected users, giving you a chance to warn them before their favorite Mac suddenly disappears from cyberspace. As I said above, Thursby has done a very nice job.

That's it for this post. In our next post on networking, we will look at doing the same sort of thing using the other classic application in this space, Connectix DoubleTalk. Until then, happy networking with Dave!

The Promised Postscript on The Empty Share List Problem

p.s.> A postscript to this story. As outlined above, the 'empty list of shares' problem is easily resolved. Reasoning that since Dave warned that Macintosh share names over 12 characters might not share correctly, I concluded that perhaps share names on the Windows NT side should ALSO be 12 characters or less. I went back to the Windows NT 4.0 machine and checked the length of the share name for the folder I was trying to share. Sure enough, it was MUCH longer than 12 characters. When I shortened it to 12 characters (8 characters actually, in this case), it showed up instantly in the Chooser selections of both Mac OS Classic machines. So, one final word to the wise – all share names should be 12 characters or less.

And as if that is not enough, Windows NT 4.0 gently reminds you that if you want the share to be visible to DOS and Windows 3.x class machines, its' name needs to be 8 characters or less! Just so you know…. 🙂

Richard - Part One Mac Os X

If you know of an example that ought to be in this page but isn'there, please writeto to inform us. Please include the URL of a trustworthy reference or twoto serve as specific substantiation.

Back Doors

• 2019-07

  Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps.

  The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

• 2016-07

  The Dropbox app for Macintosh takes control of user interface items after luring the user into entering an admin password.

• 2015-04

  Mac OS X had an intentional local back door for 4 years, which could be exploited by attackers to gain root privileges.

• 2010-11

  The iPhone has a back door for remote wipe. It's not always enabled, but users are led into enabling it without understanding.

• 2008-08

  The iPhone has a back door that allows Apple to remotely delete apps which Apple considers 'inappropriate'. Jobs said it's OK for Apple to have this power because of course we can trust Apple.

Censorship

Apple mainly uses iOS, which is a typical jail, to impose censorshipthrough the Apple Store. Please refer to the Apple Jailssection for more information.

DRM

Digital restrictions management, or 'DRM,' refers tofunctionalities designed to restrict what users can do with the datain their computers.

• 2019-08

  Apple is putting DRM on iPhone batteries, and the system proprietary software turns off certain features when batteries are replaced other than by Apple.

• 2017-04

  DRM makes the iPhone 7 nearly unrepairable by anyone else but Apple.

• 2015-12

  Apple uses DRM software to prevent people from charging an iThing with a generic USB cable.

• 2008-11

  DRM (digital restrictions mechanisms) in MacOS. This article focuses on the fact that a new model of Macbook introduced a requirement for monitors to have malicious hardware, but DRM software in MacOS is involved in activating the hardware. The software for accessing iTunes is also responsible.

• 2007-08

  DRM that caters to Bluray disks. (The article focused on Windows and said that MacOS would do the same thing subsequently.)

• 2007-03

  iTunes videos have DRM, which allows Apple to dictate where its customers can watch the videos they purchased.

Incompatibility

In this section, we list characteristics of Apple programs that block orhinder users from switching to any alternative program—and, inparticular, from switching to free software which can liberate the devicethe software runs on.

Download New Mac Os

• 2018-03

  In MacOS and iOS, the procedure for converting images from the Photos format to a free format is so tedious and time-consuming that users just give up if they have a lot of them.

• 2018-02

  Apple devices lock users in solely to Apple services by being designed to be incompatible with all other options, ethical or unethical.

• 2016-05

  iWork (office software that runs on MacOS, iOS and iCloud) uses secret formats and provides no means of converting them to or from Open Document Formats. iWork formats have changed several times since they were first introduced. This may have had the effect of thwarting reverse engineering efforts, thus preventing free software from fully supporting them.

  iWork formats are considered unfit for document preservation.

Insecurity

These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.

• 2020-12

  Commercial crackware can get passwords out of an iMonster, use the microphone and camera, and other things.

• 2020-11

  Apple has implemented a malware in its computers that imposes surveillance on users and reports users' computing to Apple.

  The reports are even unencrypted and they've been leaking this data for two years already. This malware is reporting to Apple what user opens what program at what time. It also gives Apple power to sabotage users' computing.

• 2019-08

  A series of vulnerabilities found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster.

  The deep insecurity of iMonsters is even more pertinent given that Apple's proprietary software makes users totally dependent on Apple for even a modicum of security. It also means that the devices do not even try to offer security against Apple itself.

• 2016-07

  A vulnerability in Apple's Image I/O API allowed an attacker to execute malicious code from any application which uses this API to render a certain kind of image file.

• 2016-04

  A bug in the iThings Messages app allowed a malicious web site to extract all the user's messaging history.

• 2013-11

  The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software.

Interference

Various proprietary programs often mess up the user's system. They are like sabotage, but they are not grave enough to qualify for the word 'sabotage'. Nonetheless, they are nasty and wrong. This section describes examples of Apple committing interference.

• 2019-08

  Apple is putting DRM on iPhone batteries, and the system proprietary software turns off certain features when batteries are replaced other than by Apple.

Jails

Jails are systems that impose censorship on application programs.

• 2019-04

  Apple plans to require that all application software for MacOS be approved by Apple first.

  Offering a checking service as an option could be useful and would not be wrong. Requiring users to get Apple's approval is tyranny. Apple says the check will only look for malware (not counting the malware that is part of the operating system), but Apple could change that policy step by step. Or perhaps Apple will define malware to include any app that China does not like.

  For free software, this means users will need to get Apple's approval after compilation. This amounts to a system of surveilling the use of free programs.

• 2008-03

  iOS, the operating system of the Apple iThings, is the prototype of a jail. It was Apple that introduced the practice of designing general purpose computers with censorship of application programs.

  Here is an article about the code signing that the iThings use to lock up the user.

  Curiously, Apple is beginning to allow limited passage through the walls of the iThing jail: users can now install apps built from source code, provided the source code is written in Swift. Users cannot do this freely because they are required to identify themselves. Here are details. While this is a crack in the prison walls, it is not big enough to mean that the iThings are no longer jails.

Examples of censorship by Apple jails

• 2020-08

  Apple is putting the squeeze on all business conducted through apps for iMonsters.

  This is a symptom of a very big injustice: that Apple has the power to decide what software can be installed on an iMonster. That it is a jail.

• 2019-10

  Apple has banned the app that Hong Kong protesters use to communicate.

  Obeying the 'local laws' about what people can do with software is no excuse for censoring what software people can use.

• 2019-10

  Apple censors the Taiwan flag in iOS on behalf of the Chinese government. When the region is set to Hong Kong, this flag is not visible in the emoji selection widget but is still accessible. When the region is set to mainland China, all attempts to display it will result in the 'empty emoji' icon as if the flag never existed.

  Thus, not only does Apple use the App Store as an instrument of censorship, it also uses the iThing operating system for that purpose.

• 2019-05

  Users caught in the jail of an iMonster are sitting ducks for other attackers, and the app censorship prevents security companies from figuring out how those attacks work.

  Apple's censorship of apps is fundamentally unjust, and would be inexcusable even if it didn't lead to security threats as well.

• 2017-10

  Apple is censoring apps for the US government too. Specifically, it is deleting apps developed by Iranians.

  The root of these wrongs is in Apple. If Apple had not designed the iMonsters to let Apple censor applications, Apple would not have had the power to stop users from installing whatever kind of apps.

• 2017-07

  Apple deleted several VPNs from its app store for China, thus using its own censorship power to strengthen that of the Chinese government.

• 2017-01

  Apple used its censorship system to enforce Russian surveillance by blocking distribution of the LinkedIn app in Russia.

  This is ironic because LinkedIn is a surveillance system itself. While subjecting its users to its own surveillance, it tries to protect its users from Russian surveillance, and is therefore subject to Russian censorship.

  However, the point here is the wrong of Apple's censorship of apps.

• 2017-01

  Apple used its censorship system to enforce China's censorship by blocking distribution of the New York Times app.

• 2016-05

  Apple censors games, banning some games from the cr…app store because of which political points they suggest. Some political points are apparently considered acceptable.

• 2015-09

  Apple banned a program from the App Store because its developers committed the enormity of disassembling some iThings.

• 2015-09

  As of 2015, Apple systematically bans apps that endorse abortion rights or would help women find abortions.

  This particular political slant affects other Apple services.

• 2015-06

  Apple has banned iThing applications that show the confederate flag. Not only those that use it as a symbol of racism, but even strategic games that use it to represent confederate army units fighting in the Civil War.

  This ludicrous rigidity illustrates the point that Apple should not be allowed to censor apps. Even if Apple carried out this act of censorship with some care, it would still be wrong. Whether racism is bad, whether educating people about drone attacks is bad, are not the real issue. Apple should not have the power to impose its views about either of these questions, or any other.

• 2014-12

  More examples of Apple's arbitrary and inconsistent censorship.

• 2014-05

  Apple used this censorship power in 2014 to ban all bitcoin apps for the iThings for a time. It also banned a game about growing marijuana, while permitting games about other crimes such as killing people. Perhaps Apple considers killing more acceptable than marijuana.

• 2014-02

  Apple rejected an app that displayed the locations of US drone assassinations, giving various excuses. Each time the developers fixed one 'problem', Apple complained about another. After the fifth rejection, Apple admitted it was censoring the app based on the subject matter.

Manipulation

• 2013-08

  'Dark patterns' are user interfaces designed to mislead users, or make option settings hard to find.

  This allows a company such as Apple to say, 'We allow users to turn this off' while ensuring that few will understand how to actually turn it off.

Pressuring

Proprietary companies can take advantage of their customers by imposing arbitrary limits to their use of the software. This section reports examples of hard sell and other unjust commercial tactics by Apple.

• 2015-10

  Apple Siri refuses to give you information about music charts if you're not an Apple Music subscriber.

Sabotage

These are situations in which Apple employs its power over usersto directly intervene in ways that harm them or block their work.

• 2019-08

  When Apple suspects a user of fraud, it judges the case secretly and presents the verdict as a fait accompli. The punishment to a user found guilty is being cut off for life, which more-or-less cripples the user's Apple devices forever. There is no appeal.

• 2018-10

  Apple and Samsung deliberately degrade the performance of older phones to force users to buy their newer phones.

• 2018-05

  Apple has blocked Telegram from upgrading its app for a month.

  This evidently has to do with Russia's command to Apple to block Telegram in Russia.

  The Telegram client is free software on other platforms, but not on iThings. Since they are jails, they don't permit any app to be free software.

• 2017-10

  MacOS High Sierra forcibly reformats SSD boot drives, and changes the file system from HFS+ to APFS, which cannot be accessed from GNU/Linux, Windows or even older versions of MacOS.

• 2017-06

  Apple will stop fixing bugs for older model iThings.

  Meanwhile, Apple stops people from fixing problems themselves; that's the nature of proprietary software.

• 2017-04

  The iPhone 7 contains DRM specifically designed to brick it if an 'unauthorized' repair shop fixes it. 'Unauthorized' essentially means anyone besides Apple.

  (The article uses the term 'lock' to describe the DRM, but we prefer to use the term digital handcuffs.)

• 2016-06

  Apple stops users from fixing the security bugs in Quicktime for Windows, while refusing to fix them itself.

• 2016-05

  The Apple Music client program scans the user's file system for music files, copies them to an Apple server, and deletes them.

• 2016-02

  iOS version 9 for iThings sabotages them irreparably if they were repaired by someone other than Apple. Apple eventually backed off from this policy under criticism from the users. However, it has not acknowledged that this was wrong. Rushers mac os.

• 2015-10

  Apple forced millions of iThings to download a system upgrade without asking the users. Apple did not forcibly install the upgrade but the downloading alone caused lots of trouble.

• 2014-12

  Apple deleted from iPods the music that users had got from internet music stores that competed with iTunes.

• 2007-09

  An Apple firmware 'upgrade' bricked iPhones that had been unlocked. The 'upgrade' also deactivated applications not approved by Apple censorship. All this was apparently intentional.

Subscriptions

• 2020-08

  Apple can remotely cut off any developer's access to the tools for developing software for iOS or MacOS.

  Epic (Apple's target in this example) makes nonfree games which have their own malicious features, but that doesn't make it acceptable for Apple to have this sort of power.

Surveillance

• 2020-04

  Apple whistleblower Thomas Le Bonniec reports that Apple made a practice of surreptitiously activating the Siri software to record users' conversations when they had not activated Siri. This was not just occasional, it was systematic practice.

  His job was to listen to these recordings, in a group that made transcripts of them. He does not believes that Apple has ceased this practice.

  The only reliable way to prevent this is, for the program that controls access to the microphone to decide when the user has 'activated' any service, to be free software, and the operating system under it free as well. This way, users could make sure Apple can't listen to them.

• 2019-10

  Safari occasionally sends browsing data from Apple devices in China to the Tencent Safe Browsing service, to check URLs that possibly correspond to 'fraudulent' websites. Since Tencent collaborates with the Chinese government, its Safe Browsing black list most certainly contains the websites of political opponents. By linking the requests originating from single IP addresses, the government can identify dissenters in China and Hong Kong, thus endangering their lives.

• 2019-10

  The Chinese Communist Party's 'Study the Great Nation' app requires users to grant it access to the phone's microphone, photos, text messages, contacts, and internet history, and the Android version was found to contain a back-door allowing developers to run any code they wish in the users' phone, as 'superusers.' Downloading and using this app is mandatory at some workplaces.

  Note: The Washington Post version of the article (partly obfuscated, but readable after copy-pasting in a text editor) includes a clarification saying that the tests were only performed on the Android version of the app, and that, according to Apple, 'this kind of ‘superuser' surveillance could not be conducted on Apple's operating system.'

• 2019-05

  In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night sending users' personal information to third parties.

  The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as phone fingerprint, exact location, email address, phone number or even delivery address (in the case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for.

• 2018-09

  Adware Doctor, an ad blocker for MacOS, reports the user's browsing history.

• 2017-11

  The DMCA and the EU Copyright Directive make it illegal to study how iOS cr…apps spy on users, because this would require circumventing the iOS DRM.

• 2017-09

  In the latest iThings system, 'turning off' WiFi and Bluetooth the obvious way doesn't really turn them off. A more advanced way really does turn them off—only until 5am. That's Apple for you—'We know you want to be spied on'.

• 2017-02

  Apple proposes a fingerprint-scanning touch screen—which would mean no way to use it without having your fingerprints taken. Users would have no way to tell whether the phone is snooping on them.

• 2016-11

  iPhones send lots of personal data to Apple's servers. Big Brother can get them from there.

• 2016-09

  The iMessage app on iThings tells a server every phone number that the user types into it; the server records these numbers for at least 30 days.

• 2015-09

  iThings automatically upload to Apple's servers all the photos and videos they make.

  iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. […]

  (From Apple's iCloud information as accessed on 24 Sep 2015.) The iCloud feature is activated by the startup of iOS. The term 'cloud' means 'please don't ask where.'

  There is a way to deactivate iCloud, but it's active by default so it still counts as a surveillance functionality.

  Unknown people apparently took advantage of this to get nude photos of many celebrities. They needed to break Apple's security to get at them, but NSA can access any of them through PRISM.

• 2014-11

  Apple has made various MacOS programs send files to Apple servers without asking permission. This exposes the files to Big Brother and perhaps to other snoops.

  It also demonstrates how you can't trust proprietary software, because even if today's version doesn't have a malicious functionality, tomorrow's version might add it. The developer won't remove the malfeature unless many users push back hard, and the users can't remove it themselves.

• 2014-10

  MacOS automatically sends to Apple servers unsaved documents being edited. The things you have not decided to save are even more sensitive than the things you have stored in files.

• 2014-10

  Apple admits the spying in a search facility, but there's a lot more snooping that Apple has not talked about.

• 2014-10

  Various operations in the latest MacOS send reports to Apple servers.

• 2014-09

  Apple can, and regularly does, remotely extract some data from iPhones for the state.

  This may have improved with iOS 8 security improvements; but not as much as Apple claims.

• 2014-07

  Several 'features' of iOS seem to exist for no possible purpose other than surveillance. Here is the Technical presentation.

• 2014-01

  Spotlight search sends users' search terms to Apple.

• 2014-01

  The iBeacon lets stores determine exactly where the iThing is, and get other info too.

• 2013-12

  Either Apple helps the NSA snoop on all the data in an iThing, or it is totally incompetent.

• 2013-08

  The iThing also tells Apple its geolocation by default, though that can be turned off.

• 2012-10

  There is also a feature for web sites to track users, which is enabled by default. (That article talks about iOS 6, but it is still true in iOS 7.)

• 2012-04

  Users cannot make an Apple ID (necessary to install even gratis apps) without giving a valid email address and receiving the verification code Apple sends to it.

Tyrants

Tyrants are systems that reject any operating system not'authorized' by the manufacturer.

• 2014-12

  Apple arbitrarily blocks users from installing old versions of iOS.

• 2012-05

  The Apple iThings are tyrant devices. There is a port of Android to the iThings, but installing it requires finding a bug or 'exploit' to make it possible to install a different system.