MacOpinion: June 14, 1998 - Dear Mac, I Know What You Did…

It was 1998, and our Macs were getting fairly powerful. The PowerMac 8500 on my desk had about the same power as my Silicon Graphics “Indy” UNIX workstation at work. Meanwhile, I had long since migrated away from modems to ISDN, both in Knoxville, TN in 1994 and later, when I moved back to Colorado in 1996.

While ISDN download speeds, at 128 Kbps were starting to become breathtaking, so was the speed at which a Mac could spill its guts to an outsider. I watched the lights blink and started to worry. I seemed to have been alone because the monitoring systems I envisioned for my high tech future never came to pass. Today, I stil watch the lights blink and do the best I can to stitch together various security procedures, including Little Snitch and a robust hardware firewall.


The article has been edited for brevity and current day author comments are in [brackets].

Utopia Planitia


“Dear Macintosh: I Know What You Did Last Night”


“Never trust machinery more complicated than a knife and fork.”

— Jubal Harshaw Stranger in a Strange Land


We have no clue about what’s really going on inside our Macintosh. Clueless. We live in a Christmas tree, and we’re about as informed as a pet parakeet sitting in a Christmas tree watching the lights blink. The parakeet has no idea that it might get electrocuted, and we’re in the same tree.

You’re cruising the net one night, and all of a sudden your disk drive light comes on. What’s happening?

  • Apple file sharing is starting up.
  • V-twin is updating its index in the background. [I can’t even remember what that was.]
  • The OS has started to defrag the hard disk.

Which is it? Ask your Mac. It has no clue either. Then you see your modem lights start to flicker. You lean over. The transmit lights are on! Do you know what’s happening? Perhaps a freeware program is lonely and has decided to register itself with the author - and scooped up a copy of your Quicken checkbook on the way.

Maybe. Maybe not. But do I worry?

No More Innovation? Find a Challenge

You bet I do. I worry because our consumer operating systems have not gotten any smarter about what they are doing. Don Crabb [writer for MacWeek at the time] is fond of saying that the toilets at O’Hare airport are smarter than our desktop computers. The toilets at least know when we’ve stood up and left. For all the gadgets and special things that our OS does for us, it is essentially no more sophisticated in its awareness of the situation than the 2K ROM in the original Apple II. It’s still a program loader.

Don Norman, when he was at Apple, spent a lot of time thinking about this. It appeared that Apple may have been thinking along these lines in 1995 when Copland was being designed. But Apple got into some trouble and had to get back to basics. Somewhere along the line, Apple got so far back to basics that little things like bringing our OSes into the 21st Century got mislaid.

As witness for the plaintiff, I ask Mr. John Dvorak to come forward. He writes in PC Magazine, June 30, 1998, page 87: “Here are the killer apps and their statuses.

  • Word processing. Status: Moribund; there’s nothing new to be done.
  • Database management. Status: Same as above.
  • Spreadsheets. Status: Moribund; now unexciting…
  • Graphics. Status: Flat…
  • Utilities. Status: Flat…

Dvorak mentions here that the only area where the status is “Alive and well” is games - an area that Microsoft does not dominate. His conclusion: “Nothing exciting is happening. Does anyone notice that Microsoft’s dominance is not helping the situation?” Oh, and by the way, the title of the article is “The End Is Near”.

[We all know Dvorak’s penchant for being shortsighted. We see signs of that even in 1998. The point here is the historical context, so bite your tongue, dear reader.]

Dvorak’s commentary points out that our OS and application environment have grown stale, indeed moribund, while the exposure of our systems to threats on the Internet have escalated enormously. There was a time, not long ago, when we sat, in relative isolation, with our Mac II and a 1,200 bps modem. Occasionally we’d read our email on CompuServe. But now! Now we have desktop systems that rival the speed of the first Cray computers. Our OSes are as complicated and, therefore, as vulnerable as those that ran on major corporate and university mainframes only ten years ago. An ISDN or ADSL line can routinely communicate at over 1 megabyte per minute. That’s a big pipe into a system that we only dimly understand, can’t talk to us, and which doesn’t have much awareness of its environment.

So if I ask my computer what the hell it’s doing, the response is: “Dunno.”

Security via Monitoring

System security has been the vocation and avocation of many talented Unix people for years. There is a whole world out there of cat and mouse security duels. Savvy hackers go after everything in sight, for both fun and profit, and corporations now must live behind a firewall to protect themselves. Most retain systems security consultants. They teach us about port scans, automated attacks on Unix systems, by software called Satan. Then we install countermeasures software, called Gabriel, to alert us of an attack. We install diagnostic software, called COPS, to assess the vulnerabilities of our system. You never heard of COPS? And you can’t wait to get your hands on Rhapsody? [An early version of what would become Mac OS X.] Whoa!

System security experts tell us that the best way to achieve security is to monitor the system. You must look at log files. You must snoop into your system. You must even set up some basic alerts and protections — like keeping private data on removable storage — media that is removed before you hit the log on button. But the key is monitoring your system. You no longer have the luxury of being isolated.

On June 11th, MacOSRumors reported an incident in which someone visited the Apple on-line store and found that his Ethernet ports had been scanned. (It turned out that Apple was not doing this, but a spoofer, apparently, out to cause some trouble.). How did this individual know that his Ethernet ports had been scanned? He had installed some software that alerted him. But you have to know something about computers to understand and install such software.

The rest of us are parakeets. We watch the lights blink.

[Section on Port Scanning edited. All the techniques are now obsolete.]

You will watch the lights blink.

Apple’s Challenge

Someone at Apple will also realize that the OS needs to be more aware of its state and serve the user by communicating that information. Microsoft’s big idea on integrating the OS into the Internet, after three years, is to so tightly integrate a browser into the OS that it effectively squashes Netscape Communications Corp. We can do better. If MacOS X, Linux, and Windows NT are the OSes of the early 21st century, then someone had better start thinking about putting real system security tools into the hands of the ordinary customer. They’ve given us mainframe power. They’ve given us Unix. But we’re babes in the woods when it comes to knowing what’s going on with our system. After all, if a computer that can operate at 3 gigaflops and has 128 megabytes of memory is no smarter than a toilet seat, then truly, Mister Dvorak, the End Is Near.

blink. blink. blink….

[Today, with computers on our desktop approaching 100 gigaflops and 8 gigabytes of RAM, Apple solution has been… eliminate the blinking lights. How naive I was. I thought Apple would tackle the problem technically.  Instead, they took the approach to keep Mac OS X robust internally, but never alarm the average user with scary security stuff. ]

John Martellaro is a Senior Staff Software Engineer for Lockheed Martin Astronautics. He lives at 9,100 feet ASL in Colorado with a Ph.D. wife and two cats. The elevation may explain his occasional delusional writing. When he isn’t in front of his G3 Mac, he’s on his Volkl skis. [Bio, 1998]