Account
♦ Password
♦ Mailsetup
♦ Info
Services
♦ Workstations
  ♣ Linux
  ♣ MacOS
♦ E-Mail
♦ Chat
♦ Files
♦ Backups
♦ Printers
♦ Network
♦ Statistics
♦ Downloads
♦ Links
News
♦ Newsletter
♦ Submit
♦ Search
Readme
Hacks
♦ Linux
Tools
Contact
About


  News around MacOS X
Apple Posted by Beat Rubischon on Thursday October 30, @09:11AM
from the panther dept.
Apple released MacOS X 10.3 on Friday, 24. October 2003, 20:00 local time. Members of ETHZ could download the CD-Images from IDES. A week later, first feedback reached our team and you should read on if you are a Mac user.

First, @stake released several security advisorys about bugs in MacOS X 10.2. Arbitrary File Overwrite via Core Files, Systemic Insecure File Permissions and Long argv[] buffer overflow. There is now a discussion on BUGTRAQ about the policy of Apple, not releasing fixes for MacOS 10.2. Hopefully this situation will change. A nice collection about the bugs fixed in 10.3 may be found on MacNN or Apple itself.

Apple released the first security fix for 10.3 only a few days after the OS itself. Be sure to update your machine by using Softwareupdate.

Several users of our MacOS X setup asked us about the upgrade to 10.3 - please be patient until we checked all things needed by you. This will be LDAP, NFS but also several applications which should work for you. We assume to be able to upgrade end of this year.

All people we talked about the upgrade to 10.3 didn't have any problems. The new features works well and there are no big problems. On the other hand, we didn't see any new installation, and we assume that the switch from HFS+ to UFS will give us several headaches. We'll see.

Feel free to write your experiences with MacOS X 10.3 in a comment to this article!

<  |  >

 

  Related Links
  • Articles on Apple
  • Also by Beat Rubischon
  • Contact author
  • The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    Re: News around MacOS X
    by dummkopf on Thursday October 30, @10:52AM
    the bad:

    * if you do an upgrade (archival) and you had some kernel patches installed in 10.2x, get ready for some headaches. if your system hangs, you can ssh in trough the back, which makes things easier to fix. therefore my recommendation is a clean install. if your system hangs due to kernel problems, then you are screwed. another option is to boot into console mode (user: >console, password: console) to do some debugging.

    * X has been moved from Applications to Applications/Utilities/. be sure to change the path. in my case the install did not remove the old X and so things were utterly hanging until i realized that.

    * since X was moved, all the fink packages were also broken. therefore, after installing 10.3 i recommend you get the latest fink version 0.5.3 (i think) and reinstall it from scratch as well.

    NOTE: at this point i would like to ask our admins to install the whole fink distro on the D-PHYS macs to make them more compatible with the linux machines.

    * issues with the crypto filesystem: i could be wrong and i have not fully tested it, but if i am not logged into the console X interface, and ssh into the machine, i will not have access to my files because they are encrypted. does anyone know a way around this? is there a command to issues on the command line to get the homedir back?

    * i did an upgrade and now and then my system behaves funky: some preferences are lost, things are reverted to defaults, ...

    the good:

    * expose rocks! i wish linux had something like that. finding stuff on your workspace has never been easier!

    * the system runs noticeable faster. clearly many things were optimized in panther.

    * apparently finder is much better now. i never used this because i think that if you cannot find your stuff you should clean up more often. conversely the wonderful unix tool "locate" is installed and can be run on the command line. muuuuuch better.

    * crypto filesystem: best idea ever for a laptop. if you lose it, you do not have to worry too much about people getting to your stuff. little drawback: the system is a bit slower when writing and accessing files (you will feel it when you ssh large files).

    * preview now understand postscript files. whoa!

    * i guess fast user switching might also be a great feature for an institute machine. i have nit tested it.

    * and finally if you have not tried iChat AV, you are missing the best feature.

    NOTE: it would be nice if the D-PHYS admins had a mac with iChat in their cave so what we can chat with them online when we need someting!

    Final comment on Apples new upgrade policy: This is nothing new. Redhat for example dropped their free products from one day to the other and now they charge $180 PER YEAR for a license of (what should be free) linux. makes you wonder...

    [ Reply to this ]
    • Re: News around MacOS X
      by Beat Rubischon on Tuesday November 04, @08:31AM
      Thanks a lot for your posting! Here our comments:

      i would like to ask our admins to install the whole fink distro on the D-PHYS macs to make them more compatible with the linux machines
      It will be a huge work to keep the software from Fink (usually bleeding edge) and Debian GNU/Linux (usually "stable") in synch. We assume that we will stop installing Fink on our workstations and instruct the users to use ssh to one of the Linux workstations.

      it would be nice if the D-PHYS admins had a mac with iChat in their cave so what we can chat with them online when we need someting!
      Nice idea :-) On the other hand, the world except Apple uses H.323 for video and audio communication over the net. For example Microsoft's Netmeeting or GnomeMeeting. Because of this issue, it's unclear which kind of video conference we should support in the future.

      [ Reply to this ]
    Re: News around MacOS X
    by Beat Rubischon on Monday November 03, @10:10AM
    A comment from the Linux User Group meeting friday night: No more classic when new installing! Why that?

    The CD-ROM Version of 10.2. required to install MacOS 9 before or after MacOS X to get a working Classic. This is no longer a solution for systems who won't boot MacOS 9.

    The DVD-Version of 10.2. contained a MacOS 9 system to drive Classic. This is no longer the case with the current 10.3. install CD set. The new G5 and all future System won't boot from those DVD anymore.

    On the other hand, Classic has several improvements over the version distributed with 10.2. It is worth to go through the configuration.

    [ Reply to this ]
    Re: News around MacOS X
    by dummkopf on Monday November 03, @03:04PM
    Final comment/warning:

    As mentioned in my earlier post, I did an archival update. Well, In my case, things are now completely messed up.

    I am not sure what conflicted with what else, but several files are corrupted and so I am not forced to do a clean install...

    Cheers, h.

    [ Reply to this ]
    NFS on Panther
    by Beat Rubischon on Tuesday November 11, @10:08AM
    In 10.3, Apple integrated the new NFS stack from FreeBSD 5 into their system. Several problems together with Linux fileservers arrived:
    • Apple's rpc.lockd uses 20 bytes cookies and Linux only accepts 8. You see kernel: lockd: bad cookie size 20 (only cookies under 8 byte s are supported.) in the server's logfiles.
      • You may patch the Linux kernel with this patch
      • FreeBSD knows about this problem and has also a fix for FreeBSD 5.1

    • rpc.lockd of Darwin and FreeBSD drops root priviledges before opening the socket - on the other hand, Linux only accepts locking requests from priviledged ports. You see kernel: nfsd: request from insecure port (XXXXXXXX:YYYYY)! in the server's logfiles.
      • FreeBSD has a patch fro FreeBSD 5.1, but it seems to be a dirty hack.

    A quick and dirty solution is to disable locking on the client. Add the line NFSLOCKS=-NO- to /etc/hostconfig. You loose locking but since 10.2 did'nt have locking, this is not (yet) a problem.

    You may also export the filesystem with the insecure option. But this is not a solution in a environment as ETHZ where untrusted users works on the machines.

    The patch for FreeBSD may be applied to the Darwin sources. We'll see!

    [ Reply to this ]
    • Re: NFS on Panther
      by Beat Rubischon on Saturday November 22, @08:48PM
      Patching the Linux kernel and rpc.lockd from MacOS X works. See our readme about this topic.
      [ Reply to this ]
      • Re: NFS on Panther (Priv Port)
        by James Hammett on Tuesday March 30, @11:26PM
        You can also use the -P option. This tells mount_nfs to use a priviledged port. (However I don't know how you'd do it from the finder).

        (You can also add it into one of the arguments stored in your netinfo mount directive)

        Jams
        [ Reply to this ]
    • Re: NFS on Panther
      by Chris Kacoroski on Friday September 03, @06:13PM
      I have a problem where I export a file system from a linux machine that is owned by root and has permissions 700 (so only root on the client can read/write to it). This works fine on 10.2 but fails on 10.3. Any ideas on why and a workaround are appreciated.

      Thanks

      Chris 'ski' Kacoroski
      [ Reply to this ]
    Authentication
    by Beat Rubischon on Friday December 12, @06:17PM
    It tooks me a lot of work to find out how MacOS X 10.3 authenticates and collects information about hosts, users and groups. See the results in my readme.
    [ Reply to this ]
    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    © 2003 ISG, Departement Physik, ETH Zürich, <isg@phys.ethz.ch>