The Apple They Should Have Made, But Didn’t

Whenever there is a large manufacturer of a popular product in the tech space, they always attract tales of near-mythical prototypes which would have changed everything on the spot had they just not been cancelled by the bean counters. The Sony-Nintendo PlayStation prototypes for example, or any of a number of machines inexplicably axed by Commodore.

Apple is no exception. They brought the instantly forgettable twentieth anniversary Mac and the pretty but impractical G4 Cube to market, but somehow they rejected the Jonathan, a razor-sharp modular machine from the mid-1980s.

It’s easy after so long associating Apple with the Mac to forget that in the mid-80s it was simply one of their several computer lines, and not the most successful one at that. The 16-bit machine was something of a slimmed-down evolution of the Lisa, and it thus it doesn’t necessarily follow that every other Apple machine of the day also had to be a Mac. Into this would have come the Jonathan, a high-end modular machine bridging the gap between domestic and business computing, with a standard bus allowing processor modules for different operating systems, and upgrades with standard “books”, hardware modules containing peripherals, not all of which would have come from Apple themselves. It would have been Apple’s first 32-bit machine, but sadly it proved too adventurous for their management, who feared that it might tempt Apple users into the world of DOS rather than the other way round.

What strikes us about the Johnathan is how out of place it looks on a 1980s desk, it would be the mid-1990s before we would come close to having machines with these capabilities, and indeed we’ve never seen anything quite as adventurous hardware-wise. It’s certainly not the only might-have been story we’ve seen though.

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

Retro Hackintosh Made From Retro Parts

Apple as a company, has staked most of its future around being a “walled garden” where it controls everything from the hardware up through the user experience. In some ways this is good for users; the hardware is generally high quality and vetted by the company creating the software, making for a very uniform experience. This won’t stop some people from trying to get Apple’s operating systems and other software running on unapproved hardware though. These “Hackintosh” computers were much more common in the Intel era but this replica goes even further back to the Macintosh era.

Originally [Kevin] had ordered an authentic Macintosh with the intent of getting it working again, but a broken floppy disk drive and lack of replacement parts turned this project into a different beast. He used the Mac instead as a model for a new 3D-printed case, spending a ton of time sanding, filling, and finishing it to get it to look nearly indistinguishable from the original. The hardware going in this replica is an old Linux-based thin client machine running the Mini vMac operating system, with a modified floppy drive the computer uses to boot. A hidden SD card slot helps interface with modern computers. The display is a modern LCD, though a sheet of acrylic glued to the front panel replicates a bit of the CRT curve.

Click through to read on!

Continue reading “Retro Hackintosh Made From Retro Parts”

Best Of Both Worlds: The MacPad

Despite a growing demand for laptop-tablet hybrid computers from producers like Lenovo, HP, and Microsoft, Apple has been stubbornly withdrawn this arena despite having arguably the best hardware and user experiences within the separate domains of laptop and tablet. Charitably one could speculate that this is because Apple’s design philosophy mandates keeping the user experiences of each separate, although a more cynical take might be that they can sell more products if they don’t put all the features their users want into a single device. Either way, for now it seems that if you want a touchscreen MacBook you’ll have to build one yourself like the MacPad from [Federico].

This project started as simply providing a high-quality keyboard and mouse for an Apple Vision Pro, whose internal augmented reality keyboard is really only up to the task of occasionally inputting a password or short string. For more regular computing, [Federico] grabbed a headless MacBook which had its screen removed. This worked well enough that it triggered another line of thought that if it worked for the Vision Pro it might just work for an iPad Pro as well. Using Apple tools like Sidecar makes this almost trivially easy from a software perspective, although setting up the iPad as the only screen, rather than an auxiliary screen, on the MacBook did take a little more customization than normal.

The build goes beyond the software side of setting this up, though. It also includes a custom magnetic mount so that the iPad can be removed at will from the MacBook, freeing both the iPad for times when a tablet is the better tool and the MacBook for when it needs to pull keyboard duty for the Vision Pro. Perhaps the only downsides are that this only works seamlessly when both devices are connected to the same wireless network and that setting up a headless MacBook without a built-in screen takes a bit of extra effort. But with everything online and working it’s nearly the perfect Apple 2-in-1 that users keep asking for. If you’re concerned about the cost of paying for an iPad Pro and a Macbook just to get a touchscreen, though, take a look at this device which adds a touchscreen for only about a dollar.

Thanks to [Stuart] for the tip!

apple airtag being opened to remove the sounder

Apple AirTag: Antitheft Or Antistalking?

Occasionally, the extra features added to a product can negate some of the reasons you wanted to buy the thing in the first place. Take, for example, Apple’s AirTag — billed as an affordable way to link your physical stuff to your phone. If some light-fingered ne’er-do-well wanders by and half-inches your gear, you get notified. The thing is, the AirTag also has an anti-stalking measure, which after a while, notifies nearby iPhones, should the tag move but not be near your iPhone!

In a recent video, [David Manning] explains that this feature is great for preventing the device from being used to track people. But it also means that if said thief happens to own an iPhone, they will be notified of the nearby tag, and can find it and disable it. So in the end, it’s a bit less useful as an anti-theft measure!

The solution is to pop the back off the tag and yank out the little sounder module from the rear plastic. You lose the ability to locate the tag audibly, but you gain a little more chance of returning your stolen goods. Apple could easily remove this feature with a firmware update, but it’s a matter of picking your poison: antistalking or antitheft?

Continue reading “Apple AirTag: Antitheft Or Antistalking?”

Hackaday Links Column Banner

Hackaday Links: February 18, 2024

So it turns out that walking around with $4,000 worth of hardware on your head isn’t quite the peak technology experience that some people thought it would be. We’re talking about the recently released Apple Vision Pro headset, which early adopters are lining up in droves to return. Complaints run the gamut from totally foreseeable episodes of motion sickness to neck pain from supporting the heavy headset. Any eyeglass wearer can certainly attest to even lightweight frames and lenses becoming a burden by the end of the day. We can’t imagine what it would be like to wear a headset like that all day. Ergonomic woes aside, some people are feeling buyer’s remorse thanks to a lack of apps that do anything to justify the hefty price tag. The evidence for a wave of returns is mostly gleaned from social media posts, so it has to be taken with a grain of salt. We wouldn’t expect Apple to be too forthcoming with official return figures, though, so the ultimate proof of uptake will probably be how often you spot one in the wild. Apart from a few cities and only for the next few weeks, we suspect sightings will be few and far between.

Continue reading “Hackaday Links: February 18, 2024”

Reverse Engineering The Apple Touch Bar Screen

The Apple Touch Bar was an oddity on a fairly small number of Apple laptops which replaced the function key row with a touch display. Yet what is special about this display other than its odd form factor when you consider it as a generic touch display? As [Wenting Zhang] describes in a recent reverse-engineering video, this 2,170 x 60 pixel display is somewhat limited in that it doesn’t support the MIPI DSI video mode, only command mode, along with a special instruction (0x3C) for automatic address offsets. The results of this project can be found on the GitLab account.

In a way these limitations make sense when you consider Apple’s use case for these special MIPI-DSI displays. As a touch screen with dynamic controls being displayed on it, features such as video playback never were a goal, and thus Apple likely decided to save a few bucks, possibly also due to MIPI licensing costs. What this means is that if you had dreamed of snapping up an extremely long and narrow OLED display for a video project you’re in for somewhat of a bad time. Although animated content is possible – as [Wenting] demonstrates – this comes with all the limitations of command mode, meaning slower updates, higher power usage and a lot more overhead.

Continue reading “Reverse Engineering The Apple Touch Bar Screen”