Solipsism Gradient

Nearly a month ago I wrote:
Rainer Brockerhoff wrote:

So, I’m a 100% percent sure nobody will be able to unlock the iPhone or run third-party applications on it unless Apple opens it up. Here’s why: ARM’s TrustZone…

It’s hard to believe Apple didn’t want to take advantage of TrustZone at all, unless the intention was to publish a complete SDK later. Or perhaps only parts of the hardware are protected; the radio and the camera are possibilities.

A SIM hardware unlock hack was published a few days ago, and today Engadget wrote about two software unlocks. There’s no real confirmation on these yet but I no longer doubt it’s possible. I gather that people managed to write software to clear certain parts of the firmware flash RAM.

To me, this shows conclusively that Apple elected not to use TrustZone at all – just as they, in the past, elected not to use the TPM chips on the first Intel Mac motherboards to lock down Mac OS X to Apple machines. About the latter question, of course we’ll have to wait until the Leopard GM release comes out to be absolutely sure, but I haven’t heard anything about Leopard breaking new grounds regarding such protection. On the other hand, while there are groups of people still busily adapting every new Mac OS X release to run on “generic” PCs, they still seem to be very much in the minority – and for a reason. Normal users want support and Apple hardware quality without having to do complicated hacking and installing.

Coming back to the iPhone, on reflection it makes some sense for Apple to not do an unbreakable protection. Under the current situation, every iPhone software update is a single package; I understand that all apps are updated at the same time and everything except the user’s data is wiped and reset. This allows Apple to ensure that all versions of official software mesh with each other and also gives them the freedom to radically change the system, if necessary, without anybody noticing. Also, this means that the first item in any support procedure will be a reinstall, meaning Apple doesn’t need to worry about what the user may have installed; they’ll have to re-hack again later.

I’ve also heard from people who know people close to the iPhone team that all these efforts are closely watched. No doubt Apple saves some time and money, even if indirectly, by the current situation; it would make securing some future version easier should they deem it necessary.

I also think that not having an iPhone SDK available immediately will have been good in the long term. It’s helping Safari gain browser- and mindshares, and it’s allowing the iPhone’s OS X and built-in applications to become more fully debugged without Apple having to worry about keeping legacy APIs around for prematurely released 3rd-party applications. Yes, those apps will be released with a larger delay than people expected, but they’ll rest on a better foundation. With the hacker’s development toolchain becoming more polished there are now some 3rd-party GUI apps being released, and of course Apple will be adopting some ideas for its own apps and SDK (even in the negative sense of making sure they’ll be doing something differently).

From what I’m seeing, AT&T will be the loser in this situation. Apple will sell some more iPhones – probably not in statistically significant numbers at first – but AT&T will lose some contracts. Apple can demonstrate that they did a reasonable effort to prevent that, and it may not even be illegal for someone to unlock their own phone (it’s probably illegal to set up a business unlocking other people’s phones though). So, AT&T will lose some business to other carriers, as they do with other phones.

I usually don’t believe in sinister Apple agendas, but this may qualify…

A heads-up to Nudge users that version 1.2 is now available. Here are further details.

This is the latest (and, I hope, final) post about my hard drive heat problems. (All in a 2G iMac G5, 20″ – the last one without a built-in iSight camera.)

By a fortuitous coincidence my friends at Deltatronic offered me a 400GB Samsung HD400LJ SATA drive at a reasonable price, and I bought it. Reviews on this drive indicated that it was quieter and ran a little cooler than my previous Seagate drive, at the expense of being slower in some situations; well worth it for me.

After mounting it, I saw that the new drive has no convenient smooth surface on its face to mount the temperature sensor, so I took advantage of the cable length (which I had increased in the previous installment) and tacked the sensor onto the part opposite from the connectors, just for testing. It turns out that this is also conveniently out of the fan’s airstream, so chances were this would be the hottest part of the drive.

And indeed, after 10 days of testing the temperature sensor tracks consistently 4-5C higher than the internal SMART temperature – remember that, with the standard sensor mounting, this was the other way around. As a result, the drives were usually hovering right near their upper limit of 60C; not a desirable situation. With the new placement the SMART temperature oscillates between 48 and 52C, still not ideal but much better. The tradeoff is increased fan noise, which I don’t mind much – although I must be one of the few iMac G5 owners who doesn’t. I was hoping the new iMacs, which have a larger fan directly below the drive, would run lower temperatures, but from what people say, they decided to lower fan speeds at the expense of maintaining the 58C operating point.

The Google paper (pdf) about drive reliability did conclude that temperatures weren’t a significant factor, but the majority of their drives ran in the 25-40C range, with almost none over 50C. Their graph does show that failures begin to rise when you get over 45C, so I prefer to err on the side of caution here. I couldn’t find a single working fan control program for the iMac G5 but there seem to be several for the Intel iMacs – I’ll certainly get one when I upgrade, perhaps next year.

Currently, I have a G3 iBook/600MHz which can run any Mac OS X between 10.0 and 10.4; a PowerBook G4/1GHz; the iMac G5/2GHz, which is my main working machine; and a Core Solo Mac mini with 512MB. I only lack a Core 2 Duo machine to have all CPU platforms of the last 10 years for compatibility testing. (Justifying all these Macs to my wife is, as yet, an unsolved problem…)

Since I now have two left-over SATA drives without a convenient external case to use them in (not to speak of several older PATA/IDE drives), I also bought a Cables Unlimited USB-2110 drive adapter. This is a small cable header which plugs into both 3.5″ and 2.5″ IDE drives and also (over two extra short cables) into SATA drives, with an external power supply. Works quite well and I now can switch among my old drives for backups, and easily test others that come in.

After Leopard comes out with Time Machine in a few months we’ll probably see a boom in external RAID or NAS drive cases, and then I’ll have a place to put the two SATA drives. None of the solutions currently on the market quite fill my requirements. Ideally I’d like a drive case that has USB2, FireWire and gigabit Internet interfaces and with space for at least 3, ideally 4, internal SATA drives…

Wow, over 20 days without a post, and I didn’t notice. Yes, I’m still here… though not that much “here”, but offline. Here’s some of what happened.

About 5 months ago I posted about my temperature problems with the hard drive inside the iMac G5. I’d solved them somewhat preliminarly by buying a new (and supposedly less-hot) drive and putting some heatsink paste under the thermal sensor. Here’s the sensor picture again:

Well, about 3 weeks ago I left the iMac overnight, downloading some large file. I came back to it in the morning and it had frozen, and I heard some faint beeping which appeared to come from the UPS I keep just behind the machine. I turned everything off, waited half an hour or so, and restarted – everything worked fine but in two hours it froze again when the faint beeping started. This time, I could ascertain that

1) the beeping was actually a buzzing coming from the hard drive

2) the hard drive sensor said a reasonable 53.5C

3) the hard drive SMART sensor said the drive was actually at 61C!

Whoa. Something clearly had changed since February, when I said the average difference between the two sensors had shrunk to 4C. I did some cautious testing over the next week. Indeed, the external sensor never went over 53.5C – and the fan begins to rev up only at 54C, but it never got there. The sensor actually tracked the SMART value reasonably well – to 1C below 50C, to 3-4C until 53C, but then the internal temperature just soared. As soon as that went to anywhere over 59C, the drive froze and started buzzing. After cooling off everything started working again.

Up until last weekend, I tried changing the heatsink paste – no change. I tried out several fan control programs, none worked with the iMac. I tried finding out some software way to kick the fans up, but didn’t have too much time to really study the problem. A friend gave me a small flat fan from a laptop which I tried to mount inside, but there’s no space available anywhere near the drive.

About the only thing that helped a little was mounting a couple of other small fans blowing into the air intakes below the iMac – I glued them in place with some gaffer tape and ran them off a spare 12V supply. But it clearly wasn’t a definite solution; it sort of worked for a few hours as long as I kept the CPU speed on “reduced” and didn’t open too many programs at a time. I suppose someone should make a supplementary fan unit sucking air out of the iMac, like we had for the MacPlus… I wonder if the current Intel iMacs also overheat?

Anyway, last weekend I gave up and performed minor surgery on the sensor cable, making it about 10cm (4″) longer. The main trick was to convince it to part company with its original mounting place – people who’d performed this procedure before recommended using a “thin blade”, but none I had were thin enough. The optimum solution is a length of dental floss. If you try this, work it under the double-sided white tape that glues the sensor board to the metal bracket, so the tape stays stuck to the board. I got it off cleanly with its adhesive properties still intact.

I experimented with a few locations, but the only easy one was a small flat space between the drive spindle and the PC board. In that location, so far as I can see, the two temperatures track each other to 2C – usually even to 0.5C. One shouldn’t check the SMART temperature too frequently or the drive never sleeps; 20 minutes seems OK. The temperature hovers between 52C and 57C under normal workload… still not ideal. But the fans kick in and the iMac now sounds louder, much like it did when it was new. I suppose I’m the only iMac G5 owner who’s glad to hear loud fan noises…

However, today, just when I was finally ready to start working on my usual stuff again, the @#$%^& thing froze again – and while both temperatures were at 52C, where it should work. So either I need to reformat, or install air conditioning, or get a new drive while the current one is under warranty. Or all of these. There goes another weekend…

Time for a new test:

What American accent do you have?

My Results:

Neutral

You’re not Northern, Southern, or Western, you’re just plain -American-. Your national identity is more important than your local identity, because you don’t really have a local identity. You might be from the region in that map, which is defined by this kind of accent, but you could easily not be. Or maybe you just moved around a lot growing up.

Whew

We’re back from a 10-day vacation in São Paulo and surroundings. Good to get away, better to get back. I was offline most of the time and am still catching up on news and e-mail.

Had less time to work underway than I anticipated but I made progress on the Leopard version of RBSplitView – including the Interface Builder plugin – and had some new ideas about other things too.

The new iMacs look very nice. Wonder if the lower prices will be reflected here, though.

The iPhone update makes me almost sure Apple isn’t using the TrustZone at all. Deliberately, of course. Makes one wonder what is behind that…

…more as I catch up.

So, I’m a 100% percent sure nobody will be able to unlock the iPhone or run third-party applications on it unless Apple opens it up. Here’s why: ARM’s TrustZone. Ehrm, make that 90%. I mean, it’s still quite unlikely. Well, OK, they can hack the serial interface in the connector but that can’t write to the screen. Well, let’s say 50-50. Of course, they can run stuff but not touch the network interface – OK, it seems they can. But never run a GUI app! Oh, they can now? But aren’t the binaries signed? No. Heh…

That’s about how I felt while writing an article for MAC+ (the upcoming print issue, which went to the printer a few days ago, around the “but never run a GUI app” phase. Well, today I see they (“they” don’t want people to link to their Wiki, but it’s easy to find on Google) succeeded in building a standard GUI app and display a screen on the iPhone. Must be Clarke’s Law in action – even though I’m not that elderly, hmpfh. Writing about moving targets is hard.

So what’s left? Of course I don’t have an iPhone myself here and I don’t have any privileged info on its architecture. I did hear over the grapevine that the Apple iPhone is following these issues with great interest and is working on updates – whether they’ll make a point of plugging these hacks is anybody’s guess. At the time I’m typing this, accessing the cellphone radio and unlocking the SIM card mechanism is still not possible.

Does that mean Apple didn’t bother to implement the TrustZone technology? I still maintain it’s impossible to crack from outside using present technology. The firmware is contained on the CPU chip itself, the implementor can restrict access to certain peripherals, decryption can happen entirely within the trusted zone, and the firmware can elect to run only signed binaries. There are some 1024-bit RSA keys in the iPhone which supposedly are still a few years away from being cracked, and in any event could be switched to 2048 or 4096. The barrier is even stronger than it was on the first Intel Macs, which had a TPM chip onboard (the last versions don’t and it seems Apple never used them) but separate from the CPU.

It’s hard to believe Apple didn’t want to take advantage of TrustZone at all, unless the intention was to publish a complete SDK later. Or perhaps only parts of the hardware are protected; the radio and the camera are possibilities. For sure they didn’t implement the usual Unix protection, where the root account can do everything; all processes on the iPhone run as root anyway. Looking at the current iPhone libraries there’s a “lockdown” library which most applications link against. It seems to check the aforementioned keys and confer privileges to access some likely-sounding sectors of the system. Having a non-standard security system is obviously an attempt to throw off people who expect 99% of the cracking to involve getting root privileges. I don’t have the tools to ascertain whether the lockdown library does in fact invoke TrustZone at a lower level, and much of this may change anyway for the next software update.

Speaking of which, from what we can see of the iPhone software the update process will involve a complete replacement – no partial updates here. My guess is that updating will also be mandatory, with iTunes updates being published simultaneously. Replacing all software at once of course makes sure that everything works together, but it would also allow Apple to change everything at once. We’ll know in a few months, I’d say.

If you’re an XRay user – even if not registered – please go to this poll and respond. I need to know ASAP if I can, as I want to, make XRay II a Leopard-only application. Also please post suggestions there; although I’ll keep on commenting about progress and programming issues here, I’d like to keep actual feature discussions over there at the poll topic.

The decision on Leopard needs to be made in the next 2 weeks, so if a majority of users agrees – or if I get too few responses – I’ll decide in favor of Leopard.